User Manual

ManualsBrandsNETGEAR ManualsComputers & Accessories52-Port Gigabit Ethernet Stackable Smart Switch with 2 Copper/SFP Combo and 4 Dedicated SFP Uplink/Stacking Ports

Table Of Contents

350 East Plumeria Drive

San Jose, CA 95134

USA

February 2012

202-10995-01

v1.0

GS728TS, GS728TPS,

GS752TS, and GS752TPS

Gigabit Smart Switches

Software Administration Manual

Summary of content (329 pages)

PAGE 1
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Software Administration Manual 350 East Plumeria Drive San Jose, CA 95134 USA February 2012 202-10995-01 v1.
PAGE 2
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches ©2012 NETGEAR, Inc. All rights reserved No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NETGEAR, Inc. Technical Support Thank you for choosing NETGEAR.
PAGE 3
Contents Chapter 1 Getting Started Getting Started with the Smart Switches . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Switch Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Connecting the Switch to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Switch Discovery in a Network with a DHCP Server . . . . . . . . . . . . . . . . . 12 Switch Discovery in a Network without a DHCP Server . . . . . . . . . . . . . . .
PAGE 4
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches PoE/PoE+ (GS728TPS and GS752TPS Only). . . . . . . . . . . . . . . . . . . . . . 70 PoE Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 PoE Port Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 SNMPv1/v2. . . . . . . . . . . . . . . . . .
PAGE 5
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 STP Switch Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123 CST Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125 CST Port Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126 CST Port Status . . . . . . . . . . . . . . . .
PAGE 6
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches IPv6 Class Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Policy Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Service Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Switch Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Port Detailed Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260 EAP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Cable Test . . . . . . .
PAGE 8
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Switch Features and Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 Traffic Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 9
1. 1 Getting Started The NETGEAR®GS728TS, GS728TPS, GS752TS, and GS752TPS Smart Switch Software Administration Manual describes how to configure and operate the GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches by using the Web-based graphical user interface (GUI). This manual describes the software configuration procedures and explains the options available within those procedures.
PAGE 10
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Appendix B, Configuration Examples, contains examples of how to configure various features on the GS728TS, GS728TPS, GS752TS, and GS752TPS Smart Switches, such as VLANs and ACLs. • Appendix C, Notification of Compliance, contains regulatory information about the GS728TS, GS728TPS, GS752TS, and GS752TPS Smart Switches.
PAGE 11
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches that discovers the switches on your network segment (L2 broadcast domain). When you power up your switch for the first time, use the Smart Control Center to discover the switch and view the network information that has been automatically assigned to the switch by a DHCP server; or, if no DHCP server is present on the network, use the Smart Control Center to discover the switch and assign static network information.
PAGE 12
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Switch Discovery in a Network with a DHCP Server This section describes how to set up your switch in a network that has a DHCP server. The DHCP client on the switch is enabled by default. When you connect it to your network, the DHCP server will automatically assign an IP address to your switch. Use the Smart Control Center to discover the IP address automatically assigned to the switch.
PAGE 13
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 6. Make a note of the displayed IP address assigned by the DHCP server. You will need this value to access the switch directly from a Web browser (without using the Smart Control Center). 7. Select your switch by clicking the line that displays the switch, then click the Web Browser Access button. The Smart Control Center displays a login window similar to the following figure. Use your Web browser to manage your switch.
PAGE 14
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Switch Discovery in a Network without a DHCP Server This section describes how to use the Smart Control Center to set up your switch in a network without a DHCP server. If your network has no DHCP service, you must assign a static IP address to your switch. If you choose, you can assign it a static IP address, even if your network has DHCP service. To assign a static IP address: 1. Connect the switch to your existing network. 2.
PAGE 15
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 7. Choose the Disabled radio box to disable DHCP. 8. Enter the static switch IP address, gateway IP address and subnet mask, and then type your password and click Apply. Tip: You must enter the current password every time you use the Smart Control Center to update the switch setting. The default password is password. Please ensure that your PC and the switch are in the same subnet. Make a note of these settings for later use.
PAGE 16
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches WARNING: When you change the IP address of your administrative system, you will loose your connection to the rest of the network. Be sure to write down your current network address settings before you change them. To modify the network settings on your administrative system: 1. On your PC, access the MS Windows operating system TCP/IP Properties. 2. Set the IP address of the administrative system to an address in the 192.168.0.
PAGE 17
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Clicking Web Browser Access on the Smart Control Center or accessing the switch directly from your Web browser displays the login screen shown in the following figure. Figure 2. Login Screen Smart Control Center Utilities In addition to device discovery and network address assignment, the Smart Control Center includes several maintenance features.
PAGE 18
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Configuring the Device To modify switch information: 1. Select the switch. 2. Click Configure Device. Additional fields appear on the screen. 3. To assign or update a static IP address, default gateway, or subnet mask, disable the DHCP client and enter the new information. You can also specify a system name and location for the switch. 4. Type the password in the Current Password field.
PAGE 19
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Configuration Upload and Download When you make changes to the switch, the configuration information is stored in a file on the switch. You can backup the configuration by uploading the configuration file from the switch to an administrative system. You can download a saved configuration file from the administrative system to the switch. The configuration file you download to the switch overwrites the running configuration on the switch.
PAGE 20
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To restore the configuration to a previously saved version: 1. Click the Maintenance tab and select the device with the configuration to restore. 2. Click Download Configuration. 3. From the Select a Configuration window that appears, navigate to and select the configuration file to download to the switch. 4. Click Open. 5. Enter the switch password and click Apply to begin the download process.
PAGE 21
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches By default, the firmware is downloaded to primary storage and will be become the active image after the download completes and the switch reboots. To download firmware to use as a backup image, select the Secondary Storage option. To prevent the switch from using the downloaded firmware as the active image, make sure the Run this FW after download option is clear.
PAGE 22
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches WARNING: It is important that you do not power-off the administrative system or the switch while the firmware upgrade is in progress. Viewing and Managing Tasks From the Tasks tab, you can view information about configuration downloads and firmware upgrades that have already occurred, are in progress, or are scheduled to take place at a later time. You can also delete or reschedule selected tasks. The following figure shows the Tasks page.
PAGE 23
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Understanding the User Interfaces The GS728TS, GS728TPS, GS752TS, and GS752TPS switches software includes a set of comprehensive management functions for configuring and monitoring the system by using one of the following methods: • Web user interface • Simple Network Management Protocol (SNMP) Each of the standards-based management methods allows you to configure and monitor the components of the GS728TS, GS728TPS, GS752TS, and GS752TPS s
PAGE 24
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Navigation Tab Feature Link Help Link Logout Button Help Page Page Menu Configuration Status and Options Figure 3. Administrative Page Layout Navigation Tabs, Feature Links, and Page Menu The navigation tabs along the top of the Web interface give you quick access to the various switch functions. The tabs are always available and remain constant, regardless of which feature you configure.
PAGE 25
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Page Link Configuration Pages Figure 4. Menu Hierarchy Configuration and Monitoring Options The area directly under the feature links and to the right of the page menu displays the configuration information or status for the page you select. On pages that contain configuration options, you can input information into fields or select options from drop-down menus.
PAGE 26
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Device View The Device View is a Java® applet that displays the ports on the switch. This graphic provides an alternate way to navigate to configuration and monitoring options. The graphic also provides information about device ports, current configuration and status, table information, and feature components. The Device View is available from the System> Device View page.
PAGE 27
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following figure shows the Device View of the GS728TS. The following figure shows the Device View of the GS728TPS. The following figure shows the Device View of the GS752TS. The following figure shows the Device View of the GS752TPS. Click the port you want to view or configure to see a menu that displays statistics and configuration options.
PAGE 28
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches If you click the graphic, but do not click a specific port, the main menu appears, as the following figure shows. This menu contains the same option as the navigation tabs at the top of the page.
PAGE 29
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Help Page Access Every page contains a link to the online help , which contains information to assist in configuring and managing the switch. The online help pages are context sensitive. For example, if the IP Addressing page is open, the help topic for that page displays if you click Help. Figure 3 on page 24 shows the location of the link to the Help Page on the Web interface.
PAGE 30
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Interface Naming Convention The GS728TS, GS728TPS, GS752TS, and GS752TPS switches software supports physical and logical interfaces. Interfaces are identified by their type and the interface number. The physical ports are gigabit interfaces and are numbered on the front panel. You can configure the logical interfaces by using the software. The following table describes the naming convention for all interfaces available on the switch. Table 2.
PAGE 31
2. Configuring System Information 2 Use the features in the System tab to define the switch’s relationship to its environment.
PAGE 32
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches System Information After a successful login, the System Information page displays. Use this page to configure and view general device information. To display the System Information page, click System > Management > System Information. A screen similar to the following is displayed. To define system information: 1. Open the System Information page. 2. Define the following fields: • System Name.
PAGE 33
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Date & Time The current date and time. System Up Time Displays the number of days, hours, and minutes since the last system restart. Base MAC Address The universally assigned network address. Fan Status Table Unit ID Identifies the unit number assigned to the stack member.
PAGE 34
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Click Refresh to refresh the screen with most recent data. The following table describes the status information the Slot Information displays. Field Description Slot Summary Slot Identifies the slot using the format unit/slot. Status Displays whether the slot is empty or full. Administrative State Displays whether the slot is administratively enabled or disabled. Power State Displays whether the slot is powered on or not.
PAGE 35
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches IP Configuration Use the IP Configuration page to configure network information for the management interface, which is the logical interface used for in-band connectivity with the switch through any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
PAGE 36
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 3. Specify the VLAN ID for the management VLAN. The management VLAN is used to establish an IP connection to the switch from a workstation that is connected to a port in the same VLAN. If not specified, the active management VLAN ID is 1 (default), which allows an IP connection to be established through any port.
PAGE 37
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches IPv6 Network Configuration Use the IPv6 Network Configuration page to configure the IPv6 network interface, which is the logical interface used for in-band connectivity with the switch via all of the switch's front-panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front-panel ports through which traffic is switched or routed.
PAGE 38
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the network information for an IPv6 network: 1. Admin Mode. Enable or disable the IPv6 network interface on the switch. The default value is Enable. 2. IPv6 Address Auto Configuration Mode. The IPv6 address for the IPv6 network interface is set in auto configuration mode if this option is enabled. The default value is Disable. Auto configuration can be enabled only when DHCPv6 is not enabled on any of the management interfaces. 3.
PAGE 39
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Click Clear to delete all entries from the table. The table is repopulated as the IPv6 neighbors are discovered on the network. Click Refresh to refresh the screen with most recent data. The following table describes the information the IPv6 Network Interface Neighbor Table displays Field Description IPv6 Address Specifies the IPv6 address of neighbor or interface. MAC Address Specifies MAC address associated with an interface.
PAGE 40
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Time The GS728TS, GS728TPS, GS752TS, and GS752TPS switch software supports the Simple Network Time Protocol (SNTP). You can also set the system time manually. SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The GS728TS, GS728TPS, GS752TS, and GS752TPS switches operate only as SNTP clients and cannot provide time services to other systems.
PAGE 41
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Time Configuration Use the Time Configuration page to view and adjust date and time settings. To display the Time Configuration page, click System > Management > Time > SNTP Global Configuration. To configure the time by using the CPU clock cycle as the source: 1. From the Clock Source field, select Local. 2. In the Date field, enter the date in the DD/MM/YYYY format. 3. In the Time field, enter the time in HH:MM:SS format.
PAGE 42
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the time through SNTP: 1. From the Clock Source field, select SNTP. When the Clock Source is set to SNTP, the Date and Time fields are grayed out (disabled). The switch gets the date and time from the network. 2. Use the menu to select the Coordinated Universal Time (UTC) time zone in which the switch is located, expressed as the number of hours. The options in the Time Zone menu specify the time difference from UTC time zone. 3.
PAGE 43
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Address Type Specifies the address type of the SNTP Server address for the last received valid packet. Server Stratum Specifies the claimed stratum of the server for the last received valid packet. Reference Clock Id Specifies the reference clock identifier of the server for the last received valid packet. Server Mode Specifies the mode of the server for the last received valid packet.
PAGE 44
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure a new SNTP Server: 1. Enter the appropriate SNTP server information in the available fields: • Server Type. Specifies whether the address for the SNTP server is an IP address (IPv4) or hostname (DNS). • Address. Enter the IP address or the hostname of the SNTP server. • Port. Enter a port number on the SNTP server to which SNTP requests are sent. The valid range is 1–65535. The default is 123. • Priority .
PAGE 45
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Last Attempt Status Specifies the status of the last SNTP request to this server. If no packet has been received from this server, a status of Other is displayed: • Other: None of the following enumeration values. • Success: The SNTP operation was successful and the system time was updated. • Request Timed Out: A directed SNTP request timed out without receiving a response from the SNTP server.
