User Manual S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches with 2 or 4 SFP Ports Model s G S 3 2 4T G S 3 2 4TP G S 3 4 8T September 2021 202-11910-04 NETGEAR, Inc.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Support and Community Visit netgear.com/support to get your questions answered and access the latest downloads. You can also check out our NETGEAR Community for helpful advice at community.netgear.com. Regulatory and Legal Si ce produit est vendu au Canada, vous pouvez accéder à ce document en français canadien à https://www.netgear.com/support/download/.
Contents Chapter 1 Get Started Available Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Switch Management and Discovery Overview . . . . . . . . . . . . . . . . . . . . . . .11 Options to Change the Default IP Address of the Switch . . . . . . . . . . . . . . 11 Discover or Change the Switch IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Discover the Switch in a Network With a DHCP Server. . . . . . . . . . . . . .
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Use the Device View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Configure PoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Configure the Global PoE Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72 Configure the PoE Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure Protocol-Based VLAN Group Membership . . . . . . . . . . . . 134 Configure a Voice VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135 Configure Auto-VoIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137 Configure Protocol-Based Port Settings for VoIP . . . . . . . . . . . . . . . . . 137 Configure Auto-VoIP OUI-Based Properties . . . . . . . . .
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure CoS Queue Settings for an Interface . . . . . . . . . . . . . . . . . . 188 Map 802.1p Priorities to Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Map DSCP Values to Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Manage Differentiated Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192 Defining DiffServ . . . . . . . . . . . . . . . . . . . .
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Chapter 6 Monitor the System Monitor the Switch and the Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 View Switch Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 View Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 View and Manage Detailed Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . .
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches MSTP Example Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Appendix B Specifications and Default Settings Switch Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 General Feature Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355 System Setup and Maintenance Settings . . . . . . . . . . . . . . . . . . . . . .
1 1 Get Started This user manual describes how you can configure and operate the NETGEAR S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches with 2 or 4 SFP Ports by using the local browser–based management interface. The manual describes the software configuration procedures and explains the options that are available within those procedures for the following models: • GS324T. S350 Series 24-Port Gigabit Ethernet Smart Switch with 2 SFP Ports • GS324TP.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Note: In this manual, the local browser–based management interface is referred to as the local browser interface. Note: For more information about the topics covered in this manual, visit the support website at netgear.com/support. Note: Firmware updates with new features and bug fixes are made available from time to time at netgear.com/support/download/.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Switch Management and Discovery Overview The switch provides administrative management options that let you configure, monitor, and control the network. Using the local browser interface, you can configure the switch and the network, including the ports, the management VLAN, VLANs for traffic control, link aggregation for increased bandwidth, quality of service (QoS) for prioritizing traffic, and network security.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches automatically assigned network information. For more information, see Discover the Switch in a Network With a DHCP Server on page 12. • Static assignment through the Smart Control Center. If you connect the switch to a network that does not include a DHCP server, you can use the Smart Control Center to assign a static IP address, subnet mask, and default gateway.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Make a note of the displayed IP address assigned by the DHCP server. You can use this IP address later to access the switch directly from a web browser (that is, without using the Smart Control Center). 7. Select your switch by clicking the line that displays the switch. 8. Click the Web Browser Access button. The Smart Control Center launches a browser that displays the login page of the selected device.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches To assign a static IP address: 1. Connect the switch to your existing network. 2. Power on the switch by connecting its power cord. 3. Install the Smart Control Center on your computer. 4. Start the Smart Control Center. 5. Click the Discover button for the Smart Control Center to find your switch. The utility broadcasts Layer 2 discovery packets within the broadcast domain to discover the switch. 6.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Use the NETGEAR Switch Discovery Tool to Access the Switch For easiest access, we recommend that you cable the switch to a network with a router or DHCP server that assigns IP addresses, power on the switch, and then use a computer that is connected to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 10. To access the local browser interface of the switch, click the ADMIN PAGE button. The login page of the local browser interface opens. 11. Enter the switch password. The default password is password. The password is case-sensitive. The Switch Information page displays.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you did not disable the DHCP client and assigned a static IP address to the switch, enter 192.168.0.239. The login window opens. 6. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 7. Select System > Management > IP Configuration. The IP Configuration page displays. 8. Select the Static IP Address radio button. 9.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Supported Web Browsers The following browsers were tested and support the local browser interface. Later browser versions might function fine but were not tested. The supported web browsers include the following: • Microsoft Internet Explorer (IE) version 11 • Microsoft Edge • Mozilla Firefox versions 64 • Chrome version 62 • Safari on MAC OS X version 11.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 4. If the browser does not display the login window, do the following: • If your browser displays a security warning, dismiss the warning by doing one of the following - Google Chrome. Click the ADVANCED link. Then, click the Proceed to x.x.x.x (unsafe) link, in which x.x.x.x represents the domain name or IP address of the device. - Apple Safari. Click the Show Details button. Then, click the visit this website link.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Navigation tabs Configuration menus Language menu Logout button Help page Buttons Page menu Configuration status and options Navigation Tabs, Configuration Menus, and Page Menu The navigation tabs along the top of the local browser interface give you quick access to the various switch functions. The tabs are always available and remain constant, regardless of which feature you configure.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configuration and Status Options The area directly under the configuration menus and to the right of the links displays the configuration information or status for the page you select. On pages that contain configuration options, you might be able to enter information into fields, select options from menus, select check boxes, and select radio buttons.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Change the Language of the Local Browser Interface By default, the language is set to Auto. You can set the language to a specific one. To change the language of the local browser interface: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches To use Device View: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you right-click the graphic, but do not right-click a specific port, the main menu displays. This menu contains the same options as the navigation tabs at the top of the page. The following figure shows the details on the Device View page for model GS324TP. Right-click the specific port that you want to view or configure to see a menu that displays statistics and configuration options.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches PoE Max LED in the Device View (Model GS324TP) The PoE Max LED indicates the following status: • Off. Sufficient (more than 7W of) PoE power is available. • Solid yellow. Less than 7W of PoE power is available. • Blinking yellow. At least once during the previous two minutes, less than 7W of PoE power was available. Interface Naming Conventions The switch supports physical and logical interfaces.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Many of the pages that allow you to configure or view interface settings include links to display all ports, all LAGs, or all ports and LAGs on the page. Use these links as follows: • To display all ports, click the 1 link. • To display all LAGs, click the LAG link. • To display all ports and LAGs, click the All link. The procedures in this section describe how to select the ports and LAGs to configure.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The row for the selected interface is highlighted, and the interface number appears in the heading row. 3. Configure the desired settings. 4. Click the Apply button. Your settings are saved. To configure a single LAG: 1. Click the LAG link or the All link to display the LAGs. 2. Select the check box next to the LAG number. The row for the selected interface is highlighted, and the interface number appears in the heading row. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 4. Click the Apply button. Your settings are saved. To configure all LAGs: 1. Click the LAG link to display only the LAG interfaces. 2. Select the check box in the heading row. The check box associated with every LAG is selected, and the rows for all LAGs are highlighted. 3. Configure the desired settings. 4. Click the Apply button. Your settings are saved. To configure multiple ports and LAGs: 1.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches From the local browser interface, you can access the NETGEAR support website at netgear.com/support. To access the support website from the local browser interface: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 5. Select Help > Online Help > User Guide. The User Guide page displays. 6. To access the NETGEAR download center, click the Apply button. 7. Enter the model number of the switch. 8. Locate the user manual on the product support web page. Register Your Product To qualify for product updates and product warranty, we encourage you to register your product. The first time you log in to the switch, you can register with NETGEAR.
