Netgear GS728TPP User's Manual
Contents
1. admin source 10 5 70 19 destination 10 5 234 201 TERMINATED admin source 10 5 70 19 destination 10 5 234 201 ACCEPTED 219 10 31 2012 13 52 00 AAA I CONNECT New http connection for user GS752TP GS728TP and GS728TPP Gigabit Smart Switches The syslog message includes the following fields Date Time Module AAA in the example above Severity I in the example above Action DISSCONNECT in the example above Description http connection for user admin source 10 5 70 19 destination 10 5 234 201 TERMINATED in the example above Use the buttons at the bottom of the screen to perform the following actions e Click CLEAR to remove the messages from the buffered logs in the memory e Click REFRESH to update the screen with the latest messages in the log e Click CANCEL to cancel the configuration and reset the data to the previous values Server Log Use the Server Log screen to allow the switch to send log messages to the remote logging hosts configured on the system gt To adda remote log server 1 Select Monitoring gt Logs gt Server Log The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Mirroring TCAM Utilization Server Log Buffered Logs S2. Connect with Innovation System Switching Routing QoS Monitoring Maintenance Help Inde Ports LAG VLAN Voice VLAN Auto VoIP Multicast Address Table v Basic MST Port Configuration gt STP Status Configuration v Advanced Select MST f12 gt STP Configuration CST Configuration MST Port Configuration CST Port Configuration PORTS UGS AN CST Port Status gt RSTP MST Configuration OH at 128 200000 Enable 32769 Enable Disabled Master 80 0c 02 18 12 aa bb cc O g2 128 200000 Enable 32769 Enable Disabled Master 80 0c 02 18 12 aa bb cc IF g3 128 200000 Enable 32769 Enable Disabled Master 80 0c 02 18 12 aa bb cc O o4 128 200000 Enable 32769 Enable Disabled Master 80 0c 02 18 12 aa bb cc ls 128 200000 Enable 32769 Enable Disabled Master z O g 128 200000 Enable 32769 Enable Disabled Maste 97 128 200000 Enable 32769 Enable Disabled Master m ProSafe 48 Port Gigabit Smart Switct i and 4 SFP Port with PoE Go To Interface 80 0c 02 18 12 aa bb cc 80 0c 02 18 12 aa bb cc 80 0c 02 18 12 aa bb cc 80 0c 02 18 12 aa bb cc 80 0c 02 18 80 0c 02 18 12 aa bb cc 80 0c 02 18 12 2a bb cc aa bb cc REFRESH CANCE Note If no MST instances have been configured on the switch the screen displays a No MSTs Available message To view CST settings for an interface click PORTS LAGS or All Select the check box next to the port or LAG to configure You can sele
3. 4r nrbe ERE Pe deme 53 LLDP m 55 LLDP Gonflgurallgh icc hnpPOtbROHRSRRY ehr rair Terr eR 56 KEDP Forn SeMS 56 ali RE x eld ORE p Rah UR Rp CREAR 5f LLDP MED Network Policy cose RR RR 58 ELDPSMED Port Settings x42 xg x rto RPet asa o4 ARRERA CR 59 l ocal InfOrtallOD iau dece n ROB OTRRPTORT TENI UN PP TON a 60 Neighbors Informiatioh s uai an Cin Ru ria we e eR ai 63 Services DHCP Snooping 0060 cece eee lh nn 67 Table of Contents 3 GS752TP GS728TP and GS728TPP Gigabit Smart Switches DHCP Snooping Global Configuration llle 67 DHCP Snooping Interface Configuration 200 eae 68 DHCP Snooping Binding Configuration 00 20a 70 DHCP Snooping Persistent Configuration 00 200 71 Chapter 3 Configuring Switching Information POMS cd P PETEN TE EEE E E NE E AOE TEET EEEO 73 Global Corfigurationi 23 22 aem om RR beeen Pade es 73 Port Conflgurallort 2593 eka cR eed eid bene eee ad ds 74 Link Aggregation Groups 23 06 2430 rod ene Rec eq ce e ett eas 76 LAG Configuration 25 5 2 2 27022 4h de R o Ede med adie Sub dh 76 LAG Membership ss 2p C deo RP IPS RHOR S C Dod du 78 LACP Configuration s sssr rros eue oobi esa eu 3 S Sa bes 79 LACP Port Configuration udo craca acoso RR t trsa RORRR RR es 80 MBARIS deo tior dnte rede OPE IOpPAPPR GE RAPI Iq 81 VLAN Gorifiguballoh ocu xh iode gi Statu d od pm c Rol qul o d 81 VLAN Membership Co
4. Auto Advertise Advertise the current IP address of the device as the management IP address e Notification When notifications are enabled LLDP interacts with the trap manager to notify subscribers of remote data change statistics The default is Disabled e Optional TLVs Enable or disable the transmission of optional type length value TLV information from the interface The TLV information includes the system name system description system capabilities and port description For information about how to configure the system name see Management on page 26 For information about how to configure the port description see Ports on page 73 4 Click APPLY to apply the new settings to the system LLDP MED Network Policy This screen displays information about the LLPD MED network policy TLV transmitted in the LLDP frames on the selected local interface gt To view LLPD MED information 1 Select System gt LLDP gt Advanced gt LLDP MED Network Policy The following screen displays ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports NETGEAR GS752TP onnect with Innovati System Switching Routing QoS Security Monitoring Maintenance Help Index LLDP MED Network Policy Advanced LLDP MED Network Policy e LLOP Configuration Interface gi 7 LLDP Port Settings gt LLDP MED Network Network Policies Information e Policy i AN IU LLDP MED Port retake ee Application vinn ve z5 DSCP 2 Number
5. GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Monitoring Maintenance Help Index nse MRouter Timeou t Query Mode DES aximum Res nterval secs Enable Enable Enable 125 5 120 Disable 60 110 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 2 Select the VLAN ID and configure the IGMP Snooping values Fast Leave Admin Mode Enable or disable the IGMP snooping fast leave mode for the specified VLAN ID Enabling fast leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that Multicast group without first sending out MAC based general queries to the interface You should enable fast leave admin mode only on VLANs where only one host is connected to each Layer 2 LAN port This mode prevents the inadvertent dropping of the other hosts that were connected to the same Layer 2 LAN port but were still interested in receiving multicast traffic directed to that group Also fast leave processing is supported only with IGMP version 2 hosts Host Timeout The value for group membership interval of IGMP snooping for the specified VLAN ID This value is calculated as follows Query Interval 2 Maximum Response Time Maximum Response Time Enter the amount of time in seconds that a switch waits after sending a query on the VLAN because it did not receive a report for a particular group in th
6. The maximum number of HTTP sessions is 5 169 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 3 Click APPLY to update the switch with the HTTPS Authentication settings Secure HTTP Configuration Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer SSL or Transport Layer Security TLS connection When you manage the switch by using a web interface secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man in the middle attacks Use the Secure HTTP Configuration screen to configure the settings for HTTPS communication between the management station and the switch gt To configure HTTPS settings 1 Select Security gt Access gt HTTPS gt HTTPS Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Port Authentication Traffic Control ACL HT HTTPS Configuration v HTTPS HTTPS Configuration HTTPS Configuration Certificate HTTPS Port HTTPS Admin Mode Disable Enable Management HTTPS Session Soft Timeout Minutes Diea uL Maximum Number of HTTPS Sessions Access Profile Configuration gt Access Rule Configuration 2 Use the radio buttons next to the HTTPS Admin Mode to enable or d
7. Advanced LLDP MED Port Settings LLDP Configuration port gt LLDP Port Settings i1 pp MED status gt LLDP MED Network Notification Policy Transmit Optional TLVs Ang gt Local Information Neighbors Information REFRESH 2 From the Port list select the port to configure 3 From the LLDP MED Status list enable or disable the LLDP MED mode for the selected interface 4 From the Notification list select Enable or Disable to specify whether the port must send a topology change notification if a device is connected or removed 5 From the Transmit Optional TLVs list select Enable or Disable to specify whether the port must transmit optional type length values TLVs in the LLDP PDU frames If enabled the following LLDP MED TLVs are transmitted MED Capabilities 59 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Network Policy e Location Identification e Extended Power via MDI PSE e Extended Power via MDI PD e Inventory Click APPLY to apply the new settings to the system Configuration changes take effect immediately Local Information Use the LLDP Local Information screen to view the data that each port advertises through LLDP gt To display the LLDP Local Device Information screen T Select System Advanced LLDP Local Information The following screen displays NETGEAR Connect with Innovation System Switching Routing QoS Secu
8. NETGEAR GS752TP GS728TP and GS728TPP Gigabit Smart Switches Software Administration Manual GS752TP GS728TP and GS728TPP Gigabit Smart Switches Support Thank you for selecting NETGEAR products After installing your device locate the serial number on the label of your product and use it to register your product at https my netgear com You must register your product before you can use NETGEAR telephone support NETGEAR recommends registering your product through the NETGEAR website For product updates and web support visit http support netgear com Phone US amp Canada only 1 888 NETGEAR Phone Other Countries Check the list of phone numbers at http support netgear com general contact default aspx Trademarks NETGEAR the NETGEAR logo and Connect with Innovation are trademarks and or registered trademarks of NETGEAR Inc and or its subsidiaries in the United States and or other countries Information is subject to change without notice NETGEAR Inc All rights reserved Revision History Publication Part Number Version Publish Date Comments 202 11137 02 v1 0 March 2013 Updated document 202 11137 01 v1 0 February 2013 First publication Contents Chapter 1 Getting Started Getting Started with the NETGEAR Switch llis 9 Switch Management Interface anua auaa oo nw eee eres 10 Connect the Switch to the Network aaaaaaa anaana aaea 11 Discover a Switch in
9. Reauthentication Enabled Displays if reauthentication is enabled on the selected port This is a configurable field The possible values are TRUE and FALSE If the value is TRUE reauthentication occurs Otherwise reauthentication is not allowed Port Status Displays the authorization status of the specified port The possible values are Authorized Unauthorized and N A If the port is in detached state the value is N A since the port cannot participate in port access control 181 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Traffic Control From the Traffic Control menu you can configure MAC filters storm control port security and protected port settings The Traffic Control folder contains links to features described in the following sections e Storm Control e Port Security Interface Configuration e Security MAC Address e Protected Ports Storm Control A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port Forwarded message responses can overload network resources and cause the network to time out The switch measures the incoming broadcast multicast and unknown Unicast packet rate per port and discards packets when the rate exceeds the defined value You enable storm control per interface by defining the packet type and the rate at which the packets are transmitted Storm control is configured as a
10. Note There is an implicit deny all rule at the end of an ACL list This rule means that if an ACL is applied to a packet and if none of the explicit rules match the final implicit deny all rule applies and the packet is dropped gt To configure rules for an IP ACL 1 Click Security ACL Advanced IP Extended Rules In the following screen an extended IP ACL exists and two rules have been configured 198 GS752TP GS728TP and GS728TPP Gigabit Smart Switches N E TGE E A R ProSafe 48 Port Gigabit Smart Swit with PoE and 4 SFP Poi System Switching Routing QoS Security Monitoring Maintenance Help Index tocour Management Securil ly Access Port Authentication Traffic Control gt ACL Wizard IP Extended Rules pue IP Extended Rules MAC ACL MAC Rules biased Hoz gt MAC Binding Configuration Extended ACL Rule Table MAC Binding Table sign Match Protocol rid Source IP Source Destination tion Destination Action Logging od E ee L4 IP wie VERG Service Type ni Advenced skins aul an dr ress Port Address a Pu Bis Permit Permit True IP Rules aj Deny Deny 1 False 1 ICMP 50 1 1 2 255 255 255 0 65 1 2 3 4 1 2 5 6 IP PRECEDENCE 4 IPv6 Rules IP Binding Configuration gt IP Binding Table ADD Ji DELETE CANCEL Select the ACL ID to add the rule to and select the check box in the Extended ACL Rule table The extended ACL Rule Configuration
11. e MSTP Multiple Spanning Tree Protocol IEEE 802 1s Specify the configuration name and revision level e Configuration Name Name used to identify the configuration currently being used It can be up to 32 alphanumeric characters e Configuration Revision Level Number used to identify the configuration currently being used The valid range is 0 65535 The default value is 0 Next to Forward BPDU while STP Disabled select Enable or Disable 92 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The Forward BPDU while STP Disabled field specifies whether spanning tree BPDUs should be forwarded or not while spanning tree is disabled on the switch 6 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately The following table describes the STP Status information displayed on the screen Table 12 STP Status information Field Description Bridge Identifier The bridge identifier for the CST It is made up using the bridge priority and the base MAC address of the bridge Time Since Topology Change The time in seconds since the topology of the CST last changed Topology Change Count The number of times the topology has changed for the CST Topology Change The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the CST The value is either True or False Designated Root T
12. 1 Select Security gt Management Security gt Authentication List gt HTTP Authentication List The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Port Authentication Traffic Control ACL HTTP Authentication List User Configuration Change Password HTTP Authentication List e eee a ee Ee TACACS Authentication List p Mtplist ee HTTP Authentication List HTTPS Authentication List CANCEL APPLY 2 Select the check box next to the List Name 3 From the list in the 1 column select the HTTP authentication method that must appear first in the selected authentication login list If you select a method that does not time out as the first method such as local no other method is attempted even if you have specified more than one method This parameter does not appear when you first create a login list User authentication occurs in the order the methods are selected Possible methods are as follows Local The user s locally stored ID and password is used for authentication Since the local method does not time out if you select this option as the first method no other method is tried even if you have specified more than one method RADIUS The user s ID and password is authenticated using the RADIUS server If you sele
13. AF32 011100 iv AF 42 100100 2 v a v 2 gt AF 13 001110 0 5 AF 23 010110 0 v AF 33 011110 1 v AF43 100110 Expedited Forwarding EF PHB 0 EF 101110 2 v Other DSCP Values Local Experimental Use SS ET EESUI A EI UNE For each DSCP value select a hardware queue to associate with the value The traffic class is the hardware queue for a port Higher traffic class values indicate a higher queue position Before traffic in a lower queue is sent it must wait for traffic in higher queues to be sent The valid range is 0 3 Click APPLY to apply the changes to the system 143 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Differentiated Services The QoS feature provides Differentiated Services DiffServ support that enables traffic to be classified into streams and given certain QoS treatment in accordance with defined per hop behaviors For more information see DiffServ Traffic Classes Standard IP based networks are designed to provide best effort data delivery service Best effort service implies that the network delivers the data in a timely fashion although there is no guarantee that it will During times of congestion packets might be delayed sent sporadically or dropped For typical Internet applications such as email and file transfer a slight degradation in service is acceptable and in many cases unnoticeable Conversely any degradation of se
14. Fs to Frame to 7 Configuration co All ct Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All ao EU Tl 2 Select the check box next to the interfaces to configure You can select multiple interfaces to apply the same setting to the selected interfaces Select the check box in the heading row to apply the same settings to all interfaces e To configure PVID settings for a physical port click PORTS e To configure PVID settings for a link aggregation group LAG click LAGS e To configure PVID settings for both physical ports and LAGs click ALL 3 Configure the PVID to assign to untagged or priority tagged frames received on this port 4 In the Acceptable Frame Types list specify how you want the port to handle untagged and priority tagged frames Whichever you select VLAN tagged frames are forwarded in accordance with the IEEE 802 1Q VLAN standard The factory default is Admit All e VLAN Only The port discards any untagged or priority tagged frames it receives e Admit All Untagged and priority tagged frames received on the port are accepted and assigned the value of the Port VLAN ID for this port 5 In the Ingress Filtering list specify how you want the port to handle tagged frames You have the following options e Enable A tagged frame is discarded if this port is not a member of the VLA
15. Jumbo Frames Status Disabled Jumbo Frames After Reset Disable v 73 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 2 Next to Global Flow Control IEEE 802 3x Mode enable or disable IEEE 802 3x flow control on the system The factory default is Disable e Enable The switch sends pause packets if the port buffers become full e Disable The switch does not send pause packets if the port buffers become full 3 View the Jumbo Frames Status 4 In the Jumbo Frames After Reset list select Enable or Disable Jumbo frames support takes effect only after it is enabled and after the switch is rebooted The Jumbo Frames Status field displays the status of this feature 5 Click APPLY to apply the changes to the system Port Configuration Use the Port Configuration screen to configure the physical interfaces on the switch To configure port settings 1 Select Switching gt Ports gt Port Configuration The following screen displays NETGEAR GS752TP ect with In ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index LAG VLAN Voice VLAN Auto VoIP STP Multicast Address Table Port Configuration Global Configuration Port Configuration Port Configuration la PORTS LAGS All Go To Interface Admin Nm Port Type FH Port Speed Physical Status Link Status MAC Address _ n Ca Enable Auto Link
16. Number of TCAM entries used by DHCP snooping 225 Maintenance Use the features available from the Maintenance tab to help you manage the switch The Maintenance tab contains menus that provide access to the following features e Reset e Upload a File from the Switch e Download a File to the Switch e File Management e Troubleshooting 226 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Reset The Reset menu contains links that provide access to the features described in the following sections e Device Reboot e Factory Default Device Reboot Use the Device Reboot screen to reboot the switch gt To reboot the switch 1 Select Maintenance gt Reset gt Device Reboot The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch g with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Upload Download File Management Troubleshooting E A RRT Device Reboot Factory Default Device Reboot Check this box and click APPLY below to reboot unit s CANCEL APPLY j 2 Select the check box 3 Click APPLY The switch resets immediately The management interface is not available until the switch completes the boot cycle After the switch resets the login screen appears 227 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Factory Default Use the Factory
17. Requires a packet to match the criteria of this ACL Select Enable or Disable Match Every is exclusive to the other filtering rules so if Match Every is enabled the other rules on the screen are not available e Src IP Address Requires a packet s source IP address to match the address listed here Enter an IP address using dotted decimal notation The address you enter is compared to a packet s source IP address e Src IP Mask Specifies the source IP address wildcard mask Wildcard masks determine which bits are used and which bits are ignored A wildcard mask of 255 255 255 255 indicates that no bit is important A wildcard mask of 0 0 0 0 indicates that all of the bits are important Wildcard masking for ACLs operates differently from a subnet mask A wildcard mask is in essence the inverse of a subnet mask For example to apply the rule to all hosts in the 192 168 1 0 24 subnet enter 0 0 0 255 in the Source IP Mask field This field is required when you configure a source IP address 4 Click ADD Configuration changes take effect immediately To update an IP ACL rule select the check box associated with the rule update the desired fields and click APPLY You cannot modify the Rule ID of an existing IP rule IP Extended Rules Use the IP Extended Rules screen to define rules for IP based extended ACLs The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded
18. The valid range is 0 65535 The default port for RADIUS accounting is UDP 1813 4 From the Secret Configured list select Yes to add a RADIUS secret in the next field You must select Yes before you can configure the RADIUS secret After you add the RADIUS accounting server this field indicates whether the shared secret for this server has been configured 5 In the Secret field type the shared secret to use with the specified RADIUS accounting server 6 From the Accounting Mode list enable or disable the RADIUS accounting mode 7 Click APPLY to update the switch with the RADIUS Accounting server settings 162 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Configure TACACS TACACS provides a centralized user management system while still retaining consistency with RADIUS and other authentication processes TACACS provides the following services e Authentication Provides authentication during login using user names and user defined passwords e Authorization Performed at login When the authentication session is completed an authorization session starts using the authenticated user name The TACACS server checks the user privileges The TACACS protocol ensures network security through encrypted protocol exchanges between the device and TACACS server The TACACS menu contains links to screens described to the following sections e TACACS Configuration e TACACS Server Configuration TACACS Configura
19. Use the RADIUS Configuration screen to add information about one or more RADIUS servers on the network 159 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure global RADIUS server settings 1 Select Security gt Management Security gt RADIUS gt Global Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Port Authentication Traffic Control User Configurafion Global Configuration Change Password RADIUS Configuration v RADIUS Current Server IP Address Global Number of Configuration Servers Configuration Server Configuration Timeout Duration secs Max Number of Retransmits gt Accounting Server Accounting Mode Configuration TACACS Authentication List CANCEL APPLY The Current Server IP Address field is blank if no servers are configured see RADIUS Server Configuration The switch supports up to three configured RADIUS servers If more than one RADIUS server is configured the current server is the server configured as the primary server If no servers are configured as the primary server the current server is the most recently added RADIUS server 2 3 In the Max Number of Retransmits field specify the maximum number of times a request packet is
20. When the screen refreshes the Select File option is blanked out This indicates that the file transfer is done File Management The system maintains two versions of the switch software in permanent storage One image is the active image and the second image is the backup image The active image is loaded during subsequent switch restarts This feature reduces switch down time when upgrading or downgrading the switch software The File Management menu contains links that provide access to the features described in the following sections e Dual Image Configuration e Dual Image Status Dual Image Configuration The system running a legacy software version ignores does not load a configuration file created by the newer software version When a configuration file created by the newer software version is discovered by the system running an older version of the software the system displays an appropriate warning to the user Use the Dual Image Configuration screen to set the boot image or configure an image description 235 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure Dual Image settings 1 Select Maintenance gt File Management gt Dual Image gt Dual Image Configuration The following screen displays GS75 N E T G E A R ProSafe 48 Port Gigabit Smart S onnect with Innovation with PoE and 4 SFF System Switching Routing QoS Securi ity Monitoring Maintenance Help Index toc Reset
21. plus the internal bridge router interface if it was received on a routed VLAN Since a port can be configured to belong to more than one VLAN VLAN routing might be enabled for all of the VLANs on the port or for a subset VLAN routing can be used to allow more than one physical port to reside on the same subnet It can also be used when a VLAN spans multiple physical networks or when more segmentation or security is required This section shows how to configure product family software to support VLAN routing A port can be either a VLAN port or a router port but not both However a VLAN port might be part of a VLAN that is itself a router port VLAN Routing Wizard The VLAN Routing Wizard allows you to create a VLAN routing interface configure the IP address and subnet mask for the interface and add selected ports or LAGs to the VLAN With this wizard you can e Create a VLAN e Add selected ports to the newly created VLAN and remove selected ports from the default VLAN e Add selected LAGs to the newly created VLAN e Enable tagging on selected ports if the port is in another VLAN Disable tagging if a selected port does not exist in another VLAN e Exclude ports not selected from the VLAN e Enable routing on the VLAN using the IP address and subnet mask entered 127 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure VLAN settings 1 Select Routing gt VLAN gt VLAN Routing Wizard The
22. s e E O s2 Tx amp Rx Stop Advertise Disable Disable USC A 93 Tx amp Rx Stop Advertise Disable Disable MEE cl g4 Tx amp Rx Stop Advertise Disable Disable g5 Tx amp Rx Stop Advertise Disable Disable O g Tx amp Rx Stop Advertise Disable Disable A 97 Tx amp Rx Stop Advertise Disable Disable O 38 Tx amp Rx Stop Advertise Disable Disable Fl 99 Tx amp Rx Stop Advertise Disable Disable 7 gio Tx amp Rx Stop Advertise Disable Disable gii Tx amp Rx Stop Advertise Disable Disable Fr giz Tx amp Rx Stop Advertise Disable Disable a13 Tx amp Rx Stop Advertise Disable Disable Select the check box next to one or more ports 3 Specify the following LLDP port settings e Interface Specifies the port affected by these parameters e Admin Status Select the status for transmitting and receiving LLDP packets e Tx Only Enable only transmitting LLDP PDUs on the selected ports e Rx Only Enable only receiving LLDP PDUs on the selected ports e Tx amp Rx Enable both transmitting and receiving LLDP PDUs on the selected ports This value is the default value Disabled Do not transmit or receive LLDP PDUs on the selected ports Management IP Address Select whether to advertise the management IP address from the interface The possible values are e Stop Advertise Do not advertise the management IP address from the interface 57 GS752TP GS728TP and GS728TPP Gigabit Smart Switches
23. select ports g1 g8 and select Enable from the STP Status list For more information see CST Port Configuration on page 96 6 Click APPLY 7 Select ports g1 g5 edge ports and select Enable from the Fast Link list Since the edge ports are not at risk for network loops ports with Fast Link are enabled transition directly to the forwarding state 8 Click APPLY You can use the CST Port Status screen to view spanning tree information about each port 9 In the MST Configuration screen create an MST instance with the following settings e MST ID 1 e Priority Use the default 32768 e VLAN ID 300 For more information see MST Configuration on page 99 10 Click Add 11 Create a second MST instance with the following settings e MST ID 2 Priority 49152 e VLAN ID 500 12 Click Add In this example assume that Switch 1 has become the Root bridge for the MST instance 1 and Switch 2 has become the Root bridge for MST instance 2 Switch 3 has hosts in the Sales department ports g1 g2 and g3 and in the Human Resources department ports g4 and g5 Switches 1 and 2 also have hosts in the Sales and HR departments The hosts connected from Switch 2 use VLAN 500 MST instance 2 to communicate with the hosts on Switch 3 directly Likewise hosts of Switch 1 use VLAN 300 MST instance 1 to communicate with the hosts on Switch 3 directly The hosts use different instances of MSTP to effectively use the links across the switc
24. set a value from 0 through 15 the priority is set to 0 If you specify a number from 16 through 31 the priority is set to 16 e Port ID The port identifier for the specified port within the CST It is made up from the port priority and the interface number of the port e Hello Timer Specifies the switch hello time which indicates the amount of time in seconds a port waits between configuration messages The value is fixed at 2 seconds 5 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately CST Port Status To display Common Spanning Tree CST and Internal Spanning Tree on a specific port on the switch use the CST Port Status screen To display the CST Port Status screen select Switching gt STP gt Advanced gt CST Port Status The following screen displays GS752T NE TGE A R ProSafe 48 Port Gigabit Smart Swit Co Innovation with PoE and 4 SFP Po Switching Routing QoS Security Monitoring Maintenance Help Index tocou Ports LAG VLAN Voice VLAN Auto VolP Multicast Address Table CST Port Status Basic ES CST Port Status Configuration v Advanced PORTS LAGS All STP Configuration ST CST Configuration Port Role Designated Root SEU Designated Bridge me Ede so CST Regional Root Ex Marise CST Port HAC cost _Configuration gi Disabled 80 0c 02 18 12 aa bb cc 80 0c 02 18 12 aa bb cc False False 80 0c 02 18 12 aa bb c
25. 101001 34 Configuration AF 12 001100 12 v AF22 010110 20 v AF 32 100000 28 v AF 42 101010 3 ie AF13 001101 14 v AF23 010111 22 AF 33 100001 30 v AF43 101011 3 Configuration Policy Expedited Forwarding EF PHB Configuration cm See Configuration EF 101110 46 v Service Statistics CANCEL APPLY j 2 For each DSCP in value select a DSCP out value if necessary Do this for each of the following groups as required e Class Selector CS Per hop Behavior PHB e Assured Forwarding AF PHB e Expedited Forwarding EF PHB e Other DSCP Values Local Experimental Use 3 Click APPLY to apply the changes to the system 146 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Class Configuration Use one of the Class Configuration screens to add a DiffServ class name or to rename or delete an existing class For IPv4 packets use the Class Configuration screen For IPv6 packets use the IPv6 Class Configuration screen As packets are received these DiffServ classes are used to prioritize packets You can have multiple match criteria in a class The logic is a Boolean logical and for this criteria To add a new class 1 Select QoS gt DiffServ gt Advanced gt Class Configuration The following screen displays All the previously defined classes are displayed NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with
26. 3 pees ee whe ate ees IUD deri eee Troubleshooting aem remm e cea owe elt ween ee zu n Ping VO aset idet Sox onse Rai p Rd RUNE QUE ROB DAR Babak RU Rod AES WWACCKOWE sapere oot ds area Oe Vd RN RS UE ES eae Remote DIAQNOSUCS ia 5 nig gw x RR REGE PCR t UR eR RC RR RR edd Chapter 9 Help Online Help aac face scans aa et Rm BH UN RR Rr Gch RR qe RR epi A A GS752TP GS728TP and GS728TPP Gigabit Smart Switches SUPPO s 25402660 ose ewes bo OR ES ecd ue va eee 244 WSer Guide cai Pr OIL 245 IRGgistiallOl au ca Pauperes o9 qa vo drca d ed aderit deed PERRE qu 246 Appendix A Hardware Specifications and Default Values Switch Features and Defaults 0000 cc eee eee 250 Appendix B Configuration Examples Virtual Local Area Networks VLANS 0000 000 eee ee 254 Sample VLAN Configuration acercar e eee trm eae eene 255 Access Control Lists ACLS 2s e rm eyes 256 Sample MAC ACL Configuration lille 256 Sample Standard IP ACL Configuration 20020 00 257 Differentiated Services DiffServ 2 0400000222 dn eee ene rne 259 CldsSS 2ue eR RERO E Qe ep hd Y dor eee hess diweoheess 259 DiffServ Traffic Classes cios d RR REA 260 CICACIPONCES cnt danni tice xe Paco be cale tb Qu PARKEER RERA 260 sample DiffServ Configuration 222 ke c ehe 261 ADITU 263 Sample 802 1x Configuration llle 264 MOT Pais ad auda pie RUE eet ne E mair
27. Admin Mode Select the menu the port control administration state which can be one of the following e Enable The port can participate in the network default e Disable The port is administratively down and does not participate in the network Port Speed Select the port s speed and duplex mode If you select Auto the autonegotiation process sets the duplex mode and speed The port s maximum capability full duplex and 1000 Mbps is advertised Otherwise your selection determines the port s duplex mode and transmission rate The factory default is Auto Physical Status Indicates the physical port s speed and duplex mode Link Status Indicates whether the link is up or down MAC Address Displays the physical address of the specified interface iflndex The iflndex of the interface table entry associated with this port If the interface field is set to All this field is blank Click APPLY to apply the changes to the system 75 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Link Aggregation Groups Link aggregation groups LAGs which are also known as port channels allow you to combine multiple full duplex Ethernet links into a single logical link Network devices treat the aggregation as if it were a single link which increases fault tolerance and provides load sharing You assign the LAG VLAN membership after you create a LAG The LAG by default becomes a member of the management VLAN A LAG interface can be ei
28. Advanced NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch Qu with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index IEEE Policy Class Configuration Diffserv Class Information Configuration DSCP Violate Poncy Mi Action Mapping Policy Type Member Class Name Diffserv Configuration DSCP Violate Policy irate Action Mapping Policy Attribute Assign Queue Class Configuration IPv6 Class Mark VLAN CoS Configuration Policy Configuration Simple Policy Drop 5 Mark IP DSCP Service Color Mode Color Blind Configuration Committed Rate Service Statistics isaac it hea is mi ui e Conform Action D Send Drop Mark CoS Mark IP DSCP 2 Configure the policy attributes by selecting the check box associated with the attribute to be configured and then entering the required data Assign Queue Select the destination queue There are four queues with valid values from 0 to 3 3 is the highest Drop Select this option to drop packets for this policy class Mark VLAN CoS Select the specified Class of Service queue number to mark all packets for the associated traffic stream with the specified Class of Service value in the priority field of the 802 1p header If the packet does not already contain this header one is inserted Mark IP DSCP Select an IP DSCP value All packets for the associated traffic stream are m
29. Configuration aaau aaaea 124 Chapter 4 Configuring Routing Configure IF SeuingSi 4 2 012 csdacesereddepedalneagde DERE EERS 126 Contigure VLAN ROUUNG 43644 tion a didam a Cn Ra d m DIR Rc ann 127 VLAN Routing Wizard i ice ny opa 3 Rer bbb dG PR eg gd 127 Configure VLAN Routing 3222s Lecl4 uer te es eee 129 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Configure and View Routes 2200 00040 cee ete ha eee GOnNGUIC ARP dct RG err ARP CICO cien do trit EATERS QI POJo pg XE gg hs ARP Entry Configuration 22x zen edt eda a denk aded e Global ARP Configuration llle ARP Entry Management 2422122 zi ode cede Re OR dene Chapter 5 Configure Quality of Service Class OF SeIVIOB c 2 ks Lomas seek thd spe Statura dE cd du Basic CoS Configuration 4 26 00 Lore aki o aede dues CoS Interface Configuration 23 un aacz aerem s eben eds Queue Configuration 21d oec por robert dra Sheen 802 1p to Queue Mapping 002 eee ees DSCP to Queue Mapping 2 00 00s Differentiated Services ss scicn ert repr RR REIPRR ER RPRPEPP A Defining DINSCIN uui do n a iie CR dq Sau RR dn mc Lahr Ro e lbs Diffserv Configuration uu cg evo cae dw ERE e SUCRE DSCP Violate Action Mapping lisse elles Class Configuration ore acm mandating e ctore ede se ad IPv6 Class Configuration L2 needa hae eee doles a deka Policy Configuration esre 2er ee m bru Rh hes d dra Pda gra Service Config
30. Configuration The following screen displays GS752TP N E TG EA R ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports ety Switching Routing Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Avuto VoIP Multicast Address Table gt Basic CST Port Configuration Advanced Port Configuration 2 gt STP Configuration PORTS LAGS All GoTo Interface p gt CST Configuration BPDU Hell CST Port Interface STP Status Fast Link Port State Path Cost Priority Port ID 7 P Configuration Timer gt CST Port Status Auto 8 gt RSTP Enable Enable eii 200000 12 80 1 MST Configuration T Enable 2000000 80 2 B gt MST Port Configuration Enable Auto Enable Disabled 2000000 128 80 3 Enable Auto Enable Disabled 2000000 128 80 4 Enable Auto Enable Disabled 2000000 128 80 5 Enable Enable Blocking 20000 80 6 Enable Enable Disabled 2000000 80 7 Enable Enable Disabled 2000000 80 8 Enable Enable Disabled 2000000 80 9 Enable Enable Disabled 2000000 80 A Enable Enable Disabled 2000000 80 B Enable Enable Disabled 2000000 80 C Enable Enable Disabled 2000000 80 D Enable Enable Disabled 2000000 80 E Enable Enable Disabled 2000000 80 F Enable Enable Disabled 2000000 80 10 Enable Enable Disabled 2000000 80 11 Enable Enable Disabled 2000000 80 12 Enable Enable Disabled 2000000 80 13 REFRESH CANCEL APPLY 2 To configure CST sett
31. Create Global ARP Configuration Remove From Table Remove IP Address ARP Entry Management CANCEL APPLY 2 In the Remove From Table field select the ARP entries to remove The following are ARP entries then can be removed e All Dynamic Entries Remove the dynamic entries from the ARP table e All Static Entries Remove the dynamic entries from the ARP table All Entries Remove all static and dynamic entries from the ARP table e Specific Entry Remove a specific ARP entry from the ARP table If you select Specific Entry in the Remove from Table list you can enter the IP address of an entry to remove from the ARP table e None Select if you do not want to delete any entry from the ARP Table 3 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately 136 Contigure Quality of Service Use the features you access from the QoS tab to configure Quality of Service QoS settings on the switch The QoS tab contains menus that provide access to the following sections e Class of Service e Differentiated Services In a typical switch each physical port consists of one or more queues for transmitting packets on the attached network Multiple queues per port are often provided to give preference to certain packets over others based on user defined criteria When a packet is queued for transmission in a port the rate at which it is serviced depends on h
32. Default screen to reset the system configuration to the factory default values Note If you reset the switch to the default configuration the IP address is reset to 192 168 0 239 and the DHCP client is enabled If you loose network connectivity after you reset the switch to the factory defaults see Connect the Switch to the Network gt To reset the switch to the factory default settings 1 Select Maintenance gt Reset gt Factory Default The following screen displays NETGEAR GS752TP Connect with Innov ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Upload Download File Management Troubleshooting eek dern Factory Default Factory Default Factory Default e Check this box and click APPLY below to return all configuration settings to default values CANCEL APPLY j 2 Select the check box 3 Click APPLY The switch resets immediately 228 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Upload a File from the Switch The switch supports system file uploads from the switch to a remote system by using either TFTP or HTTP Upload File Types The following types of files can be uploaded from the switch Archive The archive is the system software image which is saved in one of two flash sectors called images image1 and image2 The active image stores the active copy and the other
33. Down 00 24 B2 5C 96 4B Enable Auto Link Down 00 24 B2 5C 96 4B g3 Enable Auto Link Down 00 24 B2 5C 96 4B C g4 Enable Auto Link Down 00 24 B2 5C 96 4B g5 Enable Auto Link Down 00 24 B2 5C 96 4B g6 Enable Auto Link Down 00 24 B2 5C 96 4B g7 Enable Auto Link Down 00 24 B2 5C 96 4B 98 Enable Link Down 00 24 B2 5C 96 48 ag Fnahle ul Link Down 00 24 82 5C 96 4R8 4 AHAAA 2 Select the interface for which you want to configure settings e To configure settings for a physical port click PORTS e To configure settings for a link aggregation group LAG click LAGS e To configure settings for both physical ports and LAGs click All 3 Select the check box next to the port or LAG to configure 74 GS752TP GS728TP and GS728TPP Gigabit Smart Switches You can select multiple ports and LAGs to apply the same setting to the selected interfaces Select the check box in the heading row to apply the same settings to all interfaces Configure or view the settings Description Enter the description string to be attached to a port The string can be up to 64 characters in length Port Type This field is blank for most ports Otherwise the possible values are e Mirrored Indicates that the port is a source mirroring port e Probe Indicates that the port is a destination mirroring port e LAG Indicates that the port is a member of a link aggregation trunk For more information see Link Aggregation Groups
34. ID Type Priority Settings gt Local Information Neighbors Information REFRESH 2 From the Interface menu select the interface for which you want to view information The following LLDP MED network policy information displays e Network Policy Number The policy number e Application The media application type associated with the policy Only the Voice application type is supported The application type that is received on the interface 58 GS752TP GS728TP and GS728TPP Gigabit Smart Switches has the VLAN ID priority DSCP tagged bit status and unknown bit status This information is displayed only if a network policy TLV has been transmitted e VLAN ID The VLAN ID associated with the policy e VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged e User Priority The priority associated with the policy e DSCP The DSCP associated with a particular policy type LLDP MED Port Settings Use this screen to enable LLDP MED mode on an interface and configure its properties gt To configure LLDP MED settings for a port 1 Select System gt LLDP gt Advanced gt LLDP MED Port Settings The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View PoE Apert LLDP MED Port Settings
35. If you select Other enter a protocol number in the field that appears IP DSCP Select a known DSCP value If you select Other enter a protocol number in the field that appears 151 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 4 Click APPLY to save the class Configuration changes take effect immediately Policy Configuration Use the Policy Configuration screen to associate a collection of classes with one or more policy statements After creating a policy click the policy name to go to the Policy Configuration screen gt To configure a DiffServ policy 1 3 Select QoS gt DiffServ gt Advanced gt Policy Configuration The following screen displays NETGEAR System Switching Routing Security Monitoring Maintenance Help Index Policy Configuration Policy Configuration e are Se m D a EN m policyi In Enter a policy name in the Policy Selector field The available policy type is In which indicates the type is specific to inbound traffic This field is not configurable Select an existing DiffServ class to associate with the policy and click Add To configure this policy proceed to To configure the policy attributes on page 153 152 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure the policy attributes 1 In the Policy Configuration screen click the name of the policy The Policy Attribute section of the screen displays v
36. LAGS or All Select the check box next to the port or LAG to configure You can select multiple ports and LAGs to apply the same setting to the selected interfaces To apply the same settings to all interfaces select the check box in the heading row Select the Trust Mode for the selected ports or LAGs If you select Enable DHCP snooping application considers the port as trusted The factory default is disabled Click APPLY to apply the change to the system Configuration changes take effect immediately 69 GS752TP GS728TP and GS728TPP Gigabit Smart Switches DHCP Snooping Binding Configuration gt To configure DHCP binding settings 1 Select System gt Services gt DHCP Snooping gt Binding Configuration The following screen displays NETGEAR GS752TP Conne S ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View PoE SNMP LLDP v DHCP Snooping DHCP Snooping Binding Configuration gt Global Static Binding Configuration proi Se Interface Interface MAC Address VLAN ID IP Address Configuration Binding g7 22 44 22 44 22 44 3 2952 Configuration Persistent Configuration Dynamic Binding Configuration g5 02 33 44 aa bb cc 4 4 4 4 E M CLEAR J REFRESH CANCEL 2 In the Static Binding Configuration section in the Interface list
37. Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VoIP STP Multicast Group Membership gt MFDB Auto Video gt IGMP Snooping IGMP Snooping Querier Querier Configuration Querier VLAN Configuration Querier VLAN Multicast Group Membership VLAN ID a VLAN Name Multicast Address Multicast Group PORTS LAGS All Go To Interface 489 MLD Snooping gi Static Configuration 92 x MLD VLAN Configuration 93 Static Multicast Router g4 Static VLAN Configuration g5 Static Static Multicast 96 Static Address E 97 Static Multicast Group Configuration g8 Static Multicast Group g9 Static Memberahip gi0 Static Multicast Forward gii Static All gi2 Static Select the VLAN for which you want to configure multicast group settings e To configure the multicast group for a physical port click PORTS e To configure the multicast group for a link aggregation group LAG click LAGS e To configure the multicast group for both physical ports and LAGs click All 120 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Select the check box next to the interfaces to configure You can select multiple interfaces to apply the same setting to the selected interfaces Select the check box in the heading row to apply the same settings to all interfaces Select the status of the interfaces The possi
38. Neighbor System Contact gt Time Serial Number Eli123 gt DNS System Object ID 1 3 6 1 4 1 4526 100 4 26 gt Green Ethernet Date amp Time 01 Jul 12 02 34 33 GMT 9 00 A System Up Time 0 days 1 hours 27 minutes 18 seconds Base MAC Address 00 00 44 11 48 40 Fan Status OK System Location Versions GS752TP 00 00 06 1 0 0 14 REFRESH J CANCEL Configuration status and options Screen menu Figure 1 Configuration Status and Options Navigation Tabs Configuration Menus and Screen Menu The navigation tabs along the top of the web interface give you quick access to the various switch functions The tabs are always available and remain constant regardless of which feature you configure When you select a tab the features for that tab appear as menus directly under the tabs The menus in the blue bar change according to the navigation tab that is selected The configuration screens for each feature are available as submenu links in the screen menu on the left side of the screen 18 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Some items in the menu expand to reveal multiple submenu links as shown in the following System Information IP Configuration gt IPv6 Network Configuration gt IPv6 Network Link A cR sni one Links i Configuration gt DNS gt Green Ethernet When you click a menu item that includes multiple configuration screens the item
39. PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Class Configuration v Basic Diffserv Class Configuration MOE Clossame classtype DSCP Violate Action mappina HEENNNNNNNNNNNNI CNNNNNEUNUND Advanced al All Diffserv Configuration DSCP Violate Action Mapping Class Configuration gt IPv6 Class Configuration Policy Configuration Service Configuration Service Statistics 2 Enter the new class name 3 Select the class type and click Add The switch supports only the Class Type value All which means all the various match criteria defined for the class must be satisfied for a packet match All signifies the logical AND of all the match criteria 4 Click APPLY to save the class To configure this class proceed to To configure a class 147 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Use the buttons at the bottom of the screen to perform the following To remove a class select the check box beside the class name then click DELETE To cancel the configuration you just entered click CANCEL gt To configure a class 1 Select QoS gt DiffServ gt Advanced gt IPv6 Class Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index V USSIC
40. PoE settings gt To assign a timer to the port 1 Select System gt PoE gt Advanced gt PoE Port Configuration The following screen displays NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View SNMP LLDP Services ee PoE Port Configuration PoE Configuration PoE Port Configuration V ee GoTo Interfa 7 PoE Configuration Tiner Output Output Output Power Interface Admin Mode Priority Level High Power Mode Class Voltage Current Power Schedule Limit a mE Timer Global Configuration Timer Schedule fe gi L X Low Em 3at MER oonosroon 92 Enable Low 802 3at g3 Enable Low 802 3at g4 Enable Low 802 3at g5 Enable Low 802 3at g6 Enable Low 802 3at g7 Enable Low 802 3at g8 Enable Low 802 3at g9 Enable Low 802 3af Dm 000 L 0 000 15400 0 000 15400 0 000 15400 0 000 15400 0 000 15400 0 000 15400 0 000 0 000 do mE o mE o E o Eo Mo leo So lel o So o m o IS o 8 o Go m REFRESH CANCEL 2 Select the check box next to one or more interfaces 3 Configure the settings e Admin Mode Enables or disables the ability of the port to deliver power e Priority Level Determines which ports can deliver power if the total power delivered by the switch crosses a certain threshold The swi
41. Protocol MSTP supports multiple instances of spanning tree to efficiently channel VLAN traffic over different interfaces Each instance of the spanning tree behaves in the manner specified in IEEE 802 1w Rapid Spanning Tree RSTP with slight modifications in the working but not the end effect chief among the effects is the rapid transitioning of the port to forwarding The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and recognize full duplex connectivity and ports that are connected to end stations resulting in rapid transitioning of the port to forwarding state and the suppression of Topology Change Notification These features are represented by the parameters point to point and edgeport MSTP is compatible with both RSTP and STP and can be configured to operate entirely as an RSTP bridge or an STP bridge Note For two bridges to be in the same region the force version should be 802 1s and their configuration name digest key and revision level should match For more information about regions and their effect on network topology refer to the IEEE 802 1Q standard The STP link contains links to features described in the following sections e STP Configuration e CST Configuration e CST Port Configuration e CST Port Status e Rapid STP e MST Configuration e MST Port Configuration 91 GS752TP GS728TP and GS728TPP Gigabit Smart Switches STP Configuration The STP Swit
