GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Soft ware Administration M anual 350 East Plumeria Drive San Jose, CA 95134 USA March 2013 202-11137-02 v1.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Support Thank you for selecting NETGEAR products. After installing your device, locate the serial number on the label of your product and use it to register your product at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR recommends registering your product through the NETGEAR website. For product updates and web support, visit http://support.netgear.com.
Contents Chapter 1 Getting Started Getting Started with the NETGEAR Switch . . . . . . . . . . . . . . . . . . . . . . . . . 9 Switch Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Connect the Switch to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Discover a Switch in a Network with a DHCP Server . . . . . . . . . . . . . . . . 12 Switch Discovery in a Network Without a DHCP Server . . . . . . . . . . . . . .
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches DHCP Snooping Global Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 67 DHCP Snooping Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . 68 DHCP Snooping Binding Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 70 DHCP Snooping Persistent Configuration . . . . . . . . . . . . . . . . . . . . . . . 71 Chapter 3 Configuring Switching Information Ports . . . . . . . . . . . . . . . . . . . . . . . . .
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure and View Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130 Configure ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 ARP Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 ARP Entry Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134 Global ARP Configuration. . . . . . . . . . .
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches MAC Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 MAC Binding Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 MAC Binding Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 IP ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 IP Rules . . . . . . . . . . . . . . . . . .
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Appendix A Hardware Specifications and Default Values Switch Features and Defaults. . . . . . . . . . . . . . . . . . . . . .
1. 1 Getting Started This manual describes how to configure and operate the GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches by using the web-based graphical user interface (GUI). This manual describes the software configuration procedures and explains the options available within those procedures. These switches are referred to as the NETGEAR switch throughout this document.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Getting Started with the NETGEAR Switch This chapter provides an overview of starting your NETGEAR switch and accessing the user interface. It also describes some actions that can be performed in the Smart Control Center (SCC) application, which can be downloaded to your computer. This guide does not document the SCC application. Full documentation for SCC is found at http://docs.netgear.com/scc/enu/202-10685-01/index.htm.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Switch Management Interface The NETGEAR switch contains an embedded web server and management software for managing and monitoring switch functions. The switch functions as a simple switch without the management software. However, you can use the management software to configure more advanced features that can improve switch efficiency and overall network performance.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Connect the Switch to the Network To enable remote management of the switch through a web browser or SNMP, you must connect the switch to the network and configure it with network information (an IP address, subnet mask, and default gateway). The switch has a default IP address of 192.168.1.1 and a default subnet mask of 255.255.255.0.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Discover a Switch in a Network with a DHCP Server This section describes how to set up your switch in a network that has a DHCP server. The DHCP client on the switch is enabled by default. When you connect it to your network, the DHCP server automatically assigns an IP address to your switch. To discover the IP address automatically assigned to the switch, use the Smart Control Center.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 7. Select your switch by clicking the line that displays the switch, then click the Web Browser Access button. The Smart Control Center displays a login window. To manage your switch, use your web browser. The default password is password. Use this screen to manage your switch. For more information, see Access the Management Interface from the Web on page 17.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Switch Discovery in a Network Without a DHCP Server This section describes how to use the Smart Control Center to set up your switch in a network without a DHCP server. If your network has no DHCP service, you must assign a static IP address to your switch. You can assign it a static IP address, even if your network has DHCP service. To assign a static IP address: 1. Connect the switch to your existing network. 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 7. Select the Disabled radio button to disable DHCP. 8. Enter the static switch IP address, gateway IP address, and subnet mask for the switch and type your password. Tip: You must enter the current password every time you use the Smart Control Center to update the switch setting. The default password is password. 9. Click APPLY to configure the switch with the network settings. Ensure that your computer and the switch are in the same subnet.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches WARNING: When you change the IP address of your administrative system, connection to the rest of the network is lost. Be sure to write down your current network address settings before you change them. To modify the network settings on your administrative system: 1. On your computer, access the Windows operating system TCP/IP Properties screen. 2. Set the IP address of the administrative system to an address in the 192.168.0.0 network, such as 192.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Access the Management Interface from the Web To access the switch management interface, use one of the following methods: • From the Smart Control Center, select the switch and click Web Browser Access. For more information, see the documentation for this application at http://docs.netgear.com/scc/enu/202-10685-01/index.htm. • Open a web browser and enter the IP address of the switch in the address field.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. After the system authenticates you, the System Information screen displays. Navigation tab Logout button Help link Configuration menus Help screen Configuration status and options Screen menu Figure 1. Configuration Status and Options Navigation Tabs, Configuration Menus, and Screen Menu The navigation tabs along the top of the web interface give you quick access to the various switch functions.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Some items in the menu expand to reveal multiple submenu links, as shown in the following: Link Submenu Links When you click a menu item that includes multiple configuration screens, the item becomes preceded by a down arrow symbol and expands to display the additional submenu links.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The Device View is available by selecting System Device View. Depending upon the status of the port, the LED of the port status lights. Green indicates that the port is enabled. Red indicates that an error occurred on the port and the link is disabled. The LED of the port speed light in either green or yellow. • A green LED indicates operational ports at the link speed of 1000 Mbps.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following image shows the device view of the NETGEAR switch. Figure 2. Ports and LEDs on the Switching Devices Click the port you want to view or configure to see a menu that displays statistics and configuration options. Click the menu option to access the screen that contains the configuration or monitoring options. Figure 3.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches If you right-click the graphic, the main menu displays. Figure 4. Device View Drop Down Menus Help Screen Access Every screen contains a link to the online help , which contains information to help configure and manage the switch. The online help screens are context-sensitive. For example, if the IP Addressing screen is open, the help topic for that screen displays if you click Help.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches object for interface configuration is in -SWITCHING-MIB, which is a private MIB. Some interface configurations also involve objects in the public MIB, IF-MIB. SNMP is enabled by default. The System Information web screen, which displays after a successful login, displays the information you need to configure an SNMP manager to access the switch. Any user can connect to the switch using the SNMPv3 protocol.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Interface Naming Convention The switch supports physical and logical interfaces. Interfaces are identified by their type and the interface number. The switches support the following ports: • GS752TP. Ports 1–48 are 10/100/1000M AutoSensing Gigabit ports, and ports 49–52 are 100/1000M SFP ports. The first 8 ports are PoE+ providing 30W of DC power, and the remaining copper ports are PoE (Power over Environment) providing 15.4W of DC power. • GS728TP.
2. Configuring System Information 2 Use the features in the System tab to define the switch’s relationship to its environment.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Management This section describes how to display the switch status and specify some basic switch information, such as the management interface IP address, system clock settings, and DNS information.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • System Location. Enter the location of this switch. You can use up to 160 alphanumeric characters. The factory default is blank. • System Contact. Enter the contact person for this switch. You can use up to 160 alphanumeric characters. The factory default is blank. 3. Click APPLY to apply the changes to the system. Table 3 describes the status information displayed in the System screen. Table 3.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure the network information for the management interface: 1. Select System Management IP Configuration. The following screen displays: 2. Select the appropriate radio button to determine how to configure the network information for the switch management interface: • Dynamic IP Address (DHCP). Specifies that the switch must obtain the IP address through a DHCP server. • Dynamic IP Address (BOOTP).
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches When the management VLAN is set to a different value, an IP connection can be made only through a port that is part of the management VLAN. It is also mandatory that the port VLAN ID (PVID) of the port to be connected in that management VLAN be the same as the management VLAN ID. Note: Make sure that the PVID of at least one port that is a port of the VLAN is the same as the management VLAN ID.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure the global settings for an IPv6 Interface: 1. Select System Management IPv6 Network Configuration. The following screen displays: 2. In the Global Configuration Section, configure the following: • Admin Mode. Enable or disable the IPv6 network interface on the switch. The default value is Enable. • IPv6 Address Auto Configuration Mode.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches IPv6 Network Neighbors To view the IPv6 Network Interface Neighbors: Select System Management IPv6 Network Neighbors. The following screen displays: Properties of each neighbor are displayed, as described below: • IPv6 Address. Specifies the IPv6 address of the neighbor interface. • MAC Address. Specifies the MAC address associated with the neighbor interface. • IsRtr. Indicates whether the neighbor is a router.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Time The switch software supports the Simple Network Time Protocol (SNTP). You can also set the system time manually SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The software operates only as an SNTP client and cannot provide time services to other systems. Time sources are established by stratums. Stratums define the accuracy of the reference clock.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure the time by using the CPU clock cycle as the source: 1. Select System Management Time SNTP Global Configuration. The following screen displays: 2. Next to the Clock Source, select Local. 3. In the Date field, enter the date in the DD/MM/YYYY format. 4. In the Time field, enter the time in HH:MM:SS format. Note: If you do not enter a date and time, the switch calculates the date and time using the CPU’s clock cycle.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The SNTP Global Status table on the Time Configuration screen displays information about the system’s SNTP client. Table 4 describes the SNTP Global Status fields. Table 4. SNTP Global Status fields. Field Description Version Specifies the SNTP version the client supports. Supported Mode Specifies the SNTP modes the client supports. Multiple modes might be supported by a client.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure a new SNTP server: 1. Select System Management Time SNTP Server Configuration. The following screen displays: 2. Enter the appropriate SNTP server information in the following fields: • Server Type. Specifies whether the address for the SNTP server is an IP address (IPv4) or host name (DNS). • Address. Enter the IP address or the host name of the SNTP server. • Port.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Table 5. SNTP Server Status Table Fields Field Description Address Specifies all the existing server addresses. If no server configuration exists, a message saying “No SNTP server exists” flashes on the screen. Last Update Time Specifies the local date and time (UTC) of the server response, according to which the system clock was updated.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. In the DNS Default Name field, enter a default DNS name to include in DNS queries. When the system is performing a lookup on an unqualified host name, this field is provided as the domain name. For example, if the default domain name is netgear.com and the host name to resolve is test, test.netgear.com is used in DNS resolution queries. 4.