User Tools
Table of Contents
Zyxel GS1910 Ethernet Switch
Web Interface: http://192.168.0.250
http://www.zyxel.com/us/en/products_services/xgs1910_gs1910_series.shtml?t=p
Support Notes: ftp://ftp2.zyxel.com/GS1910-24HP/support_note/GS1910-24HP_V1.00.zip
CLI Reference: ftp://ftp.zyxel.com/XS3900-48F/cli_reference_guide/XS3900-48F_1.pdf
Firmware Updates
You must, apparently, install firmware updates in order.
Initial Configuration
Default Login Details
| IP Address | http://192.168.1.1 |
| User Name | admin |
| Password | 1234 |
| Serial Console | 115200,N,8,1,No flow control |
| Serial Cable | 9-pin straight through, USB serial adapter + USB extension only |
CLI Basics
Reset to factory defaults, at boot up:
ctrl-c default reset
Out-of-Band (OOB) Management Interface
Enable Jumbo Frames
Access ports:
Trunk ports:
Create VLANs
http://www.manualslib.com/manual/200632/Zyxel-Communications-Es-2024-Series.html?page=85#manual
http://www.bogus.net/~torh/files/zyxel-vlan.txt
ftp://ftp.eyenetworks.no/ZyXEL/GS-2200-8/UserGuide/final/4-2_VLAN-port-based-4%200.pdf
Display current VLAN information:
Set the CLI to configuration mode and define VLAN:
Quality of Service
The Zyxel GS1910 has seven priority queues.
Higher numbered queues are higher priority.
The default priority queue is zero (0).
Show Current QoS Classifications
Web Interface → Monitor → QoS Statistics
Port-Based
See the Zyxel QoS support note for VLAN and port-based QoS.
DSCP
Web Interface → Configure → QoS → DSCP-Based QoS
Select the DSCP classifications you want to support and set the priority queues they are to be mapped to.
Here are some common selections:
| DSCP Classification | Priority Queue |
|---|---|
| 24 (CS3) | 3 |
| 34 (AF41) | 4 |
| 40 (CS5) | 5 |
| 46 (EF) | 5 |
Web Interface → Configure → QoS → DSCP Classification
Set the reverse mapping of priority queues to DSCP classifications.
Something like:
| Priority Queue | DSCP Classification |
|---|---|
| 3 | 24 (CS3) |
| 4 | 34 (AF41) |
| 5 | 46 (EF) |
Web Interface → Configure → QoS → QoS Control List
Create QoS Control List Entries (QCEs) to actuate the QoS classifications:
Access Control Lists
Example Application
- We have created a port-based VLAN on switch ports 1-6 to use a section of the switch as a DMZ.
- We have a primary Internet connection via cable modem connected to port 1.
- We have a server's IPMI interface configured with a static public address connected to port 2.
- We have a router's WAN interface configured with a static public address connected to port 3.
- For security reasons, we need to limit access to the server's IPMI (remote management) interface to the support provider's public Internet interface.
Create an ACL Policy
Here we create a policy that consists of two Access Control Entries (ACEs) and we apply the ACL policy to the port connected to the server's IPMI interface.
The order of the ACEs is important.
- The first ACE permits traffic from the IPMI device to the support providers external Internet address/subnet.
- Set the 'Policy Filter' to 'Specific'
- Use a 'Policy Value' of 1 or another unused ID number (just not '0' zero).
- Set the 'Frame Type' to 'IPv4'
- Set the destination IP address or subnet as the IPMI support provider's external IP address.
- Set the 'Action' to 'Permit'.
- The second ACE denies all other traffic from the IPMI device.
- Set the 'Policy Filter' to 'Specific'
- Use the same 'Policy Value' as in ACE #1.
- Set the 'Frame Type' to 'IPv4'
- Change the 'Action' to 'Deny'.
Configuration → Security → Network → ACL → Access Control List → Add
Apply the ACE
We apply the ACL policy to the port with the IPMI device.
We deny all other traffic on that port using an ACE (above), not by changing the 'Action' on the Ports page. That doesn't seem to work as desired.
Configuration → Security → Network → ACL → Ports
- Enter the ID of the ACL policy you just created in the Policy ID field of the port with the IPMI device.
- Leave the 'Action' as 'Permit'.