42. Querier gt MLD Snooping Static Multicast Address 01 00 5e 22 01 78 1 IGMP DYNAMIC Network Assist g18 gi8 REFRESH In the Search by MAC Address field enter the MAC address whose MFDB table entry you want to display Enter six 2 digit hexadecimal numbers separated by colons For example 01 01 23 43 45 67 Click the GO button If the address exists that entry is displayed An exact match is required The MFDB Table screen displays the following MAC Address The multicast MAC address for which you requested data e VLAN ID The VLAN ID to which the multicast MAC address is related e Component The component that is responsible for this entry in the MFDB Possible values are IGMP Snooping Static Filtering and MLD Snooping Type The type of the entry Static entries are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol e Description The text description of this multicast table entry Possible values are Management Configured Network Configured and Network Assisted e Interface The list of interfaces that are designated for forwarding Fwd and filtering FIt for the selected address Forwarding Interfaces The resulting forwarding list is derived from combining all the forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces 105 GS752TP GS728TP and GS728TPP Gigabit Smart Switches
43. Snooping Persistent Configuration To configure DHCP snooping persistent settings 1 Select System gt Services gt DHCP Snooping gt Persistent Configuration The following screen displays NETGEAR __GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing Security Monitoring Maintenance Help Index Management Device View PoE SNMP LLDP DHCP Snooping DHCP Snooping Persistent Configuration Global DHCP Snooping Persistent Configuration Configuration Local Store Disable Enable Interface Configuration Write Delay Binding 2 Next to the Local Store select Enable or Disable to determine if the binding table is stored locally 3 In the Write Delay field enter the maximum write time to write to the database locally in seconds The valid range is 600 86400 4 Click APPLY to apply the change to the system Configuration changes take effect immediately 71 Contiguring Switching Information Use the features you access from the Switching tab to define Layer 2 features The Switching tab contains links to features described in the following sections e Ports e Link Aggregation Groups e VLANs e Voice VLAN e Auto VolIP Configuration e Spanning Tree Protocol e Multicast e Forwarding Database 72 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Ports The screens you access from the Ports menu allow y
44. State The port current state spanning tree state This state controls what action a port takes on receipt of a frame If the bridge detects a malfunctioning port it places that port into the broken state The other five states are defined in IEEE 802 1D e Disabled e Blocking Listening e Learning e Forwarding e Broken Admin Mode The port control administration state e Enable The port can participate in the network default e Disable The port is administratively down and does not participate in the network LACP Mode The Link Aggregation Control Protocol administration state e Enable The port is allowed to participate in a port channel LAG which is the default mode e Disable The port cannot participate in a port channel LAG Physical Mode The port speed and duplex mode In autonegotiation mode the duplex mode and speed are set from the autonegotiation process Physical Status The port speed and duplex mode status Link Status Indicates whether the port link is up or down Link Trap Determines whether to send a trap when link status changes The factory default is Enable e Enable The system sends a trap when the link status changes e Disable The system does not send a trap when the link status changes Octets Received The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets This object can be used as a reason
45. Tr A Port Selection Table Port 1 2 3 4 5 6 z 8 e 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 vv vv 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately To view the ports that are members of the selected LAG click the CURRENT MEMBERS button LACP Configuration gt To configure LACP 1 2 Select Switching gt LAG gt Advanced gt LACP Configuration The following screen displays NETGEAR GS752TP Con novation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN Voice VLAN Auto VoIP STP Multicast Address Table LACP Configuration gt Basic Advanced LACP Configuration LAG Configuration LAG Membership LACP Configuration LACP Port Configuration LACP System Priority 32768 REFRESH J CANC In the LACP System Priority field specify the device s link aggregation priority relative to the devices at the other ends of the links on which link aggregation is enabled A higher value indicates a lower priority You can change the value of the parameter globally by specifying a priority from 1 to 65535 The default value is 32768 79 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 3 Click APPLY to send the updated configuration to the switch Configuratio
46. Upload Download Troubleshooting ecTberer Dual Image Configuration Dual Image Configuration gt Dual Image Status Image Name limagel_v Current active image1 Image Description Activate Image E REFRESH CANCEL 2 In the Image Name field select one of the images from the list The Current active field displays the name of the active image 3 To configure a descriptive name for the selected software image type the name in the Image Description field The valid range is 0 160 characters 4 To set the selected image as the active image select the Activate Image check box Note After activating an image you must perform a system reset of the switch to run the new code 5 Click APPLY to apply the settings to the switch Dual Image Status The Dual Image Status screen displays system images To display Dual Image settings Select Maintenance gt File Management gt Dual Image gt Dual Image Status 236 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Reset Upload Download Troubleshooting Dual Image Status Dual Image Dual Image Dual Image Status Dual Image Status 6 6 13 2 6 6 13 2 imagei imagei Dual Image Description Image1 Descriptio
47. a router port but not both However a VLAN port might be part of a VLAN that is itself a router port Sample VLAN Routing Configuration gt To configure a switch to perform inter VLAN routing 1 Use the VLAN Configuration screen to enable routing on the switch For more information see VLAN Configuration on page 81 2 Determine the IP addresses you want to assign to the VLAN interface on the switch For the switch to be able to route between the VLANs the VLAN interfaces must be configured with an IP address When the switch receives a packet destined for another subnet or VLAN the switch looks at the routing table to determine where to forward the packet The packet is then passed to the VLAN interface of the destination It is then sent to the port where the end device is attached 3 Configure the VLAN interfaces by using VLAN configuration screens For information about this see Sample VLAN Configuration Assign the VLAN the IP address identified using the VLAN routing configuration for example IP address 10 1 2 1 and mask 255 255 255 0 4 Repeat this process for all VLANs to be configured as routing interfaces 270 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Note You can use the VLAN Routing Wizard for creating VLANs adding ports and enabling them for routing by assigning the IP address and mask 271 Notification of Compliance NETGEAR Wired Products Regulatory Compliance Information This s
48. additional rules are not checked for a match The steps for defining a MAC ACL and applying it to the switch are described in the following sections 1 2 3 4 Use the MAC ACL screen to create the ACL ID Use the MAC Rules screen to create rules for the ACL Use the MAC Binding Configuration screen to assign the ACL by its ID number to a port Optionally use the MAC Binding Table screen to view the configurations 190 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure a MAC ACL 1 Select Security gt ACL gt Basic gt MAC ACL The following screen displays NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Connect with Innovat System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control ACL Wizard MAC ACL Basic MAC ACL Table MAC ACL MAC Rules MAC Binding Configuration MAC Binding Table Advanced In Bound 2 Specify a name for the MAC ACL in the Name field The name string can include alphabetic numeric hyphen underscore or space characters only The name must start with an alphabetic character 3 Click ADD Each configured ACL displays the following information e Rules Displays the number of rules currently configured for the MAC ACL Direction Displays the direction of packet traffic affected by the MAC ACL which ca
49. address that identifies the attached network Protocol This field tells which protocol created the specified route The possibilities are the following Local Static Next Hop Interface Next Hop IP Address The outgoing router interface to use when forwarding traffic to the destination The outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router is always one of the adjacent neighbors or the IP address of the local interface for a directly attached network Preference The preference value for the configured next hop 131 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Configure ARP The Address Resolution Protocol ARP associates a Layer 2 MAC address with a Layer 3 IPv4 address The switch software features both dynamic and manual ARP configuration With manual ARP configuration you can statically add entries to the ARP table ARP is a necessary part of the Internet Protocol IP and is used to translate an IP address to a media MAC address defined by a local area network LAN such as Ethernet A station needing to send an IP packet must learn the MAC address of the IP destination or of the next hop router if the destination is not on the same subnet Learning is achieved by broadcasting an ARP request packet to which the intended recipient responds with a unicast ARP reply containing its MAC addres
50. are discarded You can effectively disable dynamic locking by setting the number of allowable dynamic entries to 0 Static locking allows you to specify a list of MAC addresses that are allowed on a port The behavior of packets is the same as for dynamic locking only packets with an allowable source MAC address can be forwarded gt To configure port security settings 1 Select Security gt Traffic Control gt Port Security gt Interface Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Interface Configuration Storm Control Port Security Interface Configuration gt Interface laso Configuration PORTS LAGS All Go To Port Security MAC Max Allowed Enable Violation Address Port Port Security Dynamically Ta gt Protected Ports Learned MAC i 1 No g Disable g2 i No g3 i No g4 i No g5 i No g6 i No 97 i No a8 i No 70 o ga Put 9 2 To configure interface security settings for ports and link aggregation groups LAGs click PORTS LAGS or All 3 Select the check box next to the port or LAG to configure Select multiple check boxes to apply the same setting to all selected interfaces Select the check box in the heading row to apply the same settings to all interfaces 4 Specify the following settings
51. change the HTTPS authentication method for the default list 1 Select Security gt Management Security gt Authentication List gt HTTPS Authentication List The following screen displays NETGEAR GS752TP ect with Innovoti ProSafe 48 Port Gigabit Smart Switch i with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Access Port Authentication Traffic Control ACL cc dT HTTPS Authentication List Change Password HTTPS Authentication List yz a a TACACS i Authentication List pm PttPsList Locas HTTP Authentication List gt HTTPS Authentication List CANCEL APPLY j Select the check box next to the List name 167 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 3 From the list in the 1 column select the HTTPS authentication method that must appear first in the selected authentication login list If you select a method that does not time out as the first method such as local no other method is attempted even if you have specified more than one method This parameter does not appear when you first create a login list User authentication occurs in the order the methods are selected Possible methods are as follows e Local The user s locally stored ID and password is used for authentication Since the local method does not time out if you select this option as the first method no other method is tried even if yo
52. configuration is global and not per port gt To configure CoS queue settings 1 Select QoS gt CoS gt Advanced gt Queue Configuration The following screen displays GS75z ProSafe 48 Port Gigabit Smart S with PoE and 4 SFP System Switching Routing QoS Securi ty Monitoring Maintenance Help Index Loc Queue Configuration Queue Configuration Queue ID 802 1p to Queue wne o oooo ce 2 Ij a ll 9 3 Mapping DSCP to Queue Mapping 2 Select the check box next to the port or LAG to configure You can select multiple ports and LAGs to apply the same setting to the selected interfaces Select the check box in the heading row to apply a trust mode or rate to all interfaces 3 Configure any of the following settings e Queue ID Select the queue to be configured e Minimum Bandwidth Enter a value in the range 1 100 that reflects the relative bandwidth of this queue The bandwidth allocation per queue is the configured weight 141 GS752TP GS728TP and GS728TPP Gigabit Smart Switches divided by the sum of all the configured weights The sum of the minimum bandwidths for all queues does not have to equal 100 e Scheduler Type Select the type of queue processing Options are Weighted and Strict Defining on a per queue basis enables you to create the desired service characteristics for different types of traffic Four queues can be configured as strict priority
53. cost to the CST tree regional root Port Forwarding State Displays the forwarding state of this port Rapid STP Use the Rapid STP screen to view information about Rapid Spanning Tree RSTP port status To display the Rapid STP screen select Switching gt STP gt Advanced gt RSTP The following screen displays 98 GS752TP GS728TP and GS728TPP Gigabit Smart Switches NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Connect with Innovation System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VolP Multicast Address Table v Basic Rapid STP TER Rapid STP Configuration Advanced PORTS LAGS All Go To Interface SO j CST A gi Disabled MSTP False Disabled CST Port g2 Disabled MSTP False Disabled Configuration g3 Disabled MSTP False Disabled CST Port Status E S E g4 Disabled MSTP False Disabled ERSTE g5 Disabled MSTP False Disabled MST Configuration 3 S 3 9 96 Disabled MSTP False Disabled MST Port x g7 Disabled MSTP False Disabled Configuration g8 Disabled MSTP False Disabled g9 Disabled MSTP False Disabled gid Disabled MSTP False Disabled gii Disabled MSTP False Disabled gi2 Disabled MSTP False Disabled REFRESH The following table describes the Rapid STP Status information displayed on the screen Table 15 RSTP Status Information Field Descripti
54. days 1 hours 27 minutes 18 seconds Base MAC Address 00 00 44 11 48 40 Fan Status OK Versions o GS752TP 00 00 06 1 0 0 14 REFRESH CANCEL APPLY 2 Define the following fields e System Name Enter the name you want to use to identify this switch You can use up to 160 alphanumeric characters The factory default is blank 26 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e System Location Enter the location of this switch You can use up to 160 alphanumeric characters The factory default is blank e System Contact Enter the contact person for this switch You can use up to 160 alphanumeric characters The factory default is blank 3 Click APPLY to apply the changes to the system Table 3 describes the status information displayed in the System screen Table 3 System status information Field Description Serial Number The serial number of the switch System Object ID The base object ID for the switch s enterprise MIB Date amp Time The current date and time System Up Time Displays the number of days hours and minutes since the last system restart Base MAC Address Universally assigned network address Fan Status The status of fan operation Model Name The model name of the switch Boot Version The boot code version of the switch Software Version The software version of the switch IP Configuration Use the IP Configuration screen to configu
55. eth auper hd Guam ewido atte eee patate MAC Binding Configuration 0 000 cee eee MAG Binding Table 4 00845 0044 G05 45 0 RR TS T ReRDOTAS PAGE aisi staret opi oor di denne o La o eee dub t oodd IP RUES i ur ep ore HL RC eto t i E ped Ibo P p ar dp ub es IP Extended Rules 14e setoruidat ty PEE diodes luu pep M IPVO RUGS 4 aio o repre eaae doe d riaa ARE a eoo B d e ideo odo IP Binding Configuration xe arm emm tee ea IP Binding Tables uud cate vada es UAE ahead dE adis Chapter7 Monitoring the System HK B ftered Logs ires s bsp rei Pes apex deb p QE da Server Log x42 aseo dela buck hey A Fdo PEE Rd eR D dria Tap HOGS maces cha x dese ed eh Udo s Te M asd bea whee d ken juge Tc System Resources Utilization 000 000 eee Chapter 8 Maintenance DGVICCIREDOOU a 255 tng CORRI UR A oe Borgia RU Eo GER dr EANA Factory Deal dp kac ata bd web bed d Ed eae Upload a File from the Switch 02 02 e eee TETP Pile UplOdd s o1s 204 5 4 064 9 54 94 9 404 a9 ooh ee he DRE RE eS RITTE Pile Uploads aise amass d UIT RR Raia ong a ain ORA ate S ah d Download a File to the Switch 2 224 cicius TAIP File DOWnload uu itae eios de BA eR ee Saeed a een HTTP File Download 1 32 erem mr ead i a om Ral File Manageme 222 2 oa a ep orae iced od Ered a s aee s gd Dual Image Configuration 2 2 ne emm my Dual Image Stats
56. following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table ARP X VLAN Routing VLAN Routing Wizard Wizard VLAN Routing Wizard VLAN Routing METEO Ce 1 to 4093 IP Address D ketwok ns 5 50 51 In the VLAN ID field specify a VLAN ID This VLAN identifier VID associated with this VLAN is created if it does not exist The valid range is 14093 In the IP Address field specify the IP address of the VLAN interface In the Network Mask field specify the subnet mask of the VLAN interface Select the operation mode for ports and LAGs The Port and LAG fields each display selectable physical ports and LAGs if any Selected interfaces are added to the routing VLAN Each interface can be configured to operate in one of three modes e T Tagged Select the interfaces on which all frames transmitted for this VLAN are tagged The interfaces that are selected are included in the VLAN e U Untagged Select the interfaces on which all frames transmitted for this VLAN are untagged The interfaces that are selected are included in the VLAN e BLANK Autodetect Select the interfaces that might be dynamically registered in this VLAN using GVRP This selection has the effect of excluding an interface from the selected VLAN Click APPLY
57. if it matches any of the configured routing interfaces If it does the switch searches the host table for a matching destination IP address If an entry is found the packet is routed to the host If there is not a matching entry the switch performs a longest prefix match on the destination IP address If an entry is found the packet is routed to the next hop If there is no match the packet is routed to the next hop specified in the default route If there is no default route configured the packet is passed to the software to be handled appropriately The routing table can have entries added either statically by the administrator or dynamically by a routing protocol The host table can have entries added either statically by the administrator or dynamically using ARP 125 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Configure IP Settings Use the IP Configuration screen to configure routing parameters for the switch gt To access the IP Configuration screen q Select Routing gt IP gt IP Configuration The following screen displays NETGEAR GS752TP ticidut ProSafe 48 Port Gigabit Smart Switch i with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN Routing Table ARP IP Configuration IP Configuration IP Configuration Default Time to Live 64 Routing Mode 5 Disable 9 Enable Maximum Next Hops 1 Default Time to Live displays the de
58. is configured with priority 2 to deny then access is permitted if the profile is active and the second rule is ignored 7 Click ADD Make sure that the access profile is created before adding the rules gt To configure a security access rule 1 Select the checkbox next to the security access rule to be modified 2 Update the relevant fields Click APPLY to update the switch with the new settings 174 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Port Authentication In port based authentication mode when 802 1x is enabled globally and on the port successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions At any given time only one supplicant is allowed to attempt authentication on a port in this mode Ports in this mode are under bidirectional control This mode is the default authentication mode The 802 1x network has three components e Authenticators Specify the port that is authenticated before permitting system access e Supplicants Specify the host connected to the authenticated port requesting access to the system services e Authentication Server Specify the external server for example the RADIUS server that performs the authentication on behalf of the authenticator and indicates whether the user is authorized to access system services From the Port Authentication menu you can access features described in the followi
59. not require any authentication When the Port Control setting is Auto the authenticator PAE sets the controlled port mode 3 In the Guest VLAN field for ports g1 98 enter 150 to assign these ports to the guest VLAN You can configure more settings to control access to the network through the ports See Port Security Interface Configuration for information about the settings 4 Click APPLY 5 In the 802 1x Configuration screen set the port based authentication state and guest VLAN mode to Enable and click APPLY For more information see Port Security Interface Configuration on page 184 This example uses the default values for the port authentication settings but you can configure several more settings For example the EAPOL Flood Mode field allows you to enable the forwarding of EAPoL frames when 802 1x is disabled on the device 6 In the RADIUS Server Configuration screen configure a RADIUS server with the following settings e Server Address 192 168 10 23 e Secret Configured Yes e Secret secret123 e Active Primary For more information see Configure RADIUS Settings on page 159 7 Click Add 8 In the Authentication List screen configure the default list to use RADIUS as the first authentication method For more information see Authentication List Configuration on page 165 This example enables 802 1x based port security on the switch and prompts the hosts connected on ports g1 g8 for an 802 1x based aut
60. of the DNS client Enable Allow the switch to send DNS queries to a DNS server to resolve a DNS domain name The DNS is enabled by default e Disable Prevent the switch from sending DNS queries 36 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 3 In the DNS Default Name field enter a default DNS name to include in DNS queries When the system is performing a lookup on an unqualified host name this field is provided as the domain name For example if the default domain name is netgear com and the host name to resolve is test test netgear com is used in DNS resolution queries 4 in the DNS Server field enter an IP address representing the DNS server to which the switch sends DNS queries and click ADD The server appears in the DNS Server list e Use standard IPv4 dot notation from 1 through 158 characters e You can specify up to eight DNS servers e DNS server precedence is set according to the creation order 5 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Host Configuration Use this screen to manually map host names to IP addresses or to view Dynamic DNS mappings gt To add a static entry to the local DNS table 1 Select System gt Management gt DNS gt Host Configuration The following screen displays 3 GS752T N E TG E A R ProSafe 48 Port Gigabit Smart Switc neci with lanovcfion with PoE and 4 SFP Por System Switching Rout
61. online click APPLY 245 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Registration Use the Registration screen to register your switch Completing the registration confirms your email address lowers technical support resolution time and ensures your shipping address accuracy NETGEAR makes an effort to incorporate your feedback into future product development For the product registration process to proceed the administrative system running the browser must meet the following requirements e The administrative system must have Internet access e The browser must allow pop up windows e If the browser is Internet Explorer ActiveX must be enabled If you have not registered the product or have not disabled the registration reminders the following pop up window displays each time you successfully log on to the switch support resolution time and ensui r shi accuracy We d also like to incorporate your feedback in future product development NETGEAR will never sel may opt out of comm Please register now At a later time you can also register by choosing Help gt Registration from the menu toolbar TURN OFF REMIND ME LATER REGISTERNOW The registration pop up window includes the following buttons TURN OFF Use this button to turn off the product registration feature and to prevent the registration reminder pop up window from appearing on subsequent successful login sessions e REMIND ME LATER Th
62. packets within the broadcast domain to discover the switch Select the switch then click Configure Device The screen expands to display more fields at the bottom of the screen E SmartControlCenter NETGEAR Connect with Innovatic Network Maintenance Tasks Adapter Help Current Network Adapter 11 1 1 11 Device List Product MAC Address IP Address System DHCP Subnet Mask Gateway GS728TPP 00 24 08 00 15 00 11 1 4 121 Netgear Turbo Enabled 255 0 0 0 11 1 1 2 DHCP IP Address Subnet Mask MAC 00 24 08 00 15 00 Enabled Gateway System Name Netqear Turbo Disabled Location R1 PC Current Password eT Define the basic configuration Cancel 14 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 7 Select the Disabled radio button to disable DHCP 8 Enter the static switch IP address gateway IP address and subnet mask for the switch and type your password Tip You must enter the current password every time you use the Smart Control Center to update the switch setting The default password is password 9 Click APPLY to configure the switch with the network settings Ensure that your computer and the switch are in the same subnet Make a note of these settings for later use Configure the Network Settings on the Administrative System If you do not use the Smart Control Center to configure the switch network information you can connect directly to the switch from the administrative system installed on your c
63. retransmitted to the RADIUS server In the Timeout Duration field specify the time out value in seconds for request retransmissions Consideration to maximum delay time must be given when configuring RADIUS maximum retransmit and RADIUS time out values If multiple RADIUS servers are configured the maximum retransmit value on each is exhausted before the next server is attempted A retransmit does not occur until the configured time out value on that server has passed without a response from the RADIUS server Therefore the maximum delay in receiving a response from the RADIUS application equals the sum of retransmit time out for all configured servers If the RADIUS request is generated by a user login attempt all user interfaces are blocked until the RADIUS application returns a response From the Accounting Mode list select whether the RADIUS accounting mode is enabled or disabled on the current server Click APPLY Configuration changes take effect immediately 160 GS752TP GS728TP and GS728TPP Gigabit Smart Switches RADIUS Server Configuration Use the RADIUS Server Configuration screen to view and configure various settings for the current RADIUS server configured on the system gt To configure a RADIUS server for authentication and authorization 1 Select Security gt Management Security gt RADIUS gt Server Configuration The following screen displays NETGEAR GS752TP Connect with Innovation Pr
64. screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index IPv6 Class Name Basic gt Diffserv IPv6 Class Name Cee EE sew CY CNN v Advanced ial All Diffserv Configuration DSCP Violate Action Mapping Class Configuration IPv6 Class Configuration Policy Configuration Service Configuration Service Statistics Enter the new class name Select the class type and click Add The switch supports only the Class Type value All which means all the various match criteria defined for the class must be satisfied for a packet match All signifies the logical AND of all the match criteria Click APPLY to save the class Configuration changes take effect immediately To configure this class proceed to To configure an IPv6 class on page 150 150 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure the class match criteria 1 In the IPv6 Class Configuration screen select the name of the class The following screen displays NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports IPv6 Class Configuration IPv6 Class Information Class Name Class Type IPv6 DiffServ Class Configuration E Match Every Protocol Type Source Prefix Length E Source L4 Port Destination Prefix Length E
65. the EtherType drop down list The value you enter specifies a customized EtherType to compare against an Ethernet frame The valid range is OxO600 OxFFFF Source MAC Requires a packet s source port MAC address to match the address listed here Enter a MAC address in this field The valid format is XX XX XX XX XX XX Source MAC Mask If desired enter the MAC mask for the source MAC address to match Use Fs and Os in the MAC mask which is in a wildcard format An F means that the bit is not checked and a 0 in a bit position means that the data must equal the value given for that bit The valid format is xx xx xx xx xx xx A MAC mask of 00 00 00 00 00 00 matches a single MAC address VLAN Requires a packet s VLAN ID to match the ID listed here Enter the VLAN ID to apply this criteria The valid range is 14093 Logging Enables or disables logging of management access list ACL deny events 5 Click ADD To change a rule select the check box associated with the rule change the desired fields and click APPLY MAC Binding Configuration When an ACL is bound to an interface all the rules that have been defined are applied to the selected interface Use the MAC Binding Configuration screen to assign MAC ACL lists to ACL priorities and interfaces 193 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure MAC ACL interface bindings 1 Select Security gt ACL gt Basic gt MAC Binding Configuration T
66. the SNTP status fields 35 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Table 5 SNTP Server Status Table Fields Field Description Address Specifies all the existing server addresses If no server configuration exists a message saying No SNTP server exists flashes on the screen Last Update Time Specifies the local date and time UTC of the server response according to which the system clock was updated DNS Use the DNS screens to configure information about DNS servers used by the network and DNS client settings for the switch DNS Configuration Use this screen to configure global DNS settings and DNS server information gt To configure the global DNS settings 1 Select System gt Management gt DNS gt DNS Configuration The following screen displays GS752TP N E T GE A R ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports System Switching Routing QoS Securi ty Monitoring Maintenance Help Index 1ocovr gt System DNS Configuration Information IP Configuration DNS Configuration IPv6 Network DNS Status Disable Enable Configuration gt IPv6 Network DNS Default Name Neighbors gt Time DNS DNS Server Configuration DNS Configuration DNS Server Host Configuration gt Green Ethernet 1 10 5 102 110 J 2 10 5 102 111 2 Specify whether to enable or disable the administrative status
67. to apply the same settings to the select ports or select the check box in the heading row to apply the same settings to all ports For the selected ports specify the following settings Port Control Defines the port authorization state The control mode is set only if the link status of the port is link up The possible field values are e Auto Automatically detect the mode of the interface e Authorized Place the interface into an authorized state without being authenticated The interface sends and receives normal traffic without client port based authentication e Unauthorized Deny the selected interface system access by moving the interface into unauthorized state The switch cannot provide authentication services to the client through the interface e MAC Based Authentication is based on the MAC address Guest VLAN Enable or disable the Guest VLAN on the interface Periodic Reauthentication Enable or disable reauthentication of the supplicant for the specified port The default value is Disable Changing the selection does not change the configuration until you click the APPLY button Reauthentication Period Enter the time span in which the selected port is reauthenticated The valid range is 1 65535 and the default value is 3600 seconds Quiet Period Enter the amount of time that the switch remains in the quiet state following a failed authentication exchange The valid range is 0 65535 and the default value is 60 s
68. to match the address listed here Enter an IP address using dotted decimal notation The address you enter is compared to a packet s destination IP address Destination IP Mask Specifies the destination IP address wildcard mask Wildcard masks determine which bits are used and which bits are ignored A wildcard mask of 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all of the bits are important Wildcard masking for ACLs operates differently from a subnet mask A wildcard mask is in essence the inverse of a subnet mask For example to apply the rule to all hosts in the 192 168 1 0 24 subnet you type 0 0 0 255 in the Source IP Mask field This field is required when you configure a source IP address Destination L4 Port Requires a packet s TCP UDP destination port to match the port listed here Complete one of the following fields e Destination L4 Keyword Select the desired L4 keyword from the list of destination ports on which the rule can be based Destination L4 Port Number If the destination L4 keyword is Other enter a user defined port ID by which packets are matched to the rule Service Type Select one of the Service Type match conditions for the extended IP ACL rule The possible values are IP DSCP IP precedence and IP ToS which are 200 GS752TP GS728TP and GS728TPP Gigabit Smart Switches alternative ways of specifying a match criterion for the same Service Type field in th
69. user guide 245 user interface 17 user defined fields characteristics 22 V VLAN 81 254 configuration 81 guest 178 263 ID 81 management 28 membership configuration 83 PVID 84 routing sample configuration 270 routing with static route 270 routing wizard 127 sample configuration 255 voice 86 Voice VLAN 86 OUI 88 port settings 88 properties 86 VoIP 89 277
70. v Ruto Videa SONUS Auto Video VLAN Configuration Auto Video Status MLD Snooping Static Multicast Address 2 Globally enable or disable the Auto Video administrative mode for the switch by selecting Enable or Disable next to the Auto Video Status radio button The Auto Video VLAN field shows the number of auto configured IGMP snooping VLANs 3 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately IGMP Snooping Internet Group Management Protocol IGMP snooping is a feature that allows a switch to forward Multicast traffic intelligently on the switch Multicast IP traffic is traffic that is destined to a host group Class D IP addresses identify host groups which range from 224 0 0 0 to 239 255 255 255 Based on the IGMP query and report messages the switch forwards traffic only to the ports that request the multicast traffic This action prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance A traditional ethernet network can be separated into different network segments to prevent placing too many devices onto the same shared media Bridges and switches connect these segments When a packet with a broadcast or Multicast destination address is received the switch forwards a copy into each of the remaining network segments in accordance with the IEEE MAC Bridge standard Eventually the packet is made accessible to al
71. 28TP Ports 1 24 are 10 100 1000M AutoSensing Gigabit ports and ports 25 28 are 100 1000M SFP ports The first 8 ports are PoE providing 30W of DC power and the remaining copper ports are PoE Power over Environment providing 15 4W of DC power e GS728TPP Ports 1 24 are 10 100 1000M AutoSensing Gigabit ports and ports 25 28 are 100 1000M SFP ports All 24 copper ports are PoE providing 30W of DC power This model includes an external power supply to support the increased power requirements The number of the port is identified on the front panel You can configure the logical interfaces by using the software The following table describes the naming convention for all interfaces available on the switch Table 2 Naming Convention for Switch Interfaces switch base MAC address This interface is not configurable and is always listed in the MAC Address Table Interface Description Example Physical The physical ports include Gigabit ports and are numbered 91 92 93 sequentially starting from 1 Link aggregation group LAG LAG interfaces are logical interfaces that are used only for 11 12 I3 bridging functions CPU Management Interface This is the internal switch interface responsible for the c1 24 Contiguring System Information Use the features in the System tab to define the switch s relationship to its environment The System tab contains links to screens described in the followi
72. 28TP and GS728TPP Gigabit Smart Switches Access Profile Configuration To set up a security access profile 1 Select Security gt Access gt Access Control gt Access Profile Configuration The following screen displays GS752TP N E T G E A R ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Connect with Innovation System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Port Authentication Traffic Control ACL HTTP Access Profile Configuration HTTPS Access Profile Configuration HTTPS Configuration Certificate Activate Profile Access Profile Name vete Deactivate Profile Access Control Access Profile Configuration Access Rule Profile Summary Configuration Rule Type Service Type Source IP Address Mask Priority D Remove Profile REFRESH CANCEL APPLY 1 In the Access Profile Name field enter the name of the access profile to be added The maximum length is 32 characters 2 Select one of the following options e Activate Profile Select to activate an access profile e Deactivate Profile Select to deactivate an access profile e Remove Profile Select to remove an access profile The access profile must be deactivated before removal 3 Click APPLY to update the switch with the new settings The Profile Summary field displays the access rules for the profile 173 GS752TP GS728TP and GS
73. 728TPP Gigabit Smart Switches Access Rule Configuration gt To adda security access rule 1 Select Security gt Access gt Access Control gt Access Rule Configuration The following screen displays NETGEAR GS752TP Connect v ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Port Authentication Traffic Control ACL ot Access Rule Configuration HTTPS Access Rule Configuration Configuration certifie DIELL Management gt Access Control Access Profile Configuration Access Rule Configuration CANCEL APPLY 2 In the Rule Type field select Permit or Deny as the action to be performed when the rule is matched 3 In the Service Type field select HTTP Secure HTTP SSL or SNMP The access rule is restricted according to the service type 4 In the Source IP Address field enter the IP address from which traffic is originated 5 n the Mask field enter the IP mask of the source IP addresses 6 In the Priority field enter a priority for the rule The rules are validated against an incoming management request in the ascending order of their priorities When a rule match is detected the rule action is performed and subsequent rules are ignored For example if a source IP 10 10 10 10 is configured with priority 1 to permit and source IP 10 10 10 10
74. 728TPP Gigabit Smart Switches The Device View is available by selecting System gt Device View Depending upon the status of the port the LED of the port status lights Green indicates that the port is enabled Red indicates that an error occurred on the port and the link is disabled The LED of the port speed light in either green or yellow e A green LED indicates operational ports at the link speed of 1000 Mbps e A yellow LED indicates operational ports at the link speed of 10 100 Mbps The system LEDs are on the left side of the front panel Power Status LED The Power LED is a bicolor LED that serves as an indicator of power and diagnostic status The following indications are given by the following LED states e Asolid green LED indicates that the power is supplied to the switch from the internal power supply and is operating normally A blinking green LED indicates that the internal power supply has failed and that the system is drawing power from a remote power supply or PoE power from an external power supply Asolid yellow LED indicates that system is in the boot up stage e No lit LED indicates that power is disconnected FAN Status LED FAN status is indicated as follows e A solid yellow LED indicates that the fan is faulty e No lit LED indicates that the fan is operating normally Max PoE LED The Max PoE LED indicates the following Asolid yellow LED indicates that less than seven watts of PoE power are av
75. 81 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure VLANs 1 Select Switching gt VLAN gt Basic gt VLAN Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch n with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Voice VLAN Auto VoIP STP Multicast Address Table naue VLAN Configuration VLAN VLAN Configuration BEECDIHENEENEENNENUUICENEENNNNNUUITTNSN c dpE RH VLAN ID VLAN Name VLAN Type 1 Default Default 2 Voice VLAN Default 3 Auto Video Default E m Reset Reset Configuration 2 To add a VLAN configure the VLAN ID name and type and click ADD You have the following options e VLAN ID Specify the VLAN identifier for the new VLAN You can enter data in this field only when you are creating a VLAN The range of the VLAN ID is 2 4093 e VLAN Name Use this optional field to specify a name for the VLAN It can be up to 32 alphanumeric characters long including blanks The default is blank VLAN ID 1 is always named Default e VLAN Type This field identifies the type of the VLAN you are configuring You cannot change the type of the default VLAN VLAN ID 1 because the type is always Default When you create a VLAN on this screen its type is Static Voice VLAN 2 and Auto Video VLAN 3 are created by default 3 To modify settings for a VL
76. 8TP and GS728TPP Gigabit Smart Switches e Protocol Version Displays the protocol version associated with the selected port The only possible value is 1 corresponding to the first version of the 802 1x specification e PAE Capabilities Displays the port access entity PAE functionality of the selected port Possible values are Authenticator or Supplicant e Authenticator PAE State This field displays the current state of the authenticator PAE state machine Possible values are as follows Initialize Disconnected Connecting Authenticating Authenticated Aborting Held ForceAuthorized ForceUnauthorized e Backend State Displays the current state of the backend authentication state machine Possible values are as follows Request Response Success Fail Timeout Initialize Idle 5 Click APPLY to update the switch with the new settings 179 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Port Summary Use the Port Summary screen to view information about the port access control settings on a specific port Select Security gt Port Authentication gt Advanced gt Port Summary The following screen displays NETGEAR __GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Connect with Innovation System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Traffic Control ACL Port Summary Basic 802 1X Port Summary o Co
77. ACL is applied to the interface Click APPLY to update the switch with the new settings 194 GS752TP GS728TP and GS728TPP Gigabit Smart Switches MAC Binding Table Use the MAC Binding Table screen to view or delete the MAC ACL bindings Select Security gt ACL gt Basic gt MAC Binding Table The following screen displays GS752TP NE TG E A R ProSafe 48 Port Gigabit Smart Switch Connect wil Innovatc with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Port Authentication Traffic Control gt ACL Wizard MAC Binding Table MAC Binding Table Se a ee abc Inbound MAC ACL Inbound MAC ACL macli gt MAC Binding Configuration Log gt Advanced Table 26 describes the information displayed in the MAC Binding Table screen Table 26 MAC Binding Table fields Field Description Interface The interface to which the MAC ACL is bound Direction The packet filtering direction for the ACL The only valid direction is Inbound which means the MAC ACL rules are applied to traffic entering the port ACL Type The type of ACL assigned to the selected interface and direction ACL ID The ACL name identifying the ACL assigned to the selected interface and direction Sequence Number The sequence number signifying the order of the specified ACL relative to other ACLs assigned to the selected interface and direction To delete a MAC ACL to interf
78. AN select the check box next to the VLAN ID change the desired information and click APPLY Configuration changes take effect immediately gt To reset VLAN settings on the switch to the factory defaults 1 Select the Reset Configuration check box 2 Click OK in the pop up message to confirm the operation If the Management VLAN is set to a non default VLAN VLAN 1 it is automatically set to 1 after you reset the VLAN configuration 82 GS752TP GS728TP and GS728TPP Gigabit Smart Switches VLAN Membership Configuration Use this screen to configure VLAN port membership for a particular VLAN You can select the Group Operation through this screen gt To configure VLAN membership 1 Select Switching gt VLAN gt Advanced gt VLAN Membership The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Voice VLAN Auto VolP STP Multicast Address Table VLAN Membership Basic v Advanced VLAN Membership VLAN Configuration VLAN Name Defaut UNTAGGED PORT MEMBERS VLAN Membership Port PVID VLAN Type Static TAGGED PORT MEMBERS GEPort 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 GEPort 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 LAG Li 12 13 L4 15 16 17 18 CANCEL APP
79. AP respond ID frames that have been received on the port Response Frames Received The number of valid EAP response frames received on the port Request ID Frames Transmitted The number of EAP requested ID frames transmitted through the port Request Frames Transmitted The number of EAP request frames transmitted through the port Use the buttons at the bottom of the screen to perform the following actions To clear all the EAP counters for all ports on the switch select the check box in the row heading and click CLEAR The button resets all statistics for all ports to 0 To clear the counters for a specific port select the check box associated with the port and click CLEAR Cable Test Use the Cable Test screen to display information about the cables connected to switch ports 216 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To display cable information 1 Select Monitoring gt Ports gt Cable Test The following screen displays NETGEAR GS752TP rh ProSafe 48 Port Gigabit Smart Switch Connect with Innovation d with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index TCAM Utilization gt Switch Statistics Cable Test gt Port Statistics Cable Test Port Detailed Go To Interf Statistics miami uesosc interiace cable status cabletength Failure Location ANN tabletes g1 untested mn d g2 untested g3 untested g4 untes
80. ARP settings 1 Select Routing gt ARP gt Advanced gt Global ARP Configuration The following screen displays ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports NETGEAR GS752TP System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table Global ARP Configuration Basic ARP Cache Global ARP Configuration Advanced gt ARP Create Global ARP Configuration gt ARP Entry Management Age Time secs 2 In the Age Time secs field enter the value you want the switch to use for the ARP entry ageout time You must enter an integer value which represents the number of seconds it takes for an ARP entry to age out The valid range is 15 21 600 seconds The default value is 1200 seconds 3 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately 135 GS752TP GS728TP and GS728TPP Gigabit Smart Switches ARP Entry Management Use this screen to remove entries from the ARP Table gt Toremove entries from the ARP table 1 Select Routing gt ARP gt Advanced gt ARP Entry Management The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch f j with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table v Basic ARP Entry Management ARP Cache ARP Entry Management Advanced ARP
81. Class Configuration Diffserv Class Information Configuration DSCP Violate Action Mapping Class Type v Advanced Diffserv DiffServ Class Configuration Configuration DSCP Violate ate Every J ccc Manning class of Service Class nox Configuration VLAN 1 to 4093 IPv6 Class _ Ethernet Type 600 to ffff hex Configuration gt Policy Configuration Destination MAC Address _ MAC Class Name El Source MAC Address MAC Service Protocol Type 0 to 255 Configuration Service Statistics Seance lt P Nbdraen MAC 7 i FlSource t4 Port d in vj J 0to65535 Destination IP Address MAC Destination L4 Port Jomaii i Service Type IPDSCP si 0 to 63 Precedence Value 0 Click a class name which is a hyperlink for an existing class When you click a class name the configuration part of the Class Configuration screen is displayed In this part of the screen you define against which values traffic is checked when this class is applied To define the criteria to associate with a DiffServ class select one or more of the following check boxes and enter the following data Match Every Select All to add a match condition to the specified class definition whereby all packets are considered to belong to the class In this case no other field can be configured Class of Service Select a Class of Service 802 1 p user priority valu
82. Destination L4 Port E 1P sce Click a class name which is a hyperlink for an existing class When you click a class name the configuration part of the Class Configuration screen is displayed In this part of the screen you define against which values traffic is checked when this class is applied To define the criteria to associate with a DiffServ class select one or more of the following check boxes and enter the following data Match Every Select All to add a match condition to the specified class definition whereby all packets are considered to belong to the class In this case no other field can be configured Protocol Type Select a Layer 4 protocol If you select Other enter a protocol number in the field that appears Source Prefix Length Enter a valid source IPv6 prefix A prefix is always specified with the prefix length The valid range for a prefix is O to FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF The valid range for a prefix length is 0 128 Source L4 Port Select a keyword for the known source Layer 4 ports If you select Other enter a protocol number in the field that appears Destination Prefix Length Enter a valid destination IPv6 prefix to compare against an IPv6 packet A prefix is always specified with the prefix length The valid range for a prefix is FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF The valid range for a prefix length is 0 128 Destination L4 Port Select a known destination Layer 4 ports
83. E o o o o o 00 00 00 00 00 00 0 o o o o o O o o o o o 00 00 00 00 00 00 0 o o o o o ig o o o o o 00 00 00 00 00 00 o o o o o o 9 o o 0 o o 00 00 00 00 00 00 0 o o o o o Hig o 0 o o o 00 00 00 00 00 00 0 o o o o o gio 0 o o o 0 00 00 00 00 00 00 0 o o o o o Flan o n n n n n n n n n n A nn nn nn nn nn nn 1 m 2 Select the interface for which data is to be displayed This can be done by either clicking the check box by the required port or by entering the port name in the Go to Interface field and clicking Go The following table describes the EAPOL and EAP statistics displayed e Frames Received The number of valid EAPOL frames received on the port e Frames Transmitted The number of EAPOL frames transmitted through the port e Start Frames Received The number of EAPOL start frames received on the port e Logoff Frames Received The number of EAPOL log off frames that have been received on the port e Last Frame Version The protocol version number attached to the most recently received EAPOL frame 215 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Last Frame Source The source MAC Address attached to the most recently received EAPOL frame Invalid Frames Received The number of unrecognized EAPOL frames received on this port Length Error Frames Received The number of EAPOL frames with an invalid packet body length received on this port Response ID Frames Received The number of E
84. Gigabit Smart Switches Configure Management Access From the Access tab you can configure HTTP and Secure HTTP access to the switch management interface You can also configure access control profiles and access rules The Access tab contains links features described in the following sections HTTP Configuration Secure HTTP Configuration Certificate Management Access Control HTTP Configuration Use the HTTP Configuration screen to configure the HTTP server settings on the system To configure the HTTP server settings 1 2 Select Security gt Access gt HTTP gt HTTP Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Port Authentication Traffic Control ACL HTTP Configuration HTTP HTTP Configuration HTTP Configuration gt HTTPS Access Control HTTP Session Soft Timeout Minutes Maximum Number of HTTP Sessions CANCEL l APPLY J In the HTTP Session Soft Timeout field specify the number of minutes an HTTP session can be idle before a time out occurs After the session is inactive for the configured amount of time the administrator is automatically logged out and must reenter the password to access the management interface A value of zero corresponds to an infinite timeout The default value is 5 minutes
85. IGMP Snooping Querier VLAN Status Use this screen to view the operational state and other information for IGMP snooping queriers for VLANs on the network To view this screen select Switching gt Multicast gt IGMP Snooping Querier gt Querier VLAN Status GS752TP NE TGEA R ProSafe 48 Port Gigabit Smart Switch n with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VoIP STP gt MFDB Querier VLAN Status cepe Querier VLAN Status gt IGMP Snooping IGMP Snooping VLAN ID Operai gt Querier Configuration r VI i MLD Snooping gt Static Multicast REFRESH The following table describes the information available on the Querier VLAN Status screen 114 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Table 20 Querier VLAN Status Fields Field Description VLAN ID Specifies the VLAN ID on which the IGMP snooping querier is administratively enabled and for which VLAN exists in the VLAN database Operational State Specifies the operational state of the IGMP snooping querier on a VLAN e Querier The snooping switch is the querier in the VLAN The snooping switch sends out periodic queries with a time interval equal to the configured querier query interval If the snooping switch sees a better querier numerically lower in the VLAN it moves to non querier mode e Non Querier The snooping switch is
86. Innovation System Switching Rovting Security Monitoring Maintenance Help Index v Basic Service Statistics Diffserv Service Statistics o Configuration A Adion Mapping Name Status Classes Advanced gt Diffserv Configuration DSCP Violate Action Mapping gt Class Configuration IPv6 Class Configuration Policy Configuration gt Service Configuration Service Statistics REFRESH The following fields are displayed Interface The interface for which service statistics display Direction The direction of packets for which service statistics display which is always In e Policy Name The policy associated with the selected interface e Operational Status The operational status of this service interface which is either Up or Down Member Classes Selects the member class for which octet statistics are to display 2 Click REFRESH to update the screen with the most current information 156 Managing Device Security Use the features available from the Security tab to configure management security settings for port user and server security The Security tab contains menus that provide links to screens described in the following sections Management Security Settings e Configure Management Access e Port Authentication e Traffic Control e Configure Access Control Lists 157 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Management Security Settings Fr
87. LDP Neighbors Information screen 1 Select System gt LLDP gt Advanced gt Neighbors Information The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View PoE SNMP Services Basic Neighbors Information v Advanced Neighbors Information LLDP Configuration ENT LLDP Port Settings MSAP Entry Local Port Chassis ID SubType Chassis ID SubType Port ID System Name LLDP MED Network 1 00 10 18 58 36 00 MAC 00 10 18 58 36 00 GS752TP Policy 5 d MAC 00 10 18 58 36 00 MAC 00 10 18 58 36 00 GS752TP LLDP MED Port RTS 3 00 10 18 58 36 00 MAC 00 10 18 58 36 00 GS752TP Local Information Neighbors Information REFRESH The following table describes the information that displays for all LLDP neighbors that have been discovered Table 9 LLDP neighbors information Field Description MSAP Entry Displays the Media Service Access Point MSAP entry number for the remote device Local Port Displays the interface on the local system that received LLDP information from a remote system Chassis ID Subtype Identifies the type of data displayed in the Chassis ID field on the remote system Chassis ID Port ID Subtype Identifies the remote 802 LAN device s chassis Identifies the type of data dis
88. LY From the VLAN ID list select the VLAN to which you want to add ports Click the orange bar below the VLAN Type field to display the physical ports on the switch Click the lower orange bar to display the LAGs on the switch To select the ports or LAGs to add to the VLAN click the square below each port or LAG mo o You can add each interface as a tagged T or untagged U VLAN member A blank square means that the port is not a member of the VLAN e Tagged Frames transmitted from this port are tagged with the port VLAN ID e Untagged Frames transmitted from this port are untagged Each port can be an untagged member of only one VLAN By default all ports are untagged members of VLAN 1 83 6 GS752TP GS728TP and GS728TPP Gigabit Smart Switches In the following screen ports 6 7 and 8 are being added as tagged members to VLAN 2 VLAN Membership Bo rou ti VLAN Name UNTAGGED PORT MEMBERS VLAN Type TAGGED PORT MEMBERS Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 T TT 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 LAG 1 z 3 4 5 6 7 8 From the Group Operations list select an identical configuration for all the ports The possible values are e Tag All All frames transmitted for this
89. MFDB Statistics To access the MFDB Statistics screen click Switching gt Multicast gt MFDB gt MFDB Statistics The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VoIP STP Address Table MFDB MFDB Statistics MFDB Table MFDB Statistics MFDB Statistics Max MFDB Table Entries Auto Video Current Entries gt IGMP Snooping IGMP Snooping Querier gt MLD Snooping gt Static Multicast Address REFRESH The MFDB Statistics screen displays the following e Max MFDB Table Entries The maximum number of entries that the MFDB table can hold e Current Entries The current number of entries in the MFDB table Auto Video Configuration If the switch supports devices or applications running multicast traffic the Auto Video feature simplifies IGMP snooping querier configuration such as video surveillance cameras Use this menu to configure the Auto Video parameters 106 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure Auto Video 1 Select Switching gt Multicast gt Auto Video Configuration The following screen displays NE TGEA R ProSafe sort tba Su Ea LOGOUT lt MFDB Auto Video Configuration gt MFDB Table Auto Video Configuration MFDB Statistics
90. N identified by the VLAN ID in the tag In an untagged frame the VLAN is the Port VLAN ID specified for the port that received this frame 85 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Disable All frames are forwarded in accordance with the IEEE 802 1Q VLAN standard The factory default is Disable 6 Specify the default 802 1 p priority assigned to untagged packets arriving at the port Possible values are 0 7 7 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Voice VLAN Configure the Voice VLAN settings for ports that carry traffic from IP phones The voice VLAN feature can help ensure that the sound quality of an IP phone is safeguarded from deteriorating when the data traffic on the port is high The following are two operational modes for IP phones e IP phones are configured with VLAN mode enabled ensuring that the phone uses tagged packets for all communications e IP phones are configured with VLAN mode disabled ensuring that the phone uses untagged packets for all communications The phone uses untagged packets while retrieving the initial IP address through DHCP The phone eventually uses the voice VLAN and commences sending tagged packets From the Voice VLAN menu you can access the features described in the following sections Voice VLAN Properties e Voice VLAN Port Setting e Voice VLAN OUI Voice VLAN Properties gt To configu
91. N with VLAN ID 10 e AVLAN with VLAN ID 20 In the VLAN Membership screen see VLAN Membership Configuration on page 83 specify the VLAN membership as follows e For the default VLAN with VLAN ID 1 specify the following members port 7 U and port 8 U e For the VLAN with VLAN ID 10 specify the following members port 1 U port 2 U and port 3 T e For the VLAN with VLAN ID 20 specify the following members port 4 U port 5 T and port 6 U In the Port PVID Configuration screen see Port VLAN ID Configuration specify the PVID for ports g1 and g4 so that packets entering these ports are tagged with the port VLAN ID e Port g1 PVID 10 e Port g4 PVID 20 This VLAN configuration produces the following results e f an untagged packet enters port 1 the switch tags it with VLAN ID 10 The packet has access to port 2 and port 3 The outgoing packet is stripped of its tag to leave port 2 as an untagged packet For port 3 the outgoing packet leaves as a tagged packet with VLAN ID 10 e If a tagged packet with VLAN ID 10 enters port 3 the packet has access to port 1 and port 2 If the packet leaves port 1 or port 2 it is stripped of its tag to leave the switch as an untagged packet e If an untagged packet enters port 4 the switch tags it with VLAN ID 20 The packet has access to port 5 and port 6 The outgoing packet is stripped of its tag to become an untagged packet as it leaves port 6 For port 5 the outgoing pack
92. P FTPDATA HTTP SMTP SNMP TELNET TFTP and WWW Each of these values translates into its equivalent port number which is used as both the start and end of a port range Destination Prefix and Prefix Length Enter a prefix of up to 128 bit combined with prefix length to be compared to a packet s destination IP address as a match criteria for the selected IPv6 ACL rule The valid range for a prefix length is 0 128 Destination L4 Port Specify a packet s destination layer 4 port as a match condition for the selected IPv6 ACL rule Destination port information is optional Destination port information can be specified in two ways e Select keyword other from the drop down list and specify the number of the port The valid range is 0 65535 e Select one of the keywords from the list DOMAIN ECHO FTP FTPDATA HTTP SMTP SNMP TELNET TFTP and WWW Each of these values translates into its equivalent port number which is used as both the start and end of a port range e Pv6 DSCP Service Select the IPv6 DSCP service If you prefer you can select the Other option in the drop down list and enter the numeric value of the DSCP in the adjacent field The DSCP is defined as the high order 6 bits of the service type octet in the IPv6 header This configuration is optional Enter an integer from 0 to 63 4 To add an IPv6 rule select the global check box and click ADD To delete a IPv6 rule select the checkbox of the rule you want to de
93. P and GS728TPP Gigabit Smart Switches Voice VLAN Port Setting gt To configure Voice VLAN port settings 1 Select Switching gt Voice VLAN gt Advanced gt Port Setting The following screen displays NETGEAR __GS752TP n ation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Connect with Innov System Switching Routing QoS Security Monitoring Maintenance Help Index Auto VolP STP Multicast Address Table i Baste Port Setting Properties Port Setting Advanced 2 2 Go To Interface GO Properties ce MEZAT Membership OUI Disable Not Active Disable Not Active Disable Not Active Disable Not Active Disable Not Active Disable Not Active Disable Not Active Disable Not Active Disable Not Active Disable Not Active CANCEL APPLY j 2 Select the check box next to the port to configure You can select multiple check boxes to apply the same setting to all selected ports 3 Go To Interface Enter the port to be configured and click the GO button 4 From the Voice VLAN Mode list specify whether to enable or disable voice VLAN on the selected port 5 Click APPLY to send the updated configuration to the switch Note The Membership field displays whether the current operational status of the voice VLAN on the interface is active or not active Voice VLAN OUI The Organizational Unique Identifier OUI identifies the IP phone manufacture
94. Port ID The port identifier for the specified port within the selected MST instance It is made up from the port priority and the interface number of the port Port Mode Spanning Tree Protocol Administrative Mode associated with the port or port channel Possible values are Enable and Disable Port Forwarding State Indicates the current STP state of a port If enabled the port state determines what forwarding action is taken on traffic Possible port states are Disabled STP is disabled on the port The port forwards traffic while learning MAC addresses Blocking The port is blocked and cannot be used to forward traffic or learn MAC addresses Listening The port is in the listening mode The port cannot forward traffic or learn MAC addresses Learning The port is in the learning mode The port cannot forward traffic however it can learn new MAC addresses Forwarding The port is in the forwarding mode The port can forward traffic and learn new MAC addresses Port Role Each MST bridge port that is enabled is assigned a port role for each spanning tree The port role is one of the following values Root Designated Alternate Backup Master or Disabled Designated Root Root bridge for the selected MST instance It is made up using the bridge priority and the base MAC address of the bridge Designated Cost Displays cost of the port participating in the STP topology Ports with a lower cost are less likely t
95. QoS Class Configuration screen create a class with the following settings e Class Name Class1 e Class Type All For more information about this screen see Class Configuration on page 147 Click Class to view the DiffServ Class Configuration screen for this class 261 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 3 Configure the following settings for Class1 e Protocol Type UDP e Source IP Address 192 12 1 0 e Source Mask 255 255 255 0 e Source L4 Port Other and enter 4567 as the source port value Destination IP Address 192 12 2 0 Destination Mask 255 255 255 0 e Destination L4 Port Other and enter 4568 as the destination port value For more information about this screen see Class Configuration on page 147 4 Click APPLY 5 In the Policy Configuration screen create a policy with the following settings e Policy Selector Policy1 e Member Class Class1 For more information about this screen see Policy Configuration on page 152 6 Click ADD to add the new policy Click the Policy1 to view the Policy Class Configuration screen for this policy 8 Configure the policy attributes as follows e Assign Queue 3 e Policy Attribute Simple Policy e Color Mode Color Blind e Committed Rate 10 000 Kbps e Committed Burst Size 128 KB e Confirm Action Send e Violate Action Drop For more information about this screen see Policy Configuration on page 152 9 In the Service Configuration
96. R ProSafe 48 Port Gigabit Smart Sw onnec with Innovation with PoE and 4 SFP I System Switching Routing QoS Securit y Monitoring Maintenance Help Index 1000 Manog Security P th Trof gt ACL Wizard MAC Binding Configuration Binding Configuration 0 MAC ACL Interface Binding Status e Interface Direction g1 Inbound g4 Inbound You can assign an optional sequence number to indicate the order of this access list relative to other access lists if any are already assigned to this interface and direction 4 The MAC Binding Table displays the interface and MAC ACL binding information For more information see MAC Binding Table on page 195 The ACL named Sales ACL looks for Ethernet frames with destination and source MAC addresses and MAC masks defined in the rule Also the frame must be tagged with VLAN ID 2 which is the Sales department VLAN The CoS value of the frame must be 0 which is the default value for Ethernet frames Frames that match this criteria are permitted on interfaces 6 7 and 8 and are assigned to the hardware egress queue 0 which is the default queue All other traffic is explicitly denied on these interfaces To allow more traffic to enter these ports you must add a permit rule with the desired match criteria and bind the rule to interfaces 6 7 and 8 Sample Standard IP ACL Configuration The following example shows how to create an IP based ACL that prevents any IP traffic from the Finance de
97. Rule IPv6 ACL IPv6 Rules IP Binding The following table describes the information displayed in the IP Binding Table Table 27 IP Binding table fields Field Description Interface The interface to which the IP ACL is bound Direction The packet filtering direction for ACL The only valid direction is Inbound which means the IP ACL rules are applied to traffic entering the port ACL Type The type of ACL assigned to the selected interface and direction IP and IPv6 appear together ACL ID Displays the ACL number identifying the ACL assigned to the selected interface and direction Sequence Number Displays the sequence number signifying the order of the specified ACL relative to other ACLs assigned to the selected interface and direction 206 Monitoring the System Use the features available from the Monitoring tab to view various information about the switch and its ports and to configure how the switch monitors events The Monitoring tab contains menus that provide access to the following features e Ports e Logs e Mirroring e System Resources Utilization 207 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Ports The screens available from the Ports menu contain various information about the number and type of traffic transmitted from and received on the switch From the Ports menu you can access the following sections e Switch Statistics e Port Stati
98. S 137 class configuration 147 DiffServ policy configuration 152 DiffServ service configuration 155 DiffServ service statistics 155 queue configuration 141 R RADIUS 158 accounting server configuration 162 global configuration 159 server 159 Rapid STP RSTP 98 registration of switch 246 remote diagnostics 242 reset configuration to defaults 228 menu 227 routing table 130 VLANs 127 S security MAC address 185 SNMP 49 community configuration 49 supported MIBs 53 trap configuration 51 trap flags 52 traps 51 usage 22 v1 v2 49 v3 user configuration 53 SNTP 32 global configuration 32 server configuration 34 unicast servers 32 SNTP stratums 32 SNTP time levels 32 276 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Spanning Tree Protocol STP 91 SSL 170 static multicast address 119 storm control 182 STP configuration 92 support 244 switch features and defaults 250 management interface 10 switch discovery in a network without a DHCP server 14 switch software management 235 system information 26 system resources utilization 225 system time 32 clock source 33 configuration through SNTP 33 local 33 UTC 33 zone 33 T TACACS 158 configuration 163 server configuration 164 technical support 2 TFTP file download 232 file upload 229 traceroute 240 traffic actions 260 classes 259 control 182 troubleshooting 238 U upload a file from the switch 229 upload file types 229
99. ST instance configure the MST values and click Add e MST ID Specify the ID of the MST to create The valid range is 1 15 e Priority Specify the bridge priority value for the MST When switches or bridges are running STP each is assigned a priority After exchanging BPDUS the switch with the lowest priority value becomes the root bridge The bridge priority is a multiple of 4096 If you specify a priority that is not a multiple of 4096 the priority is automatically set to the next lowest priority that is a multiple of 4096 For example if you set the priority to any value from 0 through 4095 the priority is set to 0 The default priority is 32768 The valid range is 0 61440 e VLAN ID The list contains all VLANs configured on the switch Select a VLAN to associate with the MST instance 3 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately To modify an MST instance 1 Select the check box next to the instance to configure and update the values You can select multiple check boxes to apply the same setting to all selected MTS instances 2 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately To delete an MST instance select the check box next to the instance and click DELETE 100 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The following table describes the information displayed on the screen for eac
100. STP RSTP or MSTP send information in configuration messages through bridge protocol data units BPDUs to assign port roles that determine each port s participation in a fully and simply connected active topology based on one or more spanning trees The information communicated is known as the spanning tree priority vector The BPDU structure for each of these different protocols is different An MSTP bridge transmits the appropriate BPDU depending on the received type of BPDU from a particular port An MST region comprises of one or more MSTP bridges that have the same MST configuration identifier using the same MSTIs that have no bridges attached that cannot 266 GS752TP GS728TP and GS728TPP Gigabit Smart Switches receive and transmit MSTP BPDUs The MST configuration identifier has the following components 1 Configuration identifier format selector 2 Configuration name 3 Configuration revision level 4 Configuration digest 16 byte signature of type HMAC MD5 created from the MST Configuration table a VLAN ID to MSTID mapping As there are multiple instances of spanning tree there is an MSTP state maintained on a per port per instance basis or on a per port per VLAN basis as any VLAN can be in only one MSTI or CIST For example port A can be forwarding for example 1 while discarding for example 2 The port states have changed since IEEE 802 1D specification To support multiple spanning trees an MSTP bridge has
101. Sec Specify the switch forward delay time which indicates the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets The value must be greater or equal to bridge max age 2 1 The valid range is 4 30 seconds The default value is 15 94 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Spanning Tree Maximum Hops Specify the maximum number of bridge hops the information for a particular CST instance can travel before being discarded The valid range is 1 40 3 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately The following table describes the MSTP Status information displayed on the CST Configuration screen Table 13 MSTP Status Information Field Description MST ID Table consisting of the MST instances including the CST and the corresponding VLAN IDs associated with each of them VID Table consisting of the VLAN IDs and the corresponding FID associated with each of them FID Table consisting of the FIDs and the corresponding VLAN IDs associated with each of them 95 GS752TP GS728TP and GS728TPP Gigabit Smart Switches CST Port Configuration Use the CST Port Configuration screen to configure Common Spanning Tree CST and Internal Spanning Tree on a specific port on the switch gt To configure CST port settings 1 Select Switching gt STP gt Advanced gt CST Port
102. Static IP Address Specifies that the IP address subnet mask and default gateway must be manually configured Enter this information in the fields below this radio button 3 If you selected the Static IP Address option configure the following network information IP Address The IP address of the network interface The factory default value is 192 168 0 239 Each part of the IP address must start with a number other than 0 For example IP addresses 001 100 192 6 and 192 001 10 3 are not valid Subnet Mask The IP subnet mask for the interface The factory default value is 255 255 255 0 Default Gateway The default gateway for the IP interface 4 Specify the VLAN ID for the management VLAN The management VLAN is used to establish an IP connection to the switch from a workstation that is connected to a port in the same VLAN If not specified the active management VLAN ID is 1 default which allows an IP connection to be established through any port 28 GS752TP GS728TP and GS728TPP Gigabit Smart Switches When the management VLAN is set to a different value an IP connection can be made only through a port that is part of the management VLAN It is also mandatory that the port VLAN ID PVID of the port to be connected in that management VLAN be the same as the management VLAN ID Note Make sure that the PVID of at least one port that is a port of the VLAN is the same as the management VLAN ID For information about crea
103. Status MLD Snooping MLD Snooping Configuration MLD VLAN Configuration Multicast Router VLAN Configuration Static Multicast Address Multicast Group Configuration Multicast Group Membership Multicast Forward All 2 Select the VLAN ID e VLAN ID Displays the VLAN ID e VLAN Name Displays the user defined VLAN name 119 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 3 Inthe Multicast Address field enter the multicast group MAC Address associated with the VLAN e Type Indicates the VLAN ID status in relation to the multicast group e Static Attaches the VLAN ID to the multicast group as static member Dynamic Dynamically joins the VLAN ID to the multicast group 4 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately Multicast Group Membership The multicast Group Membership screen displays the ports and LAGs attached to the selected VLAN and the multicast service group The Port and LAG tables also reflect the manner in which the port or LAGs joined the multicast group gt To configure the Multicast group membership 1 Select Switching gt Multicast gt Static Multicast Address gt Multicast Group Membership The following screen displays GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports NETGEAR onnect with Innovation System Switching Routing QoS Security Monitoring
104. VLAN are tagged All the ports are included in the VLAN e Untag All All frames transmitted from this VLAN are untagged All the ports are included in the VLAN e Remove All Exclude all ports from the selected VLAN 7 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Port VLAN ID Configuration The Port PVID Configuration screen lets you assign a port VLAN ID PVID to an interface A PVID has the following requirements All ports must have a defined PVID If no other value is specified the default VLAN PVID is used If you want to change the port s default PVID you must first create a VLAN that includes the port as a member Use the Port VLAN ID PVID Configuration screen to configure a virtual LAN on a port 84 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure PVID information 1 Select Switching gt VLAN gt Advanced gt Port PVID Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Voice VLAN Auto VolP STP Multicast Address Table ie Port PVID Configuration v Advanced PVID Configuration VLAN PORTS LAGS All Go To Interface EO j Configuration VLAN Membership PVID Acceptable Ingress Port Priority Port PVID _
105. a Network with a DHCP Server 12 Switch Discovery in a Network Without a DHCP Server 14 Configure the Network Settings on the Administrative System 15 Access the Management Interface from the Web 17 Understand the User Interface 25 iso sees m n 17 Use SNMP dE ROO PUE Rec ORDRE DCN E A dE D CR e 22 Interface Naming Convention sius hr RR RR RR eR OS 24 Chapter 2 Configuring System Information MANAGCMCMs sa sobrio GER C ease n ETE LAS D RERUA et SCR E a 26 System InfOrisllori 2 oed aedem Eee aet ted edu drame dtd 26 IP CONTQUIAUON au io ba hr cepa ee e dea derat seas 2f IPv6 Network ConfIguratlOr uu e pt tre dott eoe d 29 IPv6 Network Neighbors 222 ipie PE IDEE EE due eee 31 Uil cer 32 DNS ce uut de ea erp E ee ec a a Re ab Hd Rake eed dou 36 Green Ethernet Configuration 020650008 0000 m nn 38 POE cra cedit rep Ud depu ava quiu duda weder Up equ etd fu 43 POE COMODINO eener xod dcr x OR e teer AUR VoU og ARRERA EA eda 44 PoE Port Configuration un nr eob hebreARTIDCP PON UNS pP TOR 45 Timer Global ConflgUallOn 3 32 2 xam ponet a t ROUES hi6 46 Timer Schedule 9 ctp SEIT ERU e ERESPES LESSE Ide 47 SNMP xe iis Ged Sack cad EO go Reno huis E ee EE T wetted dubius 49 SNMP VINZ o 1 ed ceded mde nte x od eS ode oe telas 49 Trap cl 9 ee eee coa thua certe n Reto P o adu Dade 52 SNMP Supported MIBS 4 Rp Ue eev OE EN A Red 53 SNMP v3 User Cornflg ratlOrt
106. abit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control ACL Wizard IP Rules gt Basic IP Rules Advanced ACLID None v IP ACL gt IP Rules Basic ACL Rule Table USES GEIS Rule Action Match Source IP Source IP IPv6 ACL ID Every p D secu O ONLC NIL M IP Binding Configuration IP Binding Table ADD DELETE CANCEL J APPLY J 2 From the ACL ID field select the IP ACL for which to create or update a rule The valid range is 1 99 3 Configure the following fields e Rule ID Specify a number from 1 to 10 to identify the IP ACL rule You can create up to ten rules for each ACL e Action Select an ACL forwarding action e Permit Forwards packets which meet the ACL criteria e Deny Drops packets which meet the ACL criteria 197 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Logging When set to Enable logging is enabled for this ACL rule subject to resource availability in the device If the access list trap flag is also enabled this causes periodic traps to be generated indicating the number of times this rule was hit during the current report interval A fixed 5 minute report interval is used for the entire system A trap is not issued if the ACL rule hit count is 0 for the current interval This field is available for a deny action e Match Every
107. able estimate of ethernet utilization Packets Received 64 Octets The total number of packets including bad packets received that were 64 octets in length excluding framing bits but including FCS octets 212 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Packets Received 65 127 Octets The total number of packets including bad packets received that were 65 through 127 octets in length inclusive excluding framing bits but including FCS octets Packets Received 128 255 Octets The total number of packets including bad packets received that were 128 through 255 octets in length inclusive excluding framing bits but including FCS octets Packets Received 256 511 Octets The total number of packets including bad packets received that were 256 through 511 octets in length inclusive excluding framing bits but including FCS octets Packets Received 512 1023 Octets The total number of packets including bad packets received that were 512 through 1023 octets in length inclusive excluding framing bits but including FCS octets Packets Received gt 1024 Octets The total number of packets received that were in excess of 1024 octets excluding framing bits but including FCS octets and were otherwise well formed Total Packets Received Without Errors The total number of packets received that were without errors Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protoco
108. ace binding select the check box next to the interface and click DELETE IP ACL IP ACLs allow network managers to define classification actions and rules for specific ingress ports Packets can be filtered on ingress inbound ports only If the filter rules match some actions can be taken including dropping the packet or disabling the port For example a 195 GS752TP GS728TP and GS728TPP Gigabit Smart Switches network administrator defines an ACL rule that says port number 20 can receive TCP packets However if a UDP packet is received the packet is dropped ACLs are composed of access control entries ACE or rules that consist of the filters that determine traffic classifications Use the IP ACL screen to add or remove IP based ACLs gt To configure an IP ACL 1 Select Security gt ACL gt Advanced gt IP ACL The following screen displays NETGEAR Connect with Innovation ACL Wizard gt Basic v Advanced gt IP ACL IP Rules GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Port Authentication Traffic Control IP ACL IP ACL Table o raam O es ie O 7 aso 1 Extended IP ACL IP Extended Rule IPv6 ACL IPv6 Rules IP Binding Configuration gt IP Binding Table 2 Inthe IP ACL ID field specify the ACL ID The ID is an integer in one of the follow
109. acteristics of LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point to point connection characteristics and of preventing access to that port in cases in which the authentication and authorization process fails In this context a port is a single point of attachment to the LAN such as ports of MAC bridges and associations between stations or access points in IEEE 802 11 wireless LANs The IEEE 802 11 standard describes an architectural framework within which authentication and consequent actions take place It also establishes the requirements for a protocol between the authenticator the system that passes an authentication request to the authentication server and the supplicant the system that requests authentication as well as between the authenticator and the authentication server The switch supports a guest VLAN which allows unauthenticated users to have limited access to the network resources Note You can use QoS features to provide rate limiting on the guest VLAN to limit the network resources the guest VLAN provides Another 802 1x feature is the ability to configure a port to enable or disable EAPoL packet forwarding support You can disable or enable the forwarding of EAPoL when 802 1x is disabled on the device The ports of an 802 1x authenticator switch provide the means to offer services to other systems reachable through the LAN Port based network a
110. ailable e A blinking yellow LED indicates that the PoE Max LED was lit within the previous 2 minutes e No lit LED indicates that at least seven watts of PoE power are available LED Status LED The LED Status LED indicates the following e A solid green LED indicates that the Port LED is in Ethernet Mode e A solid yellow LED indicates that the Port LED is in PoE Mode 20 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The following image shows the device view of the NETGEAR switch B ABEBA HUME Ae m ERE FRED ARES FS eesesssvesesescesecesces am Figure 2 Ports and LEDs on the Switching Devices Click the port you want to view or configure to see a menu that displays statistics and configuration options Click the menu option to access the screen that contains the configuration or monitoring options GS752TP N E TGEA R ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index tocour Management LLDP Device View CELELECEEIE EEE iie DOTEE LED Ethernet Model LED PoE Mode REFRESH Figure 3 Device View 21 GS752TP GS728TP and GS728TPP Gigabit Smart Switches If you right click the graphic the main menu displays 7 GS752TP N E TGEA R ProSafe 48 Port Gigabit Smart Switch Connect with lanovatc with PoE and 4 SFP Ports System Switching Routing QoS Security Monitor
111. all network devices 6 Make a note of the displayed IP address assigned by the DHCP server You need this value to access the switch directly from a web browser without using the Smart Control Center 12 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Select your switch by clicking the line that displays the switch then click the Web Browser Access bution The Smart Control Center displays a login window NETGEAR ae eee ect with Innovation with PoE and 4 SFP Ports To manage your switch use your web browser The default password is password Use this screen to manage your switch For more information see Access the Management Interface from the Web on page 17 13 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Switch Discovery in a Network Without a DHCP Server This section describes how to use the Smart Control Center to set up your switch in a network without a DHCP server If your network has no DHCP service you must assign a static IP address to your switch You can assign it a static IP address even if your network has DHCP service gt To assign a static IP address 1 ae amp Connect the switch to your existing network Power on the switch by connecting its power cord Install the Smart Control Center on your computer Start the Smart Control Center Click Discover for the Smart Control Center to find your NETGEAR switch The utility broadcasts Layer 2 discovery
112. arked with this value If you select Other enter a custom value in the DSCP Value field that appears Simple Policy Exists in switch mode only Select this radio button to establish the traffic policing style for the specified class The simple form of the policy command uses a single data rate and burst size resulting in two outcomes confirm and violate 153 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 3 If you select the Simple Policy radio button you can configure the following fields Color Mode Color aware mode requires the existence of one or more color classes that are valid for use with this policy instance otherwise the color mode is color blind which is the default Committed Rate The committed rate is the average bandwidth in bits per seconds specified in kilobits per second Kbps and is an integer from 100 to 1000000 Committed Burst Size The committed burst size is the maximum amount of traffic allowed in one burst in bytes and is an integer from 3000 to 19173960 Note The Token Bucket algorithm is used in which the committed rate is the rate at which the bucket is filled and the committed burst size is the size of the bucket This means that the committed burst size is the maximum size of a burst that can be sent Conform Action Determines what happens to packets that are considered conforming below the police rate Select one of the following actions e Send Default These packets are pres
113. ary 2 Enable or disable the Auto Power Down Mode e Enable When the port link is down the PHY automatically goes down for a short period and then wakes up to check link pulses This allows the port to continue to perform autonegotiation while consuming less power when no link partner is present e Disable Provide full power to the PHY even if no link partner is present 3 Enable or disable the Short Cable Mode e Enable When the port link is up at 1 Gbps speed the cable length test is performed If the cable length is less than 10 meters PHYs are put into the low power mode so only enough power is used to support a short cable e Disable Provide full power to the PHY regardless of cable length 4 Enable or disable the EEE Mode Enable Enter a low power mode and disable some functionality for power savings when the link is lightly loaded e Disable Provide full power to the PHY always 5 Click APPLY to apply the change to the system Configuration changes take effect immediately 39 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Green Ethernet Interface Configuration Using the Green Ethernet Interface Configuration feature allows for proper port configuration and the ability to enable or disable the Auto Power Down Short Cable and EEE Modes on specific ports gt To configure the Green Ethernet Interface feature 1 Select System gt Management gt Green Ethernet gt Green Ethernet Inte
114. asses The traffic class is the hardware queue for a port Higher traffic class values indicate a higher queue position Before traffic in a lower queue is sent it must wait for traffic in higher queues to be sent 142 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Traffic classes go from low 0 to high 3 For example traffic with a priority of 0 is for most data traffic and is sent using best effort Traffic with a higher priority such as 3 might be time sensitive traffic such as voice or video Click APPLY to apply the changes to the system DSCP to Queue Mapping Use the DSCP to Queue Mapping screen to specify which internal traffic class to map to the corresponding DSCP value To map DSCP values to queues Select QoS gt CoS gt Advanced gt DSCP to Queue Mapping The following screen displays Connect with Innovation System Switching Routing QoS Security Monitoring Maintenance Help Index DiffServ MIU DSCP To Queue Mapping SERRGESCERDIT Class Selector CS PHB Advanced CoS Configuration ETE ESEESE CoS Interface CS 0 000000 1 v CS 2 010000 ov CS 4 100000 2 2 gt CS 6 110000 3 d Configuration cs 1 001000 0 cs3 011000 1 css5 101000 2 cs7 111000 3 v Queue Confi i UU ANON Assured Forwarding AF PHB 802 1p to Queue AF 11 001010 o v AF 21 010010 o AF 31 011010 iv AF 41 100010 2 gt AF 12 001100 0 AF 22 010100 jo
115. at interface The valid range is 1 25 seconds This value must be less than the Host Timeout value MRouter Timeout The amount of time that a switch waits to receive a query on the VLAN before removing it from the list of VLANs with multicast routers attached This value is calculated as follows Query Interval 2 Query Mode Enable or disable the IGMP querier mode for the specified VLAN ID Query Interval Enter the value for IGMP query interval for the specified VLAN ID The valid range is 1 1800 seconds The default is 60 seconds Click APPLY to send the updated configuration to the switch Configuration changes take place immediately To disable IGMP snooping on a VLAN and remove it from the list select the check box next to the VLAN ID and click DELETE IGMP Snooping Querier IGMP snooping requires that one central switch or router periodically query all end devices on the network to announce their Multicast memberships This central device is the IGMP querier The IGMP query responses known as IGMP reports keep the switch updated with the current multicast group membership on a port by port basis If the switch does not receive updated membership information in a timely fashion it stops forwarding multicast transmissions to the port where the end device is located The screens you access from the IGMP Snooping Querier link enable you to configure and display information about IGMP snooping queriers on the network and sepa
116. atus of the port 2 To view more details about a port click the name of the port in the Interface column of the Port Information table The following screen displays information for the selected port Port Information Managed Address Address SubType IPv4 Address 10 131 12 164 Interface SubType iflndex Interface Number 33 MAC PHY Details Auto Negotiation Supported Auto Negotiation Enabled Auto Negotiation Advertised Capabilities Operational MAU Type MED Details Capabilities Supported Capabilities Network Current Capabilities Capabilities Network Device Class Network Network Policies o icati m ei VLAN ID VLAN Type pscP Type Priority 0 o Voice o Untagged The following table describes the detailed local information that displays for the selected port Table 8 Detailed local information Field Description Managed Address Address SubType Displays the type of address the management interface uses such as an IPv4 address Address Displays the address used to manage the device Interface SubType Displays the port subtype Interface Number Displays the number that identifies the port MAC PHY Details 61 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Field Description Auto Negotiation Supported Specifies whether the interface supports port speed autonegotiation Possible values are True and False Auto Negotiation Enabled D
117. becomes preceded by a down arrow symbol and expands to display the additional submenu links Configuration and Status Options The area directly below the feature links and to the right of the links displays the configuration information or status for the screen you select On screens that contain configuration options you can enter information into fields or select options from drop down lists Each screen contains access to the HTML based help that explains the fields and configuration options for the screen Each screen also contains command buttons The following table shows the command buttons that are used throughout the screens in the web interface Table 1 Command Buttons Button Function ADD Places the new item configured in the heading row of a table APPLY Sends the updated configuration to the switch Configuration changes take effect immediately CANCEL Resets the data on the screen to the latest value of the switch DELETE Removes the selected item REFRESH Reloads the screen with the latest information from the device LOGOUT Ends the session Device View The Device View is a Java applet that displays the ports on the switch This graphic provides an alternate way to navigate to configuration and monitoring options The graphic also provides information about device ports current configuration and status table information and feature components 19 GS752TP GS728TP and GS
118. ble Disable Link Down Disable Disable j Link Down Disable Disable Link Down Disable Disable j Link Down Disable Disable Link Down Disable Disable i Link Down 9 s OQ un WN Select the check box next to the LAG to configure You can select multiple LAGs to apply the same settings to the selected interfaces Select the check box in the heading row to apply the same settings to all interfaces Configure or view the following settings Description Specify the description string to be attached to a LAG It can be up to 64 characters in length LAG ID Displays the number assigned to the LAG This field is read only Admin Mode Select Enable or Disable from the list When the LAG port channel is disabled no traffic flows and LAGPDUS are dropped but the links that form the LAG port channel are not released The factory default is Enable STP Mode Select Enable or Disable from the list to specify the Spanning Tree Protocol administrative mode associated with the LAG LAG Type Specifies whether the LAG is configured as a static or LACP port When the LAG is static it does not transmit or process received LAGPDUS For example the member ports do not transmit LAGPDUS and all the LAGPDUS it might receive are dropped The default is Static Active Ports A listing of the ports that are actively participating members of this port channel A maximum of 8 ports can be assigned to a static port channel or 16 ports to a LACP por
119. ble values are e Static Attaches the interface to the multicast group as a static member e Forbidden Specifies that this interface is forbidden from joining this group on this VLAN e Excluded Indicates that the interface is not currently a member of this multicast group on this VLAN 5 Click APPLY to send the updated configuration to the switch Multicast Forward All The Multicast Forward All screen contains fields for attaching ports or LAGs to a device that is attached to a neighboring multicast router or switch Once IGMP snooping is enabled multicast packets are forwarded only to the appropriate port or VLAN gt To configure the Multicast Forward All feature 1 2 3 Select Switching gt Multicast gt Static Multicast Address gt Multicast Forward All The following screen displays d GS752TP N E TG E A R ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing Qos Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VoIP STP Address Table Multicast Forward All MFDB geehrt d Multicast Forward All o MFDB Statistics gt Auto Video gt IGMP Snooping VLAN Name VLAN ID 1 gt IGMP Snooping Querier Multicast Forward All PORTS LAGS All GO TO INTERFACE So ot Static 92 Static 93 Static g4 Static 95 Static 96 Static 97 Static 98 Static 99 Static Select the VLAN ID for which you want to configure
120. by stratums Stratums define the accuracy of the reference clock The higher the stratum where 0 is the highest the more accurate the clock The switch is a stratum 2 device and as such accepts stratum 1 or higher time indications The following is an example of stratums e Stratum 0 A real time clock is used as the time source for example a GPS system e Stratum 1 A server that is directly linked to a stratum 0 time source is used Stratum 1 time servers provide primary network time standards e Stratum 2 The time source is distanced from the stratum 1 server over a network path For example a stratum 2 server receives the time over a network link through NTP from a stratum 1 server Information received from SNTP servers is evaluated based on the time level and server type SNTP time definitions are assessed and determined by the following time levels e 11 Time at which the original request was sent by the client e T2 Time at which the original request was received by the server e T3 Time at which the server sent a reply e T4 Time at which the client received the server s reply The device can poll unicast server types for the server time Polling for unicast information is used for polling a server for which the IP address is known SNTP servers that have been configured on the device are the only ones that are polled for synchronization information T1 through T4 are used to determine server time This is the pref
121. c Disabled E g2 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 18 12 aa bb cc 0 False 80 0c 02 18 12 aa bb cc 0 Disabled gt RSTP 93 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 18 12 aa bb cc 0 False False 80 0c 02 18 12 aa bb cc 0 Disabled MST CoU g4 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 18 12 aa bb cc 0 False False 80 0c 02 18 12 aa bb cc 0 Disabled pra 95 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 18 12 aa bb cc 0 False False 80 0c 02 18 12 aa bb cc 0 Disabled mE 96 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 18 12 aa bb cc 0 False False 80 0c 02 18 12 aa bb ec 0 Disabled 97 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 18 12 aa bb cc O False False 80 0c 02 18 12 aa bb cc 0 Disabled 98 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 18 12 aa bb cc 0 False False 80 0c 02 18 12 aa bb cc 0 Disabled g9 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 18 12 aa bb cc 0 False False wc 0 Disabled gi0 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 aa bb cc 0 False False 0 Disabled gii Disabled 80 0c 02 18 12 a bb cc 0 80 0c 02 18 12 2a bb cc 0 False False 80 0c 02 18 12 aa bb cc 0 Disabled gi2 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 18 12 aa bb cc 0 False False 80 0c 02 18 12 aa bb cc 0 Disabled 913 Disabled 80 0c 02 18 12 aa bb cc 0 80 0c 02 18 12 aa bb cc 0 o False False 80 0c 02 18 12 aa bb cc Disabled To view CST settings for an interface click PORTS LAGS or All The following table describes th
122. c network information 10 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Connect the Switch to the Network To enable remote management of the switch through a web browser or SNMP you must connect the switch to the network and configure it with network information an IP address subnet mask and default gateway The switch has a default IP address of 192 168 1 1 and a default subnet mask of 255 255 255 0 To change the default network information about the switch use one of the following three methods Dynamic assignment through DHCP DHCP is enabled by default on the switch If you connect the switch to a network with a DHCP server the switch obtains its network information automatically You can use the Smart Control Center to discover the automatically assigned network information For more information see Switch Discovery in a Network Without a DHCP Server on page 14 Static assignment through the Smart Control Center If you connect the switch to a network that does not have a DHCP server you can use the Smart Control Center to assign a static IP address subnet mask and default gateway For more information see Switch Discovery in a Network Without a DHCP Server on page 14 Static assignment by connecting from a local host If you do not want to use the Smart Control Center to assign a static address you can connect to the switch from a host administrative system in the 192 168 0 0 24 network and change the setti
123. cNAQEEBQAwTzELMAKG A1UEBhMCICAxCjAIBgNVBAgTASAxCjAIBgNV BAcCTASAxEDAOBgNVBAMTBzAuMC4w Public Key BEGIN RSA PUBLIC KEY MIGJAOGBAN72 XUcRKInhlYj64yh PdUBKV6u UV7FNwhjOsESuKrRIDtCkKMuX ASRTOgNOMD TPrY6fPy888nkhwigOwnY1YyBSYD1KsIGi6Ca mRgku2evnJTKz2jJ0yDFu6oDRXVT7ySQ ObizE Private Key BEGIN RSA PRIVATE KEY a MIICXAIBAAKBgQDeSvI1HESpZ4ZWI1 uMofz3 VASlerlFexTcIYSLBPbiqOSA7QpCjLIZGEKUSIDa DAOz620nz8vPPJSICCINMJ2NWMgeWASSrCRo ugmpkYJLtnrSyUysSoydMgxbugAOViU 8uUPS Generate Certificates Request Delete Certificates Certificate Generation Status e Certificate Generation Status No Certificate Generation in progress CANCEL APPLY ENERATE REQUEST Generate Certificate Request Select this option to generate a certificate request Delete Certificate Delete corresponding certificate files if present 3 Click APPLY to start the certification process gt To generate a certificate request 1 Select the Generate Certificate Request radio button 2 Specify the Common Name Organization Unit Organization Name Location State Country and Certificate Request 3 Click GENERATE REQUEST The Certificate Generation Status field displays whether SSL certificate generation is in progress The Certificate Present field displays whether there is a certificate present on the device Access Control Access control is composed of access profiles and access rules 172 GS752TP GS7
124. cal interfaces Enable or Disable PoE The switches support both IEEE802 3 at and af as follows e GS728TP Ports 1 8 support both IEEE802 3 at and af and ports 9 24 support IEEE802 3af The maximum power budget is 192 Watts e GS728TPP Ports 1 24 support both IEEE802 3 at and af The maximum power budget is 384 Watts for AC mode and 720 Watts for DC mode or AC DC mode when you are using external power supply RPS4000 e GS752TP Ports 1 8 support both IEEE802 3 at and af and ports 9 48 support IEEE802 3af The maximum power budget is 384 Watts The power limit of a port is set to the minimum between the class and the configured max power limit You can configure per port priority settings timers and power limits to manage the power supplied to the connected powered devices PDs and to ensure that the power budget is used effectively From the PoE menu under the System tab you can view and configure PoE settings for the switch PoE features are described in the following sections e PoE Configuration e PoE Port Configuration e Timer Global Configuration e Timer Schedule 43 GS752TP GS728TP and GS728TPP Gigabit Smart Switches PoE Configuration To view global PoE power information and to configure PoE SNMP trap settings use the PoE Configuration screen gt To configure PoE trap settings 1 2 3 Select System gt PoE gt Basic gt PoE Configuration The following screen displa
125. ccess Control Lists ACLs 187 256 access profile configuration 173 access rule configuration 174 access the management interface from the web 17 ACL sample configuration 256 wizard 187 Address table 122 ARP cache 133 configuring 132 entry configuration 134 entry management 136 global configuration 135 authentication 802 1x 175 263 enable 23 port based 175 RADIUS 159 161 SNMP 23 52 54 TACACS 163 authentication list configuration 165 auto video configuration 106 Auto VoIP configuration 90 B basic CoS configuration 138 C cable tests 216 certificate management 171 certificate of the manufacturer importer 272 change password 158 class of service 138 connect the switch to the network 11 CoS interface configuration 140 create DiffServ policies 260 CST configuration 94 port configuration 96 port status 97 D device reboot 227 DHCP Snooping 67 binding configuration 70 global configuration 67 interface configuration 68 persistent configuration 71 diagnostics 242 Differentiated Services DiffServ 144 259 DiffServ 144 configuration 145 sample configuration 261 traffic classes 260 discover a switch in a network with a DHCP server 12 DNS configuration 36 host configuration 37 Domain Name Server DNS 36 download file to the switch 232 file types 232 from a remote system 232 software 232 DSCP to queue mapping 143 DSCP violate action mapping 145 dual image configuration 235 status display 236
126. ccess control allows the operation of a switch s ports to be controlled in order to ensure that access to its services is permitted only by systems that are authorized to do so Port access control provides a means of preventing unauthorized access by supplicants to the services offered by a system Control over the access to a switch and the LAN to which it is connected can be desirable in order to restrict access to publicly accessible bridge ports or to restrict access to departmental LANs 263 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Access control is achieved by enforcing authentication of supplicants that are attached to a controlled ports of the authenticator The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port A port access entity PAE is able to adopt one of the following roles within an access control interaction e Authenticator A port that enforces authentication before allowing access to services available through that port e Supplicant A port that attempts to access services offered by the authenticator e Authentication server Performs the authentication function necessary to check the credentials of the supplicant on behalf of the authenticator All three roles are required in order to complete an authentication exchange The switch supports the authenticator role only in which the PAE is responsible for communicatin
127. ce class offering all Class 1 and Class 2 features plus location 911 Layer 2 switch support and device information management capabilities The hardware version advertised by the remote device Firmware Revision The firmware version advertised by the remote device 65 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Field Description Software Revision The software version advertised by the remote device Serial Number The serial number advertised by the remote device Model Name The model name advertised by the remote device Asset ID The asset ID advertised by the remote device Location Information Civic The physical location such as the street address the remote device has advertised in the location TLV for example 123 45th St E The field value length range is 6 160 characters Coordinates The location map coordinates the remote device has advertised in the location TLV including latitude longitude and altitude ECS ELIN The Emergency Call Service ECS Emergency Location Identification Number ELIN the remote device has advertised in the location TLV The field range is 10 25 Unknown Specifies unknown location information for the remote device Network Policies Application Type The media application type associated with the policy advertised by the remote device VLAN ID The VLAN ID associated with the pol
128. ch Configuration screen contains fields for enabling STP on the switch gt To configure STP settings on the switch Select Switching gt STP gt Basic gt STP Configuration The following screen displays ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports NETGEAR GS752TP Connect with Innovation Switching Routing QoS Security Monitoring Maintenance Index Ports LAG VLAN Auto VolP Multicast Basic gt STP Configuration Advanced STP Configuration Global Settings Spanning Tree State STP Operation Mode Configuration Name Configuration Revision Level Forward BPDU while STP Disabled STP Status Bridge Identifier Time Since Topology Change Topology Change Count Topology Change Designated Root Root Path Cost Root Port Max Age secs Forward Delay secs Hold Time secs CST Regional Root CST Path Cost Disable Enable STP RSTP MSTP 00 1B 2F BD 0D 49 0 Disable Enable 80 00 00 14 6c 53 63 ca 0 day 0 hr 5 min 53 sec U False 80 00 00 14 6c 53 f1 22 0 20 15 6 80 00 00 1b 2f bd 0d 49 0 REFRESH J CANCE Next to Spanning Tree State specify whether to enable or disable spanning tree operation on the switch Next to STP Operation Mode specify the Force Protocol Version parameter for the switch The following options are e STP Spanning Tree Protocol IEEE 802 1D e RSTP Rapid Spanning Tree Protocol IEEE 802 1w
129. ches Mirroring The screen you access from the Mirroring menu enables you to view and configure port mirroring on the system Port mirroring selects the network traffic for analysis by a network analyzer This is done for specific ports of the switch As such many switch ports are configured as source ports and one switch port is configured as a destination port You can configure how traffic is mirrored on a source port Packets that are received on the source port that are transmitted on a port or are both received and transmitted can be mirrored to the destination port The packet that is copied to the destination port is in the same format as the original packet on the wire This means that if the mirror is copying a received packet the copied packet is VLAN tagged or untagged as it was received on the source port If the mirror is copying a transmitted packet the copied packet is VLAN tagged or untagged as it is being transmitted on the source port You can mirror up to eight ports to a single destination port gt To configure port mirroring 1 Select Monitoring gt Mirroring The following screen displays NETGEAR ect with In System Switching Routing QoS Security Monitoring Maintenance Help Index System Resource Utilization Port Mirroring Port Mirroring Status Table Go To Interface GQ Source Destination Session Dicactiog Mirroring DT mE L ae Ir CE El Disable OH
130. col Specify the destination IPv4 L4 port protocol Port Destination L4 port value Specify the destination IPv4 L4 port value 189 GS752TP GS728TP and GS728TPP Gigabit Smart Switches ACL Based on Fields Source IPv4 L4 Port Source L4 port protocol Specify the source IPv4 L4 port protocol Source L4 port value Specify the source IPv4 L4 port value Destination IPv6 L4 Destination L4 port protocol Specify the destination IPv6 L4 port protocol Port Destination L4 port value Specify the destination IPv6 L4 port value Source IPv6 L4 Port Source L4 port protocol Specify the source IPv6 L4 port protocol Source L4 port value Specify the source IPv6 L4 port value 4 In the Binding Configuration area the Inbound only packet filtering direction for an ACL is selected in the Direction field 5 n the Port Selection Table area specify the list of all available valid interfaces for ACL mapping All non routing physical interfaces and interfaces participating in the LAG are listed 6 To add a rule to the ACL select the check box next to the ACL then click ADD 7 Click APPLY to update the switch with the new settings Configuration changes take effect immediately MAC ACL A MAC ACL consists of a set of rules that are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action permit or deny is taken and the
131. ct Monitoring gt Ports gt Port Statistics The following screen displays NETGEAR eat with PoE and 4 SI System Switching Rouling QoS Security Monitoring Maintenance Help Index 1c Port Statistics Status o PORTS LAGS All Statistics gt EAP Statistics gt CableTest 1a 0a 0i e 2280000000 0 o ER IRANA co o8 o 6 o G o Go CLEAR rer The following fields are displayed Interface The ports on the system Total Packets Received Without Errors The total number of packets received that were without errors Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Broadcast Packets Received The total number of good packets received that were directed to the broadcast address This does not include multicast packets Packets Transmitted Without Errors The number of frames that have been transmitted by this port to its segment Transmit Packet Errors The number of outbound packets that were not transmitted because of errors Collision Frames The best estimate of the total number of collisions on this Ethernet segment Click either PORTS LAGS or ALL to display statistics for a specific type of interface or for all interfaces Use the buttons at the bottom of the screen to perform the following actions on either ports LAGs or both To clear all the counters for all interfaces on t
132. ct RADIUS or TACACS as the first method and an error occurs during the authentication the switch uses method 2 to authenticate the user TACACS The user s ID and password is authenticated using the TACACS server If you select RADIUS or TACACS as the first method and an error occurs during the authentication the switch attempts user authentication method 2 None The authentication method is unspecified This option is available only for method 2 and method 3 166 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Note Each authentication protocol can use up to three authentication methods Local and None must be the last methods You cannot configure methods after these two options 4 From the list in the 2 column select the authentication method if any that must appear second in the selected authentication login list Use this method if the first method times out If you select a method that does not time out as the second method the third method is not tried This parameter does not appear when you first create a login list From the list in the 3 column select the authentication method if any that must appear third in the selected authentication login list This parameter does not appear when you first create a login list 6 Click APPLY to update the switch with the HTTP Authentication settings HTTPS Authentication List Use the HTTPS Authentication List to configure the default HTTPS login list gt To
133. ct multiple ports and LAGs to apply the same setting to the selected interfaces Select the check box in the heading row to apply the same settings to all interfaces Configure the MST values for the selected ports or LAGs Port Priority The priority for a particular port within the selected MST instance The port priority is set in multiples of 16 If you specify a value that is not a multiple of 16 the priority is automatically set to the next lowest priority that is a multiple of 16 For example if you set a value from O0 through 15 the priority is set to 0 If you specify a number from 16 through 31 the priority is set to 16 The valid range is 0 240 Port Path Cost Set the path cost to a new value for the specified port in the selected MST instance The valid range is O 200000000 If you enter 0 the device recalculates the path cost 102 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 5 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately The following table describes the read only MST port configuration information displayed on the CST Configuration screen Table 17 MST port configuration information Field Description Auto calculated Port Path Displays that the path cost is not automatically calculated Disabled Path Cost cost is recalculated based on the link speed of the port if the configured value for Port Path Cost is 0
134. d gt To enable Auto VoIP 1 Select Switching gt Auto VoIP The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch o with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VoIP Auto VoIP Configuration Auto VoIP Configuration 9 PORTS LAGS All Go To Interface So Enable QU CQ QU C 9 C www w 90 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 2 To configure Auto VoIP interface settings for a physical port or a LAG port click PORT LAGS or ALL 3 Enter the interface name in the Go To Interface field and click the Go button The entry corresponding to the specified port is selected 4 Select Enable or Disable from the Auto VoIP Mode drop down list as the Auto VoIP administrative mode for the interface 5 Click APPLY to send the updated configuration to the switch Spanning Tree Protocol The Spanning Tree Protocol STP provides a tree topology for any arrangement of bridges STP also provides one path between end stations on a network eliminating loops Spanning tree versions supported include Common STP Multiple STP and Rapid STP Classic STP provides a single path between end stations avoiding and eliminating loops For information about configuring Common STP see CST Port Configuration Multiple Spanning Tree
135. d traps to the receiver SNMP v2 Uses SNMP v2 to send traps to the receiver e Community String The community string for the SNMP trap packet sent to the trap manager This community string can be up to 16 characters and is case sensitive 2 Click ADD Configuration changes take effect immediately To modify information about an existing SNMP recipient 1 Select the check box next to the recipient and change the desired fields 51 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 2 Click APPLY Configuration changes take effect immediately Trap Flags Use the Trap Flags screen to enable or disable traps the switch can send to an SNMP manager When the condition identified by an active trap encounters the switch a trap message is sent to any enabled SNMP trap receivers and a message is written to the trap log gt To configure the trap flags 1 Select System gt SNMP gt SNMP V1 V2 gt Trap Flags The following screen displays NETGEAR GS752TP C Ken ProSafe 48 Port Gigabit Smart Switch Connect with Innovation r with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View PoE Trap Flags SNMPvi v2 Community Trap Flags Configuration Trap Configuration gt Trap Flags Authentication Disable Enable All Disable Enable Supported MIBS gt SNMPv3 2 From the All field globally enable
136. d wakes up to check link pulses This mode allows automatic negotiation and reduces power consumption when no link partner is present e Short Cable Mode Determines whether Short Cable mode is enabled for the port The factory default is Disable When the port link up at 1 Gbps the cable length test is performed If the length of the cable is less than 10 meters PHYs are put into low power mode so enough power is used to support a short cable Do not enable both EEE and Short Cable modes for a port e EEE Mode Determines whether Energy Efficient Ethernet EEE mode is enabled for the port Do not enable both EEE and Short Cable modes for a port 3 Click APPLY to apply the change to the system 40 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Configuration changes take effect immediately Green Ethernet Detail Use this screen to display or configure Green Ethernet details per interface gt To configure the Green Ethernet Detail feature 1 Select System gt Management gt Green Ethernet gt Green Ethernet Detail The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch adi with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Device View PoE SNMP LLDP Services gt System Green Ethernet Detail Informatio gt IP Configuration Local Device Information O0 gt IPv6 Network Interface ions C
137. de setting as well as the number of used resources for DiffServ To view DiffServ general status group information Select QoS gt DiffServ gt Advanced gt Diffserv Configuration The following screen displays NETGEAR GS S5Z1F Cannae wih innovation ProSafe 48 Port Gigabit Smart Switch er Li with PoE and 4 SFP Port System Switching Rouling Security Monitoring Maintenance Help Index M Back Diffserv Configuration E Locus Diffserv Configuration e Diffserv Configuration Admin Mode outs DSCP Violate en einen 2 Action Mapping Class Configuration IPv6 Class Configuration Service REFRESH j The following information is displayed e The Admin Mode for DiffServ is always Enabled e The DiffServ Used Resources field displays the number of entries used by DiffServ DSCP Violate Action Mapping When a policer is assigned to a class map flows use the DSCP Violate Action Mapping screen to specify the action to take when the amount of traffic in the flows exceeds the QoS specified limits The portion of the traffic that causes the flow to exceed its QoS limit is referred to as violate action packets When this action occurs the switch remaps the original DSCP value of the violate action IP packets with a new value based on the DSCP Violate Action Mapping table The switch uses the new values to assign resources and the egress queues to these packets The switch also physically replaces the original DSCP
138. dynamic address configuration 124 274 GS752TP GS728TP and GS728TPP Gigabit Smart Switches E EAP statistics 215 EAPOL 215 F factory defaults 228 Fan Status LED 20 firmware download 232 flow control 73 forwarding database address table 122 G Green Ethernet configuration 38 details 41 interface configuration 40 summary 42 guest VLAN 264 H help access 22 help HTML based 19 HTTP authentication list change 166 configuration 169 file download 234 file upload 231 secure 169 secure configuration 170 using to download files 231 234 HTTPS authentication list 167 IEEE 802 11x 263 IEEE 802 1Q Tag 81 IEEE 802 3 flow control 73 IGMP Snooping 107 configuration 108 querier 111 querier configuration 112 querier VLAN configuration 113 querier VLAN status 114 table 109 VLAN configuration 110 interface naming conventions 24 IP ACLs binding configuration 204 Binding table 206 configure 195 rules 197 sample configuration 257 IP address change of administrative system 15 configuration 27 default IP address of switch 11 IP extended ACL rules 198 IPv6 ACL rules 202 ACLs 201 class configuration 149 network configuration 29 network interface 29 network neighbors 31 L LACP configuration 79 port configuration 80 LAGs 76 configuration 76 membership 78 PDUs 76 static 76 VLAN 76 learned routes 131 LEDs fan status 20 LED status 20 max PoE 20 power status 20 status LED 20 Link Aggregation Gro
139. e IP header however each uses a different user notation After you select the service type specify the value associated with the type e IP DSCP Specify the IP DiffServ Code Point DSCP value The DSCP is defined as the high order 6 bits of the service type octet in the IP header Select an IP DSCP value from the list To specify a numeric value in the available field select Other from the list and type an integer from 0 to 63 in the field 4 Click ADD To modify an existing IP Extended ACL rule click in the Rule ID field The number is a hyperlink to the Extended ACL Rule Configuration screen If you modify the rule click APPLY to submit the changes to the switch IPv ACL An IPv6 ACL consists of a set of rules that are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action permit or deny is taken and the additional rules are not checked for a match On this screen the interfaces to which an IP ACL applies must be specified as well as whether it applies to inbound or outbound traffic gt To add an IPv6 ACL 1 Select Security gt ACL then click the Advanced gt IPv6 ACL link The following screen displays Connect with Innovat GS752TP N E T G E A R ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Contr
140. e 1 20 alphanumeric characters in length and are case sensitive 158 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 4 To confirm the password enter it again to make sure that you entered it correctly This field displays asterisks 5 Click APPLY to apply the new settings to the system Configuration changes take effect immediately gt To reset the password for the management interface 1 Select the Reset Password check box to reset the password to the default value 2 Click APPLY to apply the new settings to the system Configuration changes take effect immediately Note In the case of a lost password press the Factory Default Reset button on the front panel for more than two seconds to restore the factory default The reset button only reboots the device Configure RADIUS Settings RADIUS servers provide authentication authorization and accounting services for networks The RADIUS server maintains a user database which contains per user authentication information The switch passes information to the configured RADIUS server which can authenticate a user name and password before authorizing use of the network RADIUS servers provide a centralized authentication method for e Web access e Access control port 802 1x The RADIUS menu contains links to features described in the following sections e Global Configuration e RADIUS Server Configuration e Accounting Server Configuration Global Configuration
141. e CST Status information displayed on the screen 97 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Table 14 CST Status Information Field Description Interface Select a physical or port channel interface to configure The port is associated with the VLANs associated with the CST Port Role Each MST Bridge Port that is enabled is assigned a port role for each spanning tree The port role can be one of the following values Root Designated Alternate Backup Master or Disabled Designated Root Root bridge for the CST It is made up using the bridge priority and the base MAC address of the bridge Designated Cost Displays cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops Designated Bridge Bridge identifier of the bridge with the designated port It is made up using the bridge priority and the base MAC address of the bridge Designated Port Port identifier on the designated bridge that offers the lowest cost to the LAN It is made up from the port priority and the interface number of the port Edge Port Indicates whether the port is enabled as an edge port Possible values are Enabled and Disabled Point to point MAC Derived value of the point to point status CST Regional Root Displays the bridge priority and base MAC address of the CST regional root CST Path Cost Displays the path
142. e DHCP snooping feature for entered VLAN The factory default is disabled 6 Click APPLY to apply the change to the system Configuration changes take effect immediately DHCP Snooping Interface Configuration Use the DHCP Snooping Interface Configuration screen to view and configure each port as a trusted or untrusted port Any DHCP responses received on a trusted port are forwarded If a port is configured as untrusted any DHCP or BootP responses received on that port are discarded gt To configure DHCP snooping interface settings 1 Select System gt Services gt DHCP Snooping gt Interface Configuration 68 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The following screen displays Routing QoS Securi ty Monit g Maintenance Help Ind Management Device View PoE SNMP LLDP DHCP Snooping Interface Configuration DHCP Snooping Interface Configuration o PORTS LAGS All GoToInterface _ GO a gi Disable T g2 Disable o g3 Disable oO g4 Disable m g5 Disable T g6 Disable m g7 Disable T g8 Disable o 99 Disable a g10 Disable 7 gii Disable E g12 Disable rl 913 Disable o gi4 Disable 2TF ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Port CANCEL In the Go To Interface field enter the interface name and click the Go button The entry corresponding to the specified interface is selected To configure DHCP snooping interface settings click PORTS
143. e OUI prefix and click DELETE e Modify information for an entry in the OUI list Select the check box next to the OUI prefix update the OUI prefix or description and click APPLY Click RESTORE DEFAULTS to restore the list to the preconfigured OUls 89 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Auto VolP Configuration Auto VoIP automatically makes sure that time sensitive voice traffic is given priority over data traffic on ports that have this feature enabled Auto VoIP checks for packets carrying the following VoIP protocols e Session Initiation Protocol SIP e H 323 Prioritize only signaling packets e Skinny Call Control Protocol SCCP All three protocols are checked during the signaling call identification stage Once the VoIP call is established only the SIP and SCCP protocols are checked This feature supports up to 48 bidirectional VoIP calls VoIP frames that are received on ports that have the Auto VoIP feature enabled are assigned to queue 3 Auto VoIP and QoS CoS DiffServ mode features can co exist and be activated at the same time If both features are active at the same time on the same port the manual QoS assignment might override the VoIP QoS assignment To configure the Auto VoIP parameters use the Auto VoIP configuration screen The Interface column specifies all the configurable Auto VoIP interfaces The Traffic Class displays the traffic class on which the received VoIP frames are marke
144. e Port Security Enable or disable the port security feature for the selected port 184 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Max Allowed Dynamically Learned MAC Sets the maximum number of dynamically learned MAC addresses on the selected interface The valid range is 0 600 The default value is 600 Enable Violation Traps Select Yes or No to enable or disable the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port 5 Click APPLY to update the switch with the new settings Security MAC Address Use the Security MAC Address screen to convert a dynamically learned MAC address to a statically locked address gt To convert learned MAC addresses 1 Select Security gt Traffic Control gt Port Security gt Security MAC Address The following screen displays NETGEAR GS752TP Con pact vill s ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports System Switching Routing Security Monitoring Maintenance Help Index Management Securi ly Access Port Authentication 3 Storm Control Security MAC Address Port Security Port Security Settings Interface Convert Dynamic Address to Static Configuration Security MAC Number of Dynamic MAC Addresses Learned Address Protected Ports Dynamic MAC Addresses Table Port List gi v VLAN ID MAC Address REFRESH CANCEL APPLY j 2 Sel
145. e VLAN ID Select VLAN ID and enter the VLAN ID for example 100 Then click GO If any entries with that VLAN ID exist they are displayed e Interface Select Interface enter the interface ID in g1 g2 format then click GO If any entries learned on that interface exist they are displayed Click CLEAR to clear dynamic MAC addresses in the table The following table describes the information available for each entry in the address table Table 21 MAC Address Table Fields Field Description VLAN ID Specifies the VLAN ID on which the IGMP snooping querier is administratively enabled and for which the VLAN exists in the VLAN database MAC Address A unicast MAC address for which the switch has forwarding or filtering information The format is a 6 byte MAC address with each byte separated by colons For example 00 0F 89 AB CD EF 123 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Field Description Interface The port where this address was learned that is this field displays the port through which the MAC address can be reached Status The status of this entry The possible values are Static The entry was added when a static MAC filter was defined Learned The entry was learned by observing the source MAC addresses of incoming traffic and is currently in use Management The system MAC address which is identified with interface c1 Dynamic Address Conf
146. e pop up window closes and no action is taken and the registration reminder pop up appears on next successful login e REGISTER NOW The NETGEAR registration server is contacted to initiate the registration process Note NETGEAR will never sell or rent your email address and you can opt out of communications at any time 246 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt Toregister the switch 1 Select Help gt Registration The following screen displays GS752TP N E TG E A R ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Registration Registration We are delighted to have you as a customer Registration confirms your email alerts will work lowers technical support resolution time and ensures your shipping address acc We d also like to incorporate your feedback into future product development NETGEAR will never sell or rent your email address and you may opt out of communications at any time REGISTER 2 Click REGISTER to register the switch The switch attempts to contact the NETGEAR registration server If the switch successfully contacts the registration server the NETGEAR product registration screen opens in a new browser window The product serial number and model number fields are pre populated After you provide some basic information and click REGISTER the registratio
147. e the Ping IPv6 screen to send a ping request to a specified host name or IPv6 address This checks whether the switch can communicate with a particular IPv6 station When you click the APPLY button the switch sends three pings and the results are displayed gt To configure the settings and ping a host on the network 1 Select Maintenance gt Troubleshooting gt Ping IPv6 The following screen displays NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Upload Download File Management Ping IPv6 Ping IPv6 Ping Global fe80 c63d c7ff feac de Remote Diagnostics m IP Address Host Name Datagram Size Result 239 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 2 Inthe Ping field select either Global or Link Global to select either the global IPv6 Address or host name or link local address to ping 3 Optionally configure the following settings e In the IPv6 Address Host Name field enter the IPv6 address or host name of the station you want the switch to ping The initial value is blank The IPv6 address or host name you enter is not retained across a power cycle The valid range is 0 160 characters e Inthe Datagram Size field enter the datagram size The valid range is 48 2048 e The Result field displays the result after the switch sends a ping IPv6 request to the sp
148. e to be matched VLAN Select a VLAN ID to be matched Ethernet Type Select an Ethernet type from the list or select User Value and add a value 148 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Source MAC Enter the source MAC address and the mask e Destination MAC Enter the destination MAC address and the mask e Protocol Type Select the protocol type If you select Other enter a protocol number in the field that appears e Source IP Enter a valid source IP address in dotted decimal format e Source L4 Port Select the desired L4 keyword from the list on which the rule can be based The options are Other domain echo ftp ftpdata http smtp snmp telnet tftp or www If you select Other enter a user defined port ID e Destination IP Enter a valid destination IP address in dotted decimal format Destination L4 Port Enter the desired L4 keyword from the list on which the rule can be based The options are Other domain echo ftp ftpdata http smtp snmp telnet tftp or www If you select Other the screen refreshes and a port ID field appears e Service Type e IP DSCP Select the DSCP type from the list or enter a DSCP value to match If you select Other enter a custom value in the DSCP Value field that appears The range is 0 63 e Precedence Value Enter a precedence value 4 Click APPLY to send the updated configuration to the switch Configuration changes occur immediately IPv6 C
149. eatments actions e Drop The packet is dropped Mark CoS 802 1p user priority bits are marked or re marked and forwarded Mark DSCP The packet DSCP is marked or re marked and forwarded e Send The packet is forwarded without DiffServ modification Color mode awareness Policing in the DiffServ feature uses either color blind or color aware mode Color blind mode ignores the coloration marking of the incoming packet Color aware mode considers the current packet marking when determining the policing outcome An auxiliary traffic class is used with the policing definition to specify a value for one of the 802 1p IP DSCP or IP precedence fields designating the incoming color value to be used as the conforming color The color of exceeding traffic might be optionally specified as well Counting Updates octet and packet statistics to keep track of data handling along traffic paths within DiffServ In this DiffServ feature counters are not explicitly configured by the user but are designed into the system based on the DiffServ policy being created For more information see Switch Statistics on page 208 Assigning QoS Queue Directs traffic stream to the specified QoS queue This enables a traffic classifier to specify which one of the supported hardware queues is used for handling packets belonging to the class Sample DiffServ Configuration To create a DiffServ Class or Policy and attach it to a switch interface 1 In the
150. ecified IPv6 address 4 Click APPLY to send the ping The switch sends the number of pings specified in the Count field and the results are displayed in the Results field e Ifa reply to the ping is received you see Send count 3 Receive count n from IPv6 Address Average round trip time n ms e Ifa reply to the ping is not received you see Reply From IP Host Destination Unreachable Tx x Rx 0 Min Max Avg RTT 0 0 0 msec Traceroute Use the Traceroute utility to discover the paths that a packet takes to a remote destination 240 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure the Traceroute settings and send probe packets to discover the route to a host on the network 1 Select Maintenance gt Troubleshooting gt Traceroute The following screen displays gt Ping Ping IPv6 Traceroute Remote Diagnostics IP Address Hostname NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Seconty Monitoring Maintenance Help Index Reset Upload Download File Management Traceroute Traceroute Probes Per Hop MaxTTL InitTTL MaxFail Interval secs Port Size Results 2 In the IP Address Hostname field specify the IP address or the host name of the station you want the switch to ping The initial value is blank This information is not retained across a power cycle 3 Optionally c
151. econds Hold Multiplier Specify multiplier on the transmit interval to assign to Time to Live TTL The default is 4 and the range is 2 10 Reinitializing Delay Specify the delay before a reinitialization The default is 2 seconds and the range is 1 10 seconds Transmit Delay Specify the interval for the transmission of notifications The default is 5 seconds and the range is 5 3600 seconds 3 To change the LLDP MED properties in the Fast Start Duration field specify the number of LLDP packets sent when the LLDP MED Fast Start mechanism is initialized 56 GS752TP GS728TP and GS728TPP Gigabit Smart Switches This occurs when a new endpoint device links with the LLDP MED network connectivity device The default value is 3 and the range is from 1 10 4 Click APPLY Configuration changes take effect immediately LLDP Port Settings Use the LLDP Port Settings screen to specify LLDP parameters that are applied to a specific interface gt To configure LLDP port settings 1 2 Select System gt LLDP gt Advanced gt LLDP Port Settings The following screen displays N E TGE AR ProSafe 48 Port Gigabit Smart Sw with Innovofio with PoE and 4 SFP I System Switching Routing Qos Security Monitoring Maintenance Help Index Goco Basi LLDP Port Settings LLDP Configuration LLDP Port Settings LLDP MED Port Settings A g1 Tx amp Rx Stop Advertise Disable Disable
152. econds Resending EAP Enter the transmit period for the selected port The transmit period is the value in seconds of the timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request Identify frame to the supplicant The valid range is 1 65535 and the default value is 30 seconds Max EAP Requests Enter the maximum number of requests for the selected port This value is the maximum number of times the authenticator state machine on this port retransmits an EAPOL EAP Request Identity before timing out the supplicant The valid range is 1 10 and the default value is 2 Supplicant Timeout Enter the number of seconds that elapse before EAP requests are resent to the user The valid range is 1 565535 and the default is 30 seconds Server Timeout Enter the number of seconds that elapse before the switch resends a request to the authentication server The valid range is 1 65535 and the default is 30 seconds For the selected ports view the following settings which are not configurable Control Direction Displays the control direction for the specified port which is always Both The control direction dictates the degree to which protocol exchanges take place between supplicant and authenticator The unauthorized controlled port exerts control over communication in both directions disabling both incoming and outgoing frames This field is not configurable 178 GS752TP GS72
153. ect the Convert Dynamic Address to Static check box 3 Click APPLY The dynamic MAC Address entries are converted to static MAC address entries in a numerically ascending order until the static limit is reached The Dynamic MAC Addresses Table section shows the MAC addresses and their associated VLANS learned on the selected port Use the Port List menu to select the port for which you want to display data Table 24 describes the dynamic MAC addresses table fields 185 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Table 24 Dynamic MAC addresses table fields Field Description VLAN ID The VLAN ID corresponding to the last violation MAC address MAC Address The MAC addresses learned on a specific port Protected Ports If a port is configured as protected it does not forward traffic to any other protected port on the switch but it forwards traffic to unprotected ports Use the Protected Ports screen to configure the ports as protected or unprotected gt To configure protected ports 1 Select Security gt Traffic Control gt Protected Ports The following screen displays j GS752TP N E T G E A R ProSafe 48 Port Gigabit Smart Switch nect with Innovati with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Protected Ports Storm Control EHE Protected Ports Membership Uc7S Janns lN REFRESH CANCEL APPLY 2 Click
154. ection includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices Failure of the end user to comply with the applicable requirements may result in unlawful operation and adverse action against the end user by the applicable National regulatory authority This product s firmware limits operation to only the channels allowed in a particular Region or Country Therefore all options described in this user s guide may not be available in your version of the product Europe EU Declaration of Conformity Products bearing the CE marking comply with the following EU directives e EMC Directive 2004 108 EC Low Voltage Directive 2006 95 EC If this product has telecommunications functionality it also complies with the requirements of the following EU Directive e R amp TTE Directive 1999 5 EC Compliance with these directives implies conformity to harmonized European standards that are noted in the EU Declaration of Conformity FCC Requirements for Operation in the United States FCC Information to User This product does not contain any user serviceable components and is to be used with approved antennas only Any product changes or modifications will invalidate all applicable regulatory certifications and approvals This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful i
155. ed the other rules on the screen are not available Protocol Type Requires a packet s protocol to match the protocol listed here Select a type from the drop down list or enter the protocol number in the available field Source IP Address Requires a packet s source IP address to match the address listed here Enter an IP address using dotted decimal notation The address you enter is compared to a packet s source IP address Source IP Mask Specifies the source IP address wildcard mask Wildcard masks determine which bits are used and which bits are ignored A wildcard mask of 255 255 255 255 indicates that no bit is important A wildcard mask of 0 0 0 0 indicates that all of the bits are important Wildcard masking for ACLs operates differently from a subnet mask A wildcard mask is in essence the inverse of a subnet mask For example to apply the rule to all hosts in the 192 168 1 0 24 subnet enter 0 0 0 255 in the Source IP Mask field This field is required when you configure a source IP address Source L4 Port Requires a packet s TCP UDP source port to match the port listed here Complete one of the following fields Source L4 Keyword Select the desired L4 keyword from the list of source ports on which the rule can be based Source L4 Port Number If the source L4 keyword is Other enter a user defined Port ID by which packets are matched to the rule Destination IP Address Requires a packet s destination port IP address
156. elect Local In the Date field enter the date in the DD MM YYYY format In the Time field enter the time in HH MM SS format Note If you do not enter a date and time the switch calculates the date and time using the CPU s clock cycle When the clock source is set to Local the Time Zone Offset field is disabled Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately gt To configure the time through SNTP 1 2 3 4 Next to the Clock Source select SNTP When the clock source is set to SNTP the Date and Time fields are disabled The switch gets the date and time from the network In the Time Zone Offset list select the Coordinated Universal Time UTC time zone in which the switch is located expressed as the number of hours Use the SNTP Server Configuration screen to configure the SNTP server settings Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately 33 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The SNTP Global Status table on the Time Configuration screen displays information about the system s SNTP client Table 4 describes the SNTP Global Status fields Table 4 SNTP Global Status fields Field Description Version Specifies the SNTP version the client supports Supported Mode Specifies the SNTP modes the client supports Multiple modes might be supported by a clien
157. elps you to create a simple ACL and apply it to the selected ports easily and quickly First you can select an ACL type Then you can add an ACL rule to this ACL and the rule can be applied to this ACL on the selected ports The ACL Wizard enables you to create the ACL but does not allow you to modify it For more information about how to modify the ACL see the instructions on the ACL configuration screen 187 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To create an ACL 1 Select Security gt ACL gt ACL Wizard The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index i Port Authentication Traffic Control ACL Wizard ACL Wizard Basic ACL Type Selection Advanced ACL Type ACL Based on Destination MAC ACL Based on Destination MAC Match Destination MAC Action Destination MAC Every Mask WM 71 N gr 83 Port Selection Table 2 From the ACL Type list select the ACL type used to create the ACL You can select from 10optional types e ACL Based on Destination MAC Creates an ACL based on the destination MAC address destination MAC mask and VLAN e ACL Based on Source MAC Creates an ACL based on the source MAC address source MAC mask and VLAN e ACL Based on Destination IPv4 Creates an ACL ba
158. em for web access to be available If you used the Smart Control Center to set up the IP address and subnet mask either with or without a DHCP server use that IP address in the address field of your web browser If you did not change the IP address of the switch from the default value enter 192 168 0 239 into the address field Clicking Web Browser Access on the Smart Control Center or accessing the switch directly from your web browser displays the Login screen Understand the User Interface To access the switch by using a web browser the browser must meet the following software requirements e Internet Explorer version 7 or later e Firefox version 4 or later Tologon to the web interface 1 Open a web browser and enter the IP address of the switch in the web browser address field 2 The factory default password is password Type the password in the field on the Login screen and click Login Passwords are case sensitive 17 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 3 After the system authenticates you the System Information screen displays Navigation tab Configuration menus Help link Logout button NE G EAR ProSafe 48 Port Nu 2m with PoE and 4igP Ports System fing Routing QoS Security Monitoring Maintenance Help Index PoE SNMP LLDP System Information Information P gt IP Configuration System Information IPv6 Network System Name screen Configuration gt IPv6 Network
159. ented unmodified by DiffServ to the system forwarding element e Drop These packets are immediately dropped e Mark CoS These packets are marked by DiffServ with the specified CoS value before being presented to the system forwarding element This selection requires that the Mark CoS value field be set Mark IP DSCP These packets are marked by DiffServ with the specified DSCP value before being presented to the system forwarding element This selection requires that the DSCP value field be set If you select Other enter a custom value in the DSCP Value field that appears Violate Action Determines what happens to packets that are considered non conforming above the police rate Select one of the following actions e Send These packets are presented unmodified by DiffServ to the system forwarding element e Drop These packets are immediately dropped 4 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately 154 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Service Configuration Use the Service Configuration screen to activate a policy on an interface gt To configure DiffServ policy settings on an interface 1 Select QoS gt DiffServ Advanced gt Service Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch g with PoE and 4 SFP Ports System Switching Routing QoS Secu
160. er If you do not specify the sequence number a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used The valid range is 1 4294967295 Click the appropriate orange bar to display the available ports or LAGs e To add the selected ACL to a port or LAG click the box directly below the port or LAG number so that an V appears in the box e To remove the selected ACL from a port or LAG click the box directly below the port or LAG number to clear the selection An Y in the box indicates that the ACL is applied to the interface Click APPLY to save any changes to the running configuration 205 GS752TP GS728TP and GS728TPP Gigabit Smart Switches IP Binding Table Use the IP Binding Table screen to view or delete the IP ACL bindings To display the IP Binding Table click Security gt ACL gt Advanced gt IP Binding Table The following screen displays GS752TP N E TG EA R ProSafe 48 Port Gigabit Smart Switch Canned wih nveton with PoE and 4 SFP Ports System Switching Routing QoS MMETETIMEE Monitoring Maintenance Help Index Port Authentication Traffic Control ACL Wizard IP Binding Table Basic IP Binding Table E MAC ACL Si den m merae oe ralis AS Number 1 MAC Binding Configuration Fe Inbound IP ACL ipli MAC Binding oO e Inbound IPv6 ACL ipvl6 2 Table v Advanced IP ACL IP Rules IP Extended
161. erier VLAN Status MLD Snooping MLD Snooping Configuration MLD VLAN Configuration Multicast Router VLAN Configuration Static Multicast Address 2 In the VLAN ID field select the VLAN IDs for which MLD snooping is enabled 3 In the Admin Mode field enable MLD Snooping for the specified VLAN ID In the Fast Leave Admin Mode field enable or disable the MLD Snooping Fast Leave mode for the specified VLAN ID 5 In the Group Membership Interval field enter the value for the group membership interval of MLD Snooping for the specified VLAN ID The value is calculated as the Multicast Router Expiry Time 7 Maximum Response Time 6 In the Maximum Response Time field set the value for maximum response time of MLD snooping for the specified VLAN ID The valid range is 1 20 seconds 7 In the Multicast Router Expiry Time field enter the value for multicast router expiry time of MLD snooping for the specified VLAN ID The valid range is 3 3610 seconds This value is calculated as 2 QI 7 Maximum Response Time where 117 GS752TP GS728TP and GS728TPP Gigabit Smart Switches QI Group Membership Interval Maximum Response Time 2 8 Click ADD to enable MLD Snooping on the specified VLAN 9 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately Multicast Router VLAN Configuration The statically configured router attached VLAN inter
162. ering information The format is six 2 digit hexadecimal numbers that are separated by colons for example 01 00 5e 45 67 89 VLAN ID A VLAN ID for which the switch has forwarding and filtering information Type This field displays the type of the entry Static entries are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this Multicast table entry Possible values are Management Configured Network Configured and Network Assisted Interface The list of interfaces that are designated for forwarding Fwd and filtering Fit for the associated address Click CLEAR to clear one or all of the IGMP Snooping entries IGMP Snooping VLAN Configuration Use the IGMP Snooping VLAN Configuration screen to configure IGMP snooping settings for VLANs on the system gt To configure IGMP snooping settings for VLANs 1 Select Switching gt Multicast gt IGMP Snooping gt IGMP Snooping VLAN Configuration The following screen displays NETGEAR Switching System Ports MFDB gt MFDB Table MFDB Statistics Auto Video Auto Video Configuration IGMP Snooping IGMP Snooping Configuration IGMP Snooping Table gt IGMP Snooping Querier gt MLD Snooping Static Multicast Address LAG VLAN Voice VLAN Auto VolP STP IGMP Snooping VLAN Configuration IGMP Snooping VLAN Configuration
163. erred method for synchronizing device time because it is the most secure method If this method is selected SNTP information is accepted only from SNTP servers defined on the device using the SNTP Server Configuration screen The device retrieves synchronization information either by actively requesting information or at every poll interval Time Configuration Use the Time Configuration screen to view and adjust date and time settings 32 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure the time by using the CPU clock cycle as the source 1 2 3 4 5 Select System gt Management gt Time gt SNTP Global Configuration The following screen displays GS7521 N E T G E A R ProSafe 48 Port Gigabit Smart Swit nec wih inovator with PoE and 4 SFP Pr System Switching Routing QoS Security Monitoring Maintenance Help Index 160v Device View PoE SNMP LLDP Services System Time Configuration Information gt IP Configuration Time Configuration E Beale Clock Source Local SNTP Configuration Date 01 Jan 2012 DD MMM YYYY Time 04 49 54 HH MM SS Time Zone Offset SNTP Global Status o Version 4 Supported Mode Unicast Last Update Time Jan 01 00 00 00 1970 Server IP Address Address Type Unknovm Server Stratum 0 Unspecified Server Mode Reserved Unicast Sever Max Entries 3 Unicast Server Current Entries o REFRESH ANCEL Next to the Clock Source s