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The Dynamic Host Configuration table shows host name-to-IP address entries that the switch has learned. Table 6 describes the dynamic host fields. Table 6. Dynamic Host Configuration table fields Field Description Host Lists the host name you assign to the specified IP address. Type The type of the dynamic entry. IPv4/IPv6 Address Lists the IP address associated with the host name. Click CLEAR to delete dynamic host entries.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure the Green Ethernet Configuration features: 1. Select System Management Green Ethernet Green Ethernet Configuration. The following screen displays: 2. Enable or disable the Auto Power Down Mode. • Enable. When the port link is down, the PHY automatically goes down for a short period and then wakes up to check link pulses.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Green Ethernet Interface Configuration Using the Green Ethernet Interface Configuration feature allows for proper port configuration and the ability to enable or disable the Auto Power Down, Short Cable, and EEE Modes on specific ports. To configure the Green Ethernet Interface feature: 1. Select System Management Green Ethernet Green Ethernet Interface Configuration. The following screen displays: 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configuration changes take effect immediately. Green Ethernet Detail Use this screen to display or configure Green Ethernet details per interface. To configure the Green Ethernet Detail feature: 1. Select System Management Green Ethernet Green Ethernet Detail. The following screen displays: 2. View or configure the Local Device Information: • Interface. The interface to be displayed or configured. • Energy Detect Admin Mode.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Tw_sys_rx Echo (uSec). Displays the amount of time the Tw_sys_rx Echo has been present on the port. 3. View the Remote Device Information: • Interface. If local interfaces are enabled to receive LLDP data, this feature allows you to select the remote device and retrieve port information. • Remote ID. Displays the remote port identifier. • Remote Tw_sys_tx (uSec). Displays the amount of time the Remote Tw_sys_tx has been present on the port.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Energy Detect Operational Status. Displays the operational status of the Energy Detect mode for each of the local interfaces (Active or Inactive). • Short Reach Admin Mode. Displays the Short Reach Admin Mode for each of the local interfaces (Enable or Disable). • Short Reach Operational Status. Displays the operational status of the Short Reach Admin mode for each of the local interfaces (Active or Inactive). • EEE Admin Mode.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches PoE Configuration To view global PoE power information and to configure PoE SNMP trap settings, use the PoE Configuration screen. To configure PoE trap settings: 1. Select System PoE Basic PoE Configuration. The following screen displays: Note: You can also access the PoE Configuration screen by selecting System > PoE > Advanced > PoE Configuration. 2. Next to Traps, select the appropriate radio button to enable or disable SNMP traps. 3.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Description Threshold Power Indicates a power threshold percentage. In order to give power to an additional port, the consumed power must be below the threshold. Consumed Power Displays the amount of power the system can consume before the system does not provide power to an additional port. PoE Port Configuration Use the PoE Port Configuration screen to configure per-port PoE settings. To assign a timer to the port: 1.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches power level that the PD can actually use is slightly lower. The classes are defined as follows: • 0. 0–15.4W • 1. 0–4W • 2. 0–7W • 3. 0–15.4W • 4. 0–30W • Timer Schedule. Select the timer schedule to use for the port. By default, no timer schedules are configured. To create a timer schedule, use the Timer Global Configuration screen. • Output Voltage. Displays the current voltage being delivered to device in volts. • Output Current.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To create a timer: 1. Select System PoE Advanced Timer Global Configuration. The following screen displays: 2. To add a timer, enter a name in the Timer Schedule Name field, and click ADD. To remove a timer, select the check box associated with the timer and click DELETE. To enable or disable the timer feature, select the appropriate radio button and click APPLY.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure timer settings: 1. Select System PoE Advanced Timer Schedule Configuration. The following screen displays: 2. From the Timer Schedule Name list, select the name of the schedule created on the Timer Global Configuration screen. 3. Specify the time to turn off power. The time range is from 00:00 to 23:59. 4. Specify the day to turn off power by clicking the calendar and selecting the date. 5.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches SNMP From SNMP menu under the System tab, you can configure SNMP settings for SNMP V1/V2 and SNMPv3. SNMP features are described in the following sections: • SNMP V1/V2 • Trap Flags • SNMP Supported MIBs • SNMP v3 User Configuration SNMP V1/V2 The screens you access from the SNMPV1/V2 link allow you to configure SNMP community information, traps, and trap flags. Community Configuration By default, two SNMP Communities exist: • Private.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To add a new SNMP community: 1. Select System SNMP SNMP V1/V2 Community Configuration. The following screen displays: 2. To add a new SNMP community, enter community information in the available fields described below. • Management Station IP. Specify the IP address of the management station.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches all valid Community Names or the set request is rejected. If you select Disable, the Community Name becomes invalid. 3. Click ADD. Configuration changes take effect immediately. Trap Configuration This screen displays an entry for every active Trap Receiver. To configure SNMP trap settings: Select System SNMP SNMP V1/V2 Trap Configuration. The following screen displays: To add a host that receives SNMP traps: 1.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 2. Click APPLY. Configuration changes take effect immediately. Trap Flags Use the Trap Flags screen to enable or disable traps the switch can send to an SNMP manager. When the condition identified by an active trap encounters the switch, a trap message is sent to any enabled SNMP trap receivers, and a message is written to the trap log. To configure the trap flags: 1. Select System SNMP SNMP V1/V2 Trap Flags. The following screen displays: 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches SNMP Supported MIBs The screen allows you to view a list of the supported MIBs. To access the Supported MIBS screen, select System SNMP SNMP V1/V2 Supported MIBS. SNMP v3 User Configuration This is the configuration for SNMP v3. The SNMPv3 Access Mode is a read-only field that shows the access privileges for the user account. The admin account always has read/write access, and all other accounts have read-only access.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure SNMPv3 settings for the user account: 1. Select System SNMP SNMP V3 User Configuration. The following screen displays: 2. Next to Authentication Protocol, select the SNMPv3 Authentication Protocol setting for the selected user account. The valid authentication protocols are None, MD5, or SHA. • None. The user is unable to access the SNMP data from an SNMP browser. • MD5 or SHA.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches LLDP The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations on an 802 LAN to advertise major capabilities and physical descriptions. A network manager views this information to identify system topology and detect bad configurations on the LAN.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches LLDP Configuration Use the LLDP Configuration screen to specify LLDP and LLDP-MED parameters that are applied to the switch. To configure global LLDP settings: 1. Select System > LLDP > Basic > LLDP Configuration. The following screen displays: Note: You can also access the LLDP Configuration screen by selecting System > LLDP > Advanced > LLDP Configuration. 2. Configure the following LLDP settings: • TLV Advertised Interval.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches This occurs when a new endpoint device links with the LLDP-MED network connectivity device. The default value is 3, and the range is from 1–10. 4. Click APPLY. Configuration changes take effect immediately. LLDP Port Settings Use the LLDP Port Settings screen to specify LLDP parameters that are applied to a specific interface. To configure LLDP port settings: 1. Select System LLDP Advanced LLDP Port Settings. The following screen displays: 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Auto Advertise. Advertise the current IP address of the device as the management IP address. • Notification. When notifications are enabled, LLDP interacts with the trap manager to notify subscribers of remote data change statistics. The default is Disabled. • Optional TLVs. Enable or disable the transmission of optional type-length value (TLV) information from the interface.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches has the VLAN ID, priority, DSCP, tagged bit status, and unknown bit status. This information is displayed only if a network policy TLV has been transmitted. • VLAN ID. The VLAN ID associated with the policy. • VLAN Type. Specifies whether the VLAN associated with the policy is tagged or untagged. • User Priority. The priority associated with the policy. • DSCP. The DSCP associated with a particular policy type.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • • • • • Network Policy Location Identification Extended Power via MDI: PSE Extended Power via MDI: PD Inventory 6. Click APPLY to apply the new settings to the system. Configuration changes take effect immediately. Local Information Use the LLDP Local Information screen to view the data that each port advertises through LLDP. To display the LLDP Local Device Information screen: 1. Select System Advanced LLDP Local Information.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Description Port Description Identifies the user-defined description of the port. For information about how to configure the port description, see Ports on page 73. Advertisement Displays the advertisement status of the port. 2. To view more details about a port, click the name of the port in the Interface column of the Port Information table.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Description Auto-Negotiation Supported Specifies whether the interface supports port-speed autonegotiation. Possible values are True and False. Auto-Negotiation Enabled Displays the port speed autonegotiation support status. The possible values are True (enabled) and False (disabled). Auto Negotiation Advertised Displays the port speed autonegotiation capabilities such as 1000BASE-T Capabilities half-duplex mode or 100BASE-TX full-duplex mode.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Neighbors Information Use the LLDP Neighbors Information screen to view the data that a specified interface has received from other LLDP-enabled systems. To display the LLDP Neighbors Information screen: 1. Select System LLDP Advanced Neighbors Information. The following screen displays: The following table describes the information that displays for all LLDP neighbors that have been discovered: Table 9. LLDP neighbors information.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Description Port ID Identifies the physical address of the port on the remote system from which the data was sent. System Name Identifies the system name associated with the remote device. If the field is blank, the name might not be configured on the remote system. 2. To view more information about the remote device, click the link in the MSAP Entry column.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Description Port ID Subtype Identifies the type of data displayed in the remote system’s Port ID field. Port ID Identifies the physical address of the port on the remote system from which the data was sent. Port Description Identifies the user-defined description of the port. System Name Identifies the system name associated with the remote device.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Description Software Revision The software version advertised by the remote device. Serial Number The serial number advertised by the remote device. Model Name The model name advertised by the remote device. Asset ID The asset ID advertised by the remote device. Location Information Civic The physical location, such as the street address, the remote device has advertised in the location TLV, for example, 123 45th St. E.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Services—DHCP Snooping DHCP snooping is a useful feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within your network.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Next to DHCP Snooping Mode, select Enable or Disable to turn the DHCP snooping feature on or off. The factory default is disabled. 3. Next to MAC Address Validation, select Enable or Disable to turn on or off the MAC address validation feature. MAC address validation is enabled by default. 4. Enter the VLAN in the VLAN ID field to enable the DHCP snooping mode. 5.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. In the Go To Interface field, enter the interface name and click the Go button. The entry corresponding to the specified interface is selected. 3. To configure DHCP snooping interface settings, click PORTS, LAGS, or All. 4. Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches DHCP Snooping Binding Configuration To configure DHCP binding settings: 1. Select System Services DHCP Snooping Binding Configuration. The following screen displays: 2. In the Static Binding Configuration section, in the Interface list, select the interface for which to add a binding to the DHCP snooping database. 3. In the MAC Address field, specify the MAC address for the binding to be added.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Table 11. DHCP Snooping Dynamic Binding Configuration fields. Field Description Interface Displays information about the interface to which a binding entry in the DHCP snooping database. MAC Address The MAC address for the binding entry in the binding database. VLAN ID The VLAN for the binding entry in the binding database. The valid range of the VLAN ID is 1–4093. IP Address The IP address for the binding entry in the binding database.
