User Manual

ManualsBrandsNETGEAR ManualsComputers & Accessories18-Port PoE Gigabit Ethernet Smart Switch - Managed, Optional Insight Cloud Management, 16 x PoE+ @ 180W, 2 x 1G SFP, Desktop or Rackmount, and Limited Lifetime Protection

Table Of Contents

NETGEAR, Inc.

350 East Plumeria Drive

San Jose, CA 95134, USA

March 2020

202-12036-02

User Manual

24-Port Gigabit (Hi-Power) PoE+ Ethernet

Smart Managed Pro Switch with 2 SFP Ports

and Cloud Management

Model GS724TPv2 and GS724TPP

User Manual

Summary of content (441 pages)

PAGE 1
User Manual 24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports and Cloud Management Model GS724TPv2 a n d G S 724T P P U ser Ma nu a l March 2020 202-12036-02 NETGEAR, Inc.
PAGE 2
4-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Support and Community Visit netgear.com/support to get your questions answered and access the latest downloads. You can also check out our NETGEAR Community for helpful advice at community.netgear.com. Regulatory and Legal Si ce produit est vendu au Canada, vous pouvez accéder à ce document en français canadien à https://www.netgear.com/support/download/.
PAGE 3
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 202-12036-01 (continued) January 2020 (continued) (continued) • We reorganized the information in Chapter 1, Get Started and added or revised the following sections: - Available publications - Switch management options and default management mode - About on-network and off-network access - Access the switch on-network and connected to the Internet - Access the switch off-network - Credentials for the local browser UI - Re
PAGE 4
Contents Chapter 1 Get Started Available publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Switch management options and default management mode . . . . . . . . .13 Manage the switch by using the local browser UI . . . . . . . . . . . . . . . . . . . . . 14 Software requirements to use the local browser UI . . . . . . . . . . . . . . . . .14 Supported web browsers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Access the user manual online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Chapter 2 Configure System Information View or define switch system information . . . . . . . . . . . . . . . . . . . . . . . . . . .52 View or define system information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52 View the fan status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure the global DHCP snooping settings . . . . . . . . . . . . . . . . . . 120 Enable DHCP for all interfaces in a VLAN . . . . . . . . . . . . . . . . . . . . . . . 121 Configure DHCP snooping interface settings. . . . . . . . . . . . . . . . . . . . 122 Configure static DHCP bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Set up PoE timer schedules. . . . . . . . . . . . . . . . . . . . . .
PAGE 7
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure one or more IGMP multicast router interfaces. . . . . . . . . . 189 Configure an IGMP multicast router VLAN . . . . . . . . . . . . . . . . . . . . . . 190 IGMP snooping querier overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Configure an IGMP snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Configure an IGMP snooping querier for a VLAN . . . . . . . . . . . . . . .
PAGE 8
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure management access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263 Configure HTTP access settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Configure HTTPS access settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 Manage certificates for HTTPS access . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Control access with profiles and rules. .
PAGE 9
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Manage the server log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 View or clear the trap logs and the counter . . . . . . . . . . . . . . . . . . . . . 377 Configure port mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379 Chapter 7 Maintain or Troubleshoot the Switch Reboot the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Appendix B Specifications and Default Settings Switch default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428 General feature default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .429 System setup and maintenance settings . . . . . . . . . . . . . . . . . . . . . . . . . . .435 Port characteristics . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
1 1 Get Started This user manual describes how you can use the local browser user interface (UI) to configure and operate the following NETGEAR Smart Managed Pro switches: • GS724TPv2. NETGEAR 24-Port Gigabit PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports and Cloud Management. This model provides a PoE power budget of 190W. • GS724TPP. NETGEAR 24-Port Gigabit Hi-Power PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports and Cloud Management. This model provides a PoE power budget of 380W.
PAGE 12
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Note: In this manual, we refer to both switch models as the switch. Unless noted otherwise, all information applies to both switch models. Note: For more information about the topics covered in this manual, visit the support website at netgear.com/support. Note: Firmware updates with new features and bug fixes are made available from time to time at netgear.com/support/download/.
PAGE 13
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Switch management options and default management mode If you prefer, you can use the switch as a plug-and-play device, so you do not need to set up a custom configuration. Just connect power, connect to your network and to your other devices, and you’re done. The switch provides administrative management options that let you configure, monitor, and control the network.
PAGE 14
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Manage the switch by using the local browser UI This manual describes how to use the local browser UI to manage and monitor the switch. For information about using the NETGEAR Insight app and Insight Cloud portal to manage the switch, visit netgear.com/insight and netgear.com/support/product/Insight.aspx. For knowledge base articles about NETGEAR Insight, visit netgear.com/support.
PAGE 15
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Navigation tabs, configuration menus, and page menu The following figure shows the System Information page for model GS724TPP. Navigation tabs Configuration menus Logout button Language menu Help page Buttons Page menus Configuration status and options Figure 1.
PAGE 16
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Link Submenu links Figure 2. Switch page menu link and submenu links Configuration and status options The area directly under the configuration menus and to the right of the links displays the configuration information or status for the page you select. On pages that contain configuration options, you might be able to enter information into fields, select options from menus, select check boxes, and select radio buttons.
PAGE 17
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports User-defined fields User-defined fields can contain 1 to 159 characters, unless otherwise noted on the configuration web page. All characters can be used except for the ones stated in the following table (unless specifically noted in a procedure for a feature). Table 2. Invalid characters for user-defined fields Invalid characters for user-defined fields \ | / < > * ? Context-sensitive help When you log in to the swit
PAGE 18
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Access the switch on-network and connected to the Internet The DHCP client on the switch is enabled by default, allowing a DHCP server or router on the network to assign an IP address to the switch. If the switch is on-network, connected to a DHCP server, and connected to the Internet, you can use a Windows-based computer to access the local browser UI of the switch and register the switch with NETGEAR.
PAGE 19
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Use a Windows-based computer to access the switch on-network For the following procedure, the network must provide Internet access. To use a Windows-based computer to determine the switch IP address and access the switch on-network: 1. Cable the switch to a network with a router or DHCP server that manages IP addresses. 2. Power on the switch. The DHCP server assigns the switch an IP address. 3.
PAGE 20
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Microsoft Edge. If Microsoft Edge displays a There is a problem with this website’s security certificate message or a similar warning, select Details > Go on to the webpage. Note: For information about installing a security certificate, see Use an HTTP session to download and install an SSL security certificate file on the switch on page 395. 10.
PAGE 21
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Use the NETGEAR Insight mobile app to discover the IP address of the switch If the switch is connected to a WiFi router or access point, and the switch is connected to the Internet, the NETGEAR Insight mobile app lets you discover the switch in your network.
PAGE 22
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Use the NETGEAR Switch Discovery Tool to discover the switch For easiest access, we recommend that you cable the switch to a network with a router or DHCP server that assigns IP addresses, power on the switch, and then use a computer that is connected to the same network as the switch.
PAGE 23
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 10. Write down the switch IP address assigned by the DHCP server. For information about how to access the local browser UI of the switch, see Access the switch on-network when you know the switch IP address on page 26.
PAGE 24
-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Tip: After you complete the initial log-in process (see Register the switch on page 31), you can access the local browser UI from the SCC by selecting your switch in the SCC and clicking the Web Browser Access button. Discover the switch in a network without a DHCP server using the Smart Control Center This section describes how to use the Smart Control Center (SCC) to set up your switch in a network without a DHCP server.
PAGE 25
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. Type the local device password to continue with the configuration change. You must enter the local device password each time that you use the SCC to update the switch settings. The default local device password is password. 10. Click the Apply button. Your settings are saved.
PAGE 26
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Access the switch on-network when you know the switch IP address If the switch is on-network and you know the switch IP address, you can access the local browser UI. For the following procedure, the network must provide Internet access. To access the switch on-network when you know the switch IP address: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch.
PAGE 27
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 5. Enter your credentials, which depend on the page that displays: • Register to unlock all features page displays. If this is the first time that you log in to the local browser UI, the Register to unlock all features page displays. Click the Log in with NETGEAR account button, and follow the directions onscreen to register the switch with your NETGEAR email address and password.
PAGE 28
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The default IP address of the switch is 192.168.0.239. The IP address of the computer that you use to access the switch off-network must in the same subnet as the default IP address of the switch. To access the switch off-network and not connected to the Internet after you registered the switch with NETGEAR or obtained a registration key: 1.
PAGE 29
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Apple Safari. If Apple Safari displays a This connection is not private message, click the Show Details button. Then, click the visit this website link. If a warning pop-up window opens, click the Visit Website button. If another pop-up window opens to let you confirm changes to your certificate trust settings, enter your Mac user name and password and click the Update Setting button. • Mozilla Firefox.
PAGE 30
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Credentials for the local browser UI The information in this section applies to accessing the switch local browser UI in either management mode. That is, it does not apply to accessing the NETGEAR Insight app and Cloud portal. Note: Until you register and access the switch with your NETGEAR account or obtain and enter a registration key, you can access only a limited menu of the local browser UI.
PAGE 31
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports NETGEAR account credentials. After you do so, you can access the full menu of the local browser UI with your local device password. The following table lists the essential credential options for access to the local browser UI. Table 3.
PAGE 32
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Register the switch with your NETGEAR account and access the switch online For initial registration and access with your NETGEAR account, the switch must be connected to the Internet so that it can communicate with a NETGEAR server. If you do not own a free NETGEAR account, you can create one during the registration process. To register and access the switch online over the local browser UI with your NETGEAR account: 1.
PAGE 33
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Microsoft Edge. If Microsoft Edge displays a There is a problem with this website’s security certificate message or a similar warning, select Details > Go on to the webpage. Note: For information about installing a security certificate, see Use an HTTP session to download and install an SSL security certificate file on the switch on page 395. 5.
PAGE 34
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. In the Serial Number field, enter the serial number of the switch. The serial number consists of 13 digits. The serial number is usually printed on a label on the bottom or the back panel of the switch. 5. Click the Register button. The switch is registered with NETGEAR. 6. If the My Products does not display, click My Products from the menu. The page adjusts. 7.
PAGE 35
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Note: NETGEAR provides enhanced security by enforcing secure access and communication between your web browser and the switch. Your browser might display a security message that your connection is not private or not secure, or that a problem with the security certificate occurred. If such as security message displays, you cannot proceed but must take action. See the next step. 13.
PAGE 36
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Change the language of the local browser UI By default, the language is set to Auto. You can set the language to a specific one. To change the language of the local browser UI: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 37
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Change the management mode of the switch By default, the management mode on the switch is Directly Connect to Web Browser Interface (which is the same as the local browser UI). You can also change the management mode to NETGEAR Insight Mobile App and Insight Cloud Portal.
PAGE 38
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 39
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For more information about NETGEAR Insight, visit netgear.com/insight and netgear.com/support/product/Insight.aspx. For knowledge base articles about NETGEAR Insight, visit netgear.com/support. Change the management mode back to Directly Connect to Web Browser Interface To change the management mode of the switch back to Directly Connect to Web Browser Interface: 1. Connect your computer to the same network as the switch.
PAGE 40
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The pop-up window closes, the System Information page closes, and your settings are saved. Any current Insight-manageable device settings are saved to the cloud server. The Local Device Login page displays. 10. Log in again. The System Information page displays and the full menu of the local browser UI is now available. Use the Device View of the local browser UI The Device View displays the ports on the switch.
PAGE 41
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the system LEDs in the Device View. System LED Color Description Power LED Solid green Power is supplied to the switch and the switch is operating normally. Note: The physical Power LED on the switch can also light solid amber. Solid amber does not apply to the Device View. (If the switch is off or booting, you cannot access the Device View.
PAGE 42
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Port or port LED Color Upper Ethernet Solid dark green port LED Solid green Description No Ethernet link is established. A 1000 Mbps Ethernet link is established Blinking green The port is transmitting or receiving packets at 1000 Mbps. Solid yellow A 10 Mbps or 100 Mbps Ethernet link is established. Note: In this situation, the physical upper port LED on the switch lights solid amber rather than yellow.
PAGE 43
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Right-click the specific port that you want to view or configure to see a menu that displays statistics and configuration options. Select the menu option to access the page that contains the configuration or monitoring options.
PAGE 44
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure interface settings The switch supports physical and logical interfaces. Interfaces are identified by their type and the interface number. The physical ports are Gigabit interfaces and are numbered on the front panel. You configure the logical interfaces by using the software. The following table describes the naming convention for all interfaces available on the switch. Table 4.
PAGE 45
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports log in to the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. To configure a single port by using the Go To Interface field: 1. Ensure that the page is displaying all ports, and not only the LAGs. 2. In the Go To Interface field, type the port number, for example g3. For more information, see Configure interface settings on page 44. 3.
PAGE 46
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports To configure a single port: 1. Ensure that the page is displaying all ports, and not only the LAGs. 2. Select the check box next to the port number. The row for the selected interface is highlighted, and the interface number appears in the heading row. 3. Configure the desired settings. 4. Click the Apply button. Your settings are saved. To configure a single LAG: 1. Click the LAG link or the All link to display the LAGs. 2.
PAGE 47
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports To configure multiple LAGs: 1. Click the LAG link or the All link to display the LAGs. 2. Select the check box next to each LAG to configure. The check box associated with each interface is selected, and the row for each selected interface is highlighted. 3. Configure the desired settings. 4. Click the Apply button. Your settings are saved. To configure all ports: 1.
PAGE 48
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Click the Apply button. Your settings are saved. To configure multiple ports and LAGs: 1. Click the All link to display all ports and LAGs. 2. Select the check box associated with each port and LAG to configure. The rows for the selected ports and LAGs are highlighted. 3. Configure the desired settings. 4. Click the Apply button. Your settings are saved. To configure all ports and LAGs: 1.
PAGE 49
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 50
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Help > Online Help > User Guide. The User Guide page displays. 7. To access the NETGEAR download center, click the Apply button. 8. Enter the model number of the switch.
PAGE 51
2 2 Configure System Information This chapter contains the following sections: • View or define switch system information • Configure the switch IP address settings • Configure the IPv6 network interface • Configure the time settings • Configure Denial of Service settings • Configure the DNS settings • Configure Green Ethernet settings • Use the Device View • Configure Power over Ethernet • Configure SNMP • Configure LLDP • Configure DHCP snooping • Set up PoE timer schedules 51
PAGE 52
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports View or define switch system information You can view or define system information, view temperature information, view fan information, and view software information. View or define system information When you log in, the System Information page displays. You can configure and view general device information. To view or define system information: 1. Connect your computer to the same network as the switch.
PAGE 53
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 6. Define the following fields: • System Name. Enter the name to identify this switch. You can use up to 255 alphanumeric characters. The default is blank. • System Location. Enter the location of this switch. You can use up to 255 alphanumeric characters. The default is blank. • System Contact. Enter the contact person for this switch. You can use up to 255 alphanumeric characters. The default is blank. 7.
PAGE 54
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Field Description System Up Time The time in days, hours, and minutes since the last switch reboot. Base Mac Address Universally assigned hardware address of the switch. View the fan status The fans remove the heat generated by the power, CPU, and other components, and allow the switch to function normally. Model GS724TPv2 integrates two fans. Model GS724TPP integrates three fans. You can view the fan status.
PAGE 55
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. To refresh the page, click the Refresh button. The following table describes the nonconfigurable temperature and fan status information. Table 5. Fan status Field Description FAN The fan index used to identify the fan for the switch. Description The description of the fan temperature sensor. Type Specifies whether the fan module is fixed or removable. Speed The fan speed.
PAGE 56
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Scroll down to the Versions section. 7. To refresh the page, click the Refresh button.
PAGE 57
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After registration, enter the local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 58
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Note: Make sure that the VLAN that must be the management VLAN exists. Also make sure that the PVID of at least one port in the VLAN is the same as the management VLAN ID. For information about creating VLANs and configuring the PVID for a port, see Configure VLANs on page 140. The following requirements apply to the management VLAN: • Only one management VLAN can be active at a time.
PAGE 59
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 60
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The address is in the global address format. b. In the EUI64 menu, select True to enable the Extended Universal Identifier (EUI) flag for IPv6 address, or select False to omit the EUI flag. c. Click the Add button. 11. Click the Apply button. Your settings are saved.
PAGE 61
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the information the IPv6 Network Neighbor page displays about each IPv6 neighbor that the switch discovered. Table 6. IPv6 network interface neighbor table information Field Description IPv6 address The IPv6 address of a neighbor switch visible to the network interface. MAC address The MAC address of a neighbor switch.
PAGE 62
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 63
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure the time settings with SNTP To configure the time by using SNTP: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 64
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports determine the time and, optionally, the round-trip delay and local clock offset relative to the server. • Broadcast. SNTP operates in the same manner as multicast mode but uses a local broadcast address instead of a multicast address. The broadcast address provides a single-subnet scope while a multicast address provides an Internet-wide scope. The default is Disable. 9.
PAGE 65
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The allowed range is 0 to 59. The default is 0. 18. Click the Apply button. Your settings are saved. Configure the global SNTP settings To configure the global SNTP settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 66
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select a Client mode radio button to specify the mode of operation of the SNTP client: • Disable. SNTP is not operational. No SNTP requests are sent from the client and no received SNTP messages are processed. • Unicast. SNTP operates in a point-to-point fashion.
PAGE 67
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The allowed range is 1 to 30. The default is 5. 12. In the Unicast Poll Retry field, specify the number of times to retry a unicast poll request to an SNTP server after the first time-out before the switch attempts to use the next configured server. The allowed range is 0 to 10. The default is 1. 13. In the Time Zone Name field, specify a time zone.
PAGE 68
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After registration, enter the local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 69
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 7. SNTP Global Status information (continued) Field Description Last Update Time The local date and time (UTC) that the SNTP client last updated the system clock. Last Attempt Time The local date and time (UTC) of the last SNTP request or receipt of an unsolicited message. Last Attempt Status The status of the last SNTP request or unsolicited message for both unicast and broadcast modes.
PAGE 70
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Time sources are established by strata. Strata define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock. The device receives time from Stratum 1 and above since it is itself a Stratum 2 device. The following is an example of strata: • Stratum 0. A real-time clock is used as the time source, for example, a GPS system. • Stratum 1.
PAGE 71
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After registration, enter the local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 72
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The SNTP client on the device continues sending SNTP requests to different servers until a successful response is received, or all servers are exhausted. The priority indicates the order in which to query the servers. The request is sent to an SNTP server with a priority value of 1 first, then to a server with a priority value of 2, and so on.
PAGE 73
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Change the settings for an existing SNTP server To change the settings for an existing SNTP server: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 74
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 75
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After registration, enter the local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 76
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 8. Click the Apply button. Your settings are saved. The fields that are described in the following table are visible on the page only if the DayLight Saving (DST) Recurring, Recurring EU, or Recurring USA radio button is selected. Table 9. Daylight saving setting is Recurring, Recurring EU, or Recurring USA Field Description Begins At These fields are used to configure the start values of the date and time. • Week.
PAGE 77
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 10. Daylight saving setting is Non Recurring (continued) Field Description Offset Specify the number of minutes to shift the summer time from the standard time. The valid range is 1–1440 minutes. Zone Specify the acronym associated with the time zone when summer time is in effect. This field is not validated against an official list of time zone acronyms.
PAGE 78
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. To refresh the page, click the Refresh button. The following table displays the nonconfigurable information on the page. Table 11. Daylight Saving (DST) Status information Field Description Daylight Saving (DST) The Daylight Saving value, which is one of the following: • Disable • Recurring • Recurring EU • Recurring USA • Non Recurring Begins At Displays when the daylight saving time begins.
PAGE 79
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure Denial of Service settings You can configure Denial of Service (DoS), allowing the switch to classify and block specific types of DoS attacks. Configure Auto-DoS The Auto-DoS Configuration page lets you automatically enable all the DoS features available on the switch, except for the L4 Port attack.
PAGE 80
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports When an attack is detected, a warning message is logged to the buffered log and is sent to the syslog server. At the same time, the port is shut down and can be enabled only manually by the admin user. 8. Click the Apply button. Your settings are saved. Configure Denial of Service You can select which types of DoS attacks the switch monitors and blocks. To configure individual DoS settings: 1.
PAGE 81
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select the types of DoS attacks for the switch to monitor and block and configure any associated values: • Denial of Service ICMPv4. Enabling ICMPv4 DoS prevention causes the switch to drop ICMPv4 packets with a type set to ECHO_REQ (ping) and a size greater than the configured ICMPv4 packet size. • Denial of Service Max ICMPv4 Packet Size. Specify the maximum ICMPv4 packet size allowed.
PAGE 82
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 83
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports user enters test, then test is changed to test.netgear.com to resolve the name). The name must not be longer than 255 characters. 9. In the DNS Server field, specify the IPv4 address to which the switch sends DNS queries. 10. Click the Add button. The server is added to the list. You can specify up to eight DNS servers. The Preference field displays the server preference order.
PAGE 84
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After registration, enter the local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 85
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After registration, enter the local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 86
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select System > Management > DNS > Host Configuration. The DNS Host Configuration page display. 7. Select the check box next to the entry to update. 8. Enter the new information in the appropriate field. 9. Click the Apply button. Your settings are saved. 10.
PAGE 87
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 88
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure the Green Ethernet interface settings You can configure per-port Green Ethernet settings. To configure the Green Ethernet interface settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 89
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the port, or type the port number (for example, g1) in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface.
PAGE 90
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports It is important to note that although a device is listed as an 802.3at (PoE+) powered or 802.3af (PoE) powered device, it might not require the maximum power limit that is specified. Many devices require less power, allowing all PoE+ ports to be active simultaneously, when the devices correctly report their PoE class to the switch.
PAGE 91
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The switch is also a smart switch in that it can override the IEEE power classification of a powered device (PD): If the PD consumes less power than required by its power classification, the switch provides only the power that the PD consumes instead of the power that is required by the PD’s power classification.
PAGE 92
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 6. Select System > PoE > Advanced > PoE Port Configuration. The delivered power is stated in the Output Power (Watt) column. Configure PoE trap settings and view PoE information You can configure the PoE trap settings and view PoE information such as nominal power, threshold power, and consumed power. To configure the PoE trap settings and view PoE information: 1. Connect your computer to the same network as the switch.
PAGE 93
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. From the Traps menu, select Enable or Disable. The default is Enable. Selecting Disable deactivates the PoE traps. 8. Click the Apply button. Your settings are saved. The following table describes the nonconfigurable fields on the page. Table 16. PoE Configuration fields Field Description Firmware Version The firmware version of the PoE firmware component. Power Status The power status.
PAGE 94
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After registration, enter the local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 95
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 10. From the High Power Mode menu, select the PoE mode that the port must function in: • 802.3af. The port is powered in and limited to the IEEE 802.3af mode. A PD that requires IEEE 802.3at does not receive power if the port functions in IEEE 802.3af mode. • Legacy. The port is powered using high-inrush current, which is used by legacy PDs that require more than 15W to power up. • Pre-802.3at.
PAGE 96
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 17. PoE Port Configuration (continued) Field Description Output Power The power that is delivered to the PD in watts. Status The operational status of the port. The possible values are as follows: • Disabled. No power is delivered. • DeliveringPower. Power is being drawn by the PD. • Fault. A problem occurred with the power. • Test. The port is in test mode. • otherFault.
PAGE 97
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Add an SNMP community: To add an SNMP community: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 98
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports access is allowed. For example, if the management station IP address and management station IP mask parameters are 192.168.1.0/255.255.255.0, any client with an IP address from one 192.168.1.0 through 192.168.1.255 (inclusive) is allowed access. To allow access from only one station, use a management station IP mask value of 255.255.255.255, and use that machine’s IP address for client address. 9.
PAGE 99
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 6. Select System > SNMP > SNMP V1/V2 > Community Configuration. The Community Configuration page displays. 7. Select the check box next to the community. 8. Update the desired fields. 9. Click the Apply button. Your settings are saved. Delete an SNMP community To delete an SNMP community: 1. Connect your computer to the same network as the switch.
PAGE 100
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure SNMPv1 and SNMPv2 trap settings You can configure settings for each SNMPv1 or SNMPv2 management host that must receive notifications about traps generated by the device. The SNMP management host is also known as the SNMP trap receiver. Add an SNMP trap receiver To add an SNMP trap receiver: 1. Connect your computer to the same network as the switch.
PAGE 101
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 8. From the Version menu, select the trap version to be used by the SNMP trap receiver: • SNMPv1. The switch uses SNMPv1 to send traps to the receiver. The default setting is SNMPv1. • SNMPv2. The switch uses SNMPv2 to send traps to the receiver. 9. In the Community String field, specify the name of the SNMP community that includes the SNMP management host and the SNMP agent on the device.
PAGE 102
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select the check box next to the recipient. 8. Update the desired fields. 9. Click the Apply button. Your settings are saved. Delete an SNMP recipient To delete an SNMP trap recipient: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
PAGE 103
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure SNMPv1 and SNMPv2 trap flags You can enable or disable traps that the switch can send to an SNMP manager. When the condition identified by an active trap is encountered by the switch, a trap message is sent to any enabled SNMP trap receivers, and a message is written to the trap log. To configure the trap flags: 1. Connect your computer to the same network as the switch.
PAGE 104
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports browser UI and fails to provide a valid user name and password. The default is Enable. • Link Up/Down. When enabled, SNMP traps are sent when the administrative or operational state of a physical or logical link changes. The default is Enable. • Spanning Tree. When enabled, SNMP traps are sent when various spanning tree events occur. The default is Enable. 8. Click the Apply button. Your settings are saved.
PAGE 105
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the nonconfigurable information on the page. Table 18. SNMP supported MIBs Field Description Name The RFC number if applicable and the name of the MIB. Description The RFC title or MIB description. Configure SNMPv3 users Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, the switch supports only one user (admin).
PAGE 106
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select System > SNMP > SNMPv3 > User Configuration. The User Configuration page displays. The SNMPv3 Access Mode field is a read-only field that shows the access privileges for the user account. Access for the admin account is always Read/Write.
PAGE 107
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Device location discovery for creation of location databases. • Extended and automated power management of Power over Ethernet endpoints. • Inventory management, enabling network administrators to track their network devices and determine their characteristics (manufacturer, software and hardware versions, serial/asset number).
PAGE 108
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. To configure nondefault values for the following LLDP properties, specify the following options: • TLV Advertised Interval. The number of seconds between transmissions of LLDP advertisements. • Hold Multiplier. The transmit interval multiplier value, where transmit hold multiplier × transmit interval = the time to live (TTL) value that the device advertises to neighbors. • Re-initializing Delay.
PAGE 109
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After registration, enter the local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 110
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Management IP Address. Choose whether to advertise the management IP address from the interface. The possible field values are as follows: - Stop Advertise. Do not advertise the management IP address from the interface. - Auto Advertise. Advertise the current IP address of the device as the management IP address. The default is Auto Advertise. • Notification.
PAGE 111
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select System > LLDP > Advanced > LLDP-MED Network Policy. The LLDP-MED Network Policy page displays. 7.
PAGE 112
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure LLDP-MED port settings You can enable LLDP-MED mode on an interface and configure its properties. To configure LLDP-MED settings for a port: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 113
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports - Network Policy - Location Identification - Extended Power via MDI: PSE - Extended Power via MDI: PD - Inventory 9. Click the Apply button. Your settings are saved. View local LLDP information You can view the data that each port advertises through LLDP. To view local LLDP information: 1. Connect your computer to the same network as the switch.
PAGE 114
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The page includes only the interfaces on which LLDP is enabled. The following table describes the LLDP device information and port summary information. Field Description Chassis ID Subtype The type of information used to identify the switch in the Chassis ID field. Chassis ID The hardware platform identifier for the switch. System Name The user-configured system name for the switch.
PAGE 115
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the detailed local information that displays for the selected port. Field Description Managed Address Address SubType The type of address the local browser UI uses, such as an IPv4 address. Address The address used to manage the device. Interface SubType The port subtype. Interface Number The number that identifies the port.
PAGE 116
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports View LLDP neighbors information You can view the data that a specific interface receives from other LLDP-enabled systems. To view LLDP information received from a neighbor device: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 117
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the information that displays for all LLDP neighbors that were discovered. Field Description MSAP Entry The Media Service Access Point (MSAP) entry number for the remote device. Local Port The interface on the local system that received LLDP information from a remote system. Chassis ID Subtype The type of data displayed in the Chassis ID field on the remote system.
PAGE 118
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Field Description Managed Addresses Address SubType The type of the management address. Address The advertised management address of the remote system. Interface SubType The port subtype. Interface Number The port on the remote device that sent the information. MAC/PHY Details Auto-Negotiation Supported Specifies whether the remote device supports port-speed autonegotiation. The possible values are True or False.
PAGE 119
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Field Description Location Information Civic The physical location, such as the street address, that the remote device advertised in the location TLV, for example, 123 45th St. E. The field value length range is 6–160 characters. Coordinates The location map coordinates that the remote device advertised in the location TLV, including latitude, longitude, and altitude.
PAGE 120
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure the global DHCP snooping settings You can view and configure the global settings for DHCP snooping. To configure the global DHCP snooping settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 121
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports When MAC address validation is enabled, the device checks packets that are received on an untrusted interface to verify that the MAC address and the DHCP client hardware address match. If the addresses do not match, the device drops the packet. 9. Click the Apply button. Your settings are saved. Enable DHCP for all interfaces in a VLAN To enable DHCP snooping for all interfaces that are members of a VLAN: 1.
PAGE 122
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure DHCP snooping interface settings You can view and configure each port as a trusted or untrusted port. Any DHCP responses received on a trusted port are forwarded. If a port is configured as untrusted, any DHCP (or BootP) responses received on that port are discarded. To configure DHCP snooping interface settings: 1. Connect your computer to the same network as the switch.
PAGE 123
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 8.
PAGE 124
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 125
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 20. DHCP Dynamic Configuration information Field Description Interface The interface on which the DHCP client message was received. MAC Address The MAC address associated with the DHCP client that sent the message. This is the key to the binding database. VLAN ID The VLAN ID of the client interface. IP Address The IP address assigned to the client by the DHCP server.
PAGE 126
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After registration, enter the local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 127
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 128
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 12. From the Recurrence Pattern menu, select the pattern: • Daily. The timer schedule works with daily recurrence. The fields adjust. Select one of the following radio buttons: • • - Every WeekDay. The schedule operates from Monday through Friday. - Every Day(s). Enter a number from 0 to 65534 in the field. The schedule is triggered every specified number of days.
PAGE 129
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Delete a PoE timer schedule You can delete a PoE timer schedule that you no longer need. The associated timer schedule configuration is also deleted. To delete a PoE timer schedule: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 130
3 3 Configure Switching This chapter contains the following sections: • Configure the port settings and maximum frame size • Configure link aggregation groups • Configure VLANs • Configure a voice VLAN • Configure Auto-VoIP • Configure Spanning Tree Protocol • Configure multicast • View, search, and manage the MAC address table • Configure Layer 2 loop protection 130
PAGE 131
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure the port settings and maximum frame size You can view, configure, and monitor the physical port information for the ports (that is, the physical interfaces) on the switch. To configure the port settings and maximum frame size: 1. Connect your computer to the same network as the switch.
PAGE 132
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. In the Frame Size field, specify the maximum Ethernet frame size that each interface can support. The frame size includes the Ethernet header, CRC, and payload. The range is 1522 to 10000. The default maximum frame size is 1522. 8. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch).
PAGE 133
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Possible field values are as follows: • Auto. All supported speeds. This is the default setting. • 10Mbps. 10 Mbits/second. • 100Mbps. 100 Mbits/second. • 1000Mbps. 1000 Mbits/second. The delimiter characters for setting different speed values are a comma (,), a period (.) and a space ( ). For you to set the autonegotiation speed, the autonegotiation mode must be set to Enable. The default is Auto.
PAGE 134
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the nonconfigurable information on the page. Table 21. Port Configuration information Field Description Port Type For normal ports this field is blank. Otherwise, the possible values are as follows: • Mirrored. The port is a mirrored port on which all the traffic is copied to the probe port. • Probe. Use this port to monitor a mirrored port. • Trunk Member.
PAGE 135
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports To configure LAG settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 136
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports When the LAG is disabled, no traffic flows and LACPDUs are dropped, but the links that form the LAG are not released. The default is Enable. 10. From the Hash Mode menu, select the load-balancing mode for a port channel (LAG): • 1 Src/Dest MAC, incoming port. This mode uses the source MAC address, destination MAC address, and incoming port that are associated with the packet. • 2 Src/Dest IP and TCP/UDP Port Fields.
PAGE 137
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports To configure LAG membership: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 138
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 10. Click the Apply button. Your settings are saved. Set the LACP system priority You can set the LACP system priority that applies to all LAGs on the switch. To set the LACP system priority: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
PAGE 139
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. In the LACP System Priority field, specify the device’s link aggregation priority relative to the devices at the other ends of the links on which link aggregation is enabled. A higher value indicates a lower priority. You can change the value of the parameter globally by specifying a priority from 1 to 65535. The default is 32768. 8. Click the Apply button. Your settings are saved.
PAGE 140
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface.
PAGE 141
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Each VLAN in a network is assigned an associated VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. An end station can omit the tag, or the VLAN portion of the tag, in which case the first switch port to receive the packet can either reject it or insert a tag using its default VLAN ID.
PAGE 142
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 6. Select Switching > VLAN > Basic > VLAN Configuration. 7. In the VLAN ID field, specify the VLAN identifier for the new VLAN. The range of the VLAN ID can be from 2 to 4093, excluding 4088. (The default VLANs are 1 and 4088). 8. In the VLAN Name field, specify a name for the VLAN. The VLAN name can be up to 32 alphanumeric characters long, including blanks. The default is blank. VLAN ID 1 always uses the name Default. 9.
PAGE 143
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 144
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 145
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6.
PAGE 146
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 10. In the LAG table, click each LAG once, twice, or three times to configure one of the following modes or reset the LAG to the default settings: • T (Tagged). Selects the LAG as a tagged LAG in the VLAN. All frames transmitted on the LAG are tagged for this VLAN. • U (Untagged). Selects the LAG as an untagged LAG in the VLAN. All frames transmitted on the LAG are untagged for this VLAN. • Blank.
PAGE 147
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 148
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • To change the port’s default PVID, you must first create a VLAN that includes the port as a member (see Configure VLAN membership on page 144). To configure PVID settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 149