2 2 Configure System Information This chapter contains the following sections: • View and Configure the Switch Management Settings • Use the Device View • Configure PoE • Configure SNMP • Configure LLDP • Configure DHCP Snooping • Set Up PoE Timer Schedules 31
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View and Configure the Switch Management Settings This section describes how to display the switch status and specify some basic switch information, such as the local browser interface IP address, system clock settings, and DNS information.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 5. Define the following fields: • System Name. Enter the name to identify this switch. You can use up to 255 alphanumeric characters. The default is blank. • System Location. Enter the location of this switch. You can use up to 255 alphanumeric characters. The default is blank. • System Contact. Enter the contact person for this switch. You can use up to 255 alphanumeric characters. The default is blank. 6. Click the Apply button.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View the Temperature Sensor Information Note: The temperature sensor information is available for models GS324TP and GS348T. You can view the current temperature of the temperature sensors. The maximum temperature of the temperature sensors depends on the hardware. To view temperature information: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View the Fan Status Note: The fan status information is available for models GS324TP and GS348T. Model GS324Tdoes not include a fan. You can view the status of the fans in all units. These fans remove the heat generated by the power, CPU, and other components, and allow the switch to function normally. To view the fan status: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View the Power Supplies You can view the status of the power supplies. To view the power supplies status: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Scroll down to the Versions section. 6.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The default password is password. The System Information page displays. 5. Select System > Management > System CPU Status > System CPU Status. The CPU Utilization section shows the memory information, task-related information, and percentage of CPU utilization per task. The following table describes CPU Memory Status information. Table 9.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > Management > System CPU Status > CPU Threshold. 6. Specify the thresholds: • Rising Threshold.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure the IP Network and VLAN Settings for the Local Browser Interface You can configure network information for the local browser interface, which is the logical interface used for in-band connectivity with the switch through any of the switch’s front-panel ports.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 8. To change the management VLAN, specify the VLAN ID for the new management VLAN. The management VLAN is used to establish an IP connection to the switch from a computer that is connected to a port in the same VLAN. By default, the management VLAN ID is 1, which allows an IP connection to be established through any port.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure the Time Settings The switch supports the Simple Network Time Protocol (SNTP). As its name suggests, it is a less complicated version of Network Time Protocol, which is a system for synchronizing the clocks of networked computer systems, primarily when data transfer is handled through the Internet. You can also set the system time manually. Configure the Time Setting Manually You can view and adjust date and time settings.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure the Time Settings With SNTP and Configure the Global SNTP Settings To configure the time by using SNTP and configure the global SNTP settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. Next to Client Mode, select the mode of operation of the SNTP client: • Unicast. SNTP operates in a point-to-point way. A unicast client sends a request to a designated server at its unicast address and expects a reply from which it can determine the time and, optionally, the round-trip delay and local clock offset relative to the server. • Broadcast.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches For more information see the description for Time Zone Name in Step 14. The allowed range is –12 to 13. The default value is 0. 16. In the Offset Minutes field, specify the number of minutes that the time zone is different from UTC. For more information see the description for Time Zone Name in Step 14. The allowed range is 0 to 59. The default value is 0. 17. Click the Apply button. Your settings are saved.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. Click the Refresh button to refresh the page with the latest information about the switch. The following table displays the nonconfigurable SNTP Global Status information. Table 10. SNTP Global Status information Field Description Version The SNTP version that the client supports. Supported mode The SNTP modes that the client supports. Multiple modes can be supported by a client.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 10. SNTP Global Status information (continued) Field Description Server Stratum The claimed stratum of the server for the last received valid packet. Reference Clock ID The reference clock identifier of the server for the last received valid packet. Server mode The mode of the server for the last received valid packet.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches method is selected, SNTP information is accepted only from SNTP servers defined on the device using the SNTP Server Configuration page. The device retrieves synchronization information, either by actively requesting information or at every poll interval. You can view and modify information for adding and modifying Simple Network Time Protocol SNTP servers. Add an SNTP Server To add an SNTP server: 1.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches address is a DNS host name, then that host name is resolved into an IP address each time an SNTP request is sent to it. 8. If the UDP port on the SNTP server to which SNTP requests are sent is not the standard port (123), specify the port number in the Port field. The range is from 1 to 65535. The default value is 123. 9. In the Priority field, specify the priority order which to query the servers.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 11. SNTP Server Status information (continued) Field Description Last Attempt Status The status of the last SNTP request or unsolicited message for both unicast and broadcast modes. If no message was received from a server, a status of Other is displayed. These values are appropriate for all operational modes: • Other. The status of the last request is unknown, or no SNTP responses were received. • Success.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 8. Click the Apply button. Your settings are saved. Remove an SNTP Server To remove an SNTP server: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > Management > Time > DayLight Saving Configuration. 6. Select a Daylight Saving (DST) radio button: • Disable. Disable daylight saving time. • Recurring. Daylight saving time occurs at the same time every year. The start and end times and dates for the time shift must be manually configured.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 12. Daylight saving setting is Recurring, Recurring EU, or Recurring USA • Field Description Ends At These fields are used to configure the end values of date and time. • Week. Configure the end week in the month. • Day. Configure the end day in the week. • Month. Configure the end month. • Hours. Configure the end hour. • Minutes. Configure the end minutes. Offset Configure recurring offset in minutes.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches To view the daylight saving time status: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 14. Daylight Saving (DST) Status information (continued) Field Description Ends At The end date of daylight saving time. This field is not displayed when daylight saving time is disabled. Offset (in Minutes) The offset value in minutes.This field is not displayed when daylight saving time is disabled. Zone The zone acronym. This field is not displayed when daylight saving time is disabled.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. Click the Apply button. Your settings are saved. Configure Denial of Service You can select which types of DoS attacks the switch monitors and blocks. To configure individual DoS settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select the types of DoS attacks for the switch to monitor and block and configure any associated values: • Denial of Service Min TCP Header Size. Specify the minimum TCP header size allowed. If DoS TCP Fragment is enabled, the switch drops packets with a TCP header smaller than the configured value. The default value is 20. • Denial of Service ICMPv4.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • Denial of Service TCP SYN. Enabling TCP SYN DoS prevention causes the switch to drop packets with TCP flags set. • Denial of Service TCP SYN&FIN. Enabling TCP SYN & FIN DoS prevention causes the switch to drop packets with TCP flags SYN and FIN set. • Denial of Service UDP Port. Enabling UDP Port DoS prevention causes the switch to drop packets for which the UDP source port is equal to the UDP destination port. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select the Disable or Enable radio button to specify whether to disable or enable the administrative status of the DNS client. • Enable. Allows the switch to send DNS queries to a DNS server to resolve a DNS domain name. The DNS is enabled by default. • Disable. Prevents the switch from sending DNS queries. 7. In the DNS Default Name field, enter the default DNS domain name to include in DNS queries.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Remove a DNS Server You can remove a DNS server that you no longer need. To remove a DNS server: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > Management > DNS > Host Configuration. The DNS Host Configuration page displays. 6. In the Host Name (1 to 255 characters) field, specify the static host name to add. Its length cannot exceed 255 characters and it is a required field. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Change the Host Name or IP Address in an Entry of the Dynamic Host Mapping Table, View All Entries, or Clear All Entries To change the host name or IP address in an entry of the Dynamic Host Mapping table, view all entries, or clear all entries 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure Green Ethernet Settings You can configure the green Ethernet features to reduce power consumption. To configure the Green Ethernet settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure Green Ethernet Interface Settings You can configure Green Ethernet settings for individual interfaces. To configure the Green Ethernet interface settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 8. From the EEE mode menu, select Enable or Disable. By default, this mode is disabled for the port. Energy Efficient Ethernet (EEE) combines the MAC with a family of physical layers that support operation in a low power mode. It is defined by the IEEE 802.3az standard. Lower power mode enables both the send and receive sides of the link to disable some functionality for power savings when the load is light.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. From the Interface menu, select the interface. 7. From the Energy Detect Admin Mode menu, select Enable or Disable. By default, this mode is disabled for the port. When you enable this mode, and is the port link goes down, the underlying physical layer goes down for a short period and then checks for port link pulses again so that auto-negotiation remains possible.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 11. Click the Apply button. Your settings are saved. 12. To refresh the page with the latest information about the switch, click the Refresh button. 13. To clear the device information, resetting all statistics for the selected interface to default values, click the Clear button. The following table describes the nonconfigurable fields. Table 17.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View Green Ethernet Information for Remote Devices To view green Ethernet information for remote device: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View the Green Ethernet Statistics Summary This page summarizes the green Ethernet settings currently in use. To view the green Ethernet statistics: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The following table describes the nonconfigurable fields. Table 19. Green Ethernet Statistics Summary information Field Description Green Ethernet Statistics Summary Current Power Consumption (mW) The estimated power consumption by all ports of the switch in mWatts. Percentage Power Saving (%) The estimated percentage of power saved on all ports of the switch if the green modes are enabled.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > Management > Green Ethernet > Green Ethernet LPI History. 6. Select the interface.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 20. Interface Green Mode EEE LPI History information (continued) Field Description Percentage Time spent in LPI The percentage of time spent in LPI mode during the current measurement mode since last sample interval. Percentage Time spent in LPI The percentage of time spent in LPI mode since the EEE LPI statistics were mode since last reset reset.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The System Information page displays. 5. Select System > PoE > Basic > PoE Configuration. The previous figure shows the PoE Configuration page for model GS324TP. 6. In the System Usage Threshold field, enter a number from 1 to 99 to set the threshold level at which a trap is sent if the consumed power exceeds the threshold power. The default is 95 percent. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure the PoE Port Settings To configure the PoE port settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • High. High priority. • Critical. Critical priority. The port priority determines which ports can still deliver power after the total power delivered by the switch exceeds the total power budget. (In such a situation, the switch might not be able to deliver power to all connected devices.) If the same priority applies to two ports, the lower-numbered port receives higher priority. 9.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 13. From the Timer Schedule menu, select a timer schedule or select None, which is the default selection. For information about setting up and configuring PoE timer schedules, see Set Up PoE Timer Schedules on page 106. 14. Click the Apply button. Your settings are saved. The following table describes the nonconfigurable fields on the page. Table 22.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 22. PoE Port Configuration (continued) Field Description Fault Status The error description when the PoE port is in a fault state: • No Error. The port is not in any error state and can provide power. • MPS Absent. The port detected the absence of the main power supply, preventing the port from providing power. • Short. The port detected a short circuit condition, preventing the port from providing power. • Overload.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > SNMP > SNMP V1/V2 > Community Configuration. 6. In the Management Station IP field, specify the IP address of the management station. 7. In the Management Station IP Mask field, specify the subnet mask to associate with the management station IP address.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > SNMP > SNMP V1/V2 > Community Configuration.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure SNMPv1/v2 Trap Settings You can configure settings for each SNMPv1 or SNMPv2 management host that must receive notifications about traps generated by the device. The SNMP management host is also known as the SNMP trap receiver. Add an SNMP Trap Receiver To add an SNMP trap receiver: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Modify Information About an Existing SNMP Recipient To modify information about an existing SNMP recipient: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The Trap Configuration page displays. 6. Select the check box next to the recipient to remove. 7. Click the Delete button. The trap recipient is removed. Configure SNMPv1/v2 Trap Flags You can enable or disable traps that the switch can send to an SNMP manager.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. Click the Apply button. Your settings are saved. View the Supported MIBs You can view a list of all MIBs that are supported on the switch. To view the supported MIBs: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure SNMP V3 Users Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, the switch supports only one user (admin). Therefore, you can create or modify only one profile. To configure authentication and encryption settings for the SNMPv3 admin profile by using the web interface: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure LLDP The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations on an 802 LAN to advertise major capabilities and physical descriptions. A network manager can view this information to identify system topology and detect bad configurations on the LAN.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > LLDP > Basic > LLDP Configuration. 6.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure LLDP Port Settings You can specify per-interface LLDP settings. To configure the LLDP interface: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. Use the following menus to configure the LLDP settings for the selected ports: • Admin Status. Select the status for transmitting and receiving LLDP packets: - Tx Only. Enable only transmitting LLDP PDUs on the selected ports. - Rx Only. Enable only receiving LLDP PDUs on the selected ports. - Tx and Rx. Enable both transmitting and receiving LLDP PDUs on the selected ports. - Disabled.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > LLDP > Advanced > LLDP-MED Network Policy. The LLDP-MED Network Policy page displays. 6. From the Interface menu, select the interface for which you want to view the information. Note: The menu includes only the interfaces on which LLDP is enabled.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure LLDP-MED Port Settings You can enable LLDP-MED mode on an interface and configure its properties. To configure LLDP-MED settings for a port: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View the LLDP-MED Neighbors Information You can display the LLDP-MED neighbor or remote device information for an interface. To view LLDP-MED Neighbor Information: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Field Description This section of the page specifies if network policy TLV is received in the LLDP frames on this port. Media Application Type Specifies the application type: unknown, voicesignaling, guestvoice, guestvoicesignalling, softphonevoice, videoconferencing, streamingvideo, or videosignaling. Information for each application type includes the VLAN ID, priority, DSCP, tagged bit status and unknown bit status.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Field Description Power Source Specifies the remote port’s PSE power source. Power Priority Specifies the remote port’s PSE power priority. Power Value Specifies the remote port’s PSE power value in tenths of watts. Extended PoE PD This section of the page specifies if extended PD TLV is received in LLDP frame on this port. Device Type Specifies the remote device’s PoE device type connected to this port.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The page includes only the interfaces on which LLDP is enabled. 6. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the LLDP device information and port summary information. Field Description Device Information Chassis ID Subtype The type of information used to identify the switch in the Chassis ID field.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The following table describes the detailed local information that displays for the selected port. Field Description Managed Address Address SubType The type of address the management interface uses, such as an IPv4 address. Address The address used to manage the device. Interface SubType The port subtype. Interface Number The number that identifies the port.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View LLDP Neighbors Information You can view the data that a specified interface received from other LLDP-enabled systems. To view LLDP information received from a neighbor device: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. To view additional information about the remote device, click the link in the MSAP Entry column. A pop-up window displays information for the selected port. The following table describes the information transmitted by the neighbor. Field Description Port Details Local Port The interface on the local system that received LLDP information from a remote system.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Field Description MED Details Capabilities Supported The supported capabilities that were received in MED TLV from the device. Current Capabilities The advertised capabilities that were received in MED TLV from the device. Device Class The LLDP-MED endpoint device class. The possible device classes are as follows: • Endpoint Class 1 Indicates a generic endpoint class, offering basic LLDP services.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Field Description Network Policies Application Type The media application type associated with the policy advertised by the remote device. VLAN ID The VLAN ID associated with the policy. VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged. User Priority The priority associated with the policy. DSCP The DSCP associated with a particular policy type.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System> Services > DHCP Snooping > Global Configuration. 6. Select the DHCP Snooping Mode Enable radio button. The default is Disable. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System> Services > DHCP Snooping > Global Configuration. The DHCP Snooping Global Configuration page displays. 6. In the VLAN ID field, specify the VLAN on which DHCP snooping is enabled. 7. From the DHCP Snooping Mode menu, select Enable. 8. Click the Apply button.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure Static DHCP Bindings You can view, add, and remove static bindings in the DHCP snooping bindings database and to view or clear the dynamic bindings in the bindings table. To view, add, and remove static DHCP bindings: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The Dynamic Binding Configuration table shows information about the DHCP bindings that were learned on each interface on which DHCP snooping is enabled. The following table describes the dynamic bindings information. Table 25. DHCP Dynamic Configuration information Field Description Interface The interface on which the DHCP client message was received.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If the database is stored on a remote server, specify the following information: - Remote IP Address. Specify the IP address of the TFTP server. - Remote File Name. Specify the file name of the DHCP snooping bindings database in which the bindings are stored. 7. In the Write Delay field, specify the time that the switch must wait after writing binding information to persistent storage.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 8. To clear all DHCP snooping statistics, click the Clear button. The following table describes the DHCP snooping statistics. Table 26. DHCP Snooping Statistics information Field Description Interface The interface associated with the rest of the data in the row. MAC Verify Failures The number of DHCP messages that were dropped because the source MAC address and client hardware address did not match.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > Timer Schedule > Basic > Global Configuration. The Timer Schedule Name page displays. 6. In the Timer Schedule Name field, specify the name for a timer schedule. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches You can select only names of schedules that you created (see Create a PoE Timer Schedule on page 106). b. Timer Schedule Type. Select Absolute. The fields in the Timer Schedule Configuration section might adjust to let you configure a timer schedule for specific dates and times. c. Timer Schedule Entry. To add a new entry, select new. Selecting an existing entry lets you make changes to that entry. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The default password is password. The System Information page displays. 5. Select System> Timer Schedule > Advanced > Timer Schedule Configuration. The Timer Schedule Configuration page displays. 6. In the Timer Schedule Selection section, make your selections from the following menus: a. Timer Schedule Name. Select the name of the timer schedule that you want to configure.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Select a single Week Day check box, multiple check boxes, or all check boxes to specify the day or days of the week that the schedule must operate. • Monthly. The timer schedule works with monthly recurrence. The fields adjust. In the Day field, enter a number from 1 to 31 to specify the day of the month when the schedule must be triggered.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 10. Click the Apply button. Your settings are saved. Delete a PoE Timer Schedule Entry You can delete a PoE timer schedule entry that you no longer need. To delete a PoE timer schedule entry: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > Timer Schedule > Basic > Global Configuration.
3 3 Configure Switching This chapter contains the following sections: • Configure the Port Settings and Maximum Frame Size • Configure Link Aggregation Groups • Configure VLANs • Configure Auto-VoIP • Configure Spanning Tree Protocol • Configure Multicast • View, Search, and Manage the MAC Address Table • Configure Layer 2 Loop Protection 113
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure the Port Settings and Maximum Frame Size You can view, configure, and monitor the physical port information for the ports (that is, the physical interfaces) on the switch. To configure the port settings and maximum frame size: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • To configure all interfaces with the same settings, select the check box in the heading row. 8. In the Description field, enter the description string to be attached to a port. The string can be up to 64 characters in length. 9. From the Admin Mode menu, select Enable or Disable. This selection specifies the administrative mode for port control. You must select Enable in order for the port to participate in the network.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 14. In the Frame Size (1500 to 9198) field, specify the maximum Ethernet frame size that each interface can support. The frame size includes the Ethernet header, CRC, and payload. The range is 1500 to 9198. The default maximum frame size is 1500. 15. From the Flow Control menu, select the configuration for IEEE 802.3 flow control. • Disable.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 27. Port Configuration information (continued) Field Description PortList Bit Offset The bit offset value that corresponds to the port when the MIB object type PortList is used to manage in SNMP. ifIndex The ifIndex of the interface table entry associated with the port.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The System Information page displays. 5. Select Switching> LAG > Basic > LAG Configuration. 6. In the LAG Name field, enter a name for the LAG. You can enter any string of up to 15 alphanumeric characters. 7. In the Description field, enter the description string to be attached to a LAG. The description can be up to 64 characters in length. 8. From the Admin Mode menu, select Enable or Disable.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • Enable. Spanning tree is enabled for this LAG. Enable is the default. 11. From the Link Trap menu, select Enable or Disable to specify whether to send a trap when the link status changes. The default is Enable, which causes the trap to be sent. 12. From the LAG Type menu, select Static or LACP: • Static. Disables Link Aggregation Control Protocol (LACP) on the selected LAG. The LAG is configured manually. The default is Static.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The previous figure shows the LAG Membership page for models GS324T and GS324TP. 6. From the LAG ID menu, select the LAG ID. 7. In the LAG Name field, enter the name to be assigned to the LAG. You can enter any string of up to 15 alphanumeric characters. You can also use the default name. 8. In the Ports table, click each port that you want to include as a member of the selected LAG. A selected port is displayed by a check mark. 9.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. In the LACP System Priority field, specify the switch’s link aggregation priority relative to the devices at the other ends of the links on which link aggregation is enabled. A higher value indicates a lower priority. You can change the setting globally by specifying a priority from 1 to 65535. The default value is 32768. 7. Click the Apply button. Your settings are saved.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches You can define VLAN groups stored in the VLAN membership table. The switch supports up to 256 VLANs. The following VLANs are preconfigured on the switch and you cannot delete them: • VLAN 1. The default VLAN of which all ports are untagged members. • VLAN 4089. The Auto-Video VLAN. By default, this VLAN does not include any members but you can manually add members. Configure VLAN Settings You can configure the various VLAN settings.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The VLAN name can be up to 32 alphanumeric characters long, including blanks. You cannot change the names of the default VLANs (that is, the VLANs with ID 1 and 4089). 8. The VLAN Type field displays the type of the VLAN that you are configuring. You cannot change the type of the default VLANs (that is, the VLANs with ID 1 and 4089). When you create a VLAN, its type is always Static.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Reset the VLAN Configuration on the Switch to the Default Settings If you reset the VLAN configuration on the switch to the default settings, all VLANs that you added are deleted. (The predefined VLANS are not deleted). The VLAN default values are as follows: • All ports are assigned to the default VLAN of 1. • All ports are configured with a PVID of 1.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > VLAN > Advanced > VLAN Membership.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • U (Untagged). Selects the port as an untagged port in the VLAN. All frames transmitted on the port are untagged for this VLAN. • Blank. The port is excluded from the VLAN. By default, the selection is blank and none of the ports are a member of the VLAN. (VLAN 1 is an exception. By default, all ports are untagged members of VLAN 1.) 9.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > VLAN > Advanced > VLAN Status. The previous figure includes one manually configured VLAN (VLAN ID 33).
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure Port PVID Settings You can assign a port VLAN ID (PVID) to an interface. The following requirements apply to a PVID: • By default, the PVID for each port is 1. • If you do not specify another value, the default VLAN PVID is used. • To change the port’s default PVID, you must first create a VLAN that includes the port as a member (see Configure VLAN Membership on page 125).
