Zes-22xx Configuration Guide
-
Upload
alex-furlong -
Category
Documents
-
view
254 -
download
14
description
Transcript of Zes-22xx Configuration Guide
-
ZES
ZES-22xx
1998 2015 Zelax. .
01 22.05.2015 . 1.100
, 124681 , . , . , 1, 2 : +7 (495) 748-71-78 () http://www.zelax.ru
-
2 2015 Zelax ZES-22xx
-
ZES-22xx 2015 Zelax 3
1 .................................................................................................................. 5 1.1 ................................................................................................................ 5
1.1.1 ...................................................................................................... 5 1.1.2 ................................................................................................ 6
1.2 (CLI) .......................................................................................... 8 1.2.1 .................................................................................................. 8 1.2.2 ............................................................................................................. 10 1.2.3 ............................................................................................................ 10 1.2.4 ................................................................................................ 11 1.2.5 ................................................................................... 11
2 .................................................................................................... 12 2.1 () .................................................................................................. 12
2.1.1 .................................................................................................................. 12 2.1.2 ............................................................................................................. 12 2.1.3 .................................................................................................................. 12 2.1.4 ............................................................................................................. 13
2.2 System ............................................................................................................................ 13 2.3 Green Ethernet ( Ethernet) ........................................................................... 22 2.4 Ports ()............................................................................................................................. 26 2.5 Security () ............................................................................................................ 34
2.5.1 Switch () ............................................................................................................. 34 2.5.2 Access Management ( ) .................................................................... 39 2.5.3 SNMP .................................................................................................................................... 40 2.5.4 RMON .................................................................................................................................... 48
2.6 Network () .......................................................................................................................... 53 2.6.1 Port Security ( ) ..................................................................................... 53 2.6.2 NAS........................................................................................................................................ 57 2.6.3 ACL ( ) .......................................................................................................... 63 2.6.4 DHCP ..................................................................................................................................... 69 2.6.5 IP Source Guard ( IP- ) ................................................................ 72 2.6.6 ARP inspection ( ARP) ........................................................................................ 74
2.7 RADIUS ...................................................................................................................................... 76 2.7.2 TACACS+ .............................................................................................................................. 81
2.8 Aggregation () ................................................................................................... 82 2.8.1 Static ( ) ................................................................................... 82 2.8.2 LACP ..................................................................................................................................... 83
2.9 Redundancy () ............................................................................................... 86 2.9.1 Z-Ring ................................................................................................................ 86 2.9.2 Loop Protection ( ) .................................................................................... 90 2.9.3 Spanning Tree ....................................................................................................................... 91 2.9.4 MEP (Maintenance Entity Point) .......................................................................................... 101 2.9.5 ERPS ................................................................................................................................... 109
2.10 IPMC Profile ( IPMC) ................................................................................................ 111 2.11 MVR ......................................................................................................................................... 113 2.12 IPMC ........................................................................................................................................ 116
2.12.1 IGMP Snooping ................................................................................................................... 116 2.12.2 MLD Snooping ..................................................................................................................... 121
2.13 LLDP ........................................................................................................................................ 126 2.14 PoE ( PoE) ............................................................ 133 2.15 MAC Table ( -) ..................................................................................... 138 2.16 VLAN Translation ( VLAN) ................................................................................... 140 2.17 VLANs ...................................................................................................................................... 141 2.18 Private VLANs ( VLAN) ............................................................................................. 146 2.19 GVRP ....................................................................................................................................... 147 2.20 VCL .......................................................................................................................................... 148
2.20.1 MAC-based ( MAC-) ............................................................................. 148 2.20.2 Protocol-based VLAN (VLAN ) ......................................................... 149
2.21 QoS ( ) .............................................................................................. 151 2.21.2 Storm Control ( ) ......................................... 166
2.22 Mirroring () .................................................................................................... 166
-
4 2015 Zelax ZES-22xx
2.23 UPnP ....................................................................................................................................... 167 2.24 PTP (IEEE1588) ...................................................................................................................... 168 2.25 Diagnostics () ...................................................................................................... 171 2.26 Maintenance () ............................................................................................... 172
2.26.2 Software ( ) ............................................................................. 173 2.26.3 Configuration () .................................................................................................. 174
-
ZES-22xx 2015 Zelax 5
1
1.1 .
: (out-of-band) (in-band).
- :
admin; admin.
1.1.1 .
, , . , IP- Telnet.
:
1: (. 1):
. 1.
RS-232 , , .
RS-232 , , HyperTerminal, Windows 9x/NT/2000/XP.
2: HyperTerminal.
1. HyperTerminal. 2. :
115200 /; 8 ; ; 1; .
3: (CLI) .
. HyperTerminal CLI-.
Boot> fi lo -d managed
Image loaded from 0x80040000-0x80ac4e4c
Boot> go
Press ENTER to get started
Username:
-
6 2015 Zelax ZES-22xx
.
1.1.2 Telnet,
SSH HTTP SNMP. , - , , .
. 2.
1.1.2.1 Telnet SSH Telnet SSH
. 2 :
1. IP- ; 2. IP- ( Telnet) VLAN
IP-; 3. 2 , Telnet IP-
, , .
1.1.2.2 Web- Web-
:
1. IP- ; 2. IP- ( HTTP) VLAN
; 3. 2 , ( HTTP)
IP- , , .
Telnet, ping IP- , Web- .
Web- . Web- , . .
Web- ZES . 3:
-
ZES-22xx 2015 Zelax 7
. 3. Web-
Web-. , Web- (. . 4).
. 4. Web-
-
8 2015 Zelax ZES-22xx
1.1.2.3 SNMP SNMP
:
1. IP- ; 2. IP- ( SNMP-) VLAN
; 3. 2 , IP-
, , ; 4. SNMP (
2.5.3).
1.2 (CLI) CLI . ,
Telnet SSH CLI.
CLI . . . :
1.2.1 . 5 .
V
LA
N
V
LA
N
. 5.
1.2.1.1 CLI .
. Switch>, > , . exit (), .
.
-
ZES-22xx 2015 Zelax 9
1.2.1.2 Switch#.
, enable, . (Global Mode) exit (), . "Ctrl+z ( ) .
, ; , . , .
1.2.1.3 config terminal
, Switch(Config)# exit ( , VLAN), .
, , MAC-, , VLAN, GVRP, STP . .
, , .
1.2.1.4
interface. :
1. VLAN; 2. FastEthernet; 3. GigabitEthernet.
.
VLAN interface vlan
IP- . .
exit
FastEthernet interface fastethernet
, Ethernet- . .
exit
GigabitEthernet interface gigabitethernet
, Ethernet- . .
exit
1.2.1.5
line. .
1.2.1.6 .
, . :
cmdtxt {enum1 | | enumN } [option1 | | optionN]
-
10 2015 Zelax ZES-22xx
cmdtxt , .
;
{enum1 | | enumN} , enum1 enumN;
([ ]) [option] . , < >, { } [ ]. [] , {enum1 | enum2}, [option1 [option2]], . .
:
show version, . . .
vlan , .
hostname , .
snmp-server community {v2c | v3} {ro | rw}, :
snmp-server community v2c ro snmp-server community v3 rw
1.2.2 , ,
(, (, , , ) . Up () Down (), ctrl+p ctrl+n.
Up . 10
Down . Up
, Down
Left Left Right
Right
Ctrl+p , Up Ctrl+n , Down Ctrl+b , Left Ctrl+f , Right Ctrl+z (
) Ctrl+c , , ping
Ctrl+a (Tab)
, Tab ( )
1.2.3
: help ?.
Help
help Enter.
? 1. ?. . 2. ? ( ). , , . . ,
-
ZES-22xx 2015 Zelax 11
. , Enter . 3. ? ( ) ,
1.2.4 .
, , . .
,
ZES-2220S(config)# snmp-server community v2c % Incomplete command.
ZES-2220S(config)# snmp-server community v1 ^ % Invalid word detected at '^' marker.
,
ZES-2220S# show r ^ % Ambiguous word detected at '^' marker.
1.2.5 .
, , . :
show interface FastEthernet 1/1 status sh int fa 1/1 status . , sh r show running-config, > Ambiguous command! ( !), . show r show rmon show running-config. , sh ru.
-
12 2015 Zelax ZES-22xx
2
. web- CLI .
web- - ; , . web- web-, Internet Explorer ( 9.0 ), Firefox Google Chrome. web- , IP- , . .
2.1 () web- ,
, IP- 192.168.0.24 , web-. , . Firefox.
. 6. web-
, -, admin admin. , Port State ( ).
2.1.1 , ,
( ). , LAN 100M/. 1000M/.
Ports>State (>).
2.1.2 "Refresh" ( ).
, "Auto-refresh" ( ). 3 .
. 7.
, LAN, , .
2.1.3 ,
.
-
ZES-22xx 2015 Zelax 13
, . , "help" ().
. 8.
2.1.4 , web-.
.
. 9.
, . "OK" , "Cancel" (), web .
. 10.
, ( ), "System".
2.2 System , "System" , IP-
, ..
. 11. System
2.2.1.1 System Configuration ( ) , , 'sysContact'
(OID 1.3.6.1.2.1.1.4), 'sysName' (OID 1.3.6.1.2.1.1.5) 'sysLocation' (OID 1.3.6.1.2.1.1.6) MIB2 SNMP. Save ().
-
14 2015 Zelax ZES-22xx
. 12. System - Configuration ( )
System Contact ( ): . , , (email) . 0~255 ASCII 32~126.
System Name ( ): . (A-Z; a-z), (0-9) (-). , . ( ). . 0~255.
System Location ( ): . 0~255.
CLI:
snmp-server contact [email protected]
hostname ZES-2220S
snmp-server location Russia, 124681, Moscow, Zelenograd, Zavodskaya st., 1B, bldg 2
2.2.1.2 System Information ( ) ,
, MAC-, , , .
. 13. System - Information ( )
2.2.1.3 System IP ( IP) IP- .
-
ZES-22xx 2015 Zelax 15
. 14. System - IP ( IP)
IP Configuration ( IP).
Mode ( ): , IP . Host () IP . Router (), . VLAN, Router. Host .
DNS Server (DNS-): (DNS) , . :
From any DHCP interfaces ( DHCP): IP- DNS-, DHCP, DHCP .
No DNS server ( DNS-): DNS- . Configured ( IP-): IP- DNS-,
. From this DHCP interface ( DHCP):
DHCP- DNS-.
DNS Proxy (- ): - DNS, DNS DNS-, , DNS- .
IP Interface (IP )
, "Add Interface" ( ). 8 .
VLAN ( VLAN): VLAN, IP-. IP- VLAN. .
DHCP: , IPv4- DHCP. DHCP- DNS.
IPv4 Address (IPv4-): IPv4- . DHCP, . IPv4 , .
IPv4 Mask ( IPv4): IPv4 ( ). IPv4- 0 30 . DHCP, . IPv4 , .
-
16 2015 Zelax ZES-22xx
IPv4 Current Lease ( IPv4-): DHCP IP-, , DHCP .
IPv6 Address (IPv6-): IPv6- 128- , , (:). . , fe80::215:c5ff:fe03:4dc7. :: , 16- , . . IPv4-. , ::192.1.2.34. IPv6 , .
IPv6 Mask ( IPv6): IPv6 ( ). IPv6- 1 128 . IPv6 , .
IP Routes (IP- )
Network ( ): IP- IP- IP- . IPv6. , 0.0.0.0 IPv6 ::
Mask Length ( ): IP- , ( ). , , . IPv4- 0 32 ; IPv6- 0 128 . , , 0 ( ).
Gateway (): IP- . IP- IPv6. .
CLI:
vlan 1
!
interface vlan 1
ip address 192.168.0.24 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.0.254
2.2.1.4 System IP Status ( IP- ) IP- .
-
ZES-22xx 2015 Zelax 17
. 15. System - IP Status ( IP- )
System IP. .
2.2.1.5 System NTP ( ) NTP ,
.
. 16. System - NTP ( )
Mode ( ): NTP. :
Enabled (): NTP-. Disabled (): NTP-.
Server #: IPv4- IPv6- NTP-.
NTP- . 'Server 1' , NTP- 'Server 2'.
-
18 2015 Zelax ZES-22xx
CLI:
ntp
ntp server 1 ip-address 192.168.0.105
2.2.1.6 System Time ( ) .
. 17. System - Time ( )
Time Zone Configuration ( )
Time Zone ( ): . Save (), .
Acronym ( ): .
Daylight Saving Time Configuration ( / )
Daylight Saving Time ( / ): , . / Disable (). , , Recurring ( ). , NonRecurring ( ). Disable (.
, , :
-
ZES-22xx 2015 Zelax 19
Start time settings ( ): , , , , , .
End time settings ( ): , , , , , .
Offset settings ( ): , . : 1 1440.
CLI:
clock timezone MSK 3
2.2.1.7 .
. 18. System - Log Configuration
Server Mode ( ): . , Syslog- ( IP- ). UDP UDP 514. , .
Server Address ( ): IPv4- syslog-. DNS-, .
Syslog Level ( ): , . :
Info (): , .
Warning (): .
Error (): .
CLI:
logging on
logging host 192.168.0.105
logging level warning
2.2.1.8 System Log Information ( ) , .
-
20 2015 Zelax ZES-22xx
. 19. System - Log Information
Level (): : All ( ), , .
Clear Level ( ): .
Browsing buttons ( ): , .
CLI:
ZES-2220S# show logging
Switch logging host mode is enabled
Switch logging host address is 192.168.0.105
Switch logging level is warning
Number of entries on Switch 1:
Info : 28
Warning: 0
Error : 0
All : 28
ID Level Time Message
---- ------ ------------------------- -----------------------------
1 Info 2013-01-01T02:59:59+03:00 Switch just made a cool boot.
2 Info 2013-01-01T03:00:01+03:00 Link up on port 3
2.2.1.9 System Detailed Log ( ) .
. 20. System - Detailed Log ( )
, .
-
ZES-22xx 2015 Zelax 21
2.2.1.10 System CPU Load ( CPU) (CPU)
SVG.
. 21. System - CPU Load ( CPU)
100 , 1 10 . 120 , , . SVG , SVG. 3 .
2.2.1.11 System SMTP ( )
.
-
22 2015 Zelax ZES-22xx
. 22. System - SMTP
SMTP Configuration ( SMTP)
SMTP Mode ( SMTP): SMTP. :
Enabled (): SMTP- . Disabled (): SMTP- .
SMTP Server (SMTP-): IP- SMTP- ( email).
SMTP Port ( SMTP): SMTP. SMTP 25.
Server requires authentication ( ): , . , :
Username ( ): SMTP-.
Password (): username SMTP-.
Recipient mail address ( ): , .
SMTP Mail Event ( SMTP-)
, , , email .
System (): / . :
Warm Start ( ): / warm restart.
Cold Start ( ): / cold restart.
Power (): / . :
Power 1 Status ( 1): / 1.
Power 2 Status ( 2): / 2.
Interface (): / . :
Port Link Up ( ): / .
Port Link Down ( ): / .
CLI:
smtp
smtp server ip-address 192.168.0.1
smtp recipient 1 ip-address [email protected]
smtp event system warmstart coldstart
smtp event system warmstart coldstart power power1 power2
smtp event system warmstart coldstart power power1 power2 interface linkup linkdown
2.3 Green Ethernet ( Ethernet) "Green Ethernet" ( Ethernet)
.
-
ZES-22xx 2015 Zelax 23
. 23. Green Ethernet ( Ethernet)
2.3.1.1
, , .
. 24. Green Ethernet - LED
. , , 50% - , 10% .
maintenance (), 100% 10 (, link down).
CLI:
green-ethernet led on-event error
green-ethernet led interval 9-18 intensity 50
green-ethernet led interval 18-9 intensity 10
2.3.1.2 Green Ethernet
Ethernet () Ethernet.
-
24 2015 Zelax ZES-22xx
. 25. Green Ethernet - Configuration
Port Power Savings Configuration ( )
Optimize EEE for ( ): / . :
Power (): . .
Latency ( ): EEE . . .
Port Configuration ( )
ActiPHY: ActiPHY , . , , Ethernet . , , PHY , .
PerfectReach ( PerfectReach): PerfectReach . .
EEE ( Ethernet): EEE , , . EEE IEEE802.3az (IEEE). EEE , . , , . , , . , 17 , 1 / 30 . , , .
-
ZES-22xx 2015 Zelax 25
LLDP (Link Layer Discovery Protocol ). , 1 / 100 / . , , .
, , . , / , , , . . , , , , .
EEE Urgent Queues ( ): , ( QOS), . , , .
, . , .
CLI:
green-ethernet eee optimize-for-power
!
interface FastEthernet 1/1
green-ethernet eee
green-ethernet energy-detect
green-ethernet short-reach
2.3.1.3 Green Ethernet .
. 26. Green Ethernet - Status
Green Ethernet . , Ethernet , LAN.
-
26 2015 Zelax ZES-22xx
2.4 Ports () Ports () ,
.
. 27. Ports
2.4.1.1 Ports Configuration ( ) ,
.
. 28. Ports - Configuration
Port (): 16 LAN 1~16 4 ( SFP-) 17~20. . , "*" .
Link ( ): . , , .
Current Speed ( ): (10 /, 100 /, 1 /) (fdx= , hdx=).
Configured Speed ( ): , . , .
-
ZES-22xx 2015 Zelax 27
:
Disabled (): . Auto ():
, , , .
10Mbps HDX: 10 /, .
10Mbps FDX: 10 /, .
100Mbps HDX: 100 /, .
100Mbps FDX: 100 /, .
:
Disabled (): . Auto ():
, , , .
100Mbps FDX: 100 /, .
1Gbps FDX: 1 /, .
Flow Control ( ): Current Rx , . Current Tx , . Rx Tx . , . Configured Speed (. ).
Maximum Frame Size ( ): , , FCS. 9600 .
Excessive Collision Mode ( ): : "Discard" ( 16 ), "Restart" ( (backoff algorithm) 16 ).
CLI:
interface GigabitEthernet 1/4
speed 1000
flowcontrol on
duplex full
2.4.1.2 Ports State ( ) .
-
28 2015 Zelax ZES-22xx
. 29. Ports - State
, , . "" , 100 /. "" 1 /. "" . , "Refresh" (). "Auto-refresh" ( ) , 3 .
2.4.1.3 Ports Traffic Overview ( ) .
. 30. Ports - Traffic Overview
Port (): (1~20), , .
Packets (): .
Bytes (): .
Errors (): , , .
Drops (): , .
Filtered (): , ().
-
ZES-22xx 2015 Zelax 29
, "Refresh" (). "Auto-refresh" ( ) , 3 . , "Clear" ().
2.4.1.4 Ports QoS Statistics ( QoS ) .
. 31. Ports - QoS Statistics
Port (): , , .
Qn (): 8 QoS. Q0 .
Rx/Tx: .
2.4.1.5 Ports QCL Status ( QCL) QCL (QoS Control List)
QCL.
. 32. Ports - QCL Status
QCE (QoS Control Entry), . QCE - , . QCE 256.
User (): QCL.
-
30 2015 Zelax ZES-22xx
QCE#: QCE.
Frame Type ( ): , . :
Any (): QCE . Ethernet: Ethernet ( EtherType 0x600-0xFFFF) LLC: LLC. SNAP: SNAP. IPv4: QCE IPV4. IPv6: QCE IPV6.
Port (): , QCE.