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 8. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the port, or type the port number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface.
PAGE 150
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the nonconfigurable fields on the page. Table 25. Nonconfigurable fields on the PVID Configuration page Field Description Current Ingress Filtering Indicates whether ingress filtering is enabled for the interface. Untagged VLANs The number of untagged VLANs for the interface. Tagged VLANs The number of tagged VLANs for the interface.
PAGE 151
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 6. Select Switching > VLAN > Advanced > Voice VLAN Configuration. 7. Select the Admin Mode Disable or Enable radio button. This specifies the administrative mode for the voice VLAN for the switch. The default is Disable. 8.
PAGE 152
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The default is Enable. When the authentication mode is enabled, voice traffic is allowed on an unauthorized voice VLAN port. When the authentication mode is disabled, devices are authorized through dot1x. Note: Authentication through dot1x is possible only if dot1x is enabled. 13. In the DSCP Value field, configure the Voice VLAN DSCP value for the port. The valid range is 0 to 64. The default is 0. 14.
PAGE 153
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 154
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • To configure multiple interfaces with the same settings, select the check box associated with each interface. • To configure all interfaces with the same settings, select the check box in the heading row. c. From the Auto VoIP Mode menu, select to enable or disable the Auto VoIP mode for the interface or interfaces. 10. Click the Apply button. Your settings are saved.
PAGE 155
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. In the Auto-VoIP VLAN ID field, enter the VoIP VLAN ID of the switch. The default Auto-VoIP VLAN ID is 4088. You can use that VLAN ID or create another VLAN ID for Auto-VoIP. 8. From the OUI-based priority menu, select the OUI-based priority of the switch, from 0 to 7. The default value is 7. 9. Click the Apply button. Your settings are saved. Configure the OUI-based port settings You can configure the OUI port settings.
PAGE 156
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 8.
PAGE 157
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • 00:12:43: CISCO2 • 00:60:B9: NITSUKO • 00:D0:1E: PINTEL • 00:E0:75: VERILINK • 00:E0:BB: 3COM • 00:04:0D: AVAYA1 • 00:1B:4F: AVAYA2 You can select an existing OUI or add a new OUI and description to identify the IP phones on the network. Configure the OUI table To configure the OUI table: 1. Connect your computer to the same network as the switch.
PAGE 158
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports You can configure up to 32 OUIs. 8. In the Description field, enter the description for the OUI. The maximum length of description is 32 characters. 9. Click the Add button. The telephony OUI entry is added. Delete one or more OUI prefixes from the OUI table To delete one or more OUI prefixes from the OUI table: 1. Connect your computer to the same network as the switch.
PAGE 159
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Display the Auto-VoIP status You can display the Auto-VoIP status. To view the Auto-VoIP status: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 160
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure Spanning Tree Protocol The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of network devices. STP also provides one path between end stations on a network, eliminating loops. STP (also referred to as “classic” STP) provides a single path between end stations, avoiding and eliminating loops.
PAGE 161
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 162
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports e. Forward BPDU while STP Disabled. Enable or disable the bridge protocol data unit (BPDU) flood. This setting specifies whether spanning tree BPDUs are forwarded while spanning tree is disabled on the switch. 8. Click the Apply button. Your settings are saved. The following table describes the nonconfigurable STP Status fields displayed on the page. Table 27.
PAGE 163
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure the CST settings You can configure Common Spanning Tree (CST) and Internal Spanning Tree on the switch. To configure CST settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 164
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Specify the CST options: • Bridge Priority. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge. Specify the bridge priority value for the Common and Internal Spanning Tree (CST). The valid range is 0–61440. The bridge priority is a multiple of 4096.
PAGE 165
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 166
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. From the STP Status menu, select the option to enable or disable the spanning tree administrative mode that is associated with the port or port channel. The possible values are Enable and Disable. The default is Enable. 10. From the Fast Link menu, select whether the specified port is an edge port within the CST. The possible values are Enable, Disable, and Auto.
PAGE 167
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports View the CST port status You can display Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To view the CST port status: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 168
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 8. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the CST port status information on the page. Table 29. CST port status Field Description Interface The physical port or LAG that is associated with the CST.
PAGE 169
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 170
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Manage the MST settings You can configure Multiple Spanning Tree (MST) on the switch. Configure an MST instance To configure an MST instance: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 171
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports specify a priority that is not a multiple of 4096, the priority is automatically set to the next lowest priority that is a multiple of 4096. For example, if you set the priority to any value between 0 and 4095, the switch automatically sets the value to 0. The default is 32768. The valid range is 0–61440. • VLAN ID The menu includes all VLANs that are configured on the switch.
PAGE 172
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 173
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Switching > STP > Advanced > MST Configuration. The MST Configuration page displays. 7. Select the check box for the instance. 8. Click the Delete button. The MST instance is removed.
PAGE 174
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 5. Click the Login button. The System Information page displays. 6. Select Switching > STP > Advanced > MST Port Configuration. Note: If no MST instances are configured on the switch, the page displays a “No MSTs Available” message. 7. From the Select MST menu, select the MST instance. You can select only instances that you added to the switch (see Configure an MST instance on page 170). 8.
PAGE 175
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 11. Click the Apply button. Your settings are saved. The following table describes the nonconfigurable information on the page. Table 32. MST port status information Field Description Auto-calculated Port Path Cost Displays whether the path cost is automatically calculated (Enabled) or not (Disabled). Path cost is calculated based on the link speed of the port if the configured value for Port Path Cost is zero.
PAGE 176
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports View the STP statistics You can view information about the number and type of bridge protocol data units (BPDUs) transmitted and received on each port. To view Spanning Tree statistics: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser.
PAGE 177
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 8. To refresh the page with the latest information about the switch, click the Refresh button.
PAGE 178
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 179
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 34. MFDB table information (continued) Field Description Description The text description of this multicast table entry. The options are Management Configured, Network Configured, and Network Assisted. Forwarding Interfaces The resultant forwarding list is derived from combining all the forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces.
PAGE 180
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the MFDB Statistics fields. Table 35. MFDB Statistics information Field Description Max MFDB Table Entries The maximum number of entries that the Multicast Forwarding Database table can hold (256 entries). Most MFDB Entries Since Last Reset The largest number of entries that were present in the Multicast Forwarding Database table since last reset.
PAGE 181
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure IGMP snooping You can configure the parameters for IGMP snooping, which is used to build forwarding lists for multicast traffic. To configure IGMP snooping: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 182
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select the IGMP Snooping Status Enable or Disable radio button. This selection specifies the administrative mode for IGMP snooping for the switch. The default is Disable. 8. Select the Validate IGMP IP header Enable or Disable radio button. When IGMP IP header validation is enabled, any IGMP IP header must include the Router Alert, ToS, and TTL information. Otherwise, the IGMP packet is discarded.
PAGE 183
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6.
PAGE 184
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 10. In the Host Timeout field, specify the time that the switch must wait for a report for a particular group on a particular interface before it deletes that interface from the group. Enter a value between 1 and 3600 seconds. The default is 260 seconds. 11.
PAGE 185
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Switching > Multicast > IGMP Snooping > IGMP Snooping Table. The IGMP Snooping Table page displays. 7.
PAGE 186
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 187
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Report Suppression Mode. Enable or disable IGMP snooping report suppression mode for the specified VLAN ID. IGMP snooping report suppression allows the suppression of the IGMP reports sent by the multicast hosts by building a Layer 3 membership table. The results is that only the most essential reports are sent to the IGMP routers so that the routers can continue to receive the multicast traffic.The default is Disable.
PAGE 188
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select the check box next to the VLAN ID. 8. Update the values. 9. Click the Apply button. Your settings are saved. Disable IGMP snooping on a VLAN To disable IGMP snooping on a VLAN: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
PAGE 189
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure one or more IGMP multicast router interfaces You can configure an interface as the designated interface to which a multicast router is connected. All IGMP packets snooped by the switch are forwarded to the multicast router reachable from the interface. Configuring a multicast router interface is usually not required because the switch automatically detects the multicast router and forwards IGMP packets accordingly.
PAGE 190
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 8.
PAGE 191
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 192
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports receive updated membership information in a timely fashion, it stops forwarding multicasts to the port where the end device is located. You can configure and display information about IGMP snooping queriers on the network and, separately, on VLANs. Configure an IGMP snooping querier You can configure the settings for an IGMP snooping querier. To configure the settings for an IGMP snooping querier: 1.
PAGE 193
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Configure the following settings: • Querier Admin Mode. Enable or disable IGMP snooping for the switch. The default is Disable. • Snooping Querier IP Address. Enter the snooping querier IP address to be used as the source address in periodic IGMP queries. This address is used when no address is configured on the VLAN on which a query is being sent. • IGMP Version.
PAGE 194
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 195
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Display the status of the IGMP snooping querier for VLANs To display the status of the IGMP snooping querier VLANs: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 196
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the nonconfigurable information on the page. Table 38. Querier VLAN Status information Field Description VLAN ID The VLAN ID on which IGMP snooping querier is administratively enabled and the VLAN exists in the VLAN database. Operational State The operational state of the IGMP snooping querier on a VLAN. It can be in any of the following states: • Querier.
PAGE 197
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 198
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • VLAN ID. From the Search menu, select VLAN ID, and enter the VLAN ID, for example, 100. Then click the Go button. • Interface. From the Search menu, select Interface, and enter the interface ID using the respective interface naming convention (for example, g1 or l1). Then click the Go button. 8. To refresh the page with the latest information about the switch, click the Refresh button. 9.
PAGE 199
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 200
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 201
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports is compared with the MAC address of the switch. If the MAC address does not match, the packet is forwarded to all ports that are members of the same VLAN, just like any other broadcast packet. The packet is not forwarded to the port from which it was received.
PAGE 202
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The System Information page displays. 6. Select Switching > L2 Loop Protection > L2 Loop Protection Configuration. 7. To enable or disable loop protection feature, select the Admin Mode Enable or Disable radio button. By default, the Disable radio button is selected. 8. From the Transmit Interval menu, select the time in seconds between transmission of loop packets. The default transmit interval is 5 seconds. 9.
PAGE 203
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 204
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 10. From the RX Action menu, select the action that occurs when the switch detects a loop on an interface: • Log. The switch logs a message. • Disable. The switch disables the interface. This is the default action. • Both. The switch both logs a message and disables the interface. 11. Click the Apply button. Your settings are saved. 12. Click the Clear button to clear all the statistics in the table. 13.
PAGE 205
4 4 Configure Quality of Service This chapter contains the following sections: • Quality of Service concepts • Manage Class of Service • Manage Differentiated Services 205
PAGE 206
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Quality of Service concepts In a switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
PAGE 207
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports ingress of an untrusted port are directed to a specific CoS queue on the appropriate egress ports, in accordance with the configured default priority of the ingress port. This process is also used for cases where a trusted port mapping cannot be honored, such as when a non-IP packet arrives at a port configured to trust the IP DSCP value.
PAGE 208
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Either configure the same CoS trust mode settings for all CoS-configurable interfaces or configure CoS settings per interface: • To configure the same CoS trust mode settings for all CoS configurable interfaces, do the following: a. Select the Global radio button. b. From the Global Trust Mode menu, select one of the following trust mode options for ingress traffic on the switch: - Untrusted.
PAGE 209
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 210
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • 802.1p. The eight priority tags that are specified in IEEE 802.1p are p0 to p7. The QoS setting lets you map each of the eight priority levels to one of seven internal hardware priority queues. The default is 802.1p. • DSCP. The six most significant bits of the DiffServ field are called the Differentiated Services Code Point (DSCP) bits. 10.
