Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » switch » zyxel_gs1910
Trace:
networking:switch:zyxel_gs1910

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:switch:zyxel_gs1910 [2014/06/30 10:37]
gcooper 		networking:switch:zyxel_gs1910 [2015/08/12 09:20] (current)
gcooper
Line 7: Line 7:
 http://www.zyxel.com/us/en/products_services/xgs1910_gs1910_series.shtml?t=p http://www.zyxel.com/us/en/products_services/xgs1910_gs1910_series.shtml?t=p
  
-Support Notes: ftp://ftp2.zyxel.com/GS1910-24HP/support_note/GS1910-24HP_V1.00.zip+**Support Notes**: ftp://ftp2.zyxel.com/GS1910-24HP/support_note/GS1910-24HP_V1.00.zip 
 + 
 +**CLI Reference**: ftp://ftp.zyxel.com/XS3900-48F/cli_reference_guide/XS3900-48F_1.pdf
  
 ===== Firmware Updates ===== ===== Firmware Updates =====
Line 17: Line 19:
 ==== Default Login Details ==== ==== Default Login Details ====
  
-|IP Address     |http://192.168.1.1           +|IP Address     |http://192.168.1.1                                              
-|User Name      |admin                        +|User Name      |admin                                                           
-|Password       |1234                         +|Password       |1234                                                            
-|Serial Console |115200,N,8,1,No flow control |+|Serial Console |115200,N,8,1,No flow control                                    | 
 +|Serial Cable   |9-pin straight through, USB serial adapter + USB extension only |
  
 ==== CLI Basics ==== ==== CLI Basics ====
  
-<file>+Reset to factory defaults, at boot up:
  
 +<file>
 +ctrl-c
 +default
 +reset
 </file> </file>
  
Line 69: Line 76:
  
 :!: The default priority queue is zero (0). :!: The default priority queue is zero (0).
 +
 +==== Show Current QoS Classifications ====
 +
 +**Web Interface -> Monitor -> QoS Statistics**
  
 ==== Port-Based ==== ==== Port-Based ====
  
-:!: See the Zyxel QoS support note.+:!: See the Zyxel QoS support note for VLAN and port-based QoS.
  
 ==== DSCP ==== ==== DSCP ====
Line 101: Line 112:
 **Web Interface -> Configure -> QoS -> QoS Control List** **Web Interface -> Configure -> QoS -> QoS Control List**
  
-Create QoS Control List Entries to actuate the QoS classifications:+Create QoS Control List Entries (QCEs) to actuate the QoS classifications: 
 + 
 +{{ :networking:switch:zyxel_qce.png |Zyxel QoS Control List Entry}}
  
 {{ :networking:switch:qos_control_list_entries.png |QoS Control List Entries}} {{ :networking:switch:qos_control_list_entries.png |QoS Control List Entries}}
  
 +===== Access Control Lists =====
 +
 +==== Example Application ====
 +
 +  - We have created a port-based VLAN on switch ports 1-6 to use a section of the switch as a DMZ.
 +  - We have a primary Internet connection via cable modem connected to port 1.
 +  - We have a server's IPMI interface configured with a static public address connected to port 2.
 +  - We have a router's WAN interface configured with a static public address connected to port 3.
 +  - For security reasons, we need to limit access to the server's IPMI (remote management) interface to the support provider's public Internet interface.
 +
 +==== Create an ACL Policy ====
 +
 +:!: Here we create a policy that consists of two Access Control Entries (ACEs) and we apply the ACL policy to the port connected to the server's IPMI interface.
 +
 +:!: The order of the ACEs is important.
 +
 +  - The first ACE permits traffic from the IPMI device to the support providers external Internet address/subnet.
 +    - Set the 'Policy Filter' to 'Specific'
 +    - Use a 'Policy Value' of 1 or another unused ID number (just not '0' zero).
 +    - Set the 'Frame Type' to 'IPv4'
 +    - Set the destination IP address or subnet as the IPMI support provider's external IP address.
 +    - Set the 'Action' to 'Permit'.
 +  - The second ACE denies all other traffic from the IPMI device.
 +    - Set the 'Policy Filter' to 'Specific'
 +    - Use the same 'Policy Value' as in ACE #1.
 +    - Set the 'Frame Type' to 'IPv4'
 +    - Change the 'Action' to 'Deny'.
 +
 +**Configuration -> Security -> Network -> ACL -> Access Control List -> Add**
 +
 +{{ :networking:switch:zyxel_create_ace.png?direct&650 |}}
 +
 +{{ :networking:switch:zyxel_create_ace_2.png?direct&650 |}}
 +
 +==== Apply the ACE ====
 +
 +:!: We apply the ACL policy to the port with the IPMI device.
 +
 +:!: We deny all other traffic on that port using an ACE (above), not by changing the 'Action' on the Ports page.  That doesn't seem to work as desired.
 +
 +**Configuration -> Security -> Network -> ACL -> Ports**
 +
 +  - Enter the ID of the ACL policy you just created in the Policy ID field of the port with the IPMI device.
 +  - Leave the 'Action' as 'Permit'.
 +
 +{{ :networking:switch:zyxel_apply_ace.png?direct&700 |}}
networking/switch/zyxel_gs1910.1404146257.txt.gz · Last modified: 2014/06/30 10:37 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki