GS108T and GS110TP Smart Switch Software Administration Manual NETGEAR, Inc. 350 E.
© 2007, 2008, 2009, 2010 by NETGEAR, Inc. All rights reserved. FullManual. Technical Support Please refer to the support information card that shipped with your product. By registering your product at http://www.netgear.com/register, we can provide you with faster expert technical support and timely notices of product and software upgrades. NETGEAR, INC. Support Information Phone: 1-888-NETGEAR, for US & Canada only. For other countries, see your Support information card. E-mail: support@netgear.
Voluntary Control Council for Interference (VCCI) Statement This equipment is in the Class B category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas. When used near a radio or TV receiver, it may become the cause of radio interference.
iv v1.
Contents GS108T and GS110TP Smart Switch Software Administration Manual About This Manual Audience ........................................................................................................................... xi Organization ..................................................................................................................... xi Conventions, Formats and Scope ................................................................................... xii How to Print this Manual .......
GS108T and GS110TP Smart Switch Software Administration Manual System Information ..................................................................................................2-1 IP Configuration .......................................................................................................2-3 Time .........................................................................................................................2-5 Denial of Service ........................................................
GS108T and GS110TP Smart Switch Software Administration Manual VLANs ..........................................................................................................................3-10 VLAN Configuration ...............................................................................................3-11 VLAN Membership Configuration ...........................................................................3-12 Port VLAN ID Configuration ............................................................
GS108T and GS110TP Smart Switch Software Administration Manual Defining DiffServ ....................................................................................................4-10 Diffserv Configuration .............................................................................................4-11 Class Configuration ................................................................................................4-13 Policy Configuration ...............................................................
GS108T and GS110TP Smart Switch Software Administration Manual MAC Binding Configuration ....................................................................................5-48 MAC Binding Table ................................................................................................5-49 IP ACL ....................................................................................................................5-50 IP Rules ..............................................................................
GS108T and GS110TP Smart Switch Software Administration Manual Ping ........................................................................................................................7-12 Traceroute ..............................................................................................................7-14 Chapter 8 Help Online Help .....................................................................................................................8-1 Support .....................................
About This Manual The NETGEAR® GS108T and GS110TP Software Administration Manual describes how to configure and operate the GS108T Smart Switch and GS110TP Gigabit Smart Switch by using the Web-based graphical user interface (GUI). This manual describes the software configuration procedures and explains the options available within those procedures. Audience The information in this manual is intended for readers with intermediate to advanced system management skills.
GS108T and GS110TP Smart Switch Software Administration Manual • Chapter 4, “Configuring Quality of Service” on page 4-1 describes how to manage the Access Control Lists (ACLs), and how to configure the Differentiated Services and Class of Service features. • Chapter 5, “Managing Device Security” on page 5-1 contains information about configuring switch security information such as port access control, TACACS+, and RADIUS server settings.
GS108T and GS110TP Smart Switch Software Administration Manual • Formats. This manual uses the following formats to highlight special messages: Note: A note provides additional information about a feature or technology. Tip: This format is used to highlight a procedure that will save time or resources. Warning: A caution provides information about critical aspects of the configuration, combination of settings, events, or procedures that can adversely affect network connectivity, security, and so on.
GS108T and GS110TP Smart Switch Software Administration Manual How to Print this Manual Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com. • Printing a PDF version of the Complete Manual. Click the print icon in the upper left of your browser window.
Chapter 1 Getting Started This chapter provides an overview of starting your NETGEAR GS108T or GS110TP Smart Switch and accessing the user interface. It also leads you through the steps to use the Smart Control Center utility.
GS108T and GS110TP Smart Switch Software Administration Manual NETGEAR provides the Smart Control Center utility with this product. This program runs under Microsoft® Windows® XP, Windows 2000, or Windows Vista® and provides a front end that discovers the switches on your network segment (L2 broadcast domain).
GS108T and GS110TP Smart Switch Software Administration Manual Switch Discovery in a Network with a DHCP Server This section describes how to set up your switch in a network that has a DHCP server. The DHCP client on the switch is enabled by default. When you connect it to your network, the DHCP server will automatically assign an IP address to your switch. Use the Smart Control Center to discover the IP address automatically assigned to the switch.
GS108T and GS110TP Smart Switch Software Administration Manual 6. Make a note of the displayed IP address assigned by the DHCP server. You will need this value to access the switch directly from a Web browser (without using the Smart Control Center). Figure 1-2 7. Select your switch by clicking the line that displays the switch, then click the Web Browser Access button. The Smart Control Center displays a login window similar to Figure 1-3. Figure 1-3 Use your Web browser to manage your switch.
GS108T and GS110TP Smart Switch Software Administration Manual Switch Discovery in a Network without a DHCP Server This section describes how to use the Smart Control Center to set up your switch in a network without a DHCP server. If your network has no DHCP service, you must assign a static IP address to your switch. If you choose, you can assign it a static IP address, even if your network has DHCP service. To assign a static IP address: 1. Connect the switch to your existing network. 2.
GS108T and GS110TP Smart Switch Software Administration Manual 6. Select the switch, then click Configure Device. The page expands to display additional fields at the bottom of the page, as Figure 1-4 shows. Figure 1-4 7. Choose the Disabled radio box to disable DHCP. 8. Enter the static switch IP address, gateway IP address and subnet mask, and then type your password and click Apply. Note: You must enter the current password every time you use the Smart Control Center to update the switch setting.
GS108T and GS110TP Smart Switch Software Administration Manual Configuring the Network Settings on the Administrative System If you choose not to use the Smart Control Center to configure the network information on the switch, you can connect directly to the switch from an administrative system, such as a PC or laptop computer. The IP address of the administrative system must be in the same subnet as the default IP address on the switch.
GS108T and GS110TP Smart Switch Software Administration Manual Warning: When you change the IP address of your administrative system, you will loose your connection to the rest of the network. Be sure to write down your current network address settings before you change them. To modify the network settings on your administrative system: 1. On your PC, access the MS Windows operating system TCP/IP Properties. 2. Set the IP address of the administrative system to an address in the 192.168.0.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 1-6 Smart Control Center Utilities In addition to device discovery and network address assignment, the Smart Control Center includes several maintenance features.
GS108T and GS110TP Smart Switch Software Administration Manual • Change Password—Allows you to set a new password for the device. In this process, you are required to enter the old password and to confirm the new one, which can contain up to 20 ASCII characters. From the Maintenance tab, you can upload or download a switch configuration file and upgrade the switch firmware.
GS108T and GS110TP Smart Switch Software Administration Manual 4. Click OK. 5. Enter the switch password and click Apply. The file is uploaded to the administrative computer as a *.cfg file. You can open it and view the contents with a text editor. To restore the configuration to a previously saved version: 1. Click the Maintenance tab and select the device with the configuration to restore. 2. Click Download Configuration. 3.
GS108T and GS110TP Smart Switch Software Administration Manual Note: Click the Tasks tab to view status information about the configuration download. Firmware Upgrade The application software for the GS108T and GS110TP Smart Switches is upgradeable, enabling your switch to take advantage of improvements and additional features as they become available. The upgrade procedure and the required equipment are described in this section.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 1-7 Optionally, you can schedule a different date and time to download and install the firmware image. To delay the upgrade process, clear the Run Now? check box and enter a date and time to complete the upgrade. 7. When the process is complete, the switch automatically reboots. Note: Click the Tasks tab to view status information about the firmware upgrade.
GS108T and GS110TP Smart Switch Software Administration Manual Viewing and Managing Tasks From the Tasks tab, you can view information about configuration downloads and firmware upgrades that have already occurred, are in progress, or are scheduled to take place at a later time. You can also delete or reschedule selected tasks. Figure 1-8 shows the Tasks page.
GS108T and GS110TP Smart Switch Software Administration Manual Understanding the User Interfaces GS108T and GS110TP software includes a set of comprehensive management functions for configuring and monitoring the system by using one of the following methods: • Web user interface • Simple Network Management Protocol (SNMP) Each of the standards-based management methods allows you to configure and monitor the components of the GS108T and GS110TP software.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 1-9 shows the layout of the Smart Switch Web interface. Navigation Tab Feature Link Logout Button Help LInk Help Page Page Menu Configuration Status and Options Figure 1-9 Navigation Tabs, Feature Links, and Page Menu The navigation tabs along the top of the Web interface give you quick access to the various switch functions. The tabs are always available and remain constant, regardless of which feature you configure.
GS108T and GS110TP Smart Switch Software Administration Manual The configuration pages for each feature are available as links in the page menu on the left side of the page. Some items in the menu expand to reveal multiple configuration pages, as Figure 1-10. shows. When you click a menu item that includes multiple configuration pages, the item becomes preceded by a down arrow symbol and expands to display the additional pages.
GS108T and GS110TP Smart Switch Software Administration Manual Device View The Device View is a Java® applet that displays the ports on the switch. This graphic provides an alternate way to navigate to configuration and monitoring options. The graphic also provides information about device ports, current configuration and status, table information, and feature components. The Device View is available from the System Device View page. The port coloring indicates whether a port is currently active.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 1-13 If you click the graphic, but do not click a specific port, the main menu appears, as Figure 1-14 shows. This menu contains the same option as the navigation tabs at the top of the page. Figure 1-14 Getting Started 1-19 v1.
GS108T and GS110TP Smart Switch Software Administration Manual Help Page Access Every page contains a link to the online help , which contains information to assist in configuring and managing the switch. The online help pages are context sensitive. For example, if the IP Addressing page is open, the help topic for that page displays if you click Help. Figure 1-9 shows the location of the Help link on the Web interface.
GS108T and GS110TP Smart Switch Software Administration Manual 3. To enable encryption, select the DES option in the Encryption Protocol field. Then, enter an encryption code of eight or more alphanumeric characters in the Encryption Key field. 4. Click Apply. To access configuration information for SNMPv1 or SNMPv2, click System SNMP SNMPv1/v2 and click the page that contains the information to configure. Interface Naming Convention The GS108T and GS110TP support physical and logical interfaces.
GS108T and GS110TP Smart Switch Software Administration Manual 1-22 Getting Started v1.
Chapter 2 Configuring System Information Use the features in the System tab to define the switch’s relationship to its environment.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-1 To define system information: 1. Open the System Information page. 2. Define the following fields: • System Name. Enter the name you want to use to identify this switch. You may use up to 31 alphanumeric characters. The factory default is blank. • System Location. Enter the location of this switch. You may use up to 31 alphanumeric characters. The factory default is blank. • System Contact.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the status information the System Page displays. Table 2-1. System Description Fields Field Description Serial Number The serial number of the switch. System Object ID The base object ID for the switch's enterprise MIB. Date & Time The current date and time. System Up Time Displays the number of days, hours, and minutes since the last system restart.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-2 To configure the network information for the management interface: 1. Select the appropriate radio button to determine how to configure the network information for the switch management interface: • Dynamic IP Address (DHCP). Specifies that the switch must obtain the IP address through a DHCP server. • Dynamic IP Address (BOOTP). Specifies that the switch must obtain the IP address through a BootP server. • Static IP Address.
GS108T and GS110TP Smart Switch Software Administration Manual • Default Gateway. The default gateway for the IP interface. The factory default value is 192.168.0.254. 3. Specify the VLAN ID for the management VLAN. The management VLAN is used to establish an IP connection to the switch from a workstation that is connected to a port in the same VLAN. If not specified, the active management VLAN ID is 1 (default), which allows an IP connection to be established through any port.
GS108T and GS110TP Smart Switch Software Administration Manual Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock. The device receives time from stratum 1 and above since it is itself a stratum 2 device. The following is an example of stratums: • Stratum 0: A real-time clock is used as the time source, for example, a GPS system.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-3 To configure the time by using the CPU clock cycle as the source: 1. From the Clock Source field, select Local. 2. In the Date field, enter the date in the DD/MM/YYYY format. 3. In the Time field, enter the time in HH:MM:SS format. Note: If you do not enter a date and time, the switch will calculate the date and time using the CPU’s clock cycle. When the Clock Source is set to Local, the Time Zone field is grayed out (disabled): 4.
GS108T and GS110TP Smart Switch Software Administration Manual To configure the time through SNTP: 1. From the Clock Source field, select SNTP. When the Clock Source is set to SNTP, the Date and Time fields are grayed out (disabled). The switch gets the date and time from the network. 2. Use the menu to select the Coordinated Universal Time (UTC) time zone in which the switch is located, expressed as the number of hours. The options in the Time Zone menu specify the time difference from UTC time zone. 3.
