User Manual 8-Port Multi-Gigabit Smart Managed Pro Switch with Two 10G Ports MS 5 1 0TX a nd M S510T X P P U ser Ma nu a l July 2019 202-11762-04 NETGEAR, Inc.
Smart Managed Pro Switches MS510TX and MS510TXPP 2 User Manual
Smart Managed Pro Switches MS510TX and MS510TXPP Support Thank you for purchasing this NETGEAR product. You can visit www.netgear.com/support to register your product, get help, access the latest downloads and user manuals, and join our community. We recommend that you use only official NETGEAR support resources. Conformity For the current EU Declaration of Conformity, visit http://kb.netgear.com/app/answers/detail/a_id/11621. Compliance For regulatory compliance information, visit http://www.netgear.
Contents Chapter 1 Get Started Switch Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Available Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Switch Management Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Web Browser Requirements and Supported Browsers . . . . . . . . . . . . . . . . 12 User-Defined Fields . . . . . . . . . . . . . . . . . . . . . . .
Smart Managed Pro Switches MS510TX and MS510TXPP Configure SNMPv3 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65 Configure LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Configure LLDP Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67 Configure LLDP Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68 LLDP-MED Network Policy . . . . . . . . .
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Spanning Tree Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 Configure STP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Configure CST Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Configure CST Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 View the CST Port Status. . . . . . . . . . . . . . .
Smart Managed Pro Switches MS510TX and MS510TXPP Manage IPv4 Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166 Configure Address Resolution Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . .168 Display the ARP Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Add an Entry to the ARP Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Configure the Global Aging-Out Time for ARP . . . .
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Authentication Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Configure Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232 Configure HTTP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Configure HTTPS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 Manage the Certificate . . . . . . . . . . . . . . . . . .
Smart Managed Pro Switches MS510TX and MS510TXPP Chapter 8 Maintain the Switch and Perform Troubleshooting Reboot the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 Reset the Switch to Its Factory Default Settings . . . . . . . . . . . . . . . . . . . . . .314 Export a File From the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315 Export a File to the TFTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 1 Get Started This manual describes how you can configure and monitor the following NETGEAR switches by using the local browser–based management interface: • MS510TX. 8-Port Multi-Gigabit Smart Managed Pro Switch with two 10G Ports, Model MS510TX • MS510TXPP.
Smart Managed Pro Switches MS510TX and MS510TXPP Switch Descriptions The switch provides four multispeed Gigabit Ethernet and four 1G Ethernet RJ-45 copper ports with one dedicated 10G RJ-45 copper uplink port and one dedicated SFP+ fiber uplink port that supports 10G and 1G. Two of the four multispeed ports support 5G, 2.5G, and 1G. The other two multispeed ports support 2.5G and 1G. (The 10G RJ-45 copper uplink port also supports 5G, 2.5G and 1G.
Smart Managed Pro Switches MS510TX and MS510TXPP After discovery, you can configure the switch using the local browser–based management interface, or the SCC program for very basic setup. For more information, see Access the Switch on page 14 and the SCC user manual, which you can download from downloadcenter.netgear.com. • Local browser–based management interface.
Smart Managed Pro Switches MS510TX and MS510TXPP User-Defined Fields User-defined fields can contain 1 to 159 characters, unless otherwise noted on the configuration web page. All characters can be used except for the ones stated in the following table (unless specifically noted in a procedure for a feature). Table 1. Invalid characters for user-defined fields Invalid characters for user-defined fields \ < / > * | ? Interface Naming Conventions The switch supports physical and logical interfaces.
Smart Managed Pro Switches MS510TX and MS510TXPP Access the Switch For easiest access, we recommend that you connect the switch to a network with a router or DHCP server that assigns IP addresses, power on the switch, and then use a computer that is connected to the same network as the switch (see Access the Switch On-Network With a DHCP Server on page 14). If your network does not include a DHCP server, you can assign a static IP address (see Access the Switch On-Network Without a DHCP Server on page 16).
Smart Managed Pro Switches MS510TX and MS510TXPP Note: The computer that is running the SCC program must be on the same network (that is, in the same broadcast domain) as the switch. To determine the DHCP-assigned IP address of the switch and access the switch: 1. Connect the switch to a network that includes a DHCP server. 2. Power on the switch by connecting its power cord. 3. Install the Smart Control Center on your computer. 4. Start the Smart Control Center. 5. Click the Discover button.
Smart Managed Pro Switches MS510TX and MS510TXPP The Smart Control Center launches a browser. The login window opens. 9. Enter the switch’s password in the Password field. The default password is password. The Switch Information page displays. You can now configure the switch. Access the Switch On-Network Without a DHCP Server You can use the Smart Control Center (SCC) to set up your switch in a network without a DHCP server and assign a static IP address to the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Select the switch, and then click the Configure Device button. The page expands to display additional fields at the bottom. 7. Select the Disabled radio button. The DHCP client is disabled. 8. Enter the static switch IP address, gateway IP address, and subnet mask for the switch. 9. Enter the switch password to continue with the configuration change. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP 11. Click the Discover button. The Smart Control Center finds your switch with its new IP address. 12. Select the switch by clicking the row for the switch. 13. Click the Web Browser Access button. The Smart Control Center launches a browser. The login window opens. 14. Enter the switch’s password in the Password field. The default password is password. The Switch Information page displays. You can now configure the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 5. After you complete the configuration of the switch, reconfigure the computer that you used for this process to its original TCP/IP settings. You can now connect your switch to your network using an Ethernet cable. Register the Switch To qualify for product updates and product warranty, we encourage you to register your product. The first time you log in to the switch, you are given the option of registering with NETGEAR.