3. Configuring Switching Information 3 Use the features you access from the Switching tab to define Layer 2 features.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Ports The screens you access from the Ports menu allow you to view and monitor the physical port information for the ports available on the switch. From the Ports menu, you can access the features described in the following sections: • Global Configuration • Port Configuration Global Configuration IEEE 802.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 2. Next to Global Flow Control (IEEE 802.3x) Mode, enable or disable IEEE 802.3x flow control on the system. The factory default is Disable. • Enable. The switch sends pause packets if the port buffers become full. • Disable. The switch does not send pause packets if the port buffers become full. 3. View the Jumbo Frames Status. 4. In the Jumbo Frames After Reset list, select Enable or Disable.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches You can select multiple ports and LAGs to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 4. Configure or view the settings: • Description. Enter the description string to be attached to a port. The string can be up to 64 characters in length. • • Port Type. This field is blank for most ports. Otherwise, the possible values are: • Mirrored.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Link Aggregation Groups Link aggregation groups (LAGs), which are also known as port channels, allow you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing. You assign the LAG VLAN membership after you create a LAG. The LAG by default becomes a member of the management VLAN.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure LAG settings: 1. Select Switching LAG Basic LAG Configuration. The following screen displays: 2. Select the check box next to the LAG to configure. You can select multiple LAGs to apply the same settings to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 3. Configure or view the following settings: • Description. Specify the description string to be attached to a LAG.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 4. Click APPLY to send the updated configuration to the switch. Configuration changes take effect immediately. LAG Membership Use the LAG Membership screen to select two or more full-duplex Ethernet links to aggregate together to form a link aggregation group (LAG), which is also known as a port-channel. The switch can treat the port channel as if it were a single link. To create a LAG: 1. Select Switching LAG Basic LAG Membership.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 4. Click the box below each port to include the port in the LAG. The following screen shows an example of how to configure LAG1 with ports g1–g4 as members. 5. Click APPLY to send the updated configuration to the switch. Configuration changes take effect immediately. 6. To view the ports that are members of the selected LAG, click the CURRENT MEMBERS button. LACP Configuration To configure LACP: 1.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. Click APPLY to send the updated configuration to the switch. Configuration changes take effect immediately. LACP Port Configuration To configure LACP port priority settings: 1. Select Switching LAG Advanced LACP Port Configuration. The following screen displays: 2. Select the check box next to the port to configure. You can select multiple ports to apply the same settings to all selected ports.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches VLANs Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast. Like a router, it partitions the network into logical segments, which provides better administration, security, and management of multicast traffic. By default, all ports on the switch are in the same broadcast domain.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure VLANs: 1. Select Switching VLAN Basic VLAN Configuration. The following screen displays: 2. To add a VLAN, configure the VLAN ID, name, and type, and click ADD. You have the following options: • VLAN ID. Specify the VLAN identifier for the new VLAN. You can enter data in this field only when you are creating a VLAN. The range of the VLAN ID is 2–4093. • VLAN Name. Use this optional field to specify a name for the VLAN.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches VLAN Membership Configuration Use this screen to configure VLAN port membership for a particular VLAN. You can select the Group Operation through this screen. To configure VLAN membership: 1. Select Switching VLAN Advanced VLAN Membership. The following screen displays: 2. From the VLAN ID list, select the VLAN to which you want to add ports. 3. Click the orange bar below the VLAN Type field to display the physical ports on the switch. 4.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches In the following screen, ports 6, 7, and 8 are being added as tagged members to VLAN 2. 6. From the Group Operations list, select an identical configuration for all the ports. The possible values are: • Tag All. All frames transmitted for this VLAN are tagged. All the ports are included in the VLAN. • Untag All. All frames transmitted from this VLAN are untagged. All the ports are included in the VLAN. • Remove All.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure PVID information: 1. Select Switching VLAN Advanced Port PVID Configuration. The following screen displays: 2. Select the check box next to the interfaces to configure. You can select multiple interfaces to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. • To configure PVID settings for a physical port, click PORTS.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Disable. All frames are forwarded in accordance with the IEEE 802.1Q VLAN standard. The factory default is Disable. 6. Specify the default 802.1 p priority assigned to untagged packets arriving at the port. Possible values are 0–7. 7. Click APPLY to send the updated configuration to the switch. Configuration changes take effect immediately. Voice VLAN Configure the Voice VLAN settings for ports that carry traffic from IP phones.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Next to Voice VLAN Status, enable or disable voice VLAN on the switch. If the switch does not handle traffic from IP phones, the status must be disabled. 3. From the Voice VLAN ID list, select the voice VLAN ID to use for voice traffic. The default value is 2. 4. In the Class of Service list, select the CoS tag value to be reassigned for packets received on the voice VLAN when Remark CoS is enabled. 5.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Voice VLAN Port Setting To configure Voice VLAN port settings: 1. Select Switching Voice VLAN Advanced Port Setting. The following screen displays: 2. Select the check box next to the port to configure. You can select multiple check boxes to apply the same setting to all selected ports. 3. Go To Interface. Enter the port to be configured and click the GO button. 4.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • 00:12:43. CISCO2 • 00:0F:E2. H3C • 00:60:B9. NITSUKO • 00:D0:1E. PINTEL • 00:E0:75. VERILINK • 00:E0:BB. 3COM • 00:04:0D. AVAYA1 • 00:1B:4F. AVAYA2 You can select an existing OUI or add a new OUI and description to identify the IP phones on the network. To configure OUI settings: 1. Select Switching Voice VLAN Advanced OUI. The following screen displays: 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Auto-VoIP Configuration Auto-VoIP automatically makes sure that time-sensitive voice traffic is given priority over data traffic on ports that have this feature enabled. Auto-VoIP checks for packets carrying the following VoIP protocols: • Session Initiation Protocol (SIP) • H.323 (Prioritize only signaling packets) • Skinny Call Control Protocol (SCCP) All three protocols are checked during the signaling, call identification stage.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 2. To configure Auto-VoIP interface settings for a physical port or a LAG port, click PORT, LAGS, or ALL. 3. Enter the interface name in the Go To Interface field and click the Go button. The entry corresponding to the specified port is selected. 4. Select Enable or Disable from the Auto-VoIP Mode drop-down list, as the Auto-VoIP administrative mode for the interface. 5. Click APPLY to send the updated configuration to the switch.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches STP Configuration The STP Switch Configuration screen contains fields for enabling STP on the switch. To configure STP settings on the switch: 1. Select Switching STP Basic STP Configuration. The following screen displays: 2. Next to Spanning Tree State, specify whether to enable or disable spanning tree operation on the switch. 3. Next to STP Operation Mode, specify the Force Protocol Version parameter for the switch.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The Forward BPDU while STP Disabled field specifies whether spanning tree BPDUs should be forwarded or not while spanning-tree is disabled on the switch. 6. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately. The following table describes the STP Status information displayed on the screen. Table 12. STP Status information. Field Description Bridge Identifier The bridge identifier for the CST.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches CST Configuration To configure Common Spanning Tree (CST) and Internal Spanning Tree on the switch, use the CST Configuration screen. To configure CST settings: 1. Select Switching STP Advanced CST Configuration. The following screen displays: 2. Specify values for CST in the following fields: • Bridge Priority. Specify the bridge priority value for the Common and Internal Spanning Tree (CST).
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Spanning Tree Maximum Hops. Specify the maximum number of bridge hops the information for a particular CST instance can travel before being discarded. The valid range is 1–40. 3. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately. The following table describes the MSTP Status information displayed on the CST Configuration screen: Table 13. MSTP Status Information.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches CST Port Configuration Use the CST Port Configuration screen to configure Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To configure CST port settings: 1. Select Switching STP Advanced CST Port Configuration. The following screen displays: 2. To configure CST settings for an interface, click PORTS, LAGS, or All. 3. Select the check box next to the port or LAG to configure.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Path Cost. Set the Path Cost to a new value for the specified port in the Common and Internal Spanning Tree. The valid range is 1–200000000. • Priority. The priority for a particular port within the CST. The port priority is set in multiples of 16. If you specify a value that is not a multiple of 16, the priority is automatically set to the next lowest priority that is a multiple of 16.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Table 14. CST Status Information. Field Description Interface Select a physical or port channel interface to configure. The port is associated with the VLANs associated with the CST. Port Role Each MST Bridge Port that is enabled is assigned a port role for each spanning tree. The port role can be one of the following values: Root, Designated, Alternate, Backup, Master, or Disabled. Designated Root Root bridge for the CST.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following table describes the Rapid STP Status information displayed on the screen. Table 15. RSTP Status Information. Field Description Interface The physical or port channel interfaces associated with VLANs associated with the CST. Role Each MST bridge port that is enabled is assigned a port role for each spanning tree. The port role can be one of the following values: Root, Designated, Alternate, Backup, Master, or Disabled.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. To add an MST instance, configure the MST values and click Add: • MST ID. Specify the ID of the MST to create. The valid range is 1–15. • Priority. Specify the bridge priority value for the MST. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge. The bridge priority is a multiple of 4096.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following table describes the information displayed on the screen for each configured MST instance. Table 16. MST Instance Information. Field Description Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority and the base MAC address of the bridge. Time Since Topology Change Displays the total amount of time since the topology of the selected MST instance last changed.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches MST Port Configuration Use the MST Port Configuration screen to configure and display Multiple Spanning Tree (MST) settings on a specific port on the switch. To configure MST port settings: 1. Select Switching STP Advanced MST Port Configuration. The following screen displays: Note: If no MST instances have been configured on the switch, the screen displays a “No MSTs Available” message. 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 5. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately. The following table describes the read-only MST port configuration information displayed on the CST Configuration screen. Table 17. MST port configuration information. Field Description Auto-calculated Port Path Cost Displays that the path cost is not automatically calculated (Disabled).