PAGE 46
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To access the Auto-DoS Configuration page, click System > Management > Denial of Service > Auto-DoS Configuration. To configure the Auto-DoS feature: 1. Select a radio button to enable or disable Auto-DoS: • Disable. Auto-DoS is disabled (default). • Enable. Auto-DoS is enabled. 2. Click Apply to send the updated configuration to the switch. Configuration changes occur immediately. 3.
PAGE 47
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches DoS Configuration The DoS Configuration page lets you to select which types of DoS attacks for the switch to monitor and block. To access the DoS Configuration page, click System > Management > Denial of Service > Denial of Service Configuration. To configure individual DoS settings: 1. Select the types of DoS attacks for the switch to monitor and block and configure any associated values, as the following list describes.
PAGE 48
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Denial of Service Max ICMPv6 Packet Size. Specify the maximum allowed IPv6 ICMP packet size. If ICMPv6 DoS prevention is enabled, the switch will drop IPv6 ICMP ping packets that have a size greater than this configured maximum ICMPv6 packet size. The range is 0 to 16376, and the default value (when enabled) is 512. • Denial of Service First Fragment. Enable or disable this option by selecting the appropriate radio button.
PAGE 49
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Denial of Service TCP SYN&FIN. Enable or disable this option by selecting the appropriate radio button. Enabling TCP SYN & FIN DoS prevention causes the switch to drop packets that have TCP Flags SYN and FIN set. The factory default is disabled. • Denial of Service UDP Port. Enable or disable this option by selecting the appropriate radio button.
PAGE 50
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 2. Enter the DNS default domain name to include in DNS queries. When the system is performing a lookup on an unqualified hostname, this field is provided as the domain name (for example, if default domain name is netgear.com and the user enters test, then test is changed to test.netgear.com to resolve the name). The name can contain 1–255 characters. 3.
PAGE 51
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 4. To remove an entry from the static DNS table, select the check box next to the entry and click Delete. 5. To change the hostname or IP address in an entry, select the check box next to the entry and enter the new information in the appropriate field, and then click Apply. 6. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
PAGE 52
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the Green Ethernet feature: 1. Enable or disable the Auto Power-Down Mode. • Enable. When the port link is down, the PHY automatically goes down for a short period of time and then wakes up to check link pulses. This behavior saves power consumption when there is no link partner while still allowing the port to perform auto-negotiation if a link partner does become present. • Disable.
PAGE 53
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Green Ethernet Interface Configuration Use this page to configure Green Ethernet features on a per-port basis. The Green Ethernet modes must be administratively enabled on the switch for the mode enabled on the port to take effect. To access this page, click System  Management  Green Ethernet  Green Ethernet Interface Configuration. To configure the Green Ethernet Interface feature: 1. Select the check box next to the port to configure.
PAGE 54
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 4. Enable or disable the EEE Mode: • Enable. The switch allows ports to transition to low-power mode during link idle conditions. Short cable mode and EEE mode cannot be enabled on the same port simultaneously. • Disable. Full transmit power is provided to all ports, regardless of port activity. 5. Click Apply to apply the change to the system. Configuration changes take effect immediately. 6.
PAGE 55
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure or view details about the Green Ethernet feature on a port: 1. Within the Local Device Information, select the port to view or configure from the Interface menu. 2. Enable or disable the Energy Detect, Short Reach, or EEE administrative modes on the interface. 3. If you make any changes to the Green Ethernet modes for the port, click Apply. 4.
PAGE 56
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Tx_dll_ready Data Link Layer ready: This variable indicates that the tx system initialization is complete and is ready to update/receive LLDP PDUs containing EEE TLV. Rx_dll_enabled Status of the EEE capability negotiation on the local system. Rx_dll_ready Data Link Layer ready: This variable indicates that the rx system initialization is complete and is ready to update/receive LLDP PDUs containing EEE TLV.
PAGE 57
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Green Ethernet Summary This page summarizes the Green Ethernet Summary settings currently in use. To access this page, click System  Management  Green Ethernet  Green Ethernet Summary. The following table describes the information available on the Green Mode Statistics Summary page. Field Description Current Power Consumption Estimated Power Consumption by all ports in the stack in mWatts.
PAGE 58
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Unit Identifies the stack member number. Green Features supported on this unit List of Green Features supported on the given unit which could be one or more of the following: • Energy-Detect (Energy Detect) • Short-Reach (Short Reach) • EEE (Energy Efficient Ethernet) • LPI-History (EEE Low Power Idle History) • LLDP-Cap-Exchg (EEE LLDP Capability Exchange) • Pwr-Usg-Est (Power Usage Estimates).
PAGE 59
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Green Ethernet LPI History Use this page to set the sampling interval for EEE LPI data and to specify the number of samples to keep. From this page, you can also view per-port EEE LPI data. To access this page, click System  Management  Green Ethernet  Green Ethernet LPI History. You do not need to select a port to configure the LPI sampling interval and maximum number of samples to keep.
PAGE 60
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The page also provides the information shown in the following table: Field Description Percentage LPI time per Stack Time spent in LPI mode since EEE counters are last cleared. Sample No Sample index. Time Since The Sample Was Recorded Each time the page is refreshed it shows a different time as it reflects the difference in current time and time at which the sample was recorded.
PAGE 61
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Stacking A stackable switch is a switch that is fully functional operating as a stand-alone unit but can also be set-up to operate together with up to five other switches. This group of switches shows the characteristics of a single switch while having the port capacity of the sum of the combined switches.
PAGE 62
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Firmware Synchronization and Upgrade All stack members must run the same software version to ensure compatibility within the stack. By default, if a unit is added to the stack and its software version is not the same as the stack master, that unit is not allowed to join the stack.
PAGE 63
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches When the stack is powered up and completes the boot process or the original stack master becomes unavailable, the stack master is determined through an election process. The rules for stack master Election are as follows: • If a unit had previously been elected stack master, then it will remain the stack master and other units will simply be stack members.
PAGE 64
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To select a new stack master: 1. In the Management Unit Selected menu, select the unit ID of the stack member to become the stack master. 2. A message indicating that moving stack management will unconfigure entire stack including all interfaces. 3. Click OK to confirm the selection and reload the stack. The stack will be unavailable until the boot process completes. To configure a stack member before adding it to the stack: 1.
PAGE 65
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To change the settings for an existing stack member: 1. Select the check box next to the stack member to configure. 2. If desired, specify a new unit ID for the stack member in the Change to Switch ID field. The renumbering process causes the unit to reload. 3. Specify the switch type, priority, or management status from the available fields. 4. Click Apply to save the changes to the stack member.
PAGE 66
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the Basic Stack Status fields. Field Description Unit ID The unit ID of the specific switch. Switch Description The description for the unit can be configured by the user. Serial Number The unique box serial number for this switch. Uptime The displays the relative time since the last reboot of the switch.
PAGE 67
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the mode of the stack ports: 1. Select the check box associated with the unit and port to configure: 2. From the Configured Stack Mode field, select the operating mode: • Stack. The port connects to the stack port on another stack member. This is the default value. • Ethernet. The port operates as a standard switch port that receives and transmits network traffic 3. Click Apply to apply the new settings to the system. 4.
PAGE 68
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Stack Port Diagnostics This page displays the diagnostics for all the stackable interfaces in the given stack. To display the Stack Port Diagnostics page, click System  Stacking  Advanced  Stack Port Diagnostics. A screen similar to the following is displayed. The following table describes the Stack Port Diagnostics fields. Field Definition Unit ID Displays the unit. Port Displays the stackable interface on the given unit.
PAGE 69
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Stack Firmware Synchronization To display the stack firmware synchronization configurations from the Stack Firmware Synchronization page, click System  Stacking  Advanced  Stack Firmware Synchronization. A screen similar to the following is displayed. To configure the Stack Firmware Synchronization features: 1. Specify whether Stack Firmware Auto Upgrade is enabled or disabled.
PAGE 70
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches PoE/PoE+ (GS728TPS and GS752TPS Only) Ports g1–g8 on the GS728TPS and GS752TPS are PoE+ (IEEE 802.3at) compliant ports. Each port is capable of delivering up to 30W of reliable, uninterrupted power to connected PoE-powered devices (PD). Ports g9–g24 on the GS728TPS and ports g9–g48 on the GS752TPS are PoE (IEEE 802.3af) ports that are capable of delivering up to 15W of power to connected PDs.
PAGE 71
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure PoE trap settings: 1. If you are managing a stack of switches, select the ID of the stack member to configure from the Unit menu. 2. Specify the percentage of the threshold power that must be consumed before a trap is sent. 3. Select the power management algorithm the switch uses to deliver power to the requesting PDs. • Static. The Power allocated for each port depends on the type of power threshold configured on the port.
PAGE 72
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches PoE Port Configuration Use the PoE Port Configuration page to configure per-port PoE settings. To display the PoE Port Configuration page, click System > PoE > Advanced > PoE Port Configuration. To configure PoE Port settings: 1. Select the check box next to the port to configure. Select multiple check boxes to apply the same settings to each selected port. Select the check box in the heading row to apply the same settings to all ports. 2.
PAGE 73
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • • High Power Mode. Select the power-up mode for the port • Disable: A port is powered in the IEEE 802.3af mode. (Default) • Legacy: A port is powered using high-inrush current, which is used by legacy powered devices (PDs) with a power requirement greater than 15W from power up. • Pre-802.3at. A port is powered in the IEEE 802.3af mode initially and switched to the high-power IEEE 802.3at mode before 75 msec.
PAGE 74
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • • Status. View the operational status of the port PD detection. • Disabled. Indicates no power is being delivered. • DeliveringPower. Indicates power is being drawn by a connected device. • Fault. Indicates a problem with the port. • Test. Indicates the port is in test mode. • OtherFault. Indicates the port is idle due to an error condition. • Searching. Indicates the port is not in one of the above states. • Requesting Power.
PAGE 75
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches SNMP From SNMP link under the System tab, you can configure SNMP settings for SNMPv1/v2 and SNMPv3. From the SNMP link, you can access the following pages: • SNMPv1/v2 on page 75 • Trap Flags on page 78 • SNMP v3 User Configuration on page 79 SNMPv1/v2 The pages under the SNMPv1/v2 menu allow you to configure SNMP community information, traps, and trap flags.
PAGE 76
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure SNMP communities: 1. To add a new SNMP community, enter community information in the available fields described below, and then click Add. • Management Station IP. Specify the IP address of the management station.Together, the Management Station IP and the Management Station IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device.
PAGE 77
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Trap Configuration This page displays an entry for every active Trap Receiver. To access this page, click System > SNMP > SNMP V1/V2 > Trap Configuration. To configure SNMP trap settings: 1. To add a host that will receive SNMP traps, enter trap configuration information in the available fields described below, and then click Add. • Recipients IP. The address in x.x.x.x format to receive SNMP traps from this device. • Version.
PAGE 78
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Trap Flags The pages in the Trap Manager folder allow you to view and configure information about SNMP traps the system generates. Use the Trap Flags page to enable or disable traps the switch can send to an SNMP manager. When the condition identified by an active trap is encountered by the switch, a trap message is sent to any enabled SNMP Trap Receivers, and a message is written to the trap log.
PAGE 79
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches SNMP Supported MIBs The SNMP Supported MIBs page lists the MIBs available for management by using a SNMP-based network management system. To access the page, click System > SNMP > SNMP V1/V2 > Supported MIBs. The page displays the name of each supported MIB file and provides a description of the module. SNMP v3 User Configuration This is the configuration for SNMP v3. To access this page, click System > SNMP > SNMP V3 > User Configuration.
PAGE 80
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The SNMPv3 Access Mode is a read-only field that shows the access privileges for the user account. The admin account always has Read/Write access, and all other accounts have Read Only access. To configure SNMPv3 settings for the user account: 1. In the Authentication Protocol field, specify the SNMPv3 Authentication Protocol setting for the selected user account. The valid Authentication Protocols are None, MD5, or SHA.
PAGE 81
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches ports. The application is responsible for starting each transmit and receive state machine appropriately, based on the configured status and operational state of the port. The Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED) is an enhancement to LLDP with the following features: • Auto-discovery of LAN policies (such as VLAN, Layer 2 Priority, and DiffServ settings), enabling plug and play networking.
PAGE 82
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • TLV Advertised Interval. Specify the interval at which frames are transmitted. The default is 30 seconds, and the valid range is 5–32768 seconds. • Hold Multiplier. Specify multiplier on the transmit interval to assign to Time-to-Live (TTL). The default is 4 seconds, and the range is 2–10. • Reinitializing Delay. Specify the delay before a reinitialization. The default is 2 seconds, and the range is 1–10 seconds. • Transmit Delay.
