User Manual

ManualsBrandsNetgear ManualsHubsNetgear FS728TPv2

Table Of Contents

December 2010

202-10670-01

v1.0

350 East Plumeria Drive

San Jose, CA 95134

USA

FS728TP Smart Switch

Software Administration Manual

Summary of content (261 pages)

PAGE 1
FS728TP Smart Switch Software Administration Manual 350 East Plumeria Drive San Jose, CA 95134 USA December 2010 202-10670-01 v1.
PAGE 2
FS728TP Smart Switch Software Administration Manual ©2010 NETGEAR, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NETGEAR, Inc. Technical Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, or get support online, visit us at http://support.netgear.com.
PAGE 3
Table of Contents Chapter 1 Getting Started Getting Started with the FS728TP Smart Switch. . . . . . . . . . . . . . . . . . . . Switch Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Connecting the Switch to the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Discovery in a Network with a DHCP Server . . . . . . . . . . . . . . . . . Switch Discovery in a Network without a DHCP Server . . . . . . . . . . . . . .
PAGE 4
FS728TP Smart Switch Software Administration Manual LLDP-MED Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62 Local Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Neighbors Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65 Services — DHCP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70 DHCP Filtering Configuration . . . . . . . . . . . . . . .
PAGE 5
FS728TP Smart Switch Software Administration Manual 802.1p to Queue Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 DSCP to Queue Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Differentiated Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Defining DiffServ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Diffserv Configuration . . . . . . . . . . . . . . . . .
PAGE 6
FS728TP Smart Switch Software Administration Manual Chapter 6 Monitoring the System Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 Switch Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192 Port Detailed Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
FS728TP Smart Switch Software Administration Manual Appendix B Configuration Examples Virtual Local Area Networks (VLANs). . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 VLAN Example Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 Access Control Lists (ACLs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 MAC ACL Example Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Standard IP ACL Example Configuration . . . .
PAGE 8
FS728TP Smart Switch Software Administration Manual 8 | Table of Contents
PAGE 9
1. Getting Started 1 The NETGEAR® FS728TP Smart Switch Software Administration Manual describes how to configure and operate the FS728TP Smart Switch by using the Web-based graphical user interface (GUI). This manual describes the software configuration procedures and explains the options available within those procedures.
PAGE 10
FS728TP Smart Switch Software Administration Manual Getting Started with the FS728TP Smart Switch This chapter provides an overview of starting your NETGEAR FS728TP Smart Switch and accessing the user interface. It also leads you through the steps to use the Smart Control Center utility.
PAGE 11
FS728TP Smart Switch Software Administration Manual Switch Management Interface The NETGEAR FS728TP Smart Switch contains an embedded Web server and management software for managing and monitoring switch functions. The FS728TP functions as a simple switch without the management software. However, you can use the management software to configure more advanced features that can improve switch efficiency and overall network performance.
PAGE 12
FS728TP Smart Switch Software Administration Manual Connecting the Switch to the Network To enable remote management of the switch through a Web browser or SNMP, you must connect the switch to the network and configure it with network information (an IP address, subnet mask, and default gateway). The switch has a default IP address of 192.168.0.239 and a default subnet mask of 255.255.255.0.
PAGE 13
FS728TP Smart Switch Software Administration Manual Switch Discovery in a Network with a DHCP Server This section describes how to set up your switch in a network that has a DHCP server. The DHCP client on the switch is enabled by default. When you connect it to your network, the DHCP server will automatically assign an IP address to your switch. Use the Smart Control Center to discover the IP address automatically assigned to the switch.
PAGE 14
FS728TP Smart Switch Software Administration Manual 6. Make a note of the displayed IP address assigned by the DHCP server. You will need this value to access the switch directly from a Web browser (without using the Smart Control Center). 7. Select your switch by clicking the line that displays the switch, then click the Web Browser Access button. The Smart Control Center displays a login window similar to the following figure. Use your Web browser to manage your switch.
PAGE 15
FS728TP Smart Switch Software Administration Manual Switch Discovery in a Network without a DHCP Server This section describes how to use the Smart Control Center to set up your switch in a network without a DHCP server. If your network has no DHCP service, you must assign a static IP address to your switch. If you choose, you can assign it a static IP address, even if your network has DHCP service. To assign a static IP address: 1. Connect the switch to your existing network. 2.
PAGE 16
FS728TP Smart Switch Software Administration Manual Tip: You must enter the current password every time you use the Smart Control Center to update the switch setting. The default password is password. 9. Click Apply to configure the switch with the network settings. Please ensure that your PC and the switch are in the same subnet. Make a note of these settings for later use.
PAGE 17
FS728TP Smart Switch Software Administration Manual WARNING! When you change the IP address of your administrative system, you will loose your connection to the rest of the network. Be sure to write down your current network address settings before you change them. To modify the network settings on your administrative system: 1. On your PC, access the MS Windows operating system TCP/IP Properties. 2. Set the IP address of the administrative system to an address in the 192.168.0.0 network, such as 192.168.
PAGE 18
FS728TP Smart Switch Software Administration Manual Web Access To access the FS728TP management interface, use one of the following methods: • From the Smart Control Center, select the switch and click Web Browser Access. • Open a Web browser and enter the IP address of the switch in the address field. You must be able to ping the IP address of the FS728TP management interface from your administrative system for Web access to be available.
PAGE 19
FS728TP Smart Switch Software Administration Manual Smart Control Center Utilities In addition to device discovery and network address assignment, the Smart Control Center includes several maintenance features.
PAGE 20
FS728TP Smart Switch Software Administration Manual Changing the Switch Password 1. Select the switch. 2. Click Change Password. Additional fields appear on the screen. 3. Type the switch password in the Current Password field. The default password for the switch is password. 4. Type the new password in the New Password and Confirm Password fields. The password can contain up to 20 ASCII characters. Click Apply to update the switch with the new password.
PAGE 21
FS728TP Smart Switch Software Administration Manual 4. Click OK. 5. Enter the switch password and click Apply. The file is uploaded to the administrative computer as a *.cfg file. You can open it and view the contents with a text editor. To restore the configuration to a previously saved version: 1. Click the Maintenance tab and select the device with the configuration to restore. 2. Click Download Configuration. 3.
PAGE 22
FS728TP Smart Switch Software Administration Manual Note: Click the Tasks tab to view status information about the configuration download. Firmware Upgrade The application software for the FS728TP Smart Switch is upgradeable, enabling your switch to take advantage of improvements and additional features as they become available. The upgrade procedure and the required equipment are described in this section.
PAGE 23
FS728TP Smart Switch Software Administration Manual 4. Click Open. You can choose to schedule a later time to complete the download and installation by clearing the Run Now? option and selecting a date and time to perform the firmware download and installation. The scheduled firmware download appears in the Tasks list. 5. Enter the switch password to continue downloading the firmware. 6. Click Apply to download the firmware and upgrade the switch with the new image. 7.
PAGE 24
FS728TP Smart Switch Software Administration Manual Viewing and Managing Tasks From the Tasks tab, you can view information about configuration downloads and firmware upgrades that have already occurred, are in progress, or are scheduled to take place at a later time. You can also delete or reschedule selected tasks. The following figure shows the Tasks page.
PAGE 25
FS728TP Smart Switch Software Administration Manual Understanding the User Interfaces The FS728TP Smart Switch software includes a set of comprehensive management functions for configuring and monitoring the system by using one of the following methods: • Web user interface • Simple Network Management Protocol (SNMP) Each of the standards-based management methods allows you to configure and monitor the components of the FS728TP Smart Switch software.
PAGE 26
FS728TP Smart Switch Software Administration Manual Navigation Tab Feature Link Help LInk Logout Button Help Page Page Menu Configuration Status and Options Figure 3. Administrative Page Layout Navigation Tabs, Feature Links, and Page Menu The navigation tabs along the top of the Web interface give you quick access to the various switch functions. The tabs are always available and remain constant, regardless of which feature you configure.
PAGE 27
FS728TP Smart Switch Software Administration Manual Page Link Configuration Pages Figure 4. Menu Hierarchy Configuration and Status Options The area directly under the feature links and to the right of the page menu displays the configuration information or status for the page you select. On pages that contain configuration options, you can input information into fields or select options from drop-down menus.
PAGE 28
FS728TP Smart Switch Software Administration Manual The following image shows the Device View of the FS728TP. Click the port you want to view or configure to see a menu that displays statistics and configuration options. Click the menu option to access the page that contains the configuration or monitoring options. If you click the graphic, but do not click a specific port, the main menu appears, as the following figure shows.
PAGE 29
FS728TP Smart Switch Software Administration Manual Help Page Access Every page contains a link to the online help , which contains information to assist in configuring and managing the switch. The online help pages are context sensitive. For example, if the IP Addressing page is open, the help topic for that page displays if you click Help. Figure 3 on page 26 shows the location of the Help link on the Web interface.
PAGE 30
FS728TP Smart Switch Software Administration Manual Interface Naming Convention The FS728TP Smart Switch supports physical and logical interfaces. Interfaces are identified by their type and the interface number. Physical ports 1–24 are Fast Ethernet interfaces, and physical ports 25–28 are gigabit interfaces. The number of the port is identified on the front panel. You configure the logical interfaces by using the software.
PAGE 31
2. Configuring System Information 2 Use the features in the System tab to define the switch’s relationship to its environment.
PAGE 32
FS728TP Smart Switch Software Administration Manual Management This section describes how to display the switch status and specify some basic switch information, such as the management interface IP address, system clock settings, and DNS information.
PAGE 33
FS728TP Smart Switch Software Administration Manual To define system information: 1. Open the System Information page. 2. Define the following fields: • System Name. Enter the name you want to use to identify this switch. You may use up to 31 alphanumeric characters. The factory default is blank. • System Location. Enter the location of this switch. You may use up to 31 alphanumeric characters. The factory default is blank. • System Contact. Enter the contact person for this switch.
PAGE 34
FS728TP Smart Switch Software Administration Manual To configure the network information for the management interface: 1. Select the appropriate radio button to determine how to configure the network information for the switch management interface: • Dynamic IP Address (DHCP). Specifies that the switch must obtain the IP address through a DHCP server. • Dynamic IP Address (BOOTP). Specifies that the switch must obtain the IP address through a BootP server. • Static IP Address.
PAGE 35
FS728TP Smart Switch Software Administration Manual port VLAN ID (PVID) of the port to be connected in that management VLAN be the same as the management VLAN ID. The management VLAN has the following requirements: • Only one management VLAN can be active at a time. • When a new management VLAN is configured, connectivity through the existing management VLAN is lost. • The management station should be reconnected to the port in the new management VLAN.
PAGE 36
FS728TP Smart Switch Software Administration Manual SNTP time definitions are assessed and determined by the following time levels: • T1: Time at which the original request was sent by the client. • T2: Time at which the original request was received by the server. • T3: Time at which the server sent a reply. • T4: Time at which the client received the server's reply. The device can poll Unicast server types for the server time.