Action (): , , . : Class (), DPL DSCP.
Class (): QoS; QCE, .
DPL: (Drop Precedence Level); QCE, DP , DPL.
DSCP: QCE, DSCP , DSCP.
Conflict (): QCL. , , , QCE, . 'Yes' (), 'No' (). , , , ; QCL, 'Resolve Conflict' ( ).
2.4.1.6 Ports Detailed Statistics ( )
. : ( ); ( ); ( ). , , port select ( ).
-
ZES-22xx 2015 Zelax 31
. 33. Ports - Detailed Statistics
Receive Total ( ) Transmit Total ( ):
Rx Tx Packets: ( ) . Rx Tx Octets: ( ) .
FCS, . Rx Tx Unicast: ( )
. Rx Tx Multicast: ( )
. Rx Tx Broadcast: ( )
. Rx Tx Pause: MAC-,
, , .
Receive Transmit Size: ( ) , .
Receive Transmit Queue: .
Receive Error ( ):
Rx Drops (): , .
Rx CRC/Alignment: , .
Rx Undersize: 1 , .
Rx Oversize: 2 , .
Rx Fragments: 1 ,
. Rx Jabber:
2 , .
Rx Filtered: , ().
-
32 2015 Zelax ZES-22xx
1 64 .
2 , , ,
.
Transmit Error ( ):
Tx Drops: , .
Tx Late/Exc. Coll.: , .
2.4.1.7 Ports VeriPHY( )
VeriPHY , 10 /, 100 / 1 /. All ( ). Start ().
. 34. Ports - VeriPHY
5 . , 15 . , . . , VeriPHY 7 140 .
VeriPHY , 10 / 100 / . , VeriPHY , 10 / 100 /, , , VeriPHY .
Port (): .
Pair (): :
-
ZES-22xx 2015 Zelax 33
OK: . Open (): . Short (): . Short A: - . Short B: - . Short C: - . Short D: - D. Cross A: - Cross B: - Cross C: - Cross D: - D
Length (): . 3 .
CLI:
ZES-2220S# show interface FastEthernet 1/8 veriphy
Starting VeriPHY - Please wait
Interface Pair A Length Pair B, Length Pair C Length Pair D Length
---------------------- ------ ------ -------------- ------ ------ ------ ------
FastEthernet 1/8 OK 3 OK 3 OK 3 Open 0
2.4.1.8 Ports SFP ( SFP ) SFP .
. 35. Ports - SFP
Vendor Name ( ): SFP.
Vendor Part ( ): ( SFP).
Fiber Type ( ): .
Wave Length ( ): (Tx).
Wave Length 2 ( 2): (Rx). ( SFP ).
-
34 2015 Zelax ZES-22xx
Link Length ( ): . ( SFP , .)
TX Power ( ): ; SFP, DDMI ( ).
RX Power ( ): , SFP, DDMI.
RX Sensitivity ( ): , SFP, DDMI.
Temperature (): , SFP, DDMI.
CLI:
ZES-2220S# show sfp
17
----------
Vendor Name : Zelax
Vendor Part Number: SFP-G-S1310/20-D
Fiber Type : Single
Wave Length : 1310 nm
Link Length : 20 km
TX Power : -6 dBm
RX Power : -40 dBm
RX Sensitivity : 0 dBm
Temperature : 59 degree C
2.5 Security () Security () switch (), network
() RADIUS.
. 36. Security
2.5.1 Switch ()
-
ZES-22xx 2015 Zelax 35
2.5.1.1 Users () .
web- .
. 37. Security Switch - Users
'admin', (15).
User Name ( ) Add New User ( ), .
Add User ( )
. 38. Security Switch Users (Add User)
User Name ( ): .
Password (): .
Password (again) ( ): .
Privilege Level ( ): . : 1 15.
15, , . . , . , 5; 10 /. ( , . .) , 15.
, 15 ; 10 ; 5 .
CLI:
username zelax privilege 10 password unencrypted
-
36 2015 Zelax ZES-22xx
2.5.1.2 .
. 39. Security Switch Privilege Levels
-
ZES-22xx 2015 Zelax 37
Group Name ( ): , . (, LACP, RSTP QoS), . .
System (): Contact ( ), Name (), Location (), Timezone ( ), Daylight Saving Time ( ), Log ( ).
Security (): Authentication (), System Access Management ( ), Port () ( Dot1x port ( Dot1x), MAC based ( MAC-), MAC Address Limit ( MAC-), ACL, HTTPS, SSH, ARP Inspection ( ARP), IP source guard ( IP- ).
IP: , 'ping'.
Port (): , 'VeriPHY'.
Diagnostics (): 'ping' 'VeriPHY'.
Maintenance (): CLI System Reboot ( ), System Restore Default ( ), System Password ( ), Configuration Save ( ), Configuration Load ( ), Firmware Load ( ). Web Users ( Web-), Privilege Levels ( ) Maintenance.
Debug (): CLI.
Privilege Levels ( ): :
configuration read-only (, ) configuration/execute read-write (/, -) status/statistics read-only (/, ) status/statistics read-write (e.g. for clearing of statistics) (/, -
, ).
, .
CLI:
web privilege group Z-Ring level cro 1 crw 15 sro 5 srw 10
2.5.1.3 Auth Method ( )
.
. 40. Security Switch Auth Method
Client (): , .
Methods (): :
no (): , .
-
38 2015 Zelax ZES-22xx
local (): .
radius: RADIUS-. tacacs+: TACACS+-.
: , , , . . , , , , , . , 'local' (). , .
CLI:
aaa authentication login telnet radius tacacs local
2.5.1.4 SSH SSH.
. 41. Security Switch SSH
Mode ( ): SSH. :
Enabled (): SSH . , - . Disabled (): SSH .
: SSH, , 2 SSH.
CLI:
no ip ssh
2.5.1.5 HTTPS HTTPS.
. 42. Security Switch HTTPS
Mode ( ): HTTPS. HTTPS, HTTPS , web- HTTP. :
Enabled (): HTTPS . Disabled (): HTTPS .
-
ZES-22xx 2015 Zelax 39
Automatic Redirect ( ): HTTPS. , HTTPS "Enabled" (). HTTP web- HTTPS, HTTPS Automatic Redirect. :
Enabled (): HTTPS . Disabled (): HTTPS .
CLI:
ip http secure-server
ip http secure-redirect
2.5.2 Access Management ( )
2.5.2.1 Access Management Configuration ( )
. 16. , , .
. 43. Security Switch Access Management - Configuration
Mode ( ): . :
Enabled (): . Disabled (): .
VLAN ID: VLAN .
Start IP address ( IP-): IP- .
End IP address ( IP-): IP- .
HTTP/HTTPS: , , IP- HTTP/HTTPS.
SNMP: , , IP- SNMP.
TELNET/SSH: , , IP- TELNET/SSH .
, Add New Entry ( ). Delete () , .
Save (), . Reset (), , .
CLI:
access management 1 10 172.16.1.1 to 172.16.1.254 web telnet
-
40 2015 Zelax ZES-22xx
2.5.2.2 Access Management Statistics ( )
.
. 44. Security Switch Access Management - Statistics
Interface (): , .
Received Packets ( ): , .
Allowed Packets ( ): , .
Discarded Packets ( ): , , .
CLI:
ZES-2220S# show access management statistics
Access Management Statistics:
-----------------------------
HTTP Receive: 12 Allow: 0 Discard: 12
HTTPS Receive: 0 Allow: 0 Discard: 0
SNMP Receive: 0 Allow: 0 Discard: 0
TELNET Receive: 3 Allow: 0 Discard: 3
SSH Receive: 0 Allow: 0 Discard: 0
2.5.3 SNMP SNMP System Configuration ( SNMP )
SNMP.
. 45. Security Switch SNMP - System Configuration
Mode ( ): SNMP. :
-
ZES-22xx 2015 Zelax 41
Enabled (): SNMP . Disabled (): SNMP .
Version (): SNMP. :
SNMP v1: 1 SNMP. SNMP v2c: 2c SNMP. SNMP v3: 3 SNMP.
Read Community ( Community ): community, , SNMP-. 0~255 ASCII 0x21 0x7E.
Write Community ( Community ): community, , SNMP-. 0~255 ASCII 0x21 0x7E. SNMP v1 v2c. SNMP v3, community community SNMPv3. SNMPv3 , SNMPv1 SNMPv2c. community, .
Engine ID: engine ID SNMPv3. ( ), 10 64; , F . Engine ID .
CLI:
snmp-server community v2c zelax_public RO
snmp-server community v2c zelax_private RW
2.5.3.1 Alarm Configuration ( ) SNMP trap.
. 46. Security Switch SNMP - Alarm Configuration
Global Settings ( )
Mode ( ): SNMP trap .
SNMP trap, Add New Entry ( ).
-
42 2015 Zelax ZES-22xx
. 47. Security Switch SNMP - Trap Configuration
SNMP Trap Configuration ( SNMP Trap)
Config Name ( ): SNMP trap.
Trap Mode ( Trap): SNMP trap.
Enabled (): SNMP trap . Disabled (): SNMP trap .
Trap Version ( Trap): SNMP trap. :
SNMP v1: 1 SNMP trap. SNMP v2c: 2c SNMP trap. SNMP v3: 3 SNMP trap.
Trap Community ( Community SNMP trap): community SNMP trap. 0~255 ASCII 0x21 0x7E.
Trap Destination Address (IP- Trap): IP- SNMP trap. IP- ('x.y.z.w'). . - ( A-Z; a-z, 0-9, (.) (-)). . ; .
Trap Destination port ( Trap): SNMP trap. SNMP- SNMP ; 1~65535. SNMP trap 162.
Trap Inform Mode ( Trap Inform): SNMP trap inform. :
Enabled (): SNMP trap inform . Disabled (): SNMP trap inform .