PAGE 83
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure LLDP port settings: 1. Change the LLDP port settings described below: • Interface. Specifies the port to be affected by these parameters. • • Admin Status. Select the status for transmitting and receiving LLDP packets: • Tx Only: Enable only transmitting LLDP PDUs on the selected ports. • Rx Only: Enable only receiving LLDP PDUs on the selected ports.
PAGE 84
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches From the Interface menu, select the interface with the information to view. The following table describes the LLDP-MED network policy information that displays on the screen. Field Description Device Information Chassis ID Subtype Identifies the type of data the local switch displays in the Chassis ID field. Chassis ID Identifies the local 802 LAN switch. System Name Identifies the system name associated with the switch.
PAGE 85
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches LLDP-MED Port Settings Use this page to enable LLDP-MED mode on an interface and configure its properties. To display this page, click System > LLDP > Advanced > LLDP-MED Port Settings. To configure LLDP-MED settings for a port: 1. From the Port field, select the port to configure. 2. From the LLDP-MED Status field, enable or disable the LLDP-MED mode for the selected interface. 3.
PAGE 86
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Local Information Use the LLDP Local Information page to view the data that each port advertises through LLDP. To display the LLDP Local Device Information page, click System > Advanced > LLDP > Local Information. The following table describes the LLDP local information that displays for each port. Field Description Interface Select the interface with the information to display.
PAGE 87
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches A popup window displays information for the selected port. The following table describes the detailed local information that displays for the selected port. Field Description Managed Address Address SubType Displays the type of address the management interface uses, such as an IPv4 address. Address Displays the address used to manage the device. Interface SubType Displays the port subtype.
PAGE 88
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description MED Details Capabilities Supported Displays the MED capabilities enabled on the port. Current Capabilities Displays the TLVs advertised by the port. Device Class Network Connectivity indicates the device is a network connectivity device. Network Policies Application Type Specifies the media application type associated with the policy. VLAN ID Specifies the VLAN ID associated with the policy.
PAGE 89
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the information that displays for all LLDP neighbors that have been discovered. Field Description MSAP Entry Displays the Media Service Access Point (MSAP) entry number for the remote device. Local Port Displays the interface on the local system that received LLDP information from a remote system. Chassis ID Subtype Identifies the type of data displayed in the Chassis ID field on the remote system.
PAGE 90
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches A popup window displays information for the selected port. The following table describes the fields in the popup window. Field Description Port Details Local Port Displays the interface on the local system that received LLDP information from a remote system. MSAP Entry Displays the Media Service Access Point (MSAP) entry number for the remote device.
PAGE 91
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description MED Details Capabilities Supported Specifies the supported capabilities that were received in MED TLV from the device. Current Capabilities Specifies the advertised capabilities that were received in MED TLV from the device. Device Class Displays the LLDP-MED endpoint device class. The possible device classes are: • Endpoint Class 1 Indicates a generic endpoint class, offering basic LLDP services.
PAGE 92
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Network Policies Application Type Specifies the media application type associated with the policy advertised by the remote device. VLAN ID Specifies the VLAN ID associated with the policy. VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged. User Priority Specifies the priority associated with the policy. DSCP Specifies the DSCP associated with a particular policy type.
PAGE 93
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches DHCP Snooping Global Configuration Use the DHCP Snooping Global Configuration page to enable or disable the DHCP Snooping feature on the switch. To access the DHCP Snooping Configuration page, click System> Services > DHCP Snooping > Global Configuration. To configure global DHCP Snooping settings: 1. In the Admin Mode field, select Enable or Disable to turn the DHCP Snooping feature on or off. DHCP snooping is globally disabled by default.
PAGE 94
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Interface Configuration Use the DHCP Snooping Interface Configuration page to view and configure each port or LAG as trusted or untrusted. Any DHCP responses received on a trusted port are forwarded. If a port is configured as untrusted, any DHCP (or BootP) responses received on that port are discarded. To access the DHCP Snooping Interface Configuration page, click System> Services > DHCP Snooping > Interface Configuration.
PAGE 95
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 7. Use the Rate Limit (pps) field to specify the rate limit value for DHCP Snooping purpose. If the incoming rate of DHCP packets exceeds the value of this object for consecutively burst interval seconds, the port will be shutdown. If this value is N/A, then burst interval has no meaning, hence it is disabled. The default value is N/A. The range of Rate Limit is (0 to 300). 8.
PAGE 96
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure static DHCP bindings in the database: 1. Select the interface to add a static binding to into the DHCP snooping database. 2. Specify the MAC address for the binding to be added. This is the key to the binding database. 3. In the VLAN ID field, select the from the VLANs that exist on the switch for the binding rule. The range of the VLAN ID is (1 to 4093). 4. In the IP Address field, specify a valid IP Address for the binding rule.
PAGE 97
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Persistent Configuration Use the DHCP Snooping Persistent Configuration page to configure the persistent location of the DHCP snooping database. Bindings that are not written to the persistent file are lost when the system reboots. To access the DHCP Snooping Persistent Configuration page, click System Services  DHCP Snooping  Persistent Configuration. To configure DHCP snooping persistent settings: 1.
PAGE 98
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Statistics Use this page to view per-interface DHCP snooping statistics. To access the DHCP Snooping Statistics page, click System Services  DHCP Snooping  Statistics. Use the DHCP Snooping Statistics page to view the DHCP Snooping statistics. 1. To view settings for a physical port, click the unit ID of the stack member with the ports to view. 2. To view settings for a Link Aggregation Group (LAG), click LAGS. 3.
PAGE 99
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Timer Schedule (GS728TPS and GS752TPS Only) Timers control when power can and cannot be delivered to the port. Use the following general steps to add a timer to a port: 1. Create the timer on the Timer Global Configuration page. 2. Configure the timer settings on the Timer Schedule Configuration page. 3. Assign the timer to the port on the PoE Port Configuration page.
PAGE 100
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 1. To add a timer, enter a name in the Timer Schedule Name field, and click Add. 2. To remove a timer, select the check box associated with the timer and click Delete. 3. To enable or disable the timer feature, select the appropriate radio button and click Apply. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
PAGE 101
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 6. If required, use the Recurrence Pattern and Daily Mode fields to customize the power shutdown schedule. These fields are available only if the scheduler type is periodic. 7. Click Add to add the new entry to the selected timer schedule. 8. Click Delete to remove the selected entry from the timer schedule. 9. Click Apply to update the settings for an entry. 10.
PAGE 102
3. Configuring Switching Information 3 Use the features in the Switching tab to define Layer 2 features.
PAGE 103
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure port settings: 1. To configure settings for a physical port, click the unit ID of the stack member with the ports to configure. 2. To configure settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure settings for both physical ports and LAGs, click ALL. 4. Alternatively, to configure settings for a specific interface, enter the interface ID in the Go To Interface and click Go. 5.
PAGE 104
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Link Status. Indicates whether the Link is up or down. • Link Trap. This object determines whether or not to send a trap when link status changes. The factory default is Enable. • Enable: Specifies that the system sends a trap when the link status changes. • Disable: Specifies that the system does not send a trap when the link status changes. • Maximum Frame Size.
PAGE 105
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure global flow control settings: 1. From the Global Flow Control (IEEE 802.3x) Mode field, enable or disable IEEE 802.3x flow control on the system. The factory default is Disable. • Enable. The switch sends pause packets if the port buffers become full. • Disable. The switch does not send pause packets if the port buffers become full. 2.
PAGE 106
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure LAG settings: 1. Select the check box next to the LAG to configure. You can select multiple LAGs to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 2. Configure or view the following settings: • LAG Name. Specify the name to assign to the LAG. You may enter any string of up to 15 alphanumeric characters. • Description.
PAGE 107
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches LAG Membership Use the LAG Membership page to select two or more full-duplex Ethernet links to be aggregated together to form a link aggregation group (LAG), which is also known as a port-channel. The switch can treat the port-channel as if it were a single link. To access the LAG Membership page, click Switching> LAG > Basic > LAG Membership. To create a LAG: 1. From the LAG ID field, select the LAG to configure. 2.
PAGE 108
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches LACP Configuration To display the LACP Configuration page, click Switching> LAG > Advanced > LACP Configuration. To configure LACP: 1. From the LACP System Priority field, specify the device’s link aggregation priority relative to the devices at the other ends of the links on which link aggregation is enabled. A higher value indicates a lower priority. You can change the value of the parameter globally by specifying a priority from 0–65535.
PAGE 109
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches LACP Port Configuration To display the LACP Port Configuration page, click Switching> LAG > Advanced > LACP Port Configuration. To configure LACP port priority settings: 1. Select the check box next to the port to configure. You can select multiple ports to apply the same setting to all selected ports. Note: You cannot select ports that are not participating in a LAG. 2. Configure the LACP Priority value for the selected port.
PAGE 110
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches VLANs Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security and management of multicast traffic. By default, all ports on the switch are in the same broadcast domain.
PAGE 111
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure VLANs: 1. To add a VLAN, configure the VLAN ID, name, and type, and then click Add. • VLAN ID. Specify the VLAN Identifier for the new VLAN. (You can only enter data in this field when you are creating a new VLAN.) The range of the VLAN ID is 1–4093. • VLAN Name. Use this optional field to specify a name for the VLAN. It can be up to 32 alphanumeric characters long, including blanks. The default is blank.
PAGE 112
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches VLAN Membership Configuration Use this page to configure VLAN Port Membership for a particular VLAN. You can select the Group operation through this page. To display the VLAN Membership Configuration page, click Switching> VLAN > Advanced > VLAN Membership. To configure VLAN membership: 1. From the VLAN ID field, select the VLAN to which you want to add ports. 2.
PAGE 113
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 5. Use the Group Operations field to select all the ports and configure them. Possible values are: • Untag All: Select all the ports on which all frames transmitted from this VLAN will be untagged. All the ports will be included in the VLAN. • Tag All: Select the ports on which all frames transmitted for this VLAN will be tagged. All the ports will be included in the VLAN.
PAGE 114
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 3. To configure PVID settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the interfaces to configure. You can select multiple interfaces to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 5. Configure the PVID to assign to untagged or priority tagged frames received on this port.
PAGE 115
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure a MAC-based VLAN: 1. In the MAC Address field, specify the valid MAC Address to be bound to a VLAN ID. This field is configurable only when a MAC Based VLAN is created. Select this entry. 2. The VLAN ID field shows the VLAN ID. A valid ID can be any number in the range of (1–4093). 3. To add the entry to the MAC address-to-VLAN mapping table, click Add. 4.
PAGE 116
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To access the Protocol Based VLAN page, click Switching VLAN  Advanced  Protocol Based VLAN Group Configuration. To configure a Protocol Based VLAN Group: 1. Enter a number used to identify the group created by the user. Group IDs should be assigned when a group is created by the user. The Group IDs range is 1–128. 2. Assign a name to a new group in the Group Name field. You may enter up to 16 characters. 3.
PAGE 117
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To set up Protocol Based VLAN Group Membership: 1. Select the protocol-based VLAN Group ID for which you want to display or configure data in the Group ID drop-down menu. The Group Name field identifies the name for the protocol-based VLAN you selected. 2. Click the orange bar to display the ports for a specific switch unit and click the box below a port number to add it to the protocol-based VLAN group.
PAGE 118
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Voice VLAN Configure the Voice VLAN settings for ports that carry traffic from IP phones. The Voice VLAN feature can help ensure that the sound quality of an IP phone is safeguarded from deteriorating when the data traffic on the port is high.
PAGE 119
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Voice VLAN Port Setting To display the Voice VLAN Port Setting page, click Switching> Voice VLAN > Advanced > Port Setting. To configure Voice VLAN port settings: 1. Select the check box next to the port to configure. You can select multiple check boxes to apply the same setting to all selected ports. 2. From the Voice VLAN Mode menu, specify whether to enable or disable Voice VLAN on the selected port. 3.
PAGE 120
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Voice VLAN OUI The Organizational Unique Identifier (OUI) identifies the IP phone manufacturer.
PAGE 121
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 3. To modify information for an entry in the OUI list, select the check box next to the OUI prefix, update the OUI prefix or description, and then click Apply. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 5. Click Restore Defaults to restore the list to the preconfigured OUIs.
PAGE 122
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 4. Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 5. From the Auto-VoIP Mode menu, specify whether to enable or disable Auto-VoIP on the selected port(s) or LAG(s). 6.
PAGE 123
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • MST Configuration on page 130 • MST Port Configuration on page 131 • STP Statistics on page 134 STP Switch Configuration The Spanning Tree Switch Configuration/Status page contains fields for enabling STP on the switch. To display the Spanning Tree Switch Configuration/Status page, click Switching > STP > Basic > STP Configuration. To configure STP settings on the switch: 1.
