Setting up the ZyXEL MES-3528

I will configure for an example the switch ZyXEL MES-3528.
When connected via the console, the standard parameters are as follows:
9600 8N1
Login: admin, password: 1234

The standard IP address of the device is, through the browser you may need to type

When connected via the console, there are several levels of elevated privileges to which you can switch by typing commands (exit to return):


View the current configuration:

show running-config

Let’s look at the device information:

show system-information
show ssh

View privilege level (0-minimum, 14-maximum):

show privilege

Change Password:

admin-password PASSWORD
password PASSWORD

Adding an administrator:

logins username ixnfo password PASSWORD
show logins

Set up a separate VLAN to control the device (port 25 with uplink tag):

vlan 207
name core
normal 1-24,26-28
fixed 25
ip address default-management
ip address default-gateway

An example of configuring all ports untagged and for the switch to receive an IP address via DHCP:

vlan 1
  normal ""
  fixed 1-28
  forbidden ""
  untagged 1-28
  ip address default-management dhcp-bootp

Configure the VLAN for users (port 25 uplink with the tag, if we specify untagged 1-28 without the tag):

vlan 226
name local_smart
fixed 1-28
untagged 1-24,26-28 

Set up protection against broadcast flood and loops:

show interfaces config 1-28 bstorm-control
interface port-channel 1-24,26-28
broadcast-limit 128
pvid 226
interface port-channel 25
pvid 226

Time setting example:

show time
time 14:00:37
time date 12/05/2015
time timezone +200
show timesync
timesync server
timesync daytime/time/ntp

Configure dhcp snooping and protect against third-party DHCP servers:

show dhcp snooping
show dhcp snooping binding
show dhcp snooping database
show dhcp snooping database detail
dhcp snooping
dhcp snooping vlan 1,226
dhcp snooping vlan 1,226 information
dhcp dhcp-vlan 226
interface port-channel 25
dhcp snooping trust

Let us configure the switch only from the specified IP address:

remote-management 1
remote-management 2
remote-management 1 start-addr end-addr service telnet ftp http icmp snmp ssh https
remote-management 2 start-addr end-addr service telnet ftp http icmp snmp ssh https

Configure SNMP passwords:

snmp-server get-community COMMUNITY
snmp-server set-community COMMUNITY
snmp-server trap-community COMMUNITY

You can save the configuration with the command (from the mode (config) you need to exit by typing exit):

write memory

If you need to reset the device settings, then for this there is a command:

erase running-config

I will give an example of viewing MAC addresses on the port:

show mac address-table port 10
show mac address-table multicast

To clear the MAC addresses from the switch table, use the command (for example, from port 10):

mac-flush 10

Example of disabling/enabling the port (the power to the SFP module in this case will be supplied, that is, the laser will light, but the port will be disabled):

interface port-channel 28
no inactive

See also my article:
Port isolation on the ZyXEL MES-3528 switch

Leave a comment

Leave a Reply