-
ZES-22xx 2015 Zelax 43
Trap Inform Timeout (seconds) ( Trap Inform (): SNMP trap inform. : 0 2147.
Trap Inform Retry imes ( Trap Inform): SNMP trap inform. : 0 255.
Trap Probe Security Engine ID: SNMP trap probe security engine ID. :
Enabled (): SNMP trap probe security engine ID . Disabled (): SNMP trap probe security engine ID .
Trap Security Engine ID: SNMP trap security engine ID.
SNMPv3 trap inform, USM . engine ID . "Trap Probe Security Engine ID", (ID) . , ID, . ( ), 10 64; , F .
Trap Security Name: SNMP trap security name. SNMP trap inform SNMPv3 USM . trap inform, .
SNMP Trap Event ( SNMP Trap)
System (): (system trap events) :
Warm Start (): , .
Cold Start ( ): ( ).
AAA: , . trap .
Switch (): traps . traps:
STP: , STP trap. , STP trap.
RMON: , RMON trap. , RMON trap.
Power (): traps, . trap :
Power 1 Status ( 1): , trap 1. , trap 1.
Power 2 Status ( 2): , trap 2. , trap 2.
Interface (): traps, . traps:
Link Up ( ): none ()/specific ( )/all ports ( ).
Link Down ( ): none ()/specific ( )/all ports ( ).
LLDP: none ()/specific ( )/all ports ( ).
PoE: none ()/specific ( )/all ports ( ). PoE.
-
44 2015 Zelax ZES-22xx
"specific" ( ), , . "Save" ().
Alarm Relay ( )
Power (): , . :
Power 1 Status ( 1): , 1. 1 , . , 1.
Power 2 Status ( 2): , 2. 2 , . , 2.
Interface (): , . :
Link Down ( ): none ()/specific ( )/all ports ( ). , , . , .
PoE: none ()/specific ( )/all ports ( ). PoE. PoE , , . , .
"specific" ( ), , .
CLI:
snmp-server host Test trap
no shutdown
host 192.168.0.105 162 traps
traps system warmstart coldstart
traps system warmstart coldstart aaa authentication
traps system warmstart coldstart aaa authentication power power1 power2
alarm power power1 power2
!
snmp-server trap
!
interface FastEthernet 1/1
snmp-server host Test trap traps linkup linkdown
snmp-server host Test trap alarm linkdown
2.5.3.2 SNMPv3 Community Configuration ( SNMPv3 Community)
SNMPv3 community.
-
ZES-22xx 2015 Zelax 45
. 48. Security Switch SNMP - Communities
Delete (): , , . .
Community: community, SNMP-. 1~32 ASCII 0x21 0x7E. community , community SNMPv1 SNMPv2c. .
Source IP (IP- ): IP- SNMP.
Source Mask ( ): IP- SNMP.
CLI:
snmp-server community v3 public 192.168.0.0 255.255.255.0
2.5.3.3 SNMPv3 User Configuration ( SNMPv3)
SNMPv3. Engine ID User Name ( ).
. 49. Security Switch SNMP - SNMPv3 User
Engine ID: , engine ID, . ( ), 10 64; , F . SNMPv3 USM (User-based Security Model) VACM (View-based Access Control Model) . USM usmUserEngineID usmUserName. usmUserEngineID snmpEngineID . snmpEngineID (SNMP engine), . , engine ID engine ID , , .
User Name ( ): , , . 1~32 ASCII 0x21 0x7E.
Security Level ( ): , . :
NoAuth, NoPriv: . Auth, NoPriv: , .
-
46 2015 Zelax ZES-22xx
Auth, Priv: , .
, . , , .
Authentication Protocol ( ): , . :
None (): . MD5: , ,
MD5. SHA: , ,
SHA.
, . , , .
Authentication Password ( ): , . MD5: 8 32 . SHA: 8 40 . ASCII 0x21 0x7E.
Privacy Protocol ( ): , . :
None (): . DES: , ,
DES. AES: , ,
AES.
Privacy Password ( ): , . 8~32 ASCII 0x21 0x7E.
, Add New Entry ( ). , Delete (), , .
Save (), .
Reset (), , .
2.5.3.4 SNMPv3 Group Configuration ( SNMPv3) SNMPv3.
Security Model ( ) Security Name ( ).
. 50. Security Switch SNMP - SNMPv3 Group
Security Model ( ): , . :
v1: SNMPv1.
-
ZES-22xx 2015 Zelax 47
v2c: SNMPv2. usm: USM (User-based Security
Model) SNMPv3.
Security Name ( ): , , . 1~32 ASCII 0x21 0x7E.
Group Name ( ): , , . 1~32 ASCII 0x21 0x7E.
2.5.3.5 SNMPv3 View Configuration ( SNMPv3) SNMPv3.
View Name ( ) OID Subtree ( OID).
. 51. Security Switch SNMP - SNMPv3 View
View Name ( ): , , . 1~32 ASCII 0x21 0x7E.
View Type ( ): , . :
included ( ): , , .
excluded ( ): , , . , 'excluded' ( ), 'included' ( ) OID 'excluded' ( ).
OID Subtree ( OID): OID , . OID: 1 128. , , (*).
2.5.3.6 SNMPv3 Access Configuration ( SNMPv3) SNMPv3.
: Group Name ( ), Security Model ( ) Security Level ( ).
. 52. Security Switch SNMP - SNMPv3 Access
Delete (): , , . .
-
48 2015 Zelax ZES-22xx
Group Name ( ): , , . 1~32 ASCII 0x21 0x7E.
Security Model ( ): , . :
ny (): (v1|v2c|usm). v1: SNMPv1. v2c: SNMPv2. usm: USM (User-based Security
Model) SNMPv3.
Security Level ( ): , . :
NoAuth, NoPriv: . Auth, NoPriv: , . Auth, Priv: , .
Read View Name ( ): MIB, MIB, . 1~32 ASCII 0x21 0x7E.
Write View Name ( ): MIB, MIB, . 1~32 ASCII 0x21 0x7E.
2.5.4 RMON
2.5.4.1 RMON Statistics Configuration ( RMON) RMON. ID.
. 53. Security Switch RMON - Statistics Configuration
Delete (): , , . .
ID: . 1 65535.
Data Source ( ): ID , .
2.5.4.2 RMON History Configuration ( RMON) RMON History Configuration
, . RMON .
. 54. Security Switch RMON - History Configuration
-
ZES-22xx 2015 Zelax 49
ID: . 1 65535.
Data Source ( ): ID , .
Interval (): . 1800 . : 1 3600 .
Buckets ( ): , . 50. : 1 3600.
Buckets Granted ( ): .
, Add New Entry ( ). , Delete (), , .
Save (), . Reset (), , .
2.5.4.3 RMON Alarm Configuration ( RMON) ,
. , . . , .
. 55. Security Switch RMON - Alarm Configuration
ID: . 1 65535.
Interval (): . 1 2^31 .
Variable (): MIB, . ifEntry.n.n . : InOctets, InUcastPkts, InNUcastPkts, InDiscards, InErrors, InUnknownProtos, OutOctets, OutUcastPkts, OutNUcastPkts, OutDiscards, OutErrors OutQLen.
Sample Type ( ): .
Absolute ( ): .
Delta (): .
Value (): .
Startup Alarm ( ): , , .
Rising or Falling ( ): , , .
Rising (): , .
Falling (): , , .
Rising Threshold ( ): , , , . , ,
-
50 2015 Zelax ZES-22xx
, . : -2147483647 2147483647.
Rising Index ( ): . 1~65535.
Falling Threshold ( ): , , , . , , , . (: -2147483647 2147483647)
Falling Index ( ): . 1~65535.
, Add New Entry ( ). , Delete (), , .
Save (), . Reset (), , .
2.5.4.4 RMON Event Configuration ( RMON) RMON Event Configuration ( RMON)
, .
. 56. Security Switch RMON - Event Configuration
Delete (): , , . .
ID: ID. 1~65535.
Desc: .
Type (): , :
None (): . Log (): , RMON. snmptrap: trap
trap. logandtrap: , trap.
Community: trap community, . community , SNMP trap configuration ( SNMP trap) . 0~127.
Event Last Time ( ): sysUpTime, .
2.5.4.5 RMON Statistics Overview ( RMON) RMON statistics overview .
, . . , 60 .
-
ZES-22xx 2015 Zelax 51
. 57. Security Switch RMON - Statistics Overview
ID: ID.
Data Source ( ): ID .
Drop ( ): - .
Octets (): .
Pkts: ( , ).
Broadcast ( ): , .
Multicast ( ): , .
CRC Errors ( ): 64 1518 ( , FCS).
Undersize ( ): 64 .
Oversize ( ): 1518 .
Frag.: 64 , CRC.
Jabb.: 64 , CRC.
Coll.: Ethernet.
64 Bytes ( 64 ): 64 ( ).
X~Y (65~127, 128~255, 256~511, 512~1023, 1024~1588): , X Y .
2.5.4.6 History Overview ( )
. 58. Security Switch RMON - History Overview
History Index ( ): .
Sample Index ( ): , .
Sample Start ( ): , ( , ).
Drop ( ): - .
Octets (): .
Pkts: ( , ).
Broadcast ( ): , .
-
52 2015 Zelax ZES-22xx
Multicast ( ): , .
CRC Errors ( ): 64 1518 ( , FCS).
Undersize ( ): 64 .
Oversize ( ): 1518 .
Frag.: 64 , CRC.
Jabb.: 64 , CRC.
Coll.: Ethernet.
Utilization (): , .
2.5.4.7 Alarm Overview ( )
. 59. Security Switch RMON - Alarm Overview
ID: .
Interval (): ( ) .
Variable (): MIB, .
Sample Type ( ): , .
Value (): .
Startup Alarm ( ): , , , .
Rising Threshold ( ): , , , .