PAGE 124
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 3. Specify the configuration name and revision level. • Configuration Name. Name used to identify the configuration currently being used. It may be up to 32 alphanumeric characters. • Configuration Revision Level. Number used to identify the configuration currently being used. The values allowed are between 0 and 65535. The default value is 0. 4. Specify the BPDU Flooding status for all ports or for individual ports.
PAGE 125
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches CST Configuration Use the Spanning Tree CST Configuration page to configure Common Spanning Tree (CST) and Internal Spanning Tree on the switch. To display the Spanning Tree CST Configuration page, click Switching > STP > Advanced > CST Configuration. To configure CST settings: 1. Specify values for CST in the appropriate fields: • Bridge Priority. When switches or bridges are running STP, each is assigned a priority.
PAGE 126
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches state before forwarding packets. The value must be greater or equal to (Bridge Max Age / 2) + 1. The time range is from 4 seconds to 30 seconds. The default value is 15. • Spanning Tree Maximum Hops. Specifies the maximum number of bridge hops the information for a particular CST instance can travel before being discarded. The valid range is 1–127. 2.
PAGE 127
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure CST port settings: 1. To configure CST settings for a physical port, click the unit ID of the stack member with the ports to configure. 2. To configure CST settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure CST settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure.
PAGE 128
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches CST Port Status Use the Spanning Tree CST Port Status page to display Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To display the Spanning Tree CST Port Status page, click Switching > STP > Advanced > CST Port Status. The following table describes the CST Status information displayed on the screen. Field Description Interface Select a physical or port channel interface to configure.
PAGE 129
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description CST Regional Root Displays the bridge priority and base MAC address of the CST Regional Root. CST Path Cost Displays the path Cost to the CST tree Regional Root. Port Forwarding State Displays the Forwarding State of this port. Click Refresh to update the information on the screen with the most current data. Rapid STP Use the Rapid STP page to view information about Rapid Spanning Tree (RSTP) port status.
PAGE 130
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches MST Configuration Use the Spanning Tree MST Configuration page to configure Multiple Spanning Tree (MST) on the switch. To display the Spanning Tree MST Configuration page, click Switching > STP > Advanced > MST Configuration. To configure an MST instance: 1. To add an MST instance, configure the MST values and click Add: • MST ID. Specify the ID of the MST to create. Valid values for this are between 1 and 4094. • Priority.
PAGE 131
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches For each configured instance, the information described in the following table displays on the page. Field Description Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority and the base MAC address of the bridge. Time Since Topology Change Displays the total amount of time since the topology of the selected MST instance last changed.
PAGE 132
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Note: If no MST instances have been configured on the switch, the page displays a “No MSTs Available” message and does not display any fields. To configure MST port settings: 1. To configure MST settings for a physical port, click the unit ID of the stack member with the ports to configure. 2. To configure MST settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure MST settings for both physical ports and LAGs, click ALL. 4.
PAGE 133
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 0. If you specify a number between 16 and 31, the priority is set to 16. It takes a value in the range of 0–240. • Port Path Cost. Set the Path Cost to a new value for the specified port in the selected MST instance. It takes a value in the range of 1–200000000. 6. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 7.
PAGE 134
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Click Refresh to update the screen with the latest MST information. STP Statistics Use the Spanning Tree Statistics page to view information about the number and type of bridge protocol data units (BPDUs) transmitted and received on each port. To display the Spanning Tree Statistics page, click Switching > STP > Advanced > STP Statistics. The following table describes the information available on the STP Statistics page.
PAGE 135
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Multicast Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255.
PAGE 136
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the fields in the MFDB Table. Field Description MAC Address The MAC Address to which the multicast MAC address is related. To search by MAC address, enter the address with the MFDB table entry you want displayed. Enter six two-digit hexadecimal numbers separated by colons, for example 00:0f:43:67:89:AB, and then click Go. If the address exists, that entry will be displayed. An exact match is required.
PAGE 137
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the information available on the MFDB Statistics page: Field Description Max MFDB Table Entries Displays the maximum number of entries that the Multicast Forwarding Database table can hold. Most MFDB Entries Since Last Reset The largest number of entries that have been present in the Multicast Forwarding Database table since the system was last reset. This value is also known as the MFDB high-water mark.
PAGE 138
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches IGMP Snooping Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to forward multicast traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255.
PAGE 139
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure IGMP Snooping: 1. Enable or disable IGMP Snooping on the switch. • Enable. The switch snoops all IGMP packets it receives to determine which segments should receive packets directed to the group address. • Disable. The switch does not snoop IGMP packets. 2. Enable or disable the validation of IGMP IP headers. • Enable. The switch checks the IGMP IP header for valid Router Alert option, ToS, and TTL information. • Disable.
PAGE 140
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table displays information about the global IGMP snooping status and statistics on the page. Field Description Multicast Control Frame Count Displays the number of multicast control frames that have been processed by the CPU. Interfaces Enabled for IGMP Snooping Lists the interfaces currently enabled for IGMP Snooping. To enable interfaces for IGMP snooping, see IGMP Snooping Interface Configuration on page 140.
PAGE 141
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 3. To configure IGMP Snooping settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 5. Configure the IGMP Snooping values for the selected port(s) or LAG(s): • Admin Mode.
PAGE 142
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the fields in the IGMP Snooping Table. Field Description MAC Address A multicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 two-digit hexadecimal numbers that are separated by colons, for example, 01:00:5e:45:67:89. VLAN ID A VLAN ID for which the switch has forwarding and filtering information. Type This displays the type of the entry.
PAGE 143
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure IGMP snooping settings for VLANs: 1. To enable IGMP snooping on a VLAN, enter the VLAN ID in the appropriate field and configure the IGMP Snooping values: • Fast Leave Admin Mode. Enable or disable the IGMP Snooping Fast Leave Mode for the specified VLAN ID.
PAGE 144
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 3. To disable IGMP snooping on a VLAN and remove it from the list, select the check box next to the VLAN ID and click Delete. 4. To modify IGMP snooping settings for a VLAN, select the check box next to the VLAN ID, update the desired values, and click Apply. IGMP Snooping Querier IGMP snooping requires that one central switch or router periodically query all end-devices on the network to announce their multicast memberships.
PAGE 145
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure IGMP Snooping Querier settings: 1. From the Querier Admin Mode field, enable or disable the administrative mode for IGMP Snooping Querier. 2. In the Snooping Querier Address field, specify the IP address to be used as source address in periodic IGMP queries. This address is used when no address is configured on the VLAN on which the query is being sent. 3.
PAGE 146
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure Querier VLAN settings: 1. To create a new VLAN ID for IGMP Snooping, select New Entry from the VLAN ID field and complete the following fields: • VLAN ID. Specifies the VLAN ID for which the IGMP Snooping Querier is to be enabled. • • Querier Election Participate Mode. Enable or disable Querier Participate Mode. • Disabled.
PAGE 147
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the information available on the Querier VLAN Status page. Field Description VLAN ID Specifies the VLAN ID on which the IGMP Snooping Querier is administratively enabled and for which VLAN exists in the VLAN database. Operational State Specifies the operational state of the IGMP Snooping Querier on a VLAN: • Querier: The snooping switch is the querier in the VLAN.
PAGE 148
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets. To access the MLD Snooping Configuration page, click Switching Multicast  MLD Snooping  MLD Snooping Configuration. To configure MLD Snooping: 1. Enable or disable the MLD Snooping Admin Mode, the administrative mode for MLD Snooping for the switch. The default is disable.
PAGE 149
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches MLD Interface Configuration MLD snooping can be enabled on the interfaces (physical and lag). To access the MLD Snooping Configuration page, click Switching Multicast  MLD Snooping  Interface Configuration. To configure the MLD interface: 1. To configure MLD Snooping settings for a physical port, click the unit ID of the stack member with the ports to configure. 2.
PAGE 150
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 9. Use the Fast Leave Admin Mode field to select the Fast Leave mode for a particular interface from the menu. The default is Disable. 10. Click Apply to apply the new settings to the switch. Configuration changes take effect immediately 11. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. MLD VLAN Configuration MLD Snooping can be enabled on a per VLAN basis.
PAGE 151
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 6. Use the Multicast Router Expiry Time field to set the value for multicast router expiry time of MLD Snooping for the specified VLAN ID. Valid range is 0 to 3600. 7. Click Add to enable MLD Snooping on the specified VLAN. 8. Click Delete to disable MLD Snooping on the specified VLAN. 9. Click Apply to apply the new settings to the switch. Configuration changes take effect immediately 10.
PAGE 152
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the Multicast Router: 1. To configure multicast router settings for a physical port, click the unit ID of the stack member with the ports to configure. 2. To configure multicast router settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure multicast router settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure.
PAGE 153
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the Multicast Router VLAN: 1. Use the Interface menu to select the interface to configure. 2. Enter the VLAN ID in the VLAN ID field for which the Multicast Router Mode is to be Enabled or Disabled. 3. Use the Multicast Router field to enable or disable Multicast Router on the selected interface. 4. Click Apply to apply the new settings to the switch. Configuration changes take effect immediately 5.
PAGE 154
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 4. In the Query Interval field, specify the time interval in seconds between periodic queries sent by the snooping querier. The Query Interval must be a value in the range of 1–1800 seconds. The default value is 60. 5. In the Querier Expiry Interval field, specify the time interval in seconds after which the last querier information is removed. The Querier Expiry Interval must be a value in the range of 60–300 seconds. The default value is 60.
PAGE 155
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Querier VLAN Address Specify the Snooping Querier Address to be used as source address in periodic MLD queries sent on the specified VLAN. Operational State Specifies the operational state of the IGMP Snooping Querier on a VLAN: • Querier: The snooping switch is the querier in the VLAN. The snooping switch will send out periodic queries with a time interval equal to the configured querier query interval.
PAGE 156
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Forwarding Database The forwarding database maintains a list of MAC addresses after having received a packet from this MAC address. The transparent bridging function uses the forwarding database entries to determine how to forward a received frame.
PAGE 157
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To search for an entry in the MAC Address Table: 1. Use the Search By field to search for MAC Addresses by MAC Address, VLAN ID, or Interface. • MAC Address: Select MAC Address from the menu and enter a six-byte hexadecimal MAC address in two-digit groups separated by colons, then click Go. If the address exists, that entry will be displayed. An exact match is required.
PAGE 158
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Dynamic Address Configuration Use the Dynamic Addresses page to set the amount of time to keep a learned MAC address entry in the forwarding database. The forwarding database contains static entries, which are never aged out, and dynamically learned entries, which are removed if they are not updated within a given time. To access the Configuration page, click Switching > Address Table > Advanced > Dynamic Addresses.
PAGE 159
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Static MAC Address Use the Static MAC Address Configuration page to configure and view static MAC addresses on an interface. To access the Static MAC Address Configuration page, click Switching> Address Table > Advanced > Static MAC Address. To configure a static MAC address: 1. To add a static MAC address entry: a. From the Interface menu, select the port or LAG on which to configure the static MAC address. b.
PAGE 160
4. 4 Configuring Routing The GS728TS, GS728TPS, GS752TS, and GS752TPS switches support IP routing. Use the links in the Routing menu to manage and monitor routing on the system.
PAGE 161
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches IP Configuration Use the IP Configuration page to enable routing on the switch and to view global routing settings. To access the IP Configuration page click Routing  IP, then click the IP Configuration link. To configure or view the global routing settings on the switch: 1.
PAGE 162
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches IP Statistics The statistics reported on the IP Statistics page are as specified in RFC 1213. To access the page click Routing  IP, then click the Statistics link.The following image shows some, but not all, of the fields the page displays.
PAGE 163
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description IpInUnknownProtos The number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol. IpInDiscards The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (e.g., for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting re-assembly.
PAGE 164
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description IcmpInMsgs The total number of ICMP messages which the entity received. Note that this counter includes all those counted by icmpInErrors. IcmpInErrors The number of ICMP messages which the entity received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.). IcmpInDestUnreachs The number of ICMP Destination Unreachable messages received.
PAGE 165
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent. IcmpOutAddrMaskReps The number of ICMP Address Mask Reply messages sent. Click Refresh to update the page with the most current data. Configuring VLAN Routing You can configure GS728TS, GS728TPS, GS752TS, and GS752TPS switches software with some ports supporting VLANs and some supporting routing.
PAGE 166
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Exclude ports not selected from the VLAN. • Enable routing on the VLAN using the IP address and subnet mask entered. To display the page, click Routing  VLAN, and then click the VLAN Routing Wizard link. To use the wizard to configure VLAN routing: 1. Specify the VLAN ID in the appropriate field. The VLAN Identifier (VID) associated with this VLAN. The range of the VLAN ID is (1 to 4093). 2.