PAGE 211
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 212
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. From the Queue ID menu, select the queue to be configured. You can select a queue from 0 to 7. 10. From the Scheduler Type menu, select one of the following options: • Strict. The interface services traffic with the highest priority on a queue first. • Weighted. The interface uses weighted round robin to associate a weight to each queue. This is the default setting. 11. Click the Apply button. Your settings are saved.
PAGE 213
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select QoS > CoS > Advanced > 802.1p to Queue Mapping. 7. In the 802.1p to Queue Mapping table, map each of the eight 802.1p priorities to a queue (internal traffic class) from 0 to 7. The 802.
PAGE 214
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 215
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 8. Click the Apply button. Your settings are saved. Manage Differentiated Services The QoS feature contains Differentiated Services (DiffServ) support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors. Standard IP-based networks provide best-effort data delivery service.
PAGE 216
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure the DiffServ mode and display the entries in the DiffServ private MIB tables You can enable or disable DiffServ and display the current and maximum number of rows in each of the main DiffServ private MIB tables. To configure the DiffServ mode and display the entries in the DiffServ private MIB tables: 1. Connect your computer to the same network as the switch.
PAGE 217
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select the administrative mode for DiffServ: • Enable. Differentiated services are active. This is the default setting. • Disable. The DiffServ configuration is retained and can be changed but is not active. 8. Click the Apply button. Your settings are saved. The following table describes the information displayed in the Status table on the page. Table 41.
PAGE 218
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Add and configure a DiffServ class To add and configure a DiffServ class: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 219
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 10. Define the criteria that must be associated the DiffServ class by selecting one of the following radio buttons: • Match Every. Select this radio button to add a match condition that considers all packets to belong to the class. The only selection from the Match Every menu is Any. • Reference Class. Select this radio button to reference another class for criteria.
PAGE 220
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Ethernet Type. Select this radio button to require the EtherType value in the Ethernet frame header to match the specified EtherType value. After you select the radio button, select the EtherType keyword from the menu of common protocols that are mapped to their Ethertype value. You can also select User Value from the menu and enter a value in the hexadecimal range from 600 to ffff. • Source MAC.
PAGE 221
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports After you select the radio button, use the following fields to configure the destination IP address match criteria: - Address. The destination IP address format to match in dotted-decimal. - Mask. The bit mask in IP dotted-decimal format indicating which parts of the destination IP address to use for matching against packet content. • Destination L4 Port.
PAGE 222
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 223
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 224
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select QoS > DiffServ > Advanced > Class Configuration. The Class Name page displays. 7. Select the check box next to the class name. 8. Click the Delete button. The class is removed.
PAGE 225
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6.
PAGE 226
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 11. Define the criteria that must be associated the IPv6 DiffServ class: • Match Every. Select this radio button to add a match condition that considers all packets to belong to the class. The only selection from the Match Every menu is Any. • Reference Class. Select this radio button to reference another class for criteria.
PAGE 227
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Prefix must always be specified with the prefix length. The prefix can be in the hexadecimal range from 0 to FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF and the prefix length can be in the range from 0 to 128. • Destination L4 Port. Select this radio button to require a packet’s TCP/UDP destination port to match the specified protocol, which you must select from the menu. The range is 0 to 65535.
PAGE 228
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select QoS > DiffServ > Advanced > IPv6 Class Configuration. The Class Name page displays. 7.
PAGE 229
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 6. Select QoS > DiffServ > Advanced > IPv6 Class Configuration. The Class Name page displays. 7. Click the class name, which is a hyperlink. The page on which you can change the class configuration displays. 8. Change the class configuration as needed. 9. Click the Apply button. Your settings are saved. Delete an IPv6 DiffServ class To delete an IPv6 DiffServ class: 1.
PAGE 230
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure a DiffServ policy You can associate one or more classes with one or more policies. Create and configure a DiffServ policy To create and configure a DiffServ policy: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 231
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The policy name is a hyperlink to the page on which you can define the policy attributes. 11. Configure the policy attributes by selecting one of the following radio buttons: • Assign Queue. Select this radio button to specify that traffic must be assigned to a queue, which you must select from the menu. The queue is expressed as a value in the range from 0 to 7. • Drop.
PAGE 232
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports policy supports a single data rate and results in one of two outcomes: conform or violate. Packets that violate the policy are always dropped. That is, you cannot specify any other action for those packets. You must specify a policy action for packets that conform to the policy. - Committed Rate. Enter the committed rate that is applied to conforming packets by specifying a value in the range from 16 to 1000000 Kbps.
PAGE 233
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 234
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select QoS > DiffServ > Advanced > Policy Configuration. The Policy Configuration page displays. 7. Click the policy name, which is a hyperlink. The page on which you can change the policy attributes displays. 8. Change the policy attributes as needed. 9.
PAGE 235
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Policy Configuration page displays. 7. Select the check box next to the policy name. 8. Do one of the following: • To change the class, select another class rom the Member Class menu. • To remove the class, select None, from the Member Class menu. 9. Click the Apply button. Your settings are saved. Delete a DiffServ policy To delete a DiffServ policy: 1. Connect your computer to the same network as the switch.
PAGE 236
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure the DiffServ service interface You can assign (attach) a policy to an interface. Attach a DiffServ policy to an interface To attach a DiffServ policy to an interface: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 237
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 8.
PAGE 238
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 239
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 240
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 241
5 5 Manage Device Security This chapter contains the following sections: • Change the local device password for the local browser UI • Manage the RADIUS settings • Configure the TACACS+ settings • Manage the Smart Control Center Utility • Configure management access • Control access with profiles and rules • Configure port authentication • Set up traffic control • Configure access control lists 241
PAGE 242
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Change the local device password for the local browser UI You can change the local device password for the user with the user name admin. To change the local device password for the local browser UI: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
PAGE 243
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. In the Confirm Password field, enter the password again to confirm that you entered it correctly. The password is displayed in dots. 10. Click the Apply button. Your settings are saved. Manage the RADIUS settings RADIUS servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information.
PAGE 244
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 245
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. In the Max Number of Retransmits field, specify the maximum number of times a request packet is retransmitted to the RADIUS server. The range is from 1 to 15. The default value is 4. 8. In the Timeout Duration field, specify the time-out value, in seconds, for request retransmissions. The range is from 1 to 30. The default value is 5. 9.
PAGE 246
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 247
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 14. To reset the authentication server and RADIUS statistics to their default values, click the Clear Counters button. The following table describes the nonconfigurable information in the Statistics table on the page. Table 47. RADIUS authentication server statistics information Field Description Server Address The address of the RADIUS server or the name of the RADIUS server for which the statistics are displayed.
PAGE 248
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 249
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 250
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 251
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 14. The following table describes the nonconfigurable information in the Accounting Server Statistics table on the page. Table 48. RADIUS accounting server statistics information Field Description Accounting Server Address The accounting server associated with the statistics.
PAGE 252
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 253
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Security > Management Security > RADIUS > Accounting Server Configuration.
PAGE 254
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 255
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 256
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 12. Click the Add button. The server is added to the switch. Modify the settings for a TACACS+ server on the switch To modify the settings for a TACACS+ server on the switch: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 257
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Remove a TACACS+ server from the switch To remove a TACACS+ server from the switch: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 258
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure an HTTP authentication list You can configure the default HTTP login list. To change the HTTP authentication method for the default list: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 259
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Possible methods are as follows: • Local. The user’s locally stored ID and password are used for authentication. Since the Local method does not time out, if you select this option as the first method, no other method is tried, even if you specified more than one method. This is the default method. This is the default selection for Method 1. • RADIUS. The user’s ID and password are authenticated using the RADIUS server.
PAGE 260
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 261
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 11. From the menu in the 4 column, select the method, if any, that must be used fourth in the selected authentication login list. This is the method that is used if all previous methods time out. 12. Click the Apply button. Your settings are saved. Configure the dot1x authentication list The dot1x authentication list defines the IEEE 802.1X authentication method used for the default list. The default list is dot1xList.
PAGE 262
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The options are as follows: • Radius. The user’s ID and password are authenticated using the RADIUS server instead of locally. • None. The user is not authenticated. 9. Click the Apply button. Your settings are saved. Manage the Smart Control Center Utility By default, the Smart Control Center (SCC) utility is disabled.
PAGE 263
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Security > Management Security > SCC Control. The NETGEAR Smart Control Center (SCC) Utility page displays. 7. Select Security > Management Security > SCC Control. The NETGEAR Smart Control Center (SCC) Utility page displays. 8.
PAGE 264
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 265
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure HTTPS access settings Secure HTTP (HTTPS) enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When you manage the switch over the local browser UI, HTTPS can help ensure that communication between the management system and the switch is protected from eavesdroppers and man-in-the-middle attacks.
PAGE 266
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Note: You can download SSL certificates only when HTTPS is disabled. 8. In the HTTPS Port field, type the HTTPS port number. The range is from 1025 to 65535. The default is port 443. 9. In the HTTPS Session Soft Timeout (Minutes) field, enter the inactivity time-out for HTTPS sessions. The range is from 1 to 60 minutes. The default value is 5 minutes. 10.
PAGE 267
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 268
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Delete an SSL certificate Note: Before you can delete a certificate, you must disable HTTPS (see Configure HTTPS access settings on page 265) and log back in to the local browser UI over an HTTP session. After you delete the certificate, you can reenable HTTPS and log back in to the local browser UI over an HTTPS session. To delete an SSL certificate: 1. Connect your computer to the same network as the switch.
PAGE 269
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Transfer an existing certificate from a TFTP server to the switch You can transfer a certificate file to the switch. Note: For information about downloading and installing an SSL certificate over an HTTP session, see Use an HTTP session to download and install an SSL security certificate file on the switch on page 395. For the switch to accept HTTPS connections from a device, the switch requires a public key certificate.
PAGE 270
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Security > Access > HTTPS > Certificate Update. 7.
PAGE 271
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Control access with profiles and rules Access control allows you to configure an access control profile and set rules for access to the local browser UI, access by SNMP stations, and client access to a TFTP server. We refer to an access control profile as an access profile. You can add a single access profile, which you can configure, activate, or deactivate.
PAGE 272
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 5. Click the Login button. The System Information page displays. 6. Select Security > Access > Access Control > Access Profile Configuration. 7. In the Access Profile Name field, enter the name of the access profile to be added. The maximum length is 32 characters. 8. Click the Apply button. Your settings are saved. By default, the access profile is deactivated. After you add rules, you can activate the access profile.
PAGE 273
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 274
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 12. Click the Add button. The access rule is added. Activate the access profile After you add rules to the access profile, you can activate the access profile. CAUTION: If you configure a security access profile incorrectly and you activate the access profile, you might no longer be able to access the switch’s local browser UI.
PAGE 275
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Access Profile Configuration page displays. The Deactivate Profile check box is selected. 7. Select the Activate Profile check box. 8. Click the Apply button. Your settings are saved and the access profile is now active. Display the access profile summary and the number of filtered packets After you added rules to the active profile, you can view the entries in the summary.
