NETGEAR 700 Series Switch User Manual
Contents
1. Fastlink Enabled or When a Fastlink enabled port running standard STP is Disabled connected it will go through the STP negotiation listening gt learning gt forwarding or blocking before it will be fully available Fastlink in STP mode If a client is trying to access a server through the switch running the STP negotiation it will not be able to connect to it immediately This can be a problem for some networks Fastlink mode solves this problem by setting the port to direct forwarding mode thus allowing any server access request to be forwarded Fastlink mode can cause temporary loops in your network but STP will find and eliminate them Fastlink is best used on end node ports Le ports connected to PCs or servers and not on uplink ports to other switches Advanced gt MAC There are two advanced MAC setup configurations options e Aging Time e Static Address Web Based Management Interface 5 35 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt MAC gt Address Aging Advanced gt MAC gt Aging Time Addresses will be aged out of the MAC Address table after one aging time cycle Aging Time 300 10 1000000 seconds Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation Figure 5 36 MAC gt Address Aging Aging Time is a variable that must be co2. Enabled KE Blk Auto Auto E Bik Auto Auto E Blk Auto Auto d KE Blk Auto Auto d KE Bk anwo d Auto d E Bik Le d Auto d KE Blk Auto Auto d E Bik Auto Ss Auto e pe a Figure 5 14 Port Configuration This menu allows you can configure the status of each port Port Name Link On Off State Speed 5 14 The port number on the switch The name of the port This is a user defined label A green triangle pointing up indicates a valid link while a red triangle pointing down indicates no link Indicates 1f the port is enabled or disabled by the Administrator This refers to the Spanning Tree state of the port Ports will be Blocking Blk Listening Lis Learning Lrn Forwarding Fwd or Disabled Dis Indicates the speed and duplex for the port The possible entries are Auto negotiation Auto 10 Mbps half duplex 10M Half 10 Mbps full duplex 10M Full 100 Mbps half duplex 100M Half or 100 Mbps full duplex 100M Full Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 e Flow Control Indicates whether Flow Control support is set for automatic Auto or off Disabled Set up gt GBIC This page allows the user to choose the port type for the gigabit ports The default is 1 OOOBASE T RJ 45 Set up gt GBIC The Gigabit Interface Converter GBIC slot on the switch can accommodate any GBIC standard modul
3. Interface status amp configuration e JP IP information e Mac address table the MAC address table and other related items such as aging timers and static addresses e Mirror Mirroring settings e Multimedia IGMP settings e Running Config Current operating configuration e SNMP SNMP related information e Spanning Tree the Spanning Tree topology e System System related settings e Trunking Trunking information e VLAN VLAN information DiffServ Use the show diffserv command to view the priority associated with each DSCP value Syntax Command Line Interface 6 3 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 FSM726 show diffserv An example of the partial output is shown below DSCP Priority 0 normal 1 normal 2 normal 3 normal 4 normal 5 normal 6 normal Interfaces The show interface command displays such information as port statistics duplex speed and other port related information Syntax FSM726 show interface Ethernet lt x y gt Where lt x y gt x is the stack number always 1 in FSM726 y is the port number An example of the display output is shown below FastEthernet1 23 is Up Hardware is Fast Ethernet Auto duplex Full Auto Speed 100 100BaseTX FX pvid is 1 cos is normal broadcast rate limit is 1488100 packets second input 63994 Bytes 489 Unicast Packets 83 Non unicast Packets 0 Packet Discards 0 Packet Err
4. SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Unit il Status gt Switch Statistics SC Uptime H Days 1 hr 16 min 48 sec 2 3 Inbound Outbound 5 6 Octets 34742999 Octets 45 8300 7 Unicast Packets 34171 Unicast Packets 29033 8 Non unicast Packets 27391 Non unicast Packets 149 9 Packet Discards H Packet Discards NM 18 Packet Errors H Packet Errors NM 8 Undersized Packets H 12 Oversized Packets H E 14 is 16 Figure 4 7 Switch Statistics Main Menu gt Status gt Statistics Rest The Statistic Reset menu allows the user to reset the statistic counter to zero When you choose this option a prompt will appear asking you for a confirmation Once the confirmation is made the statistics counters will be reset to zero a Switch Statistics b Reset Statistics c MAC Address Table KEE aie sie aie ie ie ie E E E te ie ae ie E ale aie ate ae aie ale aie aie aie aie E E aie aie te E die aie aie ale ae ate aie ae ate ale ate aie aie E D Do you want to reset the counters Nes i EE E E E E DE E E ee ee ee ee ee ET E E E E E E E E E E EN Figure 4 8 Reset Switch Statistics Main Menu gt Status gt MAC Address Table The MAC Address lookup table displays the MAC addresses that are currently in the address database When addresses are in the database the packets intended for those addresses are forwarded directly to those ports You can filter out addresses in the tabl
5. 6 22 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Name Use the name command to give a name to the switch This is done to make the switch easier to identify Syntax FSM726 config snmp server name lt switch name gt Where lt switch name gt the name you wish to give to the switch Host The host command is used to specify hosts to receive SNMP notifications Syntax FSM726 config snmp server host lt host name gt lt host IP address gt lt community string gt Where lt host name gt the name of the host that is to receive SNMP notifications lt host IP address gt The IP address of the host specified lt community string gt the community which the host belongs to Host Authorization The host authorization command enables SNMP host authorization Syntax FSM726 config snmp server host authorization Trap The trap command enables SNMP trap s IP is not in the SNMP host table Syntax FSM726 config snmp server trap Command Line Interface 6 23 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Spanning Tree Spanning Tree Protocol STP ensures that only one path at a time is active between any two network nodes There are maybe more than two physical path between any two nodes for redundant paths STP ensures only one physical path is active and the others are blocked STP will prevent an inadvertent loop in a network
6. Advanced Tools C Traffic Management LANS Spanning Tree Figure 5 21 Advanced menu e Disable Advanced Alerting e Advanced Security e Port Mirroring Web Based Management Interface 5 19 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Port Trunking Virtual Cable Tester Advanced Tools Traffic Management VLANS Spanning Tree MAC Multimedia Support The Advanced page allows professional users to operate more complicated features of the device which include VLAN Spanning Tree Port Trunking Multimedia support IGMP traffic prioritization SNMP and port mirroring These features are powerful and can degrade or disable a network if improperly used Disable Advanced Alerting When you select a feature in the Advanced menu an alert will pop up to inform you that the changes you are about to make may have adverse effect on your network Experienced users may use this option to disable these alerts Advanced Security You can configure the security settings of the switch by choosing either to use basic password or RADIUS server to authenticate the user attempting to configure the switch In addition the user can also set up IP filtering to allow only approved users on the network to configure the switch Port Based Authentication The user can configure the ports of the switch for authentication through a RADIUS server to authenticate the user attempting to connect
7. Boot from Net amp Save option 7 Save the setting in non volatile memory Use the Apply button and then the Tools gt Save Configuration screen 8 Restart the system via the Tools gt Reset command The new image should over write the old image in NVRAM Verify it by going to the Software Download screen and checking the Software Release information Software Upgrade Procedure 3 2 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 3 3 SM 10004 02 Software Upgrade Procedure Chapter 4 Administration Console Telnet Interface The administration console is an internal character oriented VT 100 ANSI menu driven user interface for performing management activities Using this method you can view the administration console from a terminal PC Apple Macintosh or UNIX workstation connected to the switch s console port Figure 4 1 shows an example of this management method E Pl xi NETGEAR FSM Stackable Switch olej slz ol si Sustea Infopmation Uptise 0 Days Bh 10 sin 41 sec System Description FSH726 Managed Switch _ Sysles Name System Contact Suz leg Localion MHC Address 00 0 IP Address 1 Default Gateway 1 2 16 97 Subnet Mask 255 255 0 0 Software Version 1 0 4 3813 System OID 1 3 6 1 6 1 4576 1 4 lt ESC gt Back To configure this page goto the Set up windows lt Ctri L gt Refresh Corrected htt e Vito 03 Figure 4 1 Administration Console Man
8. Show VLAN drop down menu select Add a new VLAN Enter the VLAN Id and name in the provided fields Add VLAN members if so desired See below Click Apply Delete a VLAN Group Check the Remove VLAN box for the VLAN you want to remove Web Based Management Interface 5 31 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Click Apply Add a port to a VLAN Group Under the Show VLAN drop down menu select the VLAN you want to edit Click the box below the port number on the line of the VLAN so that a T tagged or U untagged appears Click Apply Remove a port from a VLAN Group Click the box again until a blank box appears This will remove VLAN membership from the port Click Apply Advanced gt VLAN gt VLAN Port Advanced gt VLANS gt VLAN Ports Stack Unit 1 Port PVID Port PVID Port PVID Port PVID 1 Lag 2 Bg 3 eS 4 Be 5 Zi ien 7 fw 8 Ka 4 ae 10 IS 11 UE 12 13 Ir 14 oy 15 Wa 16 In 17 SI 18 E 19 Bs 20 a 21 a 22 TS 23 EE 24 LC a GbE 1 mee i Apply Reload To permanently save ihe ania aiast into non volatile memory click Apply on this page followed by Tools figuration from the side navigation Figure 5 33 VLAN Port Settings All untagged packets entering the switch will by default be tagged with the ID specified by the port s PVID This screen allows you to specify the PVID for each port The number next to each port indicates whic
9. interface Ethernet 1 2 cos Normal description Not Defined Command Line Interface SM 10004 02 6 7 700 Series Managed Switch User s Guide for Software v2 1 no shutdown speed 100 duplex full flow ctrl negotiation auto switchport access vlan untagged 1 switchport access native 1 spanning tree port priority 128 spanning tree cost 19 no spanning tree fastlink exit More SNMP The show snmp command displays system information that will be reported to an SNMP agent including the Contact and the Location Syntax FSM726 show snmp Spanning Tree The show spanning tree command displays the status and topology of the spanning tree configuration as well as spanning tree state of each port Brief The show spanning tree brief command gives a brief summary of the spanning tree status Syntax FSM726 show spanning tree brief An example of the display output is shown below 6 8 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 VLANI Spanning tree enabled protocol IEEE ROOT ID Priority 32768 Address 0009 5b36 b007 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 0009 5b36 b007 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Port Designated Name Prio Cost Sts Cost Bridge ID Fal 1 128 19 BLK 0O 0009 5b36 b007 Fal 2 128 19 BLK 0O 0009 5b36 b007 Fal 3 128 19 BLK 0O 0009 5b36 b007 Fal 4 128 19 BLK 0O 0009 5b36 b007
10. flow ctrl Help The help command displays instructions on how to access help on the CLI Syntax FSM726 config if Help To access Help on a specific command you enter a question mark behind the command in question then a list of available options will be presented to you For example suppose you want to know the available options to the command cos You would enter cos Mirror You can designate a port for monitoring traffic from one or more other ports or of a single VLAN configured on the switch The switch monitors the network activity by copying all traffic from the specified monitoring sources to the designated monitoring port to which a network analyzer can be attached Syntax FSM726 config if mirror source monitor Where source monitor Setting this particular port to be a mirror source or a mirror monitor Command Line Interface 6 15 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Use the no command to disable mirror Negotiation This command lets you enable speed and duplex auto negotiation Syntax FSM726 config if negotiation auto No The No command negates one of your previously given commands Syntax FSM726 config if no lt commands gt Where lt command gt the command which you wish to negate For example suppose you previously turned on flow control on this particular interface by using the low ctr1 command and you changed your mind and wish to turn it
11. s Guide for Software v2 1 Syntax FSM726 config system gateway lt default gateway gt Where lt default gateway gt the IP address of the default gateway Save The save command is used to save the configuration to the s NVRAM once you have made changes to it Syntax FSM726 config system save Restore The restore command is used to restore all configurations back to factory default value Please note that this command will cause the switch to reset itself Syntax FSM726 config system restore Web Use this command enable disable the web configuration interface Use the No command to disable the web interface Syntax FSM726 config system web Telnet Use this command to enable disable configuration via telnet Use the No command to disable the Telnet access Syntax FSM726 config system telnet 6 28 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Username Use the username command to create a new user for the switch Syntax FSM726 config system username lt username gt Where lt username gt the user name you wish to set up for accessing the switch Please note that this field is case sensitive Password Use this command to set a password for the switch Syntax FSM726 config system password lt password gt Where lt password gt the password you wish to set for the switch Firmware boot The firmware command is used to
12. 5b 36 b0 07 Spanning Tree is Enabled Hello Time 2 1 10 seconds Max Age 20 6 40 seconds Forward Delay fi 5 4 30 seconds Figure 5 34 Spanning Tree Bridge Settings When Spanning tree is used in conjunction with a set of aggregated ports also known as a port trunking Spanning Tree will treat the trunk as a single virtual port Spanning Tree can be enabled or disabled in this screen Enable There are four other tunable parameters to be addressed when enabled Web Based Management Interface 5 33 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Hello Time Time between configuration messages sent by the Spanning Tree algorithm Max Age Amount of time before a configuration message is discarded by the system Forward Delay Amount of time system spent transitioning from the learning to the listening to the forwarding states Bridge Priority Priority setting among other switches in the Spanning Tree Disable Disable Spanning Tree algorithm on the system Advanced gt Spanning Tree gt Port Settings Advanced gt Spanning Tree gt Port Settings Fast Link is a non standard but widely used protocol to bypass the delays inherent to the STP process of Listening gt Learning gt Forwarding By doing so it can create ternporary loops in your network hile these loops will be resowed by STP we recommend only using it on nodes that require immediate link Estimate Es
13. Fal 22 128 19 BLK O 0009 5b36 b007 Fal 23 128 19 FWD 0 0009 5b36 b007 Fal 24 128 19 BLK O 0009 5b36 b007 Gil 25 128 4 BLK 0 0009 5b36 b007 Gil 26 128 4 BLK O0 0009 5b36 b007 Interface The show spanning tree interface command displays the spanning tree state of a particular port Syntax FSM726 show spanning tree interface ethernet lt x y gt Where lt x y gt x is the stack number always 1 in the case with FSM726 and y is the port number An example of the display output is shown below Interface Fal 23 port 23 in Spanning tree is FORWARDING Port path cost 128 Port priority 19 Designated root has priority 32768 address 0009 5b36 b007 Designated bridge has priority 32768 address 0009 5b36 b007 Command Line Interface 6 9 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 System The show system command displays system related data Syntax FSM726 show system An example of the display output is shown below System Uptime 0 Days 1 hr 42 min 15 sec System Description FSM726 Managed Switch System name Switch 1 System contact Tom System location Closet 2 MAC Address 00 09 5b 36 b0 07 IP Assignment Mode Manual IP Address 169 254 224 1 Network Mask 255 255 0 0 Gateway Address 169 254 224 5 Web Access is Enabled Telnet Access is Enabled Password is Disabled User Authentication Mode is Local RADIUS Server IP Address 0 0 0 0 Shared Secret is Hardware Ver
14. Figure 4 10 System Configuration Main Menu gt Set Up gt IP Configuration This menu manages the IP related information of the system Administration Console Telnet Interface 4 7 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 IP Assignment Mode The user manually enters IP related information e Bootstrap Protocol which allows the switch to discover its own IP address from a BootP server on the network e DHCP which allows the switch to accept DHCP broadcasts from a DHCP server and automatically configures IP related information The default setting is DHCP to enable quick and easy set up However since you need to know the IP address of your switch to remotely manage it and DHCP assignments can change change the IP assignment mode from DHCP to manual after the switch has obtained its IP address IP Assignment Mode IP Address 169 254 224 1 Subnet Mask 259 259 0 0 Default Gateway 1 72 16 7 97 Figure 4 11 Set up Manager IP Configuration Note In DHCP mode if the switch fails to get a DHCP assignment the switch defaults to 192 168 0 1 as its IP address If you are in the manual mode and need to configure the IP information enter a site specific IP address Gateway Address and Network Mask or subnet mask Consult your network administrator for the information Press Ctrl W to save any changes to NVRAM Main Menu gt Set Up gt Port Configuration On this page you can set up the po
15. Kerberos one time passwords certificates public key authentication and smart cards In wireless communications using EAP a user requests connection to a WLAN through an AP which then requests the identity of the user and transmits that identity to an authentication server such as RADIUS The server asks the AP for proof of identity which the AP gets from the user and then sends back to the server to complete the authentication EAP is defined by RFC 2284 Endstation A computer printer or server that is connected to a network Ethernet A LAN specification developed jointly by Xerox Intel and Digital Equipment Corporation Ethernet networks transmit packets at a rate of 10 Mbps Fast Ethernet An Ethernet system that is designed to operate at 100 Mbps Fault isolation A technique for identifying and alerting administrators about connections such as those associated with switch ports that are experiencing congestion or failure or exceeding an administrator defined threshold Forwarding The process of sending a packet toward its destination using a networking device 4 Glossary SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Filtering The process of screening a packet for certain characteristics such as source address destination address or protocol Filtering is used to determine whether traffic is to be forwarded and can also prevent unauthorized access to a network or network devices Flow con
16. MAC address you wish to place into the static multicast group lt interface number gt the Ethernet interface associated with the static multicast group For example if you want to add port 5 to static multicast group aa aa aa 10 30 3f the command to do so would be FSM726 config mac address table multicast static aa aa aa 10 30 3f ethernet 1 5 Disable The disable command disables the switch s dynamic address learning capability 6 20 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Syntax FSM726 config mac address table disable Multimedia In networks where multimedia applications generate multicast traffic Internet Group Multicast Protocol IGMP can greatly reduce unnecessary bandwidth usage by limiting traffic forwarding that is otherwise broadcast to the whole network to only those ports that need it Enabling IGMP will allow the switch to detect IGMP queries report packets and manage IP multicast traffic through the switch IGMP The multimedia igmp command enables Internet Group Management Protocol on the switch Syntax FSM726 config multimedia igmp HPO The multimedia hpo command enables High Priority Optimization HPO This means that as traffic flows through the switch if there is a conflict between maximizing high priority traffic or ensuring flow control the switch will favor the high priority traffic Use the no hpo command to optimize for flow con
17. Password 5 29 CLI Configure System RADIUS 5 30 CLI Configure System Reset 5 31 CLI Configure System Restore 5 28 CLI Configure System Save 5 28 CLI Configure System Stat Reset 5 32 CLI Configure System Username 5 29 CLI Configure System Web 5 28 CLI Configure Trap 5 23 CLI Exit 5 3 CLI Help 5 2 CLI Manual Syntax 5 1 CLI Ping 5 2 CLI Show 5 3 CLI Show DiffServ 5 3 CLI Show Interfaces 5 4 CLI Show IP 5 5 CLI Show MAC Aging Time 5 5 CLI Show MAC Multicast Static 5 6 CLI Show MAC Static 5 6 CLI Show Mac Address Table 5 5 CLI Show Mirror 5 6 CLI Show Multimedia 5 6 CLI Show Running Config 5 7 CLI Show SNMP 5 8 CLI Show Spanning Tree Brief 5 8 CLI Show Spanning Tree Interface 5 9 CLI Show System 5 10 CLI Show Trunking 5 10 CLI Show VLAN 5 11 CLI Show VLAN Brief 5 11 CLI Show VLAN COS PVID 5 12 CMI 3 3 COM Port Selection 3 2 Command Menu Interface 3 3 Comments 3 9 Configuration Manager 4 28 console port 3 1 conventions typography 1 1 Cost 3 24 4 35 crossover cable D 2 D Device Reset 4 18 Differentiated Service 3 19 Differentiated Service Code Points 3 19 DiffServ 3 19 Direct Console Access 3 1 Disable Advanced Alerting 4 20 4 22 DSCP 3 19 E Enable Disable IGMP 3 26 Entering the CLI 5 1 Ethernet Oversize Packet Rate 4 6 Ethernet Oversize Packets 4 6 Ethernet Undersize Packet Rate 4 6 Ethernet Undersize Packets 4 6 F Fastlink 3 24 Fastlink in STP mode 3 24 4 35 Flow Control 3
18. Static Address Table allows you to specify Media Access Control MAC addresses for specific ports that will not be purged from the bridge table by the aging function Advanced gt HAC gt Static Address MAC Address Unit Port MAC Address Unit Port 00 11 22 31 98 11 22 33 43 12 1 ig be be bya ded Foy Ee A 17 00 31 92 33 44 12 1 6 Figure 4 35 MAC Static Address e Adding an entry Type the MAC address under the first column and hit Enter Then enter the port number associated with that MAC address If all the information is correct the new entry will appear in the list which is listed by port ID Otherwise an error message will be displayed and the cursor will return to the MAC Address field e Removing an entry Tab to the entry and press Ctrl X This will erase the MAC address from NVRAM This action takes effect immediately you do not need to use Ctrl W to save the update Administration Console Telnet Interface 4 25 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Main Menu gt Advanced gt Multimedia Support In networks where multimedia applications generate multicast traffic Internet Group Multicast Protocol IGMP can greatly reduce unnecessary bandwidth usage by limiting traffic forwarding that is otherwise broadcast to the whole network Enabling IGMP will allow individual ports to detect IGMP queries report packets and manage IP multicast traffic through the switch Main Menu gt Ad
19. TLS Short for Transport Layer Security TLS is a protocol that guarantees privacy and data integrity between client server applications communicating over the Internet The TLS protocol is made up of two layers The TLS Record Protocol ensures that a connection is private by using symmetric data encryption and ensures that the connection 1s reliable The second TLS layer is the TLS Handshake Protocol which allows authentication between the server and client and the negotiation of an encryption algorithm and cryptographic keys before data is transmitted or received Based on Netscape s SSL 3 0 TLS supercedes and is an extension of SSL TLS and SSL are not interoperable Telnet A TCP IP application protocol that provides a virtual terminal service allowing a user to log into another computer system and access a device as if the user were connected directly to the device Traffic prioritization Giving time critical data traffic a higher quality of service over other non critical data traffic UTP Unshielded twisted pair is the cable used by 1 OBASE T and 1OOBASE Tx Ethernet networks Unicast A packet sent to a single end station on a network VLAN Virtual LAN A logical association that allows users to communicate as if they were physically connected to a single LAN independent of the actual physical configuration of the network Glossary 9 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 WAN A long distan
20. VLAN they can share resources and bandwidth as if they were connected to the same segment The resources of other departments can be invisible to the marketing VLAN members accessible to all or accessible only to specified individuals depending on how the IT manager has set up the VLANs The Advantages of VLANs Easy to do network segmentation Users communicate most frequently with each other can be grouped into common VLANs regardless of physical location Each group s traffic is largely contained within the VLAN reducing extraneous traffic and improving the efficiency of the whole network Easy to manage The addition of nodes as well as moves and other changes can be dealt with quickly and conveniently from a management interface rather than the wiring closet Increased performance VLANs free up bandwidth by limiting node to node and broadcast traffic throughout the network Enhanced network security VLANs create virtual boundaries that can only be crossed through a router So standard router based security measures can be used to restrict access to each VLAN Virtual Local Area Network A 1 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 VLAN Behavior in a 700 Series Managed Switch Packets received by the switch will be treated in the following way When an untagged packet enters a port it will be automatically tagged with the port s default VLAN ID tag number Each port has a default VLAN ID s
21. access help on the CLI Syntax FSM726 Help FSM726 To access Help on specific command you enter a question mark behind the command in question then a list of available options will be presented to you For example suppose you want to know the available options to the command cos You would enter cos Ping The ping command is used to check network connectivity It lets you send a small packet to a particular host Once the host receives the packet it will return the packet to its source The time the packet takes for this round trip is recorded in milliseconds If the destination host is not available an error message is returned Syntax FSM726 ping lt IP address gt Where 6 2 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 lt IP Address gt the IP address of the destination host Exit The exit command moves you up one level in the CLI structure For example when you are in configuration mode and the prompt looks like FSM726 config By entering exit at the prompt you will exit the configuration mode and be taken back to the root level where the prompt looks like FSM726 When you enter the exit command at the root level you will return to the CMI Syntax FSM726 exit Show You can use the show command to view system configuration The information that can be shown falls into the following categories e DiffServ DiffServ settings e Interfaces
22. advanced multimedia support menu to manage high bandwidth network traffic by enabling disabling Internet Group Multicast Protocol IGMP traffic and configuring static multicast groups These are tasks that require advanced expertise Advanced gt Multimedia Support gt Enable Disable IGMP Advanced gt Multimedia Support gt Enable Disable IGMP This page allows you enable or disable IGMP snooping IGMP is Disabled Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation Figure 5 38 Multimedia Support gt Enable Disable IGMP In networks where multimedia applications generate multicast traffic IGMP can greatly reduce unnecessary bandwidth usage by limiting traffic forwarding that is otherwise broadcast to the whole network Enabling IGMP will allow individual ports to detect IGMP queries report packets and manage IP multicast traffic through the switch Web Based Management Interface 5 37 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 e Enable The system will detect IGMP queries report packets and manage IP multicast traffic through the switch e Disable The switch will forward traffic and disregard any IGMP requests Advanced gt Multimedia Support gt Static Multicast Groups Advanced gt Multimedia Support gt Static Multicast Groups These settings control the Stat
23. chapter 5 for information about the Command Line Interface CLI Administration Console Telnet Interface 4 13 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Main Menu gt Advanced gt Advanced Security This menu option allows you to configure the advanced security settings of the switch to limit the access to the management interfaces Advanved gt Advanced Security User Authentication Mode RADIUS Server IP Address 0 0 0 0 RADIUS Shared Secret IP Filtering is Disabled IP Addresses IP Addresses IP Addresses IP Addresses Figure 4 16 Advanced Security There are two advanced security options beyond the basic password protection RADIUS client authentication and IP Filtering If you have a RADIUS server on your network you can have authentication of management access done through the RADIUS server This does not affect traffic passing through the switch but only authenticates access to the switch management The same is true for IP Filtering Here you can allow only users with specific IP addresses to access the management features thus preventing unauthorized personnel from configuring to the switch Main Menu gt Advanced gt 802 1x Port Based Authentication This menu option allows you to configure the 802 1x security settings of the switch to require RADIUS authorization to access ports on the switch Advanced gt Advanced Security gt Port Based Authentication RADIUS Server IP Address YARI
24. for Software v2 1 These community strings need to be set prior to setting host access as the host table depends on the existence of community strings The public string has GET privileges by default Main Menu gt Advanced gt SNMP gt Host Table The screen shown in Figure 6 29 grants a host the access rights to the switch Host Authorization is a Security feature to limit people who are not listed in the host table from accessing the switch using SNMP Advanced gt SNMP gt Host Table Host Name IP Address Community String Host Status 172 16 50 166 public Active I 2 3 A 9 Figure 4 41 SNMP Management Host Table To add a host enter the host name IP address and the community string Press Enter after each entry to move to the next field In the Status field press the Spacebar until the desired Status is displayed Press Ctrl W to save all changes Main Menu gt Advanced gt SNMP gt Trap Settings When on the system will generate an SNMP trap upon a host authorization failure This failure occurs when a host tries to gain access to the system but the host s IP is not in the SNMP host table Advanced gt SNHP gt Trap Settings Authentication Trap is MSE Figure 4 42 SNMP Management Trap Settings With authentication traps enabled the system generates a SNMP trap when a host authorization fails Hosts in community strings with TRAP privileges are notified when a trap occurs Administration Console Telnet In
25. from System Status Set up Tools Security Advanced h D am os Figure 4 5 Main Menu To logout of the user interface hit Ctrl D at any time during your telnet session You will be brought back to the login screen password enabled or Main Menu password disabled 440 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Main Menu gt System This screen displays the main menu System Information options The user definable options are System Name System Contact System Location IP Address Default Gateway and Subnet Mask The System OID option is used for production testing System Information Uptime System Description System Name System Contact System Location MAC Address IP Address Default Gateway Subnet Mask Software Version System OID H Days H hr FSM 726 Managed Switch Not Defined Not Defined Not Defined 00 09 5b 36 b0 04 169 254 224 1 172 16 7 97 299 209 9 8 1 0 4 3013 LO aL ee EA Figure 4 6 System Information Main Menu gt Status 10 min 41 sec There are two Status sub menus Switch Statistics and MAC Address Table Main Menu gt Status gt Statistics The Port ID field allows you to choose a port to be observed To get to the left side use Ctrl M to move to that field The screen displays basic statistics associated with the highlighted port Administration Console Telnet Interface 4 5
26. gaining access to the switch This is accomplished by allowing only certain IP addresses to be able to access the management This command enables IP filtering on the switch The No command will disable it Syntax FSM726 config system ip filter 6 26 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 IP filter address The IP filter address allows you to enter and remove IP address from the approved list Use the No command to remove an IP address Syntax FSM726 config system ip filter address lt IP address gt Where lt IP address gt an IP address that is authorized to access the management IP Mode The ITP Mode command sets the IP assignment mode of the switch There are three modes available to the user Manual The user manually enter IP related information BootP Bootstrap Protocol which allows the FSM726 switch to discover its own IP address from a BootP server on the network DHCP The switch accepts DHCP broadcast from a DHCP server and automatically configure IP related information Syntax FSM726 config system ip mode manual bootp DHCP Mask Use the Mask command to set the network mask Syntax FSM726 config system mask lt network mask gt Where lt network mask gt network mask of your network Gateway Use the Gateway command to set the default gateway Command Line Interface 6 27 SM 10004 02 700 Series Managed Switch User
27. off The command to do so would be no flow ctrl Another example Suppose you have configured this particular interface to e a mirror source with the mirror source command To disable the port as a port mirror use the no mirror source command Type The type command let you select whether to use the RJ 45 interface or the GBIC interface on your gigabit ports port 25 amp 26 If a GBIC module is present you may wish to use gbic mode however if no GBIC module is present the switch defaults to the RJ 45 also known as twisted pair TP Syntax FSM726 config if type lt interface type gt 6 16 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Where lt interface type gt Options for this field include gbic and tp Shutdown The shutdown command let you shutdown this particular interface You can reverse this command by using the no shutdown command Syntax FSM726 config if Shutdown Spanning Tree The spanning tree command lets you configure the variables of the port that affects its spanning tree operation items such as port cost and priority is configured through this command Syntax FSM726 config if spanning tree cost lt 1 65535 gt port priority lt 0 255 gt fastlink Where Cost lt 1 65535 gt the cost of the port ranges from 1 65535 port priority lt 0 255 gt the priority of the port ranges from 0 255 fastlink enables Fastlink a mode t
28. procedure When using a Telnet Session or web interface alone your connection to the switch will not be available until the switch has completed its boot up and entered the Spanning Tree forwarding mode This can take up to three minutes The upgrade procedure below gives the exact steps to follow when using the web interface The process is similar with either the CMI or CLI interfaces 1 Goto Main Menu gt Advanced gt Advanced Tools gt Software Upgrade 2 Select Boot from Net option 3 Verify information such as the IP address for the TFTP Server and the file name of the new software image 4 Save the setting in non volatile memory Use the Apply button and then the Tools gt Save Configuration screen Software Upgrade Procedure 3 1 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 5 Restart the system via the Tools gt Reset command Bootstrap will retrieve the new software image then pass control to it The system executes the new software image The previous software image in non volatile memory will not be replaced by the new software image This enables you to return to the previous image if you do not like the new image 6 Verify that the new software is loaded by going to the Software Download screen and checking the Software Release information Test your switch to make sure the new image is working correctly If you decide to keep the new image go to Software Download again Select
29. reversed and the hub receives on pins 1 and 2 This wiring is referred to as Media Dependant Interface Crossover MDI X See also Auto negotiation Multicast A single packet sent to a specific group of end stations on a network NAT A technique by which several hosts share a single IP address for access to the Internet NetBIOS Network Basic Input Output System An application programming interface API for sharing services and information on local area networks LANS Provides for communication between stations of a network where each station is given a name These names are alphanumeric names 16 characters in length netmask Combined with the IP address the IP Subnet Mask allows a device to know which other addresses are local to it and which must be reached through a gateway or router A number that explains which part of an IP address comprises the network address and which part is the host address on that network It can be expressed in dotted decimal notation or as a number appended to the IP address For example a 28 bit mask starting from the MSB can be shown as 255 255 255 192 or as 28 appended to the IP address Network Address Translation A technique by which several hosts share a single IP address for access to the Internet packet A block of information sent over a network A packet typically contains a source and destination network address some protocol and length information a block of data and a checksum
30. show a copy of every packet that arrives and departs at the Source port Main Menu gt Advanced Port Trunking Port Trunking is a feature that allows multiple links between switches to work as one virtual link or aggregate link Administration Console Telnet Interface 4 15 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt Port Trunking 80000000 91111111 11122222 22222333 33333334 44444444 45 Port 12345678 90123456 78901234 56789812 34967898 12345678 90 unit 1 ii 22222 33 Figure 4 19 Port Trunking Trunks can be defined for similar port types only For example a 10 100 port cannot form a Port Trunk with a gigabit port For 10 100 ports trunks can only be formed within the same bank A bank is ports 1 to 8 ports 9 to 16 ports 17 to 24 or port 25 and port 26 using an FSM726 as an example on the same switch unit Up to four trunks can be enabled at the same time To set up a trunk use the space bar to select the ports that will participate in the trunk Spanning Tree will treat trunked ports as a single virtual port Note You must use straight though cables for all links in the trunk Do not use crossover cables And you must disable auto negotiation on the ports in a trunk prior to setting up the trunk Main Menu gt Advanced gt Virtual Cable Tester The virtual cable tester feature lets you test the continuity of the GBIOC cable circuit Advanced gt Virtual Cab
31. the RJ 45 interface GT You can select the GBIC interface GB by switching the port type from GT to GB This can be done by hitting the space bar when the cursor is on the port number Note enabling the GBIC connector for a Gigabit Ethernet port disables the built in 1OOOBASE T port GBIC ports do not support Auto Negotiation You must manually configure the GBIC port The default values are 1000 Mbps full duplex Main Menu gt Set Up gt GBIC On this page you can set up the port characteristics related to GBIC or copper media Set up gt GBIC Port 9 Built In TP Port 10 Auto Detection Port 11 Auto Detection Port 12 III Figure 4 13 GBIC Port Configuration All of the parameters on this page are toggle settings To change or toggle between options hit Ctrl M to move the curser to the ports field and simply strike the space bar when the appropriate option is highlighted Main Menu gt Tools These system tools are provided e Save Configuration to NVRAM e Restore Factory Values e Reset Switch 410 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 After making changes to any of the information on the screens in the console interface users must save the changed settings to NVRAM Save Configuration to NVRAM a Save Configuration to NVRAM b Restore Factory Values c Reset Switch EE alee aie aie aie aie aie E E E E E ie ie E
32. the VLAN ID to the show vlan command displays the port that belongs to that particular VLAN For example show vlan 1 displays the ports that belong to VLAN 1 An example of the display output is shown below Untagged port members 4 5 7 11 15 19 23 Tagged port members none COS PVID The show vlan cos pvid displays the PVIDs and the CoS settings of each port Syntax FSM726 show vlan cos pvid An example of the display output is shown below Port PVID Priority 1 1 1 Normal 1 2 1 Normal 1 3 1 Normal 1 4 1 Normal 1 5 1 Normal Configure Entering the command configure at the root prompt takes you into configuration mode When you re in configuration mode the prompt changes to FSM726 config It is in this mode where the vast majority of configuration is performed To exit the configuration mode and return to root prompt use the exit command DiffServ DiffServ divides traffic into one of 64 classes using the packet s DSCP value This allows for greater differentiation of traffic priority than port based traffic prioritization Syntax 6 12 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 FSM726 config diffserv lt DSCP gt lt priority gt Where lt DSCP gt The DSCP value which ranges from 0 63 lt Priority gt The priority associated with the defined DSCP value The available options are normal and high For example suppose you want to set DSCP 33 to h
33. to the network through a port on the switch Port Mirroring Users can designate a port for monitoring traffic from one or more other ports or of a single VLAN configured on the switch The switch monitors the network activity by copying all traffic from the specified monitoring sources to the designated monitoring port to which a network analyzer can be attached Port Trunking a feature that allows multiple links between switches to work as one virtual link aggregate link Trunks can be defined for similar port types only For example a 10 100 port cannot form a Port Trunk with a gigabit port For 10 100 ports trunks can only be formed within the same bank A bank is a set of eight ports Up to four trunks can be operating at the same time Toggle the ports to the correct trunk number to set up a trunk After clicking Apply the trunk will be enabled Spanning Tree will treat trunked ports as a single virtual port Virtual Cable Tester The user can use this feature to test the continuity of the cable circuit Advanced Tools The user can upgrade the software of the switch or save load the switch configuration file to from a TFTP server 5 20 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 e Traffic Management CoS Class of Service CoS also referred to as Quality of Service QoS is a way of managing traffic in a network by treating different types of traffic with differen
34. upgrade the firmware through a variety of options The boot command is used to configure the way in which the switch will boot after a firmware upgrade Once the IP address of the TFTP and the path location of the new software image file is properly configured Please see section 17 amp 18 the user can choose one of three options to boot the switch after the firmware has been upgraded e Net option This option allows you to try out a new image before upgrading It requires a TFTP filename and a server IP address to retrieve the specified image from the given IP address The new image will not overwrite the one in non volatile memory e Net amp save option This option requires the same setup as the Net option i e TFTP server and a new image However it copies the image to non volatile memory directly and then the system boots from non volatile memory Command Line Interface 6 29 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Warning The previous image in non volatile memory will be lost when the procedure completes e Last Saved option The system will boot from non volatile memory This option will automatically show up after the Net amp save option is selected and the unit is reset Syntax FSM726 config system firmware boot net tftp net and save last saved Firmware TFIP IP The Firmware TFTP IP command is used to specify the IP location of the TFTP server where the new softw
35. which can disable your network due to a Broadcast storm the result of a broadcast message traveling through the loop again and again Forward Time Use the forward time to set the STP forward interval Syntax FSM726 config spanning tree forward time lt interval gt Where lt interval gt the STP forward interval This number ranges from 4 30 seconds Hello Time Use the hello time command to set the STP hello interval Syntax FSM726 config spanning tree hello time lt interval gt Where lt interval gt the STP hello interval This number ranges from 1 10 seconds Max Age Use the max age command to set the STP maximum age interval Syntax FSM726 config spanning tree max age lt interval gt Where lt interval gt the STP max age interval This number ranges from 6 40 seconds 6 24 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Priority Use the priority command to set the STP priority Syntax FSM726 config spanning tree priority lt priority gt Where lt priority gt is the STP priority This number ranges from 0 65535 System The system command configures important system items such as IP addresses password security and firmware upgrade Config TFTP The config tftp command is used to configure and control the mechanism to load or save the configuration file via TFTP Syntax FSM726 config system config tftp s
36. 19 128 19 19 Disabled 2061 128 A 4 Disabled 11 128 19 19 Disabled 266T 128 A 4 Disabled 12 128 19 19 Disabled i 128 19 19 Disabled 14 128 19 19 Disabled 15 128 19 L Disabled Figure 4 33 Spanning Tree Port Settings Fastlink in STP mode If a client is trying to access a server through the switch running the STP negotiation it will not be able to connect to it immediately This can be a problem for some networks Fastlink mode solves this problem by setting the port to direct forwarding mode thus allowing any server access request to be forwarded Fastlink mode can cause temporary loops in your network but STP will find and eliminate them Fastlink is best used on end node ports Le ports connected to PCs or servers and not on uplink ports to other switches Main Menu gt Advanced gt MAC Address Manager Static Address and Address Aging can be configured here 4 24 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt MAC b Static Address Figure 4 34 MAC Main Menu gt Advanced gt MAC Address Manager gt Address Aging The aging time is the amount of time that an entry is kept in the bridge tables prior to being purged or aged The range in parentheses represents the minimum and the maximum values that the timer can be set The industry standard default is 300 seconds Main Menu gt Advanced gt MAC Address Manager gt Static Addresses The
37. 26 Figure 4 2 Connection Description 3 The following screen will appear In the bottom drop down box labeled Connect Using click the arrow and choose the COM port to which the switch will connect In the example below COMI is the port selected Click OK B FSM726 Enter details for the phone number that pou wart to diat Courtiy region IZ Slates 1 Ares code Cancel _ Figure 4 3 COM Port Selection A200 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 4 When the following screen appears make sure that the port setting are as follows Baud Rate 9600 Data Bits 8 Parity None Stop Bits l Flow Control None ER Peat Settings Bits per cecomd 300 D Dota bie fa D Patty None Stop bes fi fow cont EE Beile Dein L OK Cancel Gg Figure 4 4 Connection Settings 5 Click OK The Hyper Terminal window will open and you should be connected to the switch If you do not get a welcome screen or a system menu hit the return key When attached to the User Interface via a Telnet Session the following must be set in order to use the arrow keys Under the terminal pull down menu choose Properties and make sure the VT100 Arrows option is turned on Introduction to the Command Menu Interface The switch offers a Command Menu Interface CMI which is a menu driven method for managing the switch as well as a Comman
38. 5 23 CLI Configure HPO 5 21 CLI Configure IGMP 5 21 CLI Configure Interface 5 13 CLI Configure Interface CoS Class or Service 5 14 CLI Configure Interface Description 5 14 Index Index CLI Configure Interface Duplex 5 14 CLI Configure Interface Help 5 15 CLI Configure Interface Mirror 5 15 CLI Configure Interface Negotiation 5 16 CLI Configure Interface No 5 16 CLI Configure Interface Shutdown 5 17 CLI Configure Interface Spanning Tree 5 17 CLI Configure Interface Speed 5 17 CLI Configure Interface Switchport 5 18 CLI Configure Interface Trunking 5 19 CLI Configure Interface Type 5 16 CLI Configure Location 5 22 CLI Configure mac address table 5 19 CLI Configure Max Age 5 24 CLI Configure Multicast Static 5 20 CLI Configure Multimedia 5 21 CLI Configure Name 5 23 CLI Configure No 5 21 CLI Configure Priority 5 25 CLI Configure SNMP Server 5 21 CLI Configure Spanning Tree 5 24 CLI Configure Static 5 20 CLI Configure System 5 25 CLI Configure System Config TFTP 5 25 CLI Configure System config tftp ip 5 25 CLI Configure System Config tftp Path File 5 26 CLI Configure System Firmware boot 5 29 CLI Configure System Firmware TFTP File 5 30 CLI Configure System Firmware TFTP IP 5 30 CLI Configure System Gateway 5 27 CLI Configure System IP 5 26 CLI Configure System IP Filter 5 26 CLI Configure System IP filter address 5 27 CLI Configure System IP Mode 5 27 CLI Configure System Mask 5 27 CLI Configure System
39. 700 Series Managed Switch User s Guide for Software v2 1 NETGEAR NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 USA Phone 1 888 NETGEAR SM 10004 02 June 2003 SM 10004 02 NETGEAR INC www NETGEAR com Technical Support Please register to obtain technical support Please retain your proof of purchase and warranty information To register your product get product support or obtain product information and product documentation go to http www NETGEAR com If you do not have access to the World Wide Web you may register your product by filling out the registration card and mailing it to NETGEAR customer service You will find technical support information at http www NETGEAR com through the customer service area If you want to contact technical support by telephone see the support information card for the correct telephone number for your country 2003 by NETGEAR Inc SM 10004 02 June 2003 All rights reserved Trademarks NETGEAR is a registered trademark of NETGEAR INC Windows is a registered trademark of Microsoft Corporation Other brand and product names are trademarks or registered trademarks of their respective holders Information is subject to change without notice All rights reserved Statement of Conditions In the interest of improving internal design operational function and or reliability NETGEAR reserves the right to make changes to the products described in th
40. 9 Forward Delay 3 23 4 34 G GBIC 3 10 4 15 Gigabit Ports 3 10 H Hello Time 3 23 4 34 Hyper Terminal 3 2 Inbound Discard Rate 4 5 Inbound Discards 4 6 Inbound Error Rate 4 5 Index Inbound Errors 4 6 Inbound Non unicast Packet rate 4 5 Inbound Non unicast Packets 4 6 Inbound Octet Rate 4 5 Inbound Octets 4 6 Inbound Unicast Packet Rate 4 5 Inbound Unicast Packets 4 6 IP Configuration 3 7 4 13 L Last Saved option 3 18 4 28 MAC 4 21 MAC gt Address Aging 4 36 MAC Address Manager 3 24 MAC Address Table 3 6 MAC gt Address Aging 4 36 MAC gt Static Addresses 4 36 Main Menu gt System 3 5 Management Access 1 1 Max Age 3 23 4 34 MDI MDI X D 2 MDI MDI X wiring D 7 Multimedia Support 3 26 4 37 Multimedia Support gt Static Multicast Groups 4 38 Multimedia Support gt Enable Disable IGMP 4 37 N Net amp save option 3 17 4 27 Net option 3 17 4 27 non volatile memory 2 1 NVRAM 2 1 4 17 O Outbound Discard Rate 4 6 Outbound Discards 4 6 Index Outbound Error Rate 4 6 Outbound Errors 4 6 Outbound Non unicast Packet Rate 4 6 Outbound Non unicast Packets 4 6 Outbound Octet Rate 4 5 Outbound Octets 4 6 Outbound Unicast Packet Rate 4 5 Outbound Unicast Packets 4 6 P Passwords 4 18 Port Configuration 3 8 4 14 Port Mirroring 3 15 4 20 4 25 Port Priority 3 19 Port Selection 4 8 Port Settings 4 10 Port Trunking 3 15 4 20 Port Trunking 4 25 Port Based Authenticati
41. ANS gt VLAN Admin 3 20 Main Menu gt Advanced gt VLANS gt VLAN Membership aannnaannnennnnnnnnennnnennns 3 21 Main Menu gt Advanced gt VLANS gt VLAN Ports ccceeceseeeeeeeseeeeeeeeeeeeaeeees 3 21 Main Menu gt Advanced gt Spanning Tree ccccccscccssccesceceeeceueceueceeeecueeceeesseeenes 3 22 Main Menu gt Advanced gt Spanning Tree gt Bridge Settings ceeeeeeees 3 22 Main Menu gt Advanced gt Spanning Tree gt Port Settings ccccceseeeeeeeee ees 3 23 Main Menu gt Advanced gt MAC Address Manager nnnnnnnnnnnnnnnnennnrnrnnennnenrnrnnnne 3 24 Main Menu gt Advanced gt MAC Address Manager gt Address Aging 00000 3 25 Main Menu gt Advanced MAC Address Manager gt Static Addresses 3 25 Main Menu gt Advanced gt Multimedia Support cccccecccceeececeeeceeeeeeeeeaeeeeseeees 3 26 Main Menu gt Advanced gt Multimedia Support gt Enable Disable IGMP 3 26 Main Menu gt Advanced gt Multimedia Support gt Static Multicast Administration 3 26 Main Menu gt Advanced gt Multimedia Support gt Static Multicast Membership 3 27 Main Menu gt e E 3 28 Main Menu gt Advanced gt SNMP gt Community Table ccccceeeceeeeeeeeeeees 3 28 Main Menu gt Advanced gt SNMP gt Host Table ccccccccseecceeeceeeeeeeeeeeeaeeees 3 29 Main Menu gt Advanced SNMP gt Trap Settings cccccecceseeeseeee
42. After making any changes to the screens within the Web Interface you can save the changed settings to NVRAM If changes are not saved to NVRAM then they will be lost during the next switch reset or reboot Tools gt Restore Factory Defaults Tools gt Save Configuration Restore Factory Defaults Restore Factory Defaults will reboot your switch to the default settings that the switch started with except for the settings on the Set up gt IP Configuration and Advanced gt Advanced Tools gt Software Upgrade pages Resetting wii take approximately 60 seconds Figure 5 18 Save Configuration This page allows you to restore the factory configuration by clicking Restore the system saves the default settings including password into the NVRAM and resets itself Note Network IP settings e IP address Gateway Address Network Mask will not be affected by the Restore command Web Based Management Interface 5 17 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Tools gt Device Reset Tools gt Device Reset Reset Switch Device Reset will reboot your switch from the last settings saved to non volatile RAM NVRAM Resetting wiltake approximately 60 seconds Figure 5 19 Device Reset In this screen the user can reset power cycle the switch Reset the switch by selecting Reset Security gt Passwords Security gt Passwords Password Protection is Disabled User Name eter neuto N
43. Bik Bik Bik Bik Bik Bik Bik Fwd Figure 5 9 Port Settings 10M Full Auto Auto Auto Auto Auto Auto Auto Auto Auto 180 Flow Control Enabled Auto Auto FC Priority Normal Normal Normal Normal Normal Normal Normal Normal Normal Normal Trunk ID NIA NIA NYA NYA NYA N A N A N A N A N A This page displays the port settings To configure the ports go to the Port Configuration under the Set up sub menu e Port e Name 5 10 The port number on the switch The name of the port This is a user defined label SM 10004 02 Web Based Management Interface 700 Series Managed Switch User s Guide for Software v2 1 Link A green triangle pointing up indicates a valid link while a red triangle pointing down indicates no link On Off Indicates if the port is enabled or disabled by the Administrator State This refers to the Spanning Tree state of the port Ports will be Blocking Blk Listening Lis Learning Lrn Forwarding Fwd or Disabled Dis Speed Indicates the speed and duplex for the port The possible entries are Auto negotiation Auto 10 Mbps half duplex 10M Half 10 Mbps full duplex 10M Full 100 Mbps half duplex 100M Half or 100 Mbps full duplex 100M Full Flow Control Indicates whether Flow Control support is set for automatic Auto or off Disabled Priority Indicates if the port is set to high priority or normalpriority This is an advan
44. D value gt where lt PVID Value gt the PVID value assigned for this particular port 6 18 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Trunking Port Trunking is a feature that allows multiple links between switches to work as one virtual link or aggregate link Trunks can be defined for similar port types only For example a 10 100 port cannot form a Port Trunk with a gigabit port For 10 100 ports trunks can only be formed within the same bank A bank is ports 1 to 8 ports 9 to 16 ports 17 to 24 or port 25 and port 26 using an FSM726 as an example on the same switch unit Up to four trunks can be enabled at the same time Spanning Tree will treat trunked ports as a single virtual port Syntax FSM726 config if trunking add lt trunk gt remove lt trunk gt Where add lt trunk gt adding this particular port to a trunk The trunk number ranges from 1 4 remove lt trunk gt removing this particular port from a trunk The trunk number ranges from 1 4 For example to add this particular port to trunk 4 by entering FSM726 config 1f trunking add 4 By the same token to remove this port from trunk 4 you would enter FSM726 config if trunking remove 4 mac address table The mac address table command lets you configure the operation and maintenance of the MAC address table The aging timers and static entries are configured through this command Ag
45. E E aie aie ae aie ae ale ale ale ale le aie ele ie EE E ie see ae de ae ae ae ae ae aie ae ale ate ale ale aie oie nie E E t Do you want to save configuration to NYRAM BGH EE E EE EE E E E E E E E E E E E E E E E E E E EE E E E E E E E E E E HHHH Figure 4 14 Save Settings to NVRAM amp Restore Factory Values e To Save Configuration to NVRAM select the Save option and press either Enter or Y to save the configuration to NVRAM e To Restore Factory Values select the Restore Factory Values to reset the switch parameters to their original default settings In order for changes to take effect you must Reset the switch Note Network IP settings 1 e IP address Gateway Address Network Mask will not be affected by this command e To use the Reset Switch option select it from the menu which will restart the switch Resetting the switch is the equivalent of turning the power off and on Resetting the switch will clear the statistical counters to zero Main Menu gt Security This screen allows the user to enable or disable the web and or telnet interfaces as well as change the user name and password To use password protection you must enable Password Protection User names and passwords are case sensitive and can be up to 20 characters long The factory default password is password in lower case letters Administration Console Telnet Interface 4 11 SM 10004 02 700 Series Managed Switch User s G
46. EAP Tunneled Transport Layer Security EAP TTLS which defines how the authentication takes place The important part to know at this point is that the software supporting the specific EAP type resides on the authentication server and within the operating system or application software on the client devices The 700 Series Managed Switch acts as a pass through for 802 1x messages As a result you can update the EAP authentication type as newer types become available and your requirements for security change 802 1x Port Based Authentication Overview C 3 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 C 4 802 1x Port Based Authentication Overview SM 10004 02 Glossary Use the list below to find definitions for technical terms used in this manual 10BASE T The IEEE specification for 10 Mbps Ethernet over Category 3 4 or 5 twisted pair cable 100BASE FX The IEEE specification for 100 Mbps Fast Ethernet over fiber optic cable 100BASE TX The IEEE specification for 100 Mbps Fast Ethernet over Category 5 twisted pair cable 1000BASE SX The IEEE specification for 1000 Mbps Gigabit Ethernet over fiber optic cable 1000BASE T The IEEE specification for 1000 Mbps Gigabit Ethernet over Category 5 twisted pair cable 802 1x 802 1x defines port based network access control used to provide authenticated network access and automated data encryption key management The IEEE 802 1x draft standard offers an e
47. EXT EE B 6 Se B 6 Contents SM 10004 02 vii RJ 45 Flug and RJ 49 te CN B 6 Wa e a III EEEN PATET EIE SE E T T S SEE TT N TT B 8 Appendix C 802 1x Port Based Authentication Overview Understanding 802 1x Port Based Network Access Control cccccccceeseeeeeeeeeeeeeeee C 1 Glossary Index viii Contents SM 10004 02 Chapter 1 About This Guide Thank you for purchasing the NETGEAR 700 Series Managed Switch Audience This reference manual assumes that the reader has basic to intermediate computer and Internet skills However basic computer network Internet and wireless technology tutorial information 1s provided in the Appendices Typographical Conventions This guide uses the following typographical conventions Table 1 Typographical conventions Enter Named keys in text are shown enclosed in square brackets The notation Enter is used for the Enter key and the Return key Ctrl C Two or more eh that must be pressed simultaneously are shown in text linked with a plus sign DOS file and directory names Special Message Formats This guide uses the following formats to highlight special messages Note This format is used to highlight information of importance or special interest About This Guide 1 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Features of the HTML Version of this Manual The HTML version of this manual includes these features In
48. Point to Point Protocol PPP A protocol allowing a computer using TCP IP to connect directly to the Internet Glossary 7 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Port monitoring The ability to monitor the traffic passing through a port on a device to analyze network characteristics and perform troubleshooting Port speed The speed that a port on a device uses to communicate with another device or the network Port trunking The ability to combine multiple ports on a device to create a single high bandwidth connection Protocol A set of rules for communication between devices on a network Quality of Service A term to describe delay throughput bandwidth and other factors that measure the service quality provided to a user RADIUS Short for Remote Authentication Dial In User Service RADIUS is an authentication system Using RADIUS you must enter your user name and password before gaining access to a network This information is passed to a RADIUS server which checks that the information is correct and then authorizes access Though not an official standard the RADIUS specification is maintained by a working group of the IETF RIP A protocol in which routers periodically exchange information with one another so that they can determine minimum distance paths between sources and destinations router A device that forwards data between networks An IP router forwards data based on IP source and
49. S Ra RADIUS Shared Secret Re Authentication Timer 3600 1 65535 seconds Port Auth_Status 1G Authorized 26 Authorized 3G Authorized 4G Authorized 96G Authorized 6G Authorized HP Authorized 8G Authorized 9G Authorized 10G Authorized 116 Authorized Figure 4 17 Port Based Authentication 4 44 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 802 1x port based authentication provides RADIUS client authentication and data encryption features see Appendix C 802 1x Port Based Authentication Overview If you have a RADIUS server on your network you can have authentication of port access done through the RADIUS server This does affect traffic passing through the switch which can be helpful is securing your network from wireless eavesdropping when a wireless access point is connected to the switch To enable 802 1x provide the IP address of the RADIUS server and the shared secret authentication key The re authorization timer determines how frequently the session will refresh the data encryption with a new key Main Menu gt Advanced Port Mirroring This menu option allows you to enable the Port Mirroring capability see Figure 6 13 You need to specify both the Source and Monitor port Advanced gt Port Mirroring Port Mirroring is isabled Mirrored Port Unit 1 Port 1 Mirroring Port Unit 1 Port 2 Figure 4 18 Port Mirroring The Monitor port will
50. S shared secret Syntax FSM726 config system radius shared secret lt shared secret gt Where lt shared secret gt the RADIUS shared secret Reset Use the reset command to reboot the switch Syntax FSM726 config system reset Command Line Interface 6 31 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Stat Reset Use the Stat Reset command to reset all of the statistics counters in the switch Syntax FSM726 config system stat reset 6 32 Command Line Interface SM 10004 02 Appendix A Virtual Local Area Network A Local Area Network LAN can generally be defined as a broadcast domain Hubs bridges or switches in the same physical segment or segments connect all end node devices End nodes can communicate with each other without the need for a router Routers connect LANs together routing the traffic to appropriate port A virtual LAN VLAN is a local area network with a definition that maps workstations on some other basis than geographic location for example by department type of user or primary application To communicate between VLANs traffic must go through a router just as if they were on two separate LANs A VLAN is a group of PCs servers and other network resources that behave as if they were connected to a single network segment even though they may not be For example all marketing personnel may be spread throughout a building Yet if they are all assigned to a single
51. Setup menu System Configuration IP Configuration Port Configuration Gigabit Port Configuration GBIC Set up gt System Configuration Set up gt System Configuration System Description FSM 726 Managed Switch System Name Switch 2 System Contact jack System Location Wiring Closet 2 MAC Address 00 09 5b 36 b0 07 Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation System Name Contact and Location are fields to help you track and manage the switches in your network You may assign them any name you choose The System Oescnption and MAC address are set al the factory Figure 5 12 System Configuration 9 12 SM 10004 02 Web Based Management Interface 700 Series Managed Switch User s Guide for Software v2 1 This page will allow access to the system information parameters To do so 1 Enter System Name System Contact or System Location 2 Click Apply to change the System Configuration and save it in NVRAM 3 Reset the system to implement the changes gt Save Configuration Set up gt IP Configuration Set up gt IP Configuration IP Assignment Mode Manual d IP Address 1692542241 i Subnet Mask PEG eG Osea Tae Default Gateway fieg2542245 Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by
52. TT 3 7 Mam Menu gt Set Up gt IP Configuration cccccccsccceccceeeceeeceeeeceeeceeeceeeecseesseesaaes 3 7 Main Menu gt Set Up gt Port Configuration ENEE 3 8 Main Menu gt Set Up gt E Ztgtehuekie nst seier deg deet 3 10 NT LEE 3 10 Kan TP SECUTI EEN 3 11 Main Menu gt Advanced EE 3 12 Contents jii SM 10004 02 Main Menu gt Advanced gt Advanced Security 9214 Main Menu gt Advanced gt 802 1x Port Based Authentication ccccceseeeeeeees 3 14 Main Menu gt Advanced gt Port Mirroring O2 1D Main Menu gt Advanced gt Port Trunking isccsiccsistaccateieisisasecietersicdisetapbesainsniiadausstecdine 3 15 Main Menu gt Advanced gt Virtual Cable Tester OT 10 Main Menu gt Advanced gt Advanced Tools ssccccseeceeeeeceesseeseeeceseeseeseneeesanes 3 17 Main Menu gt Advanced gt Advanced Tools gt Software Upgrade cl Main Menu gt Advanced Advanced Tools gt Configuration Management 3 18 Main Menu gt Advanced gt Traffic Management ccccceecseeeseeeeeeeeeeeeeeeeeeeeeneees 3 18 Main Menu gt Advanced gt Traffic Management gt Port Priority ENEE 3 19 Main Menu gt Advanced gt Traffic Management gt DiffServ ccceeceseeee sere 3 19 Main Menu gt Advanced Traffic Management gt Broadcast Control 0000 3 20 Main Menu gt Advanced gt VLANS ccccccssseceeceeecceeceeecceecaeeeeeceaaeeceeseeceesaaaeeeeeas 3 20 Main Menu gt Advanced gt VL
53. Tools gt Save Configuration from the side navigation Figure 5 13 IP Configuration This menu manages the IP related information of the system IP Assignment Mode e Manual The user manually enters IP related information e BootP Bootstrap Protocol which allows the FSM726 switch to discover its own IP address from a BootP server on the network e DHCP The switch accepts DHCP broadcast from a DHCP server and automatically configures IP related information Note In DHCP mode if the switch fails to get a DHCP assignment the switch defaults to 192 168 0 1 as its IP address To enable quick and easy set up the default setting is DHCP However DHCP addresses change over time and you need to know the IP address of your switch so that you can remotely manage it After completing the initial setup change the IP assignment mode from DHCP to manual If you choose Manual mode enter site specific IP address Gateway address and Net mask Web Based Management Interface 5 13 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Click Apply to change the IP settings Save Configuration to NVRAM and reset the system to implement the changes Tools gt Save Configuration Set up gt Port Configuration Set up gt Port Configuration Show Stack Unit Port Name Ree lt LE co y m oO co m Link On Off State Speed Ww Fe eet Ba Kat SC leas bw Flow Control Blk 10M Full
54. User s Guide for Software v2 1 Unlike 10BASE T and 1OOBASE TX which use only two of the four pairs of wires within the Category 5 OOOBASE T uses all four pairs of the twisted pair Make sure all wires are tested this 1s important Factors that affect the return loss are The number of transition points as there 1s a connection via an RJ 45 to another connector a patch panel or device at each transition point Removing the jacket that surrounds the four pairs of twisted cable It is highly recommended that when RJ 45 connections are made this 1s minimized to 1 1 4 inch 32 mm Untwisting any pair of the twisted pair cabling It is important that any untwisting be minimized to 3 8 inch 10 mm for RJ 45 connections Cabling or bundling of multiple Category 5 cables This is regulated by ANSI EIA TIA 568A 3 If not correctly implemented this can adversely affect all cabling parameters Near End Cross Talk NEXT This is a measure of the signal coupling from one wire to another within a cable assembly or among cables within a bundle NEXT measures the amount of cross talk disturbance energy that is detected at the near end of the link the end where the transmitter is located NEXT measures the amount of energy that is returned to the sender end The factors that affect NEXT and cross talk are exactly the same as outlined in the Return Loss section The cross talk performance is directly related to the quality of the c
55. able installation Patch Cables When installing your equipment replace old patch panel cables that do not meet Category 5e specifications As pointed out in the NEXT section this near end piece of cable is critical for successful operation RJ 45 Plug and RJ 45 Connectors In a Fast Ethernet network it is important that all 1OOBASE T certified Category 5 cabling use RJ 45 plugs The RJ 45 plug accepts 4 pair UTP or shielded twisted pair STP 100 ohm cable and connects into the RJ 45 connector The RJ 45 connector is used to connect stations hubs and switches through UTP cable it supports 10 Mbps 100 Mbps or 1000 Mbps data transmission B 6 Cabling Guidelines SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Figure B 4 shows the RJ 45 plug and RJ 45 connector TLL 8 1 Key 1 to 8 pin numbers Figure B 4 RJ 45 Plug and RJ 45 Connector with Built in LEDs Table B 2 lists the pin assignments for the 10 100 Mbps RJ 45 plug and the RJ 45 connector Table B 2 10 100 Mbps RJ 45 Plug and RJ 45 Connector Pin Assignments NORMAL ASSIGNMENT ON UPLINK ASSIGNMENT ON PORTS 1 TO 8 PORT 8 Input Receive Data Output Transmit Data Input Receive Data Output Transmit Data Output Transmit Data Input Receive Data 6 Output Transmit Data Input Receive Data 4 5 7 8 Internal termination not used for data transmission Table E 2 lists the pin assignments for th
56. abled in this screen 422000 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt Spanning Tree gt Bridge Settings Root Port Itself Root Port Path Cost H Bridge Hello Time 2 Bridge Max Age 20 Bridge Forward Delay 15 Root Bridge Priority 32768 Root MAC Address 00 09 5b 36 b0 04 Switch MAC Address 00 09 5b 36 b0 04 Spanning Tree is b Hello Time 2 1 10 seconds Max Age 20 6 40 seconds Forward Delay 15 4 30 seconds Bridge Priority 32768 0 65535 Figure 4 32 Spanning Tree Bridge Settings When Spanning tree is used in conjunction with a set of aggregated ports otherwise known as a port trunking Spanning Tree will treat the trunk as a single virtual port e Enable There are four other tunable parameters to be addressed when enabled Hello Time Time between configuration messages sent by the Spanning Tree algorithm Max Age Amount of time before a configuration message is discarded by the system Forward Delay Amount of time system spent transitioning from the learning to the listening to the forwarding states Bridge Priority Priority setting among other switches in the Spanning Tree e Disable Disable Spanning Tree algorithm on the system Main Menu gt Advanced gt Spanning Tree gt Port Settings For the Port Settings options you can specify Spanning Tree port priority cost and Fastlink paramete
57. agement Method Set Up Your Switch Using Direct Console Access The direct access management method is required when you initially set up your switch Thereafter the convenience and additional features of the Web management access method described in chapter 4 make it the best method to manage the switch Direct access to the switch console is achieved by connecting the switch s console port to a VT 100 or compatible terminal or to a PC Apple Macintosh or UNIX workstation equipped with a terminal emulation program This connection is made using the null modem cable supplied with the switch Administration Console Telnet Interface 4 1 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Examples of terminal emulation programs include e Hyper Terminal which is included with Microsoft Windows operating systems e ZTerm for the Apple Macintosh e TIP for UNIX workstations This example describes how to set up the connection using a Hyper Terminal on a PC but other systems follow similar steps 1 Click the Windows Start button Select Accessories and then Communications Hyper Terminal should be one of the options listed in this menu Select Hyper Terminal 2 The following screen will appear Enter a name for this connection In the example below the name of the connection is FSM726 Click OK connection Description EE ke New Connection Enter a name and choose an icon for the cormectiori Name FSM 7
58. al or MDI X port as on a hub or switch 1 2 3 6 Pin numbers Figure B 2 Crossover Twisted Pair Cable Patch Panels and Cables If you are using patch panels make sure that they meet the 1 OOBASE TX requirements Use Category 5 UTP cable for all patch cables and work area cables to ensure that your UTP patch cable rating meets or exceeds the distribution cable rating To wire patch panels you need two Category 5 UTP cables with an RJ 45 plug at each end as shown here A rs SC o A Key 5525 1 1 RJ 45 plug 2 Category 5 UTP patch cable Figure B 3 Category 5 UTP Cable with Male RJ 45 Plug at Each End B 4 Cabling Guidelines SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Note Flat silver satin telephone cable may have the same RJ 45 plug However using telephone cable results in excessive collisions causing the attached port to be partitioned or disconnected from the network Using 1000BASE T Gigabit Ethernet over Category 5 Cable When using the new 1000BASE T standard the limitations of cable installations and the steps necessary to ensure optimum performance must be considered The most important components in your cabling system are patch panel connections twists of the pairs at connector transition points the jacket around the twisted pair cable bundling of multiple pairs on horizontal runs and punch down blocks All of these factors affect the performance of 1 OOOBASE T t
59. are image is stored Syntax FSM726 config System firmware tftp ip lt IP address gt Where lt IP address gt the IP address of the TFTP server where the new firmware image is stored Firmware TFITP File The Firmware TFTP File command is used to specify the path and the filename of the new firmware image Syntax FSM726 config System firmware tftp file lt path amp filename gt Where lt path amp filename gt the path and the filename of the new firmware image RADIUS For enhanced security you can choose to have authentication done through the RADIUS server if one is present on your network e Authen Mode The authen mode command configures the method in which the user is authenticated 6 30 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Syntax FSM726 config system radius authen mode local local then remote remote Where Local authentication is performed locally and not through an external RADIUS server Local then remote Authentication is performed locally first then by an external RADIUS server Remote Authentication is performed by a remote server and not locally e Server IP The Server IP command is used to set the IP address of the RADIUS server Syntax FSM726 config system radius server ip lt IP address gt Where lt IP address gt P address of the RADIUS server e Shared Secret The shared secret command lets you set the RADIU
60. ation in case you want to keep a copy for back up purposes We do not recommend editing your configuration file as many editors introduce unwanted characters that change the way the switch behaves This menu also allows you to download your configuration file back to the switch to restore your settings 5 28 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt Traffic Management Traffic management covers the methods to improve the performance of your network by differentiating traffic and limiting excess broadcast traffic There are two means to differentiate traffic with this switch VLAN tags or using Differentiated Service Code Points DSCP in the header of data packets By using either the VLAN tags port based or DSCP DiffServ you can configure the switch so that certain traffic will take priority over less critical traffic Advanced gt Traffic Management gt Traffic Priority Port Priority allows the user to specify which ports have greater precedence in situations where traffic may be buffered in the switch due to congestion Advanced gt Traffic Management gt Traffic Priority Traffic Optimization This page enables you to optirnize the switch to meet your traffic control needs Select Priority Optimized will allow high pnorty trafic to be transmitted first Select Flow Control Optimized will activate IEEEB02 3x flow control on the switch to minimize pac
61. ave load lt IP address gt lt path amp filename gt Where save load Choose save if you wish to save your configuration file to the TFTP server load if you wish to load the configuration file from the TFTP server lt IP address gt the IP of the TFTP server where the configuration file is stored if you are loading a configuration file from the TFTP server or destined for if you are saving your configuration file to the TFTP server lt path amp filename gt The path and file name of the configuration file config tftp ip The config tftp ip command lets you set the IP address of the TFTP server for configuration file save load Syntax Command Line Interface 6 25 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 FSM726 config system config tftp ip lt IP address gt Where lt IP address gt the IP address of the TFTP server Config tftp Path File The config tftp path file command lets you configure the path and the filename of the configuration file to be loaded saved Syntax FSM726 config system config tftp path file lt path amp filename gt Where lt path amp filename gt the path and the filename of the file IP The IP command lets you set the IP address of the switch Syntax FSM726 config system ip lt IP address gt Where lt IP address gt the IP address of the switch IP Filter The purpose of IP filtering is to prevent unauthorized personnel from
62. avestdasensicivendiiwussitiaiundsineadnnedsaidaaiwadsans 4 39 Advanced SNMP gt Trap Setting ENEE 4 40 Chapter 6 Command Line Interface Ven EE 5 1 SIS E WEE 5 1 EE A EEA AAA A A AA 5 2 PI EE 5 2 E IERI E AEE IAEE I E EEA E EER EA EEA E E S AERE E AEE ATTE 5 3 EEN EE 5 3 REENEN 5 3 RENE geg 5 4 VE 5 5 de EN EE 5 5 E IC 5 8 T EMER a E A E E E EE 5 8 BEE EE EATE E TAA 5 10 pee na WEEN 5 10 MI a EE ee 5 11 a a ALIT APENE PI ANETE EEE E oon EE A TI AFN ETEEN E A E 5 12 WE ENEE 5 12 Ree EE 5 13 BEE EE EE EAA AEA 5 13 mac adress TaD et 5 19 EO ER 5 21 Ve EEN 5 21 vi Contents SM 10004 02 PATNI TER eene 5 24 EE lee 5 25 U A A AA AAA 5 26 Le EE 5 26 L e 5 27 EE TEEI EE E EANO ENEI ATE OIRE E AEE NAS 5 27 EN en EA A A 5 27 E EE 5 27 So LL meecht 5 28 nl EE 5 28 ER AEN 5 28 KI EE 5 28 ER Eeer EE 5 29 Zi EE 5 29 a EE 5 29 PRs ett Kn EE 5 30 Firmware REENEN 5 30 E EE 5 30 DEE EE 5 31 RE ee 5 32 Appendix A Virtual Local Area Network VLAN Behavior in a 700 Series Managed Switch cccccecccseccceeeeeeeeeeeeaeeeseeeseeeseeees A 2 Appendix B Cabling Guidelines Fast Ethernet Cable Guidelines get EAR EE B 1 Era p AFLE e ee B 2 Category 5 Cable Specifications ccccccccsccceseceecceeccececsueceneceueeceeecueeseeeseeesnaes B 2 EE WRN pS eege B 3 Pateh Erweidert geed B 4 Using 1000BASE T Gigabit Ethernet over Category 5 Cable 20 0 ccecccceceeeeeeeeeees B 5 li EEN B 5 Near End Cross Talk N
63. cast Control The user can configure the threshold for the maximum broadcast packets per port VLANs A Virtual Local Area Network VLAN is a means to electronically separate ports on the same switch from a single broadcast domain into separate broadcast domains By using VLAN users can group by logical function instead of physical location There are 64 VLAN supported on this switch Spanning Tree Protocol STP ensures that only one path at a time is active between any two network nodes There are maybe more than two physical path between any two nodes for redundant paths STP ensures only one physical path is active and the others are blocked STP will prevent an inadvertent loop in a network which can disable your network due to a Broadcast storm the result of a broadcast message traveling through the loop again and again MAC MAC address table This menu allows you to set the aging time as well as entering static MAC addresses to the switch Multimedia Support IGMP The Internet Group Management Protocol IGMP is an Internet protocol that provides a way for network devices to report multicast group membership to adjacent routers SNMP You can use an SNMP based Network Management Software program to manage your switch This menu allows you to set up the appropriate tables to enable the switch to respond to SNMP queries Command Line A user interface that allows the user to configure the switch via a command line interface See
64. ce 4 21 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Unit H Advanced gt VLANS gt VLAN Ports Port P ID Port PY ID Port PVID Port PVID 1 2 1 3 1 A 1 2 6 1 7 1 8 9 1 16 1 11 1 12 1 13 1 14 1 EN a 16 1 1 1 18 1 19 1 20 1 21 1 22 1 23 i 24 d 20GT 1 26GT 1 Figure 4 30 PVID Settings This screen allows you to specify the PVID for each port The number next to each port indicates which PVID is set for each port Following industry standards PVID 1 is the default PVID Main Menu gt Advanced gt Spanning Tree This switch is compliant with IEEE802 1D Spanning Tree Protocol STP Advanced gt Spanning Tree de Bridge Settings Port Settings Figure 4 31 Spanning Tree STP ensures that only one path at a time is active between any two network nodes There may be more than one physical path between any two nodes forming a loop either created for redundancy or by accident STP ensures only one physical path is active and the others are blocked If a loop is created for redundancy STP will monitor the two paths and activate the stand by path if the primary path fails Ifa loop was created inadvertently STP will disable one of the two paths A loop in a network can disable your network by causing a Broadcast storm the result of a broadcast message traveling through the loop again and again Main Menu gt Advanced gt Spanning Tree gt Bridge Settings Spanning Tree can be enabled or dis
65. ce link used to extend or connect remotely located local area networks The Internet is a large WAN wide area network WAN A long distance link used to extend or connect remotely located local area networks The Internet is a large WAN Windows Internet Naming Service WINS Windows Internet Naming Service is a server process for resolving Windows based computer names to IP addresses If a remote network contains a WINS server your Windows PCs can gather information from that WINS server about its local hosts This allows your PCs to browse that remote network using the Windows Network Neighborhood feature WINS WINS Windows Internet Naming Service is a server process for resolving Windows based computer names to IP addresses 10 Glossary SM 10004 02 Numerics 802 1x Port Based Authentication 3 14 4 22 A Address Aging 3 25 Admin field 3 9 Advanced Security 3 14 4 20 4 24 Advanced Tools 4 20 Advanced gt Spanning Tree 4 33 Advanced Options 4 19 Advantages of VLANs A 1 Auto MDI MDI X D 2 Auto Uplink D 2 B Bridge Priority 3 23 Broadcast Control 3 20 4 21 C Cat5 cable D 2 Class of Service 4 21 CLI Configure 5 12 CLI Configure Aging Timer 5 19 CLI Configure Community 5 22 CLI Configure Contact 5 22 CLI Configure DiffServ 5 12 CLI Configure Disable 5 20 CLI Configure Exit 5 13 CLI Configure Forward Time 5 24 CLI Configure Hello Time 5 24 CLI Configure Host 5 23 CLI Configure Host Authorization
66. ced feature that is configured under Traffic Prioritization Trunk ID Indicates if the port is a member of a trunk by showing the ID number of the trunk This is an advanced feature that is configured under Port Trunking Status gt MAC Address Table Status gt Mac Address Table This table will show all of the dynamic MAC address that this stack of switches has learned If you want to filter this list to see the MAC address on a single port or VLAN orto search for a specific address use the Query options below Query by IT Port Stack Unit Por1 F VLAN ID fi 1 4094 o d J uery I MAC Address 00 11 22 33 44 55 Exarnple 00 01 c9 da 27 d4 Stack Unit Fong 10 VLANID 1 00 06 5b 69 3c be Figure 5 10 MAC Address Table The MAC Address Table is a dynamic address lookup table that allows you to view the dynamic MAC addresses that are currently in the address database When a MAC address is in the database the packets intended for that address are forwarded directly to that port You can filter the displayed addresses by port VLAN and or MAC address by checking those fields Web Based Management Interface 5 11 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Set up Menu There are four kinds of configuration in the Setup page Navigation System HCJ Status Sy Set up System Configuration IP Configuration Port Configuration GBIC e Tools HL Secunty MEJ Advanced Figure 5 11
67. ch Web Based Management Interface 5 29 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt Traffic Management gt Broadcast Control Broadcast control lets you set a threshold for the number of broadcast packets sent over a port Advanced gt Traffic Management gt Broadcast Control This page allows you to control the maximum number of broadcast packets received each second on each port Broadcast packets beyond the set threshold will be dropped The threshold can be any number between O and 1 466 100 Broadcast Contorl Rate Port 1GS 2GS 3GS 4GS 5GS 6GS Packets s Packets s Apply to All Ports 3000 3000 3000 3000 3000 3000 Port Packets s 7GS 3000 8GS 3000 9GT 3000 10GT 3000 11GT 3000 12GT 3000 To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation Figure 5 31 Broadcast Control menu Advanced gt VLANS VLANs A Virtual Local Area Network VLAN is a means to electronically separate ports on the same switch from a single broadcast domain into separate broadcast domains By using VLAN users can group by logical function instead of physical location There are 64VLAN supported on this switch This switch supports static port based VLANs 5 30 Web Based Manag
68. computers and shared network devices such as storage and printers Although many technologies exist to implement a LAN Ethernet is the most common for connecting personal computers Loop An event that occurs when two network devices are connected by more than one path thereby causing packets to repeatedly cycle around the network and not reach their destination MAC Media Access Control A protocol specified by the IEEE for determining which devices have access to a network at any one time MAC address The Media Access Control address is a unique 48 bit hardware address assigned to every network interface card Usually written in the form 01 23 45 67 89 ab Mbps Megabits per second 6 Glossary SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 MD5 MDS creates digital signatures using a one way hash function meaning that it takes a message and converts it into a fixed string of digits also called a message digest When using a one way hash function one can compare a calculated message digest against the message digest that is decrypted with a public key to verify that the message hasn t been tampered with This comparison is called a hashcheck MDI MDIXx In cable wiring the concept of transmit and receive are from the perspective of the PC which is wired as a Media Dependant Interface MDI In MDI wiring a PC transmits on pins 1 and 2 At the hub switch router or access point the perspective is
69. d Line Interface CLI which uses text inputs to manage the switch The CLI is accessed through the CMI but is not addressed in this chapter Chapter 5 discusses the CLI in detail Administration Console Telnet Interface 4 3 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 There are several characteristics to the CMI pages that are necessary to know before proceeding to use it The TAB key or the arrow keys may be used to move within menus and sub screens At the bottom of every screen are some key commands available to the user for that particular screen as well as some helpful information The common keystrokes and their definitions and intricacies are listed below ESC Return to the previous menu or screen or abort editing Tab Select field Ctrl L Refresh the screen Ctrl D Log off password enabled Ctrl M Move to field Switch Statistics and Port Configuration menus only Ctrl W Saves current configuration to Non Volatile RAM NVRAM Spacebar Toggles between possible settings for a field Enter Select a menu item edit a field or accept a value after editing a field Ctrl X Delete a table entry The main menu displays all the sub menus that are available Striking Enter when an option is highlighted will confirm the choice of the specified sub menu The hotkey or letter in front of each menu option can also be typed to directly choose that option As shown below there are six menu items to choose
70. d available for immediate use Each of these management methods has advantages Table 1 1 compares the three management methods Switch Management Overview 2 1 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Table 2 1 Comparing Switch Management Methods Management Method Advantages Disadvantages Administration e Out of band access via direct cable Must be near switch or use dial up console connection means network bottlenecks connection crashes and downtime do not slow or Not convenient for remote users prevent access Not graphical No IP address or subnet needed Menu or CLI based Hyper Terminal access to full functionality Hyper Terminal are built into Microsoft Windows 95 98 NT 2000 operating systems Secure make sure the switch is installed in a secure area eb browser Can be accessed from any location via the e Security can be compromised hackers or Telnet switch s IP address can attack if they know IP address Ideal for configuring the switch remotely May encounter lag times on poor Compatible with Internet Explorer and connections Netscape Navigator Web browsers Displaying graphical objects over a Familiar browser interface browser interface may slow navigation Graphical data available Most visually appealing Menu or CLI interfaces available Communicates with switch functions at the e Requires SNMP manager software Management Information Base MIB level xv Least visually appealing
71. ddress A four byte number uniquely defining each host on the Internet usually written in dotted decimal notation with periods separating the bytes for example 134 177 244 57 Glossary 5 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Ranges of addresses are assigned by Internic an organization formed for this purpose IP multicast Sending data to distributed servers on a multicast backbone For large amounts of data IP Multicast is more efficient than normal Internet transmissions because the server can broadcast a message to many recipients simultaneously Unlike traditional Internet traffic that requires separate connections for each source destination pair IP multicasting allows many recipients to share the same source This means that just one set of packets is transmitted for all the destinations ISP Internet service provider Internet Protocol The main internetworking protocol used in the Internet Used in conjunction with the Transfer Control Protocol TCP to form TCP IP LAN A communications network serving users within a limited area such as one floor of a building Load balancing The ability to distribute traffic across various ports of a device such as a switch to provide efficient optimized traffic throughout the network local area network LAN A communications network serving users within a limited area such as one floor of a building A LAN typically connects multiple personal
72. destination addresses SNMP Simple Network Management Protocol An IETF standard protocol for managing devices on a TCP IP network Segment A section of a LAN that is connected to the rest of the network using a switch bridge or repeater Spanning Tree A technique that detects loops in a network and logically blocks the redundant paths ensuring that only one route exists between any two LANs 8 Glossary SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Spanning Tree Protocol STP A protocol that finds the most efficient path between segments of a multi looped bridged network STP allows redundant switches and bridges to be used for network resilience without the broadcast storms associated with looping If a switch or bridge falls a new path to a redundant switch or bridge is opened Subnet Mask Combined with the IP address the IP Subnet Mask allows a device to know which other addresses are local to it and which must be reached through a gateway or router Switch A device that interconnects several LANs to form a single logical LAN that comprises of several LAN segments Switches are similar to bridges in that they connect LANs of a different type however they connect more LANs than a bridge and are generally more sophisticated TFTP Trivial File Transfer Protocol Allow you to transfer files such as software upgrades from a remote device using the local management capabilities of the switch
73. dex Search Favorites D r Chapter 1 Introduction D r Chapter 2 Basic Setup PDF of This Chapter TA Chapter 3 Configuration i sl Understanding the Configuration Options G Ke Using Configuration Profiles mE Connectto an Access Pointin Infrastru How to Configure an How to Configure an Infrastructure Mod El G t Connecting to Another PC in Ad hoc Mode Infrastructure Mode Profile D Enabling Wireless Security Features i em Appendix A Technical Specifications H Appendix D Wireless Networking Basics Follow the instructions below to configure an EK Appendix C Preparing Your PCs for Network infrastructure mode profile for connecting to Glossary an access point 1 Run the WGS511 Configuration Utility a Make sure the WG4511 software is installed and the WG411 is fully inserted in an available CardBus slot in your PC Figure Preface 2 HTML version of this manual 1 Left pane Use the left pane to view the Contents Index Search and Favorites tabs To view the HTML version of the manual you must have a version 4 or later browser with Java or JavaScript enabled To use the Favorites feature your browser must be set to accept cookies You can record a list of favorite pages in the manual for easy later retrieval 2 Toolbar buttons Use the toolbar buttons across the top to navigate print pages and more The Show in Contents button locates the currently displayed topic in the Contents tab Previous Next b
74. e Port 25 Builtin 10 100 10008ASE T Stack Unit 1 Port 26 Built in 10 100 1000BASE T Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navgation Figure 5 15 Setup GBIC If you want to use a GBIC the setting on this page must be set accordingly The switch auto detects if the media is copper or GBIC This Auto detect feature is enabled by default Note Enabling the GBIC connector for a Gigabit Ethernet port disables the built in 1OOOBASE T port Web Based Management Interface 5 15 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Tools Menu The Tools page contains functions to maintain your switch Navigation System Status HCI Set up g6 Tools Save Configuration Restore Factory Default Device Reset HC Security 2 Advanced Figure 5 16 Tools Menu There is a firmware upgrade the means to save current settings to non volatile memory NVRAM as well as software reset mechanism The page has two sub pages e Save Configuration e Restore Factory Defaults e Device Reset Tools gt Save Configuration Tools gt Save Configuration Save Configuration to NVRAM Save Resetting wil take anprowmately 60 seconds Figure 5 17 Save Configuration 5 16 SM 10004 02 Web Based Management Interface 700 Series Managed Switch User s Guide for Software v2 1
75. e in accordance with the application of Council Directive 89 336 EEC Article 4a Conformity is declared by the application of EN 55 022 Class B CISPR 22 SM 10004 02 SM 10004 02 Contents Chapter 1 About This Guide PO esate ceed ee ete cease eat cnet lanenaeen 1 1 Typographical Conventions EE 1 1 CIE te rO ege 1 1 Features of the HTML Version of this Manual ccccccccceccceeeeeeeeeeeeeteeseeceesaeeeneeeaes 1 2 Chapter 2 Switch Management Overview Management Access OVESVIEW cccccescecseseeccececceseeceaeeecsuseeeseusecsadeeeseeeessueessneeessass 1 1 EE eege 1 2 ISSN lenmninal Oe ege EE een 1 3 cele cal ad 100 EEN 1 3 a EE saree tons E sabe eunal aotaviaatee 1 3 Chapter 3 Software Upgrade Procedure Chapter 4 Administration Console Telnet Interface set Up Your Switch Using Direct Console Access n nnonnsnnnennennennnnrnnenrenerenrrenennernee 3 1 Introduction to the Command Menu Interface cccccceccceecceeeceeeeeeseeeeseeeeeeeeeseeeaeeees 3 3 Man TRE EN saa scitonstccenssnnccoennsa nico pannntestaptuestciceesanansttei ana E AA EENE AEE 3 5 ES Te ane iraa aa si 3 5 Main Menu gt Status gt Statistics xninawiiteantvaziannretensiaasanrsuiinensisdusstiastnettinmasenmmmaniaceniaat 3 5 Main Menu gt Status gt Statistics est 3 6 Main Menu gt Status gt MAC Address Table oo ccccccccccceccceeceeesececeeeeeeseeceeeneeeneeeaes 3 6 oR UY Tete TIRE EY ENEI E E EET E E A PORA A E T SI A E
76. e 100 1000 Mbps RJ 45 plug and the RJ 45 connector Cabling Guidelines B 7 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Table B 3 100 1000 Mbps RJ 45 Plug and RJ 45 Connector Pin Assignments PIN CHANNEL DESCRIPTION A Rx Tx Data Rx Tx Data Rx Tx Data Rx Tx Data C Rx Tx Data Rx Tx Data Rx Tx Data Rx Tx Data Conclusion 1 2 3 6 4 5 T 8 For optimum performance of your 1000BASE T product it is important to fully qualify your cable installation and ensure it meets or exceeds ANSI EIA TIA 568 A 1995 or ISO IEC 11801 1995 Category 5 specifications Install Category 5e cable where possible including patch panel cables Minimize transition points jacket removal and untwist lengths Bundling of cables must be properly installed to meet the requirements in ANSI EIA TIA 568A 3 B 8 Cabling Guidelines SM 10004 02 Appendix C 802 1x Port Based Authentication Overview This appendix provides an overview of802 1x security and configuration Understanding 802 1x Port Based Network Access Control 802 1x is well on its way to becoming an industry standard and provides an effective wired and wireless LAN security solution Windows XP implements 802 1x natively and the 700 Series Managed Switch supports 802 1x The 802 111 committee is specifying the use of 802 1x to eventually become part of the 802 11 standard With 802 11 WEP all wireless access points and client wireless adapters on a
77. e 4 24 Traffic Prioritization Main Menu gt Advanced gt Traffic Management gt DiffServ Differentiated Service DiffServ uses a priority tag in the packet the Differentiated Service Code Point DSCP to determine the priority of the packet Advanced gt Traffic Management gt DiffServ DSCP Value Prty DSCP Value Prty DSCP Value Prty DSCP Value Prty 0 ik Normal 2 Normal 3 Normal 4 Normal 9 Normal 6 Normal f Normal 8 Normal 9 Normal 18 Normal i Normal 12 Normal 13 Normal 14 Normal 19 Normal 16 Normal 1 Normal 18 Normal 19 Normal 20 Normal 21 Normal 22 Normal Zei Normal 24 Normal 29 Normal 26 Normal 27 Normal 28 Normal 29 Normal 30 Normal BL Normal 32 High 33 High 34 High 35 High 36 High 3 High 38 High 39 High 40 High 41 High 42 High 43 High Ab High 45 High 46 High 47 High 48 High 49 High 50 High Gi High 92 High Kb High 94 High a High 56 High 8 High 58 High 59 High 60 High 61 High 62 High 63 High Figure 4 25 DiffServ Administration Console Telnet Interface 4 19 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 There are 64 different tags available This menu maps the various DSCP tags to the two output queues on each port Main Menu gt Advanced gt Traffic Management gt Broadcast Control Broadcast control lets you set a threshold for the number of broadcast packets sent over a port Unit il Advanced gt Traffic Management gt Broadcast Control Broadcast Control Rate Packets s Port Packe
78. e Reset Statistics e Port Settings e MAC Address Table Each of these menus is covered in the following sections SM 10004 02 Web Based Management Interface 700 Series Managed Switch User s Guide for Software v2 1 Status gt Switch Statistics The Switch Statistics Chart allows you to compare one type of statistic across all the ports You can reset the counters in the Reset Statistics page Statistics Outbound Octet Rate Byies s Refresh Rate ere b Color Green Draw Outbound Octet Rate Bytes s TO Ke Figure 5 4 Switch Statistics You can configure the following options on the Switch Statistics Chart e Statistics The type of system data to be monitored e Refresh Rate The time interval between automatic refreshes 5 10 15 30 seconds e Color The color setting for the chart There are 24 kinds of Statistics that you can review on this screen e Inbound Octet Rate Received Byte per second e Inbound Unicast Packet Rate Received Unicast packet per second e Inbound Non unicast Packet rate Received Non unicast packet per second e Inbound Discard Rate Received and is discarded packet per second e Inbound Error Rate Received error packet per second e Outbound Octet Rate Transmitted byte per second e Outbound Unicast Packet Rate Transmitted unicast packet per second Web Based Management Interface 5 5 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 e Ou
79. e by port VLAN or MAC address by entering a value in those fields and selecting Query 46 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Status gt HAC Address Table Port HE VLAN ID HAC Address Query Next Prev Port VLAN MAC Address Port VLAN HAC Address Kr bah pt kt pd ra peb p vn Ech va Eh pt jb k kk k kk kk k kk bh bh kk k kk Fa jb jam bah ka kk kk k kk ke be bah ke ke ka Os on gt nN Kass o Ed p D KA bah bon jeb bah rn fb ka vn fab foad Eh Fa LA eh ben vn bet vn bh ben vn bh rn Eet E kk k kk Fe kk kk Fe kk kk bk kk k kk Fi gt gt Or on GR e 2 on KN jmb Enter a Unit Port Number lt ESC gt Back lt Tab gt Move the Cursor lt Ctrl L gt Refresh lt Ctrl W gt Save Figure 4 9 Address Manager MAC Address Table Main Menu gt Set Up There are three sub menus at Set Up menu System Configuration IP Configuration and Port Configuration Main Menu gt Set Up gt System Configuration The System Configuration allows the user to enter a number of system related information for easy reference in the future Such items include System Name Contact Person and System Location The MAC address is also shown but it is not user configurable FSH726 Managed Switch System Name KMENE System Contact Not Defined System Location Not Defined MAC Address 60 09 5b 36 b0 04 System Description
80. e field The State field displays the Spanning Tree State of the port Blocking Listening Learning Forwarding or Disabled You can only observe the status of the ports you cannot modify this field The Spanning Tree Protocol controls this field Rate Duplex field Offers the choice of Full duplex Half duplex or Auto negotiation Enabling auto negotiation on a port allows a port to sense the communication speed and negotiate the duplex mode full duplex or half duplex automatically The ports will select the highest possible throughput The port can auto negotiate with any port that is compliant with IEEE 802 3u If the other port is not IEEE802 3u compliant the port will default to half duplex 10 Mbps mode Users can operate the communication speed and duplex mode manually Flow Control Allows you to enable or disable Flow Control Flow control is a protocol that prevents packets from being dropped by reducing the amount of traffic to a level that can be accommodated If enabled on both ends of a connection it will prevent the sender from sending data until the receiver can accept it This switch complies with the IEEE802 3x flow control standard Comments Allows you to name the port or make notes Administration Console Telnet Interface 4 9 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Gigabit Ports For the gigabit ports on each switch the port type may be chosen The default is that the port uses
81. eAuthentication Timer allows user to specify the time interval between authentication server s checks of users connected to the network The default time interval is 3600 seconds This field is configurable when Authentication Control is Auto Note RADIUS server IP address and Shared Secret must be configured first before enabling 802 1 602 1 RADIUS server connected port must be configured as Authorized only Otherwise 502 1 wont take effect Re authentication Timer 3600 1 65535 seconds Port Authentication Port Authentication 1GS Authorized 2GS Authorized 3GS Authorized 4GS Authorized 5GS Authorized 6GS Authorized TGS Authorized 8GS Authorized 9GT ss Authorized 10GT Authorized 11GT Authorized 12GT Authorized r 4 41 4 E e MEEME SESE To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation Figure 5 23 Advanced Security 802 1x port based authentication provides RADIUS client authentication and data encryption features see Appendix C 802 1x Port Based Authentication Overview If you have a RADIUS server on your network you can have authentication of port access done through the RADIUS server This does affect traffic passing through the switch which can be helpful is securing your network from wireless
82. eavesdropping when a wireless access point is connected to the switch To enable 802 1x provide the IP address of the RADIUS server and the shared secret authentication key The re authorization timer determines how frequently the session will refresh the data encryption with a new key Web Based Management Interface 5 23 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt Advanced Security IP Filtering is Allowed IP Addresses ee po e ee User Authentication Mode RADIUS Server IP Address RADIUS Shared Secret Advanced gt Advanced Security po pon pa EEN Basic Password Only fo 0 0 0 Select a Unique secret for validation of communication between this switch and the RADIUS server Disabled e m EE Figure 5 24 Advanced Security This menu option allows you to configure the advanced security settings of the switch to limit the access to the management interface There are two advanced security options beyond the basic password protection RADIUS client authentication and IP Filtering If you have a RADIUS server on your network you can have authentication of management access done through the RADIUS server This does not affect traffic passing through the switch but only authenticates access to the switch management The same is true for IP Filtering Here you can allow only users with specific IP addresses to access the management features thus preventing unauth
83. echnology if not correctly implemented The following sections are designed to act as a guide to correct cabling for LOOOBASE T Cabling The 1000BASE T product is designed to operate over Category 5 cabling To further enhance the operation the cabling standards have been amended The latest standard is Category 5e which defines a higher level of link performance than is available with Category 5 cable If installing new cable we recommend using Category Se cable since it costs about the same as Category 5 cable If using the existing cable be sure to have the cable plant tested by a professional who can verify that it meets or exceeds either ANSI EIA TIA 568 A 1995 or ISO IEC 11801 1995 Category 5 specifications Length The maximum distance limitation between two pieces of equipment is 100 m as per the original Ethernet specification The end to end link is called the channel TSB 67 defines the Basic Link which is the portion of the link that is part of the building infrastructure This excludes patch and equipment cords The maximum basic link length is 295 feet 90 m Return Loss Return loss measures the amount of reflected signal energy resulting from impedance changes in the cabling link The nature of 1OOOBASE T renders this measurement very important if too much energy is reflected back on to the receiver the device does not perform optimally Cabling Guidelines B 5 SM 10004 02 700 Series Managed Switch
84. ement Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt VLAN gt Primary VLAN Advanced gt VLANS gt Primary VLAN Show VLAN Default Name Defaut VLAN ID 1 F Remove VLAN Unit d z 8 e Kur 6 9 10 11 12 13 14 45 16 17 18 19 20 24 22 23 24 25 26 YUEN UU HIH UiULULULUSUL UU UIUJUJU JUJU UJU UU U Untag egress packets T Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation Tag egress packets Not member Figure 5 32 Primary VLAN A U or T will be displayed for each port assigned to the VLAN where U stands for untagged and T for tagged If a port is an untagged member of a VLAN the VLAN tag will be striped from the frame before it is sent out that port If the port is a tagged member of a VLAN the VLAN tag will stay in the frame when it is sent A blank indicates that the port is not a member of the particular VLAN and will not get any traffic for that VLAN The VLAN tagging option is a standard set by the IEEE to facilitate the spanning of VLANs across multiple switches Reference Appendix B and IEEE Std 802 1Q 1998 Virtual Bridged Local Area Networks From this menu you can create a new VLAN add new ports to an existing VLAN remove ports from an existing VLAN or delete a VLAN Create anew VLAN Group Under the
85. emove a port or an entire VLAN just press Ctrl X anywhere on the line of the VLAN Main Menu gt Advanced gt VLANS gt VLAN Membership This matrix allows for real time management of up to 64 VLANs Advanced gt VLANS gt VLAN Membership VLAN ID 1 Next VLAN VLAN Name Default G0000008 81111111 11122222 22222333 33333334 44444444 45 Port 12345678 98123456 78901234 56789012 34567890 12345678 90 unit 1 UUUUUUUU UUUUUUUU UUUUUUUU UU Figure 4 29 VLAN Membership To add a port to a VLAN position the cursor in the desired matrix location and toggle the options with the SPACE bar A U or T will be displayed for each port assigned to the VLAN where U stands for untagged and T for tagged If a port is an untagged member of a VLAN the VLAN tag will be striped from the frame before it is sent out that port If the port is a tagged member of a VLAN the VLAN tag will stay in the frame when it is sent A space indicates that the port is not a member of the particular VLAN and will not receive or forward any traffic for that VLAN VLAN tagging is a standard set by the IEEE to facilitate the spanning of VLANs across multiple switches Reference Appendix B and IEEE Std 802 1Q 1998 Virtual Bridged Local Area Networks Main Menu gt Advanced gt VLANS gt VLAN Ports All untagged packets entering the switch will by default be tagged with the ID specified by the port s PVID Administration Console Telnet Interfa
86. erface Configuration Mode by using the exit command You then have to re enter Interface Configuration Mode by specifying another interface again using the interface command When you re in interface configuration mode you will be able to configure the following items CoS Class or Service Class of Service CoS is a way of managing traffic in a network by treating different types of traffic with different levels of service priority Higher priority traffic gets faster treatment during times of switch congestion Syntax FSM726 config if cos lt normal high gt Where lt normal high gt the priority given to the port When set to high traffic from and destined for this port will take priority over traffic from other ports Description This command allows you to assign a name or description to a port syntax FSM726 config if description lt description gt where lt description gt the description you wish to give to this particular interface Duplex Syntax FSM726 config if duplex lt duplex operation gt Where 6 14 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 lt duplex operation gt one of three modes auto full or half Exit This command takes you out of Interface Configuration Mode and back to Configuration Mode Syntax FSM726 config if exit Flow Control This command enables flow control on this particular port Syntax FSM726 config if
87. es Managed Switch User s Guide for Software v2 1 2 5 SM 10004 02 Chapter 3 Software Upgrade Procedure As networking technology advances NETGEAR will release new versions of the software that runs the switch These software releases will provide new capabilities that can extend the useful life of your switch This manual is updated whenever there is a change in either the first or second positions of the software version number The third position in the software version number identifies bug fix and patch versions for which this manual is not updated The upgrade procedure and the required equipment are described in this chapter IP address Network Mask and Default Gateway are not affected by upgrading the software These settings will be preserved in non volatile memory NVRAM The upgrade process is accomplished by having the switch boot from a TFTP server instead of its own NVRAM To initiate this sequence the user must set the Next Boot From configuration parameter to Boot from Net and then perform a reset When the Boot from Net option is set the switch will start using an image residing on a TFTP server on the network Be sure that the TFTP server residing on the network is accessible by the switch Once completed the software version should be verified in the System page Note It is highly recommended though not necessary to use a RS 232 serial port connection to the switch during the software upgrade
88. ess table static Mirror The show mirror command displays mirroring configurations of the switch Primarily it shows which ports are mirroring and being mirrored Syntax FSM726 show mirror An example of the output is shown below Port Mirroring 1s Enabled Source 1 23 Monitor 1 1 Multimedia The show multimedia command displays IGMP and HPO status indicating whether they are enabled or disabled Syntax FSM726 show multimedia 6 6 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Running Contfig The show running config command displays the current running configuration It displays a great deal of information including system information interface status of each port VLAN configuration DiffServ and SNMP configuration among other things Syntax FSM726 show running config A partial example of the display output is shown below snmp server name Not Defined snmp server location Wiring Closet 1 snmp server contact Tom snmp server community public RO snmp server community Tom WO snmp server host authorization vlan database vlan 1 Default exit interface Ethernet 1 1 cos Normal description Not Defined no shutdown speed 100 duplex full flow ctrl negotiation auto switchport access vlan untagged 1 switchport access native 1 mirror mirror monitor spanning tree port priority 128 spanning tree cost 19 no spanning tree fastlink exit
89. etting that is user configurable the default setting is 1 The default VLAN ID setting for each port can be changed in that port s respective Port Configuration page When a tagged packet enters a port the tag for that packet will be unaffected by the default VLAN ID Setting The packet will now proceed to the VLAN specified by its VLAN ID tag number If the port in which the packet entered does not have membership with the VLAN specified by the VLAN ID tag the packet will be dropped Port VLAN membership settings are changed in the Primary VLAN page If the port has membership to the VLAN specified by the packet s VLAN ID the packet will be able to be sent to other ports with the same VLAN ID membership Packets leaving the switch will be either tagged or untagged depending on the setting for that port s VLAN membership properties A U for a given port and VLAN will mean that packets leaving the switch from that port and VLAN will be Untagged Inversely a T for a given port and VLAN will mean that packets leaving the switch from that port and VLAN will be tagged with the respective VLAN ID in which it participated in Two examples of for setting up VLANs will be given Example 1 will step through a simple two group VLAN setup Example 2 will step through a more elaborate setup illustrating all possible scenarios for a comprehensive understanding of tagged VLANs Example 1 This example shows the basics of setting u
90. ew Password Verify Password Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation Enabling Password security will allow only those with the password to access the switch via the network or console interface If there is no new password input the previous password will not be changed If you enable password protection without setting your own password you have to refer to your manual for the default password Figure 5 20 Security Menu 5 18 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 The user name and password can be up to 20 characters and are case sensitive The password entered is encrypted on the screen and will display as a sequence of asterisks The factory default password is password in lower case letters On this page you can e Enable or disable password protection e Change the user name and password e Click Apply to activate the new password Note If you have enabled password protection without setting your own password the default password is password in all lower case letters Advanced Options There are 11 sub menus in the Advanced Section Navigation system HA Status HC Set up mA Tools HC Security HE Advanced Disable Advanced Alert Port Mirroring Port Trunking Virtual Cable Tester ACI Advanced Security
91. ffective framework for authenticating and controlling user traffic to a protected network as well as dynamically varying encryption keys 802 1x uses a protocol called EAP Extensible Authentication Protocol and supports multiple authentication methods such as token cards Kerberos one time passwords certificates and public key authentication For details on EAP specifically refer to IETF s RFC 2284 ADSL Short for asymmetric digital subscriber line a technology that allows data to be sent over existing copper telephone lines at data rates of from 1 5 to 9 Mbps when receiving data known as the downstream rate and from 16 to 640 Kbps when sending data known as the upstream rate ADSL requires a special ADSL modem ADSL is growing in popularity as more areas around the world gain access ARP Address Resolution Protocol a TCP IP protocol used to convert an IP address into a physical address called a DLC address such as an Ethernet address A host wishing to obtain a physical address broadcasts an ARP request onto the TCP IP network The host on the network that has the IP address in the request then replies with its physical hardware address There is Glossary 1 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 also Reverse ARP RARP which can be used by a host to discover its IP address In this case the host broadcasts its physical address and a RARP server replies with the host s IP address Auto nego
92. for one port over time You can reset the counters in the Reset Statistics page e Port The port on which data will be monitored e Refresh Rate The time interval between automatic refreshes e Color The color setting for the data There are 12 kinds of Port Statistics Inbound Octets Received bytes e Inbound Unicast Packets Received unicast packet e Inbound Non unicast Packets Received non unicast packet e Inbound Discards Received and is being discarded packet e Inbound Errors Received and is a error packet e Outbound Octets Transmitted byte e Outbound Unicast Packets Transmitted unicast packet e Outbound Non unicast Packets Transmitted non unicast packet Web Based Management Interface 5 7 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 e Outbound Discards Transmitted and is being discarded packet e Outbound Errors Transmitted and is an Error packet e Ethernet Undersize Packets Less than 64byte length packet e Ethernet Oversize Packets more than 1518 byte length packet Status gt Error Statistics Status gt Error Statistics Port Selection Stack Unit 1 J Port 1 Refresh Rate 5 Seconds Color Green vi 0 InDiscards InUnkProtos OutErrors EthCRCAlign EthOsizePkts EthJabbers InErrors OutDiscards EthDrops EthUsizePkts EthFrags EthColls Cumulative Packets Figure 5 6 Error Statistics The Error Statistics Graph allows you to char
93. h PVID is set for each port Following industry standards PVID 1 is the default PVID 5 32 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt Spanning Tree This switch is compliant with IEEE802 1D Spanning Tree Protocol STP STP ensures that only one path at a time is active between any two network nodes There maybe more than one physical path between any two nodes forming a loop either created for redundancy or by accident STP ensures only one physical path 1s active and the others are blocked If a loop is created for redundancy STP will monitor the two paths and activate the stand by path if the primary path fails If a loop was created inadvertently STP will disable one of the two paths A loop ina network can disable your network by causing a Broadcast storm the result of a broadcast message traveling through the loop again and again There are two sub page of Spanning Tree configuration e Bridge Settings e Port Settings Advanced gt Spanning Tree gt Bridge Settings Advanced gt Spanning Tree gt Bridge Settings When Spanning Tree is enabled the switch will be momentarily unavailable as it runs the Spanning Tree Protocol and configures its ports Root Port Itself Root Port Path Cost 0 Bridge Hello Time 2 Bridge Max Age 20 Bridge Forward Delay 15 Root Bridge Priority 32768 Root MAC Address 00 09 5b 36 50 07 Switch MAC Address 00 09
94. hat bypasses the listening amp learning phase of Spanning Tree Speed Syntax FSM726 config if speed lt speed gt Where lt speed gt the speed of the port The options are 10 100 1000 or auto for automatic speed configuration Command Line Interface 6 17 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Switchport The switchport command lets you configure VLAN access mode of this particular port e VLAN syntax FSM726 config if switchport access vlan tagged lt VLAN Membership gt untagged lt VLAN membership gt Where tagged lt VLAN Membership gt Setting the VLAN membership to tagged mode VLAN Membership ranges from 1 4094 untagged lt VLAN Membership gt setting the VLAN membership to untagged mode VLAN Membership ranges from 1 4094 For example suppose this particular port belongs in VLAN 64 and 32 You wish to configure it so that it operates in tagged mode in VLAN 64 but in untagged mode in VLAN 32 the command to do so would be FSM726 config if switchport access vlan tagged 64 FSM726 config if swtichport access vlan untagged 32 e Native All untagged packets entering the switch will by default be tagged with the ID specified by the port s PVID This command allows you to specify the PVID for each port The PVID values ranges from 1 4094 Following industry standards PVID 1 is the default PVID Syntax FSM726 config if switchport access native lt PVI
95. he switch using one of three options Please refer to Chapter 2 Software Upgrade Procedure when updating software e Net option This option allows you to try out a new image before upgrading It requires a TFTP filename and a server IP address to retrieve the specified image from the given IP address The new image will not overwrite the one in non volatile memory e Net amp save option This option requires the same setup as the Net option i e TFTP server and a new image However it copies the image to non volatile memory directly and then the system boots from non volatile memory Warning The previous image in non volatile memory will be lost when the procedure completes Administration Console Telnet Interface 4 17 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 e Last Saved option The system will boot from non volatile memory This option will automatically show up after the Net amp save option is selected and the unit is reset Main Menu gt Advanced gt Advanced Tools gt Configuration Management This menu allows you to save your configuration in case you want to keep a copy for back up purposes Warning Do not edit your configuration file Editing your file can cause your switch to lose its management capabilities and possibly degrade its performance Editing the configuration file will void your warranty Advanced gt Advanced Tools gt Configuration Management TFIP Server IP Add
96. hods such as token cards Kerberos one time passwords certificates and public key authentication For details on EAP specifically refer to IETF s RFC 2284 802 1x Port Based Authentication Overview C 1 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Identity Identity Request Credentials Request Credentials Credentials Authentication key Uncontrolled Port LAN Resources Credentials Controlled Port 1 The client sends an EAP start message This begins a series of message exchanges to authenticate the client 2 The access point replies with an EAP request identity message 3 The client sends an EAP response packet containing the identity to the authentication server 4 The authentication server uses a specific authentication algorithm to verify the client s identity This could be through the use of digital certificates or other EAP authentication type 5 The authentication server will either send an accept or reject message to the access point 6 The access point sends an EAP success packet or reject packet to the client 7 Ifthe authentication server accepts the client then the access point will transition the client s port to an authorized state and forward additional traffic C 2 802 1x Port Based Authentication Overview SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Initial 802 1x communications begin with an unauthenticated s
97. how to translate a particular domain name it asks another one and so on until the correct IP address is returned Glossary 3 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Domain Name A descriptive name for an address or group of addresses on the Internet Domain names are of the form of a registered entity name plus one of a number of predefined top level suffixes such as com edu uk etc For example in the address mail NETGEAR com mail is a server name and NETGEAR com is the domain DSL Short for digital subscriber line but is commonly used in reference to the asymmetric version of this technology ADSL that allows data to be sent over existing copper telephone lines at data rates of from 1 5 to 9 Mbps when receiving data known as the downstream rate and from 16 to 640 Kbps when sending data known as the upstream rate ADSL requires a special ADSL modem ADSL is growing in popularity as more areas around the world gain access Dynamic Host Configuration Protocol DHCP An Ethernet protocol specifying how a centralized DHCP server can assign network configuration information to multiple DHCP clients The assigned information includes IP addresses DNS addresses and gateway router addresses EAP Extensible Authentication Protocol is a general protocol for authentication that supports multiple authentication methods EAP an extension to PPP supports such authentication methods as token cards
98. ic Multicast Group membership of each por Show Group IS 1 33 44 55 66 Remove Multicast Group me EW ONE 10 11 12 13 14 16 16 17 18 10 20 21 22 23 24 2 2 1 y KOR Viv d y Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation Create a new Group by selecting Add a new Group then provide Static Multicast MAC Address start with 01 00 5e then click Apply Remove an existing Group by selecting the Group MAC Address checking Remove Group and then click Apply Change Group membership by Figure 5 39 Multimedia Support gt Static Multicast Groups You can use this menu t configure permanently reachable multicast groups The Static Multicast Administration menu lets you create individual groups by entering a MAC address of your static multicast group Click on the ports to add them to the multicast group Advanced gt SNMP You can manage this switch using the Simple Network Management Protocol SNMP from a network management station To do so you must configure your switch to participate in the SNMP community and you must add the SNMP host agent to the host table This prevents unauthorized SNMP access to your switch from non approved SNMP hosts Support for these Standard MIBs is included e MIB II RFC1213 e Ethernet Interface MIB RFC1643 e Bridge MIB RFC1493 e Private E
99. igh the command to do so would be FSM726 config diffserv 33 high Exit The exit command takes you out of the CLI mode by one level For example when you are in configuration mode and the prompt looks like FSM726 config By entering exit at the prompt you will exit the configuration mode and be taken back to the root level where the prompt looks like FSM726 When you enter the exit command at the root level you will return to the Main Menu of the switch Syntax FSM726 config exit Interface The interface command allows you to configure each network interface of the switch Items such as the speed duplex and negotiation are configured in this mode The command to enter the interface mode is Syntax FSM726 config interface ethernet lt x y gt Where lt x y gt x is the stack number and y is the port number which ranges from 1 26 Since FSM726 is not stackable the value of x is always 1 For example suppose you want to configure port 8 on the switch the command to do so would be FSM726 config interface ethernet 1 8 Command Line Interface 6 13 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 When the interface command is properly entered you will be taken to the Interface Configuration Mode where the prompt changes from FSM726 config to FSM726 config if When you are done configuring one particular interface and wish to configure another interface you must exit the Int
100. ing Timer Syntax FSM726 config mac address table aging timer lt aging time gt Where lt aging time gt the maximum time where a MAC address will stay in the MAC address table This number ranges from 10 1 000 000 seconds Command Line Interface 6 19 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Static The Static Addresses Table allows the administrator to specify Media Access Control MAC addresses for specific ports that will not be purged from the bridge table by the aging function Syntax FSM726 config mac address table static lt mac address gt lt ethernet interface number gt Where lt mac address gt The MAC address you wish to keep on the table regardless of aging timers The MAC address is a 48 bit string expressed in hexadecimal with a colon separating every 8 bits For example 00 2d 3f 22 11 54 lt ethernet interface number gt The Ethernet interface associated with the MAC address you specified The interface number is expressed in x y format where x is the stack number always 1 in the case with FSM726 and y is the port number Multicast Static You can use this menu t configure permanently reachable multicast groups The Static Multicast command let you create individual groups by entering the MAC address of static group Syntax FSM726 config mac address table multicast static lt mac address gt ethernet lt interface number gt Where lt mac address gt the
101. ir or four pair twisted insulated copper conductors bound in a single plastic sheath Category 5 cable is certified up to 100 MHz bandwidth 1 OOBASE TX operation uses one pair of wires for transmission and the other pair for receiving and for collision detection When installing Category 5 UTP cabling use the following guidelines to ensure that your cables perform to the following specifications Certification Make sure that your Category 5 UTP cable has completed the Underwriters Laboratories UL or Electronic Testing Laboratories ETL certification process Termination method To minimize cross talk noise maintain the twist ratio of the cable up to the point of termination untwist at any RJ 45 plug or patch panel should not exceed 0 5 inch 1 5 cm Cabling Guidelines B 1 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Category 5 Cable Category 5 distributed cable that meets ANSI EIA TIA 568 A building wiring standards can be a maximum of 328 feet ft or 100 meters m in length divided as follows 20 ft 6 m between the hub and the patch panel if used 295 ft 90 m from the wiring closet to the wall outlet 10 ft 3 m from the wall outlet to the desktop device The patch panel and other connecting hardware must meet the requirements for 100 Mbps operation Category 5 Only 0 5 inch 1 5 cm of untwist in the wire pair is allowed at any termination point Category 5 Cable Specifications Ens
102. is document without notice NETGEAR does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein SM 10004 02 Regulatory Compliance Information This device is restricted to indoor use due to reduce the potential for harmful interference to co channel Mobile Satellite and Radar Systems Canadian Department of Communications Compliance Statement This Class B Digital apparatus 700 Series Managed Switch meets all the requirements of the Canadian Interference Causing Equipment Regulations Cet appareil numerique del la classe B respect les exigences du Regalement sur le material broilleur du Canada This device comples with Class B limits of Industry of Canada Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation The device is certified to the requirements of RSS 139 1 and RSS 210 for 2 4 GHz spread spectrum devices The use of this device in a system operating either partially or completely outdoors may require the user to obtain a license for the system according to the Canadian regulations For further information contact your local Industry Canada office EN 55 022 Declaration of Conformance This is to certify that the 700 Series Managed Switch is shielded against the generation of radio interferenc
103. ket loss After change the selection you need to click the Apply button to make this change effective Flow Control Optimized Port Prioritization Port Priority setting enables you to add a high priority VLAN tag to traffic as d enters the switch It will not change a priority tag if the packet already has one Within the switch high priority traffic will be transmitted before low prionty trafic using a Weighted Round Robin WRR prontization scheme Stack Unit 1 Port Priority Port Priority Port Priority Port Priority 1 Normal 2 Normal 3 Normal 4 Normal 5 Normal 6 Normal D Normal 8 Normal H Normal 10 Normal 11 Normal 12 Normal Figure 5 30 Traffic Prioritization Settings Traffic that comes in on ports with a setting of high will be transmitted before those that come in on a port with a normal setting The settings on this page only affect packets that do not already have VLAN priority tags To raise the priority of a given port toggle the port s setting from normal to high The default setting for a port is normal You may choose to further differentiate packet priority by using the Differentiated Service DiffServ feature DiffServ uses a priority tag in the packet the Differentiated Service Code Point DSCP to determine the priority of the packet There are 64 different tags available This menu maps the various DSCP tags to the two queues in the swit
104. le Access SNMP Protocol SNMP is the standard management protocol for multi vendor IP networks SNMP supports transaction based queries that allow the protocol to format messages and to transmit information between reporting devices and data collection programs SNMP runs on top of the User Datagram Protocol UDP offering a connectionless mode service SNMP Access With this access method you can use an external SNMP based application to manage your NETGEAR 700 Series Managed Switch Figure 2 2 shows an example of this management method Switch Management Overview 2 3 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string and that the SNMP Network Management Station is entered in the SNMP Host table on the switch This management method in fact uses two community strings the GET community string and the SET community string If the SNMP Network management Station only knows the SET community string it can read from and write to the MIBs However if it only knows the GET community string it can only read MIBs The default GET community string for the switch is public and the host table is empty NETGEAR FSM Stackable Switch SNMP Manager Figure 2 2 SNMP Based Management Method 2 4 Switch Management Overview SM 10004 02 Switch Management Overview 700 Seri
105. le Tester Port 9 Test Pair 1 2 Test result is good Pair 3 6 Test result is good Pair 4 9 Test result is good Pair 7 8 Test result is good Figure 4 20 Virtual Cable Tester The results are reported for the selected port The test can take up to one minute 4160 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Note Only the console menu will let you run the virtual cable tester on any port Other management interfaces require port access and therefore cannot reliably test the cable continuity of the port they are using to access the switch Main Menu gt Advanced gt Advanced Tools This menu provides you with the ability to upgrade the software for the switch as well as saving or loading the switch configuration file to a TFTP server Main Menu gt Advanced gt Advanced Tools gt Software Upgrade If new improvements to the software that runs the switch become available this menu enables you to upgrade your switch to the new software release Advanced gt Advanced Tools gt Software Upgrade Hardware Version RA Firmware Version 1 2 2495 Software Version 1 0 4 3013 Next boot from ast Saved TFTP Server IP Address 172 16 7 146 TFIP Path Filename fsm 5 s app RDUx_ng 3013 Figure 4 21 Software Upgrade Once the IP address of the TFTP and the path location of the new software image file is properly configured the user can choose to boot t
106. munity name and then these permissions are assigned to individual machines by adding those machines and their IP address to the appropriate community string Host Authorization can be Enabled or Disabled Host Authorization is a security feature to limit people who are not listed in the host table from accessing the switch using SNMP Advanced gt SNMP gt Trap Setting Advanced gt SNMP gt Trap Settings Authentication Trap is Enabled Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation Figure 5 42 Figure 4 33 SNMP Management gt Trap Settings With authentication traps enabled the system generates a SNMP trap when a host authorization fails Hosts in community strings with TRAP privileges are notified when a trap occurs 5 40 Web Based Management Interface SM 10004 02 Chapter 6 Command Line Interface The 700 Series Managed Switch features a Command Line Interface CLI designed for expert users who are familiar with common CLIs in use in the market The CLI follows a tiered structure enabling different commands at different levels or sections of the CLI Manual Syntax Before discussing the details of the CLI operation the syntax of the CLI commands used in this manual are listed below e The CLI syntax is presented in bold ariel text with the 700 Series Managed switch model number foll
107. nfigured Its purpose is to determine the amount of time an entry is held in the forwarding tables while no activity occurs from that address Entries should be removed to update the table for MAC addresses that have moved or are turned off e The industry standard default value is 300 seconds 5 minutes e The administrator may change this value to any value between 10 and 1 000 000 seconds e After changing the value click Apply Advanced MAC gt Static Addresses Advanced gt MAC gt Static Address Static Address will not be aged out of the MAC address table They must be manually removed MAC Address Unit Selection Port Selection on 11 22 33 44 55 Stack Unit Por Add Remove Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation Figure 5 37 MAC gt Static Addresses 5 36 SM 10004 02 Web Based Management Interface 700 Series Managed Switch User s Guide for Software v2 1 Any system whose MAC address and the port number are listed in this screen will not be purged from the system s forwarding table by the aging process 1 Add anew entry Enter the MAC address and port in the appropriate boxes Click Add 2 3 4 Remove an exist entry 5 Highlight that entry in the table by clicking on the MAC address 6 Choose Remove Advanced gt Multimedia Support Use the
108. nitors the network activity by copying all traffic from the specified monitoring sources to the designated monitoring port to which a network analyzer can be attached A120 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Port Trunking a feature that allows multiple links between switches to work as one virtual link aggregate link Trunks can be defined for similar port types only For example a 10 100 port cannot form a Port Trunk with a gigabit port For 10 100 ports trunks can only be formed within the same bank A bank is a set of eight ports Up to four trunks can be operating at the same time Toggle the ports to the correct trunk number to set up a trunk After clicking Apply the trunk will be enabled Spanning Tree will treat trunked ports as a single virtual port Virtual Cable Tester The user can use this feature to test the continuity of the cable circuit Advanced Tools The user can upgrade the software of the switch or save load the switch configuration file to a TFTP server Traffic Management Class of Service CoS also referred to as Quality of Service QoS is a way of managing traffic in a network by treating different types of traffic with different levels of service priority Higher priority traffic gets faster treatment during times of switch congestion Priority can be based on VLAN tags ports or Differentiated Service Code Points DSCP Broad
109. nterprise MIB see the Resource CD for Managed Switches 5 38 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 4 Group RMON RFC1757 Advanced gt SNMP gt Community Table Advanced gt SNMP gt Community Table CommunityName Get Set Trap Status Jupe EE C Aae Company e EE Bos in fo tl Ia I Bo G Iw 8 Pane Gl is t sue nn Go Rone Seen Fb pg Map Iesel 8 pp han Apply Reload To permanently save the configuration into non volatile memory click Apply on this page Figure 5 40 Figure 4 31 SNMP Management Community Table The administrator can create up to eight different community strings with combinations of GET SET and TRAP privileges These community strings need to be set prior to setting host access as the host table depends on the existence of community strings The public string has GET privileges by default Advanced gt SNMP gt Host Table Advanced gt SNMP gt Host Table Host Name Host IP Address Community Host Status george 20 245 34 2 public z Active Admin 20 245 34 5 Company 7 Ta A Ka Figure 5 41 SNMP Management gt Host Table Web Based Management Interface 5 39 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 The SNMP Host Table screen allows you to add and remove hosts from access rights that have been granted to community groups The permissions GET SET and TRAP are assigned to a com
110. nu in the top of right side of screen you can click the help or the question mark to read the help menu The help menu contains e Web Based Management Introduction to the Web management features e Device Management Introduction of the basic icons and management of the device e Interface Operations Describes Web browser requirements and common commands e Product Overview Describes supported SNMP and Web management features e Summary of Features Feature List Within the various browser interface pages there are several buttons that you can use Their names and functions are below e Reload Pulls that screen s data from current values on the system e Apply Submits change request to system and refreshes screen data e Add Adds new entries to table information and refreshes screen data e Remove Removes selected entries from table and refreshes screen data e Reset Resets the system which is equivalent to power off on e Restore Restores system factory default values except password and IP e Query System will retrieve the useful information in database 5 2 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 System Information Suppor Navigation System seg H you want to change system name system contact or system location please refer to the page FL Status Set up gt System Configuration If you want to change system IP network mask or default HC Se
111. of all three Based on open standards methods Limited amount of information available Some settings require calculations Security can be compromised hackers need only know the community name For a more detailed discussion of the Administration Console see chapter 3 For a more detailed discussion of the Web Browser Interface see chapter 4 Protocols Your NETGEAR 700 Series Managed Switch supports the following protocols e Virtual terminal protocols such as Telnet s SNMP 2 2 Switch Management Overview SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Virtual Terminal Protocols A virtual terminal protocol is a software program such as Telnet that allows you to establish a management session from a Macintosh a PC or a UNIX workstation Because Telnet runs over TCP IP you must have at least one IP address configured on a NETGEAR 700 Series Managed Switch before you can establish access to it with a virtual terminal protocol Terminal emulation differs from a virtual terminal protocol in that you must connect a terminal or PC directly to the console port Figure 2 1 shows a UNIX workstation connected to the system through a virtual terminal protocol Telnet and a terminal connecting directly to the console port through a null modem cable NETGEAR FSM Stackable Switch Terminal or PC Running Terminal Telnet Ethernet Emulation Software PC or Workstation Figure 2 1 Administration Conso