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Multicast Multicast IP traffic is traffic that is destined to a host group. The class D addresses identify the host groups for IPv4 multicast, which range from 224.0.0.0 to 239.255.255.255. The prefix ff00::/8 identifies the host groups for IPv6 multicast.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To view the MFDB Table screen: 1. Select Switching Multicast MFDB MFDB Table. The following screen displays: 2. In the Search by MAC Address field, enter the MAC address whose MFDB table entry you want to display. Enter six 2-digit hexadecimal numbers separated by colons. For example, 01:01:23:43:45:67. 3. Click the GO button. If the address exists, that entry is displayed. An exact match is required.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches MFDB Statistics To access the MFDB Statistics screen, click Switching Multicast MFDB MFDB Statistics. The following screen displays: The MFDB Statistics screen displays the following: • Max MFDB Table Entries. The maximum number of entries that the MFDB table can hold. • Current Entries. The current number of entries in the MFDB table.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure Auto-Video: 1. Select Switching Multicast Auto-Video Configuration. The following screen displays: 2. Globally enable or disable the Auto-Video administrative mode for the switch by selecting Enable or Disable next to the Auto-Video Status radio button. The Auto-Video VLAN field shows the number of auto-configured IGMP snooping VLANs. 3. Click APPLY to send the updated configuration to the switch.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches few nodes. Packets are flooded into network segments where no node has any interest in receiving the packet. While nodes rarely incur any processing overhead to filter packets addressed to unrequested group addresses, they are unable to transmit new packets onto the shared media for the period that the multicast packet is flooded. The problem of wasting bandwidth is even worse when the LAN segment is not shared, for example in full-duplex links.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Enable. Packets with unknown multicast MAC addresses in the destination field are dropped. • Disable. Packets with unknown destination multicast MAC addresses are processed. 4. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately. The following table displays information about the global IGMP snooping status. Table 18. IGMP Snooping Status.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following table describes the fields in the IGMP Snooping Table. Table 19. IGMP Snooping Table. Field Description MAC Address A multicast MAC address for which the switch has forwarding and filtering information. The format is six 2-digit hexadecimal numbers that are separated by colons, for example, 01:00:5e:45:67:89. VLAN ID A VLAN ID for which the switch has forwarding and filtering information.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 2. Select the VLAN ID and configure the IGMP Snooping values: • Fast Leave Admin Mode. Enable or disable the IGMP snooping fast leave mode for the specified VLAN ID. Enabling fast-leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that Multicast group without first sending out MAC-based general queries to the interface.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • IGMP Snooping Querier VLAN Status IGMP Snooping Querier Configuration Use this screen to enable or disable the IGMP Snooping Querier feature, specify the IP address of the router to perform the querying, and configure the related parameters. To configure IGMP Snooping Querier settings: 1. Select Switching Multicast IGMP Snooping Querier Querier Configuration. The following screen displays: 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The Querier Expiry Interval specifies the time interval in seconds after which the last querier information is removed. The Query Expiry Interval is a read-only parameter calculated as: 2 * Query Interval + 5, so by default the value is: 2*60+5 =125. 6. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately. To disable Snooping Querier on a VLAN, select the VLAN ID and click DELETE. IGMP Snooping Querier VLAN Status Use this screen to view the operational state and other information for IGMP snooping queriers for VLANs on the network. To view this screen, select Switching Multicast IGMP Snooping Querier Querier VLAN Status.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Table 20. Querier VLAN Status Fields Field Description VLAN ID Specifies the VLAN ID on which the IGMP snooping querier is administratively enabled and for which VLAN exists in the VLAN database. Operational State Specifies the operational state of the IGMP snooping querier on a VLAN: • Querier. The snooping switch is the querier in the VLAN.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets. To configure MLD snooping: 1. Select Switching Multicast MLD Snooping MLD Snooping Configuration. The following screen displays: 2. Next to MLD Snooping admin mode, enable or disable the administrative mode for MLD Snooping for the switch. The default is disabled.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches MLD VLAN Configuration MLD snooping can be enabled on a per-VLAN basis. It is necessary to keep track of the interfaces that are participating in a VLAN in order to apply or remove configurations. To configure the MLD VLAN: 1. Select Switching Multicast MLD Snooping MLD VLAN Configuration. The following screen displays: 2. In the VLAN ID field, select the VLAN IDs for which MLD snooping is enabled. 3.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches QI = (Group Membership Interval – Maximum Response Time) / 2 8. Click ADD to enable MLD Snooping on the specified VLAN. 9. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately. Multicast Router VLAN Configuration The statically configured router attached (VLAN, interface) is added to the learned multicast router attached interface list if the interface is active and is a member of the VLAN.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configuration changes take place immediately. Static Multicast Address The Static Multicast Address link feature contains features described in the following sections: • Multicast Group Configuration • Multicast Group Membership • Multicast Forward All Multicast Group Configuration The Multicast Group Configuration screen contains fields for creating, deleting, and modifying multicast service groups.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. In the Multicast Address field, enter the multicast group MAC Address associated with the VLAN. • Type. Indicates the VLAN ID status in relation to the multicast group. • Static. Attaches the VLAN ID to the multicast group as static member. • Dynamic. Dynamically joins the VLAN ID to the multicast group. 4. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. Select the check box next to the interfaces to configure. You can select multiple interfaces to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 4. Select the status of the interfaces. The possible values are: • Static. Attaches the interface to the multicast group as a static member. • Forbidden.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches You can select multiple interfaces to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 4. Select the status of the interfaces. The possible values are: • Static. The port receives all multicast streams. • Forbidden. Interfaces cannot receive any multicast streams, even if IGMP/MLD snooping designated the interface to join a multicast group. • Excluded.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To search for an entry in the MAC Address Table: 1. Select Switching Address Table Basic Address Table. The following screen displays: 2. In the Search By field, select whether to search for MAC addresses by MAC address, VLAN ID, or interface. • MAC Address: Select MAC Address and enter a 6-byte hexadecimal MAC address in 2-digit groups separated by colons, then click GO. If the address exists, that entry is displayed.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Description Interface The port where this address was learned: that is, this field displays the port through which the MAC address can be reached. Status The status of this entry. The possible values are: • Static. The entry was added when a static MAC filter was defined. • Learned. The entry was learned by observing the source MAC addresses of incoming traffic, and is currently in use. • Management.
4. 4 Configuring Routing The switch supports IP routing. Use the menus under the Routing tab to manage routing on the system. This chapter contains the following sections: • Configure IP Settings • Configure VLAN Routing • Configure and View Routes • Configure ARP When a packet enters the switch, the destination MAC address is checked to see if it matches any of the configured routing interfaces. If it does, the switch searches the host table for a matching destination IP address.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure IP Settings Use the IP Configuration screen to configure routing parameters for the switch. To access the IP Configuration screen: 1. Select Routing IP > IP Configuration. The following screen displays: Default Time to Live displays the default value inserted into the Time-To-Live field of the IP header of datagrams originated by the switch, if a TTL value is not supplied by the transport layer protocol.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure VLAN Routing You can configure the switch software with some ports supporting VLANs and some supporting routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port. When a port is enabled for bridging (default) rather than routing, all normal bridge processing is performed for an inbound packet, which is then associated with a VLAN.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure VLAN settings: 1. Select Routing VLAN > VLAN Routing Wizard. The following screen displays: 2. In the VLAN ID field specify a VLAN ID. This VLAN identifier (VID) associated with this VLAN is created if it does not exist. The valid range is 1–4093. 3. In the IP Address field, specify the IP address of the VLAN interface. 4. In the Network Mask field, specify the subnet mask of the VLAN interface. 5.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure VLAN Routing Use the VLAN Routing Configuration screen to view information about the VLAN routing interfaces configured on the system or to assign an IP address and subnet mask to VLANs on the system. To configure VLAN routing settings: 1. Select Routing VLAN > VLAN Routing. The following screen displays: 2. In the VLAN list, Select the existing VLAN you want to configure for VLAN Routing.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure and View Routes From the Routing Table screen, you can configure static and default routes and view the routes that the NETGEAR switch has already learned. To configure routes: 1. Select Routing Routing Table. The following screen displays: 2. In the Route Type field, specify whether the route is to be a default route or a static route. When you create a default route, all you need to specify is the next hop IP address. 3.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database. By specifying the preference of a static route, the user controls whether a static route is more or less preferred. The preference also controls whether a static route is more or less preferred than other static routes to the same destination. The preference is an integer value from 1 to 255.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure ARP The Address Resolution Protocol (ARP) associates a Layer 2 MAC address with a Layer 3 IPv4 address. The switch software features both dynamic and manual ARP configuration. With manual ARP configuration, you can statically add entries to the ARP table. ARP is a necessary part of the Internet Protocol (IP) and is used to translate an IP address to a media (MAC) address, defined by a local area network (LAN) such as Ethernet.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches ARP Cache Use the ARP Cache screen to view entries in the ARP table, a table of the remote connections most recently seen by this switch. Select Routing ARP > Basic ARP Cache. The following screen displays: The following ARP cache fields display: • Interface. The routing interface associated with the ARP entry. • IP Address. The associated IP address of a device on a subnet attached to one of the switch's existing routing interfaces.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches ARP Entry Configuration To add a static entry to the ARP table: 1. Select Routing ARP > Advanced ARP Create. The following screen displays: 2. In the IP Address field, specify the IP address that you want to add. It must be the IP address of a device on a subnet attached to one of the switch's existing routing interfaces. 3. In the MAC Address field, specify the unicast MAC address of the device.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Global ARP Configuration Use the Global ARP Configuration screen to display and change the configuration parameters of the ARP table. To configure the global ARP settings: 1. Select Routing ARP > Advanced Global ARP Configuration. The following screen displays: 2. In the Age Time (secs) field, enter the value you want the switch to use for the ARP entry ageout time.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches ARP Entry Management Use this screen to remove entries from the ARP Table. To remove entries from the ARP table: 1. Select Routing ARP > Advanced ARP Entry Management. The following screen displays: 2. In the Remove From Table field, select the ARP entries to remove. The following are ARP entries then can be removed: • All Dynamic Entries. Remove the dynamic entries from the ARP table. • All Static Entries.
