Setting up the ZyXEL MES-3528

Posted byVyacheslav Leave a comment on Setting up the ZyXEL MES-3528

I will configure for an example the switch ZyXEL MES-3528.
When connected via the console, the standard parameters are as follows:
9600 8N1
Login: admin, password: 1234

The standard IP address of the device is 192.168.1.1, through the browser you may need to type https://192.168.1.1

When connected via the console, there are several levels of elevated privileges to which you can switch by typing commands (exit to return):

enable
configure

View the current configuration:

show running-config

Let’s look at the device information:

show system-information
show ssh

View privilege level (0-minimum, 14-maximum):

show privilege

Change Password:

admin-password PASSWORD
password PASSWORD

Adding an administrator:

logins username ixnfo password PASSWORD
show logins

Set up a separate VLAN to control the device (port 25 with uplink tag):

vlan 207
name core
normal 1-24,26-28
fixed 25
ip address default-management 192.168.0.2 255.255.255.0
ip address default-gateway 192.168.0.1
exit

Configure the VLAN for users (port 25 uplink with the tag, if we specify untagged 1-28 without the tag):

vlan 226
name local_smart
fixed 1-28
untagged 1-24,26-28 
exit

Set up protection against broadcast flood and loops:

storm-control
loopguard
show interfaces config 1-28 bstorm-control
interface port-channel 1-24,26-28
broadcast-limit 128
loopguard
pvid 226
exit
interface port-channel 25
pvid 226
exit

Time setting example:

show time
time 14:00:37
time date 12/05/2015
time timezone +200
show timesync
timesync server 192.168.1.1
timesync daytime/time/ntp

Configure dhcp snooping and protect against third-party DHCP servers:

show dhcp snooping
show dhcp snooping binding
show dhcp snooping database
show dhcp snooping database detail
dhcp snooping
dhcp snooping vlan 1,226
dhcp snooping vlan 1,226 information
dhcp dhcp-vlan 226
interface port-channel 25
dhcp snooping trust
exit

Let us configure the switch only from the specified IP address:

remote-management 1
remote-management 2
remote-management 1 start-addr 192.168.1.1 end-addr 192.168.1.1 service telnet ftp http icmp snmp ssh https
remote-management 2 start-addr 192.168.1.5 end-addr 192.168.1.5 service telnet ftp http icmp snmp ssh https

Configure SNMP passwords:

snmp-server get-community COMMUNITY
snmp-server set-community COMMUNITY
snmp-server trap-community COMMUNITY

You can save the configuration with the command (from the mode (config) you need to exit by typing exit):

write memory

If you need to reset the device settings, then for this there is a command:

erase running-config

I will give an example of viewing MAC addresses on the port:

show mac address-table port 10
show mac address-table multicast

To clear the MAC addresses from the switch table, use the command (for example, from port 10):

mac-flush 10

Example of disabling/enabling the port (the power to the SFP module in this case will be supplied, that is, the laser will light, but the port will be disabled):

interface port-channel 28
inactive
no inactive

See also my article:
Port isolation on the ZyXEL MES-3528 switch

Leave a comment

Leave a Reply