Rising Index ( ): , , , .
Falling Threshold ( ): , , , .
Falling Index ( ): , , , .
2.5.4.8 Event Overview ( )
-
ZES-22xx 2015 Zelax 53
. 60. Security Switch RMON - Event Overview
Event Index ( ): .
Log Index ( ): .
Log Time ( ): .
Log Description ( ): .
2.6 Network ()
2.6.1 Port Security ( ) (Port Security Limit Control)
, - VLAN ID ( ). , , , .
2.6.1.1 Limit Control ( )
. 61. Security Network - Port Security - Limit Control
-
54 2015 Zelax ZES-22xx
System Configuration ( )
Mode ( ): () , . (), , .
Aging Enabled ( ): , MAC- , Aging Period ( ). , , , . , , (Aging Period), , .
Aging Period ( ): Aging Enabled ( ) , . 3600 . 10 10 000 000 .
Port Configuration ( )
Port (): . Port * .
Mode ( ): ( ). , , .
Limit (): MAC-, . 1024. , .
Action (): , :
None (): MAC-, . .
Trap (): MAC- , SNMP trap. (Aging) , SNMP trap. , SNMP trap , .
Shutdown ( ): MAC- , . , MAC- , MAC- . , , ( / ). : ; Limit Control (
) ; Reopen ().
Trap & Shutdown ( ): MAC- , - Trap () Shutdown ( ), .
State (): . :
Disabled (): ( , ). Ready (): . Limit Reached ( ): .
, Action () None () Trap ().
Shutdown ( ): . , Action
-
ZES-22xx 2015 Zelax 55
() Shutdown () Trap & Shutdown ( ).
Re-open Button ( ): , , , , . . Shutdown ( ) Action (). , Reopen ( ), , .
CLI:
port-security aging
port-security aging time 600
port-security
!
interface FastEthernet 1/1
port-security
port-security maximum 2
port-security violation trap-shutdown
2.6.1.2 Switch Status ( )
. 62. Security Network - Port Security - Switch Status
User Module Legend ( )
User Module Name ( ): , .
-
56 2015 Zelax ZES-22xx
Abbr: , Users () Port Status ( ).
Port Status ( )
Port (): . .
Users (): , , . '-' , . , , , .
State (): . :
Disabled (): , , .
Ready (): ; -.
Limit Reached ( ): , , ; , MAC- .
Shutdown ( ): , , . MAC- , .
MAC Count (Current/Limit) ( MAC- ( // )): -, (, ) -, . , (-). , Limit ( ) (-).
CLI:
ZES-2220S# show port-security switch
Users:
L = Limit Control
8 = 802.1X
Interface Users State MAC Cnt
----------------------- ----- ------------- -------
FastEthernet 1/1 L- Ready 0
FastEthernet 1/2 -- No users 0
FastEthernet 1/3 -- No users 0
FastEthernet 1/4 -- No users 0
FastEthernet 1/5 -- No users 0
FastEthernet 1/6 -- No users 0
FastEthernet 1/7 -- No users 0
FastEthernet 1/8 -- No users 0
FastEthernet 1/9 -- No users 0
FastEthernet 1/10 -- No users 0
FastEthernet 1/11 -- No users 0
FastEthernet 1/12 -- No users 0
FastEthernet 1/13 -- No users 0
FastEthernet 1/14 -- No users 0
FastEthernet 1/15 -- No users 0
FastEthernet 1/16 -- No users 0
GigabitEthernet 1/1 -- No users 0
GigabitEthernet 1/2 -- No users 0
-
ZES-22xx 2015 Zelax 57
GigabitEthernet 1/3 -- No users 0
GigabitEthernet 1/4 -- No users 0
2.6.1.3 Port Statistics ( ) MAC-, .
. 63. Security Network - Port Security - Port Statistics
MAC Address (-): Port Security Limit Control , MAC-, .
VLAN ID: VLAN ID, .
State (): , MAC- . - .
Time of Addition ( ): , MAC- .
Age/Hold (/ ): MAC-, MAC- ( ). MAC- , , MAC-. ( ) , MAC- MAC-. , . MAC- , (-).
2.6.2 NAS (Network Access Server)
, (supplicants) , . , IEEE 802.1X, , , .
, radius-, . RADIUS-, , EAPOL ( ). . , , RADIUS.
-
58 2015 Zelax ZES-22xx
2.6.2.1 Configuration ()
. 64. Security Network NAS - Configuration
System Configuration ( )
Mode ( ): 802.1X -. , .
Reauthentication Enabled ( ): , , "Reauthentication Period" ( ). , .
Reauthentication Period ( ): , . 3600 . 1 3600 .
EAPOL Timeout ( EAPOL): , , Request Identify ( ) EAPOL. 30 . 1 65535 .
Aging Period ( ): , 802.1X -. 300 . 10 1 000 000 .
Hold Time ( ): , EAP, RADIUS, - . , Single 802.1X, Multi 802.1X -. 10 . 10 1 000 000 .
Radius-Assigned QoS Enabled ( QoS, Radius): , QoS, RADIUS.
Radius-Assigned VLAN Enabled ( VLAN, Radius): VLAN, RADIUS, VLAN, , . VLAN,
-
ZES-22xx 2015 Zelax 59
RADIUS, . RADIUS- RADIUS .
"RADIUS-Assigned VLAN Enabled" () / RADIUS- VLAN. , , VLAN RADIUS. , VLAN RADIUS .
Guest VLAN Enabled ( VLAN): VLAN VLAN, . , , VLAN. , VLAN .
Guest VLAN ID ( VLAN): VLAN ID , VLAN . VLAN ID , , VLAN. : 1 4095.
Max. Reauth. Count ( ): EAPOL, , VLAN. , VLAN . 1~255.
Allow Guest VLAN if EAPOL Seen ( VLAN, EAPOL): , EAPOL . VLAN, , . ( ), VLAN , EAPOL . ( ), VLAN, EAPOL . , VLAN .
Port Configuration ( )
Port (): . Port * .
Admin State ( ): . , NAS. :
Force Authorized ( ): () EAPOL, , .
Force Unauthorized ( ): () EAPOL, , .
Port-Based 802.1X (802.1X ): , dot1x- . , dot1x-, .
Single 802.1X ( 802.1X): Single 802.1X, , . EAPOL. , , , . , . , . . - Port Security ( ) ( , ).
-
60 2015 Zelax ZES-22xx
Multi Single 802.1X ( 802.1X): Multi 802.1X, . ; - Port Security ( ).
MAC-based Auth. ( -): 802.1X, - EAPOL. -, , , . ( ), , , , , - RADIUS- EAP. 6- - "xx-xx-xx-xx-xx-xx", (-) - ( ).
MD5-Challenge, RADIUS- .
Radius-Assigned QoS Enabled ( QoS, Radius): , RADIUS-Assigned QoS .
Radius-Assigned VLAN Enabled ( VLAN, Radius): , RADIUS-Assigned VLAN .
Guest VLAN Enabled ( VLAN): , VLAN .
Port State ( ): ( 802.1X). :
Globally Disabled ( ): 802.1X MAC- .
Link Down ( ): 802.1X MAC- , .
Authorized (): .
Unauthorized ( ): , RADIUS- .
X Auth/Y Unauth ( /Y ): . , Y .
Restart (): , . , , ( System Configuration ( ), Admin State ( ) EAPOL-based ( EAPOL) MAC-Based ( MAC-). .
Reauthenticate ( ): , ( EAPOL). -, . , , , .
Reinitialize ( ): , . , .
CLI:
dot1x re-authentication
dot1x system-auth-control
!
interface FastEthernet 1/1
dot1x port-control auto
-
ZES-22xx 2015 Zelax 61
!
interface FastEthernet 1/2
dot1x port-control mac-based
2.6.2.2 Switch Status ( )
. 65. Security Network NAS - Switch Status
Port (): . NAS .
Admin State ( ): .
Port Status ( ): .
Last Source ( ): -, EAPOL EAPOL.
Last ID ( ID ): ( ), EAPOL EAPOL.
QoS Class ( QoS): QoS, NAS . QoS NAS, .
Port VLAN ID (VLAN-ID ): VLAN ID , NAS. VLAN ID NAS, .
CLI:
ZES-2220S# show dot1x status brief
Inf Admin Port State Last Src Last ID QOS VLAN Guest
-------- ----- ---------- ----------------- ----------------- ---- ---- -----
Fa 1/1 Port Down - - - - -
Fa 1/2 MAC Down - - - - -
Fa 1/3 Auth Down - - - - -
Fa 1/4 Auth Down - - - - -
Fa 1/5 Auth Auth - - - - -
Fa 1/6 Auth Down - - - - -
-
62 2015 Zelax ZES-22xx
Fa 1/7 Auth Down - - - - -
Fa 1/8 Auth Down - - - - -
Gi 1/1 Auth Down - - - - -
Gi 1/2 Auth Down - - - - -
Gi 1/3 Auth Down - - - - -
Gi 1/4 Auth Down - - - - -
2.6.2.3 Port Statistics ( )
. 66. Security Network NAS - Port Statistics
Port State ( )
Admin State ( ): .
Port Status ( ): .
Receive EAPOL Counters ( EAPOL)
Total ( ): EAPOL , .
Response ID ( ): EAPOL , .
Responses ( ): EAPOL ( ), .
Start (): EAPOL, .
Logoff (): EAPOL, .
Invalid Type ( ): EAPOL, , .
Invalid Length ( ): EAPOL, , Packet Body Length ( ).
Transmit EAPOL Counters ( EAPOL)
Total (): EAPOL , .
Request ID (ID ): EAPOL , .
Requests (): EAPOL ( ), .
-
ZES-22xx 2015 Zelax 63
2.6.3 ACL ( ) ACL ,
. , .
2.6.3.1 Ports ()
. 67. Security Network ACL Ports
Port (): .