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The previous figure does snot show all columns on the page. 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches the tag. In an untagged frame, the VLAN is the port VLAN ID specified for the port that received this frame. • Disable. All frames are forwarded in accordance with the 802.1Q VLAN bridge specification. The default is Disable. 13. In the Port Priority field, specify the default 802.1p priority assigned to untagged packets arriving at the port. You can enter a number from 0 to 7. 14. Click the Apply button. Your settings are saved.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Add a MAC-Based VLAN To add a MAC-based VLAN: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching> VLAN > Advanced > MAC Based VLAN. The MAC Based VLAN Configuration page displays. 6. In the MAC Address field, enter a MAC address. This field is configurable only when a MAC-based VLAN exists. 7. In the VLAN ID field, specify a VLAN ID in the range from 2 to 4093, excluding 4089. 8.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The default password is password. The System Information page displays. 5. Select Switching> VLAN > Advanced > Protocol Based VLAN Group Configuration. 6. In the Group ID field, enter a number to identify the group. The number must be in the range from 1 to 128. 7. In the Group Name field, enter a name for the new group. You can enter up to 16 characters. 8.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The default password is password. The System Information page displays. 5. Select Switching> VLAN > Advanced > Protocol Based VLAN Group Membership. The previous figure shows the Protocol Based VLAN Group Membership page for models GS324T and GS324TP. 6. From the Group ID menu, select the protocol-based VLAN group ID. The Group Name field shows the name that is associated with the group. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching> VLAN > Advanced > Voice VLAN Configuration. 6.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 9. In the Value field, enter the VLAN ID or dot1p value. This field is enabled only if you select VLAN ID or Dot1p from the Interface Mode menu. 10. In the CoS Override Mode field, select Disable or Enable. The default is Disable. 11. In the Authentication Mode field, select Enable or Disable. The default is Enable. When the authentication mode is enabled, voice traffic is allowed on an unauthorized voice VLAN port.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches To configure protocol-based port settings for VoIP: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 10. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the port, or type the port number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 8. Click the Apply button. Your settings are saved. Configure the OUI-Based Port Settings You can configure the OUI port settings. To configure OUI-based port settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • To configure multiple interfaces with the same settings, select the check box associated with each interface. • To configure all interfaces with the same settings, select the check box in the heading row. 8. From the Auto VoIP Mode menu, select Disable or Enable. Auto-VoIP is disabled by default. 9. Click the Apply button. Your settings are saved.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > Auto-VoIP > OUI-based > OUI Table. The OUI Table page displays. 6. In the Telephony OUI(s) field, specify the VoIP OUI prefix to be added in the format AA:BB:CC.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Display the Auto-VoIP Status You can display the Auto-VoIP status. To view the Auto-VoIP status: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The switch support the following spanning tree versions: • CST. Common STP. For information on configuring CST, see Configure and View the CST Settings on page 146 and Configure and View the CST Port Settings on page 148. • MSTP. Multiple Spanning Tree Protocol (MSTP, also referred to as MST) supports multiple instances of spanning tree to efficiently channel VLAN traffic over different interfaces.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The default password is password. The System Information page displays. 5. Select Switching > STP > Basic > STP Configuration. 6. Configure the following global settings for the switch: a. Spanning Tree State. Enable or disable the spanning tree operation on the switch. By default, spanning tree operation is disabled. b. STP Operation Mode. Specify the STP version for the switch. The options are STP, RSTP, and MSTP.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 33. STP Configuration status (continued) Field Description Bridge Identifier The bridge identifier for the CST. It is made up using the bridge priority and the base MAC address of the bridge. Time Since Topology Change The time in day-hour-minute-second format since the topology of the CST last changed. Topology Change Count The number of times that the topology changed for the CST.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The System Information page displays. 5. Select Switching > STP > Advanced > CST Configuration. 6. Specify the CST options: • Bridge Priority. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge. Specify the bridge priority value for the Common and Internal Spanning Tree (CST). The range is from 0 to 61440.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The following table describes the MSTP Status information that is displayed. Table 34. STP advanced CST configuration, MSTP status Field Description MST ID The MST instances (including the CST) and the corresponding VLAN IDs associated with each of them. VID ID The VLAN IDs and the corresponding FID associated with each of them. FID ID The FIDs and the corresponding VLAN IDs associated with each of them.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 16. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the nonconfigurable information displayed on the page. Table 35. CST port configuration Field Description Port State The forwarding state of the port. The default is Disabled. Port ID The port identifier for the specified port within the CST.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 7. To refresh the page with the latest information about the switch, click the Refresh button.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View Rapid STP Information You can view information about the Rapid Spanning Tree (RSTP) port status. To view information about RSTP: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Manage MST Settings You can configure a multiple spanning tree (MST) on the switch. Configure an MST Instance To configure an MST instance: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches For each configured instance, the information described in the following table displays on the page. Table 38. MST configuration Field Description Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority and the base MAC address of the bridge. Last TCN The time in the format “day:hour:minute:second” since the topology of the selected MST instance last changed.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 8. Click the Apply button. Your settings are saved. Delete an MST Instance To delete an MST instance: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > STP > Advanced > MST Port Configuration. The previous figure does not show all columns on the page.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches the priority is set to the priority is automatically set to the next lowest priority that is a multiple of 16. For example, if you set a value between 0 and 15, the priority is set to 0. If you specify a number between 16 and 31, the priority is set to 16. Specify a value in the range from 0 to 240. • Port Path Cost. Set the path cost to a new value for the specified port in the selected MST instance.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 39. MST port status information (continued) Field Description Designated Cost The cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops. Designated Bridge The bridge identifier of the bridge with the designated port. It is made up using the bridge priority and the base MAC address of the bridge.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • All. Both physical interfaces and LAGs are displayed. 7. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the information available about the STP Statistics page. Table 40. STP Statistics Field Description Interface The physical port or LAG on the switch. STP BPDUs Received The number of STP BPDUs received at the selected port.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The System Information page displays. 5. Select Switching > Multicast > MFDB > MFDB Table. 6. In the Search by MAC Address field, enter a MAC address. Enter six two-digit hexadecimal numbers separated by colons, for example 00:01:23:43:45:67. 7. Click the Go button. If the address exists, the entry is displayed. An exact match is required. 8. To refresh the page with the latest information about the switch, click the Refresh button. 9.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > Multicast > MFDB > MFDB Statistics. The MFDP Statistics page displays. 6.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The Auto-Video Configuration page displays. 6. Select one of the following radio buttons: • Select the Disable radio button to globally disable Auto-Video administrative mode for the switch. • Select the Enable radio button to globally enable Auto-Video administrative mode for the switch. 7. Click the Apply button. Your settings are saved. The Auto-Video VLAN field displays the Auto-Video VLAN ID that is configured on the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure IGMP Snooping You can configure the settings for IGMP snooping, which is used to build forwarding lists for multicast traffic. To configure IGMP snooping: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The following table displays information about the global IGMP snooping status and statistics on the page. Table 43. IGMP Snooping Configuration information Field Description Multicast Control Frame Count The number of multicast control frames that are processed by the CPU. Interfaces Enabled for IGMP Snooping The interfaces that are enabled for IGMP snooping.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View, Search, or Clear the IGMP Snooping Table You can view all of the entries in the Multicast Forwarding Database that were created for IGMP snooping. To view, search, or clear the IGMP snooping table: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 44. IGMP Snooping Table information (continued) Field Description Type The type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol. Description The text description of this multicast table entry. The options are Management Configured, Network Configured, and Network Assisted.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. Configure the IGMP snooping values for the selected VLAN or VLANs: • Admin Mode. Enable or disable IGMP snooping for the specified VLAN ID. The default is Disable. • Fast Leave Mode. Enable or disable the IGMP snooping fast leave mode for the specified VLAN ID. The default is Disable. • Host Timeout. Set the value for group membership interval of IGMP snooping for the specified VLAN ID.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The System Information page displays. 5. Select Switching> Multicast > IGMP Snooping > IGMP Snooping VLAN Configuration. The IGMP Snooping VLAN Configuration page displays. 6. Select the check box next to the VLAN ID. 7. Update the values. 8. Click the Apply button. Your settings are saved. Disable IGMP Snooping on a VLAN To disable IGMP snooping on a VLAN: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches To configure a multicast router interface: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure a Multicast Router VLAN You can configure an interface to forward only snooped IGMP packets from a specific VLAN to the multicast router connected to the interface. This configuration is usually not required because the switch automatically detects a multicast router and forwards the IGMP packets accordingly.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches IGMP Snooping Querier Overview IGMP snooping requires that one central switch or router periodically queries all end-devices on the network to announce their multicast memberships. This central device is the IGMP querier. The IGMP query responses, known as IGMP reports, keep the switch updated with the current multicast group membership on a port-by-port basis.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • Snooping Querier IP Address. Enter the snooping querier IP address to be used as the source address in periodic IGMP queries. This address is used when no address is configured on the VLAN on which a query is being sent. • IGMP Version. Specify the IGMP protocol version used in periodic IGMP queries. The range is 1 to 2. The default value is 2. • Query Interval(secs).
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. Configure the following settings: • VLAN ID. The VLAN ID for which the IGMP snooping querier must be enabled. You can select an existing VLAN only. • • Querier Election Participate Mode. Enable or disable the querier mode: - Disable. Upon seeing another querier of the same version in the VLAN, the snooping querier moves to the non-querier state. - Enable.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The following table describes the nonconfigurable information displayed on the page. Table 45. Querier VLAN Status information Field Description VLAN ID The VLAN ID on which IGMP snooping querier is administratively enabled and the VLAN exists in the VLAN database. Operational State The operational state of the IGMP snooping querier on a VLAN. It can be in any of the following states: • Querier.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View, Search, or Clear the MAC Address Table To view, search, or clear the MAC Address Table: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • Search Interface. From the Search menu, select Interface, and enter the interface ID using the respective interface naming convention (for example, g1 or l1). Then click the Go button. 7. To refresh the page with the latest information about the switch, click the Refresh button. 8. To clear all dynamic MAC address entries in the table, click the Clear button.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 5. Select Switching > Address Table > Advanced > Dynamic Addresses. 6. In the Address Aging Timeout (seconds) field, specify the time-out period in seconds for aging out dynamically learned forwarding information. 802.1D-1990 recommends a default of 300 seconds. The value can be any number between 10 and 1000000 seconds. The default is 300. 7. Click the Apply button. Your settings are saved.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. In the Static MAC Address field, enter the static MAC address that you want to add. 8. From the VLAN ID menu, select the VLAN ID that must be associated with the MAC address. 9. Click the Add button. The static MAC address is added to the switch. Configure Layer 2 Loop Protection Loops inside a network are costly because they consume resources and reduce the performance of the network. Detecting loops manually can be cumbersome.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > L2 Loop Protection > L2 Loop Protection Configuration.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > L2 Loop Protection > L2 Loop Protection Configuration.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 10. Click the Apply button. Your settings are saved. 11. Click the Clear button to clear the statistics in the table. 12. Click the Refresh button to update the page to show the latest information. The following table describes the nonconfigurable information displayed on the page. Table 47. L2 Loop Protection Interface Information Field Description Loop Detected Shows whether a loop is detected on the interface.