5. Configure Quality of Service 5 Use the features you access from the QoS tab to configure Quality of Service (QoS) settings on the switch. The QoS tab contains menus that provide access to the following sections: • Class of Service • Differentiated Services In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Class of Service The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This configuration provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required. The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure global CoS settings: 1. Select QoS CoS Basic CoS Configuration. The following screen displays: 2. From the Global Trust Mode menu, specify whether to trust a particular packet marking at ingress. Global Trust Mode can be only one of the following: • Untrusted. Do not trust any CoS packet marking at ingress. • 802.1p. The eight priority tags that are specified in IEEE 802.1p are p0 to p7.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches CoS Interface Configuration Use the CoS Interface Configuration screen to apply an interface shaping rate to all interfaces or to a specific interface. To configure CoS settings for an interface: 1. Select QoS CoS Advanced CoS Interface Configuration. The following screen displays: 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 5. In the Interface Ingress Rate Limit field, specify the ingress rate allowed. The range is 100–1000000 Kbps. The default value is 0, which means that the maximum is unlimited. 6. Click APPLY to apply the changes to the system. Queue Configuration Use the Queue Configuration screen to define what a particular queue does by configuring switch egress queues.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches divided by the sum of all the configured weights. The sum of the minimum bandwidths for all queues does not have to equal 100. • • Scheduler Type. Select the type of queue processing. Options are Weighted and Strict. Defining on a per-queue basis enables you to create the desired service characteristics for different types of traffic. Four queues can be configured as strict priority or WRR priority.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Traffic classes go from low (0) to high (3). For example, traffic with a priority of 0 is for most data traffic and is sent using best effort. Traffic with a higher priority, such as 3, might be time-sensitive traffic, such as voice or video. 3. Click APPLY to apply the changes to the system. DSCP to Queue Mapping Use the DSCP to Queue Mapping screen to specify which internal traffic class to map to the corresponding DSCP value.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Differentiated Services The QoS feature provides Differentiated Services (DiffServ) support that enables traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors. For more information, see DiffServ Traffic Classes . Standard IP-based networks are designed to provide “best effort” data delivery service.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Diffserv Configuration Use the Diffserv Configuration screen to display DiffServ general status group information, which includes the current administrative mode setting as well as the number of used resources for DiffServ. To view DiffServ general status group information: Select QoS DiffServ Advanced Diffserv Configuration.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches This feature changes (remarks) the DSCP tags for incoming traffic switched between trusted QoS domains. For example, assume that there are three levels of service—A, B, and C— and the DSCP incoming values used to mark these levels are 10, 20, and 30 respectively.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Class Configuration Use one of the Class Configuration screens to add a DiffServ class name, or to rename or delete an existing class. For IPv4 packets use the Class Configuration screen. For IPv6 packets use the IPv6 Class Configuration screen. As packets are received, these DiffServ classes are used to prioritize packets. You can have multiple match criteria in a class. The logic is a Boolean logical-and for this criteria. To add a new class: 1.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Use the buttons at the bottom of the screen to perform the following: • To remove a class, select the check box beside the class name, then click DELETE. • To cancel the configuration you just entered, click CANCEL. To configure a class: 1. Select QoS DiffServ Advanced IPv6 Class Configuration. The following screen displays: 2. Click a class name (which is a hyperlink) for an existing class.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Source MAC. Enter the source MAC address and the mask. • Destination MAC. Enter the destination MAC address and the mask. • Protocol Type. Select the protocol type. If you select Other, enter a protocol number in the field that appears. • Source IP. Enter a valid source IP address in dotted-decimal format. • Source L4 Port. Select the desired L4 keyword from the list on which the rule can be based.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure an IPv6 class: 1. Select QoS DiffServ Advanced IPv6 Class Configuration. The following screen displays: 2. Enter the new class name. 3. Select the class type, and click Add. The switch supports only the Class Type value All, which means all the various match criteria defined for the class must be satisfied for a packet match. All signifies the logical AND of all the match criteria. 4. Click APPLY to save the class.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure the class match criteria: 1. In the IPv6 Class Configuration screen, select the name of the class. The following screen displays: 2. Click a class name (which is a hyperlink) for an existing class. When you click a class name, the configuration part of the Class Configuration screen is displayed. In this part of the screen, you define against which values traffic is checked when this class is applied. 3.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 4. Click APPLY to save the class. Configuration changes take effect immediately. Policy Configuration Use the Policy Configuration screen to associate a collection of classes with one or more policy statements. After creating a policy, click the policy name to go to the Policy Configuration screen. To configure a DiffServ policy: 1. Select QoS DiffServ Advanced Policy Configuration. The following screen displays: 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure the policy attributes: 1. In the Policy Configuration screen, click the name of the policy. The Policy Attribute section of the screen displays. 2. Configure the policy attributes by selecting the check box associated with the attribute to be configured and then entering the required data: • Assign Queue. Select the destination queue. There are four queues with valid values from 0 to 3 (3 is the highest). • Drop.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. If you select the Simple Policy radio button, you can configure the following fields: • Color Mode. Color aware mode requires the existence of one or more color classes that are valid for use with this policy instance; otherwise, the color mode is color blind, which is the default. • Committed Rate. The committed rate is the average bandwidth in bits per seconds specified in kilobits-per-second (Kbps) and is an integer from 100 to 1000000.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Service Configuration Use the Service Configuration screen to activate a policy on an interface. To configure DiffServ policy settings on an interface: 1. Select QoS DiffServ Advanced Service Configuration. The following screen displays: 2. To configure DiffServ policy settings for a physical port, link aggregation group (LAG) or both, click PORTS, LAGS or ALL, respectively. 3. Select the check box next to the port or LAG to configure.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To display and refresh service-level statistical information: 1. Select QoS DiffServ Advanced Service Statistics. The following screen displays: The following fields are displayed: • Interface. The interface for which service statistics display. • Direction. The direction of packets for which service statistics display, which is always In. • Policy Name. The policy associated with the selected interface. • Operational Status.
6. Managing Device Security 6 Use the features available from the Security tab to configure management security settings for port, user, and server security.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Management Security Settings From the Management Security menu, you can configure the login password, Remote Authorization Dial-In User Service (RADIUS) settings, Terminal Access Controller Access Control System (TACACS+) settings, and authentication lists. To display the screen, click the Security Management Security tab.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 4. To confirm the password, enter it again to make sure that you entered it correctly. This field displays asterisks (*) 5. Click APPLY to apply the new settings to the system. Configuration changes take effect immediately. To reset the password for the management interface: 1. Select the Reset Password check box to reset the password to the default value. 2. Click APPLY to apply the new settings to the system.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure global RADIUS server settings: 1. Select Security Management Security RADIUS Global Configuration. The following screen displays: The Current Server IP Address field is blank if no servers are configured (see RADIUS Server Configuration ). The switch supports up to three configured RADIUS servers. If more than one RADIUS server is configured, the current server is the server configured as the primary server.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches RADIUS Server Configuration Use the RADIUS Server Configuration screen to view and configure various settings for the current RADIUS server configured on the system. To configure a RADIUS server for authentication and authorization: 1. Select Security Management Security > RADIUS Server Configuration. The following screen displays: 2. In the Server Address field, specify the IP address of the RADIUS server to add. 3.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Accounting Server Configuration Use the Accounting Server Configuration screen to view and configure various settings for a RADIUS accounting server on the network. To configure the RADIUS accounting server: 1. Select Security Management Security RADIUS Accounting Server Configuration. The following screen displays: 2. In the Accounting Server Address field, specify the IP address of the RADIUS accounting server to use. 3.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure TACACS+ TACACS+ provides a centralized user management system while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services: • Authentication. Provides authentication during login using user names and user-defined passwords. • Authorization. Performed at login. When the authentication session is completed, an authorization session starts using the authenticated user name.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 2. In the Key String field, specify the authentication and encryption key for TACACS+ communications between the switch and the TACACS+ server. The valid range is 0–128 characters. The key must match the key configured on the TACACS+ server. 3. In the Connection Timeout field, specify the maximum number of seconds allowed to establish a TCP connection between the switch and the TACACS+ server. The valid range is 1–30 seconds. 4.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 5. In the Key String field, specify the authentication and encryption key for TACACS+ communications between the switch and the TACACS+ server. This key must match the encryption used on the TACACS+ server. The valid range is 0–128 characters. 6. In the Connection Timeout field, specify the amount of time that passes before the connection between the device and the TACACS+ server times out. The field range is 1–30 seconds. The default value is 5. 7.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches HTTP Authentication List Use the HTTP Authentication List screen to configure the default HTTP login list. To change the HTTP authentication method for the default list: 1. Select Security Management Security Authentication List > HTTP Authentication List. The following screen displays: 2. Select the check box next to the List Name. 3.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Note: Each authentication protocol can use up to three authentication methods. Local and None must be the last methods. You cannot configure methods after these two options. 4. From the list in the 2 column, select the authentication method, if any, that must appear second in the selected authentication login list. Use this method if the first method times out.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. From the list in the 1 column, select the HTTPS authentication method that must appear first in the selected authentication login list. If you select a method that does not time out as the first method, such as local, no other method is attempted, even if you have specified more than one method. This parameter does not appear when you first create a login list. User authentication occurs in the order the methods are selected.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure Management Access From the Access tab, you can configure HTTP and Secure HTTP access to the switch management interface. You can also configure access control profiles and access rules.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. Click APPLY to update the switch with the HTTPS Authentication settings. Secure HTTP Configuration Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When you manage the switch by using a web interface, secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man-in-the-middle attacks.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches After the session is inactive for the configured amount of time, the administrator is automatically logged out and must reenter the password to access the management interface. The default value is 5 minutes. The maximum number of HTTPS sessions is 2. 5. Click APPLY to update the switch with the HTTPS Authentication settings. Certificate Management Use this screen to generate or delete certificates. To manage certificates: 1.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Import Certificates. Select this option to import certificate files. In the Certificate field, Public Key field and Private Key fields, paste the certificate, public key and private key from an external file. • Generate Certificate Request. Select this option to generate a certificate request. • Delete Certificate. Delete corresponding certificate files, if present. 