PAGE 167
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches VLAN Routing Configuration Use the VLAN Routing Configuration page to view information about the VLAN routing interfaces configured on the system or to assign an IP address and subnet mask to VLANs on the system. To display the page, click Routing  VLAN, and then click the VLAN Routing link. To configure VLANs for routing: 1. Select the VLAN you want to configure for VLAN Routing.
PAGE 168
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Configuring Router Discovery The Router Discovery protocol is used by hosts to identify operational routers on the subnet. Router Discovery messages are of two types: Router Advertisements and Router Solicitations. The protocol mandates that every router periodically advertise the IP Addresses it is associated with. Hosts listen for these advertisements and discover the IP Addresses of neighboring routers.
PAGE 169
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 6. In the Advertise Lifetime field, enter the value (in seconds) to be used as the lifetime field in router advertisements sent from the interface. This is the maximum length of time that the advertised addresses are to be considered as valid router addresses by hosts. The allowed range for this field is 4 to 9000, i.e., the configured “Maximum Advertise Interval” to 9000. 7.
PAGE 170
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches directly attached network. When creating a route, the next hop IP must be on the same network as the routing interface. Valid next hop IP Addresses can be seen on the 'Route Table' page. 5. In the Preference field, specify a preference value for the configured next hop. The preference is an integer value from 1 to 255. You can specify the preference value (sometimes called “administrative distance”) of an individual static route.
PAGE 171
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Configuring ARP The address resolution protocol (ARP) associates a layer 2 MAC address with a layer 3 IPv4 address. GS728TS, GS728TPS, GS752TS, and GS752TPS switches software features both dynamic and manual ARP configuration. With manual ARP configuration, you can statically add entries into the ARP table.
PAGE 172
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches ARP Cache Use the ARP Cache page to view entries in the ARP table, a table of the remote connections most recently seen by this switch. To display the page, click the Routing  ARP, then click the Basic  ARP Cache link. The Management VLAN ARP Cache table displays the following information: Field Description MAC Address Displays the MAC address of the device. Port Shows the associated interface of the connection.
PAGE 173
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Type The type of the ARP entry. Possible values are: • Local. An ARP entry associated with one of the switch’s routing interface’s MAC addresses. • Gateway. A dynamic ARP entry whose IP address is that of a router. • Static. An ARP entry configured by the user. • Dynamic. An ARP entry which has been learned by the router. Age Age since the entry was last refreshed in the ARP Table. The format is hh:mm:ss.
PAGE 174
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The Routing VLANs ARP Cache table displays the following information: Field Description Interface The routing interface associated with the ARP entry. IP Address The IP address of a device on a subnet attached to one of the switch's routing interfaces. MAC Address The unicast MAC address for the device. The format is six two-digit hexadecimal numbers separated by colons, for example 00:06:29:32:81:40.
PAGE 175
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the global ARP settings: 1. In the Age Time field, enter the value you want the switch to use for the ARP entry ageout time. You must enter a valid integer, which represents the number of seconds it will take for an ARP entry to age out. The range is 15 to 21600 seconds. The default value is 1200 seconds. 2. In the Response Time field, enter the value you want the switch to use for the ARP response timeout.
PAGE 176
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To manage the ARP entries: 1. To move certain type of entries, select the type of entries to remove from the Remove From Table menu. The choices listed specify the type of ARP Entry to be deleted: • All Dynamic Entries • All Dynamic and Gateway Entries • Specific Dynamic / Gateway Entry. Selecting this allows you to specify the required IP address. • Specific Static Entry. • None.
PAGE 177
5. Configuring Quality of Service 5 Use the features in the QoS tab to configure Quality of Service (QoS) settings on the switch. The QoS tab contains links to the following features: • Class of Service on page 177 • Differentiated Services on page 184 In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
PAGE 178
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches From the Class of Service link under the QoS tab, you can access the following pages: • Basic CoS Configuration on page 178 • CoS Interface Configuration on page 179 • Interface Queue Configuration on page 180 • 802.1p to Queue Mapping on page 182 • DSCP to Queue Mapping on page 183 Basic CoS Configuration Use the Trust Mode Configuration page to set the class of service trust mode of an interface.
PAGE 179
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure global CoS settings: 1. Select the Global radio button to configure the trust mode settings that apply to all interfaces. Alternatively, you can select the Interface radio button to apply trust mode settings to individual interfaces. The per-interface setting overrides the global settings. 2. Select the trust mode for all interfaces (Global Trust Mode) or the selected interface (Interface Trust Mode).
PAGE 180
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure CoS settings for an interface: 1. To configure CoS settings for a physical port, click the unit ID of the stack member with the ports to configure. 2. To configure CoS settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure CoS settings for both physical ports and LAGs, click ALL. 4. Select the check box next to the port or LAG to configure.
PAGE 181
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To display the Interface Queue Configuration page, click the QoS > CoS tab, and then click the Advanced > Interface Queue Configuration link. To configure CoS queue settings for an interface: 1. To configure CoS queue settings for a physical port, click the unit ID of the stack member with the ports to configure. 2. To configure CoS queue settings for a Link Aggregation Group (LAG), click LAGS. 3.
PAGE 182
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 802.1p to Queue Mapping The 802.1p to Queue Mapping page also displays the Current 802.1p Priority Mapping table. To display the 801.p to Queue Mapping page, click QoS > CoS > Advanced > 802.1p to Queue Mapping. To map 802.1p priorities to queues: 1. Select the Global radio button to apply the same 802.1p priority mapping to all CoS configurable interfaces or select the Interface radio button to apply 802.
PAGE 183
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches DSCP to Queue Mapping Use the DSCP to Queue Mapping page to specify which internal traffic class to map the corresponding DSCP value. To display the IP DSCP Mapping page, click QoS > CoS > Advanced > DSCP to Queue Mapping. To map DSCP values to queues: 1. For each DSCP value, select a hardware queue to associate with the value. The traffic class is the hardware queue for a port. Higher traffic class values indicate a higher queue position.
PAGE 184
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Differentiated Services The QoS feature contains Differentiated Services (DiffServ) support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors. Standard IP-based networks are designed to provide “best effort” data delivery service. “Best effort” service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will.
PAGE 185
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To display the page, click QoS > DiffServ.
PAGE 186
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the information displayed in the Status table on the DiffServ Configuration page: Field Description Class Table Displays the current and maximum number of rows of the class table. Class Rule Table Displays the current and maximum number of rows of the class rule table. Policy Table Displays the current and maximum number of rows of the policy table.
PAGE 187
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure a DiffServ class: 1. To create a new class, enter a class name, select the class type, and click Add. The switch supports only the Class Type value All, which means all the various match criteria defined for the class should be satisfied for a packet match. All signifies the logical AND of all the match criteria. 2. To rename an existing class, select the check box next to the configured class, update the name, and click Apply. 3.
PAGE 188
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Class of Service. Select the field and enter a class of service 802.1p user priority value to be matched for the packets. The valid range is 0–7. • VLAN. Select the field and enter a VLAN ID to be matched for packets. The VLAN ID range is 1–4093. • Ethernet Type. Select the EtherType field to compare the match criteria against the value in the header of an Ethernet frame.
PAGE 189
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • IP DSCP. Matches the packet’s DSCP to the class criteria’s when selected. Select the DSCP type from the menu or enter a DSCP value to match. If you select Other, enter a custom value in the DSCP Value field that appears. • IP Precedence. Matches the packet’s IP Precedence value to the class criteria’s when Enter a value in the range of 0–7. • IP ToS.
PAGE 190
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure an IPv6 DiffServ class: 1. To create a new class, enter a class name, select the class type, and click Add. The switch supports only the Class Type value All, which means all the various match criteria defined for the class should be satisfied for a packet match. All signifies the logical AND of all the match criteria. 2.
PAGE 191
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Source IP Address. Requires a packet’s source port IP address to match the address listed here. In the IP Address field, enter a valid source IP address in dotted decimal format. • Source Prefix/Length. Enter a valid source IPv6 prefix to compare against an IPv6 packet. The prefix is always specified with the prefix length. The prefix can be in the range of ::0 to FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF. The prefix length range is 0–128.
PAGE 192
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure a DiffServ policy: 1. To create a new policy, enter a policy name in the Policy Selector field, select the existing DiffServ class to associate with the policy, and click Add. The available policy type is In, which indicates the type is specific to inbound traffic. This field is not configurable. 2.
PAGE 193
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 2. Select the queue to which packets of this policy-class will be assigned. 3. Configure the policy attributes:. • Drop. Select this option to drop packets for this policy-class. • Mark CoS. Enter the specified Class of Service queue number to mark all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header.
PAGE 194
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • • Conform Action. Determines what happens to packets that are considered conforming (below the police rate). Select one of the following actions: • Send. (default) These packets are presented unmodified by DiffServ to the system forwarding element. • Drop. These packets are immediately dropped. • Mark CoS. These packets are marked by DiffServ with the specified CoS value before being presented to the system forwarding element.
PAGE 195
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Service Configuration Use the Service Configuration page to activate a policy on an interface. To display the page, click QoS > DiffServ > Advanced > Service Configuration. To configure DiffServ policy settings on an interface: 1. To configure DiffServ policy settings for a physical port, click the unit ID of the stack member with the ports to configure. 2. To configure DiffServ policy settings for a Link Aggregation Group (LAG), click LAGS.
PAGE 196
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Service Statistics Use the Service Statistics page to display service-level statistical information about all interfaces that have DiffServ policies attached. To display the page, click the QoS > DiffServ tab and then click the Advanced > Service Statistics link. The following table describes the information available on the Service Statistics page.
PAGE 197
6. Managing Device Security 6 Use the features available from the Security tab to configure management security settings for port, user, and server security.
PAGE 198
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Change Password Use the page to change the login password. To display the page, click Security > Management Security > User Configuration > Change Password. To change the login password for the management interface: 1. Specify the current password in the Old Password. The entered password will be displayed in asterisks (*). Passwords are 1–20 alphanumeric characters in length and are case sensitive. 2. Enter the new password.
PAGE 199
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches RADIUS Configuration RADIUS servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information. The switch passes information to the configured RADIUS server, which can authenticate a user name and password before authorizing use of the network. RADIUS servers provide a centralized authentication method for: • Web Access • Access Control Port (802.
PAGE 200
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure global RADIUS server settings: 1. In the Max Number of Retransmits field, specify the value of the maximum number of times a request packet is retransmitted to the RADIUS server. Consideration to maximum delay time should be given when configuring RADIUS max retransmit and RADIUS timeout. If multiple RADIUS servers are configured, the max retransmit value on each will be exhausted before the next server is attempted.
PAGE 201
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches RADIUS Server Configuration Use the RADIUS Server Configuration page to view and configure various settings for the current RADIUS server configured on the system. To access the RADIUS Server Configuration page, click Security > Management Security, and then click the RADIUS > Server Configuration link. To configure a RADIUS server: 1. To add a RADIUS server, specify the settings the following list describes, and click Add.
PAGE 202
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 5. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. The following table describes the RADIUS server statistics available on the page. Field Description Server Address This displays all configured RADIUS servers.
PAGE 203
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Accounting Server Configuration Use the RADIUS Accounting Server Configuration page to view and configure various settings for one or more RADIUS accounting servers on the network. To access the RADIUS Accounting Server Configuration page, click Security > Management Security > RADIUS > Accounting Server Configuration. To configure the RADIUS accounting server: 1.
PAGE 204
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes RADIUS accounting server statistics available on the page. Field Description Accounting Server Address Displays the IP address of the supported RADIUS accounting server. Round Trip Time (secs) Displays the time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server.
PAGE 205
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The TACACS+ protocol ensures network security through encrypted protocol exchanges between the device and TACACS+ server.
PAGE 206
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches TACACS+ Server Configuration Use the TACACS+ Server Configuration page to configure up to five TACACS+ servers with which the switch can communicate. To display the TACACS+ Server Configuration page, click Security > Management Security, and then click the TACACS+ > Server Configuration link. To configure TACACS+ server settings: 1. To add a new TACACS+ server, enter its IP address or hostname in the TACACS+ Server field. 2.
PAGE 207
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Authentication List Configuration From the Authentication List pages, you can configure the login lists for HTTP, HTTPS, or IEEE 802.1X authentication. A login list specifies one or more authentication methods to validate switch or port access. HTTP Authentication List Use the HTTP Authentication List page to configure the authentication method(s) the admin user must use when accessing the management interface through HTTP.
PAGE 208
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 3. Use the menu in the 2 column to select the authentication method, if any, that should appear second in the selected authentication login list. This is the method that will be used if the first method times out. If you select a method that does not time out as the second method, the third method will not be tried. This parameter will not appear when you first create a new login list. 4.