GS108T and GS110TP Smart Switch Software Administration Manual Table 2-2. SNTP Global Status Fields (continued) Field Description Last Attempt Status Specifies the status of the last SNTP request or unsolicited message for both unicast mode. If no message has been received from a server, a status of Other is displayed. These values are appropriate for all operational modes: • Other: None of the following enumeration values. • Success: The SNTP operation was successful and the system time was updated.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-4 To configure a new SNTP Server: 1. Enter the appropriate SNTP server information in the available fields: • Server Type. Specifies whether the address for the SNTP server is an IP address (IPv4) or hostname (DNS). • Address. Enter the IP address or the hostname of the SNTP server. • Port. Enter a port number on the SNTP server to which SNTP requests are sent. The valid range is 1–65535. The default is 123. • Priority .
GS108T and GS110TP Smart Switch Software Administration Manual 5. To change the settings for an existing SNTP server, select the check box next to the configured server and enter new values in the available fields, and then click Apply. Configuration changes take effect immediately. 6. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
GS108T and GS110TP Smart Switch Software Administration Manual Denial of Service Use the Denial of Service (DoS) page to configure DoS control. The GS108T and GS110TP software provides support for classifying and blocking specific types of DoS attacks. You can configure your system to monitor and block six types of attacks: • SIP=DIP: Source IP address = Destination IP address. • First Fragment: TCP Header size is smaller than the configured value. • TCP Fragment: IP Fragment Offset = 1.
GS108T and GS110TP Smart Switch Software Administration Manual To configure the Auto-DoS feature: 1. Select a radio button to enable or disable Auto-DoS: • Disable. Auto-DoS is disabled (default). • Enable. Auto-DoS is enabled. 2. Click Apply to send the updated configuration to the switch. Configuration changes occur immediately. 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
GS108T and GS110TP Smart Switch Software Administration Manual To configure individual DoS settings: 1. Select the types of DoS attacks for the switch to monitor and block and configure any associated values, as the following list describes. • Denial of Service SIP=DIP. Enable or disable this option by selecting the appropriate radio button. Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a source IP address equal to the destination IP address. The factory default is Disable.
GS108T and GS110TP Smart Switch Software Administration Manual DNS You can use these pages to configure information about DNS servers the network uses and how the switch operates as a DNS client. DNS Configuration Use this page to configure global DNS settings and DNS server information. To access this page, click System Management DNS DNS Configuration. Figure 2-7 To configure the global DNS settings 1. Specify whether to enable or disable the administrative status of the DNS Client. • Enable.
GS108T and GS110TP Smart Switch Software Administration Manual 3. To specify the DNS server to which the switch sends DNS queries, enter an IP address in standard IPv4 dot notation in the DNS Server Address and click Add. The server appears in the list below. You can specify up to eight DNS servers. The precedence is set in the order created. 4. To remove a DNS server from the list, select the check box next to the server you want to remove and click Delete.
GS108T and GS110TP Smart Switch Software Administration Manual 2. Specify the IP address in standard IPv4 dot notation to associate with the hostname. 3. Click Add. The entry appears in the list below. 4. To remove an entry from the static DNS table, select the check box next to the entry and click Delete. 5. To change the hostname or IP address in an entry, select the check box next to the entry and enter the new information in the appropriate field, and then click Apply. 6.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-9 To configure the Green Ethernet feature: 1. Enable or disable the Short Cable Mode. • Enable. The switch performs a cable test on each cable connect to its ports. If the cable is less than 10m in length, the port is placed in low power mode (nominal power). • Disable. Full transmit power is provided to all ports, regardless of cable length. 2. Click Apply to send the updated configuration to the switch.
GS108T and GS110TP Smart Switch Software Administration Manual • “Timer Global Configuration” on page 2-22 • “Timer Schedule Configuration” on page 2-23 PoE Configuration Use the PoE Configuration page to view global PoE power information and to configure PoE SNMP trap settings. To display the PoE Configuration page, click System PoE Basic PoE Configuration. Note: You can also access the PoE Configuration page by clicking System PoE Advanced PoE Configuration.
GS108T and GS110TP Smart Switch Software Administration Manual 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 4. Click Refresh to update the screen with the current information. The PoE Configuration page also provides the following information: Table 2-5. Global PoE Status Information Fields Field Description Power Status Indicates whether the PoE capability is on or off.
GS108T and GS110TP Smart Switch Software Administration Manual To configure PoE Port settings: 1. To configure settings for a physical port, click PORTS. 2. To configure settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces.
GS108T and GS110TP Smart Switch Software Administration Manual • Timer Schedule. Select the timer schedule to use for the port. By default, no timer schedules are configured. To create a timer schedule, use the Timer Global Configuration page. • Output Voltage. Shows the current voltage being delivered to device in Volts. • Output Current. Shows the current being delivered to device in mA. • Output Power. Shows the current power being delivered to device in Watts. • Power Limit Type.
GS108T and GS110TP Smart Switch Software Administration Manual 3. Assign the timer to the port or LAG on the PoE Port Configuration page. Note: The Timer Schedule feature must be enabled for the settings to be applied to the ports. To display the Timer Global Configuration page, click System PoE Advanced Timer Global Configuration. Figure 2-12 To configure global timer settings: 1. To add a timer, enter a name in the Timer Schedule Name field, and click Add. 2.
GS108T and GS110TP Smart Switch Software Administration Manual To display the Timer Schedule Configuration page, click System PoE Advanced Timer Schedule Configuration. Figure 2-13 To configure timer schedules: 1. Select the name of the schedule created on the Timer Global Configuration page. 2. Specify the time to turn off power. The time range is from 00:00 to 23:59. 3. Specify the day to turn off power by clicking the calendar icon and selecting the date. 4.
GS108T and GS110TP Smart Switch Software Administration Manual SNMP From SNMP link under the System tab, you can configure SNMP settings for SNMP V1/V2 and SNMPv3. From the SNMP link, you can access the following pages: • “SNMPV1/V2” on page 2-25 • “Trap Flags” on page 2-28 • “SNMP v3 User Configuration” on page 2-29 SNMPV1/V2 The pages under the SNMPV1/V2 menu allow you to configure SNMP community information, traps, and trap flags.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-14 To configure SNMP communities: 1. To add a new SNMP community, enter community information in the available fields described below, and then click Add. • Management Station IP. Specify the IP address of the management station.Together, the Management Station IP and the Management Station IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device.
GS108T and GS110TP Smart Switch Software Administration Manual • Status. Specify the status of this community by selecting Enable or Disable from the pull down menu. If you select Enable, the Community Name must be unique among all valid Community Names or the set request will be rejected. If you select Disable, the Community Name will become invalid. 2. To modify an existing community, select the check box next to the community, change the desired fields, and then click Apply.
GS108T and GS110TP Smart Switch Software Administration Manual • Version. The trap version to be used by the receiver from the menu. • SNMP v1: Uses SNMP v1 to send traps to the receiver. • SNMP v2: Uses SNMP v2 to send traps to the receiver. • Community String. The community string for the SNMP trap packet to be sent to the trap manager. This may be up to 16 characters and is case sensitive. • Status. Select the receiver’s status from the menu: • Enable: Send traps to the receiver.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-16 To configure the trap flags: 1. From the Authentication field, enable or disable activation of authentication failure traps by selecting the corresponding button. The factory default is Enable. 2. From the Link Up/Down field, enable or disable activation of link status traps by selecting the corresponding button. The factory default is Enable. 3.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-17 The SNMPv3 Access Mode is a read-only field that shows the access privileges for the user account. The admin account always has Read/Write access, and all other accounts have Read Only access. To configure SNMPv3 settings for the user account: 1. In the Authentication Protocol field, specify the SNMPv3 Authentication Protocol setting for the selected user account. The valid Authentication Protocols are None, MD5, or SHA.
GS108T and GS110TP Smart Switch Software Administration Manual LLDP The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN.
GS108T and GS110TP Smart Switch Software Administration Manual Note: You can also access the LLDP Configuration page by clicking System LLDP Advanced LLDP Configuration. Figure 2-18 To configure global LLDP settings: 1. Configure the following LLDP properties. • TLV Advertised Interval. Specify the interval at which frames are transmitted. The default is 30 seconds, and the valid range is 1–32768 seconds. • Hold Multiplier.
GS108T and GS110TP Smart Switch Software Administration Manual 2. To change the LLDP-MED properties in the Fast Start Duration field, specify the number of LLDP packets sent when the LLDP-MED Fast Start mechanism is initialized, which occurs when a new endpoint device links with the LLDP-MED network connectivity device. The default value is 3, and the range is from 1–10. 3. Click Apply to apply the new settings to the system. 4.
GS108T and GS110TP Smart Switch Software Administration Manual To configure LLDP port settings: 1. Change the LLDP port settings described below: • Interface. Specifies the port to be affected by these parameters. • Admin Status. Select the status for transmitting and receiving LLDP packets: • • Tx Only: Enable only transmitting LLDP PDUs on the selected ports. • Rx Only: Enable only receiving LLDP PDUs on the selected ports.
GS108T and GS110TP Smart Switch Software Administration Manual To display this page, click System LLDP Advanced LLDP-MED Network Policy. Figure 2-20 From the Interface menu, select the interface with the information to view. The following table describes the LLDP-MED network policy information that displays on the screen. Table 2-6. LLPD-MED Network Policy Information Fields Field Description Network Policy Number Specifies the policy number.
GS108T and GS110TP Smart Switch Software Administration Manual Table 2-6. LLPD-MED Network Policy Information Fields (continued) Field Description VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged. User Priority Specifies the priority associated with the policy. DSCP Specifies the DSCP associated with a particular policy type. Click Refresh to refresh the page with the most current data from the switch.
GS108T and GS110TP Smart Switch Software Administration Manual 3. From the Notification field, specify whether the port should send a topology change notification if a device is connected or removed. 4. From the Transmit Optional TLVs field, specify whether the port should transmit optional type length values (TLVs) in the LLDP PDU frames.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-22 The following table describes the LLDP local information that displays for each port. Table 2-7. LLDP Local Information Fields Field Description Interface Select the interface with the information to display. Port ID Subtype Identifies the type of data displayed in the Port ID field. Port ID Identifies the physical address of the port. Port Description Identifies the user-defined description of the port.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-23 The following table describes the detailed local information that displays for the selected port. Table 2-8. Local Port Information Field Description Managed Address Address SubType Displays the type of address the management interface uses, such as an IPv4 address. Address Displays the address used to manage the device. Interface SubType Displays the port subtype.
GS108T and GS110TP Smart Switch Software Administration Manual Table 2-8. Local Port Information (continued) Field Description Auto Negotiation Advertised Capabilities Displays the port speed auto-negotiation capabilities such as 1000BASE-T half-duplex mode or 100BASE-TX full-duplex mode. Operational MAU Type Displays the Medium Attachment Unit (MAU) type.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-24 The following table describes the information that displays for all LLDP neighbors that have been discovered. Table 2-9. LLDP Neighbors Information Fields Field Description MSAP Entry Displays the Media Service Access Point (MSAP) entry number for the remote device. Local Port Displays the interface on the local system that received LLDP information from a remote system.
GS108T and GS110TP Smart Switch Software Administration Manual A popup window displays information for the selected port. Figure 2-25 Table 2-10. LLPD-MED Local Device Information Fields Field Description Port Details Local Port Displays the interface on the local system that received LLDP information from a remote system. MSAP Entry Displays the Media Service Access Point (MSAP) entry number for the remote device.
GS108T and GS110TP Smart Switch Software Administration Manual Table 2-10. LLPD-MED Local Device Information Fields (continued) Field Description Port Description Identifies the user-defined description of the port. System Name Identifies the system name associated with the remote device. System Description Specifies the description of the selected port associated with the remote system. System Capabilities Specifies the system capabilities of the remote system.
GS108T and GS110TP Smart Switch Software Administration Manual Table 2-10. LLPD-MED Local Device Information Fields (continued) Field Description PoE Device Type Displays the port PoE type. For example, Powered. PoE Power Source Displays the port's power source. PoE Power Priority Displays the port's power priority. PoE Power Value Displays the port's power value. Hardware Revision Displays the hardware version advertised by the remote device.