3. Click APPLY to start the certification process.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Access Profile Configuration To set up a security access profile: 1. Select Security > Access > Access Control Access Profile Configuration. The following screen displays: 1. In the Access Profile Name field, enter the name of the access profile to be added. The maximum length is 32 characters. 2. Select one of the following options: • Activate Profile. Select to activate an access profile. • Deactivate Profile.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Access Rule Configuration To add a security access rule: 1. Select Security > Access > Access Control Access Rule Configuration. The following screen displays: 2. In the Rule Type field, select Permit or Deny as the action to be performed when the rule is matched. 3. In the Service Type field, select HTTP, Secure HTTP (SSL), or SNMP. The access rule is restricted according to the service type. 4.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Port Authentication In port-based authentication mode, when 802.1x is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This mode is the default authentication mode. The 802.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure global 802.1x settings: 1. Select Security Port Authentication Basic 802.1x Configuration. The following screen displays: 2. Next to the Port Based Authentication State, select the radio button to enable or disable 802.1x administrative mode on the switch. • Enable. Port-based authentication is permitted on the switch. • Disable. The switch does not check for 802.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Port Authentication Use the Port Authentication screen to enable and configure port access control on one or more ports. To configure 802.1x settings for the port: 1. Select Security Port Authentication > Advanced Port Authentication. Note: Use the horizontal scroll bar at the bottom of the browser to view all the fields on the Port Authentication screen. The following figures are both images of the Port Authentication screen. 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches You can also select multiple check boxes to apply the same settings to the select ports, or select the check box in the heading row to apply the same settings to all ports. 3. For the selected ports, specify the following settings: • Port Control. Defines the port authorization state. The control mode is set only if the link status of the port is link up. The possible field values are: • Auto. Automatically detect the mode of the interface.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Protocol Version. Displays the protocol version associated with the selected port. The only possible value is 1, corresponding to the first version of the 802.1x specification. • PAE Capabilities. Displays the port access entity (PAE) functionality of the selected port. Possible values are Authenticator or Supplicant. • Authenticator PAE State. This field displays the current state of the authenticator PAE state machine.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Port Summary Use the Port Summary screen to view information about the port access control settings on a specific port. Select Security Port Authentication Advanced Port Summary. The following screen displays: Table 23 describes the fields on the Port Summary screen. Table 23. Port Summary Fields Field Description Port The port whose settings are displayed in the current table row. Control Mode Defines the port authorization state.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Description Operating Control Mode Indicates the control mode under which the port is actually operating. The possible values are: • ForceUnauthorized • ForceAuthorized • Auto • N/A: If the port is in detached state, it cannot participate in port access control. Reauthentication Enabled Displays if reauthentication is enabled on the selected port. This is a configurable field. The possible values are TRUE and FALSE.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Traffic Control From the Traffic Control menu, you can configure MAC filters, storm control, port security, and protected port settings.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure storm control settings: 1. Select Security Traffic Control > Storm Control. The following screen displays: 2. Select the check box next to the port to configure. Select multiple check boxes to apply the same setting to all selected ports. Select the check box in the heading row to apply the same settings to all ports. 3. From the Status menu, select Enable or Disable to specify the administrative status of the mode. 4.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Port Security Interface Configuration A MAC address can be defined as allowable by one of two methods: dynamically or statically. Both methods are used concurrently when a port is locked. Dynamic locking implements a first arrival mechanism for port security. You specify how many addresses can be learned on the locked port. If the limit has not been reached, a packet with an unknown source MAC address is learned and forwarded normally.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Max Allowed Dynamically Learned MAC. Sets the maximum number of dynamically learned MAC addresses on the selected interface. The valid range is 0–600. The default value is 600. • Enable Violation Traps. Select Yes or No to enable or disable the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port. 5. Click APPLY to update the switch with the new settings.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Table 24. Dynamic MAC addresses table fields. Field Description VLAN ID The VLAN ID corresponding to the last violation MAC address. MAC Address The MAC addresses learned on a specific port. Protected Ports If a port is configured as protected, it does not forward traffic to any other protected port on the switch, but it forwards traffic to unprotected ports. Use the Protected Ports screen to configure the ports as protected or unprotected.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure Access Control Lists Access control lists (ACLs) ensure that only authorized users have access to specific resources while blocking any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network. The switch software supports IPv4 and MAC ACLs.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To create an ACL: 1. Select Security ACL ACL Wizard. The following screen displays: 2. From the ACL Type list, select the ACL type used to create the ACL. You can select from 10optional types: • ACL Based on Destination MAC. Creates an ACL based on the destination MAC address, destination MAC mask, and VLAN. • ACL Based on Source MAC. Creates an ACL based on the source MAC address, source MAC mask, and VLAN. • ACL Based on Destination IPv4.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • ACL Based on Source IPv6 L4 Port. Creates an ACL based on the source IPv6 layer 4 port number. 3. Configure the settings in the following table, based on the selection in the ACL Type list: Note: The Rule ID, Action, and Match Every fields appear for all ACL types. The remaining two fields vary according to the selected ACL type. • In the Rule ID field, enter a number that is used to identify the rule. The valid range is 1 - 10.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches ACL Based on Fields Source IPv4 L4 Port • • Source L4 port (protocol). Specify the source IPv4 L4 port protocol. Source L4 port (value). Specify the source IPv4 L4 port value. Destination IPv6 L4 Port • • Destination L4 port (protocol). Specify the destination IPv6 L4 port protocol. Destination L4 port (value). Specify the destination IPv6 L4 port value. Source IPv6 L4 Port • • Source L4 port (protocol).
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure a MAC ACL: 1. Select Security ACL > Basic > MAC ACL. The following screen displays: 2. Specify a name for the MAC ACL in the Name field. The name string can include alphabetic, numeric, hyphen, underscore, or space characters only. The name must start with an alphabetic character. 3. Click ADD. Each configured ACL displays the following information: • Rules. Displays the number of rules currently configured for the MAC ACL.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure MAC ACL rules: 1. Select Security ACL > Basic MAC Rules. The following screen displays: 2. From the ACL Name field, specify the existing MAC ACL to which the rule applies. For information about how to set up a new MAC ACL, use the MAC ACL screen. 3. In the ID field, enter an ID for the rule. The valid range is 1-10. 4. Configure the following settings: • Action.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches addresses with aa:bb:xx:xx:xx:xx result in a match (where x is any hexadecimal number). A MAC mask of 00:00:00:00:00:00 matches a single MAC address. • EtherType Key. Requires a packet’s EtherType to match the EtherType you select. Select the EtherType value from the drop-down list. If you select User Value, you can enter a custom EtherType value. • EtherType User Value.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure MAC ACL interface bindings: 1. Select Security ACL > Basic MAC Binding Configuration. The following screen displays: 1. From the ACL ID list, select an existing MAC ACL. The packet filtering direction for ACL is Inbound, which means the MAC ACL rules are applied to traffic entering the port. 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches MAC Binding Table Use the MAC Binding Table screen to view or delete the MAC ACL bindings. Select Security ACL > Basic MAC Binding Table. The following screen displays: Table 26 describes the information displayed in the MAC Binding Table screen. Table 26. MAC Binding Table fields. Field Description Interface The interface to which the MAC ACL is bound. Direction The packet filtering direction for the ACL.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches network administrator defines an ACL rule that says port number 20 can receive TCP packets. However, if a UDP packet is received, the packet is dropped. ACLs are composed of access control entries (ACE), or rules, that consist of the filters that determine traffic classifications. Use the IP ACL screen to add or remove IP-based ACLs. To configure an IP ACL: 1. Select Security ACL > Advanced IP ACL. The following screen displays: 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches IP Rules Use the IP Rules screen to define rules for IP-based standard ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: There is an implicit “deny all” rule at the end of an ACL list. This rule means that if an ACL is applied to a packet and if none of the explicit rules match, the final implicit “deny all” rule applies and the packet is dropped.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Logging. When set to Enable, logging is enabled for this ACL rule (subject to resource availability in the device). If the access list trap flag is also enabled, this causes periodic traps to be generated indicating the number of times this rule was hit during the current report interval. A fixed 5-minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is 0 for the current interval.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 2. Select the ACL ID to add the rule to, and select the check box in the Extended ACL Rule table. The extended ACL Rule Configuration screen displays. 3. Configure the fields for the new rule. • Rule ID. Specify a number from 1 to 10 to identify the IP ACL rule. You can create up to ten rules for each ACL. • • Action. Select an ACL forwarding action: • Permit. Forwards packets which meet the ACL criteria. • Deny.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches during the current report interval. A fixed 5-minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is 0 for the current interval. This field is available for a deny action. • Match Every. Requires a packet to match the criteria of this ACL. Select Enable or Disable. Match Every is exclusive to the other filtering rules, so if Match Every is enabled, the other rules on the screen are not available.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches alternative ways of specifying a match criterion for the same Service Type field in the IP header; however, each uses a different user notation. After you select the service type, specify the value associated with the type. • IP DSCP: Specify the IP DiffServ Code Point (DSCP) value. The DSCP is defined as the high-order 6 bits of the service type octet in the IP header. Select an IP DSCP value from the list.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. Click ADD. To delete an IPv6 ACL, select the check box associated with the rule and click DELETE. IPv6 Rules Use the IPv6 Rules screen to configure the rules for the IPv6 access control lists. The IPv6 access control lists are created using the IPv6 ACL screen. By default, no specific value is in effect for any of the IPv6 ACL rules. To add an IPv6 rule: 1. Select Security ACL > Advanced IPv6 Rules link. The following screen displays: 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. Configure the settings for the new rule. • Rule ID. Enter a whole number in the range of 1–10 that is used to identify the rule. An IPv6 ACL might have up to 10 rules. • Action. Specify what action must be taken if a packet matches the rule's criteria. The choices are Permit or Deny. • Logging. When set to Enable, logging is enabled for this ACL rule (subject to resource availability in the device).
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Select one of the keywords from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number, which is used as both the start and end of a port range. • Destination Prefix and Prefix Length. Enter a prefix of up to 128 bit combined with prefix length to be compared to a packet's destination IP address as a match criteria for the selected IPv6 ACL rule.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Select an existing IP ACL from the ACL ID menu. The packet filtering direction for ACL is Inbound, which means the IP ACL rules are applied to traffic entering the port. 3. Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction. A low number indicates high precedence order.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches IP Binding Table Use the IP Binding Table screen to view or delete the IP ACL bindings. To display the IP Binding Table, click Security ACL > Advanced IP Binding Table. The following screen displays: The following table describes the information displayed in the IP Binding Table. Table 27. IP Binding table fields. Field Description Interface The interface to which the IP ACL is bound. Direction The packet filtering direction for ACL.