112. on 1 0 4 2505 Next Boot from Last Seved TFTP Server IP Address fo 0 0 0 TFTP PathFilename Apply Reload To permanently save the configuration inte non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side navigation If you want to upgrade the software version you must put the new version on a Trivial File Transfer Protocol TFTP server for the switch to download t NETGEAR recommends trying Figure 5 28 Advanced Tools menu This menu provides you with the ability to upgrade the software for the switch through a variety of options using TFTP protocol If new improvements to the switch software become available this menu enables you to upgrade to the new software Once the IP address of the TFTP and the path location of the new software image file 1s properly configured the user can choose to boot the switch using one of three options Please refer to Chapter 3 Software Upgrade Procedure when updating software Net option This option allows the user to try out a new image before upgrading It requires a TFTP filename and a server IP address to retrieve the specified image from the given IP address The new image will not overwrite the one in non volatile memory This is the recommended first step Net amp save option Web Based Management Interface 5 27 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 This option requires the same setu
113. on 4 20 Primary VLAN 4 31 Priority 3 24 4 35 R RADIUS 4 20 Rate Duplex field 3 9 Refresh Rate 4 8 Restore Factory Defaults 4 17 RS 232 serial port 2 1 S Save Configuration 4 16 Security 3 11 Set Up 3 7 Set Up gt GBIC 3 10 SNMP 1 3 3 28 4 38 SNMP gt Community Table 4 39 SNMP gt Host Table 3 29 SNMP gt Host Table 4 39 Z SNMP gt Trap Setting 4 40 SNMP gt Trap Settings 3 29 Spanning Tree 3 22 Spanning Tree gt Port Setting 4 34 ZTerm 3 2 Spanning Tree gt Bridge Settings 4 33 Spanning Tree Protocol 4 21 Spanning Tree gt Bridge Settings 3 22 State field 3 9 Static Addresses 3 25 Static Multicast Administration 3 26 Static Multicast Membership 3 27 Statistics 3 5 4 8 Statistics Rest 3 6 STP 4 21 Support for Standard MIBs 3 28 4 38 Switch Statistics 4 5 System Configuration 4 12 system tools 3 10 T TIP 3 2 Tools Menu 4 16 Traffic Management 3 18 4 21 4 29 typographical conventions 1 1 V Virtual Cable Tester 3 16 4 20 4 26 Virtual Terminal Protocols 1 3 VLAN 4 21 A 1 VLAN Port 4 32 VLAN Ports 3 21 VLANS 4 30 W Web Based Management 4 2 Index
114. orized personnel from configuring the switch 5 24 SM 10004 02 Web Based Management Interface 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt Port Mirroring Advanced gt Port Mirroring Port Mirroring is Disabled Mirrored Port Stock Unit 1 Porti Mirroring Port Stock Unit 1 Port2 Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Saye Configuration from the side navigation The Mirrored port is the port under observation The Mirroring port is the port recening the mirrored traffic Port mirroring is only enabled within a switch Figure 5 25 Figure 4 18 Port Mirroring Port mirroring is a feature to help in the debugging of a network This web interface page allows the enabling or disabling of port mirroring and the setting of source and monitor ports The monitor port will show a copy of every packet that arrives or leaves the source port Advanced gt Port Trunking Advanced gt Port Trunking Trunk Membership Unit 1 234667 8 ga 10 11 12 13 14 16 16 17 18 10 20 24 22 23 24 25 26 q Lat 2 2 2 zial li All ports in a trunk must be in the same bank As indicated in the above layout a bank consists of eight consecutive 10 100 Mbps ports or two gigabit ports Up to eight ports can be members of a trunk Four trunks can exist at the sarme time Click on a port to add it a trunk ID 1 4 T
115. ors 0 Undersized Packets 0 Oversized Packets output 223115 Bytes 484 Unicast Packets 4 Non unicast Packets 6 4 Command Line Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 0 Packet Discards 0 Packet Errors IP The show IP s IP information Syntax FSM726 show ip An example of the display output is shown below IP Assignment Mode Manual IP address 169 254 224 1 Subnet mask 255 255 0 0 Mac Address Table The show mac address table command displays a variety of information on the status and content of the MAC address table Aging Time The show mac address table aging timer command is used to display the aging timer of the mac address table Syntax FSM726 show mac address table aging timer Dynamic The show mac address table dynamic command displays the dynamically learned MAC addresses Syntax FSM726 show mac address table dynamic An example of the display output is shown below Destination Address Address Type Destination Port 00 06 5b 69 3d be Dynamic FastEthernet1 23 Command Line Interface 6 5 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Multicast Static The show mac address table multicast static command displays the static multicast addresses Syntax FSM726 show mac address table multicast static Static The show mac address table static command displays configured static addresses Syntax FSM726 show mac addr
116. owed by a such as in this example FSM726 show spanning tree interface ethernet lt x y gt e Ina paragraph with other text command keywords included are in regular courier font e The required fields in a command are enclosed in angle brackets lt gt for instance system password lt password gt e The optional field in a command are enclosed in square brackets for instance system radius authen mode local local then remote remote e Command refers to a command used in the command line interface CI Command Entering the CLI The CLI is an option within the Command Menu Interface CMI so you must be using either the console port or a telnet session to use the CLI See chapter 3 on connecting to the CMI Once in the CMI select Advanced then Command Line You will see a prompt similar to this This is known as the root prompt FSM726 Note Your prompt may look different if you gave your switch a different name Command Line Interface 6 1 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Once you see the root prompt you are in CLI mode If you have a question on what commands you can use type a question mark at the prompt A list of available commands will be presented to you There are five items in the root prompt e Configure e Exit e Help e Ping e Show These five items will be covered below Help The help command displays instructions on how to
117. p a VLAN In the VLAN Administration page add a new VLAN to the list shown below as First with a VLAN ID value of 2 In the VLAN Membership page use the space bar to modify the matrix until the desired ports are all members of the selected VLAN as either tagged or untagged ports A 2 Virtual Local Area Network SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 To allow untagged packets to participate in the First VLAN make sure to change the Port VLAN IDs for the relevant ports Access the PVID Settings page then use the space bar to add an X indicating which Port VLAN ID is assigned to which port Example 2 This example demonstrates several scenarios of VLAN use and how the switch will handle VLAN and non VLAN traffic 1 Setup the following VLANs 2 Configure the VLAN membership Each image below shows a different VLAN to be setup Be sure to set all of them as follows 3 Setup the Port VLAN IDs as follows Note Port 01 PVID is set to 2 This must be done in the port specific page since there is no VLAN with ID 2 The specific ports above have the following Port VLAN ID settings The Port VLAN ID settings for each port are configured in the VLAN Ports page Port 01 2 Port 05 5 Port 09 10 Port 13 10 Port 02 1 Port 06 1 Port 10 10 Port 14 15 Port 03 1 Port 07 1 Port 11 10 Port 15 1 Port 04 1 Port 08 1 Port 12 10 Port 16 1 The following scenarios will produce resul
118. p as the Net option 1 e TFTP server and a new image However it copies the image to non volatile memory and then the system boots from non volatile memory Warning The previous image in non volatile memory will be lost when this procedure completes Last Saved option The system will boot from non volatile memory This option will automatically show up after the Net amp save option is selected and the unit is reset Advanced gt Advanced Tools gt Configuration Manager Advanced gt Advanced Tools gt Configuration Management TFTP Server IP Address fi 72 16 50 166 TFTP Path Configuration Filename 166 Upload Configuration File to Server Upload to Server Download Configuration File from Server Download from Server WARNING Ve do not recommend altering the configuration file wia a text editor Modifying the file can inadvertently create errors in the file which can disable the management of the switch NETGEAR will not replace a switch that has been disabled by a rnodified configuratin file Downloading the configuration file from the server will automatically reboot your switch Rebooting will take approximately 60 seconds Figure 5 29 Configuration Manager Warning Do not edit your configuration file Editing your file can cause your switch to lose its management capabilities and possibly degrade its performance Editing the configuration file will void your warranty This menu allows you to save your configur
119. particular wireless LAN must use the same encryption key Each sending station encrypts data with a WEP key before transmission and the receiving station decrypts it using an identical key This process reduces the risk of someone passively monitoring the transmission and gaining access to the data transmitted over the wireless connections However a major problem with the 802 11 wireless standard is that the keys are cumbersome to change If you don t update the WEP keys often an unauthorized person with a sniffing tool can monitor your network for less than a day and decode the encrypted messages In order to use different keys you must manually configure each access point and wireless adapter with new keys Products based on the 802 11 standard alone offer system administrators no effective method to update the keys This might not be too much of concern with a few users but the job of renewing keys on larger networks can be a monumental task As a result companies either don t use WEP at all or maintain the same keys for weeks months and even years Both cases significantly heighten the wireless LAN s vulnerability to eavesdroppers IEEE 802 1x offers an effective framework for authenticating and controlling user traffic to a protected network as well as dynamically varying encryption keys 802 1x ties a protocol called EAP Extensible Authentication Protocol to both the wired and wireless LAN media and supports multiple authentication met
120. pport gt Multicast Membership MAC Address none Next HAC Hun 81111111 11122222 22222333 33333334 44444444 45 Port 12345678 98123456 78901234 56789812 34567890 12345678 90 unit Lee Figure 4 38 Static Multicast Membership Administration Console Telnet Interface 4 27 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Main Menu gt Advanced gt SNMP Advanced gt SNMP a Community Table b Host Table c Trap Settings Figure 4 39 SNMP Management You can manage this switch using the Simple Network Management Protocol SNMP from a network management station To do so you must configure your switch to participate in the SNMP community and you must add the SNMP host agent to the host table This prevents unauthorized SNMP access to your switch from non approved SNMP hosts Support for these Standard MIBs is included e MIB II RFC1213 e Ethernet Interface MIB RFC1643 e Bridge MIB RFC1493 e Private Enterprise MIB see the Resource CD for Managed Switches e 4 Group RMON RFC1757 Main Menu gt Advanced gt SNMP gt Community Table You can create up to eight community strings which combine GET SET and TRAP privileges Advanced gt SNHP gt Community Table Community String Get Set Trap Status On Off Off Active N A Figure 4 40 SNMP Management Community Table 4 28 2 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide
121. raffic closing to line rate The receive side picture indicates potential nodes causing the problem Refresh Rate The time interval between automatic refreshes 5 10 15 30 seconds There are four separate colors in the utilization bar to indicate four different types of packets e Unicast blue e Non Unicast black e Error red e Drops amber All colors stack together to form a single column total is up to 100 There is a scale on the side to indicate the packet seconds grid with 10 per notch Web Based Management Interface 5 9 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Status gt Reset Statistics Tools gt Statistics Counter Reset Reset All Statistics Counters Reset Counter Reset will reset all of the statistics counters to be zero Figure 5 8 Statistics Counter Reset The Reset Statistics screen lets you reset all statistics counters of the switch By pressing on the Reset button all counters will be set to 0 Status gt Port Settings Status gt Port Settings This page displays how the ports are configured Changes to these settings are made on other pages See the bottom of the page for more details Show Stack Unit 1 Port 1 2 3 4 5 Name Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Not Defined Link On Off State Speed v OSS beth Oba a EMS GK KKK a 2 Bik Bik
122. rating at 10 Mbits second LOBASE T will often tolerate low quality cables but at 100 Mbits second 1OBASE Tx the cable must be rated as Category 5 or Cat 5 or Cat V by the Electronic Industry Association EIA This rating will be printed on the cable jacket Cat 5 cable contains eight conductors arranged in four twisted pairs and terminated with an RJ45 type connector In addition there are restrictions on maximum cable length for both 10 and 100 Mbits second networks 2 Glossary SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Capacity planning Determining whether current solutions can satisfy future demands Capacity planning includes evaluating potential workload and infrastructure changes Certificate Authority A Certificate Authority is a trusted third party organization or company that issues digital certificates used to create digital signatures and public private key pairs The role of the CA in this process is to guarantee that the individual granted the unique certificate is in fact who he or she claims to be Usually this means that the CA has an arrangement with a financial institution such as a credit card company which provides it with information to confirm an individual s claimed identity CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be Class of Service A term to desc
123. ration Manager c sccceseeeeeeeeneees 4 28 Advanced gt Traffic Management ccccccccseeceecceeeceeeeceeeceeeseeeseeseeeeseeeaseesgees 4 29 Advanced gt Traffic Management gt Traffic Priority cccccceeeeeeeeeeeeeeeees 4 29 Advanced gt Traffic Management gt Broadcast Control ccccccceceseeeeeeeees 4 30 A ten E AE ET 4 30 Advanced gt VLAN gt Primary VLAN EE 4 31 Advanced gt VLAN gt VLAN Port ET 4 32 Advanced gt Spanning sis issnecacazaeaccenesadnansaaseacnatsasaunaaatdpooutmarevecietiansiacracakeninaas ta 4 33 Advanced gt Spanning Tree gt Bridge Settings A 4 33 Contents SM 10004 02 Advanced gt Spanning Tree gt Port Settings ccccccseecseeeseeeseseeeeeeeeeeseens 4 34 PR UE et eege 4 35 Advanced gt MAC gt Address Aging ccsscccsecceeeccececaeesaeecceeeceeesesesneeaseesanees 4 36 Advanced gt MAC gt Static Addresses cccccccececeeeeeeeeeeeeceeseecaeeeseeeaeeensnees 4 36 Advanced gt Multimedia Support ccccccccecccseeceeeeceeeceeeceseeceeeceeeseeesseeeaseesagess 4 37 Advanced gt Multimedia Support gt Enable Disable IGMP ccccceeeeee sees 4 37 Advanced gt Multimedia Support gt Static Multicast Groups oannnnnnnnnannannnannnnn 4 38 GEM ENEE 4 38 Advanced gt SNMP gt Community Table ccccceccsseceeeeceeeseeseseeeeeeaseesaeess 4 39 Advanced gt SNMP gt Host Table siesiassicsaset
124. ress INIRA TFTP Path Configuration Filename Download from server Upload to server Figure 4 22 Configuration Management This menu also allows you to download your configuration file back to the switch to restore your settings Main Menu gt Advanced Traffic Management Traffic management covers the methods to improve the performance of your network by differentiating traffic and limiting excess broadcast traffic Advanced gt Traffic Management b DiffServ c Broadcast Control Figure 4 23 Traffic Management 418 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 There are two means to differentiate traffic with this switch VLAN tags or Differentiated Service Code Points DSCP in the header of data packets By using either the VLAN tags port based or DSCP DiffServ you can configure the switch so that certain traffic will take priority over less critical traffic Main Menu gt Advanced Traffic Management gt Port Priority Unit il Advanced gt Traffic Management gt Port Priority Traffic Optimization is Flow Control Optimized Port Priority Port Priority Port Priority Port Priority 1 Normal 2 Normal 3 Normal A Normal 7 Normal 6 Normal Normal 8 Normal 9 Normal 10 Normal 11 Normal 12 Normal 13 Normal 14 Normal ia Normal 16 Normal Ly Normal 18 Normal 19 Normal 20 Normal 21 Normal 22 Normal 23 Normal 24 Normal 20GT Normal 26GT Normal Figur
125. ribe treating different types of traffic with different levels of service priority Higher priority traffic gets faster treatment during times of switch congestion Collision A term used to describe two colliding packets in an Ethernet network Collisions are a part of normal Ethernet operation but a sudden prolonged increase in the number of collisions can indicate a problem with a device particularly if it is not accompanied by a general increase in traffic DHCP An Ethernet protocol specifying how a centralized DHCP server can assign network configuration information to multiple DHCP clients The assigned information includes IP addresses DNS addresses and gateway router addresses DMZ Specifying a Default DMZ Server allows you to set up a computer or server that is available to anyone on the Internet for services that you haven t defined There are security issues with doing this so only do this if you ll willing to risk open access DNS Short for Domain Name System or Service an Internet service that translates domain names into IP addresses Because domain names are alphabetic they re easier to remember The Internet however is really based on IP addresses Every time you use a domain name therefore a DNS service must translate the name into the corresponding IP address For example the domain name www example com might translate to 198 105 232 4 The DNS system is in fact its own network If one DNS server doesn t know
126. rs for each port Administration Console Telnet Interface 4 23 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Table 4 1 STP Port Setting Parameters PARAMETERS RANGE DESCRIPTION Prty Priority 0 255 7 STP uses this to determine which path which port to use for forwarding The port with the lowest number has the highest priority The switch uses this to determine which port is the forwarding port when the priority is equal All other factors equal the path with the lowest cost to the root bridge will be the active path The estimated path cost is the industry standard for the port speed The default path cost is the maximum speed for the port When a Fastlink enabled port running standard STP is connected it will go through the STP negotiation listening gt learning gt forwarding or blocking before it will be fully available Enabled or Disabled Fastlink Unit H Advanced gt Spanning Tree gt Port Settings Esti Path Esti Path Port Priority Cost Cost FastLink Port Priority Cost Cost FastLink Il 128 19 19 Disabled 16 128 19 19 Disabled 2 128 19 19 Disabled Li 128 19 19 Disabled 3 128 19 19 Disabled 18 128 19 19 Disabled A 128 19 19 Disabled 19 128 19 19 Disabled 128 19 19 Disabled 20 128 19 19 Disabled 6 128 19 19 Disabled el 128 19 19 Disabled d 128 19 19 Disabled 22 128 19 19 Disabled 8 128 19 19 Disabled 23 128 19 19 Disabled 9 128 19 19 Disabled 24 128 19 19 Disabled
127. rt characteristics related to link operations All of the parameters on this page are toggle settings To change or toggle between options hit Ctrl M to move the curser to the ports field and simply strike the space bar when the appropriate option is highlighted To modify ports 17 to 26 you must tab through ports 1 to 16 The comments field is available for you to enter a description of the port 48 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Unit il Set up gt Port Configuration Port Name Link On Off State Rate Duplex Flow Ctrl 1 Not Defined Down On Blocking Auto Auto 2 Not Defined Down On Blocking Auto Auto 3 Not Defined Down On Blocking Auto Auto A Not Defined Down On Blocking Auto Auto 5 Not Defined Down On Blocking Auto Auto 6 Not Defined Down On Blocking Auto Auto 7 Not Defined Down On Blocking Auto Auto 8 Not Defined Down On Blocking Auto Auto 9 Not Defined Down On Blocking Auto Auto 10 Not Defined Down On Blocking Auto Auto 11 Not Defined Down On Blocking Auto Auto 12 Not Defined Down On Blocking Auto Auto 13 Not Defined Down On Blocking Auto Auto 14 Not Defined Down On Blocking Auto Auto 15 Not Defined Down On Blocking Auto Auto 16 Not Defined Down On Blocking Auto Auto Figure 4 12 Port Configuration Admin field Allows you to Enable or Disable the port Stat
128. runk ports must have aulo negotiation turned off Trunks must use crossover cables Apply Reload To permanently save the configuration into non volatile memory click Apply on this page followed by Tools gt Save Configuration from the side nawgation Figure 5 26 Port Trunking Web Based Management Interface 5 25 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Port Trunking is a feature that allows multiple links between switches to work as one virtual link aggregate link Trunks can be defined for similar port types only For example a 10 100 port cannot form a Port Trunk with a gigabit port For 10 100 ports trunks can only be formed within the same bank A bank is a group of 8 10 100 ports or 2 gigabit ports for example ports 1 to 8 ports 9 to 16 ports 17 to 24 or port 25 and port 26 on the same switch unit Up to four trunks can be enabled at the same time To set up a trunk click on the ports that will participate in the trunk Spanning Tree will treat trunked ports as a single virtual port Note You must use straight though cables for all links in the trunk Do not use crossover cables Also you must disable auto negotiation on the ports in a trunk prior to setting up the trunk Advanced gt Virtual Cable Tester The virtual cable tester feature lets you test the continuity of the GBIOC cable circuit Advanced gt Virtual Cable Tester Virtual Cable Tester function basically detec
129. s Guide for Software v2 1 Advanced gt Disable Advanced Alerting Advanced gt Disable Advanced Alerting Press this button to disable all initially alerting messages of advanced functions Disable e A Ee DN O d E T Bn J d e d Figure 5 22 Advanced gt Disable Advanced Alerting To prevent accidental use warnings appear when an advanced feature is selected This screen allows experienced users to bypass these warnings during a browser session The warnings will be re activated at the next browser session in case another less experienced user 1s accessing the switch Advanced gt 802 1x Port Based Authentication This menu option allows you to configure the 802 1x security settings of the switch to require RADIUS authorization to access ports on the switch 5 22 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt Advanced Security gt Port Based Authentication RADIUS Server IP Address 192 168 0 1 RADIUS Shared Secret 802 1x Port Based Authentication Setting Port Based Authentication setting enables you to authenticate each port before making available any services offered by the switch After authentication is successful normal traffic can pass through the port Default setting is Force Authorized disabled 602 1 function User can also choose Force Unauthorized deny client to access network or Auto Detected R
130. seeeeeeeees 3 29 Chapter 5 Web Based Management Interface Web Based Management Overview DEEN 4 2 elt ei te EE 4 3 ie tee 4 4 IV Contents SM 10004 02 Status gt Switch SialistitS ac icciccsisccacrhicswccnnadasnsasondenivesanddneeuesesndssvertendeniaceiuckiooneneeadiey 4 5 eG aiT EEA RTEA 4 7 ee ENO lr EE 4 8 SEELEN FONS eebe 4 9 Status gt Reset Statistics ccssciececasncsaccveraadeicionssnnnudenesmrendedeoiausendentanseedavabaneeeveesdesseees 4 10 Fe EE 4 10 Status gt MAC Address Table ccccccccssccceeeceeeeeeceececaeeceecegeeceeesaeesuessaesegeeees 4 11 SOE R err A A E EEA A 4 12 EE SS ION aseradrciaadenatienasinesdvcsid eosdioercsarnaetineweenieriaet 4 12 OUD ie bosses deed 4 13 sorup FON UU REY attert 4 14 NEE eenegen 4 15 ENEE eege 4 16 EES SEENEN 4 16 Tools gt Restore Factory Defaults asic tice ere 4 17 WS Devica Kesal eegener eege EE 4 18 eg EE 4 18 Advanced OPIONS edd eins 4 19 Advanced gt Disable Advanced Alerting NENNEN 4 22 Advanced gt 802 1x Port Based Authentication cccccccceeccseeeseeeseeeceeeeaeeeseeees 4 22 Advanced gt Advanced Security ccccccccccsseccseecseeceeeceeeceueceaseseeeseeeeeeeseeesseesagess 4 24 PR A ein t e ele BEE 4 25 Per ed PTUs E 4 25 Advanced gt Virtual Cable Tester A 4 26 e E Advanced TN EE 4 27 Advanced gt Advanced Tools gt Software Upgrade ccccecceeceeeeeeeeeeeeeeeeeees 4 27 Advanced Advanced Tools gt Configu