4 4 Configure Quality of Service This chapter contains the following sections: • Quality of Service Concepts • Manage Class of Service • Manage Differentiated Services 183
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Quality of Service Concepts In a switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches CoS level configured for the ingress port as a whole, based on the existing port default priority as mapped to a traffic class by the current 802.1p mapping table. Alternatively, when a port is configured as untrusted, it does not trust any incoming packet priority designation and uses the port default priority value instead.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • - 802.1p. IEEE 802.1p specifies eight priority tags (p0 to p7). The QoS setting lets you map each of the eight priority levels to an internal hardware priority queue. Models GS324T and GS324TP support four hardware queues (0 to 3) and model GS348T supports eight hardware queues (0 to 7). The default mode is 802.1p. - DSCP.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 5. Select QoS > CoS > Advanced > CoS Interface Configuration. 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 11. Click the Apply button. Your settings are saved. Configure CoS Queue Settings for an Interface You can define what a particular queue does by configuring switch egress queues. User-configurable parameters control the amount of bandwidth used by the queue, the queue depth during times of congestion, and the scheduling of packet transmission from the set of all queues on a port.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches To map 802.1p priorities to queues: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 8. Click the Apply button. Your settings are saved. Map DSCP Values to Queues You can map an internal traffic class to a DSCP value. To map DSCP values to queues: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The allowed Per Hop Behavior (PHBs) values, besides other DSCP experimental values, are as follows: • Class Selector (CS) PHB. These values are based on IP precedence. • Assured Forwarding (AF) PHB. These values define four main levels to sort and manipulate some flows within the network. • Expedited Forwarding (EF) PHB. These values are used to prioritize traffic for real-time applications.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Note the following about the DiffServ process: • Packets are filtered and processed based on defined criteria. The filtering criteria is defined by a class. The processing is defined by a policy's attributes. Policy attributes can be defined on a per-class instance basis, and it is these attributes that are applied when a match occurs. • The configuration process begins with defining one or more match criteria for a class.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select the administrative mode for DiffServ: • Enable. Differentiated services are active. This is the default setting. • Disable. The DiffServ configuration is retained and can be changed but is not active. 7. Click the Apply button. Your settings are saved. The following table describes the information displayed in the Status table on the DiffServ Configuration page. Table 48.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Add and Configure a DiffServ Class To add and configure a DiffServ class: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 9. Define the criteria that must be associated the DiffServ class by selecting one of the following radio buttons: • Match Every. Select this radio button to add a match condition that considers all packets to belong to the class. The only selection from the Match Every menu is Any. • Reference Class. Select this radio button to reference another class for criteria.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • • Source MAC. Select this radio button to require a packet’s source MAC address to match the specified MAC address. After you select this radio button, use the following fields to configure the source MAC address match criteria: - Address. The source MAC address to match. The source MAC address is specified as six two-digit hexadecimal numbers separated by colons. - Mask.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • Destination L4 Port. Select this radio button to require a packet’s TCP/UDP destination port to match the specified protocol. You can also select Other from the menu and enter a port number from 0 to 65535. • IP DSCP. Select this radio button to require the packet’s IP DiffServ Code Point (DSCP) value to match the specified IP DSCP keyword code, which you must select from the menu.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select QoS > DiffServ > Advanced > Class Configuration. The Class Name page displays. 6. Select the check box next to the class name. 7. In the Class Name field, specify the new name. 8. Click the Apply button. Your settings are saved.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Delete a DiffServ Class To delete a DiffServ class: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The System Information page displays. 5. Select QoS > DiffServ > Advanced > Policy Configuration. The Policy Configuration page displays. 6. Enter a policy name in the Policy Name field. You cannot specify the policy type. By default, the policy type is In, indicating that the policy applies to ingress packets. 7. From the Member Class menu, optionally select an existing class that you want to associate with the new policy. 8.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • Drop. Select this radio button to require each inbound packet to be dropped. • Mark VLAN CoS. Select this radio button to specify the VLAN priority, which you must select from the menu. The VLAN priority is expressed as a value in the range from 0 to 7. • Mark IP Precedence. Select this radio button to require packets to be marked with an IP precedence value before being forwarded.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches d. In the Violate Action section, select one of the following radio buttons: • Send. Packets are forwarded unmodified. This is the default violating action. • Drop. Packets are dropped. • Mark CoS. Packets are marked by DiffServ with the specified CoS value before being forwarded. This selection requires that the Mark CoS field is set. You must select a CoS value from 0 to 7 from the menu. • Mark IP Precedence.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Change the Policy Attributes for an Existing DiffServ Policy To change the policy attributes for an existing DiffServ policy: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 5. Select QoS > DiffServ > Advanced > Policy Configuration. The Policy Configuration page displays. 6. Select the check box next to the policy name. 7. From the Member Class menu, select None. 8. Click the Apply button. The class is removed from the policy. Delete a DiffServ Policy To delete a DiffServ policy: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select QoS > DiffServ > Advanced > Service Configuration. 6.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The following table describes the nonconfigurable information displayed on the page. Table 50. Service Interface Configuration information Field Description Direction Shows the traffic direction of this service interface, which is always inbound (In). Operational Status Shows the operational status of this service interface (either Up or Down).
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select QoS > DiffServ > Advanced > Service Statistics.
5 5 Manage Device Security This chapter contains the following sections: • Configure the Management Security Settings • Configure Management Access • Configure Port Authentication • Set Up Traffic Control • Configure Access Control Lists 209
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure the Management Security Settings You can configure the login password, Remote Authorization Dial-In User Service (RADIUS) settings, Terminal Access Controller Access Control System (TACACS) settings, and authentication lists. Change the Password for the Local Browser Interface You can change the login password for the default user with the user name admin. To change the login password for the local browser interface: 1.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Note: If you forget the password and are unable to log in to the switch local browser interface, press the Factory Defaults button on the front panel of the switch for more than five seconds. The device reboots, and all switch settings, including the password, are reset to the factory default values. Manage the RADIUS Settings RADIUS servers provide additional security for networks.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Management Security > RADIUS > Global Configuration. The Current Server IP Address field is blank if no servers are configured (see Configure a RADIUS Authentication Server on the Switch on page 213). The switch supports up to three RADIUS servers.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The following table describes the nonconfigurable fields displayed on the page. Table 52. RADIUS Configuration information Field Description Current Server IP Address The IP address of the current server. This field is blank if no servers are configured. Number of Configured Servers The number of configured authentication RADIUS servers. The value can range from 0 to 32.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 8. From the Secret Configured menu, select Yes. You must select Yes before you can configure the RADIUS secret. After you add the RADIUS server, this field indicates whether the shared secret for this server was configured. 9. In the Secret field, type the shared secret text string used for authenticating and encrypting all RADIUS communications between the switch and the RADIUS server. This secret must match the RADIUS encryption. 10.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 53. RADIUS authentication server statistics information (continued) Field Description Bad Authenticators The number of RADIUS access-response packets containing invalid authenticators or signature attributes received from this server. Pending Requests The number of RADIUS access-request packets destined for this server that did not yet time out or receive a response.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Remove a RADIUS Authentication Server From the Switch To remove a RADIUS authentication server from the switch: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Management Security > RADIUS > Accounting Server Configuration. 6. In the Accounting Server Address field, specify the IP address of the RADIUS accounting server to add. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 54. RADIUS accounting server statistics information (continued) Field Description Accounting Responses The number of RADIUS packets received on the accounting port from this server. Malformed Accounting Responses The number of malformed RADIUS accounting-response packets received from this server. Malformed packets include packets with an invalid length.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Remove a RADIUS Accounting Server From the Switch To remove a RADIUS accounting server from the switch: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure the Global TACACS+ Settings You can configure the global TACACS+ settings for communication between the switch and a TACACS+ server. To configure the global TACACS+ settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure a TACACS+ Server on the Switch You can configure up to three TACACS+ servers with which the switch can communicate. To configure a TACACS+ server on the switch: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Modify the Settings for a TACACS+ Server on the Switch To modify the settings for a TACACS+ server on the switch: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The TACACS+ Server Configuration page displays. 6. Select the check box next to the server IP address. 7. Click the Delete button. The TACACS+ server is removed. Configure Authentication Lists You can configure a default login list. A login list specifies one or more authentication methods to validate switch or port access for the admin user.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you select a method that does not time out as the first method, such as Local, no other method is tried, even if you specified more than one method. User authentication occurs in the order the methods are selected. Possible methods are as follows: • Local. The user’s locally stored ID and password are used for authentication.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The default password is password. The System Information page displays. 5. Select Security > Management Security > Authentication List > HTTPS Authentication List. 6. Select the check box next to the httpsList name. 7. From the menu in the 1 column, select the authentication method that must be used first in the selected authentication login list.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure the Dot1x Authentication List The Dot1x authentication list defines the IEEE 802.1X authentication method used for the default list. The default list is dot1xList. To configure the dot1x authentication list: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Manage the Smart Control Center Utility You can enable or disable the SCC administrative mode. To enable or disable the SCC administrative mode: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure HTTP Access Settings You can configure the HTTP access settings on the switch. To configure the HTTP access settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure HTTPS Access Settings Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When you manage the switch by using a web interface, Secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man-in-the-middle attacks. The hash algorithms that SSL uses are MD5 and SHA-1.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 9. In the HTTPS Port field, type the HTTPS port number. The range is from 1025 to 65535. The default is port 443. 10. In the HTTPS Session Soft Timeout (Minutes) field, enter the inactivity time-out for HTTPS sessions. The range is from 1 to 60 minutes. The default value is 5 minutes. 11. In the HTTPS Session Hard Timeout (Hours) field, set the hard time-out for HTTPS sessions.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Access > HTTPS > Certificate Management. The Certificate Present field displays whether a certificate is present on the switch. 6. In the Certificate Management section, select the Generate Certificates radio button. 7. Click the Apply button. The switch generates an SSL certificate.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Access > HTTPS > Certificate Management. 6. The Certificate Management page displays. The Certificate Present field displays Yes. 7. In the Certificate Management section, select Delete Certificates radio button. 8. Click the Apply button. The certificate is removed.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Access > HTTPS > Certificate Download. 