PAGE 37
FS728TP Smart Switch Software Administration Manual To configure the time by using the CPU clock cycle as the source: 1. From the Clock Source field, select Local. 2. In the Date field, enter the date in the DD/MM/YYYY format. 3. In the Time field, enter the time in HH:MM:SS format. Note: If you do not enter a date and time, the switch will calculate the date and time using the CPU’s clock cycle. When the Clock Source is set to Local, the Time Zone field is grayed out (disabled): 4.
PAGE 38
FS728TP Smart Switch Software Administration Manual Field Description Last Attempt Time Specifies the local date and time (UTC) of the last SNTP request or receipt of an unsolicited message. Last Attempt Status Specifies the status of the last SNTP request or unsolicited message for both unicast mode. If no message has been received from a server, a status of Other is displayed. These values are appropriate for all operational modes: • Other: None of the following enumeration values.
PAGE 39
FS728TP Smart Switch Software Administration Manual To configure a new SNTP Server: 1. Enter the appropriate SNTP server information in the available fields: • Server Type. Specifies whether the address for the SNTP server is an IP address (IPv4) or hostname (DNS). • Address. Enter the IP address or the hostname of the SNTP server. • Port. Enter a port number on the SNTP server to which SNTP requests are sent. The valid range is 1–65535. The default is 123. • Priority .
PAGE 40
FS728TP Smart Switch Software Administration Manual Field Description Address Specifies all the existing Server Addresses. If no Server configuration exists, a message saying “No SNTP server exists” flashes on the screen. Last Update Time Specifies the local date and time (UTC) that the response from this server was used to update the system clock. Last Attempt Time Specifies the local date and time (UTC) that this SNTP server was last queried.
PAGE 41
FS728TP Smart Switch Software Administration Manual Auto-DoS Configuration The Auto-DoS Configuration page lets you automatically enable all the DoS features available on the switch, except for the L4 Port attack. See the previous section for information about the types of DoS attacks the switch can monitor and block. To access the Auto-DoS Configuration page, click System  Management  Denial of Service > Auto-DoS Configuration. To configure the Auto-DoS feature: 1.
PAGE 42
FS728TP Smart Switch Software Administration Manual To configure individual DoS settings: 1. Select the types of DoS attacks for the switch to monitor and block and configure any associated values, as the following list describes. • Denial of Service SIP=DIP. Enable or disable this option by selecting the appropriate radio button. Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a source IP address equal to the destination IP address. The factory default is Disable.
PAGE 43
FS728TP Smart Switch Software Administration Manual • Denial of Service L4 Port. Enable or disable this option by selecting the appropriate radio button. Enabling L4 Port DoS prevention causes the switch to drop packets that have TCP/UDP source port equal to TCP/UDP destination port. The factory default is Disable. • Denial of Service ICMP. Enable or disable this option by selecting the appropriate radio button.
PAGE 44
FS728TP Smart Switch Software Administration Manual To configure the global DNS settings: 1. Specify whether to enable or disable the administrative status of the DNS Client. • Enable. Allow the switch to send DNS queries to a DNS server to resolve a DNS domain name. • Disable. Prevent the switch from sending DNS queries. 2. Enter the DNS default domain name to include in DNS queries.
PAGE 45
FS728TP Smart Switch Software Administration Manual To add a static entry to the local DNS table: 1. Specify the static host name to add. Enter up to 158 characters. 2. Specify the IP address in standard IPv4 dot notation to associate with the hostname. 3. Click Add. The entry appears in the list below. 4. To remove an entry from the static DNS table, select the check box next to the entry and click Delete. 5.
PAGE 46
FS728TP Smart Switch Software Administration Manual Green Ethernet Configuration Use this page to configure Green Ethernet features. Using the Green Ethernet features allows for power consumption savings. To access this page, click System  Management  Green Ethernet Configuration. To configure the Green Ethernet feature: 1. Enable or disable the Auto Power Down Mode. • Enable. When the port link is down, the PHY will automatically go down for a short period of time and then wake up to check link pulses.
PAGE 47
FS728TP Smart Switch Software Administration Manual PoE The switch ports on the FS728TP are IEEE802.3af-compliant ports. Each port is capable of delivering up to 15.4W of reliable, uninterrupted power to connected PoE-powered devices (PD). The FS728TP can provide a total of 192W of power to all connected devices. You can configure per-port priority settings, timers, and power limits to manage the power supplied to the connected PDs and to ensure that the FS728TP power budget is used effectively.
PAGE 48
FS728TP Smart Switch Software Administration Manual To configure PoE trap settings: 1. Select the appropriate radio button to enable or disable SNMP traps. 2. Click Apply to apply the new settings to the system. 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 4. Click Refresh to update the screen with the current information.
PAGE 49
FS728TP Smart Switch Software Administration Manual 2. Configure or view the settings: • Admin Mode. Enable or disable the ability of the port to deliver power. • Priority Level. Determine which ports can deliver power if the total power delivered by the switch crosses a certain threshold. The switch may not be able to supply power to all connected devices. Priority is used to determine which ports can supply power. When ports have the same priority, the lower numbered port is given a higher priority.
PAGE 50
FS728TP Smart Switch Software Administration Manual • Status. View the operational status of the port PD detection. • Disabled. Indicates no power is being delivered. • Delivering Power. Indicates power is being drawn by a connected device. • Fault. Indicates a problem with the port. • Test. Indicates the port is in test mode. • Other Fault. Indicates the port is idle due to an error condition. • Searching. Indicates the port is not in one of the above states. 3.
PAGE 51
FS728TP Smart Switch Software Administration Manual To configure global timer settings: 1. Specify the Timer Schedule administrative mode. If the mode is disabled, no timers are used. 2. To add a timer, enter a name in the Timer Schedule Name field, and click Add. 3. To remove a timer, select the check box associated with the timer and click Delete. 4. To enable or disable the timer feature, select the appropriate radio button and click Apply. 5.
PAGE 52
FS728TP Smart Switch Software Administration Manual Note: For a timer schedule to operate, the switch clock source must be SNTP. Use the System > Time page to configure the clock source. For more information, see Time Configuration on page 36. To configure timer schedules: 1. Select the name of the schedule created on the Timer Global Configuration page. 2. Specify the time to turn off power. The time range is from 00:00 to 23:59. 3.
PAGE 53
FS728TP Smart Switch Software Administration Manual SNMP From SNMP link under the System tab, you can configure SNMP settings for SNMP V1/V2 and SNMPv3. From the SNMP link, you can access the following pages: • SNMPV1/V2 on page 53 • Trap Flags on page 55 • SNMP v3 User Configuration on page 57 SNMPV1/V2 The pages under the SNMPV1/V2 menu allow you to configure SNMP community information, traps, and trap flags.
PAGE 54
FS728TP Smart Switch Software Administration Manual To configure SNMP communities: 1. To add a new SNMP community, enter community information in the available fields described below, and then click Add. • Management Station IP. Specify the IP address of the management station.Together, the Management Station IP and the Management Station IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device.
PAGE 55
FS728TP Smart Switch Software Administration Manual To configure SNMP trap settings: 1. To add a host that will receive SNMP traps, enter trap configuration information in the available fields described below, and then click Add. • Recipients IP. The address in x.x.x.x format to receive SNMP traps from this device. • Version. The trap version to be used by the receiver from the menu. • SNMP v1: Uses SNMP v1 to send traps to the receiver. • SNMP v2: Uses SNMP v2 to send traps to the receiver.
PAGE 56
FS728TP Smart Switch Software Administration Manual To access the Trap Flags page, click System  SNMP  SNMP V1/V2  Trap Flags. To configure the trap flags: 1. From the Authentication field, enable or disable activation of authentication failure traps by selecting the corresponding button. The factory default is Enable. 2. From the Link Up/Down field, enable or disable activation of link status traps by selecting the corresponding button. The factory default is Enable. 3.
PAGE 57
FS728TP Smart Switch Software Administration Manual SNMP v3 User Configuration This is the configuration for SNMP v3. To access this page, click System  SNMP  SNMP V3  User Configuration. The SNMPv3 Access Mode is a read-only field that shows the access privileges for the user account. The admin account always has Read/Write access, and all other accounts have Read Only access. To configure SNMPv3 settings for the user account: 1.
PAGE 58
FS728TP Smart Switch Software Administration Manual LLDP The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN.
PAGE 59
FS728TP Smart Switch Software Administration Manual To configure global LLDP settings: 1. Configure the following LLDP properties. • TLV Advertised Interval. Specify the interval at which frames are transmitted. The default is 30 seconds, and the valid range is 1–32768 seconds. • Hold Multiplier. Specify the number to use as the multiplier on the transmit interval to assign to Time-to-Live (TTL). The default is 4, and the range is 2–10. • Reinitializing Delay.
PAGE 60
FS728TP Smart Switch Software Administration Manual To configure LLDP port settings: 1. Change the LLDP port settings described below: • Interface. Specifies the port to be affected by these parameters. • • Admin Status. Select the status for transmitting and receiving LLDP packets: • Tx Only: Enable only transmitting LLDP Protocol Data Units (PDUs) on the selected ports. • Rx Only: Enable only receiving LLDP PDUs on the selected ports.
PAGE 61
FS728TP Smart Switch Software Administration Manual LLDP-MED Network Policy This page displays information about the LLPD-MED network policy TLV transmitted in the LLDP frames on the selected local interface. To display this page, click System  LLDP  Advanced  LLDP-MED Network Policy. From the Interface menu, select the interface with the information to view. The following table describes the LLDP-MED network policy information that displays on the screen.
PAGE 62
FS728TP Smart Switch Software Administration Manual Field Description User Priority Specifies the priority associated with the policy. DSCP Specifies the DSCP associated with a particular policy type. Click Refresh to refresh the page with the most current data from the switch. LLDP-MED Port Settings Use this page to enable LLDP-MED mode on an interface and configure its properties. To display this page, click System  LLDP  Advanced  LLDP-MED Port Settings.
PAGE 63
FS728TP Smart Switch Software Administration Manual 5. Click Apply to send the updated configuration to the switch. These changes occur immediately and the configuration will be saved. 6. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. Local Information Use the LLDP Local Information page to view the data that each port advertises through LLDP.
PAGE 64
FS728TP Smart Switch Software Administration Manual A popup window displays information for the selected port. The following table describes the detailed local information that displays for the selected port. Field Description Managed Address Address SubType Displays the type of address the management interface uses, such as an IPv4 address. Address Displays the address used to manage the device. Interface SubType Displays the port subtype.
PAGE 65
FS728TP Smart Switch Software Administration Manual Field Description MED Details Capabilities Supported Displays the MED capabilities enabled on the port. Current Capabilities Displays the TLVs advertised by the port. Device Class Network Connectivity indicates the device is a network connectivity device. Network Policies Application Type Specifies the media application type associated with the policy. VLAN ID Specifies the VLAN ID associated with the policy.