164. ers e Access Mode Specify the access level for this community by selecting Read Write or Read Only e Status Specify the status of this community by selecting Enable or Disable from the pull down menu If you select Enable the Community Name must be unique among 50 GS752TP GS728TP and GS728TPP Gigabit Smart Switches all valid Community Names or the set request is rejected If you select Disable the Community Name becomes invalid 3 Click ADD Configuration changes take effect immediately Trap Configuration This screen displays an entry for every active Trap Receiver gt To configure SNMP trap settings Select System gt SNMP gt SNMP V1 V2 gt Trap Configuration The following screen displays NETGEAR GS752TP c Ken ProSafe 48 Port Gigabit Smart Switch Connect with Innovation 2 with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View PoE LLDP Services Trap Configuration v SNMPv1 v2 Community Trap Configuration Configuration Recipients IP Community String Trap Configuration m sens OL i a BNNEN Supported MIBS gt SNMPv3 gt To add a host that receives SNMP traps 1 Enter trap configuration information in the following fields e Recipients IP The address in x x x x format to receive SNMP traps from this device e Version The trap version used by the receiver SNMP v1 Uses SNMP v1 to sen
165. erver Log Server Configuration a 2 Specify the following settings and click Add Host Address Specify the IP address or host name of the host configured for syslog 220 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Port Specify the port on the host to which syslog messages are sent The default port is 514 e Severity Filter Select the severity of the logs to send to the logging host Logs with the selected severity level and all logs of greater severity are sent to the host For example if you select Error the logged messages include Error Critical Alert and Emergency The default severity level is Alert 1 The severity can be one of the following levels Emergency 0 The highest level warning level If the device is down or not functioning properly an emergency log is saved to the device e Alert 1 The second highest warning level An alert log is saved if there is a serious device malfunction such as all device features being down e Critical 2 The third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error 3 A device error has occurred such as if a port is offline e Warning 4 The lowest level of a device warning e Notice 5 Provides the network administrators with device information e Informational 6 Provides device informati
166. es 8K Green Ethernet Automatic power down on port when link is down short cable mode and EEE mode 249 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Switch Features and Defaults Feature Sets Supported Default Auto negotiation static All ports Auto negotiation speed duplex Auto MDI MDIX N A Enabled 802 3x flow control back pressure 1 per system Disabled Port mirroring 1 destination port and 8 source Disabled ports Port trunking aggregation 8 Pre configured 802 1D spanning tree 1 Disabled 802 1w RSTP 1 Disabled 802 1s spanning tree 16 instances Disabled Static 802 1Q tagging 256 VID 1 Max member ports are 52 for standalone switch Learning process Supports static and dynamic MAC entries Dynamic learning is enabled by default Storm control All ports Disabled Jumbo frame All ports Disabled Max 9 Kb Number of queues 4 N A Port based N A N A 802 1p 1 Enabled DSCP 1 Disabled Rate limiting All ports Disabled Auto QoS All ports Disabled 802 1x All ports Disabled MAC ACL 480 shared with IP and IPv6 All MAC addresses allowed ACLs IP ACL 480 shared with MAC and IPv6 All IP addresses allowed ACLs IPv6 ACL 480 shared with IP ACL and MAC All IP addresses allowed ACL 250 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Feature Sets Supported Default Passwo
167. escribed in the following sections e MLD Snooping Configuration e MLD VLAN Configuration e Multicast Router VLAN Configuration MLD Snooping Configuration In IPv4 Layer 2 switches can use IGMP snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast address In IPv6 MLD snooping performs a similar function With MLD snooping IPv6 Multicast data is selectively forwarded to a list of ports 115 GS752TP GS728TP and GS728TPP Gigabit Smart Switches that want to receive the data instead of being flooded to all ports in a VLAN This list is constructed by snooping IPv6 multicast control packets gt To configure MLD snooping Ts Select Switching gt Multicast gt MLD Snooping gt MLD Snooping Configuration The following screen displays NETGEAR GS752TP Y fion ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN VoiceVLAN Auto VoIP STP Address Table MLD Snooping Configuration gt MFDB Auto Video MLD Snooping Configuration ERI RO DAMM MLD Snooping Admin Mode Disable Enable IGMP Snooping Querier Querier Configuration Querier VLAN Configuration Querier VLAN Status MLD Snooping MLD Snooping Configuration MLD VLAN Config
168. essful login displays the information you need to configure an SNMP manager to access the switch Any user can connect to the switch using the SNMPv3 protocol However for authentication and encryption the switch only supports a single user called admin which is the only profile that can be created or modified gt To configure authentication and encryption settings for the SNMPv3 admin profile by using the web interface 1 Select the System SNMP SNMPv3 User Configuration screen 2 To enable authentication select one of MD5 and SHA authentication protocol options 3 To enable encryption a Select DES as the encryption protocol b In the Encryption Key field enter an encryption code of eight or more alphanumeric characters 4 Click APPLY Toaccess configuration information for SNMPv1 or SNMPv2 1 Select System SNMP SNMPv1 v2 2 Follow the link to the screen that contains the information to configure 23 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Interface Naming Convention The switch supports physical and logical interfaces Interfaces are identified by their type and the interface number The switches support the following ports e GS752TP Ports 1 48 are 10 100 1000M AutoSensing Gigabit ports and ports 49 52 are 100 1000M SFP ports The first 8 ports are PoE providing 30W of DC power and the remaining copper ports are PoE Power over Environment providing 15 4W of DC power e GS7
169. et leaves as a tagged packet with VLAN ID 20 255 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Access Control Lists ACLs ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources ACLs are used to provide traffic flow control restrict contents of routing updates decide which types of traffic are forwarded or blocked and provide security for the network ACLs are normally used in firewall routers that are positioned between the internal network and an external network such as the Internet They can also be used on a router positioned between two parts of the network to control the traffic entering or exiting a specific part of the internal network The added packet processing required by the ACL feature does not affect switch performance That is ACL processing occurs at wire speed Access lists are a sequential collection of permit and deny conditions This collection of conditions known as the filtering criteria is applied to each packet that is processed by the switch or the router The forwarding or dropping of a packet is based on whether the packet matches the specified criteria Traffic filtering requires the following two basic steps 1 Create an access list definition The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded Additionally you can assign t
170. ex Reset Upload Download File Monogement Ping Ping gt Ping IPv6 Ping Details goaa IP Address Host Name 10 5 104 108 gt Remote Diagnostics Count x Interval secs 3 Size 0 Results 2 In the IP Address Host Name field specify the IP address or the host name of the station you want the switch to ping 238 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The initial value is blank This information is not retained across a power cycle The maximum number of characters in a name is 160 3 Optionally configure the following settings e n the Count field specify the number of pings to send The valid range is 1 15 e In the Interval secs field specify the number of seconds between pings sent The valid range is 1 60 e Inthe Size field specify the size of the ping ICMP packet to send The valid range is 0 65507 e The Results field displays the result after the switch sends a ping request to the specified address 4 Click APPLY to send the ping The switch sends the number of pings specified in the Count field and the results are displayed in the Results field e Ifa reply to the ping is received you see Reply From IP Host icmp seq 0 time xx usec Tx x Rx x Min Max Avg RTT x x x msec e Ifa reply to the ping is not received you see Reply From IP Host Destination Unreachable Tx x Rx 0 Min Max Avg RTT 0 0 0 msec Ping IPv Us
171. f Messages 5 lt 14 gt Jun 4 03 05 18 10 130 184 35 5 STATSMGR 46506924 presenter c 102 268 ERROR Failure in preStatsGet 0x00120006 lt 14 gt Jun 4 03 05 18 10 130 184 35 5 STATSMGR 46506924 collector c 1066 267 Failure in function collectorGet lt 14 gt Jun 4 03 05 18 10 130 184 35 5 STATSMGR 46506924 presenter c 102 266 ERROR Failure in preStatsGet 0x00120005 lt 14 gt Jun 4 03 05 18 10 130 184 35 5 STATSMGR 46506924 collector c 1066 265 Failure in function collectorGet lt 14 gt Jun 4 03 05 18 10 130 184 35 5 STATSMGR 46506924 presenter c 102 264 ERROR Failure in preStatsGet 0x00120004 CLEAR oJ REFRESH f CANCEL 2 In the Admin Status field select Enable to enable system logging or Disable to disable it 3 In the Behavior field select the Wrap behavior of the log when it is full In this behavior when the buffer is full the oldest log messages are deleted as the system logs new messages 4 f you change the buffered logs settings click APPLY to apply the changes to the system and save them The Total Number of Messages field is displayed This contains the number of messages the system has logged in memory Only the 64 most recent entries are displayed The rest of the screen displays the buffered logs messages Messages logged to a collector or relayed through syslog have the following format 10 31 2012 14 17 43 AAA I DISCONNECT http connection for user
172. face is added to the learned multicast router attached interface list if the interface is active and is a member of the VLAN As is not the case in the previous release of the system firmware snooping dynamic learning mode snooping interface mode or snooping VLAN mode does not need not to be enabled on the interface The dynamic learning mode is applicable only for dynamically learned multicast router information queries from an attached true querier gt To configure the Multicast Router VLAN 1 Select Switching gt Multicast gt MLD Snooping gt Multicast Router VLAN Configuration The following screen displays NETGEAR GS752TP Con e ProSafe 48 Port Gigabit Smart Switch Connect with Innovation d with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VoIP STP Multicast Router VLAN Configuration gt MFDB Auto Video Multicast Router VLAN Configuration o gt IGMP Snooping Yolerface IGMP Snooping guener Multicast Router VLAN Configuration io Querier Configuration Querier VLAN Status MLD Snooping MLD Snooping Configuration MLD VLAN Configuration Multicast Router VLAN Configuration Static Multicast Address 2 Inthe Interface field select the interface ID The entry corresponding to the specified interface is selected 3 Inthe VLAN ID field enter the VLAN ID for which the multicast router m
173. fault value inserted into the Time To Live field of the IP header of datagrams originated by the switch if a TTL value is not supplied by the transport layer protocol Maximum Next Hops displays the maximum number of hops supported by the switch Next to Routing Mode select Enable or Disable If you select Disable the switch is in switch mode You must enable routing for the switch before you can route through any of the interfaces Routing is enabled or disabled per VLAN interface The default value is router mode Click APPLY to send the updated configuration to the switch Switching a routing mode requires a reboot The configuration file is not deleted during the reboot 126 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Configure VLAN Routing You can configure the switch software with some ports supporting VLANs and some supporting routing You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port When a port is enabled for bridging default rather than routing all normal bridge processing is performed for an inbound packet which is then associated with a VLAN Its MAC destination address MAC DA and VLAN ID are used to search the MAC address table If routing is enabled for the VLAN and the MAC DA of an inbound unicast packet is that of the internal bridge router interface the packet is routed An inbound multicast packet is forwarded to all ports in the VLAN
174. g with the supplicant The authenticator PAE is also responsible for submitting the information received from the supplicant to the authentication server so that the credentials can be checked which determines the authorization state of the port The authenticator PAE controls the authorized or unauthorized state of the controlled port depending on the outcome of the RADIUS based authentication process Authenticator switch Authentication SS LL server RADIUS cP 192 168 10 23 Supplicant Y Sample 802 1x Configuration Supplicant This example shows how to configure the switch so that 802 1x based authentication is required on the ports in a corporate conference room g1 g8 These ports are available to visitors and need to be authenticated before they are granted access to the network The authentication is handled by an external RADIUS server When the visitor is successfully authenticated traffic is automatically assigned to the guest VLAN This example assumes that a VLAN has been configured with a VLAN ID of 150 and VLAN name of Guest 1 In the Port Authentication screen select ports g1 through g8 2 From the Port Control list select Unauthorized The Port Control setting for all other ports where authentication is not needed must be Authorized When the Port Control setting is Authorized the port is unconditionally put in 264 GS752TP GS728TP and GS728TPP Gigabit Smart Switches a force authorized state and does
175. g3 g8 Enable Tx and Rx Mirror g4 Disable E g5 Disable Cl es Disable E sg g8 Enable Tx and Rx Mirror wj o8 Disable g9 Disable O g10 Disable m gii g8 Enable Tx and Rx Mirror O giz Disable 2 Select the check box next to a port to configure it as a source port or enter its name in the Go To Interface field and click Go 3 From the Destination Port list select the port to which port traffic is to be copied Use the g1 g2 format to specify the port You can configure only one destination port on the system 4 From the Session Mode list select the mode for port mirroring on the selected port 223 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Enable Multiple port mirroring is active on the selected port that is on all the configured source ports e Disable Port mirroring is not active on the selected port but the mirroring information is retained 5 From the Direction list select the direction of the traffic to be mirrored from the configured mirrored ports The default value is Tx and Rx e Tx and Rx Enable both transmitting and receiving on the selected ports e Tx only Enable only transmitting on the selected ports e Rx only Enable only receiving on the selected ports 6 Click APPLY to apply the settings to the system If the port is configured as a source port the Mirroring Port field value is Mirrored 224 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Sy
176. gure and View Routes From the Routing Table screen you can configure static and default routes and view the routes that the NETGEAR switch has already learned gt To configure routes 1 Select Routing gt Routing Table The following screen displays GS752TP NE TGEA R ProSafe 48 Port Gigabit Smart Switch mm with PoE and 4 SFP Ports System Switching Rovting QoS Security Monitoring Maintenance Help Index IP VLAN ARP Route Route Configuration Configuration Seaman Configure Routes Route Network Next Hop IP Beena n 1 pe p d A L 0 0 0 L 4 0 0 0 L 1 3 3 3 Learned Routes CLEAR REFRESH ADD DELETE CANCEL 2 In the Route Type field specify whether the route is to be a default route or a static route When you create a default route all you need to specify is the next hop IP address 3 In the Network Address field specify the IP route prefix for the destination To create a route a valid routing interface must exist and the next hop IP Address must be on the same network as the routing interface 4 In the Subnet Mask field indicate the portion of the IP address that identifies the attached network 5 In the Next Hop IP Address field specify The outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router is always one of the adjacent neighbors or the IP address of the local interface f
177. h The same concept can be extended to other switches and more instances of MSTP 269 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Configure VLAN Routing with Static Route VLAN Routing Overview VLANs divide broadcast domains in a LAN environment Whenever hosts in one VLAN need to communicate with hosts in another VLAN the traffic must be routed between them This is known as inter VLAN routing On NETGEAR switches it is accomplished by creating Layer 3 interfaces switch virtual interfaces SVI When a port is enabled for bridging default rather than routing all normal bridge processing is performed for an inbound packet which is then associated with a VLAN Its MAC destination address MAC DA and VLAN ID are used to search the MAC address table If routing is enabled for the VLAN and the MAC DA of an inbound unicast packet is that of the internal bridge router interface the packet is routed An inbound multicast packet is forwarded to all ports in the VLAN plus the internal bridge router interface if it was received on a routed VLAN Since a port can be configured to belong to more than one VLAN VLAN routing might be enabled for all of the VLANs on the port or for a subset VLAN routing can be used to allow more than one physical port to reside on the same subnet It can also be used when a VLAN spans multiple physical networks or when more segmentation or security is required A port can be either a VLAN port or
178. h see File Management HTTP File Download Use the HTTP File Download screen to download files of various types to the switch using an HTTP session for example via your web browser gt To download a file to the switch from by using HTTP 1 Select Maintenance gt Download gt HTTP File Download The following screen displays NETGEAR GS752TP Connec wilh Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Reset Upload File Management Troubleshooting gt TFTP File HTTP File Download Download HTTP File Download File Type Archive Y Select File NOTE After a File transfer is started please wait till the page refreshes HTTP File Download CANCEL APPLY j 2 From the File Type list select the type of file you want to download to the switch For more information see Download File Types on page 232 e Archive Software image file Note The system always downloads the software image to the non active image 234 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Text Configuration A text based configuration file 3 In the Select File field enter the name of the file that you want to download or click Browse to open a file upload window to locate the file 4 Click the APPLY button to initiate the file download Note After a file transfer is started wait until the screen refreshes
179. h configured MST instance Table 16 MST Instance Information Field Description Bridge Identifier The bridge identifier for the selected MST instance It is made up using the bridge priority and the base MAC address of the bridge Time Since Displays the total amount of time since the topology of the selected MST instance last Topology changed The time is displayed in hour minute second format for example 5 hours 10 Change minutes and 4 seconds Topology Displays the total number of times topology has changed for the selected MST instance Change Count Topology Indicates whether a topology change is in progress on any port assigned to the selected Change MST instance The possible values are True and False Designated Root Displays the bridge identifier of the root bridge which is made up from the bridge priority and the base MAC address of the bridge Root Path Cost Displays the path cost to the designated root for this MST instance Root Port Indicates the port to access the designated root for this MST instance 101 GS752TP GS728TP and GS728TPP Gigabit Smart Switches MST Port Configuration Use the MST Port Configuration screen to configure and display Multiple Spanning Tree MST settings on a specific port on the switch gt To configure MST port settings Select Switching gt STP gt Advanced gt MST Port Configuration 1 The following screen displays
180. he bridge identifier of the root bridge It is made up from the bridge priority and the base MAC address of the bridge Root Path Cost Path cost to the designated root for the CST Root Port Port to access the Designated Root for the CST Max Age secs Specifies the bridge maximum age for CST The value must be less than or equal to 2 X bridge forward delay 1 and greater than or equal to 2 X bridge hello time 1 Forward Delay secs Derived value of the root port bridge forward delay parameter Hold Time secs Minimum time between transmission of configuration BPDUs CST Regional Root Priority and base MAC address of the CST regional root CST Path Cost Path cost to the CST tree regional root 93 GS752TP GS728TP and GS728TPP Gigabit Smart Switches CST Configuration To configure Common Spanning Tree CST and Internal Spanning Tree on the switch use the CST Configuration screen gt To configure CST settings 1 Select Switching gt STP gt Advanced gt CST Configuration The following screen displays A GS752TF NETGEAR ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Port ecuri i i el index tocout CST Configuration CST Configuration v Advanced Bridge Priority 32768 gt STP Configuration Bridge Max Age secs 20 CST Configuratio iiai Wess scs CST Port Configuration Bridge Forward Delay secs s CST Port S
181. he following screen displays GS752TI ProSafe 48 Port Gigabit Smart Switcl with PoE and 4 SFP Por ecuri itori i el ndex LOGOUT Port Authentication Traffic Control MAC Binding Configuration Binding Configuration Interface Binding Status o awe am sopas gi bc Inbound MAC ACL al 1 g4 Inbound MAC ACL macli x From the ACL ID list select an existing MAC ACL The packet filtering direction for ACL is Inbound which means the MAC ACL rules are applied to traffic entering the port Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction A low number indicates high precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the currently attached access list using that sequence number If you do not specify the sequence number a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used The valid range is 1 4294967295 Click the appropriate orange bar to expose the available ports or LAGs e To add the selected ACL to a port or LAG click the box directly below the port or LAG number so that a V appears in the box e To remove the selected ACL from a port or LAG click the box directly below the port or LAG number to clear the selection An Y in the box indicates that the
182. he switch select the check box in the row heading and click CLEAR The button sets all statistics for all ports to O 210 GS752TP GS728TP and GS728TPP Gigabit Smart Switches To clear the counters for a specific interfaces select the check box associated with the port and click CLEAR You can also enter the interface name in the Go To Interface field and click GO This selects the interface and clears its counters Port Detailed Statistics The Port Detailed Statistics screen displays a variety of per port traffic statistics gt To display a summary of per port traffic statistics and clear or refresh the counters 1 Select Monitoring gt Ports gt Port Detailed Statistics It shows some but not all of the fields on the screen Switch Statistics Port Statistics Port Detailed Statistics Port Detailed Statistics Port Detailed Statistics Interface gi EAP Statistics MSTID CableTest iftndex 1 Port Type Port Channel ID Disable Physical Mode Auto Physical Status 1000 Mbps Full Duplex Link Status Link Up Link Trap Enable Octets Received 1560220 Packets Received 64 Octets 1152 Packets Received 65 127 Octets 12273 ProSafe 48 Port Gigabit Smart with PoE and 4 SI Help Index tc CLEAR REF 2 Select the interface for which data is to be displayed 3 Select the MST ID for which statistics are displayed The following fields are displayed for the selected interface in
183. hentication The switch passes the authentication information to the configured RADIUS server 265 GS752TP GS728TP and GS728TPP Gigabit Smart Switches MSTP Spanning Tree Protocol STP runs on bridged networks to help eliminate loops If a bridge loop occurs the network can become flooded with traffic IEEE 802 1s Multiple Spanning Tree Protocol MSTP supports multiple instances of spanning tree to efficiently channel VLAN traffic over different interfaces Each instance of the spanning tree behaves in the manner specified in IEEE 802 1w Rapid Spanning Tree with slight modifications in the working but not the end effect chief among the effects is the rapid transitioning of the port to the forwarding state The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and recognize full duplex connectivity and ports that are connected to end stations resulting in rapid transitioning of the port to the forwarding state and the suppression of topology change notification These features are represented by the parameters point to point and edgeport MSTP is compatible with both RSTP and STP and behaves appropriately to STP and RSTP bridges An MSTP bridge can be configured to behave entirely as an RSTP bridge or an STP bridge So an IEEE 802 1s bridge inherently also supports IEEE 802 1w and IEEE 802 1D The MSTP algorithm and protocol provide simple and full connectivity for frames assigned to an
184. his ACL Select True or False Match Every is exclusive to the other filtering rules so if Match Every is True the other rules on the screen are not available e CoS Requires a packet s Class of Service CoS to match the CoS value listed here Enter a CoS value between 0 7 to apply this criteria e Destination MAC Requires an Ethernet frame s destination port MAC address to match the address listed here Enter a MAC address in this field The valid format is XX20CXX2OCXX XX Destination MAC Mask If desired enter the MAC mask associated with the destination MAC to match The MAC address mask specifies which bits in the destination MAC to compare against an Ethernet frame Use Fs and Os in the MAC mask which is in a wildcard format An F means that the bit is not checked and a 0 in a bit position means that the data must equal the value given for that bit For example if the MAC address is aa bb cc dd ee ff and the mask is 00 00 ff ff ff ff all MAC 192 GS752TP GS728TP and GS728TPP Gigabit Smart Switches addresses with aa bb xx xx xx xx result in a match where x is any hexadecimal number A MAC mask of 00 00 00 00 00 00 matches a single MAC address EtherType Key Requires a packet s EtherType to match the EtherType you select Select the EtherType value from the drop down list If you select User Value you can enter a custom EtherType value EtherType User Value This field is configurable if you select User Value from
185. icy VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged User Priority The priority associated with the policy DSCP The DSCP associated with a particular policy type LLDP Unknown TLVs Type The unknown TLV type field Value The unknown TLV value field 66 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Services DHCP Snooping DHCP snooping is a useful feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table An untrusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within your network The DHCP snooping binding table contains the MAC address IP address lease time binding type VLAN number and interface information that corresponds to each of the local untrusted interfaces of a switch An untrusted interface is an interface that is configured to receive messages from outside the network or firewall A trusted interface is an interface that is configured to receive messages only from within the network DHCP snooping acts like a firewall between untrusted hosts and DHCP servers It also provides way to differentiate between untrusted interfaces connected to the end user and trusted interfaces connected to the DHCP server or another switch From the Services menu you can access features described in the fol
186. ie mU Rode eRe ds 266 Sample MSTP Configuration 2 22 secs e ma 267 Configure VLAN Routing with Static Route llle 270 VLAN Routing Overview 2 ies su emere eee ARE 270 Sample VLAN Routing Configuration 000 00 eee eee 270 Chapter 10 Notification of Compliance Index Getting Started This manual describes how to configure and operate the GS752TP GS728TP and GS728TPP Gigabit Smart Switches by using the web based graphical user interface GUI This manual describes the software configuration procedures and explains the options available within those procedures These switches are referred to as the NETGEAR switch throughout this document GS752TP GS728TP and GS728TPP Gigabit Smart Switches Getting Started with the NETGEAR Switch This chapter provides an overview of starting your NETGEAR switch and accessing the user interface It also describes some actions that can be performed in the Smart Control Center SCC application which can be downloaded to your computer This guide does not document the SCC application Full documentation for SCC is found at http docs netgear com scc enu 202 10685 01 index htm This chapter contains the following sections Switch Management Interface Connect the Switch to the Network Discover a Switch in a Network with a DHCP Server Switch Discovery in a Network Without a DHCP Server Configure the Network Settings on the Administrative System Access the Management In
187. iguration Use the Dynamic Address screen to set the amount of time to keep a learned MAC address entry in the forwarding database The forwarding database contains static entries which are never aged out and dynamically learned entries which are removed if they are not updated within a given time To configure the Dynamic Address setting 1 Select Switching Address Table Advanced Dynamic Address The following screen displays NETGEAR Connect with Inno System Switching Routing QoS Security Monitoring Ports LAG VLAN VoiceVLAN Auto VoIP STP Multicast Dynamic Address v Basic Address Table Dynamic Address Advanced Address Table Dynamic Address Static MAC Address Address Aging Timeout seconds GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Maintenance Help Index CANCEL APPLY 2 Specify the number of seconds the forwarding database should wait before deleting a learned entry that has not been updated You can enter any number of seconds from 10 through 630 The factory default is 300 124 Contiguring Routing The switch supports IP routing Use the menus under the Routing tab to manage routing on the system This chapter contains the following sections e Configure IP Settings e Configure VLAN Routing e Configure and View Routes e Configure ARP When a packet enters the switch the destination MAC address is checked to see
188. image stores a second copy The device boots and runs from the active image If the active image is corrupt the system automatically boots from the non active image This is a safety feature for faults occurring during the boot upgrade process e Text Configuration You can edit a text based configuration file startup config offline as needed without having to translate the contents for the switch to understand The most common usage of text based configuration is to download a working configuration from a device edit it offline to personalize it for another similar device for example change the device name IP address and upload it to that device e Buffered Log SYSLOG files The Upload menu contains links that provide access to the features described in the following sections e TFTP File Upload e HTTP File Upload TFTP File Upload Use the TFTP File Upload screen to upload configuration ASCII log ASCII and image binary files from the switch to a TFTP server on the network 229 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To upload a file from the switch to the TFTP server 1 Select Maintenance gt Upload gt TFTP File Upload The following screen displays NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Download i File Management Troubleshooting TFTP File Upload TFTP File Upl
189. in non querier mode in the VLAN If the querier expiry interval timer expires the snooping switch moves into querier mode Disabled The snooping querier is not operational on the VLAN The snooping querier moves to disabled mode when IGMP snooping is not operational on the VLAN when the querier address is not configured or the network management address is not configured Operational Version Displays the IGMP protocol version of the operational querier Operational Max Response Displays the maximum response time used in the queries that are sent by Time the snooping querier MLD Snooping MLD is a protocol used by IPv6 Multicast routers to discover the presence of multicast listeners nodes wishing to receive IPv6 multicast packets on its directly attached links and to discover which multicast packets are of interest to neighboring nodes MLD is derived from IGMP MLD version 1 MLDv1 is equivalent to IGMPv2 and MLD version 2 MLDv2 is equivalent to IGMPv3 MLD is a sub protocol of Internet Control Message Protocol version 6 ICMPv6 and MLD messages are a subset of ICMPv6 messages identified in IPv6 packets by a preceding Next Header value of 58 The switch can snoop on both MLDv1 and MLDv2 protocol packets and bridge IPv6 multicast data based on destination IPv6 multicast MAC addresses The switch can be configured to perform MLD snooping and IGMP snooping simultaneously The MLD snooping link contains features d
190. ing ranges 1 99 Creates an IP standard ACL which allows you to permit or deny traffic from a source IP address 100 199 Creates an IP extended ACL which allows you to permit or deny specific types of layer 3 or layer 4 traffic from a source IP address to a destination IP address This type of ACL provides more granularity and filtering capabilities than the standard IP ACL Each configured ACL displays the following information Rules Displays the number of rules currently configured for the IP ACL Type Identifies the ACL as either a standard or extended IP ACL 3 Click ADD To change the name of an IP ACL select the check box next to the IP ACL ID field update the name then click APPLY 196 GS752TP GS728TP and GS728TPP Gigabit Smart Switches IP Rules Use the IP Rules screen to define rules for IP based standard ACLs The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded Note There is an implicit deny all rule at the end of an ACL list This rule means that if an ACL is applied to a packet and if none of the explicit rules match the final implicit deny all rule applies and the packet is dropped gt To configure IP rules select the following 1 Select Security ACL Advanced IP Rules In the following screen an IP rule exists and one rule has been configured NETGEAR GS752TP ect with In ProSafe 48 Port Gig
191. ing Maintenance Help Index cocour BE BRE RE REREEO EHE EE ME ME SHEHE e LED Ethernet NModel LED PoE Mode REFRESH Figure 4 Device View Drop Down Menus Help Screen Access Every screen contains a link to the online help which contains information to help configure and manage the switch The online help screens are context sensitive For example if the IP Addressing screen is open the help topic for that screen displays if you click Help Figure 1 Configuration Status and Options shows the location of the Help link on the web interface User Defined Fields User defined fields can contain 1 to 159 characters unless otherwise noted on the configuration web screen All characters can be used except for the following unless specifically noted in for that feature lt gt Use SNMP The switch software supports the configuration of SNMP groups and users that can manage traps that the SNMP agent generates The switch uses both standard public MIBs for standard functionality and private MIBs that support more switch functionality All private MIBs begin with a hyphen prefix The main 22 GS752TP GS728TP and GS728TPP Gigabit Smart Switches object for interface configuration is in SWITCHING MIB which is a private MIB Some interface configurations also involve objects in the public MIB IF MIB SNMP is enabled by default The System Information web screen which displays after a succ
192. ing QoS Security Monitoring Maintenance Help Index iocur Device View PoE SNMP LLDP Services 3 Syriam DNS Host Configuration Information Dusche DNS Host Configuration o ponen a IAN eet D E 6 D NENNEN Hosti 10 5 234 204 Host2 fe80 555 Dynamic Host Mapping o Type IPv4 IPv6 Address CLEAR 2 Specify the static host name to add e Enter up to 158 characters e Each label separated by periods can be up to 63 characters 3 Specify the IP address in standard IPv4 dot notation to associate with the hostname 4 Click ADD The entry displays in the list 37 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The Dynamic Host Configuration table shows host name to IP address entries that the switch has learned Table 6 describes the dynamic host fields Table 6 Dynamic Host Configuration table fields Field Description Host Lists the host name you assign to the specified IP address Type The type of the dynamic entry IPv4 IPv6 Address Lists the IP address associated with the host name Click CLEAR to delete dynamic host entries The table repopulates with entries as they are learned Green Ethernet Configuration The Green Ethernet features allow the switch to reduce power consumption on a per port basis Each switch can support one or more of the following features Auto Power Down Mode When the Auto Power Down mode is enabled and the port link
193. ing an ageout interval specified through configuration From the ARP menu you can access features described in the following sections e ARP Cache e ARP Entry Configuration e Global ARP Configuration e ARP Entry Management 132 GS752TP GS728TP and GS728TPP Gigabit Smart Switches ARP Cache Use the ARP Cache screen to view entries in the ARP table a table of the remote connections most recently seen by this switch Select Routing gt ARP gt Basic gt ARP Cache The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index IP VLAN Routing Table ARP Cache v Basic ARP Cache ARP Cache REFRESH The following ARP cache fields display Interface The routing interface associated with the ARP entry IP Address The associated IP address of a device on a subnet attached to one of the switch s existing routing interfaces MAC Address The unicast MAC address of the device Type The type of the ARP entry The possible values are e Local An ARP entry associated with one of the switch s routing interface s MAC addresses e Gateway A dynamic ARP entry whose IP address is that of a router e Static An ARP entry configured by the user e Dynamic An ARP entry learned by the router 133 GS752TP GS728TP and GS728TPP Gigabit Smart Sw
194. ing to selected ACL type ACL Based on Fields Destination MAC Destination MAC Specify the destination MAC address to compare against an ethernet frame The valid format is xx xx xx xx xx xx The BPDU keyword might be specified using a destination MAC address of 01 80 C2 xx xx xx Destination MAC Mask specify the destination MAC address mask specifying which bits in the destination MAC to compare against an ethernet frame The valid format is Goxxoxxxooxxx xx The BPDU keyword might be specified using a destination MAC mask of 00 00 00 ff ff ff Source MAC e Source MAC Specify the source MAC address to compare against an ethernet frame The valid format is XX XX XX XX XX XX e Source MAC Mask Specify the source MAC address mask specifying which bits in the source MAC to compare against an ethernet frame Valid format is QOCXX20CXX20CXX Destination IPv4 Destination IP Address Specify the destination IP address Destination IP Mask Specify the destination IP address mask Source IPv4 e Source IP Address Specify the source IP address e Source IP Mask Specify the source IP address mask Destination IPv6 Destination Prefix Specify the destination prefix Destination Prefix Length Specify the destination prefix length Source IPv6 Source Prefix Specify the source destination prefix e Source Prefix Length Specify the source prefix length Destination IPv4 L4 Destination L4 port proto
195. ings for an interface click PORTS LAGS or All 3 Select the check box next to the port or LAG to configure You can select multiple ports and LAGs to apply the same settings to the selected interfaces Select the check box in the heading row to apply the same settings to all interfaces 4 Configure the CST values for the selected ports or LAGs e STP Status Enable or disable the Spanning Tree Protocol administrative mode associated with the port or port channel e Fast Link Specifies if the specified port is an edge port with the CST Possible values are Auto Enable or Disable The default is Auto which specifies that the software waits for 3 seconds with no BPDUs received on the interface before putting the interface into the PortFast mode e BPDU Forwarding Specifies whether spanning tree BPDUs should be forwarded while spanning tree is disabled on the switch Select Enable or Disable e Port State The forwarding state of this port This field is read only 96 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Path Cost Set the Path Cost to a new value for the specified port in the Common and Internal Spanning Tree The valid range is 1 200000000 Priority The priority for a particular port within the CST The port priority is set in multiples of 16 If you specify a value that is not a multiple of 16 the priority is automatically set to the next lowest priority that is a multiple of 16 For example if you
196. interface shaping rate to all interfaces or to a specific interface gt To configure CoS settings for an interface 1 Select QoS gt CoS gt Advanced gt CoS Interface Configuration The following screen displays NETGEAR _GS75 e h z ProSafe 48 Port Gigabit Smart S Connect with Innovation with PoE and 4 SFF System Switching Routing QoS Security Monitoring Maintenance Help Index toG DiffSen v Hasic CoS Interface Configuration CoS Configuration CoS Interface Configuration Advanced r pcos enube rstion PORTS LAGS All Go To Interface Jaco E F interface interface Trust Made Interface Shaping Rate 64 to 1000000 Interface Ingress Rate Limit 100 to 1000000 i d NEN Queue Configuration J gi Untrusted 0 0 802 1p to Queue FI Untrusted o o Mapping m d DSCP to Queue AN i m Mapping O g Untrusted 0 0 Gos Untrusted 0 0 1 6 Untrusted 0 0 Eg Untrusted 0 0 O g Untrusted 0 0 Fl 99 Untrusted 0 0 g10 Untrusted 0 0 ott Untrusted 0 0 O g2 Untrusted 0 0 oO 0 0 gi3 Untrusted 2 Select the type of interface for CoS settings to be configured To configure CoS settings for a physical port link aggregation group LAG or both click PORTS LAGS or ALL respectively 3 Select the check box next to the interface to configure You can select multiple ports and LAGs to apply the same setting to the selected interfaces The Interface Trust Mode field di
197. is down the physical layer PHY automatically shuts down for a short period and wakes up to check link pulses This mode reduces power consumption on the port when no link partner is present Short Cable Mode With Short Cable mode enabled the PHY goes into low power mode when the cable length is less than a certain limit e Energy Efficient Ethernet EEE Mode EEE enables ports to enter a low power mode to reduce power consumption during periods of low link utilization EEE is defined by IEEE 802 3az EEE enables both the send and receive sides of the link to disable some functionality for power savings when the link is lightly loaded 38 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure the Green Ethernet Configuration features 1 Select System gt Management gt Green Ethernet gt Green Ethernet Configuration The following screen displays NETGEAR GS752TI Connect with In a ProSafe 48 Port Gigabit Smart Switcl Tm with PoE and 4 SFP Port System Switching Routing QoS Security Monitoring Maintenance Help Index tocout Device View PoE SNMP LLDP Servic gt System Green Ethernet Configuration Information gt IP Configuration Green Ethernet Configuration o pve utworki Auto Power Down Mode Disable Enable Configuratioi gt IPv6 Network Short Cable Mode Disable Enable Neighbor EEE Mode Disable Enable gt Time gt Green Ethernet Detail gt Green Ethernet Summ
198. isable the administrative mode of Secure HTTP The default value is Disable You can download SSL certificates only when the HTTPS Admin mode is disabled 3 In the HTTPS Port field specify the TCP port to use for HTTPS data The value must be in the range of 1 65535 Port 443 is the default value The currently configured value is shown when the web screen is displayed 4 In the HTTPS Session Soft Timeout Minutes field specify the number of minutes an HTTPS session can be idle before a timeout occurs 170 GS752TP GS728TP and GS728TPP Gigabit Smart Switches After the session is inactive for the configured amount of time the administrator is automatically logged out and must reenter the password to access the management interface The default value is 5 minutes The maximum number of HTTPS sessions is 2 5 Click APPLY to update the switch with the HTTPS Authentication settings Certificate Management Use this screen to generate or delete certificates gt To manage certificates 1 Select Security gt Access gt HTTPS gt Certificate Management The following screen displays NE TGEA R ProSafe 48 Port Gigabit Smart Switct TUE TT with PoE and 4 SFP Port System Switching Routing Qos Security Monitoring Maintenance Help index Management Security Port Authentication Traffic Control ACL gt HTTP Certificate Management RUIT Certificate Management gt HTTPS Configuration Certificate Type Defaul
199. isplays the port speed autonegotiation support status The possible values are True enabled and False disabled Auto Negotiation Advertised Capabilities Displays the port speed autonegotiation capabilities such as 1000BASE T half duplex mode or 100BASE TX full duplex mode Operational MAU Type Displays the Medium Attachment Unit MAU type The MAU performs physical layer functions including digital data conversion from the Ethernet interface collision detection and bit injection into the network MED Details Capabilities Supported Displays the MED capabilities enabled on the port Current Capabilities Displays the TLVs advertised by the port Device Class Network Connectivity indicates that the device is a network connectivity device Network Policies Application Type Specifies the media application type associated with the policy VLAN ID Specifies the VLAN ID associated with the policy VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged User Priority Specifies the priority associated with the policy DSCP Specifies the DSCP associated with a particular policy type 62 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Neighbors Information Use the LLDP Neighbors Information screen to view the data that a specified interface has received from other LLDP enabled systems gt To display the L
200. it Smart Switc ee tm eee ith PoE and 4 SFP Por System Switching Routing QoS Security Monitoring Maintenance Help Index LOGOUT Device View PoE SNMP LLDP Se Sete IPv6 Network Interface Configuration Global Configuration 0 Admin Mode Disable Enable rk IPv6 Address Auto Configuration Mode Disable Enable Neighbor IPv6 Gateway gt Time gt DNS Cian AESA IPv6 Network Interface Configuration teve Prefix Prefixtensth euros fe80 205 2ff fe04 607 64 True 2 In the Global Configuration Section configure the following Admin Mode Enable or disable the IPv6 network interface on the switch The default value is Enable e Pv6 Address Auto Configuration Mode The IPv6 address for the IPv6 network interface is automatically configured if this option is enabled The default value is Disable e Pv6 Gateway Specify the gateway for the IPv6 network interface The gateway address is in IPv6 global or link local address format 3 Click APPLY to apply the changes to the system To modify IPv6 addresses on the network interface 1 Select System gt Management gt IPv6 Network Configuration 2 in the IPv6 Network Interface Configuration section configure the following e Pv6 Prefix Prefix Length Select an existing IPv6 prefix and prefix length from the list or add a new IPv6 prefix and prefix length to the list of IPv6 addresses The address is in the global address format e EUI64 Specify whether
201. itches ARP Entry Configuration gt To add a static entry to the ARP table 1 Select Routing gt ARP gt Advanced gt ARP Create The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch Y with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index IP VLAN Routing Table ARP Entry Configuration Basic gt ARP Cache Static ARP Configuration e eges ELIT EET T ON co OC 8 HEEEEEEENN Global ARP Configuration ARP Entry Routing VLANs ARP Cache o Management IP Address MAC Address REFRESH J CANCEL 2 In the IP Address field specify the IP address that you want to add It must be the IP address of a device on a subnet attached to one of the switch s existing routing interfaces 3 In the MAC Address field specify the unicast MAC address of the device The format is six 2 digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 4 Click ADD to add the static entry to the switch configuration To delete a static entry from the ARP cache select DELETE The static entries for the switch are displayed in the Routing VLANs ARP Cache Table 134 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Global ARP Configuration Use the Global ARP Configuration screen to display and change the configuration parameters of the ARP table gt To configure the global
202. its all non Finance traffic on the ports The second rule is required because there is an explicit deny all rule as the lowest priority rule 258 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Differentiated Services DiffServ Standard IP based networks are designed to provide best effort data delivery service Best effort service implies that the network delivers the data in a timely fashion although there is no guarantee that it will During times of congestion packets might be delayed sent sporadically or dropped For typical Internet applications such as email and file transfer a slight degradation in service is acceptable and in many cases unnoticeable However any degradation of service has undesirable effects on applications with strict timing requirements such as voice or multimedia Quality of Service QoS can provide consistent predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network For this reason all elements of the network must be QoS capable If one node is unable to meet the necessary timing requirements this creates a deficiency in the network path and the performance of the entire packet flow is compromised There are two basic types of QoS e Integrated Services Network resources are apportioned based on request and are reser
203. l Multicast Packets Received The total number of good packets received that were directed to a multicast address This number does not include packets directed to the broadcast address Broadcast Packets Received The total number of good packets received that were directed to the broadcast address This does not include multicast packets Total Packets Received with MAC Errors The total number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Jabbers Received The total number of packets received that were longer than 1518 octets excluding framing bits but including FCS octets and had either a bad frame check sequence FCS with an integral number of octets FCS error or a bad FCS with a nonintegral number of octets alignment error This definition of jabber is different from the definition in IEEE 802 3 section 8 2 1 5 10BASE5 and section 10 3 1 4 10BASE2 These documents define jabber as the condition where any packet exceeds 20 ms The allowed range to detect jabber is 20 150 ms Fragments Received The total number of packets received that were less than 64 octets in length with ERROR CRC excluding framing bits but including FCS octets Undersize Received The total number of packets received that were less than 64 octets in length with GOOD CRC excluding framing bits but including FCS octets Alignment Errors The total number of packets received that had a leng