PAGE 276
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Packets Filtered field displays the number of packets filtered (none in the previous figure). 7. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the nonconfigurable data that is displayed. Table 49. Access profile configuration profile summary Field Description Rule Type The action performed when the rules match.
PAGE 277
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 278
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 279
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure the global 802.1X settings You can configure global port access control settings on the switch. To globally enable all 802.1X features: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 280
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports select RADIUS as method 1 for defaultList. For more information, see Configure authentication lists on page 257. - • Disabled. When port-based authentication is globally disabled, the switch does not check for 802.1X authentication before allowing traffic on any ports, even if the ports are configured to allow only authenticated users. VLAN Assignment Mode.
PAGE 281
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 282
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports - MAC based. This mode allows multiple supplicants connected to the same port to each authenticate individually. Each host connected to the port must authenticate separately in order to gain access to the network. The hosts are distinguished by their MAC addresses. • MAB. Specify whether to enable or disable MAC-based Authentication Bypass (MAB) for 802.1x-unaware clients at the specified port.
PAGE 283
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Server Timeout. Specify the time in seconds that elapses before the switch resends a request to the authentication server. The server time-out period must be a value in the range from 1 to 65535. The default value is 30 seconds. 10. Click the Apply button. Your settings are saved. The following table describes the port authentication status information available on the page. Table 50.
PAGE 284
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Initialize 802.1X on a port To initialize 802.1X on a port: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 285
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 286
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 287
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the fields on the Port Summary page. Table 51. Port summary Field Description Port The port whose settings are displayed in the current table row. Control Mode This field indicates the configured control mode for the port. The options are as follows: • Force Unauthorized. The authenticator port access entity (PAE) unconditionally sets the controlled port to unauthorized. • Force Authorized.
PAGE 288
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 289
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Set up traffic control You can configure MAC filters, storm control, port security, and protected port settings. Manage MAC filtering You can create MAC filters that limit the traffic allowed into and out of specified ports on the switch. Create a MAC filter If a packet with a MAC address and VLAN ID that you specify for a filter is received on a port that is not part of the inbound filter, the packet is dropped.
PAGE 290
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. From the MAC Filter menu, select Create Filter. If you did not configure any filters, this is the only option available. 8. From the VLAN ID menu, select the VLAN that must be used with the MAC address. 9. In the MAC Address field, specify the MAC address of the filter in the format XX:XX:XX:XX:XX:XX.
PAGE 291
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 12. Click the Apply button. Your settings are saved. Delete a MAC filter To delete a MAC filter: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 292
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports View the MAC filter summary You can view the MAC filters that are configured on the switch. To view the MAC filter summary: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 293
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 53. MAC Filter Summary information (continued) Field Description Source Port Members The ports to be used for filtering inbound packets. Destination Port Members The ports to be used for filtering outbound packets. Configure storm control settings A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port.
PAGE 294
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 5. Click the Login button. The System Information page displays. 6. Select Security > Traffic Control > Storm Control. 7. In the Storm Control section, from the Ingress Control Mode menu, select one of the following modes for storm control: • Disabled. Storm control is disabled. This is the default setting. • Unknown Unicast.
PAGE 295
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure storm control settings for one or more ports After you configure the global settings, you can specify storm control settings for one or more ports. To configure storm control settings for one or more ports: 1. Connect your computer to the same network as the switch.
PAGE 296
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The default settings in the Port Settings section depends on the global storm control settings (see Configure global storm control settings on page 293), which apply to all ports. 7.
PAGE 297
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure port security Port security lets you lock one or more ports on the switch. When a port is locked, the port can only forward packets with a source MAC addresses that you specifically allowed. The port discards all other packets. Configure the global port security mode To configure the global port security mode: 1. Connect your computer to the same network as the switch.
PAGE 298
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. To enable port security on the switch, select the Port Security Mode Enable radio button. The default is Disable. 8. Click the Apply button. Your settings are saved. By default, port security is disabled for individual ports.
PAGE 299
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Static locking allows you to specify a list of MAC addresses that are allowed on a port. The behavior of packets is the same as for dynamic locking: only packets with an allowable source MAC address can be forwarded. To configure port security settings: 1. Connect your computer to the same network as the switch.
PAGE 300
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • LAG. Only LAGs are displayed. • All. Both physical interfaces and LAGs are displayed. 8. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the port, or type the port number in the Go To Interface field and click the Go button.
PAGE 301
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 302
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Number of Dynamic MAC Addresses Learned field displays the number of dynamically learned MAC addresses on a specific port. 10. To refresh the page with the latest information about the switch, click the Refresh button. Configure protected ports If you configure a port as protected, it does not forward traffic to any other protected port on the switch, but it does forward traffic to unprotected ports.
PAGE 303
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. In the Ports table, click each port that you want to configure as a protected port. Protected ports are marked with a check mark. No traffic forwarding is possible between two protected ports. 8. Click the Apply button. Your settings are saved.
PAGE 304
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Use the ACL Wizard to create a simple ACL The ACL Wizard helps you create a simple ACL and apply it to the selected ports easily and quickly. First, select an ACL type to use when you create an ACL. Then add an ACL rule to this ACL and apply this ACL on the selected ports. Note: The steps in the following procedure describe how you can create an ACL based on the destination MAC address.
PAGE 305
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. From the ACL Type menu, select the type of ACL. You can select from the following ACL types: • ACL Based on Destination MAC. Creates an ACL based on the destination MAC address, destination MAC mask, and VLAN. • ACL Based on Source MAC. Creates an ACL based on the source MAC address, source MAC mask, and VLAN. • ACL Based on Destination IPv4. Creates an ACL based on the destination IPv4 address and IPv4 address mask.
PAGE 306
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 8. In the Sequence Number field, enter a whole number in the range of 1 to 2147483647 that is used to identify the rule. 9. From the Action menu, select Permit or Deny to specify the action that must be taken if a packet matches the rule’s criteria. 10. From the Match Every menu, select one of the following options: • False. Packets do not need to match the selected ACL and rule.
PAGE 307
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports ACL Based On Fields Destination IPv6 L4 Port • Source IPv6 L4 Port • Destination L4 port (protocol). Specify the destination IPv6 L4 port protocol. Destination L4 port (value). Specify the destination IPv6 L4 port value. • • Source L4 port (protocol). Specify the source IPv6 L4 port protocol. Source L4 port (value). Specify the source IPv6 L4 port value. 12.
PAGE 308
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 309
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 310
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure a MAC ACL A MAC ACL consists of a set of rules that are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit or Deny) is taken, and the additional rules are not checked for a match. The following steps are involved in defining a MAC ACL and applying it to the switch: 1. Create a MAC ACL ID (see Configure a MAC ACL on page 310). 2.
PAGE 311
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The MAC ACL Table displays the number of ACLs currently configured in the switch and the maximum number of ACLs that can be configured. The current size is equal to the number of configured IPv4 and IPv6 ACLs plus the number of configured MAC ACLs. 7. In the Name field, specify a name for the MAC ACL. The name string can include alphabetic, numeric, hyphen, underscore, or space characters only.
PAGE 312
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Security > ACL > Basic > MAC ACL. The MAC ACL page displays. 7.
PAGE 313
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 6. Select Security > ACL > Basic > MAC ACL. The MAC ACL page displays. 7. Select check box that is associated with the rule. 8. Click the Delete button. The rule is removed. Configure MAC ACL rules You can define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default deny all rule is the last rule of every list.
PAGE 314
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The previous figure does not show all columns. 7. From the ACL Name menu, select the MAC ACL. 8. In the Sequence Number field, enter a whole number in the range from 1 to 2147483647 to identify the rule. 9. From the Action menu, select the action that must be taken if a packet matches the rule’s criteria: • Permit. Forwards packets that meet the ACL criteria. • Deny. Drops packets that meet the ACL criteria. 10.
PAGE 315
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 16. In the Destination MAC Mask field, specify the destination MAC address mask that must be compared against the information in an Ethernet frame. The format is xx:xx:xx:xx:xx:xx. The BPDU keyword can be specified using a destination MAC mask of 00:00:00:ff:ff:ff. 17. From the EtherType Key menu, select the EtherType value that must be compared against the information in an Ethernet frame.
PAGE 316
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Change the match criteria for a MAC rule To change the match criteria for a MAC rule: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 317
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 318
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 319
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. To add the selected ACL to a port or LAG, in the Ports table or LAG table, click the port or LAG so that a check mark displays. You can add the ACL to several ports and LAGs. The Ports and LAG tables display the available and valid interfaces for ACL binding. All nonrouting physical interfaces, VLAN interfaces, and interfaces participating in LAGs are listed. 10. Click the Apply button. Your settings are saved.
PAGE 320
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6.
PAGE 321
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Multiple steps are involved in defining an IPv4 ACL and applying it to the switch: 1. Add an IPv4 ACL ID (see Configure a basic or extended IPv4 ACL on page 320). The differences between a basic IPv4 ACL and an extended IPv4 ACL are as follows: • Numbered ACL from 1 to 99. Creates a basic IPv4 ACL, which allows you to permit or deny traffic from a source IP address. • Numbered ACL from 100 to 199.
PAGE 322
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 5. Click the Login button. The System Information page displays. 6. Select Security > ACL > Advanced > IP ACL. The previous figure shows an example. The IP ACL page shows the current size of the ACL table compared to the maximum size of the ACL table. The current size is equal to the number of configured IPv4 and IPv6 ACLs plus the number of configured MAC ACLs. The maximum size is 100.
PAGE 323
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Change the number or name of an IPv4 ACL To change the number or name of an IPv4 ACL: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 324
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 325
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Add a rule for a basic IPv4 ACL To add a rule for a basic IPv4 ACL: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 326
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. Specify the following match criteria for the rule: • Sequence Number. Enter an ACL sequence number in the range from 1 to 2147483647 that is used to identify the rule. An IP ACL can contain up to 50 rules. • Action. Select the ACL forwarding action, which is one of the following: - Permit. Forward packets that meet the ACL criteria. Egress Queue.
PAGE 327
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Source IP Mask. Specify the IP mask in dotted-decimal notation to be used with the source IP address value. 10. Click the Apply button. Your settings are saved. Modify the match criteria for a basic IPv4 ACL rule To modify the match criteria for a basic IPv4 ACL rule: 1. Connect your computer to the same network as the switch.
PAGE 328
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Delete a basic IPv4 ACL rule To delete a basic IPv4 ACL rule: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 329
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure rules for an extended IPv4 ACL You can define rules for extended IPv4 ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: An implicit deny all rule is included at the end of an ACL list.
PAGE 330
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The previous figure does not show all columns on the page. If no rules exists, the Extended ACL Rule Table might show the message No rules were configured for this ACL. If one or more rules exist for the ACL, the rules display in the Extended ACL Rule Table. 7. From the ACL ID/Name menu, select the IP ACL for which you want to add a rule. For extended IP ACLs, this must be an ID in the range from 100 to 199 or a name. 8.
PAGE 331
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Logging. If the selection form the Action menu is Deny, you can enable logging for the ACL by selecting the Enable radio button. (Logging is subject to resource availability in the device.) • • Interface.
PAGE 332
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Select Other from the menu to enter a port number. If you select Other from the menu but leave the field blank, it means any. The only relevant matching condition for L4 port numbers is Equal. This means that an IP ACL rule matches only if the Layer 4 source port number is equal to the specified port number or port protocol. - Range.
PAGE 333
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports You can select either the Port radio button or the Range radio button: - Port. If you select the Port radio button, you can either enter the port number yourself or select one of the following protocols from the menu. • The destination IP TCP port protocols are domain, echo, ftp, ftpdata, www-http, smtp, telnet, pop2, pop3, and bgp.
PAGE 334