GS108T and GS110TP Smart Switch Software Administration Manual Services — DHCP Filtering DHCP Filtering is a useful feature that can be employed as a security measure against unauthorized DHCP servers. A known attack is when an unauthorized DHCP server responds to a client that is requesting an IP address. The server configures the gateway for the client to be equal to the IP address of the server. At that point, the client sends all of its IP traffic destined to other networks to the unauthorized machine.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-26 To configure global DHCP filtering settings: 1. In the Admin Mode field, select Enable or Disable to turn the DHCP Filtering feature on or off. 2. Click Apply to apply the change to the system. Configuration changes take effect immediately. 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-27 To configure DHCP filtering settings for an interface: 1. To configure DHCP filtering settings for a physical port, click PORTS. 2. To configure DHCP filtering settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure DHCP filtering settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure.
GS108T and GS110TP Smart Switch Software Administration Manual 2-48 Configuring System Information v1.
Chapter 3 Configuring Switching Information Use the features in the Switching tab to define Layer 2 features.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-1 To configure port settings: 1. To configure settings for a physical port, click PORTS. 2. To configure settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces.
GS108T and GS110TP Smart Switch Software Administration Manual • Port Speed. Use the menu to select the port’s speed and duplex mode. If you select Auto, the duplex mode and speed will be set by the auto-negotiation process. The port’s maximum capability (full duplex and 1000 Mbps) will be advertised. Otherwise, your selection will determine the port’s duplex mode and transmission rate. The factory default is Auto. • Sleep Mode.
GS108T and GS110TP Smart Switch Software Administration Manual Flow Control IEEE 802.3x flow control works by pausing a port when the port becomes oversubscribed and dropping all traffic for small bursts of time during the congestion condition. This can lead to highpriority and/or network control traffic loss. When IEEE 802.3x flow control is enabled, lower speed switches can communicate with higher speed switches by requesting that the higher speed switch refrains from sending packets.
GS108T and GS110TP Smart Switch Software Administration Manual Link Aggregation Groups Link aggregation groups (LAGs), which are also known as port-channels, allow you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing. You assign the LAG VLAN membership after you create a LAG. The LAG by default becomes a member of the management VLAN.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-3 To configure LAG settings: 1. Select the check box next to the LAG to configure. You can select multiple LAGs to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 2. Configure or view the following settings: • LAG Name. Specify the name you want assigned to the LAG. You may enter any string of up to 15 alphanumeric characters.
GS108T and GS110TP Smart Switch Software Administration Manual • LAG Type. Select Static or LACP. When the LAG is static, it does not transmit or process received LAGPDUs, for example the member ports do not transmit LAGPDUs and all the LAGPDUs it may receive are dropped. The default is Static. • Active Ports. A listing of the ports that are actively participating members of this Port Channel. A maximum of 4 ports can be assigned to a port channel. • LAG State.
GS108T and GS110TP Smart Switch Software Administration Manual 2. In the LAG Name field, enter the name you want assigned to the LAG. You may enter any string of up to 15 alphanumeric characters. A valid name has to be specified to create the LAG. 3. Click the orange bar to display the ports. 4. Click the box below each port to include in the LAG. Figure 3-5 shows an example of how to configure LAG1 with ports g7 and g8 as members. Figure 3-5 5.
GS108T and GS110TP Smart Switch Software Administration Manual To configure LACP: 1. From the LACP System Priority field, specify the device’s link aggregation priority relative to the devices at the other ends of the links on which link aggregation is enabled. A higher value indicates a lower priority. You can change the value of the parameter globally by specifying a priority from 0–65535. The default value is 32768. 2. Click Refresh to reload the page and display the most current information. 3.
GS108T and GS110TP Smart Switch Software Administration Manual To configure LACP port priority settings: 1. Select the check box next to the port to configure. You can select multiple ports to apply the same setting to all selected ports. Note: You cannot select ports that are not participating in a LAG. 2. Configure the LACP Priority value for the selected port. The field range is 0–255. The default value is 128. 3. Configure the administrative LACP Timeout value. • Long.
GS108T and GS110TP Smart Switch Software Administration Manual From the VLAN link, you can access the following pages: • “VLAN Configuration” on page 3-11 • “VLAN Membership Configuration” on page 3-12 • “Port VLAN ID Configuration” on page 3-14 VLAN Configuration Use the VLAN Configuration page to define VLAN groups stored in the VLAN membership table. The GS108T and GS110TP each support up to 64 VLANs. Three VLANs are created by default: • VLAN 1 is the default VLAN of which all ports are members.
GS108T and GS110TP Smart Switch Software Administration Manual To configure VLANs: 1. To add a VLAN, configure the VLAN ID, name, and type, and then click Add. • VLAN ID. Specify the VLAN Identifier for the new VLAN. (You can only enter data in this field when you are creating a new VLAN.) The range of the VLAN ID is 1–4093. • VLAN Name. Use this optional field to specify a name for the VLAN. It can be up to 32 alphanumeric characters long, including blanks. The default is blank.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-9 To configure VLAN membership: 1. From the VLAN ID field, select the VLAN to which you want to add ports. 2. Click the orange bar below the VLAN Type field to display the physical ports on the switch. 3. Click the lower orange bar to display the LAGs on the switch. 4. To select the port(s) or LAG(s) to add to the VLAN, click the square below each port or LAG. You can add each interface as a tagged (T) or untagged (U) VLAN member.
GS108T and GS110TP Smart Switch Software Administration Manual 5. Use the Group Operations field to select all the ports and configure them. Possible values are: • Untag All: Select all the ports on which all frames transmitted from this VLAN will be untagged. All the ports will be included in the VLAN. • Tag All: Select the ports on which all frames transmitted for this VLAN will be tagged. All the ports will be included in the VLAN.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-11 To configure PVID information: 1. To configure PVID settings for a physical port, click PORTS. 2. To configure PVID settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure PVID settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the interfaces to configure. You can select multiple interfaces to apply the same setting to the selected interfaces.
GS108T and GS110TP Smart Switch Software Administration Manual 7. Specify how you want the port to handle tagged frames: • Enable: A tagged frame will be discarded if this port is not a member of the VLAN identified by the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID specified for the port that received this frame. • Disable: All frames are forwarded in accordance with the IEEE 802.1Q VLAN standard. The factory default is Disable. 8. Specify the default 802.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-12 To configure Voice VLAN: 1. From the Voice VLAN Status field, enable or disable Voice VLAN on the switch. If the switch does not handle traffic from IP phones, the status should be disabled. 2. From the Voice VLAN ID field, select the VLAN to use for voice traffic on the switch. The VLAN must already exist on the switch. For information about how to create VLANs, see “VLAN Configuration” on page 3-11. 3.
GS108T and GS110TP Smart Switch Software Administration Manual Voice VLAN Port Setting To display the Voice VLAN Port Setting page, click Switching Voice VLAN Advanced Port Setting. Figure 3-13 To configure Voice VLAN port settings: 1. Select the check box next to the port to configure. You can select multiple check boxes to apply the same setting to all selected ports. 2. From the Voice VLAN Mode menu, specify whether to enable or disable Voice VLAN on the selected port. 3.
GS108T and GS110TP Smart Switch Software Administration Manual Voice VLAN OUI The Organizational Unique Identifier (OUI) identifies the IP phone manufacturer. The switch comes preconfigured with the following OUIs: • 00:01:E3: SIEMENS • 00:03:6B: CISCO1 • 00:12:43: CISCO2 • 00:0F:E2: H3C • 00:60:B9: NITSUKO • 00:D0:1E: PINTEL • 00:E0:75: VERILINK • 00:E0:BB: 3COM • 00:04:0D: AVAYA1 • 00:1B:4F: AVAYA2 You can select an existing OUI or add a new OUI and description to identify the IP phones on the network.
GS108T and GS110TP Smart Switch Software Administration Manual To configure OUI settings: 1. To add a new OUI prefix, type the VOIP OUI prefix in the Telephony OUI(s) field, provide a description of the prefix, and click Add. The OUI prefix must be in the format AA:BB:CC. 2. To delete an OUI prefix from the list, select the check box next to the OUI prefix and click Delete. 3.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-15 To configure Auto-VoIP settings: 1. Select the check box next to the port to configure. You can select multiple check boxes to apply the same setting to all selected ports. 2. From the Auto-VoIP Mode menu, specify whether to enable or disable Auto-VoIP on the selected port. 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 4.
GS108T and GS110TP Smart Switch Software Administration Manual Spanning Tree Protocol The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Spanning tree versions supported include Common STP, Multiple STP, and Rapid STP. Classic STP provides a single path between end stations, avoiding and eliminating loops.
GS108T and GS110TP Smart Switch Software Administration Manual STP Switch Configuration The Spanning Tree Switch Configuration/Status page contains fields for enabling STP on the switch. To display the Spanning Tree Switch Configuration/Status page, click SwitchingSTPBasic STP Configuration. Figure 3-16 To configure STP settings on the switch: 1. From the Spanning Tree State field, specify whether to enable or disable Spanning Tree operation on the switch. 2.
GS108T and GS110TP Smart Switch Software Administration Manual 3. Specify the configuration name and revision level. • Configuration Name. Name used to identify the configuration currently being used. It may be up to 32 alphanumeric characters. • Configuration Revision Level. Number used to identify the configuration currently being used. The values allowed are between 0 and 65535. The default value is 0. 4. Specify the BPDU Flooding status for all ports or for individual ports.
GS108T and GS110TP Smart Switch Software Administration Manual Click Refresh to update the information on the screen with the most current data. CST Configuration Use the Spanning Tree CST Configuration page to configure Common Spanning Tree (CST) and Internal Spanning Tree on the switch. To display the Spanning Tree CST Configuration page, click SwitchingSTPAdvanced CST Configuration. Figure 3-17 To configure CST settings: 1. Specify values for CST in the appropriate fields: • Bridge Priority.
GS108T and GS110TP Smart Switch Software Administration Manual • Bridge Max Age (secs). Specifies the bridge maximum age time for the Common and Internal Spanning Tree (CST), which indicates the amount of time in seconds a bridge waits before implementing a topological change. The valid range is 6–40, and the value must be less than or equal to (2 * Bridge Forward Delay) – 1 and greater than or equal to 2 * (Bridge Hello Time +1). The default value is 20. • Bridge Hello Time (secs).
GS108T and GS110TP Smart Switch Software Administration Manual CST Port Configuration Use the Spanning Tree CST Port Configuration page to configure Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To display the Spanning Tree CST Port Configuration page, click SwitchingSTPAdvanced CST Port Configuration. Figure 3-18 To configure CST port settings: 1. To configure CST settings for a physical port, click PORTS. 2.
GS108T and GS110TP Smart Switch Software Administration Manual • Fast Link. Specifies if the specified port is an Edge Port with the CST. Possible values are Enable or Disable. The default is Disable. • Port State. The Forwarding state of this port. This field is read-only. • Path Cost. Set the Path Cost to a new value for the specified port in the common and internal spanning tree. It takes a value in the range of 1–200000000. • Priority. The priority for a particular port within the CST.
GS108T and GS110TP Smart Switch Software Administration Manual CST Port Status Use the Spanning Tree CST Port Status page to display Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To display the Spanning Tree CST Port Status page, click SwitchingSTPAdvanced CST Port Status. Figure 3-19 The following table describes the CST Status information displayed on the screen. Table 3-3.
GS108T and GS110TP Smart Switch Software Administration Manual Table 3-3. Spanning Tree CST Port Status Fields (continued) Field Description Designated Bridge Bridge Identifier of the bridge with the Designated Port. It is made up using the bridge priority and the base MAC address of the bridge. Designated Port Port Identifier on the Designated Bridge that offers the lowest cost to the LAN. It is made up from the port priority and the interface number of the port.
GS108T and GS110TP Smart Switch Software Administration Manual Rapid STP Use the Rapid STP page to view information about Rapid Spanning Tree (RSTP) port status. To display the Rapid STP page, click SwitchingSTPAdvanced RSTP. Figure 3-20 The following table describes the Rapid STP Status information displayed on the screen. Table 3-4. Rapid STP Status Field Description Interface The physical or port channel interfaces associated with VLANs associated with the CST.
GS108T and GS110TP Smart Switch Software Administration Manual MST Configuration Use the Spanning Tree MST Configuration page to configure Multiple Spanning Tree (MST) on the switch. To display the Spanning Tree MST Configuration page, click SwitchingSTPAdvanced MST Configuration. Figure 3-21 To configure an MST instance: 1. To add an MST instance, configure the MST values and click Add: • MST ID. Specify the ID of the MST to create. Valid values for this are between 1 and 4094. • Priority.