PAGE 66
FS728TP Smart Switch Software Administration Manual The following table describes the information that displays for all LLDP neighbors that have been discovered. Field Description MSAP Entry Displays the Media Service Access Point (MSAP) entry number for the remote device. Local Port Displays the interface on the local system that received LLDP information from a remote system. Chassis ID Subtype Identifies the type of data displayed in the Chassis ID field on the remote system.
PAGE 67
FS728TP Smart Switch Software Administration Manual Field Description Port Details Local Port Displays the interface on the local system that received LLDP information from a remote system. MSAP Entry Displays the Media Service Access Point (MSAP) entry number for the remote device. Basic Details Chassis ID Subtype Identifies the type of data displayed in the Chassis ID field on the remote system. Chassis ID Identifies the remote 802 LAN device's chassis.
PAGE 68
FS728TP Smart Switch Software Administration Manual Field Description MED Details Capabilities Supported Specifies the supported capabilities that were received in MED TLV from the device. Current Capabilities Specifies the advertised capabilities that were received in MED TLV from the device. Device Class Displays the LLDP-MED endpoint device class. The possible device classes are: • Endpoint Class 1 Indicates a generic endpoint class, offering basic LLDP services.
PAGE 69
FS728TP Smart Switch Software Administration Manual Field Description Network Policies Application Type Specifies the media application type associated with the policy advertised by the remote device. VLAN ID Specifies the VLAN ID associated with the policy. VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged. User Priority Specifies the priority associated with the policy. DSCP Specifies the DSCP associated with a particular policy type.
PAGE 70
FS728TP Smart Switch Software Administration Manual Services — DHCP Filtering DHCP Filtering is a useful feature that can be employed as a security measure against unauthorized DHCP servers. A known attack is when an unauthorized DHCP server responds to a client that is requesting an IP address. The server configures the gateway for the client to be equal to the IP address of the server. At that point, the client sends all of its IP traffic destined to other networks to the unauthorized machine.
PAGE 71
FS728TP Smart Switch Software Administration Manual Interface Configuration Use the DHCP Filtering Interface Configuration page to view and configure each port as a trusted or untrusted port. Any DHCP responses received on a trusted port are forwarded. If a port is configured as untrusted, any DHCP (or BootP) responses received on that port are discarded. To access the DHCP Filtering Interface Configuration page, click System Services  DHCP Filtering  Interface Configuration.
PAGE 72
FS728TP Smart Switch Software Administration Manual 72 | Chapter 2: Configuring System Information
PAGE 73
3. Configuring Switching Information 3 Use the features in the Switching tab to define Layer 2 features.
PAGE 74
FS728TP Smart Switch Software Administration Manual Ports The pages on the Ports tab allow you to view and monitor the physical port information for the ports available on the switch. From the Ports link, you can access the following pages: • Port Configuration on page 74 • Flow Control on page 75 Port Configuration Use the Port Configuration page to configure the physical interfaces on the switch. To access the Port Configuration page, click Switching  Ports  Port Configuration.
PAGE 75
FS728TP Smart Switch Software Administration Manual • Enable: The port can participate in the network (default). • Disable: The port is administratively down and does not participate in the network. • Port Speed. Use the menu to select the port’s speed and duplex mode. If you select Auto, the duplex mode and speed will be set by the auto-negotiation process. The port’s maximum capability (full duplex and 1000 Mbps) will be advertised.
PAGE 76
FS728TP Smart Switch Software Administration Manual To configure global flow control settings: 1. From the Global Flow Control (IEEE 802.3x) Mode field, enable or disable IEEE 802.3x flow control on the system. The factory default is Disable. • Enable. The switch sends pause packets if the port buffers become full. • Disable. The switch does not send pause packets if the port buffers become full. 2.
PAGE 77
FS728TP Smart Switch Software Administration Manual Link Aggregation Groups Link aggregation groups (LAGs), which are also known as port-channels, allow you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing. You assign the LAG VLAN membership after you create a LAG. The LAG by default becomes a member of the management VLAN.
PAGE 78
FS728TP Smart Switch Software Administration Manual To configure LAG settings: 1. Select the check box next to the LAG to configure. You can select multiple LAGs to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 2. Configure or view the following settings: • LAG Name. Specify the name you want assigned to the LAG. You may enter any string of up to 15 alphanumeric characters.
PAGE 79
FS728TP Smart Switch Software Administration Manual To configure LAG members: 1. From the LAG ID field, select the LAG to which to assign ports. 2. Optionally, in the LAG Name field, enter the name you want assigned to the LAG. You may enter any string of up to 15 alphanumeric characters. 3. Specify whether to enable or disable the following: 4. Click the orange bar to display the ports. 5. Click the box below each port to include in the LAG.
PAGE 80
FS728TP Smart Switch Software Administration Manual LACP Configuration To display the LACP Configuration page, click Switching LAG  Advanced  LACP Configuration. To configure LACP: 1. From the LACP System Priority field, specify the device’s link aggregation priority relative to the devices at the other ends of the links on which link aggregation is enabled. A higher value indicates a lower priority. You can change the value of the parameter globally by specifying a priority from 0–65535.
PAGE 81
FS728TP Smart Switch Software Administration Manual LACP Port Configuration To display the LACP Port Configuration page, click Switching LAG  Advanced  LACP Port Configuration. To configure LACP port priority settings: 1. Select the check box next to the port to configure. You can select multiple ports to apply the same setting to all selected ports. Note: You cannot select ports that are not participating in a LAG 2. Configure the LACP Priority value for the selected port. The field range is 0–255.
PAGE 82
FS728TP Smart Switch Software Administration Manual VLANs Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security and management of multicast traffic. By default, all ports on the switch are in the same broadcast domain.
PAGE 83
FS728TP Smart Switch Software Administration Manual To configure VLANs: 1. To add a VLAN, configure the VLAN ID, name, and type, and then click Add. • VLAN ID. Specify the VLAN Identifier for the new VLAN. (You can enter data in this field only when you are creating a new VLAN.) The range of the VLAN ID is 1–4093. • VLAN Name. Use this optional field to specify a name for the VLAN. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. VLAN ID 1 is always named Default.
PAGE 84
FS728TP Smart Switch Software Administration Manual To configure VLAN membership: 1. From the VLAN ID field, select the VLAN to which you want to add ports. 2. Click the orange bar below the VLAN Type field to display the physical ports on the switch. 3. Click the lower orange bar to display the LAGs on the switch. 4. To select the port(s) or LAG(s) to add to the VLAN, click the square below each port or LAG. You can add each interface as a tagged (T) or untagged (U) VLAN member.
PAGE 85
FS728TP Smart Switch Software Administration Manual • If you want to change the port’s default PVID, you must first create a VLAN that includes the port as a member. • Use the Port VLAN ID (PVID) Configuration page to configure a virtual LAN on a port. To access the Port PVID Configuration page, click Switching VLAN  Advanced  Port PVID Configuration. To configure PVID information: 1. To configure PVID settings for a physical port, click PORTS. 2.
PAGE 86
FS728TP Smart Switch Software Administration Manual 8. Specify the default 802.1p priority assigned to untagged packets arriving at the port. Possible values are 0–7. 9. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 10. If you make any changes to this page, click Apply to send the updated configuration to the switch. Configuration changes take place immediately.
PAGE 87
FS728TP Smart Switch Software Administration Manual Voice VLAN Configure the Voice VLAN settings for ports that carry traffic from IP phones. The Voice VLAN feature can help ensure that the sound quality of an IP phone is safeguarded from deteriorating when the data traffic on the port is high.
PAGE 88
FS728TP Smart Switch Software Administration Manual 6. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 7. If you make any changes to this page, click Apply to send the updated configuration to the switch. Voice VLAN Port Setting To display the Voice VLAN Port Setting page, click Switching Voice VLAN  Advanced  Port Setting. To configure Voice VLAN port settings: 1. Select the check box next to the port to configure.
PAGE 89
FS728TP Smart Switch Software Administration Manual Voice VLAN OUI The Organizational Unique Identifier (OUI) identifies the IP phone manufacturer.
PAGE 90
FS728TP Smart Switch Software Administration Manual To configure OUI settings: 1. To add a new OUI prefix, type the VOIP OUI prefix in the Telephony OUI(s) field, provide a description of the prefix, and click Add. The OUI prefix must be in the format AA:BB:CC. 2. To delete an OUI prefix from the list, select the check box next to the OUI prefix and click Delete. 3.
PAGE 91
FS728TP Smart Switch Software Administration Manual Spanning Tree Protocol The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Spanning tree versions supported include Common STP, Multiple STP, and Rapid STP. Classic STP provides a single path between end stations, avoiding and eliminating loops. For information on configuring Common STP, see CST Port Configuration on page 95.
PAGE 92
FS728TP Smart Switch Software Administration Manual To configure STP settings on the switch: 1. From the Spanning Tree State field, specify whether to enable or disable Spanning Tree operation on the switch. 2. From the STP Operation Mode field, Specifies the Force Protocol Version parameter for the switch. Options are: • STP (Spanning Tree Protocol): IEEE 802.1D • RSTP (Rapid Spanning Tree Protocol): IEEE 802.1w • MSTP (Multiple Spanning Tree Protocol): IEEE 802.1s 3.
PAGE 93
FS728TP Smart Switch Software Administration Manual The following table describes the STP Status information displayed on the screen. Field Description Bridge Identifier The bridge identifier for the CST. It is made up using the bridge priority and the base MAC address of the bridge. Time Since Topology Change The time in seconds since the topology of the CST last changed. Topology Change Count The number of times the topology has changed for the CST.
PAGE 94
FS728TP Smart Switch Software Administration Manual To configure CST settings: 1. Specify values for CST in the appropriate fields: • Bridge Priority. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge. Specifies the bridge priority value for the Common and Internal Spanning Tree (CST). The valid range is 0–61440. The bridge priority is a multiple of 4096.
PAGE 95
FS728TP Smart Switch Software Administration Manual 2. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 3. If you make any configuration changes, click Apply to send the updated configuration to the switch. Configuration changes take place immediately. The following table describes the MSTP status information displayed on the Spanning Tree CST Configuration page.
PAGE 96
FS728TP Smart Switch Software Administration Manual 3. To configure CST settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 5. Configure the CST values for the selected port(s) or LAG(s): • STP Status.
PAGE 97
FS728TP Smart Switch Software Administration Manual The following table describes the CST Status information displayed on the screen. Field Description Interface Select a physical or port channel interface to configure. The port is associated with the VLAN(s) associated with the CST. Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree.