131. sion RA Boot ROM Version 1 2 2495 Software Version 1 0 4 2505 Next Boot from Last Saved TFTP Server IP Address 0 0 0 0 TFTP Path Filename IP Filtering is Disabled Trunking The show trunking command displays the trunking state of the switch The FSM726 is capable of forming four trunks so shown in the display are the ports that belongs to each trunk Syntax FSM726 show trunking An example of the display output is shown below 6 10 SM 10004 02 Command Line Interface 700 Series Managed Switch User s Guide for Software v2 1 Trunk Id Ports l Fa1 9 Fa1 10 2 Fal 1 Fal 2 3 Fal 17 Fal 18 4 VLAN The show VLAN command displays VLAN configuration and status of the switch Brief The show vlan brief command displays a quick summary of each VLAN configured Syntax FSM726 show vlan brief An example of the display output is shown below VLAN Name Status Ports 1 Netgear active Untagged Fal 4 Fal 5 Fal 7 Fal 11 Fal 12 Fal 13 Fal 14 Fal 15 Fal 19 Fal 20 Fal 21 Fal 22 Fal 23 3 Company active Tagged Gil 25 Gil 26 VLAN The show vlan command displays information on membership of individual VLANs Syntax FSM726 show vlan cr VLAN index Where lt cr gt a carriage return The command show vlan lists the VLANs configured on the switch Command Line Interface 6 11 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 lt VLAN index gt The VLAN ID Adding
132. t levels of service priority Higher priority traffic gets faster treatment during times of switch congestion Priority can be based on VLAN tags ports or Differentiated Service Code Points DSCP e Broadcast Control The user can configure the threshold for the maximum broadcast packets per port e VLANs A Virtual Local Area Network VLAN is a means to electronically separate ports on the same switch from a single broadcast domain into separate broadcast domains By using VLAN users can group by logical function instead of physical location There are 64 VLAN supported on this switch e Spanning Tree Protocol STP ensures that only one path at a time is active between any two network nodes There are maybe more than two physical path between any two nodes for redundant paths STP ensures only one physical path is active and the others are blocked STP will prevent an inadvertent loop in a network which can disable your network due to a Broadcast storm the result of a broadcast message traveling through the loop again and again e MAC MAC address table This menu allows you to set the aging time as well as entering static MAC addresses to the switch e Multimedia Support IGMP The Internet Group Management Protocol IGMP is an Internet protocol that provides a way for network devices to report multicast group membership to adjacent routers Web Based Management Interface 5 21 SM 10004 02 700 Series Managed Switch User
133. t one type of statistic for any combination of ports In the case of the Error Statistics Graph the chart will present data across time so that fluctuations in time can be easily seen All charts have a maximum ceiling of more than 2 1 billion 2 147 483 647 You can see the value of each bar or line in the chart by clicking on the bar The following will outline the settings for each type of graph e Statistics The type of system errors to be monitored e Refresh Rate The time interval between automatic refreshes 5 10 15 30 seconds e Port Selection The port for data to be monitored When all of the variables are set click Draw 5 8 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Status gt Most Active Ports Status gt Most Active Ports This page allows you to view the top 10 busiest ports for transmitting and receiving It is especially useful to identify high bandwidth users or to find potential bottlenecks There are 4 separate colors in the utilization bar to indicate four different types of packets Refresh Rate 5 Seconds v Receiving Transmitting Co 3 RH WS a Be guau o MB Unicast BE Non Unicast WM Eror Drops Figure 5 7 Error Statistics This page allows you to view the transmission and reception utilization of top 10 ports It is especially useful when you want to see the potential bottlenecks in the switch A bottleneck is a port with egress t
134. t up gateway please refer to the page Set up gt IP Configuration a Tools HE Security FI Advanced System Description FSM726 Managed Switch System Name Switch 2 System Contact jack System Location Wiring Closet 2 Current Local Time 5 26 29 PM System Uptime 0 Day Ohr 2 min 59 sec MAC Address 00 09 5b 35 b0 07 IP Address 169 254 224 1 Subnet Mask 255 255 0 0 Default Gateway 169 254 224 5 Figure 5 2 System information page This welcome page displays system information such as e System Description e System Name e System Contact e System Location e Current Local Time according to your computer e System Uptime e MAC Address e IP Address e Subnet Mask e Default Gateway e Software Version e System OID used for production testing Web Based Management Interface 5 3 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 These parameters are not editable from this screen Some of these can be modified in the Set Up gt System Configuration page or the Set Up gt IP Configuration page Status Menus The Status page contains 5 menus Navigation oon SYSTEM CH Status ww Switch Statistics Port Statistics Error Statistics Most Active Ports en Reset Statistics oom Port Settings MAC Address Table HL Security H Advanced Figure 5 3 Status Menu navigation e Switch Statistics e Port Statistics e Error Statistics e Most Active Ports
135. tbound Non unicast Packet Rate Transmitted non unicast packet per second e Outbound Discard Rate Transmitted and is discarded packet per second e Outbound Error Rate Transmitted error packet per second e Ethernet Undersize Packet Rate Less than 64byte length packet per second e Ethernet Oversize Packet Rate More than 1518byte length packet per second e Inbound Octets Received bytes e Inbound Unicast Packets Received unicast packet e Inbound Non unicast Packets Received non unicast packet e Inbound Discards Received and is being discarded packet e Inbound Errors Received and is a error packet e Outbound Octets Transmitted byte e Outbound Unicast Packets Transmitted unicast packet e Outbound Non unicast Packets Transmitted non unicast packet e Outbound Discards Transmitted and is being discarded packet e Outbound Errors Transmitted and is an Error packet e Ethernet Undersize Packets Less than 64byte length packet e Ethernet Oversize Packets more than 1518 byte length packet 5 6 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Status gt Port Statistics Stack Unit Port 22 Purple Add Remova Stack Unit 1 Porn 1 gt Green Stack Unit 1 Port 23 gt Blue Stack Unit 1 Porn 22 gt Red DOG T 2500000 D B Port 11 Sr 1 22 EEn Figure 5 5 Port Statistics The Port Statistics Chart shows all the statistic types
136. terface 4 29 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 430 2 Administration Console Telnet Interface SM 10004 02 Chapter 5 Web Based Management Interface Your NETGEAR 700 Series Managed Switch provides a built in browser interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft Internet Explorer 5 0 or later or Netscape Navigator 6 0 or later This interface also allows for system monitoring and management of the switch The help page will cover many of the basic functions and features of the switch and it s web interface When you configure the switch for the first time from the console you can assign an IP address and subnet mask to the switch Thereafter you can access the switch s Web interface directly using your Web browser by entering the switch s IP address into the address bar In this way you can use your Web browser to manage the switch from a central location just as if you were directly connected to the switch s console port Figure 4 1 shows this management method NETGEAR FSM Stackable Switch PC UNIX Workstation Macintosh Terminal Figure 5 1 Web Management Method Web Based Management Interface 5 1 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Web Based Management Overview The 6 menu options available are System Status Set up Tools Security and Advanced There is a help me
137. ti Cost is the path cost estimated according to the current speed or speed setting if no link of a port while Cost refers to the current cost setting of the indicated port click Accept All if you want to apply the estimates into your cost settings Stack Unit 1 Fast Link Enable All Disable All Port Priority ES Cost FastLink Por Priority Cost Fast Link 123 100 fig Disabled 14 128 19 fis Disabled 128 19 fig Disabled 14 128 19 fig Disabled 128 19 fig Disabled 7 16 128 19 fig Disabled 120 19 fig Disabled 17 126 19 fig Disabled Figure 5 35 Figure 4 26 Spanning Tree Port Settings DA de U N _ For the Port Settings options you can specify Spanning Tree port priority cost and Fastlink parameters for each port 5 34 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Table 5 1 STP Port Setting Parameters PARAMETERS RANGE DESCRIPTION Prty Priority 0 255 STP uses this to determine which path which port to use for forwarding The port with the lowest number has the highest priority Cost 1 65535 The switch uses this to determine which port is the forwarding port when the priority is equal All other factors equal the path with the lowest cost to the root bridge will be the active path The estimated path cost is the industry standard for the port speed The default path cost is the maximum speed for the port
138. tiation A feature that allows twisted pair ports to advertise their capabilities for speed duplex and flow control When connected to a port that also supports auto negotiation the link can automatically configure itself to the optimum setup Auto Uplink Auto Uplink technology also called MDI MDIX eliminates the need to worry about crossover vs straight through Ethernet cables Auto Uplink will accommodate either type of cable to make the right connection Backbone The part of a network used as a primary path for transporting traffic between network segments Bandwidth The information capacity measured in bits per second that a channel could transmit Bandwidth examples include 10 Mbps for Ethernet 100 Mbps for Fast Ethernet and 1000 Mbps I Gbps for Gigabit Ethernet Baud The signaling rate of a line that is the number of transitions voltage or frequency changes made per second Also known as line speed Broadcast A packet sent to all devices on a network Broadcast storm Multiple simultaneous broadcasts that typically absorb all the available network bandwidth and can cause a network to fail Broadcast storms can be due to faulty network devices or network loops CA A Certificate Authority is a trusted third party organization or company that issues digital certificates used to create digital signatures and public private key pairs Cat 5 Category 5 unshielded twisted pair UTP cabling An Ethernet network ope
139. trol Syntax FSM726 config multimedia hpo No Please see section V area C item10 for detailed operation of the no command SNMP Server SNMP Simple Network Management Protocol enables you to manage the switch through the use of a network management station running an SNMP server Items such as trap settings community and hosts are configured through the snmp server command Command Line Interface 6 21 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Community You can create up to eight different community strings with combinations of privileges These community strings need to be set prior to setting host access as the host table depends on the existence of community strings Syntax FSM726 config snmp server community lt name gt ro rw wo trap Where lt name gt the name of the community ro rw wo trap the privilege associated with this community ro read only rw read write access wo read only trap trap allowed Contact You can use the contact command to specify contact information for the switch Syntax FSM726 config snmp server contact lt contact info gt Where lt contact info gt the contact information associated with this switch Location You can use the location command to describe the location of the switch Syntax FSM726 config snmp server location lt location info gt Where lt location info gt the location of this switch
140. trol A congestion control mechanism Congestion is caused by devices sending traffic to already overloaded port on a switch Flow control prevents packet loss and temporarily inhibits devices from generating more traffic until the period of congestion ends Full duplex A system that allows packets to be transmitted and received at the same time and in effect doubles the potential throughput of a link Gateway A local device usually a router that connects hosts on a local network to other networks Gigabit Ethernet An Ethernet system that is designed to operate at 1000 Mbps 1 Gbps Half duplex A system that allows packets to transmitted and received but not at the same time Contrast with full duplex IEEE Institute of Electrical and Electronics Engineers This American organization was founded in 1963 and sets standards for computers and communications IETF Internet Engineering Task Force An organization responsible for providing engineering solutions for TCP IP networks In the network management area this group is responsible for the development of the SNMP protocol IGMP Internet Group Management Protocol the standard for IP multicasting in the Internet IGMP is used to establish host memberships in multicast groups on a single network See IP multicast IP Internet Protocol is the main internetworking protocol used in the Internet Used in conjunction with the Transfer Control Protocol TCP to form TCP IP IP A
141. ts and reports potential CAT5 cabling issues such as cable opens cable shorts or any impedance mismatch in the cable and accurately report within one meter the distance of the fault Since this function only supports gigabit ports twisted pairs cable port selection only shows those gigabit combo ports which are selected as Built In 10 100 000BASE T in GBIC page When the test is under processing the testing port will disable traffic passing temporarily Port Pot9GT e TEST Pair 1 2 Pair 3 6 Pair 4 5 Pair 7 8 Figure 5 27 Virtual Cable Tester The results are reported for the selected port The test can take up to one minute Note Only the console menu will let you run the virtual cable tester on any port Other management interfaces require port access and therefore cannot reliably test the cable continuity of the port they are using to access the switch 5 26 Web Based Management Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt Advanced Tools Use the advanced tools menu to upgrade the software for the switch through a variety of options using the TFTP protocol and to customize the configuration file of the switch These are tasks that require advanced expertise Advanced gt Advanced Tools gt Software Upgrade Advanced gt Advanced Tools gt Software Upgrade Hardware Version RA Firmware Yersion 1 2 2495 Software Versi
142. ts as described below If an untagged packet enters Port 4 the switch will tag it with a VLAN tag value of 1 Since Port 4 does not have membership with VLAN ID 1 default the packet will be dropped If a tagged packet with a VLAN tag value 5 enters Port 4 the packet will have access to Ports 5 and 1 If the packet leaves Port 5 and or 1 it will be stripped of its tag becoming an untagged packet as it leaves the switch If an untagged packet enters Port 1 the switch will tag it with a VLAN tag value of 2 It will then be dropped since Port 1 has no membership with VLAN ID 2 If a tagged packet with a VLAN tag value 10 enters Port 9 it will have access to Ports 1 10 11 and 12 If the packets leave Ports 1 or 10 they will be tagged with a VLAN ID value of 10 If the packet leaves Ports 11 or 12 it will leave as an untagged packet If a tagged packet with a VLAN tag value 1 enters Port 9 it will be dropped since Port 9 does not have membership with VLAN ID 1 Virtual Local Area Network A 3 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 A 4 SM 10004 02 Virtual Local Area Network Appendix B Cabling Guidelines This appendix provides specifications for cables used with a NETGEAR 700 Series Managed Switch Fast Ethernet Cable Guidelines Fast Ethernet uses UTP cable as specified in the IEEE 802 3u standard for 1 OOBASE TX The specification requires Category 5 UTP cable consisting of either two pa
143. ts s Port Packets s Port Packets s Port Packets s d 1488100 2 1488100 d 1488100 A 1488100 a 1488100 6 1488100 F 1488100 8 1488100 9 1488100 10 1488100 EL 1488100 12 1488100 Ri 1488100 14 1488100 15 1488100 16 1488100 Lt 1488100 18 1488100 19 1488100 20 1488100 21 1488100 22 1488100 23 1488100 24 1488100 29G6GT 1488100 26GT 1488100 Figure 4 26 Broadcast Control Main Menu gt Advanced gt VLANS A Virtual Local Area Network VLAN is a means to electronically separate ports on the same switch from a single broadcast domain into separate broadcast domains Advanced gt VLANS a VLAN Admin b VLAN Membership c VLAN Ports Figure 4 27 VLANS By using VLAN users can group by logical function instead of physical location This switch supports up to 64 VLANs This switch supports static port based VLANs The VLAN Setup options are as follows Main Menu gt Advanced gt VLANS gt VLAN Admin Up to 64 VLANs with unique ID numbers and names can be added VLAN ID numbers must be in the range of 1 4094 Per industry standard the default VLAN has an ID of 1 4 20 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt VLANS gt VLAN Administration ID Name ID Name ID Name ID Name MM Default 434 YZ Inc 1123 ABC Corporat 2034 Netgear Figure 4 28 VLAN Administration To add a VLAN enter a unique numeric VLAN ID and then enter a unique VLAN name To r
144. uide for Software v2 1 Security Telnet Access is MMS EN Web Access is Enabled Password Protection is Disabled User Name admin New Password Verify Password Figure 4 15 Security Note Using telnet you can only enable disable the web interface You cannot enable disable the telnet interface If you forget your password contact NETGEAR technical support at 1 888 NETGEAR in North America Main Menu gt Advanced The Advanced page allows professional users to operate more complicated features of the device which include VLAN Spanning Tree Port Trunking Multimedia support IGMP traffic prioritization SNMP and port mirroring These features are powerful and can degrade or disable a network if improperly used The eleven sub menus are introduced below Advanced Security The user can configure the security settings of the switch by choosing either to use basic password or RADIUS server to authenticate the user attempting to configure the switch In addition the user can also set up IP filtering to allow only approved users on the network to configure the switch Port Based Authentication The user can configure the ports of the switch for authentication through a RADIUS server to authenticate the user attempting to connect to the network through a port on the switch Port Mirroring Users can designate a port for monitoring traffic from one or more other ports or of a single VLAN configured on the switch The switch mo
145. upplicant 1 e client device attempting to connect with an authenticator 1 e 802 11 access point The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point The access point blocks all other traffic such as HTTP DHCP and POP3 packets until the access point can verify the client s identity using an authentication server e g RADIUS Once authenticated the access point opens the client s port for other types of traffic The basic 802 1x protocol provides effective authentication and can offering dynamic key management using 802 1x as a delivery mechanism If configured to implement dynamic key exchange the 802 1x authentication server can return session keys to the access point along with the accept message The access point uses the session keys to build sign and encrypt an EAP key message that is sent to the client immediately after sending the success message The client can then use contents of the key message to define applicable encryption keys In typical 802 1x implementations the client can automatically change encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough time to crack the key in current use It s important to note that 802 1x doesn t provide the actual authentication mechanisms When using 802 1x you need to choose an EAP type such as Transport Layer Security EAP TLS or
146. ure that the fiber cable is crossed over to guarantee link Table F 1 lists the electrical requirements of Category 5 UTP cable B 2 Cabling Guidelines SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Table B 1 Electrical Requirements of Category 5 Cable at 4 MHz 8 2 Maximum attenuation dB per 100 m at 20 C at 31 MHz 11 7 at 100 MHz 22 0 NEXT loss dB minimum at 16 MHz 44 at 31 MHz 39 at 100 MHz 32 Twisted Pair Cables For two devices to communicate the transmitter of each device must be connected to the receiver of the other device The crossover function is usually implemented internally as part of the circuitry in the device Computers and workstation adapter cards are usually media dependent interface ports called MDI or uplink ports Most repeaters and switch ports are configured as media dependent interfaces with built in crossover ports called MDI X or normal ports Auto Uplink technology automatically senses which connection MDI or MDI X is needed and makes the right connection Figure B 1 illustrates straight through twisted pair cable Key A UPLINK OR MDI PORT as on a PC B Normal or MDI X port as on a hub or switch 1 2 3 6 Pin numbers Figure B 1 Straight Through Twisted Pair Cable Cabling Guidelines B 3 SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Figure B 2 illustrates crossover twisted pair cable Key B Norm
147. uttons display the topic that precedes or follows the current topic The PDF button links to a PDF version of the full manual The E mail button enables you to send feedback by e mail to Netgear support The Print button prints the currently displayed topic Using this button when a step by step procedure is displayed will send the entire procedure to your printer you do not have to worry about specifying the correct range of pages The Bookmark button bookmarks the currently displayed page in your browser 3 Right pane Use the right pane to view the contents of the manual Also each page of the manual includes a PDF of This Chapter link at the top right which links to a PDF file containing just the currently selected chapter of the manual About This Guide SM 10004 02 Chapter 2 Switch Management Overview This chapter gives an overview of switch management including the methods you can use to manage your NETGEAR 700 Series Managed Switch Topics include e Management Access Overview e SNMP Access e Protocols Management Access Overview Your NETGEAR 700 Series Managed Switch gives you the flexibility to access and manage the switch using any or all of the following methods e An administration console e Web browser interface e External Simple Network Management Protocol SNMP based network management application The administration console and Web browser interface support are embedded in the switch s firmware an
148. vanced gt Multimedia Support gt Enable Disable IGMP Advanced gt Multimedia Support gt Enable Disable IGHP IGHP is REI Figure 4 36 Multimedia Support e Enable The system will detect IGMP queries report packets and manage IP multicast traffic through the switch e Disable The switch will forward traffic and disregard any IGMP requests Main Menu gt Advanced gt Multimedia Support gt Static Multicast Administration Use this menu to configure permanently reachable multicast groups 4 26 2 Administration Console Telnet Interface SM 10004 02 700 Series Managed Switch User s Guide for Software v2 1 Advanced gt Multimedia Support gt Static Multicast Admin MAC Address MAC Address MAC Address are Enter a MAC Address 01 00 5e xx xx xx lt ESC gt Back lt Tab gt Move Cursor lt Ctrl X gt Delete lt Ctrl L gt Refresh lt Ctrl W gt Save Figure 4 37 Static Multicast Administration The Static Multicast Administration menu lets you create individual groups by entering MAC addresses for your static multicast group The membership of each group is configured in the Static Multicast Membership menu Main Menu gt Advanced gt Multimedia Support gt Static Multicast Membership Once the static multicast groups are defined in the Static Multicast Administration menu you can use this menu to specify the membership of each group by specifying the ports that belong to each group Advanced gt Multimedia Su
Download Pdf Manuals
Related Search