204. l nodes connected to the network This approach works well for broadcast packets that are intended to be seen or processed by all connected nodes In the case of multicast packets however this approach could lead to less efficient use of network bandwidth particularly when the packet is intended for only a 107 GS752TP GS728TP and GS728TPP Gigabit Smart Switches few nodes Packets are flooded into network segments where no node has any interest in receiving the packet While nodes rarely incur any processing overhead to filter packets addressed to unrequested group addresses they are unable to transmit new packets onto the shared media for the period that the multicast packet is flooded The problem of wasting bandwidth is even worse when the LAN segment is not shared for example in full duplex links Allowing switches to snoop IGMP packets is a creative effort to solve this problem The switch uses the information in the IGMP packets as they are being forwarded throughout the network to determine which segments should receive packets directed to the group address From the IGMP Snooping link you can access features described in the following sections e IGMP Snooping Configuration e IGMP Snooping Table e IGMP Snooping VLAN Configuration IGMP Snooping Configuration Use the IGMP Snooping Configuration screen to configure the parameters for IGMP snooping gt To configure IGMP Snooping 1 Select Switching gt Multicast g
205. lass Configuration The IPv6 Class Configuration feature extends the existing QoS ACL and DiffServ functionality by providing support for IPv6 packet classification An Ethernet IPv6 packet is distinguished from an IPv4 packet by its unique EtherType value so all IPv6 classifiers include the EtherType field An IPv6 access list serves the same purpose as its IPv4 counterpart When you define a class you must specify if this class rule is for IPv4 or for IPv6 packets by using the correct screen either Class Configuration or IPv6 Class Configuration The destination and source IPv6 addresses use a prefix length value instead of an individual mask to qualify it as a subnet address or a host address The flow label is a 20 bit number that is unique to an IPv6 packet used by end stations to signify some form of Quality of Service QoS handling in routers Packets that match an IPv6 classifier are allowed only to be marked using the 802 1p CoS field or the IP DSCP field in the traffic class octet IP precedence is not defined for IPv6 this is not an appropriate type of packet marking IPv6 ACL and DiffServ assignment are appropriate for LAG interfaces The procedures described by an ACL or DiffServ policy are equally applicable on a port or LAG interface 149 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure an IPv6 class 1 Select QoS gt DiffServ gt Advanced gt IPv6 Class Configuration The following
206. le 7 Click APPLY to save the settings for the selected timer 48 GS752TP GS728TP and GS728TPP Gigabit Smart Switches SNMP From SNMP menu under the System tab you can configure SNMP settings for SNMP V1 V2 and SNMPv3 SNMP features are described in the following sections SNMP V1 V2 e rap Flags e SNMP Supported MIBs e SNMP v3 User Configuration SNMP V1 V2 The screens you access from the SNMPV1 V2 link allow you to configure SNMP community information traps and trap flags Community Configuration By default two SNMP Communities exist e Private Read Write privileges and status set to Enable e Public Read only privileges and status set to Enable These communities are well known To change the defaults or to add other communities use the Community Configuration screen Only the communities that you define using this screen have access to the switch using the SNMPv1 and SNMPv2c protocols Only communities with read write access can be used to change the configuration using SNMP 49 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To add anew SNMP community 1 Select System gt SNMP gt SNMP V1 V2 gt Community Configuration The following screen displays NETGEAR GS752TP ect with ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index LOGOUT Device View PoE LLDP Services Community Configuratio
207. le extension 230 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 8 Select the Start File Transfer check box to enable the file upload when you click APPLY 9 Click APPLY to begin the file transfer upload When the transfer actually begins the last row of the table displays information about the progress of the file transfer The screen refreshes automatically until the file transfer completes or fails HTTP File Upload Use the HTTP File Upload screen to upload files of various types from the switch to the management system by using an HTTP session for example through your web browser gt To upload a file from the switch to another system by using HTTP 1 Select Maintenance gt Upload gt HTTP File Upload The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Download File Management Troubleshooting HTTP File Upload TFTP File Upload HTTP File Upload HTTP File Upload File Type Text Configuration v CANCEL APPLY i 2 The File Type list displays the type of file that can be uploaded which is the Text Configuration file For more information see Upload File Types on page 229 3 Click APPLY A window appears to allow you to open the text file on the management system or to save the image or text file to the managemen
208. lete and click DELETE Click APPLY to submit the changes to the switch Configuration changes take effect immediately IP Binding Configuration When an ACL is bound to an interface all the rules that have been defined are applied to the selected interface Use the IP Binding Configuration screen to assign ACL lists to ACL Priorities and Interfaces gt To configure IP ACL interface bindings 1 Select Security gt ACL gt Advanced gt IP Binding Configuration 204 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The following screen displays NETGEAR ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Port System Switching gt ACL Wizard IP Binding Configuration Basic MAC ACL MAC Rules Binding Configuration G Interface Binding Status 0 IP Extended Rule gi Inbound IP ACL ipli 1 12 Inbound IPv6 ACL ipvl amp a Select an existing IP ACL from the ACL ID menu The packet filtering direction for ACL is Inbound which means the IP ACL rules are applied to traffic entering the port Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction A low number indicates high precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the currently attached access list using that sequence numb
209. lowing sections e DHCP Snooping Global Configuration e DHCP Snooping Interface Configuration e DHCP Snooping Binding Configuration e DHCP Snooping Persistent Configuration DHCP Snooping Global Configuration gt To configure DHCP snooping global settings 1 Select System gt Services gt DHCP Snooping gt Global Configuration 67 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View PoE SNMP LLDP v DHCP Snooping DHCP Snooping Global Configuration Global DHCP Snooping Global Configuration Configuration Interface Configuration MAC Address Validation Disable Enable Binding Configuration DHCP Snooping Mode Q9 Disable Enable VLAN Configuration Persistent Configuration Si VLAN ID DHCP Snooping Mode 2 Next to DHCP Snooping Mode select Enable or Disable to turn the DHCP snooping feature on or off The factory default is disabled 3 Next to MAC Address Validation select Enable or Disable to turn on or off the MAC address validation feature MAC address validation is enabled by default 4 Enter the VLAN in the VLAN ID field to enable the DHCP snooping mode 5 Select Enable or Disable from the DHCP snooping mode list to enable or disable th
210. mount of time the Tw sys rx Echo has been present on the port 3 View the Remote Device Information e Interface If local interfaces are enabled to receive LLDP data this feature allows you to select the remote device and retrieve port information Remote ID Displays the remote port identifier e Remote Tw sys tx uSec Displays the amount of time the Remote Tw sys tx has been present on the port Remote Tw sys tx Echo uSec Displays the amount of time the Remote Tw sys tx Echo has been present on the port Remote Tw sys rx uSec Displays the amount of time the Remote Tw sys rx has been present on the port Remote Tw sys rx Echo uSec Displays the amount of time the Remote Tw sys rx Echo has been present on the port Green Ethernet Summary This screen summarizes the Green Ethernet Summary settings currently in use To access the Green Ethernet Summary screen select System Management Green Ethernet Green Ethernet Summary GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports NETGEAR System Switching Routing QoS Security Monitoring Maintenance Help Index Device View PoE SNMP LLDP gt System Information IP Configuration IPv6 Network Configuration gt IPv6 Network Neighbor Time gt DNS v Green Ethernet Green Ethernet Configuration Green Ethernet Inter e Configuration Green Ethernet Green Mode Statistics Summary Cumulative Energy Saving Watts H
211. multicast forward all settings e To configure the multicast group for a physical port click PORTS e To configure the multicast group for a link aggregation group LAG click LAGS e To configure the multicast group for both physical ports and LAGs click All Select the check box next to the interfaces to configure 121 GS752TP GS728TP and GS728TPP Gigabit Smart Switches You can select multiple interfaces to apply the same setting to the selected interfaces Select the check box in the heading row to apply the same settings to all interfaces 4 Select the status of the interfaces The possible values are e Static The port receives all multicast streams e Forbidden Interfaces cannot receive any multicast streams even if IGMP MLD snooping designated the interface to join a multicast group e Excluded The interface is currently not a forward all interface 5 Click APPLY to send the updated configuration to the switch Forwarding Database The forwarding database maintains a list of MAC addresses after having received a packet from this MAC address The transparent bridging function uses the forwarding database entries to determine how to forward a received frame From the Address Table link you can access features described in the following sections e Address Table e Dynamic Address Configuration Address Table The Address Table contains information about unicast entries for which the switch has forwarding or fil
212. n REFRESH The Dual Image Status screen displays the following e Image Ver The version of the image1 code file e mage2 Ver The version of the image2 code file e Current active The currently active image on this unit e Next active The image used on the next restart of this unit e mage1 Description The description associated with the image1 code file e mage2 Description The description associated with the image2 code file 237 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Troubleshooting The Troubleshooting menu contains links that provide access to the features described in the following sections e Ping e Ping IPv6 e Traceroute Remote Diagnostics Ping Use the Ping screen to instruct the switch to send a ping request to a specified IP address You can use this feature to check whether the switch can communicate with a particular network host Subnet broadcast ping is not supported The device cannot ping the special broadcast address 255 255 255 255 the local network broadcast address or a reachable network broadcast address gt To configure the settings and ping a host on the network 1 Select Maintenance gt Troubleshooting gt Ping The following screen displays ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports NETGEAR GS752TP Connect with Innovation System Switching Routing QoS Security Monitoring Maintenance Help Ind
213. n SNMPv1 v2 Community Configuration Management Management Ne Station IP IP Mask Community String Access Mode Status i____ 0 0 0 IL i 0 0 0 L CA A 7 0 0 0 0 0 0 0 0 private ReadWrite Enable Trap Flags Supported MIBS gt SNMPv3 2 To add a new SNMP community enter community information in the available fields described below e Management Station IP Specify the IP address of the management station Together the management station IP and the management station IP mask denote a range of IP addresses from which SNMP clients can use that community to access this device If either value Management Station IP or Management Station IP Mask is 0 0 0 0 access is allowed from any IP address Otherwise bitwise AND operations are performed between every client s address and the mask and between the management station IP address and the mask If the values are equal access is allowed For example if the management station IP and mask parameters are 192 168 1 0 255 255 255 0 any client whose address is 192 168 1 0 through 192 168 1 255 inclusive is allowed access To allow access from only one station use a Mask value of 255 255 255 255 and use that machine s IP address for as the client address e Management Station IP Mask Specify the subnet mask to associate with the management station IP address Community String Specify a community name A valid entry is a case sensitive string of up to 16 charact
214. n Logging Protocol a Prefix L4 Prefix L4 DSCP Every Prefix Prefix x IPv6 Rules Length Port Length Port Service IP Binding Configuration IP Binding Table ADD Ji DELETE CANCEL 2 From the pull down list in the ACL Name field select the IP ACL for which to create or update a rule The following screen appears 202 GS752TP GS728TP and GS728TPP Gigabit Smart Switches N E TG E A R ProSafe 48 Port Wong with PoE and 4 SFP Poi System Switching Routing QoS Securi ty Monitorin g Maintenance Help Index kooour gt ACL Wizard IPv6 ACL Rule Configuration IPv6 ACL Rule Configuration IP ACL ACL Name IP Rules Rule ID 0 IP Extended Rule Action IPv6 ACL IPv6 Rules IP Binding Logging 5 Disable Enable nfiguration IP Binding Table Configure the settings for the new rule e Rule ID Enter a whole number in the range of 1 10 that is used to identify the rule An IPv6 ACL might have up to 10 rules e Action Specify what action must be taken if a packet matches the rule s criteria The choices are Permit or Deny Logging When set to Enable logging is enabled for this ACL rule subject to resource availability in the device If the access list trap flag is also enabled this causes periodic traps to be generated indicating the number of times this rule was hit during the current report interval A fixed 5 minute report interval is used for the e
215. n be Inbound or blank To change the name of a MAC ACL select the check box next to the Name field update the name then click APPLY MAC Rules Use the MAC Rules screen to define rules for MAC based ACLs The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded A default deny all rule is the last rule of every list 191 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure MAC ACL rules 1 Select Security gt ACL gt Basic gt MAC Rules The following screen displays ProSafe 48 Port Gigabit Smart Swit with PoE and 4 SFP Po System Switching Routing QoS Security Monitoring Maintenance Help Index 1000U gt ACL Wizard MAC Rules Rules MAC ACL ACL Name MAC Rules Table ECEECNNN NE Every MAC Permit ctioi EE Permit False 5 00 11 22 33 44 55 00 11 22 33 44 77 Appletalk aa bb cc 11 22 33 From the ACL Name field specify the existing MAC ACL to which the rule applies For information about how to set up a new MAC ACL use the MAC ACL screen In the ID field enter an ID for the rule The valid range is 1 10 Configure the following settings e Action Specify what action must be taken if a packet matches the rule s criteria e Permit Forwards packets that meet the ACL criteria e Deny Drops packets that meet the ACL criteria e Match Every Requires a packet to match the criteria of t
216. n changes take effect immediately LACP Port Configuration gt To configure LACP port priority settings 1 Select Switching gt LAG gt Advanced gt LACP Port Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN i Voice VLAN Auto VoIP i STP Multicast Address Table LACP Port Configuration gt Basic Advanced LACP Port Configuration e LAG Configuration Go To Interf Go o In ace LAG Membership eer ECC TREE TT Configuration LACP Port Big N A Configuration g2 N A 93 N A g4 N A g5 N A g6 N A 97 g8 g9 gid oT opagai 2 Select the check box next to the port to configure You can select multiple ports to apply the same settings to all selected ports Note You cannot select ports that are not participating in a LAG 3 Configure the LACP Priority value for the selected port The valid range is 0 255 The default value is 128 4 Configure the administrative LACP Timeout value Long Specifies a long time out value e Short Specifies a short time out value 5 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately 80 GS752TP GS728TP and GS728TPP Gigabit Smart Switches VLANs Adding virtual LAN VLAN s
217. n file e Boot Code that runs when the switch is brought up It performs initiation actions and loads the software 3 From the Server Address Type field select the format for the address you type in the TFTP Server Address field e Pv4 The TFTP server address is an IP address in dotted decimal format e DNS The TFTP server address is a host name 4 In the TFTP Server IP field specify the IP address or host name of the TFTP server The address you type must be in the format indicated by the TFTP server address type 5 In the Transfer File Path field specify the path on the TFTP server where the file is located You can enter up to 32 characters Include the backslash at the end of the path A path name with a space is not accepted Leave this field blank to save the file to the root TFTP directory 233 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 6 In the Remote File Name field specify the name of the file to download from the TFTP server You can enter up to 32 characters A file name with a space is not accepted Select the Start File Transfer check box to enable the file upload when you click APPLY 8 Click APPLY to initiate the file transfer When the transfer actually begins the last row of the table displays information about the progress of the file transfer The screen refreshes automatically until the file transfer completes or fails To activate a software image that you download to the switc
218. n process is complete 247 Hardware Specifications and Default Values The GS752TP GS728TP and GS728TPP switches conform to the TCP IP UDP HTTP ICMP TFTP DHCP IEEE 802 1D IEEE 802 1 p and IEEE 802 1Q standards They also conform to the IEEE802 3i 1OBASE T IEEE802 3ii 100Base TX IEEE802 3ab 1000Base T IEEE802 3z 1000Base X IEEE802 3af DTE Power via MDI IEEE802 3at DTE Power via MDI Enhancements and IEEE802 3az EEE standards Feature Value Interfaces 24 or 48 10 100 1000 Mbps switching ports GS752TP The first eight ports are PoE Power over Ethernet providing 30W of DC power and the remaining ports are PoE providing 15 4W of DC power GS728TPGS728TP The first eight ports are PoE providing 30W of DC power and the remaining ports are PoE providing 15 4W of DC power GS728TPP All 24 ports are PoE providing 30W of DC power This model includes an external power supply to support the increased power requirements Four 100 1000M SFP ports port 25 29 or 49 52 to support optical module Flash memory size 32 MB SDRAM size and type 128 MB DDR2 Feature Value Switching capacity Non blocking Full Wire Speed on all packet sizes Forwarding method Store and Forward Packet forwarding rate 10M 14 880 pps 100M 148 810 pps 1G 1 488 000 pps 248 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Feature Value MAC address
219. n this interface with an operation code indicating the pause operation This counter does not increment when the interface is operating in half duplex mode EAPOL Frames Received The number of valid EAPOL frames of any type received by this authenticator EAPOL Frames Transmitted The number of EAPOL frames of any type transmitted by this authenticator 214 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Use the buttons at the bottom of the screen to perform the following actions e Click CLEAR to clear all the counters This resets all statistics for this port to 0 e Click REFRESH to display the most current statistics EAP Statistics Use the EAP Statistics screen to display information about EAP packets received on a specific port To display a EAP Statistic 1 Select Monitoring gt Ports gt EAP Statistics The following screen displays NETGEAR GS752TP Cinnt vili bronilos ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Logs Mirroring TCAM Utilization Seit Sat EAP Statistics Port Statistics EAP Statistics Port Detailed 1 uut EAPOL CableTest Ports Frames Start Receive d x E 91 o o o o 0 00 00 00 00 00 00 0 o 0 0 o o O 2 o o o o o 00 00 00 00 00 00 0 o o o o o Eig o o o o o 00 00 00 00 00 00 0 o o o o o O os o o o o o 00 00 00 00 00 00 0 o o o o o
220. n used on the TACACS server The valid range is 0 128 characters In the Connection Timeout field specify the amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds The default value is 5 Click ADD Note The ADD option is available if fewer than five TACACS servers are configured on the system After you add one or more TACACS servers more fields appear on the TACACS Server Configuration screen Server Configuration Server Configuration TACACS Server 192 168 2 34 v 0 to 65535 0 to 65535 Key String to 128 characters Connection Timeout 1 to 30 Authentication List Configuration The Authentication List link provides access to screens where you can configure the default login list A login list specifies one or more authentication methods to validate switch or port access for the admin user Note Admin is the only user on the system and is assigned to a preconfigured list named defaultList which you cannot delete The Authentication List link provides access to the features described in the following sections HTTP Authentication List HTTPS Authentication List 165 GS752TP GS728TP and GS728TPP Gigabit Smart Switches HTTP Authentication List Use gt Toc the HTTP Authentication List screen to configure the default HTTP login list hange the HTTP authentication method for the default list
221. nfiguration llle 83 Port VEAN ID Configuralon i242 0 zr DR RR RR antere ridhas 84 VOCS VLAN 5 006 000 tose eee non pecie ede xot ee de rad 86 Voice VLAN Properties aces ee eae arr eed db Ra ganna ed Baers 86 Voice VLAN Port Setting 2 eer RR RR ES eee nada 88 Voice VLAN OUT er epe dose duo pto ur soe dun eg betwee ed eh de 88 Auto VolP Configuration soe escore Lese RR ebbe ex lt 90 Spanning Tree Protocol a ose echa ai abd e eda dann 91 SUP COnNQUIAUON 25 3 2 3 5 He aah aaa db UR DAE Ra a RR RUP qoc ob 92 Col GConflguratlloh s 1335 732223 124 OPER Robot Ya ede 94 CST Port ConflgU tallofj 2m 29 0 Reon LEM ub des YR ADR ERE RS 96 COT POIESLatUS ia ncepETCPRRPPP PORTA YO RRCPSCAEBRPRRNMCSIWaO 97 atl Mer EE PUCEEDUU UUTCUT 98 MST Conflgufatlor a3 3v xta Pedro SR re bees eS S bd 99 MST Port Conflgu rallon ecce eget o Se oS DUC IE e Eb 102 Jur c rr C 104 MED Bes 1d adieu ds auto prandii tet ad ad UB d doo didi et te ecd duis 104 Auto Video Configuration 2e 106 IGMP SNOOP 2i modos xe odo b o bed toties ed quud 107 IGMP Snooping Querief aisi eerte Orb ectetur kereta 111 MED SROGODITI 2 24 2 272 5 9 PRO Dd pe danda Pone deb zb agde dot 115 Statie Multicast Address s a xu obs a na xu grito mat aix uia e tps hm MERDA CAO 119 Forwarding Database 250759 0E3e ee ghar goad Bede Pea ed 122 Address Table iasacka did p Rain de aa LARE A ede AREA da 122 Dynamic Address
222. nfiguration O ti Advanced Control piens Reauthentication Port Control 802 1X Mode pd Enabled Configuration gi N A FALSE N A g2 FALSE N A Port Authentication Port Summary g3 FALSE N A g4 FALSE N A g5 FALSE N A g6 FALSE N A FALSE N A g8 FALSE N A FALSE N A FALSE N A REFRESH Table 23 describes the fields on the Port Summary screen Table 23 Port Summary Fields Field Description Port The port whose settings are displayed in the current table row Control Mode Defines the port authorization state The control mode is set only if the link status of the port is link up The possible field values are e Auto Automatically detects the mode of the interface Force Authorized Places the interface into an authorized state without being authenticated The interface sends and receives normal traffic without client port based authentication Force Unauthorized Denies the selected interface system access by moving the interface into unauthorized state The switch cannot provide authentication services to the client through the interface 180 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Field Description Operating Control Mode Indicates the control mode under which the port is actually operating The possible values are ForceUnauthorized e ForceAuthorized Auto N A If the port is in detached state it cannot participate in port access control
223. ng sections e 802 1x Configuration e Port Authentication e Port Summary 802 1x Configuration Use the 802 1x Configuration screen to enable or disable port access control on the system to enable or disable the Guest VLAN which allows unauthenticated users to have limited access to the network resources and to enable or disable the forwarding of EAPoL frames when 802 1x is disabled on the device 175 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure global 802 1x settings 1 Select Security gt Port Authentication gt Basic gt 802 1x Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Traffic Control ACL 802 1x Configuration 802 1x Configuration Port Based Authentication State Q9 Disable Enable Guest VLAN Disable Enable Guest VLAN ID Guest VLAN Period EAPOL Flood Mode Disable Enable Next to the Port Based Authentication State select the radio button to enable or disable 802 1x administrative mode on the switch Enable Port based authentication is permitted on the switch e Disable The switch does not check for 802 1x authentication before allowing traffic on any ports even if the ports are configured to allow only authenticated users Note If 802 1x is enabled a
224. ng sections e Management e PoE e SNMP e LLDP e Services DHCP Snooping 25 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Management This section describes how to display the switch status and specify some basic switch information such as the management interface IP address system clock settings and DNS information From the Management menu you can access screens described in the following sections e System Information e IP Configuration e IPv6 Network Configuration e IPv6 Network Neighbors e Time e DNS e Green Ethernet Configuration System Information After a successful login the System Information screen displays Use this screen to configure and view general device information gt To define system information 1 Select System gt Management gt System Information The following screen displays NETGEAR GS752 Covadi wi tecanaec ProSafe 48 Port Gigabit Smart Swi S p with PoE and 4 SFP P System Switching Routing QoS Security Monitoring Maintenance Help Index tocol Device View PoE SNMP LLDP Services System System Information Information IP Configuration System Information e gt IPv6 Network System Name Configuration gt IPv6 Network bunt ocn po Neighbor System Contact ime Serial Number Eli123 gt DNS x Crassi E System Object ID 1 3 6 1 4 1 4526 100 4 26 Date amp Time 01 Jul 12 02 34 33 GMT 9 00 System Up Time O
225. ngs by using the web based management interface on the switch For information about how to set the IP address on the administrative system so it is in the same subnet as the default IP address of the switch see Configure the Network Settings on the Administrative System on page 15 11 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Discover a Switch in a Network with a DHCP Server This section describes how to set up your switch in a network that has a DHCP server The DHCP client on the switch is enabled by default When you connect it to your network the DHCP server automatically assigns an IP address to your switch To discover the IP address automatically assigned to the switch use the Smart Control Center gt To install the switch in a network with a DHCP server use the following steps 1 Connect the switch to a network with a DHCP server Power on the switch by connecting its power cord Install the Smart Control Center on your computer Start the Smart Control Center Click Discover for the Smart Control Center to find your switch mw A screen similar to the one shown below is displayed E SmartControlCenter NETGEAR Connect with Innovation Network Maintenance Tasks Adapter Help Current Network Adapter 1 13 13 13 Device List Product MAC Address IP Address System Location DHCP Subnet Mask Gateway GS752TP 00 00 b0 00 00 01 1 100 100 100 Floor Switch Floor 7 Disabled 255 0 0 0 0 0 0 0 Discovered
226. no wan tye proray _ Auto Negotiation Supported True Auto Negotiation Enabled True Asto Negotiation Advertised LLDP Unknown TLVs Capabilities Operational MaU Type Unknown The following table describes the information that displays for a selected port Table 10 Port Details Field Description Port Details Local Port Displays the interface on the local system that received LLDP information from a remote system MSAP Entry Displays the Media Service Access Point MSAP entry number for the remote device Basic Details Chassis ID Subtype Identifies the type of data displayed in the Chassis ID field on the remote System Chassis ID Identifies the remote 802 LAN device s chassis 64 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Field Description Port ID Subtype Port ID Identifies the type of data displayed in the remote system s Port ID field Identifies the physical address of the port on the remote system from which the data was sent Port Description Identifies the user defined description of the port System Name Identifies the system name associated with the remote device System Description System Capabilities Specifies the description of the selected port associated with the remote system Specifies the system capabilities of the remote system Managed Addresses Address SubType Address Specifies the type
227. nterference and 2 this device must accept any interference received including interference that may cause undesired operation 272 GS752TP GS728TP and GS728TPP Gigabit Smart Switches FCC Guidelines for Human Exposure This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance of 20 cm between the radiator and your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter FCC Declaration Of Conformity We NETGEAR Inc 350 East Plumeria Drive San Jose CA 95134 declare under our sole responsibility that the GS752TP GS728TP and GS728TPP Smart Switch complies with Part 15 of FCC Rules Operation is subject to the following two conditions This device may not cause harmful interference and e This device must accept any interference received including interference that may cause undesired operation FCC Radio Frequency Interference Warnings amp Instructions This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful inte
228. ntire system A trap is not issued if the ACL rule hit count is O for the current interval This field is visible for a deny action e Match Every Select Enable or Disable Enable signifies that all packets that match the selected IPv6 ACL and rule are either permitted or denied In this case since all packets match the rule the option of configuring other match criteria is not offered To configure specific match criteria for the rule remove the rule and recreate it or for Match Every select Disable for the other match criteria to be visible e Protocol There are two ways to configure IPv6 protocol e After selecting protocol keyword other specify an integer ranging from O to 255 This number represents the IPv6 protocol e Select name of a protocol from the existing list of IPv6 ICMPv6 TCP and UDP e Source Prefix and Prefix Length Specify the IPv6 Prefix combined with IPv6 Prefix length of the network or host from which the packet is being sent The valid range for the prefix length is 0 128 Source L4 Port Specify a packet s source layer 4 port as a match condition for the selected IPv6 ACL rule Source port information is optional Source port information can be specified in two ways e Select keyword other from the drop down list and specify the number of the port The valid range is 0 65535 203 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Select one of the keywords from the list DOMAIN ECHO FT
229. o be blocked if STP detects loops Designated Bridge Bridge identifier of the bridge with the designated port It is made up using the bridge priority and the base MAC address of the bridge Designated Port Port identifier on the designated bridge that offers the lowest cost to the LAN It is made up from the port priority and the interface number of the port 103 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Multicast Multicast IP traffic is traffic that is destined to a host group The class D addresses identify the host groups for IPv4 multicast which range from 224 0 0 0 to 239 255 255 255 The prefix ff00 8 identifies the host groups for IPv6 multicast From the Multicast menu you can access features described in the following sections e MFDB e Auto Video Configuration e IGMP Snooping e IGMP Snooping Querier e MLD Snooping e Static Multicast Address MFDB The switch uses the Layer 2 Multicast Forwarding Database MFDB to make forwarding decisions for packets that arrive with a multicast destination MAC address By limiting multicast transmissions only to certain ports in the switch traffic is prevented from going to parts of the network where that traffic is unnecessary When a packet enters the switch the destination MAC address is combined with the VLAN ID and a search is performed in the Layer 2 Multicast Forwarding Database If no match is found the packet is either flooded to all p
230. oSafe ae Pest S Tai ANN System Switching Routing QoS Security Monitoring Maintenance Help Index Access Port Authentication Traffic Control ACL User Configuration RADIUS Server Configuration Change Password Server Configuration RADIUS Secret Server Address Authentication Port Secret Active Global Configured pate DD 1 Bm a 1 1 Primary v Server Configuration Accounting Server Configuration gt TACACS Authentication List ADD Ji DELETE REFRESH CANCEL p APPLY J 2 In the Server Address field specify the IP address of the RADIUS server to add 3 In the Authentication Port field specify the UDP port number the server uses to verify the RADIUS server authentication The valid range is 0 65535 The default port for RADIUS authentication is UDP 1812 4 From the Secret Configured menu select Yes to add a RADIUS secret in the next field You must select Yes before you can configure the RADIUS secret After you add the RADIUS server this field indicates whether the shared secret for this server has been configured 5 In the Secret field type the shared secret text string used for authenticating and encrypting all RADIUS communications between the switch and the RADIUS server This secret must match the RADIUS encryption 6 From the Active list specify whether the server is a primary or secondary server 7 Click ADD Configuration changes take effect immediatel
231. oad HTTP File Upload TFTP File Upload File Type Archive 7 Server Address Type IPv4 v Server Address Transfer File Path Transfer File Name r6v6m13b2 stk Start File Transfer m CANCEL APPLY 2 Use the File Type list to select the type of file you want to upload For more information see Upload File Types e Archive Retrieve the active software image file e Text Configuration Retrieve the stored text configuration file e Buffered Log Retrieve the syslog file The factory default is Archive 3 From the Server Address Type field select the format to use for the address you type in the Server Address field e Pv4 The TFTP server address is an IP address in dotted decimal format e DNS The TFTP server address is a host name 4 n the Server Address field specify the IP address or host name of the TFTP server The address you type must be in the format indicated by the TFTP server address type 5 In the Transfer File Path field specify the path on the TFTP server where you want to put the file You can enter up to 32 characters Include the backslash at the end of the path A path name with a space is not accepted Leave this field blank to save the file to the root TFTP directory 6 In the Transfer File Name field specify a destination file name for the file to upload 7 You can enter up to 32 characters The transfer fails if you do not specify a file name For a code transfer use the ros fi
232. ode is to be enabled or disabled 4 Inthe Multicast Router field enable or disable multicast router on the selected interface 5 Click APPLY to send the updated configuration to the switch 118 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Configuration changes take place immediately Static Multicast Address The Static Multicast Address link feature contains features described in the following sections e Multicast Group Configuration e Multicast Group Membership e Multicast Forward All Multicast Group Configuration The Multicast Group Configuration screen contains fields for creating deleting and modifying multicast service groups The Multicast Group Configuration table contains up to 32 multicast service groups gt To adda multicast group 1 Select Switching gt Multicast gt Static Multicast Address gt Multicast Group Configuration The following screen displays NETGEAR GS752TP ct with Inn ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN VoiceVLAN Auto VolP STP Address Table Multicast Group Configuration gt MFDB Auto Video Multicast Group configuration IGMP Snooping VLAN ID VLAN Name Multicast Address IGMP Snooping Querier Querier 1 01 00 5e 01 01 01 Dynamic Configuration z 01 00 5e 01 01 01 Static gt Querier VLAN Configuration Querier VLAN
233. of the management address Specifies the advertised management address of the remote system Interface SubType Specifies the port subtype Interface Number MAC PHY Details Identifies the port on the remote device that sent the information Auto Negotiation Supported Specifies whether the remote device supports port speed auto negotiation Possible values are True and False Auto Negotiation Enabled Displays the port speed auto negotiation support status Possible values are True and False Auto Negotiation Advertised Capabilities Displays the port speed auto negotiation capabilities Operational MAU Type Displays the Medium Attachment Unit MAU type The MAU performs physical layer functions including digital data conversion from the Ethernet interface collision detection and bit injection into the network MED Details Capabilities Supported The supported capabilities that were received in MED TLV from the device Current Capabilities The advertised capabilities that were received in MED TLV from the device Device Class Hardware Revision The LLDP MED endpoint device class The possible device classes are Endpoint Class 1 Indicates a generic endpoint class offering basic LLDP services Endpoint Class 2 Indicates a media endpoint class offering media streaming capabilities as well as all Class 1 features Endpoint Class 3 Indicates a communications devi
234. ol ACL Wizard IPv6 ACL Basic IPv6 ACL Table O Ss _ reve ace Rules ive us Co IP Rules ipv 0 IPv6 ACL IP Extended Rule IPv6 ACL IPv6 Rules IP Binding Configuration IP Binding Table 2 In the IPv6 ACL field configure the name of IPv6 ACL e The number of the rules associated with the IP ACL is displayed in the Rules field e The ACL type is IPv6 ACL and is displayed in the Type field 201 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 3 Click ADD To delete an IPv6 ACL select the check box associated with the rule and click DELETE IPv Rules Use the IPv6 Rules screen to configure the rules for the IPv6 access control lists The IPv6 access control lists are created using the IPv6 ACL screen By default no specific value is in effect for any of the IPv6 ACL rules gt To add an IPv6 rule 1 Select Security gt ACL gt Advanced gt IPv6 Rules link The following screen displays NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Connect with Innovation System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control ACL Wizard IPv6 Rules Basic IPv6 Rules v Advanced ACL Name AC v IP ACL IP Rules IPv6 Rules Table IP Extended Rule Match Se Source Source Destination Destination Destination IPv6 IPv6 ACL Actio
235. om the Management Security menu you can configure the login password Remote Authorization Dial In User Service RADIUS settings Terminal Access Controller Access Control System TACACS settings and authentication lists To display the screen click the Security Management Security tab The Management Security tab provides links to features described in the following sections e Change Password e Configure RADIUS Settings e Configure TACACS e Authentication List Configuration Change Password gt To change the login password for the management interface 1 Select Security gt Management Security gt User Configuration gt Change Password The following screen displays ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports NETGEAR GS752TP System Switching Routing QoS Security Monitoring Maintenance Help Index Port Authentication Traffic Control Change Password User Configuration Change Password Change Password gt RADIUS TACACS Authentication List Old Password New Password Confirm Password Reset Password REFRESH CANCEL APPLY 2 Specify the current password in the Old Password field The entered password is displayed in asterisks Passwords are 1 20 alphanumeric characters in length and are case sensitive 3 Enter a new password in the New Password field It does not display as it is typed and only asterisks show on the screen Passwords ar
236. omputer The IP address of the administrative system must be in the same subnet as the default IP address on the switch For most networks this means you must change the IP address of the administrative system to be on the same subnet as the default IP address of the switch 192 168 1 1 To change the IP address on an administrative system running a Windows operating system open the Internet Protocol TCP IP Properties screen that you access from each local area connection as shown in the following screen You need Windows Administrator privileges to change these settings 15 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Internet Protocol TCP IP Properties General Ex You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address IP address 192 168 0 200 Subnet mask 255 255 255 0 Default gateway 152 160 0 1 Use the following DNS server addresses Preferred DNS server A A Altemate DNS server Advanced WARNING When you change the IP address of your administrative system connection to the rest of the network is lost Be sure to write down your current network address settings before you change them gt To modify the network settings on your administrative system 1 On y
237. on e Debug 7 Provides detailed information about the log Debugging must only be performed by qualified support personnel The Status field in the Server Log table shows whether the remote logging host is active Use the buttons at the bottom of the screen to perform the following actions To delete an existing host select the check box next to the host and click DELETE e To modify the settings for an existing host select the check box next to the host change the desired information and click APPLY e Click Cancel to reset the data o the latest value of the switch 221 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Trap Logs Use the Trap Logs screen to view information about the SNMP traps generated on the switch gt To view SNMP traps e Select Monitoring gt Logs gt Trap Logs The following screen displays NETGEAR GS752TP Connect with Innovotion ProSafe 48 Port Gigabit Smart Switch d i with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Mirroring TCAM Utilization Buffered Logs Trap Logs gt Server Log Trap Logs Y Trap Logs Number of Traps Since Last Reset REFRESH The Number of Traps Since Last Reset field is displayed Note Check the detailed contents of the reported traps through the SNMP trap server This action is not within the scope of this guide 222 GS752TP GS728TP and GS728TPP Gigabit Smart Swit
238. on Interface The physical or port channel interfaces associated with VLANs associated with the CST Role Each MST bridge port that is enabled is assigned a port role for each spanning tree The port role can be one of the following values Root Designated Alternate Backup Master or Disabled Mode Specifies the spanning tree operation mode Different modes are STP RSTP and MSTP Fast Link Indicates whether the port is enabled as an edge port Status The forwarding state of this port MST Configuration Use the MST Configuration screen to configure Multiple Spanning Tree MST on the switch gt To configure an MST instance 1 Select Switching gt STP gt Advanced gt MST Configuration 99 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VoIP Multicast Address Table MST Configuration Basic STP MST Configuration Configuration Advanced Time Si T 1 T I sa MST ID Priority VLAN ID Bridge Identifier ree opo ogy opolosy Designated Root STP SUITE EEL Topology Change Change Count Change BIE e RN CST Port Configuration gt CST Port Status RSTP MST Configuration MST Port Configuration 2 To add an M
239. on was received that the forward path to the neighbor was functioning properly When in REACH state the device takes no special action as packets are sent e Stale More than ReachableTime milliseconds have elapsed since a confirmation was last received that the forward path was functioning properly While in STALE state the device takes no action until a packet is sent e Delay More than ReachableTime milliseconds have elapsed since a confirmation was last received that the forward path was functioning properly A packet was sent within the last DELAY_FIRST_PROBE_TIME seconds If no confirmation is received within DELAY_FIRST_PROBE_TIME seconds of entering the DELAY state the device sends a neighbor solicitation message and changes the state to PROBE e Probe A confirmation is actively sought by repeatedly sending neighbor solicitation messages every RetransTimer milliseconds until a confirmation is received e Last Updated Elapsed time since the address was last confirmed as reachable 31 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Time The switch software supports the Simple Network Time Protocol SNTP You can also set the system time manually SNTP assures accurate network device clock time synchronization up to the millisecond Time synchronization is performed by a network SNTP server The software operates only as an SNTP client and cannot provide time services to other systems Time sources are established
240. onfiguratio e g E uon Energy Detect Admin Mode Disable gt Neighbor Operational Status Inactive Reason Admin Down Short Reach Admin Mode Disable v Operational Status Inactive Reason Admin Down EEE Admin Mode Disable v Tw sys tx uSec i17 Tw sys tx Echo uSec 17 Tw sys rx uSec 17 Tw sys rx Echo uSec 17 Remote Device Information Interface gi v Remote ID 1 Remote Tw sys tx uSec Remote Tw sys tx Echo uSec CLEAR REFRESH 2 View or configure the Local Device Information Interface The interface to be displayed or configured Energy Detect Admin Mode Select Enable or Disable Operational Status Displays the Energy Detect operational status either Active or Inactive Reason Displays the Admin status either Admin Down or Admin Up Short Reach Admin Mode Select Enable or Disable Operational Status Displays the Short Reach operational status of the port either Active or Inactive Reason Displays the reason why the port is either Active or Inactive EEE Admin Mode Select Enable or Disable Tw sys tx uSec Displays the amount of time the Tx sys tx has been present on the port Tw sys tx Echo uSec Displays the amount of time the Tw sys tx Echo has been present on the port Tw sys rx uSec Displays the amount of time the Tw sys rx has been present on the port 41 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Tw sys rx Echo uSec Displays the a
241. onfiguration gt IP Configuration gt IPv6 Network j MEMILLLLA Configuration Tuve me 65535 D a NN Meibee 123 Time 1pva 10 6 37 30 123 SNTP Global DNS time a timefreq bldrdoc gov 123 C F Server SNTP Server Status o i SANTANA gt Green Ethernet 22 44 22 44 22 44 Jan 1 07 00 00 2010 UTC UTC 7 00 mE 7 time a timefreq bldrdoc gov Jan 1 04 00 00 1970 UTC UTC 4 00 REFRESH ADD DELETE CANCEL 2 Enter the appropriate SNTP server information in the following fields e Server Type Specifies whether the address for the SNTP server is an IP address IPv4 or host name DNS e Address Enter the IP address or the host name of the SNTP server e Port Enter a port number on the SNTP server to which SNTP requests are sent The valid range is 1 65535 The default is 123 3 Click Add Repeat the previous steps to add more SNTP servers You can configure up to three SNTP servers To change the settings for an existing SNTP server 1 Select the check box next to the configured server 2 Enter new values in the available fields 3 Click APPLY Configuration changes take effect immediately Toremove an SNTP server 1 Select the check box next to the configured server you want to remove 2 Click DELETE The entry is removed and the device is updated The SNTP Server Status table displays status information about the SNTP servers configured on your switch Table 5 describes
242. onfiguration changes occur immediately 242 Help Use the features available from the Help tab to connect to online resources for assistance and to register your device 243 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Online Help The Online Help link provides links to the sections described in the following sections e Support e User Guide Support Use the Support screen to connect to the online support site at netgear com gt To connect to online support 1 Select Help gt OnLine Help gt Support The following screen displays GS752TP N E T G E A R ProSafe 48 Port Gigabit Smart Switch Connect with Innovotion with PoE and 4 SFP Ports Support Support Please click APPLY below to be taken to the Online Support site at netgear com 2 Click APPLY to connect to the NETGEAR support site for the switch 244 GS752TP GS728TP and GS728TPP Gigabit Smart Switches User Guide Use the User Guide screen to access this guide which is available on the NETGEAR website gt To access the user guide 1 Select Help gt User Guide The following screen displays 2TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports NETGEAR System Switching Routing QoS Securi CE User Guide User Guide Please click APPLY button below to view the PDF User Guide s You will need Adobe Acrobat Reader to view a Guide 2 To access to the user guide that is available
243. onfigure the following settings Probes Per Hop Specify the number of times each hop must be probed The valid range is 1 10 MaxTTL Specify the maximum time to live for a packet in number of hops The valid range is 1 255 InitTTL Specify the initial time to live for a packet in number of hops The valid range is 1 255 MaxFail Specify the maximum number of failures allowed in the session The valid range is 0 255 Interval Specify the time between probes in seconds The valid range is 1 60 Port Specify the UDP destination port in probe packets The valid range is 1 65535 Size Specify the size of probe packets The valid range is 64 1472 4 Click APPLY to initiate the traceroute The results display in the Results field 241 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Remote Diagnostics The Remote Diagnostics screen lets you enable Telnet for diagnostic purposes gt To configure the remote diagnostics feature 1 Select Maintenance gt Troubleshooting gt Remote Diagnostics The following screen displays NETGEAR GS752TP ac ProSafe 48 Port Gigabit Smart Switch i with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index LOGOUT Remote Diagnostics Remote Diagnostics Remote Disgnostics Disable Enable 2 Next to Remote Diagnostics select Enable or Disable 3 Click APPLY to send the updated configuration to the switch C
244. or No Cable Logs The switch might generate messages in response to faults or errors occurring on the platform as well as changes in configuration or other occurrences These messages are stored locally and can be forwarded to one or more centralized points of collection for monitoring purposes or long term archival storage Local and remote configuration of the logging capability includes filtering of messages logged or forwarded based on severity and generating component The Logs tab contains menus that provide access to the following features e Buffered Logs e Server Log Trap Logs Buffered Logs The buffered log stores messages in memory based on the settings for message component and severity Use the Buffered Logs screen to set the administrative status and behavior of logs in the system buffer These log messages are cleared when the switch reboots 218 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure the Buffered Logs settings 1 Select Monitoring gt Logs gt Buffered Logs The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Mirroring TCAM Utilization Buffered Logs Buffered Logs Server Log Buffered Logs Configuration gt iss si Admin Status 5 Disable Enable Behavior Wrap Md Buffered Logs Total Number o
245. or WRR priority If a specific queue is configured as WRR all the queues with a lower number are also WRR queues The configuration is global and not per port e Weighted Weighted round robin associates a weight to each queue This association is the default e Strict Services traffic with the highest priority on a queue first e Queue Management Type Displays the type of packet management used for all packets which is Taildrop All packets on a queue are safe until congestion occurs At this point any additional packets queued are dropped 4 Click APPLY to apply the changes to the system 802 1p to Queue Mapping The 802 1p to Queue Mapping screen also displays the Current 802 1p Priority Mapping table Tomap 802 1p priorities to queues 1 Select QoS gt CoS gt Advanced gt 802 1p to Queue Mapping The following screen displays NETGEAR System Switching Routing Securi ty 802 1p to Queue Mapping Basic CoS Configuration 802 1p Queue Configuration l gt CoS Configuration CoS Interface n Configuration 802 1p to Queue Mapping Qu 802 1p Priority ProSafe 48 Port Gigabit Smart Swit with PoE and 4 SFP P Locou e TERES 1 e fo 1 2 Cor ration _F 8021p is Queud vus L Mapoind 2 s s DSCP to Queue Mapping APPLY 2 Select the queue to which predefined 802 1p priority values are mapped The queue values represent traffic cl