PAGE 98
FS728TP Smart Switch Software Administration Manual Rapid STP Use the Rapid STP page to view information about Rapid Spanning Tree (RSTP) port status. To display the Rapid STP page, click Switching > STP > Advanced  RSTP. The following table describes the Rapid STP Status information displayed on the screen. Field Description Interface The physical or port channel interfaces associated with VLANs associated with the CST.
PAGE 99
FS728TP Smart Switch Software Administration Manual To configure an MST instance: 1. To add an MST instance, configure the MST values and click Add: • MST ID. Specify the ID of the MST to create. Valid values for this are between 1 and 4094. • Priority. Specifies the bridge priority value for the MST. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge. The bridge priority is a multiple of 4096.
PAGE 100
FS728TP Smart Switch Software Administration Manual For each configured instance, the information described in the following table displays on the page. Field Description Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority and the base MAC address of the bridge. Time Since Topology Change Displays the total amount of time since the topology of the selected MST instance last changed.
PAGE 101
FS728TP Smart Switch Software Administration Manual To configure MST port settings: 1. To configure MST settings for a physical port, click PORTS. 2. To configure MST settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure MST settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces.
PAGE 102
FS728TP Smart Switch Software Administration Manual Field Description Port Forwarding State Indicates the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are: • Disabled: STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. • Blocking: The port is currently blocked and cannot be used to forward traffic or learn MAC addresses.
PAGE 103
FS728TP Smart Switch Software Administration Manual The following table describes the information available on the STP Statistics page. Field Description Interface Select a physical or port channel interface to view its statistics. STP BPDUs Received Number of STP BPDUs received at the selected port. STP BPDUs Transmitted Number of STP BPDUs transmitted from the selected port. RSTP BPDUs Received Number of RSTP BPDUs received at the selected port.
PAGE 104
FS728TP Smart Switch Software Administration Manual Multicast Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255.
PAGE 105
FS728TP Smart Switch Software Administration Manual To configure IGMP Snooping: 1. Enable or disable IGMP Snooping on the switch. • Enable. The switch snoops all IGMP packets it receives to determine which segments should receive packets directed to the group address. • Disable. The switch does not snoop IGMP packets. 2. Choose whether to validate the IGMP IP header. • Enable. The switch checks the IP header of all IGMP messages for the Router Alert option, ToS, and TTL.
PAGE 106
FS728TP Smart Switch Software Administration Manual The following table displays information about the global IGMP snooping status and statistics on the page. Field Description Multicast Control Frame Count Displays the number of multicast control frames that have been processed by the CPU. Interfaces Enabled for IGMP Snooping Lists the interfaces currently enabled for IGMP Snooping. To enable interfaces for IGMP snooping, see IGMP Snooping Interface Configuration on page 106.
PAGE 107
FS728TP Smart Switch Software Administration Manual 3. To configure IGMP Snooping settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 5. Configure the IGMP Snooping values for the selected port(s) or LAG(s): • Admin Mode.
PAGE 108
FS728TP Smart Switch Software Administration Manual The following table describes the fields in the IGMP Snooping Table. Field Description MAC Address A multicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 two-digit hexadecimal numbers that are separated by colons, for example, 01:00:5e:45:67:89. VLAN ID A VLAN ID for which the switch has forwarding and filtering information. Type This displays the type of the entry.
PAGE 109
FS728TP Smart Switch Software Administration Manual When a packet enters the switch, the destination MAC address is combined with the VLAN ID and a search is performed in the Layer 2 Multicast Forwarding Database. If no match is found, then the packet is either flooded to all ports in the VLAN or discarded, depending on the switch configuration. If a match is found, then the packet is forwarded only to the ports that are members of that multicast group.
PAGE 110
FS728TP Smart Switch Software Administration Manual Field Description Interface The list of interfaces that are designated for forwarding (Fwd) and filtering (Flt) for the selected address. Forwarding Interfaces The resultant forwarding list is derived from combining all the forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces. Click Refresh to update the information on the screen with the most current data.
PAGE 111
FS728TP Smart Switch Software Administration Manual IGMP Snooping VLAN Configuration Use the IGMP Snooping VLAN Configuration page to configure IGMP snooping settings for VLANs on the system. To access the IGMP Snooping VLAN Configuration page, click Switching Multicast  IGMP Snooping  IGMP Snooping VLAN Configuration. To configure IGMP snooping settings for VLANs: 1.
PAGE 112
FS728TP Smart Switch Software Administration Manual Enter a value between 0 and 3600 seconds. The default is 0 seconds, which means there is no expiration. • Query Mode. Enable or disable the IGMP Querier Mode for the specified VLAN ID. • Query Interval. Enter the value for IGMP Query Interval for the specified VLAN ID. The valid range is 1–1800 seconds. The default is 60 seconds. 2. Click Add to enable IGMP snooping on the VLAN specified in the VLAN ID field. 3.
PAGE 113
FS728TP Smart Switch Software Administration Manual To configure IGMP Snooping Querier settings: 1. From the Querier Admin Mode field, enable or disable the administrative mode for IGMP Snooping Querier. 2. In the Snooping Querier Address field, specify the IP address to be used as source address in periodic IGMP queries. This address is used when no address is configured on the VLAN on which the query is being sent. 3.
PAGE 114
FS728TP Smart Switch Software Administration Manual To configure Querier VLAN settings: 1. To create a new VLAN ID for IGMP Snooping, select New Entry from the VLAN ID field and complete the following fields: • VLAN ID. Specifies the VLAN ID for which the IGMP Snooping Querier is to be enabled. • • Querier Election Participate Mode. Enable or disable Querier Participate Mode. • Disabled. Upon seeing another querier of the same version in the VLAN, the snooping querier moves to the non-querier state.
PAGE 115
FS728TP Smart Switch Software Administration Manual The following table describes the information available on the Querier VLAN Status page. Field Description VLAN ID Specifies the VLAN ID on which the IGMP Snooping Querier is administratively enabled and for which VLAN exists in the VLAN database. Operational State Specifies the operational state of the IGMP Snooping Querier on a VLAN: • Querier: The snooping switch is the querier in the VLAN.
PAGE 116
FS728TP Smart Switch Software Administration Manual Forwarding Database The forwarding database maintains a list of MAC addresses after having received a packet from this MAC address. The transparent bridging function uses the forwarding database entries to determine how to forward a received frame.
PAGE 117
FS728TP Smart Switch Software Administration Manual • Interface: Select Interface from the menu, enter the interface ID in e1, e2... format, then, click Go. If any entries learned on that interface exist, they are displayed. 2. Click Clear to clear Dynamic MAC Addresses in the table. 3. Click Refresh to redisplay the page to show the latest MAC Addresses. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
PAGE 118
FS728TP Smart Switch Software Administration Manual To configure the Dynamic Address setting: 1. Specify the number of seconds the forwarding database should wait before deleting a learned entry that has not been updated. IEEE 802.1D-1990 recommends a default of 300 seconds. You may enter any number of seconds between 10 and 1000000. The factory default is 300. Note: IEEE 802.1D recommends a default of 300 seconds, which is the factory default. 2.
PAGE 119
FS728TP Smart Switch Software Administration Manual To configure a static MAC address: 1. To add a static MAC address entry a. Select the VLAN ID corresponding to the MAC address to add. b. Specify the MAC address to add. c. Specify the interface associated with the MAC address. d. Click Add. 2. To delete a static MAC address, select the check box next to the entry and click Delete. 3.
PAGE 120
FS728TP Smart Switch Software Administration Manual 120 | Chapter 3: Configuring Switching Information
PAGE 121
4. Configuring Quality of Service 4 Use the features in the QoS tab to configure Quality of Service (QoS) settings on the switch. The QoS tab contains links to the following features: • Class of Service on page 122 • Differentiated Services on page 129 In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
PAGE 122
FS728TP Smart Switch Software Administration Manual Class of Service The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required. The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table.
PAGE 123
FS728TP Smart Switch Software Administration Manual To configure global CoS settings: 1. Select the Global radio button to configure the trust mode settings that apply to all interfaces. Alternatively, you can select the Interface radio button to apply trust mode settings to individual interfaces. The per-interface setting overrides the global settings. 2. Select the trust mode for all interfaces (Global Trust Mode) or the selected interface (Interface Trust Mode).
PAGE 124
FS728TP Smart Switch Software Administration Manual To configure CoS settings for an interface: 1. To configure CoS settings for a physical port, click PORTS. 2. To configure CoS settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure CoS settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces. 5.
PAGE 125
FS728TP Smart Switch Software Administration Manual Interface Queue Configuration Use the Interface Queue Configuration page to define what a particular queue does by configuring switch egress queues. User-configurable parameters control the amount of bandwidth used by the queue, the queue depth during times of congestion, and the scheduling of packet transmission from the set of all queues on a port. Each port has its own CoS queue-related configuration.
PAGE 126
FS728TP Smart Switch Software Administration Manual • • Scheduler Type. Selects the type of queue processing from the drop down menu. Options are Weighted and Strict. Defining on a per-queue basis allows the user to create the desired service characteristics for different types of traffic. • Weighted: Weighted round robin associates a weight to each queue. This is the default. • Strict: Services traffic with the highest priority on a queue first. Queue Management Type.
PAGE 127
FS728TP Smart Switch Software Administration Manual 2. Select the queue to map to the predefined 802.1p priority values. The 802.1p Priority row contains traffic class selectors for each of the eight 802.1p priorities to be mapped. The priority goes from low (0) to high (7). For example, traffic with a priority of 0 is for most data traffic and is sent using “best effort.” Traffic with a higher priority, such as 6, might be time-sensitive traffic, such as voice or video.
PAGE 128
FS728TP Smart Switch Software Administration Manual To map DSCP values to queues: 1. For each DSCP value, select a hardware queue to associate with the value. The traffic class is the hardware queue for a port. Higher traffic class values indicate a higher queue position. Before traffic in a lower queue is sent, it must wait for traffic in higher queues to be sent. Valid range is 0–7. 2.
PAGE 129
FS728TP Smart Switch Software Administration Manual Differentiated Services The QoS feature contains Differentiated Services (DiffServ) support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors. Standard IP-based networks are designed to provide “best effort” data delivery service. “Best effort” service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will.
PAGE 130
FS728TP Smart Switch Software Administration Manual Diffserv Configuration Use the Diffserv Configuration page to display DiffServ General Status Group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. To display the page, click QoS  DiffServ  Advanced  Diffserv Configuration. To configure the global DiffServ mode: 1. Select the administrative mode for DiffServ: • Enable.
PAGE 131
FS728TP Smart Switch Software Administration Manual Field Description Policy Attributes Table Displays the current and maximum number of rows of the policy attributes table. Service Table Displays the current and maximum number of rows of the service table. Class Configuration Use the Class Configuration page to add a new DiffServ class name, or to rename or delete an existing class. The page also allows you to define the criteria to associate with a DiffServ class.
