I will configure for an example the switch ZyXEL MES-3528.
When connected via the console, the standard parameters are as follows:
9600 8N1
Login: admin, password: 1234
The standard IP address of the device is 192.168.1.1, through the browser you may need to type https://192.168.1.1
When connected via the console, there are several levels of elevated privileges to which you can switch by typing commands (exit to return):
enable
configure
View the current configuration:
show running-config
Let’s look at the device information:
show system-information
show ssh
View privilege level (0-minimum, 14-maximum):
show privilege
Change Password:
admin-password PASSWORD
password PASSWORD
Adding an administrator:
logins username ixnfo password PASSWORD
show logins
Set up a separate VLAN to control the device (port 25 with uplink tag):
vlan 207
name core
normal 1-24,26-28
fixed 25
ip address default-management 192.168.0.2 255.255.255.0
ip address default-gateway 192.168.0.1
exit
An example of configuring all ports untagged and for the switch to receive an IP address via DHCP:
vlan 1
normal ""
fixed 1-28
forbidden ""
untagged 1-28
ip address default-management dhcp-bootp
Configure the VLAN for users (port 25 uplink with the tag, if we specify untagged 1-28 without the tag):
vlan 226
name local_smart
fixed 1-28
untagged 1-24,26-28
exit
Set up protection against broadcast flood and loops:
storm-control
loopguard
show interfaces config 1-28 bstorm-control
interface port-channel 1-24,26-28
broadcast-limit 128
loopguard
pvid 226
exit
interface port-channel 25
pvid 226
exit
Time setting example:
show time
time 14:00:37
time date 12/05/2015
time timezone +200
show timesync
timesync server 192.168.1.1
timesync daytime/time/ntp
Configure dhcp snooping and protect against third-party DHCP servers:
show dhcp snooping
show dhcp snooping binding
show dhcp snooping database
show dhcp snooping database detail
dhcp snooping
dhcp snooping vlan 1,226
dhcp snooping vlan 1,226 information
dhcp dhcp-vlan 226
interface port-channel 25
dhcp snooping trust
exit
Let us configure the switch only from the specified IP address:
remote-management 1
remote-management 2
remote-management 1 start-addr 192.168.1.1 end-addr 192.168.1.1 service telnet ftp http icmp snmp ssh https
remote-management 2 start-addr 192.168.1.5 end-addr 192.168.1.5 service telnet ftp http icmp snmp ssh https
Configure SNMP passwords:
snmp-server get-community COMMUNITY
snmp-server set-community COMMUNITY
snmp-server trap-community COMMUNITY
You can save the configuration with the command (from the mode (config) you need to exit by typing exit):
write memory
If you need to reset the device settings, then for this there is a command:
erase running-config
I will give an example of viewing MAC addresses on the port:
show mac address-table port 10
show mac address-table multicast
To clear the MAC addresses from the switch table, use the command (for example, from port 10):
mac-flush 10
Example of disabling/enabling the port (the power to the SFP module in this case will be supplied, that is, the laser will light, but the port will be disabled):
interface port-channel 28
inactive
no inactive
See also my article:
Port isolation on the ZyXEL MES-3528 switch