Policy ID ( ): . , , . 0. 0~255.
Action (): , .
Rate Limiter ID ( ): , . Rate Limiters ( ).
Port Redirect ( ): , .
Mirror (): . , , Mirror (). ACL, , . ACL Mirror () ACL Ports Configuration ( ACL). Mirror Configuration ( ), Port to mirror on (, ) , Mode ( ) Disabled ().
Logging ( ): . , System (), System Log Information ( ).
Shutdown ( ): , , .
State (): ^
Enabled (): .
-
64 2015 Zelax ZES-22xx
Disabled (): .
Counters (): , , .
2.6.3.2 Rate Limiters ( )
. 68. Security Network ACL Rate Limiters
Rate Limiter ID ( ): .
Rate (): , . 0~3276700 pps (/.) 1, 100, 200, 3001000000 /.
Unit ( ): .
CLI:
access-list rate-limiter 1 100kbps 10
access-list rate-limiter 2 100kbps 5
2.6.3.3 Access Control List ( )
. , , .
. 69. Security Network ACL Configuration
-
ZES-22xx 2015 Zelax 65
Ingress Port ( ): . All (), ( ) .
Policy Bitmask ( ): ACE.
Frame Type ( ): , .
Action (): - permit () deny ().
Rate Limiter ( ): , , .
Port Redirect ( ): , .
Mirror (): , .
Counter (): , - , .
.
. 70. Security Network ACL ACE
ACE Configuration ( ACE)
Ingress Port ( ): . All (), .
Policy Filter (): . Any () , . Specific (), ACE.
Frame Type ( ): . : Any (), Ethernet, ARP, IPv4. .
Action (): - permit () deny ().
Rate Limiter ( ): , .
Mirror (): .
Logging ( ): .
-
66 2015 Zelax ZES-22xx
Shutdown ( ): .
Counter (): , - , .
VLAN Parameters ( VLAN)
802.1Q Tagged (802.1Q ): , ( ).
VLAN ID Filter ( VLAN ID): VLAN ID ACE.
Any (): VLAN ID . Specific (): VLAN ID.
VLAN ID, ACE.
Tag Priority ( ): User Priority ( ), VLAN .
MAC Parameter (-)
SMAC Filter ( SMAC): - . Any (), - Specific (), - . ( Any () Ethernet.
DMAC Filter ( DMAC): - .
Any (): - . MC: -. BC: -. UC: -. Specific (): , -
. ( Ethernet.)
Ethernet Type Parameter ( Ethernet )
EtherType Filter ( Ether): Ethernet II. EtherType ( Ether) Specific ().
ARP Parameter ( ARP)
ARP/RARP: ARP.
Any (): ARP/RARP . ARP: ARP/RARP ARP. RARP: ARP/RARP RARP. Other (): ARP/RARP.
Request/Reply (/): , ARP, ARP .
Any (): ARP/RARP . Request (): ARP
Request ( ARP) RARP Request ( RARP). Reply (): ARP Reply
( ARP) RARP Request ( RARP).
Sender IP Filter ( IP- ): IP- .
Any (): IP- . Host (): IP- . Network (): IP- IP- .
Target IP Filter ( IP-): IP- .
Any (): IP- . Host (): IP-. Network (): IP- IP- .
-
ZES-22xx 2015 Zelax 67
ARP Sender SMAC Match ( SMAC- ARP): 0, , SHA (Sender Hardware Address ) ARP/RARP - . 1, , SHA ARP/RARP - . Any (), .
RARP Target MAC Match ( MAC- RARP): 0, , THA (Target Hardware Address ) ARP/RARP - . 1, , THA ARP/RARP - . Any (), .
IP/Ethernet Length ( IP-/Ethernet): 0, , HLN (Hardware Address Length ) ARP/RARP Ethernet (0x6) Protocol Address Length ( ) IPv4 (0x4). 1, , HLN ARP/RARP Ethernet (0x6) Protocol Address Length ( ) IPv4 (0x4). Any (), .
IP: 0, , Protocol Address Space ( ) ARP/RARP IP (0x800). 1, , Protocol Address Space ( ) IP (0x800). Any (), .
Ethernet: 0, , Hardware Address Space ( ) ARP/RARP Ethernet (1). 1, , Hardware Address Space ( ) Ethernet (1). Any (), .
IP Parameters ( IP)
IP Protocol Filter ( IP): IP , : Any (), ICMP, UDP, TCP Other ().
IP TTL: Zero (), , TTL IPv4 0. TTL 0, Non-Zero ( ). , any ( ).
IP Fragment ( IP): , Any ( ). Yes () , IPv4, MF, FRAG OFFSET 0 . No () , IPv4, MF, FRAG OFFSET 0 .
IP Option ( IP): .
, Any ( ). Yes () , IPv4 , . No () , IPv4 , .
SIP Filter ( SIP): IP- : Any (), Host () Network (). Host (), IP- . Network (), , .
SIP Address ( SIP): IP- .
SIP Mask ( SIP): .
DIP Filter ( DIP): IP- : Any (), Host () Network (). Host (), IP- . Network (), , .
DIP Address ( DIP): IP- .
DIP Mask ( DIP): .
IPv6 Parameters ( IPv6)
-
68 2015 Zelax ZES-22xx
Next Header Filter ( ): . : ICMP, UDP, TCP, Other ( ).
SIP Filter ( SIP): IP- . Any () , SIP-. Specific (), SIP .
Hop Limit (. ): , Any ( ). 0, IPv6, hop limit . 1, IPv6, hop limit .
CLI:
access-list ace 1 ingress interface FastEthernet 1/2 vid 10 rate-limiter 1 logging
2.6.3.4 ACL Status ( )
. 71. Security Network ACL Status
ACL ACL. CE, . CE - , . CE 256.
User (/): ACL.
Ingress Port ( ): ACE. , .
Frame Type ( ): ACE. :
Any (): CE . EType: CE Ethernet. ,
Ethernet ACE IP ARP. ARP: CE ARP/RARP. IPv4: CE IPv4. IPv4/ICMP: ACE IPv4 ICMP. IPv4/UDP: ACE IPv4 UDP. IPv4/TCP CE IPv4 CP. IPv4/Other ( IPv4): IPv4,
ICMP/UDP/TCP. IPv6: CE IPv6.
Action (): () ACE.
Permit (): , ACE, .
Deny (): , ACE, .
Filtered (): , .
Rate Limiter ( ): . : 1 16. Disabled (), .
Port Redirect ( ): .
, . : Disabled (), . Disabled (), .
-
ZES-22xx 2015 Zelax 69
Mirror (): . :
Enabled (): , , . Disabled (): , , .
"Disabled" ().
CPU: , ACE CPU.
CPU Once ( CPU): , ACE CPU.
Counter (): .
Conflict (): . .
CLI:
ZES-2220S# show access-list ace-status
User
----
S : Static
IPSG: IP Source Guard
IPMC: IPMC
MEP : MEP
ARPI: ARP Inspection
UPnP: UPnP
PTP : PTP
DHCP: DHCP
LOOP: Loop Protect
? : Z-Ring
User ID Frame Action Rate L. Mirror CPU Counter Conflict
---- -- ----- ------ -------- -------- ------ ------- -------
S 1 Any Permit 1 Disabled No 0 No
Switch 1 access-list ace number: 1
2.6.4 DHCP DHCP Snooping
DHCP. DHCP Snooping , IP- () , DHCP Snooping. , , , , DHCP Snooping, , IP Source Guard.
2.6.4.1 Snooping Configuration ( DHCP Snooping)
-
70 2015 Zelax ZES-22xx
. 72. Security DHCP Snooping Configuration
DHCP Snooping Configuration ( DHCP Snooping)
Snooping Mode ( Snooping): DHCP Snooping . DHCP snooping, DHCP , .
Port Mode Configuration ( )
Port (): . Port * .
Mode ( ): DCHP Snooping. Trusted () Untrusted ().
CLI:
ip dhcp snooping
!
interface FastEthernet 1/1
no ip dhcp snooping trust
2.6.4.2 DHCP Relay
. 73. Security DHCP Relay configuration
-
ZES-22xx 2015 Zelax 71
Relay Mode ( DHCP Relay): DHCP relay.
Relay Server ( DHCP Relay): IP- DHCP-, DHCP relay .
Relay Mode ( DHCP Relay): DHCP Relay option 82. , , , , Relay Mode Enabled ().
Relay Information Policy ( DHCP Relay): DHCP Relay DHCP-, option 82.
Replace (): DHCP- DHCP Relay . .
Keep (): DHCP-. Drop (): , DHCP,
DHCP Relay.
CLI:
ip dhcp relay
ip helper-address 192.168.0.254
ip dhcp relay information option
2.6.4.3 Relay Statistics ( DHCP Relay)
. 74. Security DHCP Relay Statistics
DHCP Relay Statistics ( DHCP Relay)
Transmit to Server ( ): , .
Transmit Error ( ): , .
Receive from Client ( ): , .
Receive Missing Agent Option ( ): , .
Receive Missing Circuit ID ( ): , Circuit ID ( ).
Receive Missing Remote ID ( ): , Remote ID ( ).
Receive Bad Circuit ID ( ): , Circuit ID ( ) circuit ID.
Receive Bad Remote ID ( ): , Remote ID ( ) Remote ID.
Client Statistics ( )
Transmit to Client ( ): .
-
72 2015 Zelax ZES-22xx
Transmit Error ( ): , .
Receive from Client ( ): , .
Receive Missing Agent Option ( ): , .
Replace Agent Option ( ): , .
Keep Agent Option ( ): , .
Drop Agent Option ( ): , , .
2.6.5 IP Source Guard ( IP- )
2.6.5.1 Configuration ()
. 75. Security IP Source Guard Configuration
IP Source Guard Configuration ( IP- )
Mode ( ): IP- ().