GS108T and GS110TP Smart Switch Software Administration Manual • VLAN ID. The menu contains all VLANs configured on the switch. Select a VLAN to associate with the MST instance. 2. To delete an MST instance, select the check box next to the instance and click Delete. 3. To modify an MST instance, select the check box next to the instance to configure, update the values, and click Apply. You can select multiple check boxes to apply the same setting to all selected ports. 4.
GS108T and GS110TP Smart Switch Software Administration Manual MST Port Configuration Use the Spanning Tree MST Port Configuration page to configure and display Multiple Spanning Tree (MST) settings on a specific port on the switch. To display the Spanning Tree MST Port Status page, click Switching STP Advanced MST Port Configuration. Figure 3-22 and Figure 3-23 show the left and right portions of the Web page. Figure 3-22 Figure 3-23 3-34 Configuring Switching Information v1.
GS108T and GS110TP Smart Switch Software Administration Manual Note: If no MST instances have been configured on the switch, the page displays a “No MSTs Available” message and does not display the fields shown in Table 3-6 on page 3-36. Figure 3-24 To configure MST port settings: 1. To configure MST settings for a physical port, click PORTS. 2. To configure MST settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure MST settings for both physical ports and LAGs, click ALL. 4.
GS108T and GS110TP Smart Switch Software Administration Manual Table 3-6. Spanning Tree MST Port Status Fields Field Description Auto-calculated Port Path Cost Displays whether the path cost is automatically calculated (Enabled) or not (Disabled). Path cost is calculated based on the link speed of the port if the configured value for Port Path Cost is zero. Port ID The port identifier for the specified port within the selected MST instance.
GS108T and GS110TP Smart Switch Software Administration Manual STP Statistics Use the Spanning Tree Statistics page to view information about the number and type of bridge protocol data units (BPDUs) transmitted and received on each port. To display the Spanning Tree Statistics page, click Switching STP Advanced STP Statistics. Figure 3-25 The following table describes the information available on the STP Statistics page. Table 3-7.
GS108T and GS110TP Smart Switch Software Administration Manual Multicast Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255.
GS108T and GS110TP Smart Switch Software Administration Manual 2. Click Apply to send the updated configuration to the switch. Configuration changes take effect immediately. 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch IGMP Snooping Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to forward multicast traffic intelligently on the switch.
GS108T and GS110TP Smart Switch Software Administration Manual IGMP Snooping Configuration Use the IGMP Snooping Configuration page to configure the parameters for IGMP snooping, which is used to build forwarding lists for multicast traffic. To access the IGMP Snooping Configuration page, click Switching Multicast IGMP Snooping IGMP Snooping Configuration. Figure 3-27 To configure IGMP Snooping: 1. Enable or disable IGMP Snooping on the switch. • Enable.
GS108T and GS110TP Smart Switch Software Administration Manual The following table displays information about the global IGMP snooping status and statistics on the page. Table 3-8. IGMP Snooping Configuration Fields Field Description IGMP Snooping Status Select the administrative mode for IGMP Snooping for the switch. The default is Disable. Multicast Control Frame Count Displays the number of multicast control frames that have been processed by the CPU.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-28 To configure IGMP Snooping interface settings: 1. To configure IGMP Snooping settings for a physical port, click PORTS. 2. To configure IGMP Snooping settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure IGMP Snooping settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure.
GS108T and GS110TP Smart Switch Software Administration Manual • Host Timeout. Specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group. Enter a value between 2 and 3600 seconds. The default is 260 seconds. • Max Response Time. Specify the amount of time you want the switch to wait after sending a query on an interface because it did not receive a report for a particular group on that interface.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-29 The following table describes the fields in the IGMP Snooping Table. Table 3-9. IGMP Snooping Table Fields Field Description MAC Address A multicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 two-digit hexadecimal numbers that are separated by colons, for example, 01:00:5e:45:67:89. VLAN ID A VLAN ID for which the switch has forwarding and filtering information.
GS108T and GS110TP Smart Switch Software Administration Manual • Click Refresh to reload the page and display the most current information. Multicast Forwarding Database Table The Layer 2 Multicast Forwarding Database (MFDB) is used by the switch to make forwarding decisions for packets that arrive with a multicast destination MAC address. By limiting multicasts to only certain ports in the switch, traffic is prevented from going to parts of the network where that traffic is unnecessary.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the fields in the MFDB Table. Table 3-10. MFDB Table Fields Field Description MAC Address The MAC Address to which the multicast MAC address is related. To search by MAC address, enter the address with the MFDB table entry you want displayed. Enter six two-digit hexadecimal numbers separated by colons, for example 00:0f:43:67:89:AB, and then click Go. If the address exists, that entry will be displayed.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-31 The following table describes the information available on the MFDB Statistics page: Table 3-11. Multicast Forwarding Database Statistics Fields Field Description Max MFDB Table Entries Displays the maximum number of entries that the Multicast Forwarding Database table can hold.
GS108T and GS110TP Smart Switch Software Administration Manual IGMP Snooping VLAN Configuration Use the IGMP Snooping VLAN Configuration page to configure IGMP snooping settings for VLANs on the system. To access the IGMP Snooping VLAN Configuration page, click Switching Multicast IGMP Snooping IGMP Snooping VLAN Configuration. Figure 3-32 To configure IGMP snooping settings for VLANs: 1.
GS108T and GS110TP Smart Switch Software Administration Manual • • • • • Host Timeout. Sets the value for group membership interval of IGMP snooping for the specified VLAN ID. The valid range is (Maximum Response Time + 1) to 3600 seconds. Maximum Response Time. Enter the amount of time in seconds that a switch will wait after sending a query on the VLAN because it did not receive a report for a particular group in that interface. value. The valid range is 1 to 25 seconds.
GS108T and GS110TP Smart Switch Software Administration Manual IGMP Snooping Querier Configuration Use this page to enable or disable the IGMP Snooping Querier feature, specify the IP address of the router to perform the querying, and configure the related parameters. To access this page, click Switching Multicast IGMP Snooping Querier IGMP Snooping Querier Configuration. Figure 3-33 To configure IGMP Snooping Querier settings: 1.
GS108T and GS110TP Smart Switch Software Administration Manual 6. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 7. Click Apply to apply the new settings to the switch. Configuration changes take effect immediately 8. Click Refresh to update the page with the latest information from the switch. IGMP Snooping Querier VLAN Configuration Use this page to configure IGMP queriers for use with VLANs on the network.
GS108T and GS110TP Smart Switch Software Administration Manual • • Disabled. Upon seeing another querier of the same version in the VLAN, the snooping querier moves to the non-querier state. • Enabled. The snooping querier participates in querier election, in which the least IP address operates as the querier in that VLAN. The other querier moves to non-querier state. Snooping Querier VLAN Address.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the information available on the Querier VLAN Status page. Table 3-12. IGMP Snooping Querier VLAN Status Fields Field Description VLAN ID Specifies the VLAN ID on which the IGMP Snooping Querier is administratively enabled and for which VLAN exists in the VLAN database.
GS108T and GS110TP Smart Switch Software Administration Manual MAC Address Table The MAC Address Table contains information about unicast entries for which the switch has forwarding and/or filtering information. This information is used by the transparent bridging function in determining how to propagate a received frame. Use the search function of the MAC Address Table page to display information about the entries in the table. To access this page, click Switching Address Table Basic Address Table.
GS108T and GS110TP Smart Switch Software Administration Manual • Interface: Select Interface from the menu, enter the interface ID in g1, g2... format, then, click Go. If any entries learned on that interface exist, they are displayed. 2. Click Clear to clear Dynamic MAC Addresses in the table. 3. Click Refresh to redisplay the page to show the latest MAC Addresses. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-37 To configure the Dynamic Address setting: 1. Specify the number of seconds the forwarding database should wait before deleting a learned entry that has not been updated. IEEE 802.1D-1990 recommends a default of 300 seconds. You may enter any number of seconds between 10 and 1000000. The factory default is 300. Note: IEEE 802.1D recommends a default of 300 seconds, which is the factory default. 2.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-38 To configure a static MAC address: 1. To add a static MAC address entry a. Select the VLAN ID corresponding to the MAC address to add. b. Specify the MAC address to add. c. Specify the port associated with the MAC address. d. Click Add. 2. To delete a static MAC address, select the check box next to the entry and click Delete. 3.
GS108T and GS110TP Smart Switch Software Administration Manual 3-58 Configuring Switching Information v1.
Chapter 4 Configuring Quality of Service Use the features in the QoS tab to configure Quality of Service (QoS) settings on the switch. The QoS tab contains links to the following features: • “Class of Service” on page 4-1 • “Differentiated Services” on page 4-10 In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network.
GS108T and GS110TP Smart Switch Software Administration Manual From the Class of Service link under the QoS tab, you can access the following pages: • “Basic CoS Configuration” on page 4-2 • “CoS Interface Configuration” on page 4-4 • “Interface Queue Configuration” on page 4-5 • “802.1p to Queue Mapping” on page 4-7 • “DSCP to Queue Mapping” on page 4-9 Basic CoS Configuration Use the Trust Mode Configuration page to set the class of service trust mode of an interface.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 4-1 To configure global CoS settings: 1. Select the Global radio button to configure the trust mode settings that apply to all interfaces. Alternatively, you can select the Interface radio button to apply trust mode settings to individual interfaces. The per-interface setting overrides the global settings. 2. Select the trust mode for all interfaces (Global Trust Mode) or the selected interface (Interface Trust Mode).
GS108T and GS110TP Smart Switch Software Administration Manual CoS Interface Configuration Use the CoS Interface Configuration page to apply an interface shaping rate to all interfaces or to a specific interface. To display the CoS Interface Configuration page, click the QoS CoS tab, and then click the Advanced CoS Interface Configuration link. Figure 4-2 To configure CoS settings for an interface: 1. To configure CoS settings for a physical port, click PORTS. 2.
GS108T and GS110TP Smart Switch Software Administration Manual 5. From the Interface Trust Mode field, specify whether or not the selected interface(s) trust a particular packet marking when the packet enters the port. • Untrusted. Do not trust any CoS packet marking at ingress. • 802.1p. The eight priority tags that are specified in IEEE 802.1p are p0 to p7. The QoS setting lets you map each of the eight priority levels to one of four internal hardware priority queues: High, Normal, Low, and Lowest.
GS108T and GS110TP Smart Switch Software Administration Manual To display the Interface Queue Configuration page, click the QoS CoS tab, and then click the Advanced Interface Queue Configuration link. Figure 4-3 To configure CoS queue settings for an interface: 1. To configure CoS queue settings for a physical port, click PORTS. 2. To configure CoS queue settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure CoS queue settings for both physical ports and LAGs, click ALL. 4.
GS108T and GS110TP Smart Switch Software Administration Manual • • Scheduler Type. Selects the type of queue processing from the drop down menu. Options are Weighted and Strict. Defining on a per-queue basis allows the user to create the desired service characteristics for different types of traffic. • Weighted: Weighted round robin associates a weight to each queue. This is the default. • Strict: Services traffic with the highest priority on a queue first. Queue Management Type.
GS108T and GS110TP Smart Switch Software Administration Manual To map 802.1p priorities to queues: 1. Select the Global radio button to apply the same 802.1p priority mapping to all CoS configurable interfaces or select the Interface radio button to apply 802.1p priority mapping to on a per-interface basis. If you map 802.1p priorities to individual interfaces, select the Interface radio button and then select the interface from the drop-down menu.
GS108T and GS110TP Smart Switch Software Administration Manual DSCP to Queue Mapping Use the DSCP to Queue Mapping page to specify which internal traffic class to map the corresponding DSCP value. To display the IP DSCP Mapping page, click QoS CoS Advanced DSCP to Queue Mapping. Figure 4-5 Configuring Quality of Service 4-9 v1.
GS108T and GS110TP Smart Switch Software Administration Manual To map DSCP values to queues: 1. For each DSCP value, select a hardware queue to associate with the value. The traffic class is the hardware queue for a port. Higher traffic class values indicate a higher queue position. Before traffic in a lower queue is sent, it must wait for traffic in higher queues to be sent. Valid range is 0–3. 2.
GS108T and GS110TP Smart Switch Software Administration Manual Packet processing begins by testing the class match criteria for a packet. A policy is applied to a packet when a class match within that policy is found. The Differentiated Services menu page contains links to the various Diffserv configuration and display features. To display the page, click QoS DiffServ.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 4-6 To configure the global DiffServ mode: 1. Select the administrative mode for DiffServ: • Enable. Differentiated Services are active. • Disable. The DiffServ configuration is retained and can be changed, but it is not active. 2. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 3.
GS108T and GS110TP Smart Switch Software Administration Manual Table 4-1. DiffServ Status Fields (continued) Field Description Policy Table Displays the current and maximum number of rows of the policy table. Policy Instance Table Displays the current and maximum number of rows of the policy instance table. Policy Attributes Table Displays the current and maximum number of rows of the policy attributes table. Service Table Displays the current and maximum number of rows of the service table.
GS108T and GS110TP Smart Switch Software Administration Manual To configure a DiffServ class: 1. To create a new class, enter a class name, select the class type, and click Add. The switch supports only the Class Type value All, which means all the various match criteria defined for the class should be satisfied for a packet match. All signifies the logical AND of all the match criteria. 2. To rename an existing class, select the check box next to the configured class, update the name, and click Apply. 3.
GS108T and GS110TP Smart Switch Software Administration Manual The class name is a hyperlink. Figure 4-9 shows the configuration fields for the class. Figure 4-9 2. Define the criteria to associate with a DiffServ class: • Reference Class. Selects a class to start referencing for criteria. A specified class can reference at most one other class of the same type. • Class of Service. Select the field and enter a class of service 802.1p user priority value to be matched for the packets.
GS108T and GS110TP Smart Switch Software Administration Manual • EtherType. Select the EtherType field to compare the match criteria against the value in the header of an Ethernet frame. Select an EtherType keyword or enter an EtherType value to specify the match criteria.If you specify the EtherType value, select User Value from the menu and enter a custom protocol identifier to which packets are matched. The value is a four-digit hexidecimal number in the range of 0600–FFFF. • Source MAC.
GS108T and GS110TP Smart Switch Software Administration Manual • Destination L4 Port. Requires a packet’s TCP/UDP destination port to match the port you select. Select the desired L4 keyword from the list on which the rule can be based. If you select Other, the screen refreshes and a Port ID field appears. Enter a user-defined Port ID by which packets are matched to the rule. • IP DSCP. Matches the packet’s DSCP to the class criteria’s when selected.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 4-10 To configure a DiffServ policy: 1. To create a new policy, enter a policy name in the Policy Selector field, select the existing DiffServ class to associate with the policy, and click Add. The available policy type is In, which indicates the type is specific to inbound traffic. This field is not configurable. 2.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 4-11 The policy name is a hyperlink. Figure 4-12 on page 4-20 shows the configuration fields for the policy. Configuring Quality of Service 4-19 v1.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 4-12 2. Select the queue to which packets will of this policy-class will be assigned . 3. Configure the policy attributes:. • Drop. Select this option to drop packets for this policy-class. 4-20 Configuring Quality of Service v1.
GS108T and GS110TP Smart Switch Software Administration Manual • Mark CoS. Enter the specified Class of Service queue number to mark all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header. If the packet does not already contain this header, one is inserted. The CoS value is an integer from 0–7. • Mark IP Precedence.
GS108T and GS110TP Smart Switch Software Administration Manual • • Mark IP DSCP. These packets are marked by DiffServ with the specified DSCP value before being presented to the system forwarding element. This selection requires that the DSCP value field be set. Violate Action. Determines what happens to packets that are considered non-conforming (above the police rate). Select one of the following actions: • Send.
GS108T and GS110TP Smart Switch Software Administration Manual Service Configuration Use the Service Configuration page to activate a policy on an interface. To display the page, click QoS DiffServ Advanced Service Configuration. Figure 4-13 To configure DiffServ policy settings on an interface: 1. To configure DiffServ policy settings for a physical port, click PORTS. 2. To configure DiffServ policy settings for a Link Aggregation Group (LAG), click LAGS. 3.
GS108T and GS110TP Smart Switch Software Administration Manual 6. To remove a policy from the selected interface(s) select None from the Policy In menu, and then click Apply. 7. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. Service Statistics Use the Service Statistics page to display service-level statistical information about all interfaces that have DiffServ policies attached.
GS108T and GS110TP Smart Switch Software Administration Manual Table 4-2. Service Statistics Fields (continued) Field Description Operational Status Displays the operational status of this service interface, which is either Up or Down. Discarded Packets Displays the total number of packets discarded for all class instances in this service policy for any reason due to DiffServ treatment. This is the overall count per-interface, per-direction.
GS108T and GS110TP Smart Switch Software Administration Manual 4-26 Configuring Quality of Service v1.
Chapter 5 Managing Device Security Use the features available from the Security tab to configure management security settings for port, user, and server security.
GS108T and GS110TP Smart Switch Software Administration Manual Change Password Use the page to change the login password. To display the page, click Security Management Security User Configuration Change Password. Figure 5-1 To change the login password for the management interface: 1. Specify the current password in the Old Password. The entered password will be displayed in asterisks (*). Passwords are 1–20 alphanumeric characters in length and are case sensitive. 2. Enter the new password.
GS108T and GS110TP Smart Switch Software Administration Manual RADIUS Configuration RADIUS servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information. The switch passes information to the configured RADIUS server, which can authenticate a user name and password before authorizing use of the network. RADIUS servers provide a centralized authentication method for: • Web Access • Access Control Port (802.
GS108T and GS110TP Smart Switch Software Administration Manual The Current Server IP Address field is blank if no servers are configured (see “RADIUS Server Configuration” on page 5-5). The switch supports up to three configured RADIUS servers. If more than one RADIUS servers are configured, the current server is the server configured as the primary server. If no servers are configured as the primary server, the current server is the most recently added RADIUS server.
GS108T and GS110TP Smart Switch Software Administration Manual RADIUS Server Configuration Use the RADIUS Server Configuration page to view and configure various settings for the current RADIUS server configured on the system. To access the RADIUS Server Configuration page, click Security Management Security, and then click the RADIUS Server Configuration link. Figure 5-3 To configure a RADIUS server: 1. To add a RADIUS server, specify the settings the following list describes, and click Add.
GS108T and GS110TP Smart Switch Software Administration Manual 2. To modify settings for a RADIUS server that is already configured on the switch, select the check box next to the server address, update the desired fields, and click Apply. 3. Click Refresh to update the page with the most current information. 4. To delete a configured RADIUS server, select the check box next to the server address, and then click Delete. 5.
GS108T and GS110TP Smart Switch Software Administration Manual Table 5-1. RADIUS Server Statistics Fields (continued) Field Description Unknown Types The number of RADIUS packets of unknown type which were received from this server on the authentication port. Packets Dropped The number of RADIUS packets received from this server on the authentication port and dropped for some other reason.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-4 To configure the RADIUS accounting server: 1. In the Accounting Server Address field, specify the IP address of the RADIUS accounting server to add. 2. In the Port field, specify the UDP port number the server uses to verify the RADIUS accounting server authentication. The valid range is 0–65535. 3. From the Secret Configured menu, select Yes to add a RADIUS secret in the next field.
GS108T and GS110TP Smart Switch Software Administration Manual 7. To delete a configured RADIUS Accounting server, click Delete. 8. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. The following table describes RADIUS accounting server statistics available on the page. Table 5-2. RADIUS Accounting Server Statistics Fields Field Description Accounting Server Address Displays the IP address of the supported RADIUS accounting server.
GS108T and GS110TP Smart Switch Software Administration Manual Configuring TACACS+ TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services: • Authentication: Provides authentication during login and via user names and user-defined passwords. • Authorization: Performed at login.
GS108T and GS110TP Smart Switch Software Administration Manual To configure global TACACS+ settings: 1. In the Key String field, specify the authentication and encryption key for TACACS+ communications between the GS108T or GS110TP and the TACACS+ server. The valid range is 0–128 characters. The key must match the key configured on the TACACS+ server. 2.
GS108T and GS110TP Smart Switch Software Administration Manual Note: The Add option is available if fewer than five TACACS+ servers are configured on the system, and the Server Address field is only available when Add is selected in the TACACS+ Server IP Address field. After you add one or more TACACS+ servers, additional fields appear on the TACACS+ Server Configuration page. Figure 5-7 2. In the Priority field, specify the order in which the TACACS+ servers are used.
GS108T and GS110TP Smart Switch Software Administration Manual Authentication List Configuration Use the Authentication List page to configure the default login list. A login list specifies one or more authentication methods to validate switch or port access for the admin user. Note: Admin is the only user on the system and is assigned to a preconfigured list named defaultList, which you cannot delete.
GS108T and GS110TP Smart Switch Software Administration Manual • RADIUS: The user's ID and password will be authenticated using the RADIUS server. If you select RADIUS or TACACS+ as the first method and an error occurs during the authentication, the switch uses Method 2 to authenticate the user. • TACACS+: The user's ID and password will be authenticated using the TACACS+ server.
GS108T and GS110TP Smart Switch Software Administration Manual HTTP Configuration Use the HTTP Configuration page to configure the HTTP server settings on the system. To access the HTTP Configuration page, click the Security tab, then click Access, and then click the HTTP HTTP Configuration link. Figure 5-9 To configure the HTTP server settings: 1. Enable or disable the Web Java Mode. This applies to both secure and un-secure HTTP connections.
GS108T and GS110TP Smart Switch Software Administration Manual 4. In the Maximum Number of HTTP Sessions field, specify the maximum number of HTTP sessions that can exist at the same time. The value must be in the range of (0–16). The default value is 16. The currently configured value is shown when the Web page is displayed. 5. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 6.
GS108T and GS110TP Smart Switch Software Administration Manual To configure HTTPS settings: 1. Use the radio buttons in the HTTPS Admin Mode field to enable or disable the Administrative Mode of Secure HTTP. The currently configured value is shown when the Web page is displayed. The default value is Disable. You can only download SSL certificates when the HTTPS Admin mode is disabled. 2. Use the radio buttons in the SSL Version 3 field to enable or disable Secure Sockets Layer Version 3.0.
GS108T and GS110TP Smart Switch Software Administration Manual Certificate Download For the Web server on the switch to accept HTTPS connections from a management station, the Web server needs a public key certificate. You can generate a certificate externally (for example, off-line) and download it to the switch. To display the Certificate Download page, click Security Access, and then click the HTTPS Certificate Download link. Downloading SSL Certificates.
GS108T and GS110TP Smart Switch Software Administration Manual • SSL DH Weak Encryption Parameter PEM File. SSL Diffie-Hellman Weak Encryption Parameter File (PEM Encoded). • SSL DH Strong Encryption Parameter PEM File. SSL Diffie-Hellman Strong Encryption Parameter File (PEM Encoded). 2. In the TFTP Server IP field, specify the address of the TFTP server. The address can be an IP address in standard x.x.x.x format or a hostname. The hostname must start with a letter of the alphabet.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-12 To configure an Access Profile: 1. In the Access Profile Name field, specify the name of the access profile to be added. The maximum length is 32 characters. 2. To activate an access profile, select the Activate Profile check box. You cannot add rules to an active profile. 3. To deactivate an access profile, select the Deactivate Profile check box. 4. To remove an access profile, select the Remove Profile check box.
GS108T and GS110TP Smart Switch Software Administration Manual The Profile Summary table shows the rules that are configured for the profile, as the following table describes. Table 5-3. Profile Summary Fields Field Description Rule Type Identifies the action the rule takes, which is either Permit or Deny.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-13 Before you create access rules, make sure: • An access profile exists. • The access profile is deactivated. To configure access profile rules: 1. To add an access profile rule, configure the following settings and click Add. • • Rule Type: Specify whether the rule permits or denies access to the GS108T or GS110TP management interface.
GS108T and GS110TP Smart Switch Software Administration Manual • Source IP Address. Specify the IP Address of the client originating the management traffic. • Mask. Specify the subnet mask associated with the IP address. The subnet mask is a standard subnet mask, and not an inverse (wildcard) mask that you use with IP ACLs. • Priority. Configure priority to the rule. The rules are validated against the incoming management request in the ascending order of their priorities.
GS108T and GS110TP Smart Switch Software Administration Manual From the Port Authentication link, you can access the following pages: • Basic: • • “802.1X Configuration” on page 5-24 Advanced: • “Port Authentication” on page 5-25 • “Port Summary” on page 5-30 802.1X Configuration Use the 802.1X Configuration page to enable or disable port access control on the system. To display the 802.1X Configuration page, click Security Port Authentication Basic 802.1X Configuration.
GS108T and GS110TP Smart Switch Software Administration Manual Note: If 802.1X is enabled, authentication is performed by a RADIUS server. This means the primary authentication method must be RADIUS. To set the method, go to Security > Management Security > Authentication List and select RADIUS as method 1 for defaultList. For more information, see “Authentication List Configuration” on page 5-13. • Disable. The switch does not check for 802.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-15 Figure 5-16 5-26 Managing Device Security v1.
GS108T and GS110TP Smart Switch Software Administration Manual To configure 802.1X settings for the port: 1. Select the check box next to the port to configure. You can also select multiple check boxes to apply the same settings to the select ports, or select the check box in the heading row to apply the same settings to all ports. 2. For the selected port(s), specify the following settings: • Port Control. Defines the port authorization state.
GS108T and GS110TP Smart Switch Software Administration Manual • Resending EAP. This input field allows you to configure the transmit period for the selected port. The transmit period is the value, in seconds, of the timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request/Identify frame to the supplicant. The transmit period must be a number in the range of 1–65535. The default value is 30.
GS108T and GS110TP Smart Switch Software Administration Manual • • • • • Backend State. This field displays the current state of the backend authentication state machine. Possible values are as follows: • • • • • • • • Aborting Held ForceAuthorized ForceUnauthorized Request Response Success Fail Timeout Initialize Idle EAPOL Flood Mode. This field is used to enable or disable the EAPOL Flood mode per Interface.The default value is Disable. 3.
GS108T and GS110TP Smart Switch Software Administration Manual Port Summary Use the Port Summary page to view information about the port access control settings on a specific port. To access the Port Summary page, click Security Port Authentication Advanced Port Summary. Figure 5-17 5-30 Managing Device Security v1.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the fields on the Port Summary page. Table 5-4. Port Summary Fields Field Description Port The port whose settings are displayed in the current table row. Control Mode Defines the port authorization state. The control mode is only set if the link status of the port is link up. The possible field values are: • Auto: Automatically detects the mode of the interface.
GS108T and GS110TP Smart Switch Software Administration Manual Traffic Control From the Traffic Control link, you can configure MAC Filters, Storm Control, Port Security, and Protected Port settings. To display the page, click the Security Traffic Control tab.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-18 To configure MAC filter settings: 1. To configure a new MAC filter: a. Select Create Filter from the MAC Filter menu. If no filters have been configured, this is the only option available. b. From the VLAN ID menu, select the VLAN to use with the MAC address to fully identify packets you want filtered. You can change this field only when the Create Filter option is selected from the MAC Filter menu. c.
GS108T and GS110TP Smart Switch Software Administration Manual e. Click the orange bar to display the available ports and select the port(s) you to include in the outbound filter. Packets with the MAC address and VLAN ID you selected will be transmitted only out of ports that are in the list. Destination ports can be included only in the Multicast filter. 2. To delete a configured MAC Filter, select it from the menu, and then click Delete. 3.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the information displayed on the page: Table 5-5. MAC Filter Summary Fields Field Description MAC Address Identifies the MAC address that is filtered. VLAN ID The VLAN ID used with the MAC address to fully identify packets you want filtered. You can only change this field when you have selected the Create Filter option. Source Port Members Displays the ports included in the inbound filter.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-20 To configure storm control settings: 1. Select the check box next to the port to configure. Select multiple check boxes to apply the same setting to all selected ports. Select the check box in the heading row to apply the same settings to all ports. 2. From the Ingress Control Mode menu, select the mode of broadcast affected by storm control. • Disable. Do not use storm control. • Unknown Unicast.
GS108T and GS110TP Smart Switch Software Administration Manual • Multicast. If the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. • Broadcast. If the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. 3. In the Threshold field, specify the maximum rate at which unknown packets are forwarded.
GS108T and GS110TP Smart Switch Software Administration Manual To configure the global port security mode: 1. In the Port Security Mode field, select the appropriate radio button to enable or disable port security on the switch. 2. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 3. If you change the mode, click Apply to apply the change to the system.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-22 To configure port security settings: 1. To configure port security settings for a physical port, click PORTS. 2. To configure port security settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure port security settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure. Select multiple check boxes to apply the same setting to all selected interfaces.
GS108T and GS110TP Smart Switch Software Administration Manual • Max Allowed Statically Locked MAC. Sets the maximum number of statically locked MAC addresses on the selected interface. Valid range is 0–20. • Enable Violation Traps. Enables or disables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port. 6. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 7.
GS108T and GS110TP Smart Switch Software Administration Manual The Dynamic MAC Address Table shows the MAC addresses and their associated VLANs learned on the selected port. Use the Port List menu to select the interface for which you want to display data. Table 5-7. Dynamic MAC Address Table Fields Field Description VLAN ID Displays the VLAN ID corresponding to the Last Violation MAC address. MAC Address Displays the MAC addresses learned on a specific port.
GS108T and GS110TP Smart Switch Software Administration Manual 2. Click the box below each port to configure as a protected port. Protected ports are marked with an X. No traffic forwarding is possible between two protected ports. 3. Click Refresh to refresh the page with the most current data from the switch. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 5.
GS108T and GS110TP Smart Switch Software Administration Manual ACL Wizard The ACL Wizard simplifies the ACL rule configuration process. The Wizard contains a short list of access criteria that you can either permit or deny. When you select the permit or deny link associated with the access criteria, you are redirected to a page that is automatically configured with several of the settings.
GS108T and GS110TP Smart Switch Software Administration Manual • • To permit or deny traffic based on the TCP or UDP Source Port ID, create an Extended ACL. To permit or deny traffic based on the TCP or UDP Destination Port ID, create an Extended ACL. 2. Click the Permit or Deny link associated with the access criteria on the ACL Wizard page. The switch redirects you to a page that contains the fields to configure the ACL rule, and several of the fields are preconfigured.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-26 The MAC ACL table displays the number of ACLs currently configured in the switch and the maximum number of ACLs that can be configured. The current size is equal to the number of configured IPv4 ACLs plus the number of configured MAC ACLs. To configure a MAC ACL: 1. To add a MAC ACL, specify a name for the MAC ACL in the Name field, and click Add.
GS108T and GS110TP Smart Switch Software Administration Manual MAC Rules Use the MAC Rules page to define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default 'deny all' rule is the last rule of every list. To display the MAC Rules page, click Security ACL, then click the Basic MAC Rules link. Figure 5-27 To configure MAC ACL rules: 1.
GS108T and GS110TP Smart Switch Software Administration Manual • Destination MAC. Requires an Ethernet frame’s destination port MAC address to match the address listed here. Enter a MAC address in this field. The valid format is xx:xx:xx:xx:xx:xx. • Destination MAC Mask. If desired, enter the MAC Mask associated with the Destination MAC to match. The MAC address mask specifies which bits in the destination MAC to compare against an Ethernet frame.
GS108T and GS110TP Smart Switch Software Administration Manual MAC Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the MAC Binding Configuration page to assign MAC ACL lists to ACL Priorities and Interfaces. To display the MAC Binding Configuration page, click Security ACL, then click the Basic MAC Binding Configuration link. Figure 5-28 To configure MAC ACL interface bindings: 1.
GS108T and GS110TP Smart Switch Software Administration Manual 3. Click the appropriate orange bar to expose the available ports or LAGs. • To add the selected ACL to a port or LAG, click the box directly below the port or LAG number so that an X appears in the box. • To remove the selected ACL from a port or LAG, click the box directly below the port or LAG number to clear the selection. An X in the box indicates that the ACL is applied to the interface. 4.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the information displayed in the MAC Binding Table. Table 5-8. MAC ACL Rule Configuration Fields Field Description Interface Displays the interface to which the MAC ACL is bound. Direction Specifies the packet filtering direction for ACL. The only valid direction is Inbound, which means the MAC ACL rules are applied to traffic entering the port.
GS108T and GS110TP Smart Switch Software Administration Manual The IP ACL area shows the current size of the ACL table versus the maximum size of the ACL table. The current size is equal to the number of configured IPv4 plus the number of configured MAC ACLs. The maximum size is 100. To configure an IP ACL: 1. In the IP ACL ID field, specify the ACL ID. The ID is an integer in the following range: • 1–99: Creates an IP Standard ACL, which allows you to permit or deny traffic from a source IP address.
GS108T and GS110TP Smart Switch Software Administration Manual IP Rules Use the IP Rules page to define rules for IP-based standard ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: There is an implicit “deny all” rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit “deny all” rule applies and the packet is dropped.
GS108T and GS110TP Smart Switch Software Administration Manual • Assign Queue ID. Specifies the hardware egress queue identifier used to handle all packets matching this ACL rule. Enter an identifying number from 0–3 in the appropriate field. • Match Every. Requires a packet to match the criteria of this ACL. Select True or False from the drop down menu. Match Every is exclusive to the other filtering rules, so if Match Every is True, the other rules on the screen are not available.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-31 To configure rules for an IP ACL: 1. To add an IP ACL rule, select the ACL ID to add the rule to, select the check box in the Extended ACL Rule table, and click Add. The page displays the extended ACL Rule Configuration fields, as Figure 5-32 on page 5-55 shows. 5-54 Managing Device Security v1.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-32 2. Configure the new rule. • Rule ID. Specify a number from 1–10 to identify the IP ACL rule. You can create up to 10 rules for each ACL. • Action. Selects the ACL forwarding action, which is one of the following: • Permit. Forwards packets which meet the ACL criteria. • Deny. Drops packets which meet the ACL criteria. • Egress Queue.
GS108T and GS110TP Smart Switch Software Administration Manual • Protocol Type. Requires a packet’s protocol to match the protocol listed here. Select a type from the drop down menu or enter the protocol number in the available field. • Src IP Address. Requires a packet’s source IP address to match the address listed here. Type an IP Address in the appropriate field using dotted-decimal notation. The address you enter is compared to a packet's source IP Address. • Src IP Mask.
GS108T and GS110TP Smart Switch Software Administration Manual • Service Type. Choose one of the Service Type match conditions for the extended IP ACL rule. The possible values are IP DSCP, IP precedence, and IP TOS, which are alternative ways of specifying a match criterion for the same Service Type field in the IP header, however each uses a different user notation. After you select the service type, specify the value associated with the type. • IP DSCP: Specify the IP DiffServ Code Point (DSCP) value.
GS108T and GS110TP Smart Switch Software Administration Manual IP Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the IP Binding Configuration page to assign ACL lists to ACL Priorities and Interfaces. To display the IP Binding Configuration page, click Security ACL, then click the Advanced IP Binding Configuration link. Figure 5-33 To configure IP ACL interface bindings: 1.
GS108T and GS110TP Smart Switch Software Administration Manual 3. Click the appropriate orange bar to expose the available ports or LAGs. • To add the selected ACL to a port or LAG, click the box directly below the port or LAG number so that an X appears in the box. • To remove the selected ACL from a port or LAG, click the box directly below the port or LAG number to clear the selection. An X in the box indicates that the ACL is applied to the interface. 4.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the information displayed in the MAC Binding Table. Table 5-9. IP ACL Binding Table Fields Field Description Interface Displays the interface to which the IP ACL is bound. Direction Specifies the packet filtering direction for ACL. The only valid direction is Inbound, which means the IP ACL rules are applied to traffic entering the port.
Chapter 6 Monitoring the System Use the features available from the Monitoring tab to view a variety of information about the switch and its ports and to configure how the switch monitors events. The Monitoring tab contains links to the following features: • “Ports” on page 6-1 • “System Logs” on page 6-14 • “Port Mirroring” on page 6-24 Ports The pages available from the Ports link contain a variety of information about the number and type of traffic transmitted from and received on the switch.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 6-1 The following table describes the Switch Statistics displayed on the screen. Table 6-1. Switch Statistics Fields Field Description ifIndex This object indicates the ifIndex of the interface table entry associated with the processor of this switch. Octets Received The total number of octets of data received by the processor (excluding framing bits, but including FCS octets).
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-1. Switch Statistics Fields (continued) Field Description Multicast Packets Received The total number of packets received that were directed to a multicast address. This number does not include packets directed to the broadcast address. Broadcast Packets Received The total number of packets received that were directed to the broadcast address. This does not include multicast packets.
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-1. Switch Statistics Fields (continued) Field Description VLAN Deletes The number of VLANs on this switch that have been created and then deleted since the last reboot. Time Since Counters Last Cleared The elapsed time, in days, hours, minutes, and seconds, since the statistics for this switch were last cleared.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the per-port statistics displayed on the screen. Table 6-2. Port Statistics Fields Field Description Interface Lists the ports on the system. Total Packets Received Without Errors The total number of packets received that were without errors. Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 6-3 The following table describes the detailed port information displayed on the screen. To view information about a different port, select the port number from the Interface menu. Table 6-3. Port Detailed Statistics Fields Field Description Interface Use the drop down menu to select the interface for which data is to be displayed or configured. MST ID Displays the created or existing MSTs. 6-6 Monitoring the System v1.
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description ifIndex This field indicates the ifIndex of the interface table entry associated with this port on an adapter. Port Type For most ports this field is blank. Otherwise the possible values are: • Mirrored: Indicates that the port has been configured as a monitoring port and is the source port in a port mirroring session.
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Physical Mode Indicates the port speed and duplex mode. In auto-negotiation mode, the duplex mode and speed are set from the auto-negotiation process. Physical Status Indicates the port speed and duplex mode status. Link Status Indicates whether the link is up or down. Link Trap This object determines whether or not to send a trap when link status changes.
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Packets Received 65-127 Octets The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Fragments Received The total number of packets received that were less than 64 octets in length with ERROR CRC (excluding framing bits but including FCS octets). Undersize Received The total number of packets received that were less than 64 octets in length with GOOD CRC (excluding framing bits but including FCS octets).
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Packets Transmitted 64 Octets The total number of packets (including bad packets) transmitted that were 64 octets in length (excluding framing bits but including FCS octets).
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Underrun Errors The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission. Total Transmit Packets Discarded The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded.
GS108T and GS110TP Smart Switch Software Administration Manual EAP Statistics Use the EAP Statistics page to display information about EAP packets received on a specific port. To display the EAP Statistics page, click the Monitoring Ports tab, and then click the EAP Statistics link. Figure 6-4 The following table describes the EAP statistics displayed on the screen. Table 6-4. EAP Statistics Fields Field Description Ports Specifies the interface which is polled for statistics.
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-4. EAP Statistics Fields (continued) Field Description Invalid Frames Received Displays the number of unrecognized EAPOL frames received on this port. Length Error Frames Received Displays the number of EAPOL frames with an invalid Packet Body Length received on this port. Response/ID Frames Received Displays the number of EAP Respond ID frames that have been received on the port.
GS108T and GS110TP Smart Switch Software Administration Manual Memory Logs The in-memory log stores messages in memory based upon the settings for message component and severity. Use the Memory Logs page to set the administrative status and behavior of logs in the system buffer. These log messages are cleared when the switch reboots. To access the Memory Log page, click the Monitoring Logs tab, and then click the Memory Log link. Figure 6-5 To configure the Memory Log settings: 1.
GS108T and GS110TP Smart Switch Software Administration Manual • Stop on Full: When the buffer is full, the system stops logging new messages and preserves all existing log messages. 3. If you change the buffered log settings, click Apply to apply the changes to the system and the changes will be saved. The Memory Log table also appears on the Memory Log page. Table 6-5. Memory Log Table Fields Field Description Total Number of Messages Displays the number of messages the system has logged in memory.
GS108T and GS110TP Smart Switch Software Administration Manual FLASH Log Configuration The FLASH log is a log that is stored in persistent storage, which means that the log messages are retained across a switch reboot. • The first log type is the system startup log. The system startup log stores the first N messages received after system reboot. This log always has the log full operation attribute set to stop on full and can store up to 32 messages. • The second log type is the system operation log.
GS108T and GS110TP Smart Switch Software Administration Manual To configure the FLASH Log settings: 1. Use the radio buttons in the Admin Status field to determine whether to log messages to persistent storage. • Enable: Enables persistent logging. • Disable: Prevents the system from logging messages in persistent storage. 2. From the Severity Filter field, specify the type of log messages to record. A log records messages equal to or above a configured severity threshold.
GS108T and GS110TP Smart Switch Software Administration Manual Server Log Configuration Use the Server Log Configuration page to allow the switch to send log messages to the remote logging hosts configured on the system. To access the Server Log Configuration page, click the Monitoring Logs tab, and then click the Server Log link. Figure 6-7 To configure local log server settings: 1.
GS108T and GS110TP Smart Switch Software Administration Manual The Server Log Configuration area also displays the following information: • The Messages Relayed field shows the number of messages forwarded by the syslog function to a syslog host. Messages forwarded to multiple hosts are counted once for each host. • The Messages Ignored field shows the number of messages that were ignored. To configure a remote log server 1.
GS108T and GS110TP Smart Switch Software Administration Manual 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. The Status field in the Server Configuration table shows whether the remote logging host is currently active. Trap Logs Use the Trap Logs page to view information about the SNMP traps generated on the switch. To access the Trap Logs page, click the Monitoring Logs tab, and then click the Trap Logs link.
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-6. Trap Log Statistics (continued) Field Description Trap Log Capacity The maximum number of traps stored in the log. If the number of traps exceeds the capacity, the entries will overwrite the oldest entries. Number of Traps Since Log Last Viewed The number of traps that have occurred since the traps were last displayed.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 6-9 The following table describes the Event Log information displayed on the screen. Table 6-8. Event Log Fields Field Description Entry The number of the entry within the event log. The most recent entry is first. Type Specifies the type of entry. Filename The GS108T or GS110TP source code filename identifying the code that detected the event. Line The line number within the source file of the code that detected the event.
GS108T and GS110TP Smart Switch Software Administration Manual Port Mirroring The page under the Mirroring link allows you to view and configure port mirroring on the system. Multiple Port Mirroring Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch. As such, many switch ports are configured as source ports and one switch port is configured as a destination port.
GS108T and GS110TP Smart Switch Software Administration Manual To configure Port Mirroring: 1. Select the check box next to a port to configure it as a source port. 2. In the Destination Port field, specify the port to which port traffic is be copied. Use the g1, g2,...format to specify the port. You can configure only one destination port on the system. 3. From the Session Mode menu, select the mode for port mirroring on the selected port: • Enable. Multiple Port Mirroring is active on the selected port.
GS108T and GS110TP Smart Switch Software Administration Manual 6-26 Monitoring the System v1.
Chapter 7 Maintenance Use the features available from the Maintenance tab to help you manage the switch.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 7-1 To reboot the switch: 1. Select the check box on the page. 2. Click Apply. The switch resets immediately. The management interface is not available until the switch completes the boot cycle. After the switch resets, the login screen appears. Factory Default Use the Factory Default page to reset the system configuration to the factory default values.
GS108T and GS110TP Smart Switch Software Administration Manual To access the Factory Defaults page, click Maintenance Reset Factory Default. Figure 7-2 To reset the switch to the factory default settings: 1. Select the check box on the page. 2. Click Apply. The switch resets immediately. Upload File From Switch Use the File Upload page to upload configuration (ASCII), log (ASCII), and image (binary) files from the switch to the TFTP server. Maintenance 7-3 v1.
GS108T and GS110TP Smart Switch Software Administration Manual To display the File Upload page, click Maintenance Upload File Upload. Figure 7-3 To upload a file from the switch to the TFTP server: 1. Use the File Type menu to specify the type of file you want to upload: • Code: Uploads a stored code image. • Text Configuration: Uploads the text configuration file. • Error Log: Uploads the system error (persistent) log, sometimes referred to as the event log.
GS108T and GS110TP Smart Switch Software Administration Manual 5. In the Transfer File Path field, specify the path on the TFTP server where you want to put the file. You may enter up to 32 characters. Include the backslash at the end of the path. A path name with a space is not accepted. Leave this field blank to save the file to the root TFTP directory. 6. In the Transfer File Name field, specify a destination file name for the file to upload. You may enter up to 32 characters.
GS108T and GS110TP Smart Switch Software Administration Manual To access the TFTP File Download page, click Maintenance Download TFTP File Download. Figure 7-4 Before you download a file to the switch, the following conditions must be true: • The file to download from the TFTP server is on the server in the appropriate directory. • The file is in the correct format. • The switch has a path to the TFTP server. To download a file to the switch from a TFTP server: 1.
GS108T and GS110TP Smart Switch Software Administration Manual • Boot Code: The boot code used to automatically boot the system. • SSL Trusted Root Certificate PEM File: SSL Trusted Root Certificate File (PEM Encoded). • SSL Server Certificate PEM File: SSL Server Certificate File (PEM Encoded). • SSL DH Weak Encryption Parameter PEM File: SSL Diffie-Hellman Weak Encryption Parameter File (PEM Encoded).
GS108T and GS110TP Smart Switch Software Administration Manual HTTP File Download Use the HTTP File Download page to download files of various types to the switch using an HTTP session (for example, via your Web browser). To display this page, click Maintenance Download HTTP File Download. Figure 7-5 To download a file to the switch from by using HTTP: 1.
GS108T and GS110TP Smart Switch Software Administration Manual • SSL Trusted Root Certificate PEM File: SSL Trusted Root Certificate File (PEM Encoded). • SSL Server Certificate PEM File: SSL Server Certificate File (PEM Encoded). • SSL DH Weak Encryption Parameter PEM File: SSL Diffie-Hellman Weak Encryption Parameter File (PEM Encoded). • SSL DH Strong Encryption Parameter PEM File: SSL Diffie-Hellman Strong Encryption Parameter File (PEM Encoded). 2.
GS108T and GS110TP Smart Switch Software Administration Manual Dual Image Configuration The system running a legacy software version will ignore (not load) a configuration file created by the newer software version. When a configuration file created by the newer software version is discovered by the system running an older version of the software, the system will display an appropriate warning to the user.
GS108T and GS110TP Smart Switch Software Administration Manual Note: After activating an image, you must perform a system reset of the switch in order to run the new code. 4. To remove the selected image from permanent storage on the switch, select the Delete Image check box. You cannot delete the active image. 5. Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch. 6. Click Apply to apply the settings to the switch.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the information on the Dual Image Status page. Table 7-1. Dual Image Status Fields Field Description Unit The unit ID of the switch is always 1. Image1 Ver Displays the version of the image1 code file. Image2 Ver Displays the version of the image2 code file. Current-active Displays the currently active image on this switch. Next-active Displays the image to be used on the next restart of this switch.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 7-8 To configure the settings and ping a host on the network: 1. In the Hostname/IP Address field, specify the IP address or the hostname of the station you want the switch to ping. The initial value is blank. This information is not retained across a power cycle. 2. Optionally, configure the following settings: • Count. Specify the number of pings to send. The valid range is 1–15. • Interval.
GS108T and GS110TP Smart Switch Software Administration Manual Traceroute Use the Traceroute utility to discover the paths that a packet takes to a remote destination. To display this page, click Maintenance Troubleshooting Traceroute. Figure 7-9 To configure the Traceroute settings and send probe packets to discover the route to a host on the network: 1. In the Hostname/IP Address field, specify the IP address or the hostname of the station you want the switch to ping. The initial value is blank.
GS108T and GS110TP Smart Switch Software Administration Manual • InitTTL. Specify the initial time-to-live for a packet in number of hops. The valid range is 0– 255. • MaxFail. Specify the maximum number of failures allowed in the session. The valid range is 0–255. • Interval. Specify the time between probes in seconds. The valid range is 1–60. • Port. Specify the UDP destination port in probe packets. The valid range is 1–65535. • Size. Specify the size of probe packets.
GS108T and GS110TP Smart Switch Software Administration Manual 7-16 Maintenance v1.
Chapter 8 Help Use the features available from the Help tab to connect to online resources for assistance. The Help tab contains a link to “Online Help”. Online Help The Online Help includes the following pages: • “Support” on page 8-1 • “User Guide” on page 8-2 Support Use the Support page to connect to the Online Support site at netgear.com. To access the Support page, click Help Support. Figure 8-1 To connect to the NETGEAR support site for the GS108T or GS110TP, click Apply. 8-1 v1.
GS108T and GS110TP Smart Switch Software Administration Manual User Guide Use the User Guide page to access the GS108T and GS110TP Smart Switch Software Administration Manual (the guide you are now reading) that is available on the NETGEAR Website. To access the User Guide page, click Help User Guide. Figure 8-2 To access to the User Guide that is available online, click Apply. 8-2 Help v1.