PAGE 132
FS728TP Smart Switch Software Administration Manual To configure the class match criteria: 1. Click the class name for an existing class. The class name is a hyperlink. The following figure shows the configuration fields for the class.
PAGE 133
FS728TP Smart Switch Software Administration Manual 2. Define the criteria to associate with a DiffServ class: • Reference Class. Selects a class to start referencing for criteria. A specified class can reference at most one other class of the same type. • Class of Service. Select the field and enter a class of service 802.1p user priority value to be matched for the packets. The valid range is 0–7. • VLAN. Select the field and enter a VLAN ID to be matched for packets. The VLAN ID range is 1–4093.
PAGE 134
FS728TP Smart Switch Software Administration Manual Policy Configuration Use the Policy Configuration page to associate a collection of classes with one or more policy statements. After creating a Policy, click the policy link to the Policy page. To display the page, click QoS  DiffServ  Advanced  Policy Configuration. To configure a DiffServ policy: 1.
PAGE 135
FS728TP Smart Switch Software Administration Manual To configure the policy attributes: 1. Click the name of the policy.
PAGE 136
FS728TP Smart Switch Software Administration Manual The policy name is a hyperlink. The following figure shows the configuration fields for the policy. 2. Select the queue to which packets will of this policy-class will be assigned . 3. Configure the policy attributes:. • Drop. Select this option to drop packets for this policy-class. • Mark IP DSCP. Use this attribute to mark all packets for the associated traffic stream with IP DSCP value you choose from the menu. • Simple Policy.
PAGE 137
FS728TP Smart Switch Software Administration Manual • Color Conform Mode. The match-criteria of the color Conform class. • Committed Rate. The committed rate is specified in kilobits-per-second (Kbps) and is an integer from 1–4294967295. • Committed Burst Size. The committed burst size is specified in kilobytes (KB) and is an integer from 1–128. • Conform Action. Determines what happens to packets that are considered conforming (below the police rate).
PAGE 138
FS728TP Smart Switch Software Administration Manual To configure DiffServ policy settings on an interface: 1. To configure DiffServ policy settings for a physical port, click PORTS. 2. To configure DiffServ policy settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure DiffServ policy settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces.
PAGE 139
FS728TP Smart Switch Software Administration Manual Field Description Interface Displays the interface for which service statistics are to display. Direction Displays the direction of packets for which service statistics display, which is always In. Policy Name Displays the policy associated with the selected interface. Operational Status Displays the operational status of this service interface, which is either Up or Down.
PAGE 140
FS728TP Smart Switch Software Administration Manual 140 | Chapter 4: Configuring Quality of Service
PAGE 141
5. Managing Device Security 5 Use the features available from the Security tab to configure management security settings for port, user, and server security.
PAGE 142
FS728TP Smart Switch Software Administration Manual Management Security Settings From the Management Security Settings page, you can configure the login password, Remote Authorization Dial-In User Service (RADIUS) settings, Terminal Access Controller Access Control System (TACACS+) settings, and authentication lists. To display the page, click the Security  Management Security tab.
PAGE 143
FS728TP Smart Switch Software Administration Manual 6. If you make changes to the page, click Apply to apply the changes to the system. Note: In the case of a lost password, press the Factory Default Reset button on the front panel for more than one second to restore the factory default. The reset button will only reboot the device. RADIUS Configuration RADIUS servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information.
PAGE 144
FS728TP Smart Switch Software Administration Manual The Current Server IP Address field is blank if no servers are configured (see RADIUS Server Configuration on page 144). The switch supports up to three configured RADIUS servers. If more than one RADIUS servers are configured, the current server is the server configured as the primary server. If no servers are configured as the primary server, the current server is the most recently added RADIUS server. To configure global RADIUS server settings: 1.
PAGE 145
FS728TP Smart Switch Software Administration Manual To configure a RADIUS server: 1. To add a RADIUS server, specify the settings the following list describes, and click Add. • In the Server Address field, specify the IP address of the RADIUS server to add. • In the Authentication Port field, specify the UDP port number the server uses to verify the RADIUS server authentication. The valid range is 0–65535. • From the Secret Configured menu, select Yes to add a RADIUS secret in the next field.
PAGE 146
FS728TP Smart Switch Software Administration Manual The following table describes the RADIUS server statistics available on the page. Field Description Server Address This displays all configured RADIUS servers. Round Trip Time The time interval, in hundredths of a second, between the most recent Access-Reply/Access-Challenge and the Access-Request that matched it from this RADIUS authentication server. Access Requests The number of RADIUS Access-Request packets sent to this server.
PAGE 147
FS728TP Smart Switch Software Administration Manual To access the RADIUS Accounting Server Configuration page, click Security  Management Security  RADIUS  Accounting Server Configuration. To configure the RADIUS accounting server: 1. In the Accounting Server Address field, specify the IP address of the RADIUS accounting server to add. 2. In the Port field, specify the UDP port number the server uses to verify the RADIUS accounting server authentication. The valid range is 0–65535. 3.
PAGE 148
FS728TP Smart Switch Software Administration Manual The following table describes RADIUS accounting server statistics available on the page. Field Description Accounting Server Address Displays the IP address of the supported RADIUS accounting server. Round Trip Time (secs) Displays the time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server.
PAGE 149
FS728TP Smart Switch Software Administration Manual The TACACS+ protocol ensures network security through encrypted protocol exchanges between the device and TACACS+ server. The TACACS+ folder contains links to the following features: • Configuring TACACS+ on page 148 • TACACS+ Server Configuration on page 149 TACACS+ Configuration The TACACS+ Configuration page contains the TACACS+ settings for communication between the switch and the TACACS+ server you configure via the inband management port.
PAGE 150
FS728TP Smart Switch Software Administration Manual To display the TACACS+ Server Configuration page, click Security  Management Security, and then click the TACACS+  Server Configuration link. To configure TACACS+ server settings: 1. To add a new TACACS+ server, select Add from the TACACS+ Server field, enter the IP address of the server to add, and click Apply.
PAGE 151
FS728TP Smart Switch Software Administration Manual 5. In the Connection Timeout field, specify the amount of time that passes before the connection between the device and the TACACS+ server times out. The field range is from 1 to 30 seconds. 6. If you make changes to the page, or add a new entry, click Apply to apply the changes to the system. 7. To delete a configured TACACS+ server, select the IP address of the server from the TACACS+ Server drop down menu, and then click Delete.
PAGE 152
FS728TP Smart Switch Software Administration Manual • Local: The user's locally stored ID and password will be used for authentication. Since the local method does not time out, if you select this option as the first method, no other method will be tried, even if you have specified more than one method. • RADIUS: The user's ID and password will be authenticated using the RADIUS server.
PAGE 153
FS728TP Smart Switch Software Administration Manual Configuring Management Access From the Access page, you can configure HTTP and Secure HTTP access to the FS728TP management interface. You can also configure Access Control Profiles and Access Rules.
PAGE 154
FS728TP Smart Switch Software Administration Manual 3. In the HTTP Session Hard Timeout field, specify the hard timeout for HTTP sessions. This timeout is unaffected by the activity level of the session. The value must be in the range of (0–168) hours. A value of zero corresponds to an infinite timeout. The default value is 24 hours. The currently configured value is shown when the Web page is displayed. 4.
PAGE 155
FS728TP Smart Switch Software Administration Manual The currently configured value is shown when the Web page is displayed. The default value is Disable. You can only download SSL certificates when the HTTPS Admin mode is disabled. 2. Use the radio buttons in the SSL Version 3 field to enable or disable Secure Sockets Layer Version 3.0. The currently configured value is shown when the Web page is displayed. The default value is Enable. 3.
PAGE 156
FS728TP Smart Switch Software Administration Manual To configure the certificate download settings for HTTPS sessions: 1. From the File Type menu, select the type of SSL certificate to download, which can be one of the following: • SSL Trusted Root Certificate PEM File. SSL Trusted Root Certificate File (PEM Encoded). • SSL Server Certificate PEM File. SSL Server Certificate File (PEM Encoded). • SSL DH Weak Encryption Parameter PEM File. SSL Diffie-Hellman Weak Encryption Parameter File (PEM Encoded).
PAGE 157
FS728TP Smart Switch Software Administration Manual Access Profile Configuration Use the Access Profile Configuration page to configure settings that control management access to the switch. Access profile configuration requires three steps: 1. Use the Access Profile Configuration page to create an access profile. To add rules to the profile, the access profile must be deactivated, which is the default setting. 2. Use the Access Rule Configuration page to add one or more access rules to the profile. 3.
PAGE 158
FS728TP Smart Switch Software Administration Manual The Profile Summary table shows the rules that are configured for the profile, as the following table describes. Field Description Rule Type Identifies the action the rule takes, which is either Permit or Deny. Service Type Displays the type of service to allow or prohibit from accessing the switch management interface: • SNMP • HTTP • HTTPS Source IP Address Displays the IP Address of the client that may or may not originate management traffic.
PAGE 159
FS728TP Smart Switch Software Administration Manual Before you create access rules, make sure: • An access profile exists. • The access profile is deactivated. To configure access profile rules: 1. To add an access profile rule, configure the following settings and click Add. • Rule Type: Specify whether the rule permits or denies access to the FS728TP management interface. • • Select Permit to allow access to the management interface for traffic that meets the criteria you configure for the rule.
PAGE 160
FS728TP Smart Switch Software Administration Manual Port Authentication In port-based authentication mode, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the default authentication mode. The 802.
PAGE 161
FS728TP Smart Switch Software Administration Manual To configure global 802.1X settings: 1. Select the appropriate radio button in the Port Based Authentication State field to enable or disable 802.1X administrative mode on the switch. • Enable. Port-based authentication is permitted on the switch. Note: If 802.1X is enabled, authentication is performed by a RADIUS server. This means the primary authentication method must be RADIUS.
PAGE 162
FS728TP Smart Switch Software Administration Manual To configure 802.1X settings for the port: 1. Select the check box next to the port to configure. You can also select multiple check boxes to apply the same settings to the selected ports, or select the check box in the heading row to apply the same settings to all ports. 2. For the selected port(s), specify the following settings: • Port Control. Defines the port authorization state. The control mode is only set if the link status of the port is link up.
PAGE 163
FS728TP Smart Switch Software Administration Manual • Authorized: Places the interface into an authorized state without being authenticated. The interface sends and receives normal traffic without client port-based authentication. • Unauthorized: Denies the selected interface system access by moving the interface into unauthorized state. The switch cannot provide authentication services to the client through the interface. • Guest VLAN ID.
PAGE 164
FS728TP Smart Switch Software Administration Manual exerts control over communication in both directions (disabling both incoming and outgoing frames). This field is not configurable. • Protocol Version. This field displays the protocol version associated with the selected port. The only possible value is 1, corresponding to the first version of the 802.1X specification. This field is not configurable. • PAE Capabilities.
