====== Zyxel GS1910 Ethernet Switch ======

**Web Interface**: http://192.168.0.250

FIXME

http://www.zyxel.com/us/en/products_services/xgs1910_gs1910_series.shtml?t=p

**Support Notes**: ftp://ftp2.zyxel.com/GS1910-24HP/support_note/GS1910-24HP_V1.00.zip

**CLI Reference**: ftp://ftp.zyxel.com/XS3900-48F/cli_reference_guide/XS3900-48F_1.pdf

===== Firmware Updates =====

:!: You must, apparently, install firmware updates in order.

===== Initial Configuration =====

==== Default Login Details ====

|IP Address     |http://192.168.1.1                                              |
|User Name      |admin                                                           |
|Password       |1234                                                            |
|Serial Console |115200,N,8,1,No flow control                                    |
|Serial Cable   |9-pin straight through, USB serial adapter + USB extension only |

==== CLI Basics ====

Reset to factory defaults, at boot up:

<file>
ctrl-c
default
reset
</file>

==== Out-of-Band (OOB) Management Interface ====

<file>

</file>

===== Enable Jumbo Frames =====

Access ports:

<file>

</file>

Trunk ports:

<file>

</file>

===== Create VLANs =====

FIXME

http://www.manualslib.com/manual/200632/Zyxel-Communications-Es-2024-Series.html?page=85#manual

http://www.bogus.net/~torh/files/zyxel-vlan.txt

ftp://ftp.eyenetworks.no/ZyXEL/GS-2200-8/UserGuide/final/4-2_VLAN-port-based-4%200.pdf

Display current VLAN information:

Set the CLI to configuration mode and define VLAN:

===== Quality of Service =====

:!: The Zyxel GS1910 has seven priority queues.

:!: Higher numbered queues are higher priority.

:!: The default priority queue is zero (0).

==== Show Current QoS Classifications ====

**Web Interface -> Monitor -> QoS Statistics**

==== Port-Based ====

:!: See the Zyxel QoS support note for VLAN and port-based QoS.

==== DSCP ====

**Web Interface -> Configure -> QoS -> DSCP-Based QoS**

Select the DSCP classifications you want to support and set the priority queues they are to be mapped to.

Here are some common selections:

^DSCP Classification ^Priority Queue ^
|24 (CS3)            |3              |
|34 (AF41)           |4              |
|40 (CS5)            |5              |
|46 (EF)             |5              |

**Web Interface -> Configure -> QoS -> DSCP Classification**

Set the reverse mapping of priority queues to DSCP classifications.

Something like:

^Priority Queue ^DSCP Classification ^
|3              |24 (CS3)            |
|4              |34 (AF41)           |
|5              |46 (EF)             |

**Web Interface -> Configure -> QoS -> QoS Control List**

Create QoS Control List Entries (QCEs) to actuate the QoS classifications:

{{ :networking:switch:zyxel_qce.png |Zyxel QoS Control List Entry}}

{{ :networking:switch:qos_control_list_entries.png |QoS Control List Entries}}

===== Access Control Lists =====

==== Example Application ====

  - We have created a port-based VLAN on switch ports 1-6 to use a section of the switch as a DMZ.
  - We have a primary Internet connection via cable modem connected to port 1.
  - We have a server's IPMI interface configured with a static public address connected to port 2.
  - We have a router's WAN interface configured with a static public address connected to port 3.
  - For security reasons, we need to limit access to the server's IPMI (remote management) interface to the support provider's public Internet interface.

==== Create an ACL Policy ====

:!: Here we create a policy that consists of two Access Control Entries (ACEs) and we apply the ACL policy to the port connected to the server's IPMI interface.

:!: The order of the ACEs is important.

  - The first ACE permits traffic from the IPMI device to the support providers external Internet address/subnet.
    - Set the 'Policy Filter' to 'Specific'
    - Use a 'Policy Value' of 1 or another unused ID number (just not '0' zero).
    - Set the 'Frame Type' to 'IPv4'
    - Set the destination IP address or subnet as the IPMI support provider's external IP address.
    - Set the 'Action' to 'Permit'.
  - The second ACE denies all other traffic from the IPMI device.
    - Set the 'Policy Filter' to 'Specific'
    - Use the same 'Policy Value' as in ACE #1.
    - Set the 'Frame Type' to 'IPv4'
    - Change the 'Action' to 'Deny'.

**Configuration -> Security -> Network -> ACL -> Access Control List -> Add**

{{ :networking:switch:zyxel_create_ace.png?direct&650 |}}

{{ :networking:switch:zyxel_create_ace_2.png?direct&650 |}}

==== Apply the ACE ====

:!: We apply the ACL policy to the port with the IPMI device.

:!: We deny all other traffic on that port using an ACE (above), not by changing the 'Action' on the Ports page.  That doesn't seem to work as desired.

**Configuration -> Security -> Network -> ACL -> Ports**

  - Enter the ID of the ACL policy you just created in the Policy ID field of the port with the IPMI device.
  - Leave the 'Action' as 'Permit'.

{{ :networking:switch:zyxel_apply_ace.png?direct&700 |}}