Escolar Documentos
Profissional Documentos
Cultura Documentos
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
This is a confidential document of Tulip and reproduction, translation, transformation to any medium requires prior written approval of Tulip. This document includes confidential information related to Tulip and shall not be distributed to the persons other than those mentioned in the distribution list without the consent of the parties.
Document distribution List Serial Number 1 2 Name SV Ramana Arun Singh Purpose Review & Approve Review & Approve
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
DEFAULT LOGIN In-band IP Address http://192.168.1.1 Out-of-band IP Address http://192.168.0.1 User Name admin Password 1234 Configuring Host Name:
ES-3124F(config)#hostname <name_string> System name string ES-3124F(config)# hostname Zyxel Zyxel(config)#
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
Syntax: ip address inband-default <ip> <mask> Example: Zyxel(config)# vlan 1 Zyxel(config-vlan)# ip address ? <ip-address> IP Address default-gateway Configre inband default gateway inband-default In-band Default IP Setting Zyxel(config-vlan)# ip address inband-default 2.2.2.2 255.255.255.0 Zyxel(config-vlan)# ip address default-gateway 2.2.2.1 Modifying port speed and duplex mode: The ports auto-sense and auto-negotiate the speed and duplex mode of the connected device. You can manually enter the port speed to operate at either 10, 100, or 1000 Mbps. Syntax: speed-duplex <value> The default is auto (auto-negotiation). Example: Zyxel(config)# interface port-channel 20 Zyxel(config-interface)# speed-duplex <auto|10-half|10-full|100-half|100-full|1000-full> Set Interface Speed duplex Zyxel(config-interface)# speed-duplex 100-full Disabling or re-enabling a port: A port can be made inactive (disable) or active (enable) by selecting the appropriate status option. The default value for a port is enabled. This same as shutdown and noshutdown option in other switches. Example: Zyxel(config)# interface port-channel 20 Zyxel(config-interface)# inactive Zyxel(config)# interface port-channel 20 Zyxel(config-interface)# no inactive
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
Example: Zyxel(config)# vlan vlan vlan-stacking vlan-type Zyxel(config)# vlan 20 Zyxel(config-vlan)#untagged <port-list> Untagged port list Zyxel(config-vlan)# untagged 20 Zyxel(config-vlan)#
vlan1q
Example: Zyxel(config)# mstp configuration-name <name> Name string Zyxel(config)# mstp configuration-name TULIP_TEST Setting the MSTP revision number: Each switch that is running MSTP is configured with a revision number. For compatibility of MSTP with Cisco and Maipu you need to configure identical number on all. Syntax: mstp revision <0-65535> Sets the revision number for this MST Region Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
configuration. Example: Zyxel(config)#mstp revision 10 Configuring an MSTP instance: An MSTP instance is configured with an MSTP ID for each region. Each region can contain one or more VLANs. Syntax: mstp instance <0-16> vlan <vlan-list> no mstp instance <0-16> vlan <1-4094> Disables the assignment of specific VLANs from an MST instance. Example: Zyxel(config)# mstp instance 1 vlan 3,5,7 Configuring bridge priority: Priority can be configured for a specified instance. You can set a priority to the instance that gives it forwarding preference over lower priority instances within a VLAN or on the switch. Syntax: mstp instance <0-16> priority <0- 61440> Example: Zyxel(config)#mstp instance 1 priority 8192 Notes: Acceptable values are 0 - 61440 in increments of 4096. Specifies the VLANs that belongs to the instance.
bandwidth-limit pir) are used to control the Committed Information Rate (CIR) and the Peak Information Rate (PIR) allowed on a port. The CIR and PIR should be set for all ports that use the same uplink bandwidth. If the CIR is reached, packets are sent at the rate up to the PIR. When network congestion occurs, packets through the ingress port exceeding the CIR will be marked for drop. Ingress Rate-limit: Syntax: bandwidth-control interface port-channel <port-list> bandwidth-limit cir bandwidth-limit cir <rate> Enables bandwidth control on the Switch. Enters subcommand mode for configuring the specified ports. Enables commit rate limits on the specified port(s). Sets the guaranteed bandwidth allowed for the incoming traffic flow on a port.
Example: Zyxel(config)# int port-channel 20 Zyxel(config-interface)# bandwidth-limit cir Set Interface Bandwidth limit egress Set Interface Bandwidth limit pir Set Interface Bandwidth limit Zyxel(config-interface)# bandwidth-limit cir <Kbps> Set Interface Bandwidth limit <cr> Set Interface Commit Bandwidth limit Zyxel(config-interface)# bandwidth-limit cir Zyxel(config-interface)#bandwidth-limit cir 64 Egress Rate-limit: Syntax: bandwidth-control interface port-channel <port-list> bandwidth-limit egress bandwidth-limit egress <rate> Enables bandwidth control on the Switch. Enters subcommand mode for configuring the specified ports. Enables bandwidth limits for outgoing traffic on the port(s). Sets the maximum bandwidth allowed for outgoing traffic on the port(s).
Example: Zyxel(config)# int port-channel 20 Zyxel(config-interface)# bandwidth-limit cir Set Interface Bandwidth limit
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
egress pir
Storm-Control:
Storm control prevents traffic on a LAN from being disrupted by a broadcast, a multicast, or a unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in the network configuration, or users issuing a denial-of-service attack can cause a storm. To enable any kind of storm control first you have to enable it globally. Syntax: storm-control no storm-control Enables broadcast storm control on the Switch. Disables broadcast storm control on the Switch.
Example: ZYXEL(config)# storm control Broadcast Storm-control: Syntax: broadcast-limit broadcast-limit <pkt/s> Switch accepts Enables the broadcast packet limit on the specified port(s). Specifies the maximum number of broadcast packets the per second on the specified port(s).
Example: ZYXEL(config)# int port-channel 20 ZYXEL(config-interface)# broadcast-limit <cr> <pkt/s> Set Interface Broadcast Limit
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
Enables the multicast packet limit on the specified port(s). C 13 Specifies the maximum number of multicast packets the Switch accepts per second on the specified port(s).
Example: ZYXEL(config)# int port-channel 20 ZYXEL(config-interface)# multicast-limit <cr> <pkt/s> Set Interface Multicast Limit
ZYXEL(config-interface)# Multicast-limit ZYXEL(config-interface)# Multicast-limit 100 Unknown Unicast Storm-Control: Syntax: dlf-limit dlf-limit <pkt/s> accepts per second Example: ZYXEL(config)# int port-channel 20 ZYXEL(config-interface)# dlf-limit <cr> <pkt/s> Set Interface DLF Limit Enables the DLF packet limit on the specified port(s). Specifies the maximum number of DLF packets the Switch on the specified port(s).
IGMP Snooping
Syntax: igmp-snooping no igmp-snooping igmp-filtering Enables IGMP snooping. Disables IGMP snooping. Enables IGMP filtering on the Switch. Ports can only join multicast groups specified in their IGMP filtering profile.
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
Sets the range of multicast address(es) in a profile. Example: ZYXEL(config)# igmp-snooping ZYXEL(config)# igmp-filtering <cr> Enable IGMP Filtering
Tacacs+ Authentication:
Step 1:
aaa authentication enable: <method1> [<method2> Specifies which method should be used first, second, and third for checking privileges. method: enable, radius, or tacacs+. Step 2:
aaa authentication login Specifies which method should be used first, second, and third for the authentication of login accounts. method: local, radius, or tacacs+. Step 3: tacacs-server host <index> <ip> [auth-port <socket-number>][key<key-tring>] Specifies the IP address of the specified TACACS+ server.Optionally, sets the port number and key of the TACACS+ Step 4: tacacs-server mode <index- priority|round-robin> Specifies the mode for TACACS+ server selection. Step 5: tacacs-server timeout <1-1000> Specifies the TACACS+ server timeout value. Example:
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
ZYXEL(config)# aaa authentication enable tacacs+ ZYXEL(config)# aaa authentication login tacacs+ ZYXEL(config)# tacacs-server host 71.5.101.4 key cisco123
NTP Configuration:
Syntax: timesync server <ip> Sets the IP address of your time server. The Switch synchronizes with the time server in the following situations: When the Switch starts up. Every 24 hours after the Switch starts up. When the time server IP address or protocol is updated. timesync <daytime|time|ntp> Sets the time server protocol. You have to configure a time server before you can specify the protocol.