6. From the File Type menu, select the type of SSL certificate to download, which can be one of the following: • SSL Trusted Root Certificate PEM File.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Manage Access Control to the Switch Access control allows you to configure an access control profile and set rules for access to the local browser interface, access by SNMP stations, SNTP devices, and client access to a TFTP server. We refer to an access control profile as an access profile. You can add a single access profile, which you can configure, activate, or deactivate.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. In the Access Profile Name field, enter the name of the access profile to be added. The maximum length is 32 characters. 7. Click the Apply button. Your settings are saved. By default, the access profile is deactivated. After you add rules, you can activate the access profile. Add a Rule to the Access Profile After you add the access profile, you can add one or more security access rules to the access profile.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 5. Select Security > Access > Access Control > Access Rule Configuration. 6. From the Rule Type menu, select Permit or Deny to permit or deny access when the selected rules are matched. A Permit rule allows access from a device that matches the rule criteria. A Deny rule blocks a device that matches the rule criteria. 7. From the Service Type menu, select the access method to which the rule is applied.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Access > Access Control > Access Profile Configuration.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The Packets Filtered field displays the number of packets filtered (none in the previous figure). 6. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the nonconfigurable data that is displayed. Table 55. Access profile configuration profile summary Field Description Rule Type The action performed when the rules match. Service Type The service type selected.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Access > Access Control > Access Profile Configuration. The Access Profile Configuration page displays. The Activate Profile check box is selected. 6. Select the Deactivate Profile check box. 7. Click the Apply button.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure Port Authentication With port-based authentication, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the default authentication mode.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Configure the following port authentication settings: • Port Based Authentication State. This selection specifies the 802.1X administrative mode on the switch. The default value is Disable. • - Enabled. If 802.1X is enabled, authentication is performed by a RADIUS server. This means that the primary authentication method must be RADIUS.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Manage Port Authentication on Individual Ports You can enable and configure port access control on one or more physical ports. Configure 802.1X Settings for a Port To configure 802.1X settings for a port: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. Specify the following settings: • Port Control. Defines the port authorization state. The control mode is set only if the link status of the port is link up. Select one of the following options: • - Auto. The switch automatically detects the mode of the interface. - Authorized. The switch places the interface into an authorized state without being authenticated.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches For example, you can use this mode if an IP phone is connected to a NAS port and a virtual machine controller (VMC) is connected to the hub port of the IP phone. Both the VMC and the IP phone need to be authenticated to access the network services behind the NAS. If the VMC hosts multiple virtual machines, after the VMC is authenticated, traffic is allowed from all virtual machines that are hosted by the VMC.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • Resending EAP. Specify the EAP retransmit period for the selected port. The transmit period is the time in seconds, after which an EAPoL EAP Request/Identify frame is resent to the supplicant. • MAX EAP Requests. Specify the maximum number of EAP requests for the port. The value is the maximum number of times an EAPoL EAP Request/Identity message is retransmitted before the supplicant times out. • Supplicant Timeout.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The Port Authentication page displays. 6. Select the check box associated with the port to initialize. 7. Click the Initialize button. 802.1X on the selected interface is reset to the initialization state. Traffic sent to and from the port is blocked during the authentication process. This button is available only if the control mode is auto. When you click this button, the action is immediate.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The following table describes the fields on the Port Summary page. Table 57. Port summary Field Description Port The port whose settings are displayed in the current table row. Control Mode This field indicates the configured control mode for the port. The options are as follows: • Force Unauthorized. The authenticator port access entity (PAE) unconditionally sets the controlled port to unauthorized. • Force Authorized.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Port Authentication > Advanced > Client Summary. The following table describes the fields on the Client Summary page. Table 58. Client Summary information Field Description Port The port to be displayed.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Set Up Traffic Control You can configure MAC filters, storm control, port security, and protected port settings. Manage MAC Filtering You can create MAC filters that limit the traffic allowed into and out of specified ports on the switch. Create a MAC Filter If a packet with a MAC address and VLAN ID that you specify for a filter is received on a port that is not part of the inbound filter, the packet is dropped.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The previous figure shows the MAC Filter Configuration page for models GS324T and GS324TP. 6. From the MAC Filter menu, select Create Filter. If you did not configure any filters, this is the only option available. 7. From the VLAN ID menu, select the VLAN that must be used with the MAC address. 8. In the MAC Address field, specify the MAC address of the filter in the format XX:XX:XX:XX:XX:XX.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches A packet with the MAC address and VLAN ID that you specify can be transmitted only from a port that is part of the outbound filter. Note: Destination ports can be included only in a multicast filter. A multicast filter is determined by the MAC address that you enter in the MAC Address field. 11. Click the Apply button. Your settings are saved. Delete a MAC FIlter To delete a MAC filter: 1.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Traffic Control > MAC Filter > MAC Filter Summary. 6.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches To configure global storm control settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The range is a percent of the total threshold between 0 and 100%. The default is 5%. 9. From the Control Action mode menu, select one of the following options: • None. No action is taken. This is the default setting. • Trap. If the threshold of the configured broadcast storm is exceeded, a trap is sent. • Shutdown. If the threshold of the configured broadcast storm is exceeded, the port is shut down. 10. Click the Apply button.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The default settings in the Port Settings section depends on the global storm control settings (see Configure Global Storm Control Settings on page 252), which apply to all ports. 6.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Manage Port Security Port security lets you lock one or more ports on the switch. When a port is locked, the port can only forward packets with a source MAC addresses that you specifically allowed. The port discards all other packets. Configure the Global Port Security Mode To configure the global port security mode: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The following table describes the fields in the Port Security Violations table. Table 60. Port Security Violations information Field Description Port The physical interface. Last Violation MAC The source MAC address of the last packet that was discarded at a locked port. VLAN ID The VLAN ID corresponding to the last MAC address violation.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View Learned MAC Addresses and Convert Them to Static MAC Addresses After you enabled port security globally (see Configure the Global Port Security Mode on page 256) and enabled port security for specific interfaces (see Configure a Port Security Interface on page 257), you can convert a dynamically learned MAC address to a statically locked address.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. To convert the dynamically learned MAC address to a statically locked addresses, select the Convert Dynamic Address to Static check box. 8. Click the Apply button. The dynamic MAC address entries are converted to static MAC address entries in a numerically ascending order until the static limit is reached. The Number of Dynamic MAC Addresses Learned field displays the number of dynamically learned MAC addresses on a specific port. 9.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Protected ports are marked with a check mark. No traffic forwarding is possible between two protected ports. 7. Click the Apply button. Your settings are saved. Configure Access Control Lists Access control lists (ACLs) ensure that only authorized users can access specific resources while blocking any unwarranted attempts to reach network resources.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > ACL > ACL Wizard.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Note: For L4 port options, two rules are created (one for TCP and one for UDP). 7. In the Sequence Number field, enter a whole number in the range from 1 to 2147483647 that is used to identify the rule. 8. From the Action menu, select Permit or Deny to specify the action that must be taken if a packet matches the rule’s criteria. 9. From the Match Every menu, select one of the following options: • False.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches As a sample, the following steps describe how you can specify the additional match criteria for an ACL based on the destination MAC address: a. In the Destination MAC field, specify the destination MAC address that must be compared against the information in an Ethernet frame. The format is xx:xx:xx:xx:xx:xx. The BPDU keyword can be specified using a destination MAC address of 01:80:C2:xx:xx:xx. b.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 5. Select Security > ACL > ACL Wizard. The ACL Wizard page displays. 6. Select check box that is associated with the rule. 7. Update the match criteria as needed. 8. Click the Apply button. Your settings are saved. Delete an ACL Rule To delete an ACL rule: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The previous figure shows a sample for models GS324T and GS324TP. For information about the ACL Wizard, see Use the ACL Wizard to Create a Simple ACL on page 261. Configure a Basic MAC ACL A MAC ACL consists of a set of rules that are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit or Deny) is taken, and the additional rules are not checked for a match.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > ACL > Basic > MAC ACL. The MAC ACL Table displays the number of ACLs currently configured in the switch and the maximum number of ACLs that can be configured.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > ACL > Basic > MAC ACL. The MAC ACL page displays. 6. Select check box that is associated with the MAC ACL. 7. In the Name field, specify the new name. 8. Click the Apply button. Your settings are saved. Delete a MAC ACL To delete a MAC ACL: 1.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Add a Rule to a MAC ACL To add a rule to a MAC ACL: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches This field cannot be set if a redirect interface is already configured for the ACL rule. This field is visible for a Permit action. 11. From the Redirect Interface menu, select the egress interface to which the matching traffic stream must be redirected, bypassing any forwarding decision normally performed by the switch. This field cannot be set if a mirror interface is already configured for the ACL rule. 12.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches This value must be compared against the information in an Ethernet frame. The range is from 0x0600 to 0xFFFF. 18. In the Source MAC field, specify the source MAC address that must be compared against the information in an Ethernet frame. The format is xx:xx:xx:xx:xx:xx. 19. In the Source MAC Mask field, specify the source MAC address mask that must be compared against the information in an Ethernet frame.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select the check box that is associated with the rule. 7. Modify the fields as needed. 8. Click the Apply button. Your settings are saved. Delete a Rule for a MAC ACL To delete a rule for a MAC: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > ACL > Basic > MAC Binding Configuration. The previous figure shows the MAC Binding Configuration page for models GS324T and GS324TP.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The Ports and LAG tables display the available interfaces for ACL bindings. All nonrouting physical interfaces, VLAN interfaces, and interfaces participating in LAGs are listed. 9. Click the Apply button. Your settings are saved. The following table describes the information displayed in the Interface Binding Status table. Table 61. Interface Binding Status table Field Description Interface The interface of the ACL assigned.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. To delete a MAC ACL-to-interface binding, do the following: a. Select the check box next to the interface. b. Click the Delete button. The binding is removed. The following table describes the information that is displayed in the MAC Binding Table. Table 62. MAC Binding Table Field Description Interface The interface of the ACL assigned. Direction The selected packet filtering direction for the ACL.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 3. Associate the IP ACL with one or more interfaces (see Configure IP ACL Interface Bindings on page 289). You can view or delete IP ACL configurations in the IP ACL Binding table (see View or Delete IP ACL Bindings in the IP ACL Binding Table on page 291. Add an IP ACL To add an IP ACL: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. In the IP ACL ID field, specify the ACL ID or IP ACL name, which depends on the IP ACL type. The IP ACL ID is an integer in the following range: • 1–99. Creates a basic IP ACL, which allows you to permit or deny traffic from a source IP address. • 100–199. Creates an extended IP ACL, which allows you to permit or deny specific types of Layer 3 or Layer 4 traffic from a source IP address to a destination IP address.