246. or a directly attached network When you create a route the next hop IP must be on the same network as the routing interface Valid next hop IP addresses can be seen on the Route Table screen 6 In the Preference field specify a preference value for the configured next hop 130 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database By specifying the preference of a static route the user controls whether a static route is more or less preferred The preference also controls whether a static route is more or less preferred than other static routes to the same destination The preference is an integer value from 1 to 255 You can specify the preference value sometimes called administrative distance of an individual static route 7 Click ADD to add the routing entry to the switch configuration To delete a route select the check box next to the route and click DELETE The Learned Routes table provides information about the routes the switch already has in its routing table Table 22 Learned Routes Table Fields Field Description Route Type Indicates whether the learned route is a static or default route Network Address The IP route prefix for the destination Subnet Mask Also referred to as the subnet network mask this field indicates the portion of the IP interface
247. or condition Searching Indicates that the port is not in one of the above states 4 Click APPLY to apply the new settings to the system Timer Global Configuration Use the Timer Global Configuration screen to create or remove timers and to control the administrative status of the timers Timers control when power can and cannot be delivered to a port To add a timer to a port use the following general steps 1 Create a timer 2 Configure timer settings 3 Assign a timer to the port 46 GS752TP GS728TP and GS728TPP Gigabit Smart Switches To create a timer 1 Select System gt PoE gt Advanced gt Timer Global Configuration The following screen displays NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch Connect with Innovation r with PoE and 4 SFP Ports Monitoring Maintenance Help Index Security Switching System Routing Management Device View SNMP i LLDP i Services Saaie Timer Global Configuration PoE Configuration Timer Schedule Name o v Advanced End EU IEEE MEM b Slee PIE M PoE Port Timer Schedule Configuration 2 To add a timer enter a name in the Timer Schedule Name field and click ADD To remove a timer select the check box associated with the timer and click DELETE To enable or disable the timer feature select the appropriate radio button and click APPLY Timer Schedule Use the Timer Schedule to configure when the p
248. or disable activation of all traps by selecting the corresponding button The factory default is Enable 3 From the Authentication field enable or disable activation of authentication failure traps by selecting the corresponding button The factory default is Enable 4 Click APPLY Configuration changes take effect immediately 52 GS752TP GS728TP and GS728TPP Gigabit Smart Switches SNMP Supported MIBs The screen allows you to view a list of the supported MIBs To access the Supported MIBS screen select System gt SNMP gt SNMP V1 V2 gt Supported MIBS NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports Switching Routing Security Monitoring Maintenance Help Index Management Device View PoE LLDP Services v SNMPv1 v2 SNMP Supported MIBS Community Status SAMI Nome peston Trap Configuration Hescriation RFC 1907 SNMPv2 MIB The MIB module for SNMPv2 entities RFC 2819 RMON MIB Remote Network Monitoring Management Information Base SNMP COMMUNITY MIB This MIB module defines objects to help support coexistence between SNMPvi SNMPv2 and SNMPv3 SNMP FRAMEWORK MIB The SNMP Management Architecture MIB REFRESH SNMP v3 User Configuration This is the configuration for SNMP v3 The SNMPv3 Access Mode is a read only field that shows the access privileges for the user account The admin account always has read write acce
249. ort PVID Configuration screen See Port VLAN ID Configuration e When a tagged packet enters a port the tag for that packet is unaffected by the default VLAN ID setting The packet proceeds to the VLAN specified by its VLAN ID tag number e Ifthe port through which the packet entered does not have membership with the VLAN specified by the VLAN ID tag the packet is dropped e Ifthe portis a member of the VLAN specified by the packet s VLAN ID the packet can be sent to other ports with the same VLAN ID 254 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Packets leaving the switch are either tagged or untagged depending on the setting for that port s VLAN membership properties A U for a given port means that packets leaving the switch from that port are untagged Inversely a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port The example given in this section describes a wide range of configurations to help provide an understanding of tagged VLANs Sample VLAN Configuration This example demonstrates several scenarios of VLAN use and describes how the switch handles tagged and untagged traffic In this example you create two new VLANs change the port membership for default VLAN 1 and assign port members to the two new VLANs 1 In the VLAN Configuration screen see VLAN Configuration on page 81 create the following VLANs AVLA
250. orts in the VLAN or discarded depending on the switch configuration If a match is found the packet is forwarded only to the ports that are members of that multicast group Use the MFDB Table to view the port membership information for all active Multicast address entries The key for an entry consists of a MAC address Entries can contain data for more than one protocol From the MFBD link you can access the following screens e MFDB Table e MFDB Statistics MFDB Table The Multicast Forwarding Database MFDB holds the port membership information for all active multicast address entries The key for an entry consists of a VLAN ID and MAC address pair Entries can contain data for more than one protocol 104 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To view the MFDB Table screen 1 Select Switching gt Multicast gt MFDB gt MFDB Table The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VoIP STP m MFDB Table MFDB Table MFDB Table MFDB Statistics Search by MAC Add m so gt Auto Video s MAC VLAN ID Component Type Description Interface Forwarding gt IGMP Snooping Address P yp ui Interfaces IGMP Snooping 01 00 5e 00 01 7F 1 IGMP DYNAMIC Network Assist 93 93
251. ou to view and monitor the physical port information for the ports available on the switch From the Ports menu you can access the features described in the following sections e Global Configuration e Port Configuration Global Configuration IEEE 802 3x flow control works by pausing a port when the port becomes oversubscribed and dropping all traffic for small bursts of time during the congestion condition This action can lead to high priority and network control traffic loss When IEEE 802 3x flow control is enabled lower speed switches can communicate with higher speed switches by requesting that the higher speed switch refrains from sending packets Transmissions are temporarily halted to prevent buffer overflows Jumbo frames support packets of up to 9 Kilobytes in size If jumbo frames are not enabled default the system supports packet size up to 1 518 bytes For jumbo frames to take effect the switch must be rebooted after the feature is enabled gt To configure global configuration settings 1 Select Switching gt Ports gt Global Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN Voice VLAN Auto VoIP STP Multicast Address Table Global Configuration Global Configuration Global Flow Control IEEE 802 3x Mode 9 Disable Enable
252. our computer access the Windows operating system TCP IP Properties screen 2 Set the IP address of the administrative system to an address in the 192 168 0 0 network such as 192 168 0 200 The IP address must be different from the switch s address but within the same subnet 3 Click OK gt To configure a static address on the switch 1 Use a straight through cable to connect the Ethernet port on the administrative system directly to any port on the NETGEAR switch 2 Open a web browser on your computer and connect to the management interface For more information see Access the Management Interface from the Web on page 17 3 Change the network settings on the switch to match the settings on your network For more information see P Configuration on page 27 4 Return the network configuration on your administrative system to the original settings 16 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Access the Management Interface from the Web To access the switch management interface use one of the following methods e From the Smart Control Center select the switch and click Web Browser Access For more information see the documentation for this application at http docs netgear com scc enu 202 10685 01 index htm e Open a web browser and enter the IP address of the switch in the address field You must be able to ping the IP address of the NETGEAR switch management interface from your administrative syst
253. ours Disable nacti Disable Disable Disable Disable Short Reach is Admin Mode Disable Disable Disable Disable Disable Short Rea Operational Status Inactive Inactive Inactive Inactive Inactive ch EEE Admin Mode Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Inactive Disable Disable Disable Disable Disable Disable Disable Disable Inactive Disable Inactive Disable Inactive Disable Inactive Disable Inactive Disable Inactive REFRESH In the Green Mode Statistics Summary section view the following Cumulative Energy Saving Watts Hours Displays the cumulative energy savings on the local device Interface Lists the local interfaces on the device Energy Detect Admin Mode Displays the Energy Detect Admin mode for each of the local interfaces Enable or Disable 42 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Energy Detect Operational Status Displays the operational status of the Energy Detect mode for each of the local interfaces Active or Inactive e Short Reach Admin Mode Displays the Short Reach Admin Mode for each of the local interfaces Enable or Disable Short Reach Operational Status Displays the operational status of the Short Reach Admin mode for each of the local interfaces Active or Inactive e EEE Admin Mode Displays the EEE Admin mode for each of the lo
254. ow the queue is configured and possibly the amount of traffic present in the other queues of the port If a delay is necessary packets get held in the queue until the scheduler authorizes the queue for transmission As queues become full packets have no place to be held for transmission and get dropped by the switch QoS is a means of providing consistent predictable data delivery by distinguishing between packets that have strict timing requirements from packets that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network With this special treatment in mind all elements of the network must be QoS capable The presence of at least one node that is not QoS capable creates a deficiency in the network path and the performance of the entire packet flow is compromised 137 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Class of Service The Class of Service CoS queueing feature lets you directly configure certain aspects of switch queueing This configuration provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table CoS queue characteristics that affect queue mapping such as minimum guaranteed bandwidth or transmission rate shaping are user configurable at the q
255. ower to a port is turned off For example you can specify that the power is turned off every night during the weekend or during the same one week period every year 47 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure timer settings 1 Select System gt PoE gt Advanced gt Timer Schedule Configuration The following screen displays NETGEAR GS752TP tiit rece RATE System Switching Routing Security Monitoring Maintenance Help Index Management Device View SNMP LLDP Services d nesic Timer Schedule PoE Configuration Timer Schedule Selection Advanced gt PoE Configuration Timer Schedule Name gt PoE Port Timer Schedule Configuration Configuration gt Timer Global Shutdown Time Start 08 00 hhimm Shutdown Time End 09 00 _ hh mm Date Start 15 Jun 2012 Date Stop 5 No End Date End Date 20 Jun 2012 B Recurrence Pattern Daly v Daily Mode Every WeekDay 2 From the Timer Schedule Name list select the name of the schedule created on the Timer Global Configuration screen 3 Specify the time to turn off power The time range is from 00 00 to 23 59 4 Specify the day to turn off power by clicking the calendar and selecting the date 5 If necessary specify the end date by clicking the calendar and selecting the date 6 If necessary use the Recurrence Pattern Daily or Weekly and Daily Mode fields to customize the power shutdown schedu
256. ownload File screen to download device software the image file configuration files and SSL files from a TFTP server to the switch You can also download files through HTTP See HTTP File Download for more information Before you download a file to the switch the following conditions must be true e The file to download from the TFTP server is on the server in the appropriate directory e The file is in the correct format e The switch has a path to the TFTP server 232 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To download a file to the switch from a TFTP server 1 Select Maintenance gt Download gt TFTP File Download The following screen displays ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports NETGEAR GS752TP Connect with Innovation System Switching Routing QoS Security Monitoring Maintenance Help Index Reset Upload File Management Troubleshooting TFTP File TFTP File Download Download HTTP File Download File Type Server Address Type TFTP File Download TFTP Server IP Transfer File Path Remote File Name Start File Transfer CANCEL APPLY 2 From the File Type list select the type of file you want to download to the switch For more information see Download File Types on page 232 e Archive Software image file Note The system always downloads the software image to the non active image e Text Configuration A text based configuratio
257. p Index Ports LAG VLAN VoiceVLAN Auto VoIP STP Address Table gt MFDB Querier VLAN Configuration Auto Video Querier VLAN Configuration gt IGMP Snooping VLAN ID E v IGMP Snooping Querier Election Participate Mode Disabled v Querier s Querer Snooping Querier VLAN Address 0 0 0 0 Configuration Querier VLAN Configuration Querier VLAN Status gt MLD Snooping gt Static Multicast Address REFRESH DELETE CANCEL APPLY 2 To create a VLAN ID for IGMP Snooping select New Entry from the VLAN ID list and complete the following fields e VLAN ID Specifies the VLAN ID for which the IGMP snooping querier is to be enabled e Querier Election Participate Mode Enable or disable querier participate mode e Disabled Upon seeing another querier of the same version in the VLAN the snooping querier moves to the non querier state e Enabled The snooping querier participates in querier election in which the least IP address operates as the querier in that VLAN The other querier moves to non querier state e Snooping Querier VLAN Address Specify the snooping querier IP address to be used as the source address in periodic IGMP queries sent on the specified VLAN 113 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 3 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately To disable Snooping Querier on a VLAN select the VLAN ID and click DELETE
258. partment from being allowed on the ports that are associated with other 257 GS752TP GS728TP and GS728TPP Gigabit Smart Switches departments Traffic from the Finance department is identified by each packet s network IP address 1 In the IP ACL screen create an IP ACL with an IP ACL ID of 1 For more information see P ACL on page 195 In the IP Rules screen create a rule for IP ACL 1 with the following settings e Rule ID 1 e Action Deny e Match Every False e Source IP Address 192 168 187 0 e Source IP Mask 255 255 255 0 For more information about IP ACL rules see P Rules on page 197 Click Add In the IP Rules screen create a second rule for IP ACL 1 with the following settings e Rule ID 2 e Action Permit e Match Every True Click Add In the IP Binding Configuration screen assign ACL ID 1 to the Ethernet ports 2 3 and 4 and assign a sequence number of 1 For more information see P Binding Configuration on page 204 By default this IP ACL is bound on the inbound direction so it examines traffic as it enters the switch Click APPLY Use the IP Binding Table screen to view the interfaces and IP ACL binding information For more information see P Binding Table on page 206 The IP ACL in this example matches all packets with the source IP address and subnet mask of the Finance department network and denies it on the Ethernet interfaces 2 3 and 4 of the switch The second rule perm
259. percent of the maximum port speed which is 1000 M for all ports 182 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure storm control settings 1 Select Security gt Traffic Control gt Storm Control The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Storm Control Storm Control Port Security Storm Control Port Settings o Go To Interface Go Port status Contol Mode Threshold Protected Ports Disable Multicast amp Broadcast 18 Disable Unknown Unicast Multicast amp Broadcast 18 Disable Broadcast Only 9 Disable Multicast amp Broadcast 18 Disable Unknown Unicast Multicast amp Broadcast 18 Disable Broadcast Only 9 Disable Multicast amp Broadcast 18 Disable Unknown Unicast Multicast amp Broadcast 18 Disable Broadcast Only 9 AQEe00000 2 Select the check box next to the port to configure Select multiple check boxes to apply the same setting to all selected ports Select the check box in the heading row to apply the same settings to all ports 3 From the Status menu select Enable or Disable to specify the administrative status of the mode 4 From the Control Mode menu select the mode of broadcast affected by storm control e Broadcast Only If the rate of L2 broadcas
260. played in the remote system s Port ID field 63 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Field Description Port ID Identifies the physical address of the port on the remote system from which the data was sent System Name Identifies the system name associated with the remote device If the field is blank the name might not be configured on the remote system 2 To view more information about the remote device click the link in the MSAP Entry column The following screen displays information for the selected port MED Details Neighbors Information Capabilities Supported Capabilities Network Policy Inventory Port Details Current Capabilities Capabilities Network Policy Inventory Device Class Network Connectivity Local Port PoE Device Type MSAP Entry PoE Power Source PoE Power Priority PoE Power Value Basic Details Hardware Revision Firmware Revision Software Revision Serial Number 15D35B4U00224 Model Name FSM7352S Asset ID Chassis ID SubType MAC Address Chassis ID 00 14 6C 34 5F 4F Port ID SubType MAC Address Port ID 00 14 6C 34 5F 51 Port Description System Name System Description FSM73325 48 4 L3 Stackable Switch ioco information System Capabilities bridge router Civic Coordinates Managed Address ECS ELIN Address Addr Interface Interface m SubType SubType Number Network Policies Application User VLAN ID VLAN T ae DSCP MAC PHY Details Type ven
261. querier 3 In the Snooping Querier Address field specify the IP address to be used as the source address in periodic IGMP queries This address is used when no address is configured on the VLAN on which the query is being sent 4 Inthe IGMP Version field specify the IGMP protocol version used in periodic IGMP queries Only version 2 is supported 5 In the Query Interval field specify the time interval in seconds between periodic queries sent by the snooping querier The query interval must be in the range of 1 1800 seconds The default value is 60 112 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The Querier Expiry Interval specifies the time interval in seconds after which the last querier information is removed The Query Expiry Interval is a read only parameter calculated as 2 Query Interval 5 so by default the value is 2 60 5 125 6 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately IGMP Snooping Querier VLAN Configuration Use this screen to configure IGMP queriers for use with VLANs on the network gt To configure Querier VLAN settings 1 Select Switching gt Multicast gt IGMP Snooping Querier gt Querier VLAN Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Hel
262. r The switch comes preconfigured with the following OUls e 00 01 E3 SIEMENS e 00 03 6B CISCO1 88 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 00 12 43 CISCO2 00 0F E2 H3C 00 60 B9 NITSUKO 00 D0 1E PINTEL 00 E0 75 VERILINK 00 E0 BB 3COM 00 04 0D AVAYA1 00 1B 4F AVAYA2 You can select an existing OUI or add a new OUI and description to identify the IP phones on the network To configure OUI settings 1 Select Switching gt Voice VLAN gt Advanced gt OUI The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN Auto VolP STP Multicast Address Table OUI Properties OUI e v Advanced piis CE 5 533 NHEENN 00 01 E3 SIEMENS 00 03 68 CISCO1 00 12 43 CISCO2 00 0F E2 H3C 00 60 89 NITSUKO 00 D0 1E PINTEL 00 E0 75 VERILINK 00 E0 BB 3COM 00 04 0D AVAYAL 00 1B 4F AVAYA2 Basic Port Setting OUI EH m n n Ej E o l ADD 4 DELETE CANCEL APP RESTORE DEFAULTS To modify the OUI prefix list you have the following options e Add an OUI prefix to the list Enter the VOIP OUI prefix in the Telephony OUls field provide a description of the prefix and click ADD The OUI prefix must be in the format AA BB CC e Delete an OUI prefix from the list Select the check box next to th
263. r Configuration screen to configure up to five TACACS servers with which the switch can communicate gt To configure TACACS server settings 1 Select Security gt Management Security gt TACACS gt TACACS Server Configuration link The following screen displays GS752TP NET T G E A R ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Port Authentication Traffic Control ACL TACACS Server Configuration User Configuration Change Password TACACS Server Configuration ane TACACS S Priority 0 to 65535 Port 0 to 65535 Key Strin ees v TACACS TES silos Timeout pee to 30 TACACS Configuration B Turm TACACS Server Configuration El 10 27 138 20 650 Authentication List 12 12 13 14 2 ADD Ji DELETE 2 In the TACACS Server field enter the IP address of the server to add In the Priority field specify the order in which the TACACS servers are used A value of 0 is the highest priority 4 Inthe Port field specify the authentication port number through which the TACACS session occurs The default is port 49 and the range is 0 65535 164 5 GS752TP GS728TP and GS728TPP Gigabit Smart Switches In the Key String field specify the authentication and encryption key for TACACS communications between the switch and the TACACS server This key must match the encryptio
264. raffic that matches the criteria to a particular queue or redirect the traffic to a particular port A default denies all rule is the last rule of every list 2 Apply the access list to an interface in the inbound direction The switch enables ACLs to be bound to physical ports and LAGs The switch software supports MAC ACLs and IP ACLs Sample MAC ACL Configuration The following example shows how to create a MAC based ACL that permits Ethernet traffic from the Sales department on specified ports and denies all other traffic on those ports 1 In the MAC ACL screen create an ACL with the name Sales ACL for the Sales department of your network For more informations see MAC ACL on page 190 By default this ACL is bound on the inbound direction which means the switch examines traffic as it enters the port 2 In the MAC Rules screen create a rule for the Sales ACL with the following settings e ID 1 Action Permit e Match Every False e CoS 0 256 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Destination MAC 01 02 1A BC DE EF e Destination MAC Mask 00 00 00 00 FF FF e Source MAC 02 02 1A BC DE EF e Source MAC Mask 00 00 00 00 FF FF e VLAN ID 2 For more information about MAC ACL rules see MAC Rules on page 191 3 In the MAC Binding Configuration screen assign the Sales_ACL to Ethernet ports 6 7 and 8 and click APPLY For more information see MAC Binding Configuration on page 193 N E TG EA
265. rately on VLANs The IGMP Snooping Querier feature contains links to features described in the following sections IGMP Snooping Querier Configuration IGMP Snooping Querier VLAN Configuration 111 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e IGMP Snooping Querier VLAN Status IGMP Snooping Querier Configuration Use this screen to enable or disable the IGMP Snooping Querier feature specify the IP address of the router to perform the querying and configure the related parameters gt To configure IGMP Snooping Querier settings 1 Select Switching gt Multicast gt IGMP Snooping Querier gt Querier Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VoIP STP Address Table Querier Configuration gt MFDB Auto Video Querier Configuration gt IGMP Snooping Querier Admin Mode Disable Enable v IGMP Snooping Querier Querier IGMP Version Configuration Querier VLAN Configuration gt Querier VLAN Status gt MLD Snooping Static Multicast Address Snooping Querier Address 0 0 0 0 Query Interval secs 60 Querier Expiry Interval secs 125 REFRESH CANCEL APPLY 2 Next to the Querier Admin Mode enable or disable the administrative mode for IGMP snooping
266. rd control access 1 Idle time out 5 minutes Password password Management security 1 profile with 20 rules for HTTP HTTPS SNMP access to allow deny an IP address subnet All IP addresses allowed Port MAC lock down All ports Disabled Boot code update 1 N A DHCP manual IP 1 DHCP enabled 192 168 1 1 Default gateway 192 168 0 254 System name configuration 1 NULL Configuration save restore 1 N A Firmware upgrade 1 N A Factory default reset 1 web and front panel button N A Dual image support 1 Enabled Factory reset 1 N A Multi session web connections 5 Enabled SNMPv1 V2c Max 5 community entries Enabled read read write SNMP v3 communities Time control 1 Local or SNTP Local Time enabled LLDP LLDP MED All ports Disabled Logging 3 buffered server traps Buffer Log enabled MIB Support 1 Enabled Smart Control Center N A Enabled Statistics N A N A IGMP snooping v1 v2 v3 All ports Disabled Configurations upload download 1 N A EAPoL flooding All ports Disabled BPDU flooding All ports Disabled Multicast groups 1K Disabled Filter Multicast control 1 Disabled Number of static routes 32 N A Number of routed VLANs 15 N A 251 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Feature Sets Supported Default Number of ARP cache entries 1024 in switch mode N A approximately 100 in ro
267. re Voice VLAN 1 Select Switching gt Voice VLAN gt Basic gt Properties 86 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN Auto VolP STP Multicast Address Table ARENIE Properties Properties Properties gt Advanced o VoiceVLAN Status 9 Disable Enable VoiceVLAN ID Class Of Service fo v Remark CoS Disable Enable Voice VLAN Aging Time 1 oay 0 Hour Next to Voice VLAN Status enable or disable voice VLAN on the switch If the switch does not handle traffic from IP phones the status must be disabled From the Voice VLAN ID list select the voice VLAN ID to use for voice traffic The default value is 2 In the Class of Service list select the CoS tag value to be reassigned for packets received on the voice VLAN when Remark CoS is enabled In the Remark CoS list specify whether to enable or disable Class of Service remarks on the selected port In the Voice VLAN Aging Time field specify the amount of time after the last IP phone s OUI is aged out for a specific port The port ages out after the bridge and voice aging time Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately 87 GS752TP GS728T
268. re network information for the management interface which is the logical interface used for in band connectivity with the switch through any of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed 27 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure the network information for the management interface 1 Select System gt Management gt IP Configuration The following screen displays d GS752 NE TG EAR ProSafe 48 Port Gigabit Smart Sw nec with Innovation with PoE and 4 SFP I System Switching Routing QoS Security Monitoring Maintenance Help Index Coso System IP Configuration Informatio EB ation IP Configuration o aleve Sebo Dynamic IP Address DHCP Configuration gt IPv6 Network Dynamic IP Address BOOTP Neighbor Static IP Address gt Time gt DNS IP Address Lszisoz39 gt Green Ethernet Subnet Mask a Default Gateway 5 0 25 Management VLAN 0 Management VLAN ID iv 2 Select the appropriate radio button to determine how to configure the network information for the switch management interface Dynamic IP Address DHCP Specifies that the switch must obtain the IP address through a DHCP server Dynamic IP Address BOOTP Specifies that the switch must obtain the IP address through a BootP server
269. rface Configuration The following screen displays NETGEAR GS752TF ProSafe 48 Port Gigabit Smart Switch PoE and 4 SFP Port System Switching Routing QoS Security Monitoring Maintenance Help Index LocouT Device View PoE SNMP LLDP Services ops Green Ethernet Interface Configuration gt IP Configuration Green Ethernet Interface Configuration e IPv6 Network ni Configuration gt IPv6 Network PEE Auto Power Short Cable Neighbor Down Mode Mode Time ds A a a NNI ee gi Disable Disable Disable hi 1 s2 Disable Disable Disable Fl 3 Disable Disable Disable O 94 Disable Disable Disable l es Disable Disable Disable 1 ses Disable Disable Disable Gen Fibarnet l 97 Disable Disable Disable Summary O es Disable Disable Disable OH g9 Disable Disable Disable O gio Disable Disable Disable g11 Disable Disable Disable O gi2 Disable Disable Disable qi3 Disable Disable Disable 2 Select the following interface settings for the physical port e Go To Interface Enter a port identifier appears in the Port column and click the Go button The table entry corresponding to the specified port is selected e Port Selects the interface for which data is displayed or configured Auto Power Down Mode Determines whether Auto Power Down mode is enabled for the port The factory default is Disable When the port link is down the PHY automatically goes down for a short period an
270. rference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following methods e Reorient or relocate the receiving antenna e Increase the separation between the equipment and the receiver e Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected e Consult the dealer or an experienced radio TV technician for help Modifications made to the product unless expressly approved by NETGEAR Inc could void the user s right to operate the equipment Canadian Department of Communications Radio Interference Regulations This digital apparatus GS752TP GS728TP and GS728TPP Smart Switch does not exceed the Class B limits for radio noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications This Class B digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe B est conforme la norme NMB 003 du Canada 273 Index Numerics 802 1p to queue mapping 142 802 1x 263 configuration 175 sample configuration 264 A access control 172 ACLs 187 management interface 169 A
271. rity Management Device View PoE SNMP Services OER Local Information v Advanced Device Information LLDP Configuration Chassis ID Subtype LLDP Port Settings chassis ID gt LLDP MED Network system Name Dem Port T Settings NS diis Port Information Information Port ID SubType Port ID Port Description Advertisemen 5 ie Be Monitoring MAC Address C4 3D C7 AC DF 47 GS752TP GS752TP Bridge MAC 00 10 18 58 36 00 MAC 00 10 18 58 36 00 MAC 00 10 18 58 36 00 MAC 00 10 18 58 36 00 MAC 00 10 18 58 36 00 MAC 00 10 18 58 36 00 PORT ID 8 PORT ID 8 PORT ID 8 PORT ID 8 PORT ID 8 PORT ID 8 GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Maintenance Help Index LOGOUT o t Enable Disable Enable Disable Enable Disable REFRESH The following table describes the LLDP local information that displays for each port Field Description Interface The interface with the information to display Port ID Subtype Identifies the type of data displayed in the Port ID field Port ID Identifies the physical address of the port 60 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Field Description Port Description Identifies the user defined description of the port For information about how to configure the port description see Ports on page 73 Advertisement Displays the advertisement st
272. rity Monitoring Maintenance Help Index S pae Service Configuration Diffserv Service Configuration Configuration DSCP Violate PORTS LAGS All GoToInteface GO rA fee HL BE wm e Configuration DSCP Violate Action Mapping Class Configuration IPv6 Class Configuration Policy Configuration Service Configuration Service Statistics ES DILE 2 To configure DiffServ policy settings for a physical port link aggregation group LAG or both click PORTS LAGS or ALL respectively 3 Select the check box next to the port or LAG to configure You can select multiple ports and LAGs to apply the same setting to the selected interfaces Select the check box in the heading row to apply the same settings to all interfaces 4 Select a previously defined policy or None from the Policy In list and click APPLY None removes all policies from the interfaces Service Statistics Use the Service Statistics screen to display service level statistical information about all interfaces that have DiffServ policies attached 155 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To display and refresh service level statistical information 1 Select QoS gt DiffServ gt Advanced gt Service Statistics The following screen displays NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Connect wilh
273. rv settings enabling plug and play networking e Device location discovery for creation of location databases e Extended and automated power management of Power over Ethernet endpoints e Inventory management enabling network administrators to track their network devices and determine their characteristics manufacturer software and hardware versions serial number and asset number 55 GS752TP GS728TP and GS728TPP Gigabit Smart Switches LLDP Configuration Use the LLDP Configuration screen to specify LLDP and LLDP MED parameters that are applied to the switch gt To configure global LLDP settings 1 Select System gt LLDP gt Basic gt LLDP Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch oin with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index LLDP Configuration Basic LLDP Configuration LLDP Properties gt Advanced TLV Advertised Interval Hold Multiplier Reinitializing Delay Transmit Delay LLDP MED Properties Fast Start Duration REFRESH J CANCE Note You can also access the LLDP Configuration screen by selecting System gt LLDP gt Advanced gt LLDP Configuration 2 Configure the following LLDP settings TLV Advertised Interval Specify the interval at which frames are transmitted The default is 30 seconds and the valid range is 5 32768 s
274. rvice Level Specification SLS operation respectively Traffic Conditioning Policy Traffic conditioning pertains to actions performed on incoming traffic Several distinct QoS actions are associated with traffic conditioning 260 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Dropping Drops a packet upon arrival This is useful for emulating access control list operation using DiffServ especially when DiffServ and ACL cannot co exist on the same interface Marking IP DSCP Marks and remarks the DiffServ code point in a packet with the DSCP value representing the service level associated with a particular DiffServ traffic class Marking CoS 802 1p Sets the 3 bit priority field in the first or only 802 1p header to a specified value when packets are transmitted for the traffic class An 802 1p header is inserted if it does not exist This is useful for assigning a Layer 2 priority level based on a DiffServ forwarding class that is DSCP or IP precedence value definition to convey some QoS characteristics to downstream switches that do not routinely look at the DSCP value in the IP header Policing A method of limiting incoming traffic associated with a particular class so that it conforms to the terms of the TCS Special treatment can be applied to out of profile packets that are either in excess of the conformance specification or are non conformant The DiffServ feature supports the following types of traffic policing tr
275. rvice has undesirable effects on applications with strict timing requirements such as voice or multimedia Defining DiffServ To use DiffServ for QoS you must first define the following categories and their criteria 1 Class Create classes and define class criteria 2 Policy Create policies associate classes with policies and define policy statements 3 Service Add a policy to an inbound interface Packets are classified and processed based on defined criteria A class defines the classification criteria A policy s attributes define the processing Policy attributes might be defined on a per class instance basis and it is these attributes that are applied when a match occurs A policy can contain multiples classes When the policy is active the actions taken depend on which class matches the packet Packet processing begins by checking the class match criteria for a packet A policy is applied to a packet when a class match within that policy is found From the DiffServ menu under the QoS tab you can access the following e Diffserv Configuration e DSCP Violate Action Mapping e Class Configuration e Pv6 Class Configuration Policy Configuration e Service Configuration e Service Statistics 144 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Diffserv Configuration Use the Diffserv Configuration screen to display DiffServ general status group information which includes the current administrative mo
276. s Once learned the MAC address is used in the destination address field of the Layer 2 header prepended to the IP packet The ARP cache is a table maintained locally in each station on a network ARP cache entries are learned by examining the source information in the ARP packet payload fields regardless of whether it is an ARP request or response Thus when an ARP request is broadcast to all stations on a LAN segment or virtual LAN VLAN every recipient has the opportunity to store the sender s IP and MAC address in its respective ARP cache The ARP response being unicast is normally seen only by the requestor who stores the sender information in its ARP cache Newer information always replaces existing content in the ARP cache The NETGEAR switches support 1024 ARP entries in switch mode and approximately 100 in router mode These entries include dynamic and static ARP entries Devices can be moved in a network which means the IP address that was at one time associated with a certain MAC address is now found using a different MAC address or might have disappeared from the network altogether that is it has been reconfigured disconnected or powered off This leads to stale information in the ARP cache unless entries are updated in reaction to new information seen on the network periodically refreshed to determine if an address still exists or removed from the cache if the entry has not been identified as a sender of an ARP packet dur
277. s Traffic Control ACL Port Authentication v Basic 802 1X Port Authentication Configuration v Advanced 802 1X Sanan seri ege eae en Dynamic VLAN cicer vr AN Periodic Reauthentication Quiet Resending Max EAP Assignment pl _ p Port Authentication c BED 3 U 92 Auto 3600 g3 Auto 3600 94 Auto 3600 Auto 3600 3600 3600 3600 3600 3600 Auto Auto Auto Auto ud TT ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports NETGEAR GS752TP System Switching Routing Qos Security Monitoring Maintenance Help Index Management Security Access Traffic Control ACL v Basic 802 1X Configuration v Advanced GO TO INTERFACE leso ESS SSS EON EAP Y Timeout Timeout Direction Version Capabilities im State State Pot Summary tl CU PEE Authenticator Initialize initialize Authenticator Initialize Initialize Authenticator initialize Initialize Authenticator Initialize Initialize Authenticator Initialize Intiaize Authenticator Initialize Initialize Authenticator Initiaize Intiaize Authenticator Initialize Initialize Authenticator Initialize Intiaize Initialize ise CANCEL APPLY Cf 30 30 30 30 30 30 30 30 30 30 2 Select the check box next to the port to configure 177 GS752TP GS728TP and GS728TPP Gigabit Smart Switches You can also select multiple check boxes
278. s and bandwidth as if they were connected to the same segment The resources of other departments can be invisible to the marketing VLAN members accessible to all or accessible only to specified individuals depending on how the IT manager has set up the VLANs VLANs have a number of advantages e Itis easy to do network segmentation Users who communicate most frequently with each other can be grouped into common VLANs regardless of physical location Each group s traffic is contained largely within the VLAN reducing extraneous traffic and improving the efficiency of the whole network e They are easy to manage The addition of nodes as well as moves and other changes can be dealt with quickly and conveniently from a management interface rather than from the wiring closet e They provide increased performance VLANs free up bandwidth by limiting node to node and broadcast traffic throughout the network e They ensure enhanced network security VLANs create virtual boundaries that can be crossed only through a router So standard router based security measures can be used to restrict access to each VLAN Packets received by the switch are treated in the following way e When an untagged packet enters a port it is automatically tagged with the port s default VLAN ID tag number Each port has a default VLAN ID setting that is user configurable the default setting is 1 The default VLAN ID setting for each port can be changed in the P
279. s interface You can define simple BA classifiers DSCP and a wide variety of multifield MF classifiers e Layer 2 Layers 3 4 IP only e Protocol based e Address based You can combine these classifiers with logical AND or OR operations to build complex MF classifiers by specifying a class type of all or any respectively That is within a single class multiple match criteria are grouped as an AND expression or a sequential OR expression depending on the defined class type Only classes of the same type can be nested class nesting does not allow for the negation that is exclude option of the referenced class To configure DiffServ you must define service levels namely the forwarding classes or PHBs identified by a given DSCP value on the egress interface You define the service levels by configuring BA classes for each Create Policies Use DiffServ policies to associate a collection of classes that you configure with one or more QoS policy statements The result of this association is referred to as a policy From a DiffServ perspective there are two types of policies e Traffic Conditioning Policy A policy applied to a DiffServ traffic class e Service Provisioning Policy A policy applied to a DiffServ service level You must manually configure the various statements and rules used in the traffic conditioning and service provisioning policies to achieve the desired Traffic Conditioning Specification TCS and the Se
280. screen select the check box next to interfaces g7 and g8 to attach the policy to these interfaces and click APPLY For more information see Service Configuration on page 155 All UDP packet flows destined to the 192 12 2 0 network with an IP source address from the 192 12 1 0 network that have a Layer 4 source port of 4567 and destination port of 4568 from this switch on ports 7 and 8 are assigned to hardware queue 3 On this network traffic from streaming applications uses UDP port 4567 as the source and 4568 as the destination This real time traffic is time sensitive so it is assigned to a high priority hardware queue By default data traffic uses hardware queue 0 which is designated as a best effort queue 262 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Also the confirmed action on this flow is to send the packets with a committed rate of 10 000 Kbps and burst size of 128 KB Packets that violate the committed rate and burst size are dropped 802 1x Local area networks LANs are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure or permit unauthorized users to attempt to access the LAN through equipment already attached In such environments it might be desirable to restrict access to the services offered by the LAN to those users and devices that are permitted to use those services Port based network access control makes use of the physical char
281. screen displays zs Am GS752TP NE TG EA R ProSafe 48 Port Gigabit Smart Switch onnect with Innovatio with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Port Authentication Traffic Control Extended ACL Rule Configuration Extended ACL Rule Configuration 100 199 ACL ID Name Rule ID IPv6 Rules IP Binding Configuration IP Binding Table None IP DSCP Configure the fields for the new rule e Rule ID Specify a number from 1 to 10 to identify the IP ACL rule You can create up to ten rules for each ACL Action Select an ACL forwarding action e Permit Forwards packets which meet the ACL criteria e Deny Drops packets which meet the ACL criteria Logging When set to Enable logging is enabled for this ACL rule subject to resource availability in the device If the access list trap flag is also enabled this causes periodic traps to be generated indicating the number of times this rule was hit 199 GS752TP GS728TP and GS728TPP Gigabit Smart Switches during the current report interval A fixed 5 minute report interval is used for the entire system A trap is not issued if the ACL rule hit count is O for the current interval This field is available for a deny action Match Every Requires a packet to match the criteria of this ACL Select Enable or Disable Match Every is exclusive to the other filtering rules so if Match Every is enabl
282. sed on the destination IPv4 address and IPv4 address mask e ACL Based on Source IPv4 Creates an ACL based on the source IPv4 address and IPv4 address mask e ACL Based on Destination IPv6 Creates an ACL based on the destination IPv6 prefix and IPv6 prefix length e ACL Based on Source IPv6 Creates an ACL based on the source IPv6 prefix and IPv6 prefix length e ACL Based on Destination IPv4 L4 Port Creates an ACL based on the destination IPv4 layer 4 port number e ACL Based on Source IPv4 L4 Port Creates an ACL based on the source IPv4 layer 4 port number e ACL Based on Destination IPv6 L4 Port Creates an ACL based on the destination IPv6 layer 4 port number 188 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e ACL Based on Source IPv6 L4 Port Creates an ACL based on the source IPv6 layer 4 port number 3 Configure the settings in the following table based on the selection in the ACL Type list Note The Rule ID Action and Match Every fields appear for all ACL types The remaining two fields vary according to the selected ACL type e Inthe Rule ID field enter a number that is used to identify the rule The valid range is 1 10 e In the Action field specify what action must be taken if a packet matches the rule s criteria The choices are Permit or Deny e In the Match Every field specify True or False e In the remaining two fields specify data according to Table 25 Table 25 ACL fields accord
283. select the interface for which to add a binding to the DHCP snooping database 3 In the MAC Address field specify the MAC address for the binding to be added This MAC address is the key to the binding database 4 In the VLAN ID list select the VLAN from the list for the binding rule The valid range of the VLAN ID is 1 4093 5 Inthe IP Address field specify a valid IP address for the binding rule 6 Click ADD to add the DHCP snooping binding entry to the database 7T Click APPLY to apply the change to the system Configuration changes take effect immediately Click DELETE to delete selected DHCP snooping binding static entries from the database or CLEAR to delete all DHCP snooping binding entries from the database The following table describes the information that displays for DHCP Snooping Dynamic Binding Configuration 70 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Table 11 DHCP Snooping Dynamic Binding Configuration fields Field Description Interface Displays information about the interface to which a binding entry in the DHCP snooping database MAC Address The MAC address for the binding entry in the binding database VLAN ID The VLAN for the binding entry in the binding database The valid range of the VLAN ID is 1 4093 IP Address The IP address for the binding entry in the binding database Lease Time The remaining lease time for the dynamic binding entries DHCP
284. splays whether the selected interfaces trust a particular packet marking when the packet enters the port The data for all the ports is taken from the Global Trust Mode e Untrusted Do not trust any CoS packet marking at ingress e 802 1p or DSCP Apply the global trust mode set in the CoS configuration 4 Inthe Interface Shaping Rate field specify the maximum bandwidth allowed This specification is typically used to shape the outbound transmission rate in this range of 64 1000000 Kbps The shaping rate Kb value is the value of the interface shaping rate configured The default value is 0 The value 0 means that the maximum is unlimited 140 GS752TP GS728TP and GS728TPP Gigabit Smart Switches In the Interface Ingress Rate Limit field specify the ingress rate allowed The range is 100 1000000 Kbps The default value is 0 which means that the maximum is unlimited Click APPLY to apply the changes to the system Queue Configuration Use the Queue Configuration screen to define what a particular queue does by configuring switch egress queues User configurable parameters control the amount of bandwidth used by the queue and the scheduling of packet transmission from the set of all queues on a port The CoS queue configuration is global You can configure four queues as strict priority or weighted round robin WRR priority If a specific queue is configured as WRR all the queues with a lower number are also WRR queues The
285. ss and all other accounts have read only access 53 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure SNMPv3 settings for the user account 1 Select System gt SNMP gt SNMP V3 gt User Configuration The following screen displays NETGEAR GS752TP Connec with Innovation ProSafe 48 Port Gigabit Smart Switch d with PoE and 4 SFP Ports System Switching Routing Security Monitoring Maintenance Help Index v SNMPv1 v2 User Configuration Community User Configuration Configuration Trap Configuration Trap Flags Authentication Protocol SNMPv3 Access Mode Supported MIBS Encryption Protocol Encryption key 2 Next to Authentication Protocol select the SNMPv3 Authentication Protocol setting for the selected user account The valid authentication protocols are None MD5 or SHA e None The user is unable to access the SNMP data from an SNMP browser e MD5or SHA The user login password is used as SNMPv3 authentication password and you must therefore specify a password The password must be eight characters in length 3 Next to Encryption Protocol select whether to encrypt SNMPv3 packets transmitted by the switch e None Do not encrypt the contents of SNMPv3 packets transmitted from the switch e DES Encrypt SNMPv3 packets using the DES encryption protocol 4 f you selected DES for the Encryption Protocol enter the SNMPv3 encryption key in the Encryption Ke
286. stem Resources Utilization The switch architecture uses a Ternary Content Addressable Memory TCAM to support packet actions in wire speed TCAM holds the rules produced by other applications The maximum number of TCAM rules that can be allocated by all applications on the device is 480 This resource is used by the following features e DiffServe e ACLs Dynamic VLAN DVA e DHCP snooping Some applications allocate rules upon their initiation Additionally processes that initialize during system boot allocate some of their rules during the startup process The System Resources Utilization screen displays the system resource utilization and maximum number of TCAM entries gt To view TCAM utilization e Select Monitoring gt System Resources Utilization The following screen appears NETGEAR System Switching Routing QoS Security Monitoring Maintenance Help Index System Resource System Resource Utilization Utilizati OD System Resource Utilization System Resource Utilization 3 Max System Resource Entries 480 DVA 10 DHCP Snooping 8 ProSafe 48 Port Gigabit Smart Swit with PoE and 4 SFP Po tocour The following fields are displayed e System Resources Utilization The percentage of TCAM utilization MAX TCAM Entries The maximum number of TCAM entries available Used Resources Number of TCAM entries used by ACLs DiffServe Number of TCAM entries used by Dynamic VLAN DVA DHCP Snooping