7. 7 Monitoring the System Use the features available from the Monitoring tab to view various information about the switch and its ports and to configure how the switch monitors events.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Ports The screens available from the Ports menu contain various information about the number and type of traffic transmitted from and received on the switch. From the Ports menu, you can access the following sections: • Switch Statistics • Port Statistics • Port Detailed Statistics • EAP Statistics • Cable Test Switch Statistics The Switch Statistics screen displays detailed statistical information about the traffic the switch handles.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Unicast Packets Received. The number of subnetwork-unicast packets delivered to a higher layer protocol. • Multicast Packets Received. The total number of packets received that were directed to a multicast address. This number does not include packets directed to the broadcast address. • Broadcast Packets Received. The total number of packets received that were directed to the broadcast address. This does not include multicast packets.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Port Statistics The Port Statistics screen displays a summary of per-port traffic statistics on the switch. To display a summary of per-port traffic statistics and clear or refresh the counters: 1. Select Monitoring Ports Port Statistics. The following screen displays: The following fields are displayed: • Interface. The ports on the system. • Total Packets Received Without Errors.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • To clear the counters for a specific interfaces, select the check box associated with the port and click CLEAR. You can also enter the interface name in the Go To Interface field and click GO. This selects the interface and clears its counters. Port Detailed Statistics The Port Detailed Statistics screen displays a variety of per-port traffic statistics. To display a summary of per-port traffic statistics and clear or refresh the counters: 1.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Port Role. Each MST bridge port that is enabled is assigned a port role for each spanning tree. The port role can be one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master Port, or Disabled Port. • STP Mode. The Spanning Tree Protocol (STP) administrative mode for the port or LAG. The possible values for this field are: • • • • Enable. Spanning Tree Protocol is enabled for this port. • Disable.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Packets Received 65-127 Octets. The total number of packets (including bad packets) received that were 65 through 127 octets in length inclusive (excluding framing bits but including FCS octets). • Packets Received 128-255 Octets. The total number of packets (including bad packets) received that were 128 through 255 octets in length inclusive (excluding framing bits but including FCS octets). • Packets Received 256-511 Octets.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Overruns. The total number of frames discarded as this port was overloaded with incoming packets, and was not able to keep up with the inflow. • 802.3x Pause Frames Received. A count of MAC control frames received on this interface with an operation code indicating the pause operation. This counter does not increment when the interface is operating in half-duplex mode. • Total Packets Transmitted (Octets).
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Use the buttons at the bottom of the screen to perform the following actions: • Click CLEAR to clear all the counters. This resets all statistics for this port to 0. • Click REFRESH to display the most current statistics. EAP Statistics Use the EAP Statistics screen to display information about EAP packets received on a specific port. To display a EAP Statistic: 1. Select Monitoring Ports EAP Statistics. The following screen displays: 2.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Last Frame Source. The source MAC Address attached to the most recently received EAPOL frame. • Invalid Frames Received. The number of unrecognized EAPOL frames received on this port. • Length Error Frames Received. The number of EAPOL frames with an invalid packet body length received on this port. • Response/ID Frames Received. The number of EAP respond ID frames that have been received on the port. • Response Frames Received.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To display cable information: 1. Select Monitoring Ports Cable Test. The following screen displays: 2. Select the interface for which cable data is to be displayed. This can be done by either clicking the check box by the required port or by entering the port name in the Go to Interface field and clicking Go. 3. Click APPLY to execute the test per port. The following fields are displayed: • • Cable Status: • Normal.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Failure Location. The estimated distance in meters from the end of the cable to the failure location. The failure location is displayed only if the cable status is Open Cable, Short Cable, or No Cable. Logs The switch might generate messages in response to faults, or errors occurring on the platform as well as changes in configuration or other occurrences.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure the Buffered Logs settings: 1. Select Monitoring Logs Buffered Logs. The following screen displays: 2. In the Admin Status field select Enable to enable system logging or Disable to disable it. 3. In the Behavior field, select the Wrap behavior of the log when it is full. In this behavior, when the buffer is full, the oldest log messages are deleted as the system logs new messages. 4.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The syslog message includes the following fields: • Date • Time • Module (AAA in the example above). • Severity (I in the example above). • Action (DISSCONNECT in the example above). • Description (http connection for user admin, source 10.5.70.19 destination 10.5.234.201 TERMINATED in the example above).
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Port. Specify the port on the host to which syslog messages are sent. The default port is 514. • Severity Filter. Select the severity of the logs to send to the logging host. Logs with the selected severity level and all logs of greater severity are sent to the host. For example, if you select Error, the logged messages include Error, Critical, Alert, and Emergency. The default severity level is Alert (1).
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Trap Logs Use the Trap Logs screen to view information about the SNMP traps generated on the switch. To view SNMP traps: • Select Monitoring Logs Trap Logs. The following screen displays: The Number of Traps Since Last Reset field is displayed. Note: Check the detailed contents of the reported traps through the SNMP trap server. This action is not within the scope of this guide.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Mirroring The screen you access from the Mirroring menu enables you to view and configure port mirroring on the system. Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch. As such, many switch ports are configured as source ports, and one switch port is configured as a destination port. You can configure how traffic is mirrored on a source port.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Enable. Multiple-port mirroring is active on the selected port (that is, on all the configured source ports). • Disable. Port mirroring is not active on the selected port, but the mirroring information is retained. 5. From the Direction list, select the direction of the traffic to be mirrored from the configured mirrored ports. The default value is Tx and Rx. • Tx and Rx. Enable both transmitting and receiving on the selected ports. • Tx only.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches System Resources Utilization The switch architecture uses a Ternary Content Addressable Memory (TCAM) to support packet actions in wire speed. TCAM holds the rules produced by other applications. The maximum number of TCAM rules that can be allocated by all applications on the device is 480.
8. 8 Maintenance Use the features available from the Maintenance tab to help you manage the switch.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Reset The Reset menu contains links that provide access to the features described in the following sections: • Device Reboot • Factory Default Device Reboot Use the Device Reboot screen to reboot the switch. To reboot the switch: 1. Select Maintenance Reset Device Reboot. The following screen displays: 2. Select the check box. 3. Click APPLY. The switch resets immediately.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Factory Default Use the Factory Default screen to reset the system configuration to the factory default values. Note: If you reset the switch to the default configuration, the IP address is reset to 192.168.0.239, and the DHCP client is enabled. If you loose network connectivity after you reset the switch to the factory defaults, see Connect the Switch to the Network . To reset the switch to the factory default settings: 1.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Upload a File from the Switch The switch supports system file uploads from the switch to a remote system by using either TFTP or HTTP. Upload File Types The following types of files can be uploaded from the switch: • Archive. The archive is the system software image, which is saved in one of two flash sectors called images (image1 and image2). The active image stores the active copy and the other image stores a second copy.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To upload a file from the switch to the TFTP server: 1. Select Maintenance Upload TFTP File Upload. The following screen displays: 2. Use the File Type list to select the type of file you want to upload. For more information, see Upload File Types . • Archive. Retrieve the active software image file. • Text Configuration. Retrieve the stored text configuration file. • Buffered Log. Retrieve the syslog file. The factory default is Archive.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 8. Select the Start File Transfer check box to enable the file upload when you click APPLY 9. Click APPLY to begin the file transfer (upload). When the transfer actually begins, the last row of the table displays information about the progress of the file transfer. The screen refreshes automatically until the file transfer completes or fails.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Download a File to the Switch The switch supports system file downloads from a remote system to the switch by using either TFTP or HTTP. Download File Types The following types of files can be downloaded to the switch: • Archive. The archive is the system software image, which is saved in one of two flash sectors called images (image1 and image2). The active image stores the active copy and the other image stores a second copy.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To download a file to the switch from a TFTP server: 1. Select Maintenance Download TFTP File Download. The following screen displays: 2. From the File Type list, select the type of file you want to download to the switch. For more information, see Download File Types on page 232. • Archive. Software image file. Note: The system always downloads the software image to the non-active image. • Text Configuration. A text-based configuration file.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 6. In the Remote File Name field, specify the name of the file to download from the TFTP server. You can enter up to 32 characters. A file name with a space is not accepted. 7. Select the Start File Transfer check box to enable the file upload when you click APPLY. 8. Click APPLY to initiate the file transfer. When the transfer actually begins, the last row of the table displays information about the progress of the file transfer.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Text Configuration. A text-based configuration file. 3. In the Select File field, enter the name of the file that you want to download or click Browse to open a file upload window to locate the file. 4. Click the APPLY button to initiate the file download. Note: After a file transfer is started, wait until the screen refreshes. When the screen refreshes, the Select File option is blanked out. This indicates that the file transfer is done.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure Dual Image settings: 1. Select Maintenance > File Management > Dual Image > Dual Image Configuration. The following screen displays: 2. In the Image Name field, select one of the images from the list. The Current-active field displays the name of the active image. 3. To configure a descriptive name for the selected software image, type the name in the Image Description field. The valid range is 0–160 characters. 4.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: The Dual Image Status screen displays the following: • Image1 Ver. The version of the image1 code file. • Image2 Ver. The version of the image2 code file. • Current-active. The currently active image on this unit. • Next-active. The image used on the next restart of this unit. • Image1 Description. The description associated with the image1 code file. • Image2 Description.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Troubleshooting The Troubleshooting menu contains links that provide access to the features described in the following sections: • Ping • Ping IPv6 • Traceroute • Remote Diagnostics Ping Use the Ping screen to instruct the switch to send a ping request to a specified IP address. You can use this feature to check whether the switch can communicate with a particular network host. Subnet broadcast ping is not supported.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The initial value is blank. This information is not retained across a power cycle. The maximum number of characters in a name is 160. 3. Optionally, configure the following settings: • In the Count field, specify the number of pings to send. The valid range is 1–15. • In the Interval (secs) field, specify the number of seconds between pings sent. The valid range is 1–60. • In the Size field, specify the size of the ping (ICMP) packet to send.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 2. In the Ping field, select either Global or Link Global to select either the global IPv6 Address or host name or link local address to ping. 3. Optionally, configure the following settings: • In the IPv6 Address/Host Name field, enter the IPv6 address or host name of the station you want the switch to ping. The initial value is blank. The IPv6 address or host name you enter is not retained across a power cycle. The valid range is 0–160 characters.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure the Traceroute settings and send probe packets to discover the route to a host on the network: 1. Select Maintenance Troubleshooting Traceroute. The following screen displays: 2. In the IP Address/Hostname field, specify the IP address or the host name of the station you want the switch to ping. The initial value is blank. This information is not retained across a power cycle. 3.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Remote Diagnostics The Remote Diagnostics screen lets you enable Telnet for diagnostic purposes. To configure the remote diagnostics feature: 1. Select Maintenance Troubleshooting Remote Diagnostics. The following screen displays: 2. Next to Remote Diagnostics, select Enable or Disable. 3. Click APPLY to send the updated configuration to the switch. Configuration changes occur immediately.