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Delete an IP ACL To delete an IP ACL: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > ACL > Advanced > IP Rules.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 8. Specify the following match criteria for the rule: • Sequence Number. Enter an ACL sequence number in the range from 1 to 2147483647 that is used to identify the rule. An IP ACL can contain up to 50 rules. • Action. Select the ACL forwarding action, which is one of the following: - Permit. Forward packets that meet the ACL criteria. Egress Queue.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Modify the Match Criteria for a Basic IP ACL Rule To modify the match criteria for a basic IP ACL rule: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The System Information page displays. 5. Select Security > ACL > Advanced > IP Rules. The IP Rules page displays. 6. From the ACL ID menu, select the ACL that includes the rule that you want to modify. 7. In the Basic ACL Rule Table, select the check box that is associated with the rule. 8. Click the Delete button. The rule is removed. Configure Rules for an Extended IP ACL You can define rules for extended IP-based ACLs.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The previous figure does not show all columns on the page. If no rules exists, the Extended ACL Rule Table shows the message No rules have been configured for this ACL. If one or more rules exist for the ACL, the rules display in the Extended ACL Rule Table. 6. From the ACL ID menu, select the IP ACL for which you want to add a rule. For extended IP ACLs, this must be an ID in the range from 101 to 199 or a name. 7.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches For models GS324T and GS324TP, the range for the queue ID is from 0 to 3. For model GS348T, the range for the queue ID is from 0 to 7. - Deny. Drop packets that meet the ACL criteria. Logging. If the selection form the Action menu is Deny, you can enable logging for the ACL by selecting the Enable radio button. (Logging is subject to resource availability in the device.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches You can select either the Port radio button or the Range radio button: - Port. If you select the Port radio button, you can either enter the port number yourself or select one of the following protocols from the menu: • The source IP TCP port protocols are Domain, Echo, FTP, FTP data, www-http, SMTP, Telnet, POP2, POP3, and bgp. • The source IP UDP port protocols are Domain, Echo, SNMP, NTP, RIP, Time, Who, and TFTP.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • Dst. In the Dst field, enter a destination IP address, using dotted-decimal notation, to be compared to a packet’s destination IP address as a match criterion for the selected IP ACL rule: - If you select the IP Address radio button, enter an IP address with a relevant wildcard mask to apply this criteria. If this field is left empty, it means any. - If you select the Host radio button, the wildcard mask is configured as 0.0.0.0.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches You can either select the enter the port range yourself or select one of the following protocols from the menu: • The destination IP TCP port range names are Domain, Echo, FTP, FTP data, www-http, SMTP, Telnet, POP2, POP3, and bgp. • The destination IP UDP port range names are Domain, Echo, SNMP, NTP, RIP, Time, Who, and TFTP.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The possible options are IP DSCP, IP precedence, and IP TOS, which are alternative methods to specify a match criterion for the same service type field in the IP header. Each method uses a different user notation. After you make a selection, you can specify the appropriate values: - IP DSCP. This is an optional configuration. Specify the IP DiffServ Code Point (DSCP) field.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. From the ACL ID menu, select the ACL that includes the rule that you want to modify. 7. In the Extended ACL Rule Table, click the rule. The rule is a hyperlink. The Extended ACL Rule Configuration page displays. 8. Modify the extended IP ACL rule criteria. 9. Click the Apply button. Your settings are saved. Delete an Extended IP ACL Rule To delete an extended IP ACL rule: 1. Connect your computer to the same network as the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches To bind an IP ACL to one or more interfaces: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches access list using that sequence number. If you do not specify the sequence number (meaning that the value is 0), a sequence number that is one number greater than the highest sequence number currently in use for the interface and direction is used. The range is from 1 to 4294967295. 8. To add the selected ACL to a port or LAG, in the Ports table or LAG table, click the port or LAG so that a check mark displays.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > ACL > Advanced > Binding Table. 6. To delete an IP ACL-to-interface binding, do the following: a. Select the check box next to the interface. b. Click the Delete button. The binding is removed. The following table describes the information displayed in the IP ACL Binding Table. Table 64.
6 6 Monitor the System This chapter contains the following sections: • Monitor the Switch and the Ports • Configure and View Logs • Configure Port Mirroring 293
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Monitor the Switch and the Ports The following sections describe how you can view a variety of information about the amount and type of traffic that is transmitted from and received on the switch: • View Switch Statistics on page 294 • View Port Statistics on page 297 • View and Manage Detailed Port Statistics on page 300 • View or Clear EAP and EAPoL Statistics on page 306 • Perform a Cable Test (Model GS348T) on page 308 Vie
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Click the Refresh button to refresh the page with the latest information about the switch. 7. Click the Clear button to clear all the statistics counters, resetting all switch summary and detailed statistics to default values. The discarded packets count cannot be cleared. The following table describes the switch statistics displayed on the page. Table 65.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 65. Switch statistics (continued) Field Description Broadcast Packets Received The total number of packets received that were directed to the broadcast address. This does not include multicast packets. Receive Packets Discarded The number of inbound packets that were chosen to be discarded, even though no errors were detected, in order to prevent their being delivered to a higher-layer protocol.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View Port Statistics You can view a summary of per-port traffic statistics on the switch. To view port statistics: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The following table describes the per-port statistics displayed on the page. Table 66. Port statistics Field Description Interface The interface or LAG. Total Packets Received Without Errors The total number of packets received that were without errors. Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. Click the Clear button. All counters are reset to 0. Reset Counters for One or More Specific Interfaces To reset the counters for one or more specific interfaces: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View and Manage Detailed Port Statistics You can view a variety of per-port traffic statistics. To view and manage detailed port statistics: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. From the Interface menu, select the interface for which you want to view the statistics. 7. From the MST ID menu, select the MST ID associated with the interface (if available). 8. To refresh the page with the latest information about the switch, click the Refresh button. 9. To clear all the counters, click the Clear button. This resets all statistics for the port to the default values.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 67. Detailed port statistics (continued) Field Description Link Status Indicates whether the link is up or down. Link Trap Indicates whether or not the port sends a trap when link status changes. Packets RX and TX 64 Octets The total number of packets (including bad packets) received or transmitted that were 64 octets in length (excluding framing bits but including FCS octets).
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 67. Detailed port statistics (continued) Field Description Packets Received 256-511 Octets The total number of packets (including bad packets) received that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 67. Detailed port statistics (continued) Field Description Rx FCS Errors The total number of packets received with a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but included a bad frame check sequence (FCS) with an integral number of octets.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 67. Detailed port statistics (continued) Field Description Total Packets Transmitted The number of frames that were transmitted by the port. Unicast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 67. Detailed port statistics (continued) Field Description EAPOL Frames Transmitted The number of EAPoL frames of any type that were transmitted by this authenticator. Time Since Counters Last Cleared The elapsed time in days, hours, minutes, and seconds since the statistics for the port were last cleared.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • To clear the counters for multiple ports, select the check boxes associated with the ports, and click the Clear button. • To clear all counters for all ports, select the check box in the row heading, and click the Clear button. The following table describes the EAP statistics displayed on the page. Table 68. EAP statistics Field Description Port The port number.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Perform a Cable Test (Model GS348T) On model GS348T, you can test and view information about the cables that are connected to switch ports. To perform a cable test: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 10/100 Ethernet adapter then the cable status might be Open or Short because some Ethernet adapters leave unused wire pairs unterminated or grounded. The following table describes the nonconfigurable information displayed on the page. Table 69. Cable Test information Field Description Cable Status Indicates the cable status: • Normal. The cable is working correctly. • Open. The cable is disconnected or a faulty connector exists.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Monitoring > Logs > Memory Log. The Memory Log page displays. 6.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches console log. Messages logged to a collector or relay through syslog support the same format as well. The following example shows the standard format for a log message: <14> Mar 24 05:34:05 10.131.12.183-1 UNKN[2176789276]: main_login.c(179) 3855 %% HTTP Session 19 initiated for user admin connected from 10.27.64.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The default password is password. The System Information page displays. 5. Select Monitoring > Logs > FLASH Log. The FLASH Log Configuration page displays. 6. Select one of the following Admin Status radio buttons: • Enable. A log that is enabled logs messages. • Disable. A log that is disabled does not log messages. 7. From the Severity Filter menu, select the logging level for messages that must be sent to the logging host.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Description: <15>Aug 24 05:34:05 STK0 MSTP[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on message age timer expiry The previous log message example indicates a user-level message (1) with severity 7 (debug) on a system that is not stacked and generated by component MSTP running in thread ID 2110 on Aug 24 05:34:05 by line 318 of file mstp_api.c. This is the 237th message logged.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Your settings are saved. The Server Log Configuration section displays the following information: • Messages Received. Shows the number of messages received by the log process. This includes messages that are dropped or ignored. • Messages Relayed. Shows the number of messages forwarded by the syslog function to a syslog host. Messages forwarded to multiple hosts are counted once for each host. • Messages Ignored.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches - Alert (1). The second-highest warning level. An alert log is saved if a serious device malfunction occurs, such as all device features being down. - Critical (2). The third-highest warning level. A critical log is saved if a critical device malfunction occurs, for example, two device ports are not functioning, while the rest of the device ports remain functional. - Error (3). A device error occurred, such as a port being offline.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Delete the Settings for a Remote Syslog Host To delete the settings for a remote syslog host: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches The System Information page displays. 5. Select Monitoring > Logs > Trap Logs. 6. To refresh the page with the latest information about the switch, click the Refresh button. 7. To clear the messages from the trap logs in the memory and clear the counters, click the Clear button. The following table describes the Trap Log information that is displayed on the page. Table 70.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches To view or clear the event log: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Configure Port Mirroring Port mirroring lets you select the network traffic of specific switch ports for analysis by a network analyzer. You can select many switch ports as source ports but a single switch port only as the destination port. You can configure how traffic is mirrored on a source port by selecting packets that are received, transmitted, or both.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select an Admin Mode radio button: • True. Port mirroring is enabled. • False. Port mirroring is disabled. This is the default setting. 7. From the Destination Port menu, select the physical destination port to which port traffic must be copied. You can configure one destination port only. The port functions as a probe port and receives traffic from all configured source ports. If no port is configured, None is displayed.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • To select multiple interfaces, select the check box associated with each interface. Traffic from the selected ports will be sent to the destination port. 12. From the Direction menu, specify the direction of the traffic that must be mirrored from the selected source ports: • None. No traffic direction is selected. This is the default setting. • Tx and Rx. Monitors both transmitted and received packets. • Rx.