Appendix A Hardware Specifications and Default Values GS108T Gigabit Smart Switch and GS110TP Gigabit Smart Switch Specifications The GS108T Gigabit Smart Switch and GS110TP Gigabit Smart Switch conform to the TCP/IP, UDP, HTTP, ICMP, TFTP, DHCP, IEEE 802.1D, IEEE 802.1p, and IEEE 802.1Q standards. Table A-1. GS108 Specifications Feature Value Interfaces Eight 10/100/1000 Ethernet ports PoE PoE-Powered Device Flash memory size 16 MB SRAM size and type 64 MB DDR Table A-2.
GS108T and GS110TP Smart Switch Software Administration Manual Table A-3.
GS108T and GS110TP Smart Switch Software Administration Manual Table A-5. Traffic Control Feature Sets Supported Default Storm control All ports Disabled Jumbo frame All ports Disabled Max = 9216 bytes Table A-6. Quality Of Service Feature Sets Supported Default Number of queues 4 N/A Port based N/A N/A 802.1p 1 Enabled DSCP 1 Disabled Rate limiting All ports Disabled Auto-QoS All ports Disabled Feature Sets Supported Default 802.
GS108T and GS110TP Smart Switch Software Administration Manual Table A-8. System Setup Feature Sets Supported Default Boot code update 1 N/A DHCP/manual IP 1 DHCP enabled/192.168.0.239 Default gateway 1 192.168.0.
GS108T and GS110TP Smart Switch Software Administration Manual Table A-10. Other Features Feature Sets Supported Default IGMP snooping v1/v2 All ports Disabled Configurations upload/download 1 N/A EAPoL flooding All ports Disabled BPDU flooding All ports Disabled Static multicast groups 8 Disabled Filter multicast control 1 Disabled Hardware Specifications and Default Values v1.
GS108T and GS110TP Smart Switch Software Administration Manual A-6 Hardware Specifications and Default Values v1.
Appendix B Configuration Examples This chapter contains information about how to configure the following features: • “Virtual Local Area Networks (VLANs)” on page B-1 • “Access Control Lists (ACLs)” on page B-4 • “Differentiated Services (DiffServ)” on page B-7 • “802.1X” on page B-12 • “MSTP” on page B-15 Virtual Local Area Networks (VLANs) A local area network (LAN) can generally be defined as a broadcast domain.
GS108T and GS110TP Smart Switch Software Administration Manual VLANs have a number of advantages: • It is easy to do network segmentation. Users that communicate most frequently with each other can be grouped into common VLANs, regardless of physical location. Each group’s traffic is contained largely within the VLAN, reducing extraneous traffic and improving the efficiency of the whole network. • They are easy to manage.
GS108T and GS110TP Smart Switch Software Administration Manual VLAN Example Configuration This example demonstrates several scenarios of VLAN use and describes how the switch handles tagged and untagged traffic. In this example, you create two new VLANs, change the port membership for default VLAN 1, and assign port members to the two new VLANs: 1. In the Basic VLAN Configuration screen (see “VLAN Configuration” on page 3-11), create the following VLANs: • A VLAN with VLAN ID 10. • A VLAN with VLAN ID 20.
GS108T and GS110TP Smart Switch Software Administration Manual Access Control Lists (ACLs) ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and provide security for the network.
GS108T and GS110TP Smart Switch Software Administration Manual 2. From the MAC Rules screen, create a rule for the Sales_ACL with the following settings: • ID: 1 • Action: Permit • Assign Queue: 0 • Match Every: False • CoS: 0 • Destination MAC: 01:02:1A:BC:DE:EF • Destination MAC Mask: 00:00:00:00:FF:FF • Source MAC: 02:02:1A:BC:DE:EF • Source MAC Mask: 00:00:00:00:FF:FF • VLAN ID: 2 For more information about MAC ACL rules, see “MAC Rules” on page 5-46. 3.
GS108T and GS110TP Smart Switch Software Administration Manual You can assign an optional sequence number to indicate the order of this access list relative to other access lists if any are already assigned to this interface and direction. 4. The MAC Binding Table displays the interface and MAC ACL binding information (See “MAC Binding Table” on page 5-49). The ACL named Sales_ACL looks for Ethernet frames with destination and source MAC addresses and MAC masks defined in the rule.
GS108T and GS110TP Smart Switch Software Administration Manual 6. From the IP Binding Configuration page, assign ACL ID 1 to the interface gigabit ports 2, 3, and 4, and assign a sequence number of 1 (See “IP Binding Configuration” on page 5-58). By default, this IP ACL is bound on the inbound direction, so it examines traffic as it enters the switch. 7. Click Apply. 8. Use the IP Binding Table screen to view the interfaces and IP ACL binding information (See “IP Binding Table” on page 5-59).
GS108T and GS110TP Smart Switch Software Administration Manual The DiffServ feature contains a number of conceptual QoS building blocks you can use to construct a differentiated service network. Use these same blocks in different ways to build other types of QoS architectures. There are 3 key QoS building blocks needed to configure DiffServ: • Class • Policy • Service (i.e.
GS108T and GS110TP Smart Switch Software Administration Manual You can combine these classifiers with logical AND or OR operations to build complex MFclassifiers (by specifying a class type of all or any, respectively). That is, within a single class, multiple match criteria are grouped together as an AND expression or a sequential OR expression, depending on the defined class type. Only classes of the same type can be nested; class nesting does not allow for the negation (i.e.
GS108T and GS110TP Smart Switch Software Administration Manual • Policing: a method of constraining incoming traffic associated with a particular class so that it conforms to the terms of the TCS. Special treatment can be applied to out-of-profile packets that are either in excess of the conformance specification or are non-conformant. The DiffServ feature supports the following types of traffic policing treatments (actions): • drop: the packet is dropped • mark cos: the 802.
GS108T and GS110TP Smart Switch Software Administration Manual 3. Configure the following settings for Class1: • Protocol Type: UDP • Source IP Address: 192.12.1.0 • Source Mask: 255.255.255.0 • Source L4 Port: Other, and enter 4567 as the source port value • Destination IP Address: 192.12.2.0 • Destination Mask: 255.255.255.0 • Destination L4 Port: Other, and enter 4568 as the destination port value For more information about this screen, see “Class Configuration” on page 4-13. 4. Click Apply. 5.
GS108T and GS110TP Smart Switch Software Administration Manual On this network, traffic from streaming applications uses UDP port 4567 as the source and 4568 as the destination. This real-time traffic is time sensitive, so it is assigned to a high-priority hardware queue. By default, data traffic uses hardware queue 0, which is designated as a best-effort queue. Also the confirmed action on this flow is to send the packets with a committed rate of 1000000 Kbps and burst size of 128 KB.
GS108T and GS110TP Smart Switch Software Administration Manual The ports of an 802.1X authenticator switch provide the means in which it can offer services to other systems reachable via the LAN. Port-based network access control allows the operation of a switch’s ports to be controlled in order to ensure that access to its services is only permitted by systems that are authorized to do so.
GS108T and GS110TP Smart Switch Software Administration Manual Supplicant Authenticator Switch Authentication Server (RADIUS) 192.168.10.23 Supplicant Figure B-2 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (g5–g8). These ports are available to visitors and need to be authenticated before granting access to the network. The authentication is handled by an external RADIUS server.
GS108T and GS110TP Smart Switch Software Administration Manual This example uses the default values for the port authentication settings, but there are several additional settings that you can configure. For example, the EAPOL Flood Mode field allows you to enable the forwarding of EAPoL frames when 802.1X is disabled on the device. 6. From the RADIUS Server Configuration screen, configure a RADIUS server with the following settings: • Server Address: 192.168.10.
GS108T and GS110TP Smart Switch Software Administration Manual The MSTP algorithm and protocol provides simple and full connectivity for frames assigned to any given VLAN throughout a Bridged LAN comprising arbitrarily interconnected networking devices, each operating MSTP, STP or RSTP. MSTP allows frames assigned to different VLANs to follow separate paths, each based on an independent Multiple Spanning Tree Instance (MSTI), within Multiple Spanning Tree (MST) Regions composed of LANs and or MSTP Bridges.
GS108T and GS110TP Smart Switch Software Administration Manual To support multiple spanning trees, a MSTP bridge has to be configured with an unambiguous assignment of VLAN IDs (VIDs) to spanning trees. This is achieved by: 1. Ensuring that the allocation of VIDs to FIDs is unambiguous. 2. Ensuring that each FID supported by the Bridge is allocated to exactly one Spanning Tree Instance.
GS108T and GS110TP Smart Switch Software Administration Manual Ports g1-g5 Connected to Hosts Ports g1-g5 Connected to Hosts Ports g6-g8 Connected to Switch 2 and 3 Ports g6-g8 Connected to Switch 1 and 3 Switch 1 Root Bridge Switch 2 Ports g6-g8 Connected to Switch 1 and 2 Switch 3 Ports g1-g5 Connected to Hosts Figure B-3 Perform the following procedures on each switch to configure MSTP: 1. Use the VLAN Configuration screen to create VLANs 300 and 500 (see “VLAN Configuration” on page 3-11). 2.
GS108T and GS110TP Smart Switch Software Administration Manual Note: Bridge priority values are multiples of 4096. If you do not specify a root bridge and all switches have the same Bridge Priority value, the switch with the lowest MAC address is elected as the root bridge (see “CST Configuration” on page 3-25). 5. From the CST Port Configuration screen, select ports g1–g8 and select Enable from the STP Status menu (see “CST Port Configuration” on page 3-27). 6. Click Apply. 7.
GS108T and GS110TP Smart Switch Software Administration Manual Switch 2 use VLAN 500, MST instance 2 to communicate with the hosts on Switch 3 directly. Likewise, hosts of Switch 1 use VLAN 300, MST instance 1 to communicate with the hosts on Switch 3 directly. The hosts use different instances of MSTP to effectively use the links across the switch. The same concept can be extended to other switches and more instances of MSTP. B-20 Configuration Examples v1.
GS108T and GS110TP Smart Switch Software Administration Manual Index Numerics 802.1X 5-3, 5-24 example configuration B-12 A access control ACL example configuration B-4 ACLs 5-42 management interface 5-14 authentication 802.1X 5-23, B-12 enable 1-20 list 5-13 port-based 5-23 RADIUS 5-3, 5-5 SNMP 1-20, 2-29, 2-30 TACACS+ 5-10 Auto-Video 3-11, 3-38 C certificate 5-18 changing the password 1-10, 5-2 Configuration 802.
GS108T and GS110TP Smart Switch Software Administration Manual VLAN Port Membership 3-12 CoS 4-2 customer support 1-ii D defaults A-1 CoS B-6 factory 5-2 DES 1-21 Device View 1-18 DHCP client 1-2 Filtering 2-45 Filtering Interface Configuration 2-46 refreshing the client 1-9 DiffServ 4-10 DNS 2-15 DoS 2-12 download a file 7-6 files via HTTP 7-5 from a remote system 7-5 software 7-5 Dual Image Status 7-11 E EAP 6-13 EAPOL 6-13 F file management 7-9 firmware 1-12 firmware download 7-5 G getting started 1
GS108T and GS110TP Smart Switch Software Administration Manual neighbors information 2-40 packets 2-33 port settings 2-33 LLDP-MED 2-31 M MAC 2-3, 2-39, 3-29, 3-39 ACL 5-44 bridge identifier 3-33 CPU Management Interface 1-21 dynamic address 3-55 filter summary 5-34 MFDB Table 3-45 multicast destination 3-45 rules 5-46 searching address table 3-54 Static Address 3-56 MD5 2-6 MIBs 1-20 N navigation 1-16 O OUI 3-19 P password change 1-10, 5-2 login 5-2 Ping 7-12 PoE 1-3, 1-5, 2-18 port authentication 5-2
GS108T and GS110TP Smart Switch Software Administration Manual T T1 2-6 T2 2-6 T3 2-6 T4 2-6 TACACS+ folder 5-10 settings 5-10 technical support 1-ii Time configure through SNTP 2-8 UTC 2-8 time 2-5 clock source 2-8 levels 2-6 local 2-7 zone 2-7 TraceRoute 7-14 traffic control 5-32 trap flags 2-28 manager 2-28 U Unicast 2-6 upload configuration 7-3 V video 3-11 VLAN 3-10 example configuration B-1 guest 5-25, 5-27, B-12 ID 3-10 management 2-5 managing 3-10 Port VLAN ID 3-14 PVID 3-14 voice 3-16 Voice VLA