PAGE 165
FS728TP Smart Switch Software Administration Manual Port Summary Use the Port Summary page to view information about the port access control settings on a specific port. To access the Port Summary page, click Security  Port Authentication  Advanced  Port Summary. The following table describes the fields on the Port Summary page. Field Description Port The port whose settings are displayed in the current table row. Control Mode Defines the port authorization state.
PAGE 166
FS728TP Smart Switch Software Administration Manual Field Description Reauthentication Enabled Displays if reauthentication is enabled on the selected port. This is a configurable field. The possible values are true and false. If the value is true, reauthentication will occur. Otherwise, reauthentication will not be allowed. Port Status This field displays the authorization status of the specified port. The possible values are Authorized, Unauthorized, and N/A.
PAGE 167
FS728TP Smart Switch Software Administration Manual To configure MAC filter settings: 1. To configure a new MAC filter: a. Select Create Filter from the MAC Filter menu. If no filters have been configured, this is the only option available. b. From the VLAN ID menu, select the VLAN to use with the MAC address to fully identify packets you want filtered. You can change this field only when the Create Filter option is selected from the MAC Filter menu. c.
PAGE 168
FS728TP Smart Switch Software Administration Manual MAC Filter Summary Use the MAC Filter Summary page to view the MAC filters that are configured on the system. To display the MAC Filter Summary page, click Security  Traffic Control, and then click the MAC Filter  MAC Filter Summary link. The following table describes the information displayed on the page: Field Description MAC Address Identifies the MAC address that is filtered.
PAGE 169
FS728TP Smart Switch Software Administration Manual To configure storm control settings: 1. Select the check box next to the port to configure. Select multiple check boxes to apply the same setting to all selected ports. Select the check box in the heading row to apply the same settings to all ports. 2. From the Ingress Control Mode menu, select the mode of broadcast affected by storm control. • Disable. Do not use storm control. • Unknown Unicast.
PAGE 170
FS728TP Smart Switch Software Administration Manual Port Security Configuration Use the Port Security feature to lock one or more ports on the system. When a port is locked, only packets with an allowable source MAC addresses can be forwarded. All other packets are discarded. To display the Port Security Configuration page, click Security  Traffic Control, and then click the Port Security  Port Security Configuration link. To configure the global port security mode: 1.
PAGE 171
FS728TP Smart Switch Software Administration Manual Port Security Interface Configuration A MAC address can be defined as allowable by one of two methods: dynamically or statically. Both methods are used concurrently when a port is locked. Dynamic locking implements a first arrival mechanism for Port Security. You specify how many addresses can be learned on the locked port. If the limit has not been reached, then a packet with an unknown source MAC address is learned and forwarded normally.
PAGE 172
FS728TP Smart Switch Software Administration Manual • Max Allowed Dynamically Learned MAC. Sets the maximum number of dynamically learned MAC addresses on the selected interface. Valid range is 0–600. • Max Allowed Statically Locked MAC. Sets the maximum number of statically locked MAC addresses on the selected interface. Valid range is 0–20. • Enable Violation Traps.
PAGE 173
FS728TP Smart Switch Software Administration Manual Field Description VLAN ID Displays the VLAN ID corresponding to the Last Violation MAC address. MAC Address Displays the MAC addresses learned on a specific port. Click Refresh to refresh the page with the most current data from the switch. Protected Ports Membership If a port is configured as protected, it does not forward traffic to any other protected port on the switch, but it will forward traffic to unprotected ports.
PAGE 174
FS728TP Smart Switch Software Administration Manual Configuring Access Control Lists Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network. FS728TP Smart Switch software supports IPv4 and MAC ACLs.
PAGE 175
FS728TP Smart Switch Software Administration Manual 4. Optionally, use the MAC Binding Table page to view the configurations. To display the MAC ACL page, click Security  ACL. The MAC ACL page is under the Basic link. The MAC ACL table displays the number of ACLs currently configured in the switch and the maximum number of ACLs that can be configured. The current size is equal to the number of configured IPv4 ACLs plus the number of configured MAC ACLs. To configure a MAC ACL: 1.
PAGE 176
FS728TP Smart Switch Software Administration Manual To configure MAC ACL rules: 1. From the ACL Name field, specify the existing MAC ACL to which the rule will apply. To set up a new MAC ACL use the MAC ACL page. 2. To add a new rule, enter an ID for the rule, configure the following settings, and click Add. • Action. Specify what action should be taken if a packet matches the rule's criteria: • Permit: Forwards packets that meet the ACL criteria. • Deny: Drops packets that meet the ACL criteria.
PAGE 177
FS728TP Smart Switch Software Administration Manual • EtherType User Value. This field is configurable if you select User Value from the EtherType drop down menu. The value you enter specifies a customized Ethertype to compare against an Ethernet frame. The valid range of values is 0x0600–0xFFFF. • Source MAC. Requires a packet’s source port MAC address to match the address listed here. Enter a MAC address in the this field. The valid format is xx:xx:xx:xx:xx:xx. • Source MAC Mask.
PAGE 178
FS728TP Smart Switch Software Administration Manual The packet filtering direction for ACL is Inbound, which means the MAC ACL rules are applied to traffic entering the port. 2. Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction. A low number indicates high precedence order.
PAGE 179
FS728TP Smart Switch Software Administration Manual The following table describes the information displayed in the MAC Binding Table. Field Description Interface Displays the interface to which the MAC ACL is bound. Direction Specifies the packet filtering direction for ACL. The only valid direction is Inbound, which means the MAC ACL rules are applied to traffic entering the port. ACL Type Displays the type of ACL assigned to selected interface and direction.
PAGE 180
FS728TP Smart Switch Software Administration Manual The IP ACL area shows the current size of the ACL table versus the maximum size of the ACL table. The current size is equal to the number of configured IPv4 plus the number of configured MAC ACLs. The maximum size is 100. To configure an IP ACL: 1. In the IP ACL ID field, specify the ACL ID. The ID is an integer in the following range: • 1–99: Creates an IP Standard ACL, which allows you to permit or deny traffic from a source IP address.
PAGE 181
FS728TP Smart Switch Software Administration Manual IP Rules Use the IP Rules page to define rules for IP-based standard ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: There is an implicit “deny all” rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit “deny all” rule applies and the packet is dropped.
PAGE 182
FS728TP Smart Switch Software Administration Manual • Source IP Address. Requires a packet’s source IP address to match the address listed here. Type an IP Address in the appropriate field using dotted-decimal notation. The address you enter is compared to a packet's source IP Address. • Source IP Mask. Specifies the source IP address wildcard mask. Wild card masks determines which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important.
PAGE 183
FS728TP Smart Switch Software Administration Manual To configure rules for an IP ACL: 1. To add an IP ACL rule, select the ACL ID to add the rule to, select the check box in the Extended ACL Rule table, and click Add. The page displays the extended ACL Rule Configuration fields. 2. Configure the new rule. • Rule ID. Specify a number from 1–10 to identify the IP ACL rule. You can create up to 10 rules for each ACL. • Action.
PAGE 184
FS728TP Smart Switch Software Administration Manual • Permit. Forwards packets which meet the ACL criteria. • Deny. Drops packets which meet the ACL criteria. • Egress Queue. Specifies the hardware egress queue identifier used to handle all packets matching this ACL rule. Enter an identifying number from 0–7 in the appropriate field. • Match Every. Requires a packet to match the criteria of this ACL. Select True or False from the drop down menu.
PAGE 185
FS728TP Smart Switch Software Administration Manual • • Destination L4 Port Number: If the destination L4 keyword is Other, enter a user-defined Port ID by which packets are matched to the rule. Service Type. Choose one of the Service Type match conditions for the extended IP ACL rule. The possible values are IP DSCP and IP TOS, which are alternative ways of specifying a match criterion for the same Service Type field in the IP header; however, each uses a different user notation.
PAGE 186
FS728TP Smart Switch Software Administration Manual To configure IP ACL interface bindings: 1. Select an existing IP ACL from the ACL ID menu. The packet filtering direction for ACL is Inbound, which means the IP ACL rules are applied to traffic entering the port. 2. Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction. A low number indicates high precedence order.
PAGE 187
FS728TP Smart Switch Software Administration Manual IP Binding Table Use the IP Binding Table page to view or delete the IP ACL bindings. To display the IP Binding Table, click Security  ACL, then click the Advanced  Binding Table link The following table describes the information displayed in the MAC Binding Table. Field Description Interface Displays the interface to which the IP ACL is bound. Direction Specifies the packet filtering direction for ACL.
PAGE 188
FS728TP Smart Switch Software Administration Manual 188 | Chapter 5: Managing Device Security
PAGE 189
6. Monitoring the System 6 Use the features available from the Monitoring tab to view a variety of information about the switch and its ports and to configure how the switch monitors events.
PAGE 190
FS728TP Smart Switch Software Administration Manual Ports The pages available from the Ports link contain a variety of information about the number and type of traffic transmitted from and received on the switch.
PAGE 191
FS728TP Smart Switch Software Administration Manual The following table describes the Switch Statistics displayed on the screen. Field Description ifIndex This object indicates the ifIndex of the interface table entry associated with the processor of this switch. Octets Received The total number of octets of data received by the processor (excluding framing bits, but including FCS octets).
PAGE 192
FS728TP Smart Switch Software Administration Manual Field Description Most VLAN Entries Ever Used The largest number of VLANs that have been active on this switch since the last reboot. Static VLAN Entries The number of presently active VLAN entries on this switch that have been created statically. Dynamic VLAN Entries The number of presently active VLAN entries on this switch. VLAN Deletes The number of VLANs on this switch that have been created and then deleted since the last reboot.
PAGE 193
FS728TP Smart Switch Software Administration Manual The following table describes the per-port statistics displayed on the screen. Field Description Interface Lists the ports on the system. Total Packets Received Without Errors The total number of packets received that were without errors. Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol.
PAGE 194
FS728TP Smart Switch Software Administration Manual The following table describes the detailed port information displayed on the screen. To view information about a different port, select the port number from the Interface menu. Field Description Interface Use the drop down menu to select the interface for which data is to be displayed or configured. MST ID Displays the created or existing MSTs.
PAGE 195
FS728TP Smart Switch Software Administration Manual Field Description Port Channel ID If the port is a member of a port channel, the port channel's interface ID and name are shown. Otherwise, Disable is shown. Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree. The port role will be one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master Port, or Disabled Port.
PAGE 196
FS728TP Smart Switch Software Administration Manual Field Description Packets RX and TX 128-255 Octets The total number of packets (including bad packets) received or transmitted that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets). Packets RX and TX 256-511 Octets The total number of packets (including bad packets) received or transmitted that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
PAGE 197
FS728TP Smart Switch Software Administration Manual Field Description Unicast Packets Received The number of subnetwork-unicast packets delivered to a higher-layer protocol. Multicast Packets Received The total number of good packets received that were directed to a multicast address. This number does not include packets directed to the broadcast address. Broadcast Packets Received The total number of good packets received that were directed to the broadcast address.