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports - • If you specify information in the Type field, the IP ACL rule matches the specified ICMP message type. The type number can be from 0 to 255. • If you specify information in the Code field, the IP ACL rule matches the specified ICMP message code. The code can be from 0 to 255. • If these fields are left empty, it means any.
PAGE 335
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 10. Click the Apply button. Your settings are saved. Modify the match criteria for an extended IPv4 ACL rule To modify the match criteria for an existing extended IPv4 ACL rule: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 336
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Delete an extended IPv4 ACL rule To delete an extended IPv4 ACL rule: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 337
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Configure an IPv6 ACL An IPv6 ACL consists of a set of rules that are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit or Deny) is taken, and the additional rules are not checked for a match. You must specify the interfaces to which an IPv6 ACL applies, as well as whether it applies to inbound or outbound traffic.
PAGE 338
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The System Information page displays. 6. Select Security > ACL > Advanced > IPv6 ACL. 7. In the IPv6 ACL field, specify a name to identify the IPv6 ACL. This is the IPv6 ACL name string, which includes up to 31 alphanumeric characters only. The name must start with an alphabetic character. 8. Click the Add button. The IPv6 ACL is added. The following table describes the nonconfigurable information displayed on the page.
PAGE 339
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 340
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Security > ACL > Advanced > IPv6 ACL. The IPv6 Configuration page displays. 7.
PAGE 341
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Security > ACL > Advanced > IPv6 Rules. The previous figure does not show all columns on the page. If no rules exists, the IPv6 ACL Rule Table might show the message No rules were configured for this ACL.
PAGE 342
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. Configure the following match criteria for the rule: • Action. Select the ACL forwarding action by selecting one of the following radio buttons: - Permit. Forward packets that meet the ACL criteria. - Deny. Drop packets that meet the ACL criteria. • Egress Queue. If you select the Permit radio button, select the hardware egress queue identifier that is used to handle all packets matching this IPv6 ACL rule.
PAGE 343
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Src L4. The options are available only when the protocol is set to TCP or UDP. Use the source L4 port option to specify relevant matching conditions for L4 port numbers in the extended ACL rule. You can select either the Port radio button or the Range radio button: - Port.
PAGE 344
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The source IPv6 address argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal numbers using 16-bit values between colons. • Dst L4. The options are available only when the protocol is set to TCP or UDP. Use the destination L4 port option to specify relevant matching conditions for L4 port numbers in the extended ACL rule.
PAGE 345
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports - • The IPv6 ACL rule matches the specified ICMPv6 message type. Possible type numbers are in the range from 0 to 255. • If you specify information in the Message field, the IPv6 ACL rule matches the specified ICMPv6 message code. Possible values for code can be in the range from 0 to 255. • If these fields are left empty, it means any.
PAGE 346
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 347
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 348
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 349
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. To add the selected ACL to a port or LAG, in the Ports table or LAG table, click the port or LAG so that a check mark displays. You can add the ACL to several ports and LAGs. The Ports and LAG tables display the available and valid interfaces for ACL binding. All nonrouting physical interfaces, VLAN interfaces, and interfaces participating in LAGs are listed. 10. Click the Apply button. Your settings are saved.
PAGE 350
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6.
PAGE 351
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Add a VLAN ACL binding To add a VLAN ACL binding: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 352
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. From the ACL Type menu, select the type of ACL. You can select a MAC ACL, IP ACL, or IPv6 ACL. 10. From the ACL ID list, select the ID or name of the ACL that must be bound to the specified VLAN. 11. Click the Add button. The VLAN ACL binding is added. Remove a VLAN ACL binding To remove a VLAN ACL binding: 1. Connect your computer to the same network as the switch.
PAGE 353
6 6 Monitor the System This chapter contains the following sections: • Monitor the switch and the ports • Configure and view the logs • Configure port mirroring 353
PAGE 354
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Monitor the switch and the ports You can view and clear port and switch statistics and perform a cable test. View or clear switch statistics You can view detailed statistical information about the traffic that the switch processes. To view or clear the switch statistics: 1. Connect your computer to the same network as the switch.
PAGE 355
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Click the Refresh button to refresh the page with the latest information about the switch. 8. To clear all the statistics counters, click the Clear button. Clearing resets all switch summary and detailed statistics to default values. However, the discarded packets count cannot be cleared. The following table describes the switch statistics displayed on the page. Table 60.
PAGE 356
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 60. Switch statistics (continued) Field Description Receive Packets Discarded The number of inbound packets that were chosen to be discarded, even though no errors were detected, in order to prevent their being delivered to a higher-layer protocol. A possible reason for discarding a packet could be to free up buffer space.
PAGE 357
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports View port statistics You can view a summary of per-port traffic statistics on the switch. To view port statistics: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
PAGE 358
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 8. Select one or more interfaces by taking one of the following actions: • To view a single interface, select the check box associated with the port, or type the port number in the Go To Interface field and click the Go button. • To view multiple interfaces, select the check box associated with each interface. The following table describes the per-port statistics displayed on the page. Table 61.
PAGE 359
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 360
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 5. Click the Login button. The System Information page displays. 6. Select Monitoring > Ports > Port Statistics. The Port Statistics page displays. 7. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • All.
PAGE 361
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Monitoring > Ports > Port Detailed Statistics.
PAGE 362
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the detailed port information that displays for a particular port. Table 62. Detailed port statistics Field Description ifIndex The interface or LAG. Port Type For normal ports, this field is displayed as blank. Otherwise, the options are as follows: • Mirrored. The port is a participating in port mirroring as a mirrored port. • Probe.
PAGE 363
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 62. Detailed port statistics (continued) Field Description Packets RX and TX 65-127 Octets The total number of packets (including bad packets) received or transmitted that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
PAGE 364
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 62. Detailed port statistics (continued) Field Description Unicast Packets Received The number of subnetwork-unicast packets delivered to a higher-layer protocol. Multicast Packets Received The total number of good packets received that were directed to a multicast address. This number does not include packets directed to the broadcast address.
PAGE 365
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 62. Detailed port statistics (continued) Field Description Packets Transmitted 65-127 Octets The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
PAGE 366
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 62. Detailed port statistics (continued) Field Description Multiple Collision Frames The number of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision. Excessive Collision Frames The number of frames for which transmission on a particular interface fails due to excessive collisions.
PAGE 367
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 368
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 63. EAP statistics Field Description EAPOL Frames Transmitted The number of EAPoL frames of any type that were transmitted by this authenticator. EAPOL Start Frames Received The number of EAPoL start frames that were received by this authenticator. EAPOL Logoff Frames Received The number of EAPoL logoff frames that were received by this authenticator.
PAGE 369
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 370
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the nonconfigurable information on the page. Table 64. Cable Test information Field Description Cable Status Indicates the cable status: • Normal. The cable is working correctly. • Open. The cable is disconnected or a faulty connector exists. • Short. An electrical short exists in the cable. • Cable Test Failed. The cable status could not be determined. The cable might in fact be working.
PAGE 371
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4.
PAGE 372
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Informational (6). Informational messages. This is the default setting. • Debug (7). Debug-level messages. Note: A log records messages equal to or above a configured severity threshold. 10. Click the Apply button. Your settings are saved. The Memory Log table displays on the Memory Log page. The Total number of Messages field displays the number of messages the system logged in memory.
PAGE 373
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 374
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. From the Logs to be Displayed menu, select one of the following options: • Current Logs. The log messages for the current switch session are displayed. This is the default setting. • Previous Logs. The previous log messages are displayed, that is, the log messages that are still in the flash memory from before the switch was rebooted. 10. Click the Apply button. Your settings are saved.
PAGE 375
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Monitoring > Logs > Server Log. The Server Log page displays. 7.
PAGE 376
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 10. Click the Add button. The remote syslog host is added. The Status field in the Server Configuration table shows whether the remote logging host is currently active. Modify the settings for a remote syslog host To modify the settings for a remote syslog host: 1. Connect your computer to the same network as the switch.
PAGE 377
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Delete the settings for a remote syslog host To delete the settings for a remote syslog host: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 378
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 379
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The following table describes the nonconfigurable information that is displayed on the page. Table 65. Trap Logs information Field Description Number of Traps Since Last Reset The number of traps that occurred since the switch last rebooted. Trap Log Capacity The maximum number of traps stored in the log. If the number of traps exceeds the capacity, the entries overwrite the oldest entries.
PAGE 380
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 381
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 10. Select whether to display physical interfaces, LAGs, the CPU, or al by clicking one of the following links above the table heading: • 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAG. Only LAGs are displayed. • CPU. Only the CPU is displayed. • All. The physical interfaces, LAGs, and CPU are displayed. 11.
PAGE 382
7 Maintain or Troubleshoot the Switch 7 This chapter contains the following sections: • Reboot the switch • Reset the switch to its factory default settings • Export a file from the switch • Download a file to the switch or update the software • Manage software images • Perform diagnostics and troubleshooting 382
PAGE 383
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Reboot the switch You can reboot the switch from the local browser UI. However, if you can physically access the switch, you can reboot the switch by pressing a button on the front panel: • Model GS724TPv2. Press the single-function Reset button for more than one second. • Model GS724TPP. Press the multi-function Reset button for less than 5 seconds.
PAGE 384
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 9. Click the OK button to confirm. The switch reboots. Reset the switch to its factory default settings You can reset the system configuration to the factory default values. All changes that you made are lost. If the IP address changes, your web session might disconnect. Note: If you reset the switch to the default configuration, the IP address is reset to 192.168.0.239, and the DHCP client is enabled.
PAGE 385
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the switch on-network and connected to the Internet on page 18 or Access the switch off-network on page 27. The Local Device Login page displays. If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays.
PAGE 386
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Reset the switch to factory default settings and reset the registration status You can use the local browser UI to reset the switch to the factory default settings and reset the registration status. However, if you can physically access the switch, you can press a button on the front panel to reset the switch to factory default settings and reset the registration status: • Model GS724TPv2.
PAGE 387
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports This option resets the switch to its factory default settings and resets its registration status with NETGEAR. That is, the switch becomes an unregistered device. After the switch reboots, to access the full menu of the browser UI, you first must reregister the switch using your NETGEAR account credentials. If you previously obtained a registration key, you can reenter the registration key.
PAGE 388
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location. For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Maintenance > Export > TFTP File Export. 7.
PAGE 389
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 11. In the Transfer File Name field, specify a destination file name for the file to be uploaded. You can enter up to 32 characters. The transfer fails if you do not specify a file name. 12. Select the Start File Transfer check box. 13. Click the Apply button. The file transfer begins. The page displays information about the file transfer progress. The page refreshes automatically when the file transfer completes.
PAGE 390
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Text Configuration. A text-based configuration file enables you to edit a configured text file (startup-config) offline as needed. The most common usage of text-based configuration is to upload a working configuration from a device, edit it offline to personalize it for another similar device (for example, change the device name or IP address), and download it to that device. • Tech Support.
PAGE 391
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 392
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports text-based configuration is to upload a working configuration from a device, edit it offline to personalize it for another similar device (for example, change the device name or IP address), and download it to that device. • SSL Trusted Root Certificate PEM File. SSL Trusted Root Certificate File (PEM Encoded). • SSL Server Certificate PEM File. SSL Server Certificate File (PEM Encoded).
PAGE 393