287. stics e Port Detailed Statistics e EAP Statistics e Cable Test Switch Statistics The Switch Statistics screen displays detailed statistical information about the traffic the switch handles gt To display switch statistics Select Monitoring gt Ports gt Switch Statistics The following screen displays GS752TP N E TGE A R ProSafe 48 Port Gigabit Smart Switch Connect with Innovotion with PoE and 4 SFP Ports System Switching Routing QoS Securi ty Monitoring Maintenance Help Index em h Statistics Switch Statistics gt Port Statistics Statistics gt Port Detailed Statistics gt EAP Statistics gt CableTest Multicast Packets Received Broadcast Packets Received Octets Transmitted Unicast Packets Transmitted Multicast Packets Transmitted Broadcast Packets Transmitted Address Entries in Use CLEAR REFRESH The following fields are displayed e iflndex The iflndex of the interface table entry associated with the processor of this Switch e Octets Received The total number of octets of data received by the processor excluding framing bits but including FCS octets 208 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The total number of packets received that were directed to a multicast address This number does not include packets directed
288. sts connected to hosts tu e Ports g6 98 S connected to Switch 2 and 3 Switch 1 root bridge Ports g6 98 connected to Switch 1 and 2 Switch 3 N Ports g1 g5 SS connected to hosts Perform the following procedures on each switch to configure MSTP 1 Use the VLAN Configuration screen to create VLANs 300 and 500 For more information see VLAN Configuration on page 81 Use the VLAN Membership screen to include ports g1 g8 as tagged T or untagged U members of VLAN 300 and VLAN 500 For more information see VLAN Membership Configuration on page 83 In the STP Configuration screen enable the Spanning Tree State option For more information see STP Configuration on page 92 Use the default values for the rest of the STP configuration settings By default the STP operation mode is MSTP and the configuration name is the switch MAC address In the CST Configuration screen set the Bridge Priority value for each of the three switches to force Switch 1 to be the root bridge e Switch 1 4096 e Switch 2 12288 e Switch 3 20480 Note Bridge priority values are multiples of 4096 If you do not specify a root bridge and all switches have the same Bridge Priority value the switch with the lowest MAC address is elected as the root bridge 268 GS752TP GS728TP and GS728TPP Gigabit Smart Switches For more information see CST Configuration on page 94 5 In the CST Port Configuration screen
289. t Last Update Time Specifies the local date and time UTC the SNTP client last updated the system clock Server IP Address Specifies the IP address of the server for the last received valid packet If no message has been received from any server an empty string is shown Address Type Specifies the address type of the SNTP server address for the last received valid packet Server Stratum Specifies the claimed stratum of the server for the last received valid packet Server Mode Specifies the mode of the server for the last received valid packet Unicast Server Max Entries Specifies the maximum number of unicast server entries that can be configured on this client Unicast Server Current Specifies the number of current valid unicast server entries configured for Entries this client SNTP Server Configuration Use the SNTP server configuration screen to view and modify information for adding and modifying Simple Network Time Protocol SNTP servers 34 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure a new SNTP server 1 Select System gt Management gt Time gt SNTP Server Configuration The following screen displays GS752TF NE T GE A R ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Port System Switching Routing QoS Security Monitoring Maintenance Help Index gt System SNTP Server Configuration Information SNTP Server C
290. t Certificate n nagement D Generate Certificates Access Control 7 Import Certificates Generate Certificates Request Delete Certificates Certificate Generation Status e Certificate Generation Status No Certificate Generation in progress Next to the Certificate Type a Default or User Defined status displays 2 Under Certificate Management select how you want to handle certificates e None Do not display the certificates This selection is the default selection e Generate Certificates Select this option to generate certificate files 171 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Import Certificates Select this option to import certificate files In the Certificate field Public Key field and Private Key fields paste the certificate public key and private key from an external file NE TGEA R ProSafe 48 Port Gigabit Smart Switch n with PoE and 4 SFP Port System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Port Authentication Traffic Control ACL gt HTTP Certificate Management X HTTI ES Certificate Management gt HTTPS Configuration Certificate Type Default Certificate D None Management Generate Certificates Access Control Import Certificates When a Certificate and or a Key is entered it should contain the BEGIN and END markers Certificate pe BEGIN CERTIFICATE p MIICHDCCAYUCEHKFBfZSTtEEha3lIxUGmKgw 3 DQYJKoZIhv
291. t IGMP Snooping gt IGMP Snooping Configuration The following screen displays al neal with PoE and 4 SFP Ports lt MFDB IGMP Snooping Configuration gt MFDB Table IGMP Snooping Configuration gt MFDB Statistics IGMP Snooping Status Disable Enable Block Unknown Multicast Address Disable Enable VLAN IDs Enabled For IGMP Snooping 5 IGMP Snooping VLAN Configuration VLAN Ids Enabled For IGMP Snooping Querier IGMP Snooping E Queri MLD Snooping Static Multicast Address 2 Next to IGMP Snooping Status enable or disable IGMP snooping on the switch e Enable The switch snoops all IGMP packets it receives to determine which segments should receive packets directed to the group address e Disable The switch does not snoop IGMP packets 3 Select whether to block unknown multicast addresses 108 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Enable Packets with unknown multicast MAC addresses in the destination field are dropped e Disable Packets with unknown destination multicast MAC addresses are processed 4 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately The following table displays information about the global IGMP snooping status Table 18 IGMP Snooping Status Field Description VLAN IDs Enabled For IGMP Displays VLAN IDs enabled for IGMP snooping For more information about Snooping how
292. t channel LAG State Indicates whether the link is up or down 77 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 4 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately LAG Membership Use the LAG Membership screen to select two or more full duplex Ethernet links to aggregate together to form a link aggregation group LAG which is also known as a port channel The switch can treat the port channel as if it were a single link gt To create a LAG 1 Select Switching gt LAG gt Basic gt LAG Membership The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Srnart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN Voice VLAN Auto VoIP STP Multicast Address Table LAG Membership v Basic LAG Configuration LAG Membership LAG ID 2 From the LAG ID field select the LAG to configure The LAG Name field shows the name assigned to the LAG The values are ch1 ch2 and ch8 3 Click Port in the orange bar to display the ports 78 4 5 6 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Click the box below each port to include the port in the LAG The following screen shows an example of how to configure LAG1 with ports g1 g4 as members LAG Membership LAG Membership LAG ID LAG1 v CURRENT MEMBERS
293. t system 231 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Download a File to the Switch The switch supports system file downloads from a remote system to the switch by using either TFTP or HTTP Download File Types The following types of files can be downloaded to the switch Archive The archive is the system software image which is saved in one of two flash sectors called images image1 and image2 The active image stores the active copy and the other image stores a second copy The device boots and runs from the active image If the active image is corrupt the system automatically boots from the non active image This is a safety feature for faults occurring during the boot upgrade process e Text Configuration You can edit a text based configuration file startup config offline as needed without having to translate the contents for the switch to understand The most common usage of text based configuration is to upload a working configuration from a device edit it offline to personalize it for another similar device for example change the device name IP address and download it to that device e Boot File that contains code that runs when the switch is brought up It performs initiation actions and loads the software The Download menu contains links that provide access to the features described in the following sections e TFTP File Download HTTP File Download TFTP File Download Use the TFTP D
294. t traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped e Multicast amp Broadcast If the rate of L2 multicast and broadcast traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped e Unknown Unicast Multicast amp Broadcast If the rate of unknown L2 unicast destination lookup failure broadcast and multicast traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped 5 In the Threshold field specify the maximum rate at which unknown packets are forwarded The range is a percentage of the total threshold between 0 10096 The default is 5 Storm control is configured as a percentage of the maximum port speed 6 Click APPLY to update the switch with the new settings 183 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Port Security Interface Configuration A MAC address can be defined as allowable by one of two methods dynamically or statically Both methods are used concurrently when a port is locked Dynamic locking implements a first arrival mechanism for port security You specify how many addresses can be learned on the locked port If the limit has not been reached a packet with an unknown source MAC address is learned and forwarded normally When the limit is reached no more addresses are learned on the port Any packets with source MAC addresses that were not already learned
295. tatus Spanning Tree Maximum Hops 20 RSTP MST Configuration MSTP Status MST Port Confgurat Ee CNRC CNN 1 1 1 z 3 3 3 6 6 REFRESH I CANCEL 2 Specify values for CST in the following fields Bridge Priority Specify the bridge priority value for the Common and Internal Spanning Tree CST When switches or bridges are running STP each is assigned a priority After exchanging BPDUS the switch with the lowest priority value becomes the root bridge The bridge priority is a multiple of 4096 If you specify a priority that is not a multiple of 4096 the priority is automatically set to the next lowest priority that is a multiple of 4096 For example if you set the priority to any value from 0 through 4095 it is set to 0 The valid range is 0 61440 The default priority is 32768 e Bridge Max Age Sec Specify the bridge maximum age time for the Common and Internal Spanning Tree CST which indicates the amount of time in seconds a bridge waits before implementing a topological change The value must be less than or equal to 2 bridge forward delay 1 and greater than or equal to 2 bridge hello time 1 The valid range is 6 40 and the default value is 20 Bridge Hello Time Sec Specifies the switch hello time for the Common and Internal Spanning Tree CST which indicates the amount of time in seconds a root bridge waits between configuration messages The value is fixed at 2 seconds Bridge Forward Delay
296. tch might not be able to supply power to all connected devices Priority is used to determine which ports can supply power When ports have the same priority the lower numbered port is given a higher priority e High Power Mode 802 3at for each port Class Displays the class of the powered device PD connected to the port The classes define the range of maximum power output that the switch generates The 45 GS752TP GS728TP and GS728TPP Gigabit Smart Switches power level that the PD can actually use is slightly lower The classes are defined as follows 0 0 15 4W 1 0 4W 2 0 7W 3 0 15 4W 4 0 30W e Timer Schedule Select the timer schedule to use for the port By default no timer schedules are configured To create a timer schedule use the Timer Global Configuration screen e Output Voltage Displays the current voltage being delivered to device in volts e Output Current Displays the current being delivered to device in mA e Output Power Displays the current power being delivered to device in watts e Power Limit Displays the type of power limit to use on the port e Status Displays the operational status of the port PD detection Disabled Indicates that no power is being delivered DeliveringPower Indicates that power is being drawn by a connected device Fault Indicates a problem with the port Test Indicates that the port is in test mode OtherFault Indicates that the port is idle due to an err
297. ted g5 untested g6 untested 97 untested g8 untested g9 untested gi0 untested ED m Select the interface for which cable data is to be displayed This can be done by either clicking the check box by the required port or by entering the port name in the Go to Interface field and clicking Go Click APPLY to execute the test per port The following fields are displayed e Cable Status e Normal The cable is working correctly e No Cable No cable is connected to the tested port e Open Cable A cable is connected to the port but it is not connected to the other side no link e Short Cable There is an electrical short in the cable e Cable Test Failed The cable status was not able to be determined The cable might in fact be working e Untested The test has not been performed e Cable Length The estimated length of the cable in meters The length is displayed as a range between the shortest estimated length and the longest estimated length This is of rough length accuracy 0 50m 50 80m 80 110m 110 140m or more than 140 m Unknown is displayed if the cable length was not determined The cable length is displayed only if the cable status is Normal 217 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Failure Location The estimated distance in meters from the end of the cable to the failure location The failure location is displayed only if the cable status is Open Cable Short Cable
298. terface from the Web Interface Naming Convention GS752TP GS728TP and GS728TPP Gigabit Smart Switches Switch Management Interface The NETGEAR switch contains an embedded web server and management software for managing and monitoring switch functions The switch functions as a simple switch without the management software However you can use the management software to configure more advanced features that can improve switch efficiency and overall network performance Web based management lets you monitor configure and control your switch remotely using a standard web browser instead of using expensive and complicated SNMP software products From your web browser you can monitor the performance of your switch and optimize its configuration for your network You can configure all switch features such as VLANs QoS and ACLs by using the web based management interface NETGEAR provides the Smart Control Center utility with this product This program runs under Windows XP Windows 2003 Windows 2008 or Windows 7 32 bit and 64 bit and provides a front end that discovers the switches on your network segment L2 broadcast domain When you power up your switch for the first time use the Smart Control Center to discover the switch and view the network information that was automatically assigned to the switch by a DHCP server or if no DHCP server is present on the network use the Smart Control Center to discover the switch and assign stati
299. tering information The transparent bridging function uses this information in determining how to propagate a received frame Use the search function of the Address Table screen to display information about the entries in the table 122 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To search for an entry in the MAC Address Table 1 Select Switching gt Address Table gt Basic gt Address Table The following screen displays NETGEAR GS752TP nec ct with ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index LAG VLAN Voice VLAN Auto VoIP STP Multicast Tni Address Table gt Address Table Address Table e netara Search By VLAN ID aL lug Total MAC Addresses 83 MAC Address Table VLAN 1 11 ff aa 22 33 cc Learned VLAN 2 fF fF FF fF FP FF Learned VLAN 3 ff ff aa aa aa aa gi Learned VLAN 4 11 11 11 11 11 11 g2 Learned VLAN 8 ff ff ff 22 ff cc gii Learned VLAN 9 ff f3 ff fe ff 8f g8 Learned VLAN 10 fa ff ac a6 aa fa g5 Learned VLAN 13 14 17 d1 dd 11 cc g4 Learned CLEAR REFRESH CANCEL 2 In the Search By field select whether to search for MAC addresses by MAC address VLAN ID or interface MAC Address Select MAC Address and enter a 6 byte hexadecimal MAC address in 2 digit groups separated by colons then click GO If the address exists that entry is displayed An exact match is required
300. th excluding framing bits but including FCS octets of from 64 through 1518 octets inclusive but had a bad frame check sequence FCS with a nonintegral number of octets Rx FCS Errors The total number of packets received that had a length excluding framing bits but including FCS octets of 64 through 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets 213 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Overruns The total number of frames discarded as this port was overloaded with incoming packets and was not able to keep up with the inflow 802 3x Pause Frames Received A count of MAC control frames received on this interface with an operation code indicating the pause operation This counter does not increment when the interface is operating in half duplex mode Total Packets Transmitted Octets The total number of octets of data including those in bad packets transmitted on the network excluding framing bits but including FCS octets This object can be used as a reasonable estimate of Ethernet utilization Total Packets Transmitted Successfully The number of frames that have been transmitted by this port to its segment Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packe
301. the IPv6 address is in EUI 64 format The default value is False 3 Click ADD to add a new IPv6 address or click DELETE to delete a selected IPv6 address from the list of IPv6 addresses 4 Click APPLY to apply the changes to the system 30 GS752TP GS728TP and GS728TPP Gigabit Smart Switches IPv6 Network Neighbors To view the IPv6 Network Interface Neighbors Select System Management IPv6 Network Neighbors The following screen displays NETGEAR RIEN with PoE and 4 SFP Ports Routing QoS Securi ty Monitoring Maintenance Help Index LOGOUT Device View PoE SNMP LLDP Services System Switching gt System IPv6 Network Interface Neighbor Table Information gt IP Configuration IPv6 Network Interface Neighbor Table gt IPv6 Network IPv6 Address MAC Address gt Green Ethernet CLEAR REFRESH Properties of each neighbor are displayed as described below e Pv6 Address Specifies the IPv6 address of the neighbor interface e MAC Address Specifies the MAC address associated with the neighbor interface e IsRtr Indicates whether the neighbor is a router If the neighbor is a router the value is True If the neighbor is not a router the value is False e Neighbor State Specifies the state of the neighbor cache entry The following are the states for dynamic entries in the IPv6 neighbor discovery cache e Reach No more than ReachableTime milliseconds have elapsed since confirmati
302. the orange bar to display the available ports 3 Click the box below each port to configure it as a protected port Protected ports are marked with a y No traffic forwarding is possible between two protected ports 4 Click APPLY to update the switch with the new settings Configuration changes take effect immediately 186 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Configure Access Control Lists Access control lists ACLs ensure that only authorized users have access to specific resources while blocking any unwarranted attempts to reach network resources ACLs are used to provide traffic flow control restrict contents of routing updates decide which types of traffic are forwarded or blocked and above all provide security for the network The switch software supports IPv4 and MAC ACLs To configure an ACL first create an IPv4 based or MAC based ACL ID Then create a rule and assign it to a unique ACL ID Next define the rules which can identify protocols source and destination IP and MAC addresses and other packet matching criteria Finally use the ID number to assign the ACL to a port or to a LAG The ACL menu provides access to features described in the following sections e ACL Wizard e MAC ACL e MAC Rules e MAC Binding Configuration e MAC Binding Table e IPACL e IP Rules e IP Extended Rules e IPV6ACL e Pv6 Rules e IP Binding Configuration e IP Binding Table ACL Wizard ACL Wizard h
303. the selected MST instance iflndex Iflndex of the interface table entry associated with this port on an adapter Port Type For most ports this field is blank Otherwise the possible values are Mirrored Indicates that the port has been configured as a monitoring port and is the source port in a port mirroring session For more information about port monitoring and probe ports see Mirroring on page 223 e Probe Indicates that the port has been configured as a monitoring port and is the destination port in a port mirroring session For more information about port monitoring and probe ports see Mirroring on page 223 e Port Channel Indicates that the port has been configured as a member of a port channel which is also known as a link aggregation group LAG Port Channel ID If the port is a member of a port channel the port channel interface ID and name are shown Otherwise Disable is shown 211 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Port Role Each MST bridge port that is enabled is assigned a port role for each spanning tree The port role can be one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port STP Mode The Spanning Tree Protocol STP administrative mode for the port or LAG The possible values for this field are e Enable Spanning Tree Protocol is enabled for this port e Disable Spanning Tree Protocol is disabled for this port STP
304. ther static or dynamic but not both All members of a LAG must participate in the same protocols A static port channel interface does not require a partner system to be able to aggregate its member ports Static LAGs are supported When a port is added to a LAG as a static member it does not transmit or receive LAGPDUs This switch supports eight LAGs From the LAGs menu you can access features described in the following sections e LAG Configuration LAG Membership e LACP Configuration e LACP Port Configuration LAG Configuration Use the LAG Configuration screen to group one or more full duplex Ethernet links to aggregate together to form a link aggregation group which is also known as a port channel The switch treats the LAG as if it were a single link 76 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure LAG settings Select Switching gt LAG gt Basic gt LAG Configuration The following screen displays 1 NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN Voice VLAN Auto VoIP STP Multicast Address Table Bac LAG Configuration LAG Configuration LAG Configuration LAG Membership Active Advanced LAG Name Description Admin Mode STP Mode LAG Type Ports LAG State CILL Disable Disable Link Down Disable Disable j Link Down Disa
305. ting VLANs and configuring the PVID for a port see VLANs The management VLAN has the following requirements Only one management VLAN can be active at a time e When a new management VLAN is configured connectivity through the existing management VLAN is lost The management station must be reconnected to the port in the new management VLAN 5 Click APPLY to apply the changes to the system IPv6 Network Configuration Use the IPv6 Network Configuration screen to configure the IPv6 network interface which is the logical interface used for in band connectivity with the switch through all of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed To access the switch over a IPv6 network you must initially configure the switch with IPvG information IPv6 prefix prefix length and default gateway IPv6 can be configured using IPv6 autoconfiguration When in band connectivity is established IPv6 information can be changed using any of the following e SNMP based management Web based management 29 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure the global settings for an IPv6 Interface 1 Select System gt Management gt IPv6 Network Configuration The following screen displays NETGEAR GS7521 E o ProSafe 48 Port Gigab
306. tion The TACACS Configuration screen contains the TACACS settings for communication between the switch and the TACACS server you configure through the inband management port gt To configure global TACACS settings 1 Select Security gt Management Security gt TACACS gt TACACS Configuration The following screen displays NETGEAR GS752TP Connect will ProSafe 48 Port Gigabit Smart Switch Connect with Innovation with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Access Port Authentication Traffic Control ACL TACACS Configuration User Configuration Change Password TACACS Configuration RADIUS TACACS TACACS Configuration TACACS Server Configuration Authentication List Key String Connection Timeout 163 GS752TP GS728TP and GS728TPP Gigabit Smart Switches 2 Inthe Key String field specify the authentication and encryption key for TACACS communications between the switch and the TACACS server The valid range is 0 128 characters The key must match the key configured on the TACACS server 3 In the Connection Timeout field specify the maximum number of seconds allowed to establish a TCP connection between the switch and the TACACS server The valid range is 1 30 seconds 4 Click APPLY to update the switch with the RADIUS Accounting server settings TACACS Server Configuration Use the TACACS Serve
307. to be configured with an unambiguous assignment of VLAN IDs VIDs to spanning trees This is achieved by 1 Ensuring that the allocation of VIDs to FIDs is unambiguous 2 Ensuring that each FID supported by the bridge is allocated to exactly one spanning tree instance The combination of VID to FID and then FID to MSTI allocation defines a mapping of VIDs to spanning tree instances represented by the MST Configuration table With this allocation every VLAN is assigned to only one MSTI The CIST is also an instance of spanning tree with an MSTID of 0 An instance might occur that has no VIDs allocated to it but every VLAN must be allocated to one of the other instances of spanning tree The portion of the active topology of the network that connects any two bridges in the same MST region traverses only MST bridges and LANs in that region and never bridges of any kind outside the region In other words connectivity within the region is independent of external connectivity Sample MSTP Configuration This example shows how to create an MSTP instance from the switch The sample network has three different switches that serve different locations in the network 267 GS752TP GS728TP and GS728TPP Gigabit Smart Switches In this example ports g1 g5 are connected to host stations so those links are not subject to network loops Ports g6 g8 are connected across Switches 1 2 and 3 Ports g1 95 Ports g1 95 connected to ho
308. to enable VLANs for IGMP snooping see GMP Snooping VLAN Configuration VLAN IDs Enabled For IGMP Displays VLAN IDs enabled for IGMP snooping querier Snooping Querier IGMP Snooping Table To view all of the entries in the Multicast Forwarding Database that were created for IGMP snooping use the IGMP Snooping Table screen Select Switching gt Multicast gt IGMP Snooping gt IGMP Snooping Table The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index LoGouT Ports I Xe VLAN Voice VLAN Auto VoIP STP Address Table EET IGMP Snooping Table MFDB Table IGMP Snooping Table MFDB Statistics Search by MAC Address Auto Video Auto Video s Configuration 01 00 5e 00 01 71 1 DYNAMIC Network Assist IGMP Snooping 01 00 5e 22 01 78 1 DYNAMIC Network Assist IGMP Snooping Configuration gt IGMP Snooping Table IGMP Snooping VLAN Configuration gt IGMP Snooping Querier MLD Snooping Static Multicast Address CLEAR REFRESH CANCEL 109 GS752TP GS728TP and GS728TPP Gigabit Smart Switches The following table describes the fields in the IGMP Snooping Table Table 19 IGMP Snooping Table Field Description MAC Address A multicast MAC address for which the switch has forwarding and filt
309. to send the updated configuration to the switch Configuration changes take place immediately 128 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Configure VLAN Routing Use the VLAN Routing Configuration screen to view information about the VLAN routing interfaces configured on the system or to assign an IP address and subnet mask to VLANs on the system gt To configure VLAN routing settings 1 Select Routing gt VLAN gt VLAN Routing The following screen displays GS752TP N E TG E A R ProSafe 48 Port Gigabit Smart Switch onnect w Inovoton with PoE and 4 SFP Ports System Switching Routing QoS Security Monitorin g Maintenonce Help Index VLAN Routing Configuration VLAN Routing Configuration eo mi CA 3D C7 ACIDE FS 1 2 3 4 255 255 255 0 ree 00 11 22 33 44 55 50 1 1 2 255 255 255 0 2 In the VLAN list Select the existing VLAN you want to configure for VLAN Routing The MAC Address field displays the MAC Address associated with the VLAN Routing Interface 3 In the IP Address field enter an IP Address of the VLAN Routing Interface In the Subnet Mask field Enter a subnet mask for the VLAN Routing Interface 5 Click ADD to add the VLAN Routing Interface specified in the VLAN ID field to the switch configuration 6 Click APPLY to send the updated configuration to the switch Configuration changes take place immediately 129 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Confi
310. to the broadcast address Broadcast Packets Received The total number of packets received that were directed to the broadcast address This does not include multicast packets Octets Transmitted The total number of octets transmitted out of the interface including framing characters Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to the broadcast address including those that were discarded or not sent Address Entries in Use The number of Learned and static entries in the Forwarding Database Address Table for this switch Maximum VLAN Entries The maximum number of virtual LANs VLANs allowed on this switch Static VLAN Entries The number of presently active VLAN entries on the switch that have been created statically 209 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Port Statistics The Port Statistics screen displays a summary of per port traffic statistics on the switch gt To display a summary of per port traffic statistics and clear or refresh the counters 1 Sele
311. ts that higher level protocols requested be transmitted to a multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to the broadcast address including those that were discarded or not sent Total Transmit Errors The sum of single multiple and excessive collisions Tx FCS Errors The total number of packets transmitted that had a length excluding framing bits but including FCS octets of from 64 through 1518 octets inclusive but had a bad FCS with an integral number of octets Tx Oversized The total number of frames that exceeded the maximum permitted frame size This counter has a maximum increment rate of 815 counts per second at 10 Mb s Total Transmit Packets Discarded The sum of single collision frames discarded multiple collision frames discarded and excessive frames discarded Single Collision Frames The number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision Multiple Collision Frames The number of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision Excessive Collision Frames The number of frames for which transmission on a particular interface fails due to excessive collisions 802 3x Pause Frames Transmitted The number of MAC control frames transmitted o
312. ty of the ingress port This process is also used for cases where a trusted port mapping is unable to be honored such as when a non IP packet arrives at a port configured to trust the IP DSCP value 138 GS752TP GS728TP and GS728TPP Gigabit Smart Switches gt To configure global CoS settings 1 Select QoS gt CoS gt Basic gt CoS Configuration The following screen displays NETGEAR GS752TP Connect with Innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index DiffServ CoS Configuration Basic CoS Configuration CoS Configuration s Advanced Global Trust Mode From the Global Trust Mode menu specify whether to trust a particular packet marking at ingress Global Trust Mode can be only one of the following e Untrusted Do not trust any CoS packet marking at ingress e 802 1p The eight priority tags that are specified in IEEE 802 1p are pO to p7 The QoS setting lets you map each of the eight priority levels to one of four internal hardware priority queues e DSCP The six most significant bits of the DiffServ field are called the Differentiated Services Code Point DSCP bits Click APPLY to send the updated configuration to the switch 139 GS752TP GS728TP and GS728TPP Gigabit Smart Switches CoS Interface Configuration Use the CoS Interface Configuration screen to apply an
313. u have specified more than one method e RADIUS The user s ID and password is authenticated using the RADIUS server If you select RADIUS or TACACS as the first method and an error occurs during the authentication the switch uses Method 2 to authenticate the user e TACACS The user s ID and password is authenticated using the TACACS server If you select RADIUS or TACACS as the first method and an error occurs during the authentication the switch attempts user authentication method 2 e None The authentication method is unspecified This option is available only for method 2 and method 3 Note Each authentication protocol can use up to three authentication methods Local and None must be the last methods You cannot configure methods after these two options 4 From the list in the 2 column select the authentication method if any that must appear second in the selected authentication login list Use this method if the first method times out If you select a method that does not time out as the second method the third method is not tried This parameter does not appear when you first create a login list 5 From the list in the 3 column select the authentication method if any that must appear third in the selected authentication login list This parameter does not appear when you first create a login list 6 Click APPLY to update the switch with the HTTPS Authentication settings 168 GS752TP GS728TP and GS728TPP
314. ueue or port level Four queues per port are supported From the Class of Service menu under the QoS tab you can access the following sections e Basic CoS Configuration e CoS Interface Configuration e Queue Configuration e 802 1p to Queue Mapping e DSCP to Queue Mapping Basic CoS Configuration Use the CoS Configuration screen to set the Class of Service global trust mode Each port in the switch can be configured to trust one of the packet fields 802 1p or IP DSCP which is set globally or to not trust a packet s priority designation untrusted mode If the port is set to a trusted mode it uses the global trust mode configuration This mapping table indicates the CoS queue to which the packet must be forwarded on the appropriate egress ports The trusted field must exist in the packet for the mapping table to be of any use so default actions are performed when this is not the case These actions involve directing the packet to a specific CoS level configured for the ingress port as a whole based on the existing port default priority as mapped to a traffic class by the current 802 1p mapping table Alternatively when a port is configured as untrusted it does not trust any incoming packet priority designation and uses the port default priority value instead All packets arriving at the ingress of an untrusted port are directed to a specific CoS queue on the appropriate egress ports in accordance with the configured default priori
315. upport to a Layer 2 switch offers some of the benefits of both bridging and routing Like a bridge a VLAN switch forwards traffic based on the Layer 2 header which is fast Like a router it partitions the network into logical segments which provides better administration security and management of multicast traffic By default all ports on the switch are in the same broadcast domain VLANs electronically separate ports on the same switch into separate broadcast domains so that broadcast packets are not sent to all the ports on a single switch When you use a VLAN users are grouped by logical function instead of physical location Each VLAN in a network has an associated VLAN ID which displays in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station might omit the tag or the VLAN portion of the tag in which case the first switch port to receive the packet can either reject it or insert a tag using its default VLAN ID A given port can handle traffic for more than one VLAN but it can support only one default VLAN ID From the VLAN menu you can access the features described in the following sections e VLAN Configuration e VLAN Membership Configuration e Port VLAN ID Configuration VLAN Configuration Use the VLAN Configuration screen to define VLAN groups stored in the VLAN membership table The switch supports up to 256 VLANs VLAN 1 is created by default and all ports are untagged members
316. ups LAGs 76 LLDP 55 configuration 56 local information 60 neighbors information 63 packets number of 56 port settings 57 LLDP MED 55 network policy 58 port settings 59 logs 218 buffered 218 server 220 traps 222 MAC bridge identifier 101 MFDB table 104 multicast destination 104 GS752TP GS728TP and GS728TPP Gigabit Smart Switches searching address table 122 MAC ACLs 190 binding configuration 193 binding table 195 rules 191 sample configuration 256 management security settings 158 Max PoE LED 20 MFDB statistics 106 MIBs 22 mirroring 223 MLD snooping 115 snooping configuration 115 VLAN configuration 117 monitoring ports detailed statistics 211 statistics 210 switch statistics 208 MSTP 266 configuration 99 port configuration 102 sample configuration 267 multicast 104 forward all 121 forwarding database MFDB 104 group configuration 119 group membership 120 router VLAN configuration 118 N navigation tabs 18 O online help 244 Organizationally Unique Identifier 88 OUI Organizationally Unique Identifier 88 P password change 158 lost 159 ping 238 ping IPv6 239 PoE configuration 44 overview 43 port configuration 45 timer global configuration 46 timer schedule 47 ports 73 208 authentication 175 177 configuration 74 global configuration 73 mirroring 223 protected 186 security interface configuration 184 summary 180 VLAN ID PVID configuration 84 Power Status LED 20 Q Qo
317. uration gt Multicast Router VLAN Configuration Static Multicast Address VLAN IDs Enabled For MLD Snooping REFRESH CANCEL APPLY Next to MLD Snooping admin mode enable or disable the administrative mode for MLD Snooping for the switch The default is disabled The VLAN IDs Enabled For MLD Snooping section displays VLAN IDs enabled for MLD snooping Click APPLY to send the updated configuration to the switch Configuration changes take place immediately 116 GS752TP GS728TP and GS728TPP Gigabit Smart Switches MLD VLAN Configuration MLD snooping can be enabled on a per VLAN basis It is necessary to keep track of the interfaces that are participating in a VLAN in order to apply or remove configurations gt To configure the MLD VLAN 1 Select Switching gt Multicast gt MLD Snooping gt MLD VLAN Configuration The following screen displays NETGEAR GS752TP C Eu Wd ProSafe 48 Port Gigabit Smart Switch Connect with Innovation A with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Ports LAG VLAN Voice VLAN Auto VoIP STP MLD VLAN Configuration gt MFDB Auto Video MLD VLAN Configuration gt IGMP Snooping Fast IGMP Snooping Admin Leave Sye Maximum Multicast Router A VLAN ID Membership E 3 5 Querier Mode Admin Response Time Expiry Time x Interval Querier Mode Configuration Querier VLAN Configuration Qu
318. uration 2 acoso deco e Son veg ita Oo reden db e Service Statistics 22x ober Oe ee bare eee eee as Chapter 6 Managing Device Security Management Security Settings lille eee Change Password 252 ur dates een xd Re pea deer a eoe dace Configure RADIUS Settings ud xh hohem RC ht chen a Configure TAGAGS E 2x cvijes aia Dope drest e EORR d Authentication List Configuration llle Configure Management ACCESS iiiss suse sk hr n EaS ITE COMmGUIAUON inact aca scan onc aca ul deco aea ul a Ro b tana Secure HTTP Configuration 2 zm te ceed eee RERXSERUEd A Certificate Management uocem nascens xe tis ane E mcd ehe Access Control 222a cede nebo hae arara dee a Port AutlientiGatiG aun iex coach ace ao de Aelio x d i Ro abes 802 1 Configuration oe e ro pe esee Eo I a POortAutlie nl eor duc atender band pg quests E EEEE Port SUIIary ise nett ade eee dra cd eee ee Teame COLDITOL sie 2m ror dro EPRPRIDI2DPRORPEO dure Py eei EE Stob CORLIEO 53b c aon a ih p Hg SCORE SORE SL ate iR d Rd Port Security Interface Configuration iliis Security MAG Address aces den Rx ERR Rd baw ICA os Rcgis Protected POI tSsa s unes orzes epe bepoebpr ROG Gee de SP pRAd Rd Configure Access Control Lists 0000 0c ara DE Eaa AGL WZI 23249222 92 dee dese S994 de Re IPLA ETE REEE MAG ACU d doct daa a ob EUR RE s CERE pape othe eee GS752TP GS728TP and GS728TPP Gigabit Smart Switches MAC IUIS
319. uter mode Number of DHCP snooping 8K N A bindings Number of DHCP static entries 1024 N A MLD snooping N A N A 252 Contiguration Examples This chapter contains information about how to configure the following features Virtual Local Area Networks VLANs Access Control Lists ACLs Differentiated Services DiffServ 802 1x MSTP Configure VLAN Routing with Static Route 253 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Virtual Local Area Networks VLANs A local area network LAN can generally be defined as a broadcast domain Hubs bridges or switches in the same physical segment or segments connect all end node devices End nodes can communicate with each other without the need for a router Routers connect LANs together routing the traffic to the appropriate port A virtual LAN VLAN is a local area network with a definition that maps workstations on some basis other than geographic location for example by department type of user or primary application To enable traffic to flow between VLANs traffic must go through a router just as if the VLANs were on two separate LANs A VLAN is a group of computers servers and other network resources that behave as if they were connected to a single network segment even though they might not be For example all marketing personnel might be spread throughout a building Yet if they are all assigned to a single VLAN they can share resource
320. uthentication is performed by a RADIUS server This means the primary authentication method must be RADIUS To set the method select Security gt Management Security gt Authentication List and select RADIUS as method 1 for defaultList For more information see Authentication List Configuration Select the radio button in the guest VLAN field to enable or disable Guest VLAN and have untagged incoming frames go to the Guest VLAN If you enable the guest VLAN select the guest VLAN ID Enter the Guest VLAN Period Next to the EAPOL Flood Mode field select whether to enable or disable radio button forwarding of EAPoL frames when 802 1x is disabled on the device Click APPLY to update the switch with the new settings 176 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Port Authentication Use the Port Authentication screen to enable and configure port access control on one or more ports gt To configure 802 1x settings for the port 1 Select Security gt Port Authentication gt Advanced gt Port Authentication Note Use the horizontal scroll bar at the bottom of the browser to view all the fields on the Port Authentication screen The following figures are both images of the Port Authentication screen NETGEAR GS752TP Connect with innovation ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports System Switching Routing Qos Security Monitoring Maintenance Help Index Management Security Acces
321. value in the violate action packets with the new DSCP value 145 GS752TP GS728TP and GS728TPP Gigabit Smart Switches This feature changes remarks the DSCP tags for incoming traffic switched between trusted QoS domains For example assume that there are three levels of service A B and C and the DSCP incoming values used to mark these levels are 10 20 and 30 respectively If this traffic is forwarded to another service provider that has the same three levels of service but uses DSCP values 16 24 and 48 the DSCP violate action mapping changes the incoming values as they are mapped to the outgoing values gt To configure the DSCP violate action mapping 1 Select QoS gt DiffServ gt Advanced gt DSCP Violate Action Mapping The following screen displays NETGEAR GS752TP ProSafe 48 Port Gigabit Smart Switch Connect with Innovation J with PoE and 4 SFP Ports System Switching Routing Security Monitoring Maintenance Help Index DSCP Violate Action Mapping Diffserv Class Selector CS PHB Configuration DSCP Violate CENTRI CNN ose osc RR lame Action Mapping Cs0 000000 0 7 Cs2 000010 16 7 cS4 000100 32 cs 6 000110 48 7 Advanced CS 1 000001 8 v7 CS3 000011 24 CS 5 000101 CRI CS 7 000111 56 v gt Diffserv Configuration Assured Forwarding AF PHB o Acn Mopoing C oser NHNN NEN NN Cias AF 11 001011 10 v AF21 010101 18 v AF31 011111 26 v AF41
322. ved resource reservation according to network management policy RSVP for example Differentiated Services Network resources are apportioned based on traffic classification and priority giving preferential treatment to data with strict timing requirements The switch support DiffServ The DiffServ feature contains a number of conceptual QoS building blocks you can use to construct a differentiated service network Use these same blocks in various ways to build other types of QoS architectures There are three key QoS building blocks needed to configure DiffServ e Class e Policy e Service that is the assignment of a policy to a directional interface Class You can classify incoming packets at Layers 2 3 and 4 by inspecting the following information for a packet e Source and destination MAC addresses e EtherType e Class of Service 802 1 p priority value first or only VLAN tag e VLAN ID range first or only VLAN tag e IP service type octet also known as ToS bits precedence value DSCP value 259 GS752TP GS728TP and GS728TPP Gigabit Smart Switches e Layer 4 protocol such as TCP or UDP e Layer 4 source and destination ports e Source and destination IP addresses From a DiffServ point of view there are two types of classes e DiffServ traffic classes e DiffServ service levels or forwarding classes DiffServ Traffic Classes With DiffServ you define which traffic classes to track on an ingres
323. y To modify settings for a RADIUS server that is already configured on the switch select the check box next to the server address field update the desired fields and click APPLY 161 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Accounting Server Configuration Use the Accounting Server Configuration screen to view and configure various settings for a RADIUS accounting server on the network gt To configure the RADIUS accounting server 1 Select Security gt Management Security gt RADIUS gt Accounting Server Configuration The following screen displays NETGEAR GS752TP C ProSafe 48 Port Gigabit Smart Switch Connect with Innovation A with PoE and 4 SFP Ports System Switching Routing QoS Security Monitoring Maintenance Help Index Port Authentication Traffic Control ACL leer contiaura tian Accounting Server Configuration Change Password Accounting Server Configuration RADIUS Accounting Server Address 0 0 0 0 Global Configuration 1813 11 j 0to65535 Server Secret Configured No v Configuration Secret f Accounting Server Configuration TACACS Accounting Mode Disable v Authentication List DELETE 1 REFRESH CANCEL 2 In the Accounting Server Address field specify the IP address of the RADIUS accounting server to use 3 In the Port field specify the UDP port number the server uses to verify the RADIUS accounting server authentication
324. y field Otherwise this field is ignored Valid keys are 0 15 characters long 5 Click APPLY Configuration changes take effect immediately 54 GS752TP GS728TP and GS728TPP Gigabit Smart Switches LLDP The IEEE 802 1AB defined standard Link Layer Discovery Protocol LLDP allows stations on an 802 LAN to advertise major capabilities and physical descriptions A network manager views this information to identify system topology and detect bad configurations on the LAN From the LLDP menu you can access the features described in the following sections e LLDP Configuration e LLDP Port Settings e LLDP MED Network Policy e LLDP MED Port Settings e Local Information e Neighbors Information LLDP is a one way protocol there are no request response sequences Stations advertise information by implementing the transmit function and stations implementing the receive function receive and process information The transmit and receive functions can be enabled or disabled separately per port By default both the transmit and receive functions are enabled on all ports The application is responsible for starting each transmit and receive state machine appropriately based on the configured status and operational state of the port The Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an enhancement to LLDP with the following features e Autodiscovery of LAN policies such as VLAN Layer 2 Priority and DiffSe
325. y given VLAN throughout a bridged LAN comprising arbitrarily interconnected networking devices each operating MSTP STP or RSTP MSTP enables frames assigned to different VLANs to follow separate paths each based on an independent Multiple Spanning Tree Instance MSTI within Multiple Spanning Tree MST regions composed of LANs and or MSTP bridges These regions and the other bridges and LANs are connected into a single common spanning tree CST IEEE DRAFT P802 1s D13 MSTP connects all bridges and LANs with a single Common and Internal Spanning Tree CIST The CIST supports the automatic determination of each MST region choosing its maximum extent The connectivity calculated for the CIST provides the CST for interconnecting these regions and an Internal Spanning Tree IST within each region MSTP ensures that frames with a given VLAN ID are assigned to only one of the MSTIs or the IST within the region that the assignment is consistent among all the networking devices in the region and that the stable connectivity of each MSTI and IST at the boundary of the region matches that of the CST The stable active topology of the bridged LAN with respect to frames consistently classified as belonging to any given VLAN thus simply and fully connects all LANs and networking devices throughout the network though frames belonging to different VLANs can take different paths within any region per IEEE DRAFT P802 1s D13 All bridges whether they use
326. ys NETGEAR System Switching Routing QoS Security Management Device View SNMP LLDP Services v Basic PoE Configuration E PoE Configuration PoE Configuration Advanced Power Status Nominal Power Threshold Power Consumed Power Traps Monitoring GS752TP ProSafe 48 Port Gigabit Smart Switch with PoE and 4 SFP Ports Maintenance Help Index Enable REFRESH CANCEL Note You can also access the PoE Configuration screen by selecting System PoE Advanced PoE Configuration Next to Traps select the appropriate radio button to enable or disable SNMP traps Click APPLY to apply the new settings to the system Table 7 describes the following information provided in the PoE Configuration screen Table 7 PoE Configuration Field Descriptions Field Description Power Status Indicates whether the PoE capability is on or off Nominal Power Indicates the maximum amount of power the switch can provide to all ports 44 GS752TP GS728TP and GS728TPP Gigabit Smart Switches Field Description Threshold Power Indicates a power threshold percentage In order to give power to an additional port the consumed power must be below the threshold Consumed Power Displays the amount of power the system can consume before the system does not provide power to an additional port PoE Port Configuration Use the PoE Port Configuration screen to configure per port
Download Pdf Manuals
Related Search