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
no timesync Example:
ZYXEL(config)# timesync <daytime|time|ntp> Time server setting server Time server IP address setting ZYXEL(config)# timesync server <ip> IP address setting ZYXEL(config)# timesync server 1.1.1.1 For the Time settings following options are available: ZYXEL(config)# time <Hour:Min:Sec> Set time by Hour:Min:Sec date Date setting daylight-saving-time Daylight saving time help Description of Time help timezone Time zone(UTC) setting ZYXEL(config)# time 08/06/2010
Logging Commands:
Syntax: show logging no logging Example: Displays system logs. Clears system logs.
Port Security
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
These commands to allow only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. For maximum port security, enable port security, disable MAC address learning and configure static MAC address(es) for a port. Syntax: port-security no port-security port-security <port-list> Enables port security on the Switch. Disables port security on the device. Enables port security on the specified port(s). port-security <port-list> learn inactive Disables MAC address learning on the specified port(s). port-security <port-list>address-limit <number> Limits the number of (dynamic) MAC addresses that may be learned on the specified port(s). Example: ZYXEL(config)#port-security <cr> <port-list> Port list of port security configuration ZYXEL(config)# port-security ZYXEL(config)# ZYXEL(config)# <number> ZYXEL(config)# ZYXEL(config)# port-security 20 port-security 20 address-limit number of learned MAC address port-security 20 address-limit 30 port-security 20 learn inactive
Check the port security on port: ZYXEL# sh port-security Port Security Active : YES Port Active Address Learning Limited Number of Learned MAC Address 01 N Y 0 02 N Y 0 03 N Y 0 04 N Y 0 05 N Y 0 06 N Y 0 07 N Y 0 08 N Y 0 09 N Y 0 10 N Y 0 11 N Y 0 12 N Y 0 13 N Y 0 14 N Y 0 15 N Y 0 16 N Y 0 17 N Y 0
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
18 N 19 N 20 Y 21 N 22 N 23 N 24 N 25 N 26 N 27 N 28 N ZYXEL# #
Y Y N Y Y Y Y Y Y Y Y
0 0 30 0 0 0 0 0 0 0 0
Example: ZYXEL(config)# mirror-port ZYXELconfig)# mirror-port 3 ZYXEL(config)# interface port-channel 1 ZYXEL(config-interface)# mirror Mirrored port 1 is monitor port now. ZYXEL(config-interface)# mirror dir both OR ZYXEL(config-interface)# mirror dir egress
BPDU Control
Syntax: bcp-transparency Activate BPDU control interface port-channel <port-list> bpdu-control <peer|tunnel|discard|network>
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
Select Peer to process any BPDU (Bridge Protocol Data Units) received on this port. Select Tunnel to forward BPDUs received on this port. Select Discard to drop any BPDU received on this port. Select Network to process a BPDU with no VLAN tag and forward a tagged BPDU.
Example: ES-3124# config ES-3124(config)# bcp-transparency ES-3124(config)# interface port-channel 20 ES-3124(config-interface)# bpdu-control ? <peer|tunnel|discard|network> ES-3124(config-interface)# bpdu-control discard
Step2: Reboot the switch and keep pressing Enter key until the switch reaches the default mode.
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
Step 3: Change the baud rate of the switch to 115200 so that the file transfer is quick. Command: atba5
Step 4: Save the ROM file to the computer. Type Command atlc to transfer the .ROM file from computer to switch through Xmodem. a) First type the command: altc on the switch.
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
b) Then transfer the file 380AIV1C0.ROM This will bring the switch to default configuration.
Step 5: Once the changes are done reboot the switch and the baud rate will automatically reset to 9600. Command: atgo
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020
The .ROM file is available on the FTP please download it first before starting the recovery procedure. By this way the old configuration will be lost. I have already asked ZYXEL to provide a work around for this, once they will reply I will update.
Tulip Telecom Ltd., A 235, Okhla Phase I New Delhi 110 020