7 7 Maintenance This chapter contains the following sections: • Reboot the Switch • Reset the Switch to Its Factory Default Settings • Export a File From the Switch • Download a File to the Switch or Update the Firmware • Manage Software Images • Enable Remote Diagnostics 322
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Reboot the Switch You can reboot the switch from the local browser interface. To reboot the switch: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Reset the Switch to Its Factory Default Settings You can reset the system configuration to the factory default values. All changes that you made are lost. If the IP address changes, your web session might disconnect. Note: If you reset the switch to the default configuration, the IP address is reset to 192.168.0.239, and the DHCP client is enabled.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Export a File From the Switch You can export configuration (ASCII) or log (ASCII log) files from the switch to a file server by using TFTP or to a computer by using HTTP.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches offline to personalize it for another similar device (for example, change the device name or IP address), and download it to that device. This is the default setting. • Error Log. The switch error log. • Trap Log. The trap log with the switch trap records. • Buffered Log. The switch buffered (in-memory) log. • Tech Support.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Discover or Change the Switch IP Address on page 12. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Maintenance > Export > HTTP File Export. The HTTP File Export page displays. 6.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Use TFTP to Download a File to the Switch or Update the Software Image You can download a software (firmware) image, configuration files, and SSL files from a TFTP server to the switch. Before you download a file to the switch, the following conditions must be true: • The file to download from the TFTP server is on the server in the appropriate directory. • The file is in the correct format.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. From the File Type menu, select the type of file: • Software. The system software image, which is saved in one of two flash sectors called images (image1 and image2). The active image stores the active copy, while the other image stores a second copy. The device boots and runs from the active image. If the active image is corrupted, the system automatically boots from the nonactive image.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 12. Select the Start File Transfer check box to initiate the file upload. 13. Click the Apply button. The file transfer begins. The page displays information about the progress of the file transfer. The page refreshes automatically when the file transfer completes.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. From the File Type menu, select the type of file: • Software. The system software image, which is saved in one of two flash sectors called images (image1 and image2). The active image stores the active copy, the other image stores a second copy. The device boots and runs from the active image. If the active image is corrupted, the system automatically boots from the nonactive image.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Manage Software Images The switch maintains two versions of the switch software in permanent storage. One image is the active image, and the second image is the backup image. The active image is loaded when the switch starts or reboots. This feature reduces switch down time when you are updating the switch software.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Select the Source Image image1 or image2 radio button to specify the image to be copied. 7. Select the Destination Image image1 or image2 radio button to specify the destination image. 8. Click the Apply button. Your settings are saved. Configure Dual Image Settings The Dual Image feature allows the switch to retain two images in permanent storage.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 7. As an option, specify a name for the selected image by entering one in the Image Description field. 8. Select the Activate Image check box. 9. Click the Apply button. Your settings are saved. IMPORTANT: After activating an image, you must reboot the switch. Otherwise, the switch continues running the image shown in the Current-active field until the switch reboots. Delete a Software Image To delete a software image: 1.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches View the Dual Image Status You can view information about the active and backup images on the system. To view dual image status information: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Enable Remote Diagnostics You can enable or disable the option to access the switch remotely. When remote access is enabled, you or technical support can perform remote diagnostics services. To enable remote diagnostics: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
A Configuration Examples A This appendix contains the following sections: • Virtual Local Area Networks (VLANs) • Access Control Lists (ACLs) • Differentiated Services (DiffServ) • 802.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Virtual Local Area Networks (VLANs) A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs together, routing the traffic to the appropriate port.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • If the port is a member of the VLAN specified by the packet’s VLAN ID, the packet can be sent to other ports with the same VLAN ID. • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a port means that packets leaving the switch from that port are untagged.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet can access port 5 and port 6. The outgoing packet is stripped of its tag to become an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a tagged packet with VLAN ID 20.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 2. On the MAC Rules page, create a rule for the Sales_ACL with the following settings: • Sequence Number. 1 • Action. Permit • Assign Queue ID. 0 • Match Every. False • CoS. 0 • Destination MAC. 01:02:1A:BC:DE:EF • Destination MAC Mask. 00:00:00:00:FF:FF • EtherType. User Value. • Source MAC. 02:02:1A:BC:DE:EF • Source MAC Mask. 00:00:00:00:FF:FF • VLAN ID.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches • Assign Queue ID. 0 (optional: 0 is the default value) • Match Every. False • Source IP Address. 192.168.187.0 • Source IP Mask. 255.255.0 For additional information about IP ACL rules, see Configure Rules for a Basic IP ACL on page 278. 3. Click the Add button. 4. On the IP Rules page, create a second rule for IP ACL 1 with the following settings: • Sequence Number. 2 • Action. Permit • Match Every. True 5.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Two basic types of QoS are supported: • Integrated Services. Network resources are apportioned based on request and are reserved (resource reservation) according to network management policy (RSVP, for example). • Differentiated Services. Network resources are apportioned based on traffic classification and priority, giving preferential treatment to data with strict timing requirements. The switch supports DiffServ.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches DiffServ Traffic Classes With DiffServ, you define which traffic classes to track on an ingress interface. You can define simple BA classifiers (DSCP) and a wide variety of multifield (MF) classifiers: • Layer 2; Layers 3, 4 (IP only) • Protocol-based • Address-based You can combine these classifiers with logical AND operations to build complex MF-classifiers (by specifying a class type of all or any, respectively).
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches definition to convey some QoS characteristics to downstream switches that do not routinely look at the DSCP value in the IP header. • Policing. A method of constraining incoming traffic associated with a particular class so that it conforms to the terms of the TCS. Out-of-profile packets that are either in excess of the conformance specification or are nonconformant are dropped. • Counting.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. Click the Add button. The policy is added. 7. Click the Policy1 hyperlink to view the Policy Class Configuration page for this policy. 8. Configure the Policy attributes as follows: • Assign Queue. 3 • Policy Attribute. Simple Policy • Color Mode. Color Blind • Committed Rate. 1000000 Kbps • Confirm Action. Send • Violate Action. Drop For more information, see Configure a DiffServ Policy on page 200. 9.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches between the authenticator (the system that passes an authentication request to the authentication server) and the supplicant (the system that requests authentication), as well as between the authenticator and the authentication server. The switch supports a guest VLAN, which allows unauthenticated users limited access to the network resources.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Figure 1. 802.1X authentication roles 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (1/0/5–1/0/8). These ports are available to visitors and must be authenticated before access is granted to the network. The authentication is handled by an external RADIUS server.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches 6. On the RADIUS Server Configuration page, configure a RADIUS server with the following settings: • Server Address. 192.168.10.23 • Secret Configured. Yes • Secret. secret123 • Active. Primary For more information, see Manage the RADIUS Settings on page 211. 7. Click the Add button. 8. On the Authentication List page, configure the default list to use RADIUS as the first authentication method.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches interconnecting these regions, and an Internal Spanning Tree (IST) within each region. MSTP ensures that frames with a VLAN ID are assigned to one and only one of the MSTIs or the IST within the region, that the assignment is consistent among all the networking devices in the region, and that the stable connectivity of each MSTI and IST at the boundary of the region matches that of the CST.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches kind outside the region. In other words, connectivity within the region is independent of external connectivity. MSTP Example Configuration This example shows how to create an MSTP instance from the switch. The example network includes three different switches that serve different locations in the network. In this example, ports 1/0/1–1/0/5 are connected to host stations, so those links are not subject to network loops.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Note: Bridge priority values are multiples of 4096. If you do not specify a root bridge and all switches are assigned the same bridge priority value, the switch with the lowest MAC address is elected as the root bridge (see Configure and View the CST Settings on page 146). 5. On the CST Port Configuration page, select ports 1/0/1–1/0/8 and select Enable from the STP Status menu (see Configure and View the CST Port Settings on page 148).
B B Specifications and Default Settings This appendix contains the following sections: • Switch Default Settings • General Feature Default Settings • System Setup and Maintenance Settings • Port Characteristics • Traffic Control Settings • Quality of Service Settings • Security Settings • System Management Settings • Settings for Other Features • Hardware Technical Specifications 353
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Switch Default Settings The following table describes the switch default settings. Table 73. Switch default settings Feature Default IP address 192.168.0.239 Subnet mask 255.255.255.0 Default gateway 192.168.0.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 73.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 74.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 74.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 74. General feature default settings (continued) Feature Name/Setting Default Burst Interval N/A Persistent Configuration Storage Local Write delay 300 Class of Service (CoS), Global Trust Mode 802.1p 802.1p to queue mapping (802.1p -> queue) 0 -> 1 1 -> 0 2 -> 0 3 -> 1 4 -> 2 5 -> 2 6 -> 3 7 -> 3 Note: By default, eight 802.1p priorities are mapped to four CoS queues.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 74.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 74. General feature default settings (continued) Feature Name/Setting Default Class of Service (CoS), Interface Trust mode 802.1p Interface shaping rate 0 802.1p to queue mapping (802.1p –> queue) 0 -> 1 1 -> 0 2 -> 0 3 -> 1 4 -> 2 5 -> 2 6 -> 3 7 -> 3 Note: By default, eight 802.1p priorities are mapped to four CoS queues.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches System Setup and Maintenance Settings The following table describes the system setup and maintenance settings. Table 75. System setup and maintenance settings Feature Sets Supported Default Boot code update 1 N/A DHCP/manual IP address 1 DHCP enabled, 192.168.0.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 76. Port characteristics (continued) Feature Sets Supported Default Static 802.1Q tagging 256 VID = 1 The maximum number of member ports are equal to the number of ports on the switch Learning process Supports static and dynamic MAC entries Dynamic learning is enabled by default Traffic Control Settings The following table describes the traffic control settings. Table 77.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Security Settings The following table describes the security settings. Table 79. Security settings Feature Sets Supported Default 802.1X All ports Disabled MAC ACL 100 (shared with IP ACLs) All MAC addresses allowed IP ACL 100 (shared with MAC ACLs) All IP addresses allowed Password control access 1 Idle timeout = 5 mins.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Settings for Other Features The following table describes the settings for other features. Table 81.
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Switches Table 82.