PAGE 209
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • RADIUS: The user's ID and password will be authenticated using the RADIUS server. If you select RADIUS or TACACS+ as the first method and an error occurs during the authentication, the switch uses Method 2 to authenticate the user. • TACACS+: The user's ID and password will be authenticated using the TACACS+ server.
PAGE 210
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 2. Use the drop down menu in the 1 column to select the authentication method that should appear first in the selected authentication login list. If you select a method that does not time out as the first method, such as ‘local’, no other method will be tried.The possible methods are as follows: • Local: The user's locally stored ID and password will be used for authentication.
PAGE 211
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches HTTP Configuration Use the HTTP Configuration page to configure the HTTP server settings on the system. To access the HTTP Configuration page, click Security > Access, and then click the HTTP > HTTP Configuration link. To configure the HTTP server settings: 1. Enable or disable the Web Java Mode. This applies to both secure and un-secure HTTP connections. The currently configured value is shown when the Web page is displayed.
PAGE 212
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Secure HTTP Configuration Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When you manage the switch by using a Web interface, secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man-in-the-middle attacks.
PAGE 213
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches After the session is inactive for the configured amount of time, the administrator is automatically logged out and must re-enter the password to access the management interface. A value of zero corresponds to an infinite timeout. The default value is 5 minutes. The currently configured value is shown when the Web page is displayed. 6.
PAGE 214
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. Certificate Download For the Web server on the switch to accept HTTPS connections from a management station, the Web server needs a public key certificate. You can generate a certificate externally (for example, off-line) and download it to the switch.
PAGE 215
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 3. In the TFTP Server IP field, specify the address of the TFTP server. The address can be an IP address in standard x.x.x.x format or a hostname. The hostname must start with a letter of the alphabet. Make sure that the software image or other file to be downloaded is available on the TFTP server. 4. In the Remote File Path field, specify the path on the TFTP server where the file is located. You may enter up to 96 characters. 5.
PAGE 216
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure an Access Profile: 1. In the Access Profile Name field, specify the name of the access profile to be added. The maximum length is 32 characters. 2. To activate an access profile, select the Activate Profile check box. You cannot add rules to an active profile. 3. To deactivate an access profile, select the Deactivate Profile check box. 4. To remove an access profile, select the Remove Profile check box.
PAGE 217
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Access Rule Configuration Use the Access Rule Configuration page to configure the rules about what systems can access the GS728TS, GS728TPS, GS752TS, or GS752TPS Web interface and what protocols are allowed. To access the Access Rule Configuration page, click Security > Access, and then click the Access Control > Access Rule Configuration link. Before you create access rules, make sure: • An access profile exists.
PAGE 218
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Source IP Address. Specify the IP Address of the client originating the management traffic. • Mask. Specify the subnet mask associated with the IP address. The subnet mask is a standard subnet mask, and not an inverse (wildcard) mask that you use with IP ACLs. • Priority. Configure priority to the rule. The rules are validated against the incoming management request in the ascending order of their priorities.
PAGE 219
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 802.1X Configuration Use the 802.1X Configuration page to enable or disable port access control on the system. To display the 802.1X Configuration page, click Security > Port Authentication > Basic > 802.1X Configuration. To configure global 802.1X settings: 1. Select the appropriate radio button in the Port Based Authentication State field to enable or disable 802.1X administrative mode on the switch. • Enable.
PAGE 220
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 3. Enable or disable Dynamic VLAN Creation Mode: • Enable. If the RADIUS assigned VLAN does not exist on the switch, allow the switch to dynamically create the assigned VLAN. • Disable. The switch will not create a RADIUS-assigned VLAN for a client if it does not already exist. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 5.
PAGE 221
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure 802.1X settings for the port: 1. Select the check box next to the port to configure. You can also select multiple check boxes to apply the same settings to the select ports, or select the check box in the heading row to apply the same settings to all ports. 2. For the selected port(s), specify the following settings: • Port Control. Defines the port authorization state.
PAGE 222
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Periodic Reauthentication. Use this field to enable or disable reauthentication of the supplicant for the specified port. Select Enable and Disable. If the value is Enable, reauthentication will occur. Otherwise, reauthentication will not be allowed. The default value is Disable. Changing the selection will not change the configuration until the Apply button is pressed. • Reauthentication Period.
PAGE 223
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • • • Authenticator PAE State. This field displays the current state of the authenticator PAE state machine. Possible values are as follows: • Initialize • Disconnected • Connecting • Authenticating • Authenticated • Aborting • Held • ForceAuthorized • ForceUnauthorized Backend State. This field displays the current state of the backend authentication state machine.
PAGE 224
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Port Summary Use the Port Summary page to view information about the port access control settings on a specific port. To access the Port Summary page, click Security > Port Authentication > Advanced > Port Summary. The following table describes the fields on the Port Summary page. Field Description Port The port whose settings are displayed in the current table row. Control Mode Defines the port authorization state.
PAGE 225
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Reauthentication Enabled Displays if reauthentication is enabled on the selected port. This is a configurable field. The possible values are true and false. If the value is true, reauthentication will occur. Otherwise, reauthentication will not be allowed. Port Status This field displays the authorization status of the specified port. The possible values are Authorized, Unauthorized, and N/A.
PAGE 226
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure MAC filter settings: 1. To configure a new MAC filter: a. Select Create Filter from the MAC Filter menu. If no filters have been configured, this is the only option available. b. From the VLAN ID menu, select the VLAN to use with the MAC address to fully identify packets you want filtered. You can change this field only when the Create Filter option is selected from the MAC Filter menu. c.
PAGE 227
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches e. Click the orange bar to display the available ports and select the port(s) you to include in the outbound filter. Packets with the MAC address and VLAN ID you selected will be transmitted only out of ports that are in the list. Destination ports can be included only in the Multicast filter. 2. To delete a configured MAC Filter, select it from the menu, and then click Delete. 3.
PAGE 228
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the information displayed on the page: Field Description MAC Address Identifies the MAC address that is filtered. VLAN ID The VLAN ID used with the MAC address to fully identify packets you want filtered. You can only change this field when you have selected the Create Filter option. Source Port Members Displays the ports included in the inbound filter.
PAGE 229
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure storm control settings: 1. Select the check box next to the port to configure. Select multiple check boxes to apply the same setting to all selected ports. Select the check box in the heading row to apply the same settings to all ports. 2. From the Ingress Control Mode menu, select the mode of broadcast affected by storm control. • Disable. Do not use storm control. • Unknown Unicast.
PAGE 230
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Port Security Configuration Use the Port Security feature to lock one or more ports on the system. When a port is locked, only packets with an allowable source MAC addresses can be forwarded. All other packets are discarded. To display the Port Security Configuration page, click Security > Traffic Control, and then click the Port Security > Port Security Configuration link. To configure the global port security mode: 1.
PAGE 231
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Port Security Interface Configuration A MAC address can be defined as allowable by one of two methods: dynamically or statically. Both methods are used concurrently when a port is locked. Dynamic locking implements a first arrival mechanism for Port Security. You specify how many addresses can be learned on the locked port. If the limit has not been reached, then a packet with an unknown source MAC address is learned and forwarded normally.
PAGE 232
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 5. Specify the following settings: • Port Security. Enable or Disable the port security feature for the selected port. • Max Allowed Dynamically Learned MAC. Sets the maximum number of dynamically learned MAC addresses on the selected interface. Valid range is 0–600. • Max Allowed Statically Locked MAC. Sets the maximum number of statically locked MAC addresses on the selected interface. Valid range is 0–20. • Enable Violation Traps.
PAGE 233
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The Dynamic MAC Address Table shows the MAC addresses and their associated VLANs learned on the selected port. Use the Port List menu to select the interface for which you want to display data. Field Description VLAN ID Displays the VLAN ID corresponding to the Last Violation MAC address. MAC Address Displays the MAC addresses learned on a specific port. Click Refresh to refresh the page with the most current data from the switch.
PAGE 234
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Configuring Access Control Lists Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network.
PAGE 235
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches ACL Wizard The ACL Wizard helps you to create a simple ACL and apply to the selected ports easily and quickly. You can select an ACL type from a list of common ACLs. The ACL rule fields available on the page change based on the type of ACL you select. You can add an ACL rule to this ACL and then apply the ACL to the selected ports. Note: The ACL Wizard allows you only to create the ACL, add rules, and bind the ACL to interfaces.
PAGE 236
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • ACL Based on Source IPv4 - Use this to create a ACL based on the source IPv4 address and IPv4 address mask. • ACL Based on Destination IPv6 - Use this to create a ACL based on the destination IPv6 prefix and IPv6 prefix length. • ACL Based on Source IPv6 - Use this to create a ACL based on the source IPv6 prefix and IPv6 prefix length.
PAGE 237
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches MAC ACL A MAC ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. There are multiple steps involved in defining a MAC ACL and applying it to the switch: 1. Use the MAC ACL page to create the ACL ID. 2. Use the MAC Rules page to create rules for the ACL. 3.
PAGE 238
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches MAC Rules Use the MAC Rules page to define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default 'deny all' rule is the last rule of every list. To display the MAC Rules page, click Security > ACL > Basic > MAC Rules. To configure MAC ACL rules: 1. From the ACL Name field, specify the existing MAC ACL to which the rule will apply.
PAGE 239
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches MAC addresses with aa:bb:xx:xx:xx:xx result in a match (where x is any hexadecimal number). A MAC mask of 00:00:00:00:00:00 matches a single MAC address. • EtherType Key. Requires a packet’s EtherType to match the EtherType you select. Select the EtherType value from the drop down menu. If you select User Value, you can enter a custom EtherType value. • EtherType User Value.
PAGE 240
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches MAC Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the MAC Binding Configuration page to assign MAC ACL lists to ACL Priorities and Interfaces. To display the MAC Binding Configuration page, click Security > ACL > Basic > MAC Binding Configuration. To configure MAC ACL interface bindings: 1. Select an existing MAC ACL from the ACL ID menu.
PAGE 241
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches In the following figure, the MAC ACL named mac-acl2 is being applied to ports g13 and g20-g22. As the Interface Binding Status table indicates, these ports also have a MAC ACL named mac-acl applied in the inbound direction. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 5. Click Apply to save any changes to the running configuration.
PAGE 242
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the information displayed in the MAC Binding Table. Field Description Interface Displays the interface to which the MAC ACL is bound. Direction Specifies the packet filtering direction for ACL. The only valid direction is Inbound, which means the MAC ACL rules are applied to traffic entering the port. ACL Type Displays the type of ACL assigned to selected interface and direction.
PAGE 243
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The IP ACL area shows the current size of the ACL table versus the maximum size of the ACL table. The current size is equal to the number of configured IPv4 plus the number of configured MAC ACLs. The maximum size is 100. To configure an IP ACL: 1. In the IP ACL ID field, specify the ACL ID. The ID is in the following range: • 1–99: Creates an IP Standard ACL, which allows you to permit or deny traffic from a source IP address.
PAGE 244
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure rules for an IP ACL: 1. To add an IP ACL rule, select the ACL ID to add the rule to and click Add. The page refreshes and shows the available rules to configure. 2. Complete the fields described in the following list. • Rule ID. Specify a number from 1–10 to identify the IP ACL rule. You can create up to 10 rules for each ACL. • Action. Selects the ACL forwarding action, which is one of the following: • Permit.
PAGE 245
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Match Every. Requires a packet to match the criteria of this ACL. Select True or False from the drop down menu. Match Every is exclusive to the other filtering rules, so if Match Every is True, the other rules on the screen are not available. • Source IP Address. Requires a packet’s source IP address to match the address listed here. Type an IP Address in the appropriate field using dotted-decimal notation.
PAGE 246
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure rules for an IP ACL: 1. To add an IP ACL rule, select the ACL ID to add the rule to and click Add. The page displays the extended ACL Rule Configuration fields, as the following figure shows. 2. Configure the new rule. • Rule ID. Specify a number from 1–10 to identify the IP ACL rule. You can create up to 10 rules for each ACL. • Action. Selects the ACL forwarding action, which is one of the following: • Permit.
PAGE 247
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches time period. If the Access List Trap Flag is also enabled, this will cause periodic traps to be generated indicating the number of times this rule was hit during the current report interval. A fixed five-minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the current interval. This field is only supported for a Deny action. • Match Every.
PAGE 248
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Service Type. Choose one of the Service Type match conditions for the extended IP ACL rule. The possible values are IP DSCP, IP precedence, and IP TOS, which are alternative ways of specifying a match criterion for the same Service Type field in the IP header, however each uses a different user notation. After you select the service type, specify the value associated with the type.
PAGE 249
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The current number of the IP ACLs configured on the switch is displayed in the Current Number of ACL area. The maximum number of IP ACL that can be configured on the switch is displayed in the Maximum ACL field, depending on the hardware. The name of IPv6 ACL can be configured in IPv6 ACL field. The number of the rules associated with the IP ACL is displayed in the Rules field. The ACL type is IPv6 ACL and displayed in the Type field. 1.
