I will configure for an example the switch ZyXEL MES-3528.
When connected via the console, the standard parameters are as follows:
9600 8N1
Login: admin, password: 1234
The standard IP address of the device is 192.168.1.1, through the browser you may need to type https://192.168.1.1
When connected via the console, there are several levels of elevated privileges to which you can switch by typing commands (exit to return):
enable configure
View the current configuration:
show running-config
Let’s look at the device information:
show system-information show ssh
View privilege level (0-minimum, 14-maximum):
show privilege
Change Password:
admin-password PASSWORD password PASSWORD
Set up a separate VLAN to control the device (port 25 with uplink tag):
vlan 207 name core normal 1-24,26-28 fixed 25 ip address default-management 192.168.0.2 255.255.255.0 ip address default-gateway 192.168.0.1 exit
Configure the VLAN for users (port 25 uplink with the tag, if we specify untagged 1-28 without the tag):
vlan 226 name local_smart fixed 1-28 untagged 1-24,26-28 exit
Set up protection against broadcast flood and loops:
storm-control loopguard show interfaces config 1-28 bstorm-control interface port-channel 1-24,26-28 broadcast-limit 128 loopguard pvid 226 exit interface port-channel 25 pvid 226 exit
Time setting example:
show time time 14:00:37 time date 12/05/2015 time timezone +200 show timesync timesync server 192.168.1.1 timesync daytime/time/ntp
Configure dhcp snooping and protect against third-party DHCP servers:
show dhcp snooping show dhcp snooping binding show dhcp snooping database show dhcp snooping database detail dhcp snooping dhcp snooping vlan 1,226 dhcp snooping vlan 1,226 information dhcp dhcp-vlan 226 interface port-channel 25 dhcp snooping trust exit
Let us configure the switch only from the specified IP address:
remote-management 1 remote-management 2 remote-management 1 start-addr 192.168.1.1 end-addr 192.168.1.1 service telnet ftp http icmp snmp ssh https remote-management 2 start-addr 192.168.1.5 end-addr 192.168.1.5 service telnet ftp http icmp snmp ssh https
Configure SNMP passwords:
snmp-server get-community COMMUNITY snmp-server set-community COMMUNITY snmp-server trap-community COMMUNITY
You can save the configuration with the command (from the mode (config) you need to exit by typing exit):
write memory
If you need to reset the device settings, then for this there is a command:
erase running-config
I will give an example of viewing MAC addresses on the port:
show mac address-table port 10 show mac address-table multicast
To clear the MAC addresses from the switch table, use the command (for example, from port 10):
mac-flush 10
Example of disabling/enabling the port (the power to the SFP module in this case will be supplied, that is, the laser will light, but the port will be disabled):
interface port-channel 28 inactive no inactive
See also my article:
Port isolation on the ZyXEL MES-3528 switch