Translate dynamic to static ( ): , .
Port Mode Configuration ( )
Port (): . Port * .
Mode ( ): IP- . , , , IP- , , .
Max Dynamic Clients (. ): , . : 0, 1, 2, unlimited ( ).
-
ZES-22xx 2015 Zelax 73
0, IP-, (IP-) .
CLI:
ip verify source
!
interface FastEthernet 1/2
ip verify source
ip verify source limit 1
2.6.5.2 Static Table ( )
. 76. Security IP Source Guard Static Table
Port (): .
VLAN ID: VLAN ID.
IP Address (IP-): IP-.
MAC Address (-): MAC-.
, Add New Entry ( ). Delete (), .
Save (), . Reset (), , , .
CLI:
ip source binding interface FastEthernet 1/2 2 192.168.0.105 00-1b-21-21-9f-fb
2.6.5.3 Dynamic Table ( ) IP- ,
, VLAN ID, IP- MAC-. , 20 . 999 ; , entries per page ( ).
. 77. Security IP Source Guard Dynamic Table
-
74 2015 Zelax ZES-22xx
2.6.6 ARP inspection ( ARP)
2.6.6.1 Port Configuration ( )
. 78. Security ARP inspection Port Configuration
ARP Inspection Configuration ( ARP)
Mode ( ): ARP .
Port Mode Configuration ( )
Port (): . Port * .
Mode ( ): ARP . , , , ARP , , .
Check VLAN ( VLAN): (Enable) (disable) VLAN.
Log Type ( ): .
None (): . Deny (): . Permit (): . All (): .
CLI:
ip arp inspection
!
interface FastEthernet 1/2
no ip arp inspection trust
ip arp inspection check-vlan
ip arp inspection logging all
-
ZES-22xx 2015 Zelax 75
2.6.6.2 VLAN Configuration ( VLAN)
. 79. Security ARP inspection VLAN Configuration
VLAN ID: VLAN ARP. -, web- Port mode configuration ( ). , Global Mode ( ) Port Mode ( ), ARP Inspection . -, web- VLAN mode configuration ( VLAN) , VLAN . VLAN.
Log Type ( ): .
None (): . Deny (): . Permit (): . All (): .
, Add New Entry ( ). Delete (), .
Save (), . Reset (), , , .
CLI:
ip arp inspection vlan 10
ip arp inspection vlan 10 logging all
2.6.6.3 Static Table ( )
. 80. Security ARP inspection Static Table
Port (): .
VLAN ID: VLAN ID.
-
76 2015 Zelax ZES-22xx
MAC Address (-): - ARP.
IP Address (IP-): IP- ARP.
, Add New Entry ( ). Delete (), .
Save (), . Reset (), , , .
CLI:
ip arp inspection entry interface FastEthernet 1/1 2 00-1b-21-21-9f-fb 192.168.0.105
2.6.6.4 Dynamic Table Status ( )
. 81. Security ARP inspection Dynamic Table Status
Port (): .
VLAN ID: VLAN ID, ARP.
MAC Address (-): - .
IP Address (IP-): IP- .
2.7 RADIUS
2.7.1.1 Configuration ()
. 82. Security Radius Configuration
Global Configuration ( )
Timeout ( ): , , .
Retransmit ( ): , . , , .
-
ZES-22xx 2015 Zelax 77
Deadtime ( ): Deadtime ( ) , , . , , , . Deadtime , (0), , , . Deadtime: 0 1440 .
Key (): 64 . RADIUS- .
NAS-IP-Address: IPv4, 4 RADIUS. , IP- .
NAS-IPv6-Address: IPv6, 95 RADIUS. , IP- .
NAS Identifier ( NAS): 256 , 32 RADIUS. , NAS .
Server Configuration ( )
Hostname ( ): RADIUS- IP-.
Auth Port ( ): UDP, RADIUS- .
Acct Port ( ): UDP, RADIUS- .
Timeout ( ): , . , .
Retransmit ( ): , . , .
Key (): , . , .
CLI:
radius-server host 192.168.0.105
2.7.1.2 RADIUS Overview ( RADIUS)
. 83. Security Radius Overview
-
78 2015 Zelax ZES-22xx
#: Radius. . , #.
IP Address (IP-): IP- UPD.
Status (): RADIUS. , , :
Disabled (): . Not Ready ( ): , IP
. Ready (): , IP .
RADIUS- .
2.7.1.3 RADIUS Details ( RADIUS)
. 84. Security Radius Details
RADIUS Authentication Statistics for Server ( RADIUS )
Access Accepts ( ): RADIUS Access-Accept ( ) , .
Access Rejects ( ): RADIUS Access-Reject ( ) , .
Access Challenges ( ): RADIUS Access-Challenge ( ) , .
Malformed Access Responses ( ): RADIUS Access-Response ( ), . . Bad authenticators ( ) Message Authenticator ( ), .
-
ZES-22xx 2015 Zelax 79
Bad Authenticators ( ): RADIUS, Message Authenticator ( ).
Unknown Types ( ): RADIUS, .
Packets Dropped ( ): RADIUS, .
Access Requests ( ): RADIUS Access-Request ( ), . .
Access Retransmissions ( ): RADIUS Access-Request ( ), RADIUS- .
Pending Requests ( ): RADIUS Access-Request ( ), , , . Access-Request ( ) Access-Accept ( ), Access-Reject ( ), Access-Challenge ( ), .
Timeouts ( ): . , , . ( ). ( ).
IP Address (IP-): IP- UDP .
State (): . :
Disabled (): . Not Ready ( ): , IP
. Ready (): , IP ; RADIUS
. Dead (X seconds left) ( ,
): , . (), . , , . , .
Round-Trip Time ( ): ( ) Access-Reply/Access-Challenge Access-Request RADIUS- . () 100 . 0 , .
RADIUS Accounting Statistics for Server ( RADIUS )
Responses ( ): RADIUS ( ), .
Malformed Responses ( ): RADIUS, . . .
Bad Authenticators ( ): RADIUS, , .
Unknown Types ( ): RADIUS , .
Packets Dropped ( ): RADIUS, .
-
80 2015 Zelax ZES-22xx
Requests (): RADIUS, . .
Retransmissions ( ): RADIUS, RADIUS.
Pending Requests ( ): RADIUS, , , . , , ; .
Timeouts ( ): . , , . ( ). ( ).
IP Address (IP-): IP- UDP .
State (): . :
Disabled (): . Not Ready ( ): , IP
. Ready (): , IP ; RADIUS
. Dead (X seconds left) ( ,
): , . (), . , , . , .
Round-Trip Time ( ): ( ) RADIUS- . 100 . 0 , .
CLI:
ZES-2220S# show radius-server statistics
Global RADIUS Server Timeout : 5 seconds
Global RADIUS Server Retransmit : 3 times
Global RADIUS Server Deadtime : 0 minutes
Global RADIUS Server Key :
Global RADIUS Server Attribute 4 :
Global RADIUS Server Attribute 95 :
Global RADIUS Server Attribute 32 :
RADIUS Server #1:
Host name : 192.168.0.105
Auth port : 1812
Acct port : 1813
Timeout :
Retransmit :
Key :
RADIUS Server #1 (192.168.0.105:1812) Authentication Statistics:
Rx Access Accepts: 0 Tx Access Requests: 0
Rx Access Rejects: 0 Tx Access Retransmissions: 0
Rx Access Challenges: 0 Tx Pending Requests: 0
Rx Malformed Acc. Responses: 0 Tx Timeouts: 0
Rx Bad Authenticators: 0
Rx Unknown Types: 0
-
ZES-22xx 2015 Zelax 81
Rx Packets Dropped: 0
State: Ready
Round-Trip Time: 0 ms
RADIUS Server #1 (192.168.0.105:1813) Accounting Statistics:
Rx Responses: 0 Tx Requests: 0
Rx Malformed Responses: 0 Tx Retransmissions: 0
Rx Bad Authenticators: 0 Tx Pending Requests: 0
Rx Unknown Types: 0 Tx Timeouts: 0
Rx Packets Dropped: 0
State: Ready
Round-Trip Time: 0 ms
2.7.2 TACACS+ Tacacs+ .
. 85. Security Tacacs+
Global Configuration ( )
Timeout ( ): , TACACS+ , .
Deadtime ( ): Deadtime ( ) , , . , , , . Deadtime , ( 0 ), , , . Deadtime: 0 1440 .
Key (): 63 . TACACS+ .
Server Configuration ( )
Hostname ( ): TACACS+ IP-.
Port (): TCP, TACACS+ .
Timeout ( ): , . , .
Key (): , . , .
CLI:
tacacs-server key 123456
tacacs-server host 192.168.0.110 timeout 20
-
82 2015 Zelax ZES-22xx
2.8 Aggregation () ,
, , , . , . : LACP.
Aggregation () static ( ) LACP.
. 86. Aggregation
2.8.1 Static ( )
. 87. Aggregation Static
Aggregation Mode Configuration ( )
Source MAC Address (- ): MAC- , .
Destination MAC Address (- ): MAC- , .
IP Address (IP-): IP- , .
TCP/UDP Port Number ( TCP/UDP): TCP/UDP , .
Aggregation Group Configuration ( )
-
ZES-22xx 2015 Zelax 83
Group ID ( ): , . Normal ( ) , . 2 10 (). , , .
Port Members (- ): , .
CLI:
interface FastEthernet 1/1
aggregation group 1
!
interface FastEthernet 1/2
aggregation group 1
2.8.2 LACP LACP (Link Aggregation Control Protocol
), IEEE 802.3ad. . , , LACP, , LACP. LACP, . , LACP, .
2.8.2.1 Port Configuration ( ) LACP.
. 88. Aggregation LACP
Port (): . Port * .
LACP Enabled ( LACP): LACP .