PAGE 250
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the IPv6 rules, select the following: 1. To add an IPv6 rule, use the pull-down list in the ACL Name field to select the IP ACL for which to create or update a rule. Complete the fields described in the following list, and click Add. 2. Configure the new rule. • Rule ID: Enter a whole number in the range of 1 to 10 that will be used to identify the rule. An IPv6 ACL may have up to 10 rules.
PAGE 251
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches is not issued if the ACL rule hit count is zero for the current interval. This field is only supported for a Deny action. • Mirror Interface: Specifies the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface is already configured for the ACL rule. This field is visible for a Permit action.
PAGE 252
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Flow Label: Flow label is 20-bit number that is unique to an IPv6 packet, used by end stations to signify quality-of-service handling in routers. Flow label can be specified within the range (0 to 1048575). • IPv6 DSCP Service: Specify the IP DiffServ Code Point (DSCP) field. The DSCP is defined as the high-order six bits of the Service Type octet in the IPv6 header. This is an optional configuration. Enter an integer from 0 to 63.
PAGE 253
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 2. Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction. A low number indicates high precedence order. If a sequence number is already in use for this interface and direction, the specified access list replaces the currently attached access list using that sequence number.
PAGE 254
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches IP Binding Table Use the IP Binding Table page to view or delete the IP ACL bindings. To display the IP Binding Table, click Security > ACL > Advanced > Binding Table. The following table describes the information displayed in the IP ACL Binding Table. Field Description Interface Displays the interface to which the IP ACL is bound. Direction Specifies the packet filtering direction for ACL.
PAGE 255
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches VLAN Binding Table Use the VLAN Binding Table page to associate configured ACLs with VLANs. To display the VLAN Binding Table page, click Security  ACL > Advanced  Vlan Binding Table. In the ACL Binding area, enter the values in the following fields: 1. In the VLAN ID field, specify a VLAN ID for ACL mapping. 2. In the Direction field, specify the direction of packet traffic affected by the MAC ACL, which can be Inbound or blank. 3.
PAGE 256
7. 7 Monitoring the System Use the features available from the Monitoring tab to view a variety of information about the switch and its ports and to configure how the switch monitors events. The Monitoring tab contains links to the following features: • Ports on page 256 • System Logs on page 270 • Port Mirroring on page 278 Ports The pages available from the Ports link contain a variety of information about the number and type of traffic transmitted from and received on the switch.
PAGE 257
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the Switch Statistics displayed on the screen. Field Description ifIndex This object indicates the ifIndex of the interface table entry associated with the processor of this switch. Octets Received The total number of octets of data received by the processor (excluding framing bits, but including FCS octets).
PAGE 258
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Packets Transmitted Without The total number of packets transmitted out of the interface. Errors Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent.
PAGE 259
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Port Statistics The Port Statistics page displays a summary of per-port traffic statistics on the switch. To access the Port Summary page, click Monitoring > Ports, and then click the Port Statistics link. To view port statistics: 1. To view statistics for a physical port, click the unit ID of the stack member with the ports to view. 2. To view statistics for a Link Aggregation Group (LAG), click LAGS. 3.
PAGE 260
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors. Collision Frames The best estimate of the total number of collisions on this Ethernet segment. Time Since Counters Last Cleared The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were last cleared.
PAGE 261
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table describes the detailed port information displayed on the screen. To view information about a different port, select the port number from the Interface menu. Field Description Interface Use the drop down menu to select the interface for which data is to be displayed or configured. MST ID Displays the created or existing MSTs.
PAGE 262
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description LACP Mode Selects the Link Aggregation Control Protocol administration state: • Enable: Specifies that the port is allowed to participate in a port channel (LAG), which is the default mode. • Disable: Specifies that the port cannot participate in a port channel (LAG). Physical Mode Indicates the port speed and duplex mode. In auto-negotiation mode, the duplex mode and speed are set from the auto-negotiation process.
PAGE 263
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Packets Received 65-127 Octets The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets). Packets Received 128-255 Octets The total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets).
PAGE 264
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Alignment Errors The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with a non-integral number of octets.
PAGE 265
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Packets Transmitted 256-511 Octets The total number of packets (including bad packets) transmitted that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets). Packets Transmitted 512-1023 Octets The total number of packets (including bad packets) transmitted that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).
PAGE 266
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Excessive Collision Frames A count of frames for which transmission on a particular interface fails due to excessive collisions. Port Membership Discards The number of frames discarded on egress for this port due to egress filtering being enabled. STP BPDUs Received Number of STP BPDUs received at the selected port. STP BPDUs Transmitted Number of STP BPDUs transmitted from the selected port.
PAGE 267
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To view EAP statistics: 1. To view statistics for a physical port, click the unit ID of the stack member with the ports to view. 2. To view statistics for a Link Aggregation Group (LAG), click LAGS. 3. To view statistics for both physical ports and LAGs, click ALL. 4. To view statistics for a specific interface, enter the interface ID in the Go To Interface and click Go. The following table describes the EAP statistics displayed on the screen.
PAGE 268
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Field Description Response/ID Frames Received Displays the number of EAP Respond ID frames that have been received on the port. Response Frames Received Displays the number of valid EAP Response frames received on the port. Request/ID Frames Transmitted Displays the number of EAP Requested ID frames transmitted through the port. Request Frames Transmitted Displays the number of EAP Request frames transmitted through the port.
PAGE 269
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The following table shows the information the Cable Test page shows: Field Description Cable Status Displays the cable status. • Normal: the cable is working correctly. • Open: the cable is disconnected or there is a faulty connector. • Short: there is an electrical short in the cable. • Cable Test Failed: The cable status could not be determined. The cable may in fact be working. • Unknown: The test has not been performed.
PAGE 270
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches System Logs The switch may generate messages in response to events, faults, or errors occurring on the platform as well as changes in configuration or other occurrences. These messages are stored locally and can be forwarded to one or more centralized points of collection for monitoring purposes or long term archival storage.
PAGE 271
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the Memory Log settings: 1. Use the radio buttons in the Admin Status field to determine whether to log messages. • Enable: Enables system logging. • Disable: Prevents the system from logging messages. 2. From the Behavior menu, specify the behavior of the log when it is full. • Wrap: When the buffer is full, the oldest log messages are deleted as the system logs new messages.
PAGE 272
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. FLASH Log Configuration The FLASH log is a log that is stored in persistent storage, which means that the log messages are retained across a switch reboot. • The first log type is the system startup log. The system startup log stores the first N messages received after system reboot.
PAGE 273
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 2. From the Severity Filter field, specify the type of log messages to record. A log records messages equal to or above a configured severity threshold. For example, if you select Error, the logged messages include Error, Critical, Alert, and Emergency. The default severity level is Alert(1). The severity can be one of the following levels: • Emergency (0): The highest level warning level.
PAGE 274
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Server Log Configuration Use the Server Log Configuration page to allow the switch to send log messages to the remote logging hosts configured on the system. To access the Server Log Configuration page, click the Monitoring > Logs tab, and then click the Server Log link. To configure local log server settings: 1.
PAGE 275
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure a remote log server 1. To add a remote syslog host (log server), specify the settings in the following list and click Add. • Host Address. Specify the IP address or hostname of the host configured for syslog. • Port. Specify the port on the host to which syslog messages are sent. The default port is 514. • Severity Filter. Use the menu to select the severity of the logs to send to the logging host.
PAGE 276
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Trap Logs Use the Trap Logs page to view information about the SNMP traps generated on the switch. To access the Trap Logs page, click the Monitoring > Logs tab, and then click the Trap Logs link. The following table describes the Trap Log information displayed on the screen. Field Description Number of Traps Since The number of traps that have occurred since the switch last reboot.
PAGE 277
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Event Logs Use the Event Log page to display the event log, which is used to hold error messages for catastrophic events. After the event is logged and the updated log is saved in flash memory, the switch will be reset. The log can hold at least 2,000 entries and is erased when an attempt is made to add an entry after it is full. The event log is preserved across system resets.
PAGE 278
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Port Mirroring The page under the Mirroring link allows you to view and configure port mirroring on the system. Multiple Port Mirroring Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch. As such, many switch ports are configured as source ports and one switch port is configured as a destination port.
PAGE 279
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 4. Alternatively, to configure settings for a specific interface, enter the interface ID in the Go To Interface and click Go. 5. Select the check box next to a port or LAG to configure it as a source port. 6. In the Destination Port field, specify the port to which port traffic is be copied. Use the /g format to specify the port, for example 1/g1. You can configure only one destination port on the system. 7.
PAGE 280
8. Maintaining the System 8 Use the features available from the Maintenance tab to help you manage the switch.
PAGE 281
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To reboot the switch: 1. Select the Unit ID of the stack member to reboot, or select All to reboot all units in the stack. 2. Select the check box on the page. 3. Click Apply to reset the switch immediately, or click Cancel to abandon the reset request. After the switch reset begins, the management interface is not available until the switch completes the boot cycle. After the switch resets, the login screen appears.
PAGE 282
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Upload File From Switch The switch supports system file uploads from the switch to a remote system by using either TFTP or HTTP. The Upload menu contains links to the following options: • TFTP File Upload on page 282 • HTTP File Upload on page 283 TFTP File Upload Use the TFTP File Upload page to upload configuration (ASCII), log (ASCII), and image (binary) files from the switch to the TFTP server.
PAGE 283
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 3. From the Server Address Type filed, specify the format to use for the address you type in the TFTP Server Address field: • IPv4. Indicates the TFTP server address is an IP address in dotted-decimal format. • DNS. Indicates the TFTP server address is a hostname. 4. In the Server Address field, specify the IP address or hostname of the TFTP server. The address you type must be in the format indicated by the TFTP Server Address Type. 5.
PAGE 284
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To upload a file from the switch to an administrative system by using HTTP: 1. From the File Type menu, Specify what type of file you want to download to the switch: • Archive: The code is the system software image, which is saved in one of two flash sectors called images (image1 and image2). The active image stores the active copy; while the other image stores a second copy. The device boots and runs from the active image.
PAGE 285
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches TFTP File Download Use the Download File to Switch page to download device software, the image file, the configuration files and SSL files from a TFTP server to the switch. You can also download files via HTTP. See HTTP File Download on page 287 for additional information. To access the TFTP File Download page, click Maintenance > Download > TFTP File Download.
PAGE 286
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches • SSL DH Weak Encryption Parameter PEM File: SSL Diffie-Hellman Weak Encryption Parameter File (PEM Encoded). • SSL DH Strong Encryption Parameter PEM File: SSL Diffie-Hellman Strong Encryption Parameter File (PEM Encoded). 2. If you are downloading an image (Archive) file, select the image on the switch to overwrite from the Image Name field. This field is only visible when Archive is selected as the File Type.
PAGE 287
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches HTTP File Download Use the HTTP File Download page to download files of various types to the switch using an HTTP session (for example, via your Web browser). To display this page, click Maintenance > Download > HTTP File Download. To download a file to the switch from by using HTTP: 1.
PAGE 288
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Note: It is recommended that you not overwrite the active image. The system will display a warning that you are trying to overwrite the active image. 3. Click Browse to open a window that allows you to locate the file you want to download. 4. Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch. 5. Click the Apply button to initiate the file download.
PAGE 289
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To copy an image: 1. Use the Source Image field to select the image on the stack master to use as the source. The source image overwrites the destination image, if it exists. 2. Use the Stack Member menu to select the destination unit to which you are going to copy the image. To copy the selected image from the stack master to all stack members, select All. 3.
PAGE 290
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure Dual Image settings: 1. Select the ID of the stack member to configure, or select All to configure all units in the stack with the same dual image settings. 2. Select the image to configure. The Current-active field displays the name of the active image. 3. To configure a descriptive name for the selected software image, type the name in the Image Description field. 4.
PAGE 291
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Dual Image Status You can use the Dual Image Status page to view information about the system images on the device. To display the Dual Image Status page, click Maintenance > File Management > Dual Image > Dual Image Status. The following table describes the information on the Dual Image Status page. Field Description Unit The unit ID of the switch is always 1. Image1 Ver Displays the version of the image1 code file.
PAGE 292
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Troubleshooting The Troubleshooting menu contains links to the following options: • Ping on page 292 • Ping IPv6 on page 293 • Traceroute on page 294 Ping Use the Ping page to tell the switch to send a Ping request to a specified IP address. You can use this feature to check whether the switch can communicate with a particular network host. To access the Ping page, click Maintenance > Troubleshooting > Ping.
PAGE 293
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 4. Click Apply to send the ping. The switch sends the number of pings specified in the Count field, and the results are displayed below the configurable data in the Ping area. • If successful, you will see “Reply From IP/Host: icmp_seq = 0. time = xx usec. Tx = x, Rx = x Min/Max/Avg RTT = x/x/x msec.” • If a reply to the ping is not received, you will see “Reply From IP/Host: Destination Unreachable.