PAGE 198
FS728TP Smart Switch Software Administration Manual Field Description Broadcast Storm Recovery The number of frames discarded that are destined for FF:FF:FF:FF:FF:FF when Broadcast Storm Recovery is enabled. CFI Discards The number of frames discarded that have CFI bit set and the addresses in RIF are in non-canonical format. Upstream Threshold The number of frames discarded due to lack of cell descriptors available for that packet's priority level.
PAGE 199
FS728TP Smart Switch Software Administration Manual Field Description Broadcast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent. Total Transmit Errors The sum of Single, Multiple, and Excessive Collisions.
PAGE 200
FS728TP Smart Switch Software Administration Manual • Click Clear to clear all the counters. This resets all statistics for this port to the default values. • Click Refresh to refresh the data on the screen and display the most current statistics. EAP Statistics Use the EAP Statistics page to display information about EAP packets received on a specific port. To display the EAP Statistics page, click the Monitoring  Ports tab, and then click the EAP Statistics link.
PAGE 201
FS728TP Smart Switch Software Administration Manual Field Description Length Error Frames Received Displays the number of EAPOL frames with an invalid Packet Body Length received on this port. Response/ID Frames Received Displays the number of EAP Respond ID frames that have been received on the port. Response Frames Received Displays the number of valid EAP Response frames received on the port.
PAGE 202
FS728TP Smart Switch Software Administration Manual The following table describes the cable information displayed on the screen. Field Description Interface Specifies the interface that has the connected cable. Cable Status Displays the cable status. • Normal: the cable is working correctly. • Open: the cable is disconnected or there is a faulty connector. • Short: there is an electrical short in the cable. • Cable Test Failed: The cable status could not be determined.
PAGE 203
FS728TP Smart Switch Software Administration Manual System Logs The switch may generate messages in response to events, faults, or errors occurring on the platform as well as changes in configuration or other occurrences. These messages are stored locally and can be forwarded to one or more centralized points of collection for monitoring purposes or long term archival storage.
PAGE 204
FS728TP Smart Switch Software Administration Manual To configure the Memory Log settings: 1. Use the radio buttons in the Admin Status field to determine whether to log messages. • Enable: Enables system logging. • Disable: Prevents the system from logging messages. 2. From the Behavior menu, specify the behavior of the log when it is full. • Wrap: When the buffer is full, the oldest log messages are deleted as the system logs new messages.
PAGE 205
FS728TP Smart Switch Software Administration Manual The following example shows the standard format for a log message: <14> Mar 24 05:34:05 10.131.12.183-1 UNKN[2176789276]: main_login.c(179) 3855 %% HTTP Session 19 initiated for user admin connected from 10.27.64.122 The number contained in the angle brackets represents the message priority, which is derived from the following values: Priority = (facility value × 8) + severity level.
PAGE 206
FS728TP Smart Switch Software Administration Manual To configure the FLASH Log settings: 1. Use the radio buttons in the Admin Status field to determine whether to log messages to persistent storage. • Enable: Enables persistent logging. • Disable: Prevents the system from logging messages in persistent storage. 2. From the Severity Filter field, specify the type of log messages to record. A log records messages equal to or above a configured severity threshold.
PAGE 207
FS728TP Smart Switch Software Administration Manual Use the buttons at the bottom of the page to perform the following actions: • Click Clear to clear the messages out of the buffered log. • Click Refresh to refresh the page with the most current data from the switch. • Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
PAGE 208
FS728TP Smart Switch Software Administration Manual • The Messages Ignored field shows the number of messages that were ignored. To configure a remote log server 1. To add a remote syslog host (log server), specify the settings in the following list and click Add. • Host Address. Specify the IP address or hostname of the host configured for syslog. • Port. Specify the port on the host to which syslog messages are sent. The default port is 514. • Severity Filter.
PAGE 209
FS728TP Smart Switch Software Administration Manual The following table describes the Trap Log information displayed on the screen. Field Description Number of Traps Since The number of traps that have occurred since the switch last reboot. Last Reset Trap Log Capacity The maximum number of traps stored in the log. If the number of traps exceeds the capacity, the entries will overwrite the oldest entries. Number of Traps Since The number of traps that have occurred since the traps were last displayed.
PAGE 210
FS728TP Smart Switch Software Administration Manual Event Logs Use the Event Log page to display the event log, which is used to hold error messages for catastrophic events. After the event is logged and the updated log is saved in flash memory, the switch will be reset. The log can hold at least 2,000 entries and is erased when an attempt is made to add an entry after it is full. The event log is preserved across system resets.
PAGE 211
FS728TP Smart Switch Software Administration Manual Port Mirroring The page under the Mirroring link allows you to view and configure port mirroring on the system. Multiple Port Mirroring Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch. As such, many switch ports are configured as source ports and one switch port is configured as a destination port.
PAGE 212
FS728TP Smart Switch Software Administration Manual 4. Click Apply to apply the settings to the system. If the port is configured as a source port, the Mirroring Port field value is Mirrored. 5. To delete a mirrored port, select the check box next to the mirrored port, and then click Delete. 6. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
PAGE 213
7. Maintenance 7 Use the features available from the Maintenance tab to help you manage the switch.
PAGE 214
FS728TP Smart Switch Software Administration Manual Reset The Reset menu contains links to the following options: • Device Reboot on page 214 • Factory Default on page 214 Device Reboot Use the Device Reboot page to reboot the FS728TP. To access the Device Reboot page, click Maintenance  Reset  Device Reboot. To reboot the switch: 1. Select the check box on the page. 2. Click Apply. The switch resets immediately. The management interface is not available until the switch completes the boot cycle.
PAGE 215
FS728TP Smart Switch Software Administration Manual To reset the switch to the factory default settings: 1. Select the check box on the page. 2. Click Apply. The switch resets immediately.
PAGE 216
FS728TP Smart Switch Software Administration Manual Upload File From Switch The switch supports system file uploads from the switch to a remote system by using either TFTP or HTTP. The Upload menu contains links to the following options: • TFTP File Upload on page 216 • HTTP File Download on page 221 TFTP File Upload Use the TFTP File Upload page to upload configuration (ASCII), log (ASCII), and image (binary) files from the switch to an TFTP server on the network.
PAGE 217
FS728TP Smart Switch Software Administration Manual • IPv4. Indicates the TFTP server address is an IP address in dotted-decimal format. • DNS. Indicates the TFTP server address is a hostname. 4. In the Server Address field, specify the IP address or hostname of the TFTP server. The address you type must be in the format indicated by the TFTP Server Address Type. 5. In the Transfer File Path field, specify the path on the TFTP server where you want to put the file. You may enter up to 32 characters.
PAGE 218
FS728TP Smart Switch Software Administration Manual non-active image. This is a safety feature for faults occurring during the boot upgrade process. • Text Configuration: A text-based configuration file enables you to edit a configured text file (startup-config) offline as needed without having to translate the contents for the switch to understand.
PAGE 219
FS728TP Smart Switch Software Administration Manual Download File To Switch The switch supports system file downloads from a remote system to the switch by using either TFTP or HTTP. The Download menu contains links to the following options: • TFTP File Download on page 219 • HTTP File Download on page 221 TFTP File Download Use the Download File to Switch page to download device software, the image file, the configuration files and SSL files from a TFTP server to the switch.
PAGE 220
FS728TP Smart Switch Software Administration Manual non-active image. This is a safety feature for faults occurring during the boot upgrade process. • Text Configuration: A text-based configuration file enables you to edit a configured text file (startup-config) offline as needed without having to translate the contents for the switch to understand.
PAGE 221
FS728TP Smart Switch Software Administration Manual HTTP File Download Use the HTTP File Download page to download files of various types to the switch using an HTTP session (for example, via your Web browser). To display this page, click Maintenance  Download  HTTP File Download. To download a file to the switch from by using HTTP: 1.
PAGE 222
FS728TP Smart Switch Software Administration Manual 2. If you are downloading an FS728TP image (Code), select the image on the switch to overwrite. This field is only visible when Code is selected as the File Type. Note: It is recommended that you not overwrite the active image. The system will display a warning that you are trying to overwrite the active image. 3. Click Browse to open a file upload window to locate the file you want to download. 4.
PAGE 223
FS728TP Smart Switch Software Administration Manual File Management The system maintains two versions of the FS728TP software in permanent storage. One image is the active image, and the second image is the backup image. The active image is loaded during subsequent switch restarts. This feature reduces switch down time when upgrading or downgrading the FS728TP software.
PAGE 224
FS728TP Smart Switch Software Administration Manual Note: After activating an image, you must perform a system reset of the switch in order to run the new code. 4. To remove the selected image from permanent storage on the switch, select the Delete Image check box. You cannot delete the active image. 5. Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch. 6. Click Apply to apply the settings to the switch.
PAGE 225
FS728TP Smart Switch Software Administration Manual Field Description Current-active Displays the currently active image on this switch. Next-active Displays the image to be used on the next restart of this switch. Image1 Description Displays the description associated with the image1 code file. Image2 Description Displays the description associated with the image2 code file. Click Refresh to display the latest information from the switch.
PAGE 226
FS728TP Smart Switch Software Administration Manual Troubleshooting The Troubleshooting menu contains links to the following options: • Ping on page 226 • Traceroute on page 227 Ping Use the Ping page to tell the switch to send a Ping request to a specified IP address. You can use this feature to check whether the switch can communicate with a particular network host. To access the Ping page, click Maintenance  Troubleshooting  Ping. To configure the settings and ping a host on the network: 1.
PAGE 227
FS728TP Smart Switch Software Administration Manual • If successful, you will see “Reply From IP/Host: icmp_seq = 0. time = xx usec. Tx = x, Rx = x Min/Max/Avg RTT = x/x/x msec.” • If a reply to the ping is not received, you will see “Reply From IP/Host: Destination Unreachable. Tx = x, Rx = 0 Min/Max/Avg RTT = 0/0/0 msec”. Traceroute Use the Traceroute utility to discover the paths that a packet takes to a remote destination. To display this page, click Maintenance  Troubleshooting  Traceroute.
PAGE 228
FS728TP Smart Switch Software Administration Manual • Port. Specify the UDP destination port in probe packets. The valid range is 1–65535. • Size. Specify the size of probe packets. The valid range is 0–65507. 3. Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch. 4. Click Apply to initiate the traceroute. The results display in the TraceRoute area.
PAGE 229
8. Help 8 Use the features available from the Help tab to connect to online resources for assistance. The Help tab contains a link to Online Help. Online Help The Online Help includes the following pages: • Support on page 229 • User Guide on page 230 Support Use the Support page to connect to the Online Support site at netgear.com. To access the Support page, click Help  Support. To connect to the NETGEAR support site for the FS728TP, click Apply.