9. 9 Help Use the features available from the Help tab to connect to online resources for assistance, and to register your device.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Online Help The Online Help link provides links to the sections described in the following sections: • Support • User Guide Support Use the Support screen to connect to the online support site at netgear.com. To connect to online support: 1. Select Help OnLine Help Support. The following screen displays: 2. Click APPLY to connect to the NETGEAR support site for the switch.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches User Guide Use the User Guide screen to access this guide, which is available on the NETGEAR website. To access the user guide: 1. Select Help User Guide. The following screen displays: 2. To access to the user guide that is available online, click APPLY.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Registration Use the Registration screen to register your switch. Completing the registration confirms your email address, lowers technical support resolution time, and ensures your shipping address accuracy. NETGEAR makes an effort to incorporate your feedback into future product development.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To register the switch: 1. Select Help Registration. The following screen displays: 2. Click REGISTER to register the switch. The switch attempts to contact the NETGEAR registration server. If the switch successfully contacts the registration server, the NETGEAR product registration screen opens in a new browser window. The product serial number and model number fields are pre-populated.
A. Hardware Specifications and Default Values A The GS752TP, GS728TP, and GS728TPP switches conform to the TCP/IP, UDP, HTTP, ICMP, TFTP, DHCP, IEEE 802.1D, IEEE 802.1 p, and IEEE 802.1Q standards. They also conform to the IEEE802.3i (10BASE-T), IEEE802.3ii (100Base-TX), IEEE802.3ab (1000Base-T), IEEE802.3z (1000Base-X), IEEE802.3af (DTE Power via MDI), IEEE802.3at (DTE Power via MDI Enhancements), and IEEE802.3az (EEE) standards.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Feature Value MAC addresses 8K Green Ethernet Automatic power-down on port when link is down, short cable mode and EEE mode 249
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Switch Features and Defaults Feature Sets Supported Default Auto negotiation/static speed/duplex All ports Auto-negotiation Auto MDI/MDIX N/A Enabled 802.3x flow control/back pressure 1 (per system) Disabled Port mirroring 1 destination port and 8 source ports Disabled Port trunking (aggregation) 8 Pre-configured 802.1D spanning tree 1 Disabled 802.1w RSTP 1 Disabled 802.1s spanning tree 16 instances Disabled Static 802.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Feature Sets Supported Default Password control access 1 Idle time-out = 5 minutes Password = password Management security 1 profile with 20 rules for HTTP/HTTPS/SNMP access to allow/deny an IP address/subnet All IP addresses allowed Port MAC lock down All ports Disabled Boot code update 1 N/A DHCP/manual IP 1 DHCP enabled/192.168.1.1 Default gateway 1 192.168.0.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Feature Sets Supported Default Number of ARP cache entries 1024 in switch mode, approximately 100 in router mode N/A Number of DHCP snooping bindings 8K N/A Number of DHCP static entries 1024 N/A MLD snooping N/A N/A 252
B. Configuration Examples This chapter contains information about how to configure the following features: • Virtual Local Area Networks (VLANs) • Access Control Lists (ACLs) • Differentiated Services (DiffServ) • 802.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Virtual Local Area Networks (VLANs) A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs together, routing the traffic to the appropriate port.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged. Inversely, a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Access Control Lists (ACLs) ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and provide security for the network.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Destination MAC. 01:02:1A:BC:DE:EF • Destination MAC Mask. 00:00:00:00:FF:FF • Source MAC. 02:02:1A:BC:DE:EF • Source MAC Mask. 00:00:00:00:FF:FF • VLAN ID. 2 For more information about MAC ACL rules, see MAC Rules on page 191. 3. In the MAC Binding Configuration screen, assign the Sales_ACL to Ethernet ports 6, 7, and 8 and click APPLY. For more information, see MAC Binding Configuration on page 193.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches departments. Traffic from the Finance department is identified by each packet’s network IP address. 1. In the IP ACL screen, create an IP ACL with an IP ACL ID of 1. For more information, see IP ACL on page 195. 2. In the IP Rules screen, create a rule for IP ACL 1 with the following settings: • Rule ID. 1 • Action. Deny • Match Every. False • Source IP Address. 192.168.187.0 • Source IP Mask. 255.255.255.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Differentiated Services (DiffServ) Standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will. During times of congestion, packets might be delayed, sent sporadically, or dropped.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Layer 4 protocol (such as TCP or UDP) • Layer 4 source and destination ports • Source and destination IP addresses From a DiffServ point of view, there are two types of classes: • DiffServ traffic classes • DiffServ service levels or forwarding classes DiffServ Traffic Classes With DiffServ, you define which traffic classes to track on an ingress interface.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Dropping. Drops a packet upon arrival. This is useful for emulating access control list operation using DiffServ, especially when DiffServ and ACL cannot co-exist on the same interface. • Marking IP DSCP. Marks and remarks the DiffServ code point in a packet with the DSCP value representing the service level associated with a particular DiffServ traffic class. • Marking CoS (802.1p). Sets the 3-bit priority field in the first or only 802.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. Configure the following settings for Class1: • Protocol Type. UDP • Source IP Address. 192.12.1.0 • Source Mask. 255.255.255.0 • Source L4 Port. Other, and enter 4567 as the source port value • Destination IP Address. 192.12.2.0 • Destination Mask. 255.255.255.0 • Destination L4 Port. Other, and enter 4568 as the destination port value For more information about this screen, see Class Configuration on page 147. 4. Click APPLY. 5.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Also the confirmed action on this flow is to send the packets with a committed rate of 10,000 Kbps and burst size of 128 KB. Packets that violate the committed rate and burst size are dropped. 802.1x Local area networks (LANs) are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure, or permit unauthorized users to attempt to access the LAN through equipment already attached.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Access control is achieved by enforcing authentication of supplicants that are attached to a controlled ports of the authenticator. The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port. A port access entity (PAE) is able to adopt one of the following roles within an access control interaction: • Authenticator.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches a force-authorized state and does not require any authentication. When the Port Control setting is Auto, the authenticator PAE sets the controlled port mode. 3. In the Guest VLAN field for ports g1–g8, enter 150 to assign these ports to the guest VLAN. You can configure more settings to control access to the network through the ports. See Port Security Interface Configuration for information about the settings. 4. Click APPLY. 5. In the 802.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches MSTP Spanning Tree Protocol (STP) runs on bridged networks to help eliminate loops. If a bridge loop occurs, the network can become flooded with traffic. IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) supports multiple instances of spanning tree to efficiently channel VLAN traffic over different interfaces. Each instance of the spanning tree behaves in the manner specified in IEEE 802.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches receive and transmit MSTP BPDUs. The MST configuration identifier has the following components: 1. Configuration identifier format selector 2. Configuration name 3. Configuration revision level 4.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches In this example, ports g1–g5 are connected to host stations, so those links are not subject to network loops. Ports g6–g8 are connected across Switches 1, 2, and 3. Ports g1-g5 connected to hosts Ports g1-g5 connected to hosts Ports g6-g8 connected to Switch 2 and 3 Switch 1 root bridge Switch 2 Ports g6-g8 connected to Switch 1 and 2 Switch 3 Ports g1-g5 connected to hosts Perform the following procedures on each switch to configure MSTP: 1.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches For more information, see CST Configuration on page 94. 5. In the CST Port Configuration screen, select ports g1–g8 and select Enable from the STP Status list. For more information, see CST Port Configuration on page 96. 6. Click APPLY. 7. Select ports g1–g5 (edge ports), and select Enable from the Fast Link list. Since the edge ports are not at risk for network loops, ports with Fast Link are enabled transition directly to the forwarding state. 8.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure VLAN Routing with Static Route VLAN Routing Overview VLANs divide broadcast domains in a LAN environment. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic must be routed between them. This is known as inter-VLAN routing. On NETGEAR switches it is accomplished by creating Layer 3 interfaces (switch virtual interfaces [SVI]).
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Note: You can use the VLAN Routing Wizard for creating VLANs, adding ports, and enabling them for routing by assigning the IP address and mask.
C. Notification of Compliance NETGEA R Wired P ro duct s C Regulatory Compliance Information This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result in unlawful operation and adverse action against the end-user by the applicable National regulatory authority.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches FCC Guidelines for Human Exposure This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance of 20 cm between the radiator and your body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. FCC Declaration Of Conformity We, NETGEAR, Inc.
Index Numerics certificate of the manufacturer/importer 272 change password 158 class of service 138 connect the switch to the network 11 CoS interface configuration 140 create DiffServ policies 260 CST configuration 94 port configuration 96 port status 97 802.1p to queue mapping 142 802.
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches E configure 195 rules 197 sample configuration 257 IP address change of administrative system 15 configuration 27 default IP address of switch 11 IP extended ACL rules 198 IPv6 ACL rules 202 ACLs 201 class configuration 149 network configuration 29 network interface 29 network neighbors 31 EAP statistics 215 EAPOL 215 F factory defaults 228 Fan Status LED 20 firmware download 232 flow control 73 forwarding database address table 122 G Green Ethernet
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches ports 73, 208 authentication 175, 177 configuration 74 global configuration 73 mirroring 223 protected 186 security interface configuration 184 summary 180 VLAN ID (PVID) configuration 84 Power/Status LED 20 searching address table 122 MAC ACLs 190 binding configuration 193 binding table 195 rules 191 sample configuration 256 management security settings 158 Max PoE LED 20 MFDB statistics 106 MIBs 22 mirroring 223 MLD snooping 115 snooping configuratio
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Spanning Tree Protocol (STP) 91 SSL 170 static multicast address 119 storm control 182 STP configuration 92 support 244 switch features and defaults 250 management interface 10 switch discovery in a network without a DHCP server 14 switch software management 235 system information 26 system resources utilization 225 system time 32 clock source 33 configuration through SNTP 33 local 33 UTC 33 zone 33 routing sample configuration 270 routing with static