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 15. After you download a software image file, if you want the switch to run the software image, do the following: a. Select the new software image file (see Change the software image that loads when the switch starts or reboots on page 398). b. Reboot the switch (see Reboot the switch on page 383).
PAGE 394
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. From the File Type menu, select the type of file: • Software. The system software image, which is saved in one of two flash sectors called images (image1 and image2). The active image stores the active copy, the other image stores a second copy. The device boots and runs from the active image. If the active image is corrupted, the system automatically boots from the nonactive image.
PAGE 395
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Note: After you download a text configuration file, the switch applies the configuration automatically. 11. After you download a software image file, if you want the switch to run the software image, do the following: a. Select the new software image file (see Change the software image that loads when the switch starts or reboots on page 398). b. Reboot the switch (see Reboot the switch on page 383).
PAGE 396
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login. • If you previously managed the switch through the Insight app or Cloud portal, enter the Insight network password for the last Insight network location.
PAGE 397
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Manage software images The switch maintains two versions of the switch software in permanent storage. One image is the active image, and the second image is the backup image. The active image is loaded when the switch starts or reboots. This feature reduces switch down time when you are updating the switch software.
PAGE 398
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. Select the Source Image image1 or image2 radio button to specify the image to be copied. 8. Select the Destination Image image1 or image2 radio button to specify the destination image. 9. Click the Apply button. Your settings are saved. Configure dual image settings The Dual Image feature allows the switch to retain two images in permanent storage.
PAGE 399
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The System Information page displays. 6. Select Maintenance > File Management > Dual Image Configuration. 7. As an option, specify a name for the selected image by entering one in the Image Description field. 8. Select the Activate Image check box. 9. Click the Apply button. Your settings are saved. 10. After activating the image, reboot the switch (see Reboot the switch on page 383).
PAGE 400
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports For information about the credentials, see Credentials for the local browser UI on page 30. 5. Click the Login button. The System Information page displays. 6. Select Maintenance > File Management > Dual Image Configuration. The Dual Image Configuration page displays. 7. From the Image Name menu, select the image that is not the image displayed in the Current-active field.
PAGE 401
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 5. Click the Login button. The System Information page displays. 6. Select Maintenance > File Management > Dual Image > Dual Image Status. The following table describes the nonconfigurable information on the page. Table 66. Dual Image Status information Field Description Image1 Ver The version of the image1 file. Image2 Ver The version of the image2 file. Current-active The currently active image on this switch.
PAGE 402
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports To ping an IPv4 address: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
PAGE 403
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. In the IP Address/Host Name field, enter the IP address or host name of the device that must be pinged. 8. In the Count field, enter the number of echo requests that must be sent. The default value is 3. The range is 1 to 15. 9. In the Interval (secs) field, enter the time between ping packets in seconds. The default value is 3 seconds. The range is 1 to 60. 10. In the Size field, enter the size of the ping packet.
PAGE 404
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports If you did not yet register the switch with your NETGEAR account, the Register to unlock all features page displays. For more information, see Register the switch on page 31. 4. Enter one of the following passwords: • After initial login, enter your local device password. By default, the local device password is password. You must change this password at initial login.
PAGE 405
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The valid range is 0 to 13000. The default value is 0 bytes. 11. Click the Apply button. The specified address is pinged. The results are displayed below the configurable data in the Results field. Send an IPv4 traceroute You can configure the switch to send a traceroute request to a specified IPv4 address or host name. You can use this to discover the paths that packets take to a remote destination.
PAGE 406
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 6. Select Maintenance > Troubleshooting > Traceroute IPv4. 7. In the IP Address/Hostname field, enter the IP address or host name of the device for which the path must be discovered. 8. In the Probes Per Hop field, enter the number of probes per hop. The default value is 3. The range is 1 to 10. 9. In the Max TTL field, enter the maximum time to live (TTL) for the destination. The default value is 30. The range is 1 to 255.
PAGE 407
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 15. Click the Apply button. A traceroute request is sent to the specified IP address or host name. The results are displayed below the configurable data in the Results field. Send an IPv6 traceroute You can configure the switch to send a traceroute request to a specified IPv6 address or host name. You can use this to discover the paths that packets take to a remote destination.
PAGE 408
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 7. In the IPv6 Address/Host Name field, enter the IPv6 address or host name of the device for which the path must be discovered. 8. In the Probes Per Hop field, enter the number of probes per hop. The default value is 3. The range is 1 to 10. 9. In the Max TTL field, enter the maximum time to live (TTL) for the destination. The default value is 30. The range is 1 to 255. 10.
PAGE 409
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 15. Click the Apply button. A traceroute request is sent to the specified IP address or host name. The results are displayed below the configurable data in the Results field. Enable remote diagnostics For enhanced security the remote diagnostic option is disabled by default. You can enable option to access the switch remotely. When remote access is enabled, you or technical support can perform remote diagnostics services.
PAGE 410
A Configuration Examples A This appendix contains information about how to configure the following features. The appendix contains the following sections: • Virtual Local Area Networks (VLANs) • Access control lists (ACLs) • Differentiated Services (DiffServ) • 802.
PAGE 411
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Virtual Local Area Networks (VLANs) A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs together, routing the traffic to the appropriate port.
PAGE 412
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If the port is a member of the VLAN specified by the packet’s VLAN ID, the packet can be sent to other ports with the same VLAN ID. • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged.
PAGE 413
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet can access port 5 and port 6. The outgoing packet is stripped of its tag to become an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a tagged packet with VLAN ID 20.
PAGE 414
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Assign Queue ID. 0 • Match Every. False • CoS. 0 • Destination MAC. 01:02:1A:BC:DE:EF • Destination MAC Mask. 00:00:00:00:FF:FF • EtherType. User Value. • Source MAC. 02:02:1A:BC:DE:EF • Source MAC Mask. 00:00:00:00:FF:FF • VLAN ID. 2 For more information about MAC ACL rules, see Configure MAC ACL rules on page 313. 3.
PAGE 415
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports • Source IP Address. 192.168.187.0 • Source IP Mask. 0.0.0.255 For additional information about IP ACL rules, see Configure rules for a basic IPv4 ACL on page 324. 3. Click the Add button. 4. On the IP Rules page, create a second rule for IP ACL 1 with the following settings: • Sequence Number. 2 • Action. Permit • Match Every. True 5. Click the Add button. 6.
PAGE 416
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Two basic types of QoS are supported: • Integrated Services. Network resources are apportioned based on request and are reserved (resource reservation) according to network management policy (RSVP, for example). • Differentiated Services. Network resources are apportioned based on traffic classification and priority, giving preferential treatment to data with strict timing requirements. The switch supports DiffServ.
PAGE 417
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports DiffServ traffic classes With DiffServ, you define which traffic classes to track on an ingress interface.
PAGE 418
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports based on a DiffServ forwarding class (such as the DSCP or IP precedence value) definition to convey some QoS characteristics to downstream switches that do not routinely look at the DSCP value in the IP header. • Policing. A method of constraining incoming traffic associated with a particular class so that it conforms to the terms of the TCS.
PAGE 419
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 3. Configure the following settings for Class1: • Protocol Type. UDP • Source IP Address. 192.12.1.0. • Source Mask. 255.255.255.0. • Source L4 Port. Other, and enter 4567 as the source port value. • Destination IP Address. 192.12.2.0. • Destination Mask. 255.255.255.0. • Destination L4 Port. Other, and enter 4568 as the destination port value.
PAGE 420
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 802.1X access control Local area networks (LANs) are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure, or permit unauthorized users to attempt to access the LAN through equipment already attached. In such environments you might want to restrict access to the services offered by the LAN to those users and devices that are permitted to use those services.
PAGE 421
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports A port access entity (PAE) is able to adopt one of two distinct roles within an access control interaction: 1. Authenticator. A port that enforces authentication before allowing access to services available through that port. 2. Supplicant. A port that attempts to access services offered by the authenticator. Additionally, a third role exists: 3. Authentication server.
PAGE 422
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The selection from the Port Control menu for all other ports on which authentication is not needed must be Authorized. When the selection from the Port Control menu is Authorized, the port is unconditionally put in a force-authorized state and does not require any authentication. When the selection from the Port Control menu is Auto, the authenticator PAE sets the controlled port mode. 3.
PAGE 423
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports The difference between the RSTP and the traditional STP (IEEE 802.1D) is the ability to configure and recognize full-duplex connectivity and ports that are connected to end stations, resulting in rapid transitioning of the port to the Forwarding state and the suppression of Topology Change Notification. These features are represented by the parameters pointtopoint and edgeport. MSTP is compatible to both RSTP and STP.
PAGE 424
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports and only one MSTI or CIST). For example, port A can be forwarding for instance 1 while discarding for instance 2. The port states changed since IEEE 802.1D specification. To support multiple spanning trees, configure an MSTP bridge with an unambiguous assignment of VLAN IDs (VIDs) to spanning trees. For such a configuration, ensure the following: 1. The allocation of VIDs to FIDs is unambiguous. 2.
PAGE 425
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Perform the following procedures on each switch to configure MSTP: 1. On the VLAN Configuration page, create VLANs 300 and 500 (see Configure VLAN settings on page 141). 2. On the VLAN Membership page, include ports 1/0/1–1/0/8 as tagged (T) or untagged (U) members of VLAN 300 and VLAN 500 (see Configure VLAN settings on page 141). 3.
PAGE 426
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports 12. Click the Add button. In this example, assume that Switch 1 became the root bridge for the MST instance 1, and Switch 2 became the root bridge for MST instance 2. Switch 3 supports hosts in the sales department (ports 1/0/1, 1/0/2, and 1/0/3) and in the HR department (ports 1/0/4 and 1/0/5). Switches 1 and 2 also include hosts in the sales and HR departments.
PAGE 427
B B Specifications and Default Settings This appendix describes the default settings for the switch and for its software features.
PAGE 428
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Switch default settings The following table describes the switch default settings. Table 67. Switch default settings Feature Default IP address 192.168.0.239 Subnet mask 255.255.255.0 Default gateway 192.168.0.
PAGE 429
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 67. Switch default settings (continued) Feature Default MAC table address aging 300 seconds (dynamic addresses) Default VLAN IDs and names 1. Default VLAN. 4088. Auto-VoIP VLAN Note: All ports are members of VLAN 1. No ports are members of the Auto-VoIP VLAN or the Auto-Video VLAN.
PAGE 430
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 68. General feature default settings (continued) Feature Name/Setting Default 802.
PAGE 431
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 68.
PAGE 432
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 68. General feature default settings (continued) Feature Name/Setting Default Burst interval N/A Persistent Configuration Store Local Write delay 300 Differentiated Services (DiffServ) Admin mode Enabled Class of Service (CoS), Global Trust mode 802.1p 802.1p to queue mapping (802.
PAGE 433
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 68.
PAGE 434
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 68. General feature default settings (continued) Feature Name/Setting Default Class of Service (CoS), Interface Trust mode 802.1p Interface shaping rate 0 802.1p to queue mapping (802.
PAGE 435
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports System setup and maintenance settings The following table describes the system setup and maintenance settings. Table 69. System setup and maintenance settings Feature Sets Supported Default Boot code update 1 N/A DHCP 1 Enabled Static IP address 1 192.168.0.
PAGE 436
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 70. Port characteristics (continued) Feature Sets Supported Default Static 802.1Q tagging 256 VID = 1 Max member ports are equal to the number of ports on the switch Learning process Supports static and dynamic MAC entries Dynamic learning is enabled by default Traffic control settings The following table describes the traffic control settings. Table 71.
PAGE 437
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Security settings The following table describes the security settings. Table 73. Security settings Feature Sets Supported Default 802.
PAGE 438
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Settings for other features The following table describes the settings for other features. Table 75.
PAGE 439
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 76. Hardware technical specifications for model GS724TPv2 (continued) Feature Description Idle power consumption 13.86W Dimensions (W x D x H) 17.3 x 8.0 x 1.7 in. (440 x 204 x 43 mm) Weight 6.96 lb (3.
PAGE 440
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Model GS724TPP hardware technical specifications Table 77. Hardware technical specifications for model GS724TPP Feature Description Network interfaces Twenty-four 10/100/1000BASE-T RJ-45 PoE+ copper ports Two dedicated 1000BASE-X fiber SFP ports Switch PoE+ power budget 380W Max.power consumption with PoE 446.70W Max.power consumption without PoE 32.71W Idle power consumption 24.70W Dimensions (W x D x H) 17.
PAGE 441
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports Table 77. Hardware technical specifications for model GS724TPP (continued) Feature Description Safety certifications CB report / certificate IEC 60950-1:2005 (ed.2) + A1:2009 + A2:2013, IEC 62386-1:2018 UL listed: vUL/cUL 62368-1 CE LVD: EN 62368-1:2014/AC:2015 RCM (AS/NZS) 62368.1:2018 CCC (China Compulsory Certificate): GB4943.