PAGE 230
FS728TP Smart Switch Software Administration Manual User Guide Use the User Guide page to access the FS728TP Smart Switch Software Administration Manual (the guide you are now reading) that is available on the NETGEAR Website. To access the User Guide page, click Help  User Guide. To access to the User Guide that is available online, click Apply.
PAGE 231
FS728TP Smart Switch Software Administration Manual Chapter 8: Help | 231
PAGE 232
A. Hardware Specifications and Default Values A FS728TP Smart Switch Specifications The FS728TP Smart Switch conforms to the TCP/IP, UDP, HTTP, ICMP, TFTP, DHCP, IEEE 802.1D, IEEE 802.1p, and IEEE 802.1Q standards. Feature Value Interfaces 24 10/100 Ethernet ports Two 10/100/1000M Gigabit Ethernet (RJ-45) ports Two 1000M Gigabit Ethernet combo ports RJ-45 supports auto sensing for 10/100/1000M speed on RJ45 and 1000M on SFP1000M SFP Gigabit Ethernet ports PoE Ports 1–24, IEEE 802.
PAGE 233
FS728TP Smart Switch Software Administration Manual FS728TP Switch Features and Defaults Feature Sets Supported Default Auto negotiation/static speed/duplex All ports Auto negotiation Auto MDI/MDIX N/A Enabled 802.3x flow control/back pressure 1 (per system) Disabled Port mirroring 1 Disabled Port trunking (aggregation) 8 Pre-configured 802.1D spanning tree 1 Disabled 802.1w RSTP 1 Disabled 802.1s spanning tree 3 instances Disabled Static 802.
PAGE 234
FS728TP Smart Switch Software Administration Manual Feature Sets Supported Default 802.1X All ports Disabled MAC ACL 100 (Shared with IP ACL) All MAC addresses allowed IP access list 100 (shared with MACACL) All IP addresses allowed Password control access 1 Idle timeout = 5 mins.
PAGE 235
FS728TP Smart Switch Software Administration Manual Feature Sets Supported Default Smart Control Center N/A Enabled Statistics N/A N/A Feature Sets Supported Default IGMP snooping v1/v2 All ports Disabled Configurations upload/download 1 N/A EAPoL flooding All ports Disabled BPDU flooding All ports Disabled Static multicast groups 8 Disabled Filter multicast control 1 Disabled Appendix A: Hardware Specifications and Default Values | 235
PAGE 236
FS728TP Smart Switch Software Administration Manual 236 | Appendix A: Hardware Specifications and Default Values
PAGE 237
B. Configuration Examples B This chapter contains information about how to configure the following features: • Virtual Local Area Networks (VLANs) on page 238 • Access Control Lists (ACLs) on page 240 • Differentiated Services (DiffServ) on page 243 • 802.
PAGE 238
FS728TP Smart Switch Software Administration Manual Virtual Local Area Networks (VLANs) A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs together, routing the traffic to the appropriate port.
PAGE 239
FS728TP Smart Switch Software Administration Manual • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged. Inversely, a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port.
PAGE 240
FS728TP Smart Switch Software Administration Manual Access Control Lists (ACLs) ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and provide security for the network.
PAGE 241
FS728TP Smart Switch Software Administration Manual • Destination MAC Mask: 00:00:00:00:FF:FF • Source MAC: 02:02:1A:BC:DE:EF • Source MAC Mask: 00:00:00:00:FF:FF • VLAN ID: 2 For more information about MAC ACL rules, see MAC Rules on page 175. 3. From the MAC Binding Configuration screen, assign the Sales_ACL to Ethernet ports 6, 7, and 8, and then click Apply (See MAC Binding Configuration on page 177).
PAGE 242
FS728TP Smart Switch Software Administration Manual Standard IP ACL Example Configuration The following example shows how to create an IP-based ACL that prevents any IP traffic from the Finance department from being allowed on the ports that are associated with other departments. Traffic from the Finance department is identified by each packet’s network IP address. 1. From the IP ACL screen, create a new IP ACL with an IP ACL ID of 1 (See IP ACL on page 179). 2.
PAGE 243
FS728TP Smart Switch Software Administration Manual Differentiated Services (DiffServ) Standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network deliver the data in a timely fashion, although there is no guarantee that it will. During times of congestion, packets may be delayed, sent sporadically, or dropped.
PAGE 244
FS728TP Smart Switch Software Administration Manual From a DiffServ point of view, there are two types of classes: • DiffServ traffic classes • DiffServ service levels/forwarding classes DiffServ Traffic Classes With DiffServ, you define which traffic classes to track on an ingress interface.
PAGE 245
FS728TP Smart Switch Software Administration Manual packets that are either in excess of the conformance specification or are non-conformant. The DiffServ feature supports the following types of traffic policing treatments (actions): • drop: the packet is dropped • send: the packet is forwarded without DiffServ modification Color Mode Awareness: Policing in the DiffServ feature uses either color blind or color aware mode. Color blind mode ignores the coloration (marking) of the incoming packet.
PAGE 246
FS728TP Smart Switch Software Administration Manual 4. Click Apply. 5. From the Policy Configuration screen, create a new policy with the following settings: • Policy Selector: Policy1 • Member Class: Class1 For more information about this screen, see Policy Configuration on page 134. 6. Click Add to add the new policy. 7. Click the Policy1 hyperlink to view the Policy Class Configuration screen for this policy. 8.
PAGE 247
FS728TP Smart Switch Software Administration Manual 802.1X Local Area Networks (LANs) are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure, or permit unauthorized users to attempt to access the LAN through equipment already attached. In such environments, it may be desirable to restrict access to the services offered by the LAN to those users and devices that are permitted to use those services.
PAGE 248
FS728TP Smart Switch Software Administration Manual A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control interaction: 1. Authenticator: A Port that enforces authentication before allowing access to services available via that Port. 2. Supplicant: A Port that attempts to access services offered by the Authenticator. Additionally, there exists a third role: 3.
PAGE 249
FS728TP Smart Switch Software Administration Manual 3. In the Guest VLAN field for ports e1–e8, enter 150 to assign these ports to the guest VLAN. You can configure additional settings to control access to the network through the ports. See Port Security Interface Configuration on page 171 for information about the settings. 4. Click Apply. 5. From the 802.
PAGE 250
FS728TP Smart Switch Software Administration Manual MSTP Spanning Tree Protocol (STP) runs on bridged networks to help eliminate loops. If a bridge loop occurs, the network can become flooded with traffic. IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) supports multiple instances of Spanning Tree to efficiently channel VLAN traffic over different interfaces. Each instance of the Spanning Tree behaves in the manner specified in IEEE 802.
PAGE 251
FS728TP Smart Switch Software Administration Manual An MST Region comprises of one or more MSTP Bridges with the same MST Configuration Identifier, using the same MSTIs, and which have no Bridges attached that cannot receive and transmit MSTP BPDUs. The MST Configuration Identifier has the following components: 1. Configuration Identifier Format Selector 2. Configuration Name 3. Configuration Revision Level 4.
PAGE 252
FS728TP Smart Switch Software Administration Manual Ports e1-e5 Connected to Hosts Ports e1-e5 Connected to Hosts Ports e6-e8 Connected to Switch 2 and 3 Switch 1 Root Bridge Switch 2 Ports e6-e8 Connected to Switch 1 and 2 Switch 3 Ports e1-e5 Connected to Hosts Perform the following procedures on each switch to configure MSTP: 1. Use the VLAN Configuration screen to create VLANs 300 and 500 (see VLAN Configuration on page 82). 2.
PAGE 253
FS728TP Smart Switch Software Administration Manual Since the edge ports are not at risk for network loops, ports with Fast Link enabled transition directly to the Forwarding state. 8. Click Apply. You can use the CST Port Status screen to view spanning tree information about each port. 9. From the MST Configuration screen, create a MST instances with the following settings: • MST ID: 1 • Priority: Use the default (32768) • VLAN ID: 300 For more information, see MST Configuration on page 98. 10.
PAGE 254
C. Notification of Compliance NETGEAR Wired Products C Certificate of the Manufacturer/Importer It is hereby certified that the ProSafe™ FS728TP Smart Switch has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
PAGE 255
FS728TP Smart Switch Software Administration Manual Europe – EU Declaration of Conformity Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). This equipment meets the following conformance standards: EN300 328, EN301 489-17, EN60950 For complete DoC please visit the NETGEAR EU Declarations of Conformity website at: http://kb.netgear.
PAGE 256
FS728TP Smart Switch Software Administration Manual EDOC in Languages of the European Community Malti [Maltese] Hawnhekk, NETGEAR Inc., jiddikjara li dan Radiolan jikkonforma mal-htigijiet essenzjali u ma provvedimenti ohrajn relevanti li hemm fid-Dirrettiva 1999/5/EC. Magyar [Hungarian] Alulírott, NETGEAR Inc. nyilatkozom, hogy a Radiolan megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. Polski [Polish] Niniejszym NETGEAR Inc.
PAGE 257
FS728TP Smart Switch Software Administration Manual FCC Radio Frequency Interference Warnings & Instructions This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
PAGE 258
Index Numerics 802.1X 143, 160 example configuration 247 A access control ACL example configuration 240 ACLs 174 management interface 153 authentication 802.1X 160, 247 enable 29 list 151 port-based 160 RADIUS 143, 145 SNMP 29, 56, 57 TACACS+ 148 C certificate 155 changing the password 19, 142 Configuration 802.
PAGE 259
FS728TP Smart Switch Software Administration Manual E EAP 200, 201 EAPOL 200 F file management 223 firmware 22 firmware download 219 LAG VLAN 77 LAGPDUs 77 LAGs 77 Membership 78 Static 77 LLDP 58 Local Information 63 neighbors information 65 packets 59 port settings 59 LLDP-MED 58 G getting started 10 Green Ethernet 46, 75 guest VLAN configuration 248 H help, HTML-based 27 HTTP 153 management interface access 18 secure 153 using to download files 217, 221 HTTPS 154 I ICMP 40 IEEE 802.11x 247 IEEE 802.
PAGE 260
FS728TP Smart Switch Software Administration Manual R RADIUS 142 server 143 statistics 146 reboot 19, 214 reset button 143 configuration to defaults 214 switch 214 RSTP 91 S Security MAC Address 172 server, HTTP 153 severity, log message 206 Simple Network Time Protocol 35 SNMP traps 54 using 29 v1, v2 53 v3 57 SNTP 35 Global Status 37 global status 37 server configuration 38 server status 39 SSL 154 storm control 168 STP 91 example configuration 250 Status 91 Stratum 0 35 1 35 2 35 T T1 36 T2 36 T3 36 T
PAGE 261
FS728TP Smart Switch Software Administration Manual Index | 261