Key (): Auto () , . , , Specific (). : 1 65535. LACP .
-
84 2015 Zelax ZES-22xx
, ( ).
Role (): Active ( ), Passive ( ), LACP. , , Active LACP. , LACP- , , . , - .
, LACP, , , LACP. , LACP LACP, , LACP.
Timeout ( ): Timeout ( ) BPDU. Fast (), LACP ; Slow (), LACP 30 .
Prio ( ): , . , , .
CLI:
interface FastEthernet 1/10
lacp
!
interface FastEthernet 1/11
lacp
2.8.2.2 System Status ( )
. 89. Aggregation System Status
Aggr ID ( ): , LAG (Link Aggregation Group).
Partner System ID ( ): LAG (MAC-).
Partner Key ( ): , LAG.
Partner Prio ( ): .
Last Changed ( ): , LAG.
Local Ports ( ): , LAG.
-
ZES-22xx 2015 Zelax 85
2.8.2.3 Port Status ( )
. 90. Aggregation Port Status
Port (): .
LACP: LACP .
Yes (): LACP , . No (): LACP , . Backup ( ): .
LAG, LAG.
Key (): .
Aggr ID ( ): , .
Partner System ID ( ): LAG .
Partner Port ( ): , .
Partner Prio ( ): .
2.8.2.4 Port Statistics ( )
. 91. Aggregation Port Statistics
-
86 2015 Zelax ZES-22xx
Port (): .
LACP Received ( LACP): LACP, .
LACP Transmitted ( LACP): LACP, .
Discarded (): , .
2.9 Redundancy ()
. . , - . , , , , . STP (802.1d), RSTP (802.1w) MSTP (802.1s). Z-Ring ERPS (G.8032), , STP-.
, . , Redundancy ().
. 92. Redundancy
2.9.1 Z-Ring Z-Ring . 250
, , 10 . STP, Z-Ring , . Z-Ring ( ), , .
2.9.1.1 Configuration ()
-
ZES-22xx 2015 Zelax 87
. 93. Aggregation Z-Ring Configuration
, Add New Instance ( ).
Instance (): . 5.
Type (): Z-Ring 3 . .
Z-Ring: Z-Ring . - Z-Ring.
. 94. Z-Ring
Z-Chain: Z-Chain , , Z-Ring , Z-Ring.
. 95. Z-Ring
Sub-Ring: Sub-Ring . Sub-Ring Z-Ring Z-Chain. .
-
88 2015 Zelax ZES-22xx
Z-Ring
Z-Ring Z-Ring
Z-Ring Z-Ring
Z-Ring
Z-Ring
Sub-Ring
Sub-Ring
Sub-Ring
Sub-Ring
Z-Ring
Z-Ring
. 96. Z-Ring Sub-Ring
Master ( ): Master ( ) , , . , , (Master). , Master , Z-Ring -. , (Master) .
Port (): .
Edge (): , Z-Chain. , , Z-Chain.
(Master) .
Z-Ring
Z-Chain
Sub-Ring
1.
. , Z-Ring - . -. , Z-Ring - . -
. - -. , , Z-Ring . : Z-Chain, ( ) .
. , Z-Ring - . -. , Z-Ring - . -
-
ZES-22xx 2015 Zelax 89
.
.
2.
.
. , .
.
CLI:
ring 1 ring east interface FastEthernet 1/1 west interface FastEthernet 1/2
2.9.1.2 Status ()
. 97. Aggregation Z-Ring Status
Instance (): .
Type (): .
Role (): Master ( ) Slave ( ). .
East & West Port Number ( () ): , .
East & West Port State ( () ): . :
Forwarding (): . Blocking (): . Down (): .
East & West Port Edge ( () ): , .
Healthy ( ): .
: .
o: , . .
-
90 2015 Zelax ZES-22xx
o: . blocked () forwarding (), .
CLI:
ZES-2220S#show ring 1
|-------East-------| |-------West-------|
Inst Type Role Interface State Edge Interface State Edge Healthy
----+-----+-----+---------+-----+----+---------+-----+----+-------
1 Ring - Fa 1/1 Down - Fa 1/2 Down - -
2.9.2 Loop Protection ( ) , ,
, . , . Loop Protection ( ), , . . , , , .
2.9.2.1 Configuration ()
. 98. Loop Protection Configuration
General Settings ( )
Enable Loop Protection ( ): .
Transmission Time ( ): PDU . : 1 10 .
Shutdown Time ( ): , . : 0 604800 . 0 , , .
Port Configuration ( )
-
ZES-22xx 2015 Zelax 91
Port (): . Port * .
Enable (): .
Action (): , . : Shutdown Port ( ), Shutdown Port and Log ( , ) Log Only ( ).
Shutdown Port ( ): , , , Shutdown Time ( ).
Shutdown Port and Log ( , ): , , , Shutdown Time ( ), .
Log Only ( ): , .
Tx Mode ( ): PDU PDU, .
CLI:
loop-protect
loop-protect shutdown-time 60
!
interface FastEthernet 1/1
no loop-protect
!
interface FastEthernet 1/4
loop-protect action shutdown log
2.9.2.2 Status ()
. 99. Loop Protection Status
Port (): .
Action (): , .
Transmit (): (Tx).
Loops (): , .
Status (): , .
Loops (): , .
Time of Last Loop ( ): , .
2.9.3 Spanning Tree , ,
, . , . ,
-
92 2015 Zelax ZES-22xx
(), , . , -, , , - ( ) . -, . . CPU .
, , STP , , , , .
STP (Spanning Tree Protocol) IEEE Standard 802.1s. 2- ( - Ethernet-) , , .
, , IEEE Standard 802.1s - RSTP (Rapid Spanning Tree Protocol (IEEE 802.1w)). RSTP STP, . , , () . , RSTP STP.
RSTP IEEE 802.1s MSTP (Multiple Spanning Tree protocol), VLAN . STP RSTP, MSTP STP VLAN. , VLAN, MSTP , STP.
2.9.3.1 Bridge Settings ( )
. 100. Spanning Tree Bridge Settings
Basic Settings ( )
Protocol Version ( ): . : STP, RSTP MSTP.
Bridge Priority ( ): , . ( ) , .
-
ZES-22xx 2015 Zelax 93
, . MSTP CIST. STP/RSTP.
Forward Delay ( ): STP, Forward Delay , Listening () Learning () Forwarding ( ). , . : 4 30 .
Max Age (. ): hello , . : 6 40 , Max Age (Forward Delay-1)*2.
Maximum Hop Count ( ): , BPDU . BPDU, . , BPDU . 20. 6 40.
Transmit Hold Count ( BPDU ): BPDU, . , BPDU . 6 . : 1 10.
, , CPU; . Transmit Hold Count , .
Advanced Settings ( )
Edge Port BPDU Filtering ( BPDU ): BPDU BPDU , .
Edge Port BPDU Guard ( BPDU ): , - . , . , BPDU. , , , .
BPDU, STP.
, BPDU guard. BPDU, , STP , BPDU. .
Port Error Recovery ( ): , , - , .
Port Error Recovery Timeout ( ): , , , - , . 30 86400 .
CLI:
spanning-tree mode rstp
spanning-tree edge bpdu-filter
spanning-tree edge bpdu-guard
spanning-tree mst 0 priority 4096
-
94 2015 Zelax ZES-22xx
2.9.3.2 MSTI Mapping ( MSTI)
. 101. Spanning Tree MSTI Mapping
Configuration Identification ( )
Configuration Name ( ): MSTI. - . 32 . , STP MSTI, .
Configuration Revision ( ): MSTI. : 1 65535.
MSTI Mapping ( MSTI)
MSTI: MSTI.
VLAN Mapped ( VLAN): VLAN, MSTI. VLAN, VLAN. VLAN VLAN. (: 2,5,20-40). MSTI .
CLI:
spanning-tree mst name 00-1a-81-00-c0-a9 revision 0
spanning-tree mst 1 vlan 3-5
2.9.3.3 MSTI Priorities ( MSTI)
-
ZES-22xx 2015 Zelax 95
. 102. Spanning Tree MSTI Priorities
MSTI: MSTI . MSTI * .
Priority (): MSTI. , . . , , -. , , . : MSTI, 6- - .
CLI:
spanning-tree mst 1 priority 16384
-
96 2015 Zelax ZES-22xx
2.9.3.4 CIST Ports ( CIST)
. 103. Spanning Tree CIST Ports
CIST Aggregated Port Configuration ( CIST)
Port (): .
STP Enabled ( STP): STP.
Path Cost ( ): . Auto (), . , , Specific (). : 1 200000000.
, , , .
Priority (): .
Admin Edge ( ): , Edge ().
Auto Edge ( ): , . , BPDU.
Restricted Role ( ): , CIST MSTI , STP.
Restricted TCN ( TCN): , .
BPDU Guard ( BPDU): BPDU. BPDU discarding. , , BPDU.
Point-to-Point (-): , .
Auto (): , - - .
Forced True ( -): -.
Forced False ( ): .
CLI:
interface FastEthernet 1/4
spanning-tree
spanning-tree bpdu-guard
-
ZES-22xx 2015 Zelax 97
spanning-tree mst 0 port-priority 16
2.9.3.5 MSTI Ports ( MSTI)
. 104. Spanning Tree MSTI Ports
MSTI, , Get ().
. 105. Spanning Tree MSTI Port Configuration
Port (): .
Path Cost ( ): . Auto (), . , , Specific (). : 1 200000000.
, , , .
Priority (): .
2.9.3.6 Bridge Status ( )
-
98 2015 Zelax ZES-22xx
. 106. Spanning Tree Bridge Status
STP Bridge ( STP)
MSTI: . .
Bridge ID ( ): , - .
Root ID ( ): -.
Root Port ( ): , . . , .
Root Cost ( ): . . .
Topology Flag ( ): .
Topology Change Last (