PAGE 294
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the settings and ping a host on the network: 1. In the Ping field, select either Global or Link Global to select either the global IPv6 Address/Hostname or Link Local Address to ping. 2. Optionally, configure the following settings: • In the IPv6 Address/Host Name field, enter the IPv6 address or Hostname of the station you want the switch to ping. The initial value is blank.
PAGE 295
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches To configure the Traceroute settings and send probe packets to discover the route to a host on the network: 1. In the Hostname/IP Address field, specify the IP address or the hostname of the station you want the switch to ping. The initial value is blank. This information is not retained across a power cycle. 2. Optionally, configure the following settings: • Probes Per Hop. Specify the number of times each hop should be probed.
PAGE 296
9. 9 Accessing Help Use the features available from the Help tab to connect to online resources for assistance. The Help tab contains links to the following features: • Online Help on page 296 • Registration on page 298. Online Help The Online Help includes the following pages: • Support on page 296 • User Guide on page 297 Support Use the Support page to connect to the Online Support site at netgear.com. To access the Support page, click Help > Online Help > Support.
PAGE 297
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches User Guide Use the User Guide page to access the GS728TS, GS728TPS, GS752TS, and GS752TPS Smart Switch Software Administration Manual (the guide you are now reading) that is available on the NETGEAR Website. To access the User Guide page, click Help > Online Help > User Guide. To access to the User Guide that is available online, click Apply.
PAGE 298
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Registration Use the Registration page to register your GS728TS, GS728TPS, GS752TS, or GS752TPS switch. Completing the registration confirms your email address, lowers technical support resolution time, and ensures your shipping address accuracy. NETGEAR, Inc. would also like to incorporate your feedback into future product development.
PAGE 299
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches If you have not registered the product or have not disabled the registration reminders, the following pop-up window appears each time a user successfully logs on to the switch: The registration pop-up window includes the following buttons: • TURN OFF. Use this button to turn off the Product Registration feature and to prevent the registration reminder pop-up window from appearing on subsequent successful login sessions. • REMIND ME LATER.
PAGE 300
A. Hardware Specifications and Default Values A Switch Specifications The GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches conform to the TCP/IP, UDP, HTTP, ICMP, TFTP, DHCP, IEEE 802.1D, IEEE 802.1p, and IEEE 802.1Q standards. GS728TS Specifications Feature Value Interfaces 24 copper 10/100/1000M Ethernet ports 2 combo ports: 10/100/1000M copper or 1G/100M optical 2 SFP 1G optical ports (port 25 and 26) 2 SFP ports (port 27 and 28) for 1G optical uplink or 2.
PAGE 301
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches GS752TS Specifications Feature Value Interfaces 48 copper 10/100/1000M Ethernet ports 2 combo ports: 10/100/1000M copper or 1G/100M optical 2 SFP 1G optical ports (port 49 and 50) 2 SFP ports (port 51 and 52) for 1G optical uplink or 2.
PAGE 302
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Switch Features and Defaults Port Characteristics Feature Sets Supported Default Auto negotiation/static speed/duplex All ports Auto negotiation Auto MDI/MDIX N/A Enabled 802.3x flow control/back pressure 1 (per system) Disabled Port mirroring 1 Disabled Port trunking (aggregation) 8 Pre-configured 802.1D spanning tree 1 Disabled 802.1w RSTP 1 Disabled 802.1s spanning tree 5 instances Disabled Static 802.
PAGE 303
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Quality of Service Feature Sets Supported Default Number of queues 7 N/A Port based N/A N/A 802.1p 1 Enabled DSCP 1 Disabled Rate limiting All ports Disabled Auto-QoS All ports Disabled Feature Sets Supported Default 802.
PAGE 304
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches System Setup and Maintenance Feature Sets Supported Default Boot code update 1 N/A DHCP/manual IP 1 DHCP enabled/192.168.0.239 Default gateway 1 192.168.0.
PAGE 305
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Other Features Feature Sets Supported Default IGMP snooping v1/v2/v3 All ports Disabled Configurations upload/download 1 N/A EAPoL flooding All ports Disabled BPDU flooding All ports Disabled Static multicast groups 8 Disabled Filter multicast control 1 Disabled Number of static routes 32 N/A Number of routed VLANs 15 N/A Number of ARP Cache entries 1024 N/A Number of DHCP snooping bindings 8K N/A Number of DHC
PAGE 306
B. Configuration Examples B This chapter contains information about how to configure the following features: • Virtual Local Area Networks (VLANs) on page 306 • Access Control Lists (ACLs) on page 308 • Differentiated Services (DiffServ) on page 311 • 802.1X on page 315 • MSTP on page 318 • Configuring VLAN Routing on page 322 Virtual Local Area Networks (VLANs) A local area network (LAN) can generally be defined as a broadcast domain.
PAGE 307
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches VLANs have a number of advantages: • It is easy to do network segmentation. Users that communicate most frequently with each other can be grouped into common VLANs, regardless of physical location. Each group’s traffic is contained largely within the VLAN, reducing extraneous traffic and improving the efficiency of the whole network. • They are easy to manage.
PAGE 308
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 2. In the VLAN Membership screen (see VLAN Membership Configuration on page 112) specify the VLAN membership as follows: • For the default VLAN with VLAN ID 1, specify the following members: port 7 (U) and port 8 (U). • For the VLAN with VLAN ID 10, specify the following members: port 1 (U), port 2 (U), and port 3 (T). • For the VLAN with VLAN ID 20, specify the following members: port 4 (U), port 5 (T), and port 6 (U). 3.
PAGE 309
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Traffic filtering requires the following two basic steps: 1. Create an access list definition. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Additionally, you can assign traffic that matches the criteria to a particular queue or redirect the traffic to a particular port. A default deny all rule is the last rule of every list. 2.
PAGE 310
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 2, which is the Sales department VLAN. The CoS value of the frame must be 0, which is the default value for Ethernet frames. Frames that match this criteria are permitted on interfaces 6, 7, and 8 and are assigned to the hardware egress queue 0, which is the default queue. All other traffic is explicitly denied on these interfaces.
PAGE 311
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Differentiated Services (DiffServ) Standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network deliver the data in a timely fashion, although there is no guarantee that it will. During times of congestion, packets may be delayed, sent sporadically, or dropped.
PAGE 312
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Class You can classify incoming packets at layers 2, 3 and 4 by inspecting the following information for a packet: • Source/destination MAC address • EtherType • Class of Service (802.1p priority) value (first/only VLAN tag) • VLAN ID range (first/only VLAN tag) • Secondary 802.
PAGE 313
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Creating Policies Use DiffServ policies to associate a collection of classes that you configure with one or more QoS policy statements. The result of this association is referred to as a policy.
PAGE 314
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Precedence fields designating the incoming color value to be used as the conforming color. The color of exceeding traffic may be optionally specified as well. • Counting: updating octet and packet statistics to keep track of data handling along traffic paths within DiffServ. In this DiffServ feature, counters are not explicitly configured by the user, but are designed into the system based on the DiffServ policy being created.
PAGE 315
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches 8. Configure the Policy attributes as follows: • Assign Queue: 3 • Policy Attribute: Simple Policy • Color Mode: Color Blind • Committed Rate: 1000000 Kbps • Committed Burst Size: 128 KB • Confirm Action: Send • Violate Action: Drop For more information about this screen, see Policy Configuration on page 191. 9.
PAGE 316
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The GS728TS, GS728TPS, GS752TS, and GS752TPS switches support a guest VLAN, which allows unauthenticated users to have limited access to the network resources. Note: You can use QoS features to provide rate limiting on the guest VLAN to limit the network resources the guest VLAN provides. Another 802.1X feature is the ability to configure a port to Enable/Disable EAPoL packet forwarding support.
PAGE 317
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Supplicant Authenticator Switch Authentication Server (RADIUS) 192.168.10.23 Supplicant 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (5–8). These ports are available to visitors and need to be authenticated before granting access to the network. The authentication is handled by an external RADIUS server.
PAGE 318
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches For more information, see RADIUS Configuration on page 199. 7. Click Add. 8. From the Authentication List screen, configure the default List to use RADIUS as the first authentication method (See Authentication List Configuration on page 207). This example enables 802.1X-based port security on the GS728TS, GS728TPS, GS752TS, or GS752TPS switch and prompts the hosts connected on ports 5–8 for an 802.1X-based authentication.
PAGE 319
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches though frames belonging to different VLANs can take different paths within any Region, per IEEE DRAFT P802.1s/D13. All bridges, whether they use STP, RSTP or MSTP, send information in configuration messages via Bridge Protocol Data Units (BPDUs) to assign port roles that determine each port’s participation in a fully and simply connected active topology based on one or more spanning trees.
PAGE 320
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches MSTP Example Configuration This example shows how to create an MSTP instance from the GS728TS, GS728TPS, GS752TS, or GS752TPS switch. The example network has three different GS728TS, GS728TPS, GS752TS, or GS752TPS switches that serve different locations in the network. In this example, ports 1–5 are connected to host stations, so those links are not subject to network loops. Ports 6-8 are connected across switches 1, 2 and 3.
PAGE 321
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Note: Bridge priority values are multiples of 4096. If you do not specify a root bridge and all switches have the same Bridge Priority value, the switch with the lowest MAC address is elected as the root bridge (see CST Configuration on page 125). 6. From the CST Port Configuration screen, select ports 1–8 and select Enable from the STP Status menu (see CST Port Configuration on page 126). 7. Click Apply. 8.
PAGE 322
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Configuring VLAN Routing VLANs divide broadcast domains in a LAN environment. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic must be routed between them. This is known as inter-VLAN routing. On NETGEAR GS728TS, GS728TPS, GS752TS, and GS752TPS switches, it is accomplished by creating Layer 3 interfaces (Switch virtual interfaces (SVI)).
PAGE 323
C. Notification of Compliance NETGEAR Wired Products C Regulatory Compliance Information This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result in unlawful operation and adverse action against the end-user by the applicable National regulatory authority.
PAGE 324
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches FCC Declaration Of Conformity We, NETGEAR, Inc., 350 East Plumeria Drive, San Jose, CA 95134, declare under our sole responsibility that the GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches complies with Part 15 of FCC Rules.
PAGE 325
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches European Union The GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches complies with essential requirements of EU EMC Directive 2004/108/EC and Low Voltage Directive 2006/95/EC as supported by applying the following test methods and standards: • EN55022: 2006 / A1: 2007 • EN55024: 1998 / A1: 2001 / A2 : 2003 • EN60950-1: 2005 2nd Edition • EN 61000-3-2:2006 • EN 61000-3-3:1995 w/A1: 2001+A2: 2005 GPL License Agreement GPL
PAGE 326
Index Numerics Differentiated Services 184 DiffServ 185 DNS 49 Dual Image 289 Dynamic Address 158 Dynamic Host 51 Global 138 Green Ethernet 51, 53, 54, 59 HTTP 211 IGMP Snooping 138 LACP 108 LACP Port 109 LAG 105 LLDP 81 MAC Filter 225 Management Access 210 MST Port 131 Network Settings on the Administrative System 15 password 198 Policy 191 Port Security 230 Port VLAN ID 113 RADIUS 199 Global 199 Secure HTTP 212 SNMP v3 User 79 SNTP Server 43 Standard IP ACL Example 310 STP 122 TACACS+ 204 Time 41 Trap 77
PAGE 327
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches Filtering Interface Configuration 94 refreshing the client 17 DiffServ 184 DNS 49 DoS 45 download a file 285 files via HTTP 285 from a remote system 282, 284 software 285 Dual Image Status 288, 291 EAP 266, 268 EAPOL 267 logical 30 naming convention 30 physical 30 queue configuration 181 IP address administrative system 15 switch 11, 35 IP DSCP 178 Mapping 183 IPv6 network interface 37 IPv6 network configuration 38 IPv6 Network Configuration
PAGE 328
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches O using 29 v1, v2 75 v3 79 SNTP 40 Global Status 42 global status 42 server configuration 43 server status 44 specifications 300 SSL 212 Statistics 98 storm control 228 STP 122 example configuration 318 Status 123 Stratum 0 40 1 40 2 40 OUI 120 P password change 17, 198 login 198 Persistent Configuration 97 Ping 292 PoE 70, 99 port authentication 218 summary 224 product registration 298 Q QoS 177 802.
PAGE 329
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches VLAN 110 example configuration 306 guest 221, 316 ID 110 management 36 managing 110 Port VLAN ID 113 PVID 113 voice 118 Voice VLAN OUI 120 VoIP 120, 121 W Web interface panel 23 329