Smart Managed Pro Switches MS510TX and MS510TXPP The procedures in this section describe how to select the ports and LAGs to configure. The procedures assume that you are already logged in to the switch. If you do not know how to log in to the switch, see Access the Switch on page 14. To configure a single port or LAG: 1. Click the All link to display the all ports and LAGs. 2. Do one of the following: a. In the Go To Interface field, type the port number and click the Go button.
Smart Managed Pro Switches MS510TX and MS510TXPP Local Browser Interface Device View The Device View displays the ports in the local browser interface displays the ports on the switch. This graphic provides an alternate way to navigate to configuration and monitoring options. The graphic also provides information about device ports, current configuration and status, tables, and feature components. To use the Device View: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the LEDs on the Device View page. Table 3. LEDs on the Device View page LED Description Power LED The Power LED is a bicolor LED that serves as an indicator of power and diagnostic status: • Solid green. Power is supplied to the switch and the switch is operating normally. • Solid yellow. The switch is in the boot-up stage. • Off. No power is supplied to the switch. Fan LED The Fan LED indicates the following status: • Off.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 3. LEDs on the Device View page (continued) LED Description 2.5G Ports 5 and 6, Right LEDs The right LEDs for ports 5 and 6 (mg5 and mg6) indicate the following status: PoE status (Model MS510TXPP only) • Off. The port is not delivering PoE. • Solid green. The port is delivering PoE. • Solid yellow. A PoE fault occurred.
Smart Managed Pro Switches MS510TX and MS510TXPP The previous figure shows the Device View page for model MS510TXPP. 7. To display the main menu that contains the same options as the navigation menu at the top of the page, right-click the graphic without clicking a specific port. The previous figure shows the Device View page for model MS510TXPP.
2 2 Configure System Information This chapter covers the following topics: • View and Configure the Switch Management Settings • Use the Device View • Configure Power over Ethernet • Configure SNMP • Configure LLDP • Configure DHCP Snooping • Set Up PoE Timer Schedules 25
Smart Managed Pro Switches MS510TX and MS510TXPP View and Configure the Switch Management Settings This section describes how to display the switch status and specify some basic switch information, such as the management interface IP address, system clock settings, and DNS information.
Smart Managed Pro Switches MS510TX and MS510TXPP 5. Define the following fields: • System Name. Enter the name to identify this switch. You can use up to 255 alphanumeric characters. The default is blank. • System Location. Enter the location of this switch. You can use up to 255 alphanumeric characters. The default is blank. • System Contact. Enter the contact person for this switch. You can use up to 255 alphanumeric characters. The default is blank. 6. Click the Apply button.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Boot Version The boot code version of the switch. Software Version The software version of the switch. View the System CPU Status Use the System CPU Status page to monitor the CPU, memory resources, and utilization patterns across various intervals to assess the performance of the switch. To configure and view the system CPU status and utilization: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP View USB Device Information Use the USB Device Information page to display the USB device status, memory statistics, and directory details. The limitations for the USB device supported on the switch are as follows: • The USB disk must comply with the USB 2.0 standard. • The USB disk must be file type FAT32. File type NTFS is not supported. To display the USB device information: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the USB Directory Details information. Table 5. USB Directory Details information Field Description File Name The name of the file stored in the USB flash drive. Type The type of file, which can be one of the following: • Folder. A subfolder within the file. Click the folder name to view the contents of the subfolder. • File. A file. • Other. A path, which can be one of the following: - Current path.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Select a radio button to determine how to configure the network information for the switch management interface: • Static IP Address. Specifies that the IP address, subnet mask, and default gateway must be manually configured. Enter this information in the fields below this radio button. • Dynamic IP Address (DHCP). Specifies that the switch must obtain the IP address through a DHCP server. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure the IPv6 Address for the Network Interface You can configure the IPv6 address for the network interface, which is the logical interface used for in-band connectivity with the switch through any of the switch’s front-panel ports. You also use the IPv6 address of the network interface to connect to the switch through the local browser interface.
Smart Managed Pro Switches MS510TX and MS510TXPP 10. In the IPv6 Gateway field, specify the default gateway for the IPv6 network interface. The gateway address is in IPv6 global or link-local address format. 11. To configure one or more static IPv6 addresses for the management interface, do the following: a. In the IPv6 Prefix/Prefix Length field, specify the static IPv6 prefix and prefix to the IPv6 network interface. The address is in the global address format. b.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the information that the IPv6 Network Interface Neighbor Table displays about each IPv6 neighbor that the switch discovered. Table 6. IPv6 network interface neighbor table information Field Description IPv6 Address The IPv6 address of a neighbor switch visible to the network interface. MAC Address The MAC address of a neighbor switch. isRtr • • Neighbor State The state of the neighboring switch: • Reach.
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > Management > Time > SNTP Global Configuration. The Time Configuration page displays. 6. Select the Clock Source Local radio button. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP The device can poll unicast server types for the server time. Polling for unicast information is used for polling a server for which the IP address is known. SNTP servers that were configured on the device are the only ones that are polled for synchronization information. T1 through T4 are used to determine server time. This is the preferred method for synchronizing device time because it is the most secure method.
Smart Managed Pro Switches MS510TX and MS510TXPP 9. Click the Add button. The SNTP server entry is added. 10. Repeat the previous steps to add additional SNTP servers. You can configure up to eight SNTP servers. The SNTP Server Status table displays status information about the SNTP servers configured on your switch. The following table describes the SNTP Server Global Status information. Table 7. SNTP Server Status information Field Description Address All the existing server addresses.
Smart Managed Pro Switches MS510TX and MS510TXPP Remove an SNTP Server To remove an SNTP server: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14.
Smart Managed Pro Switches MS510TX and MS510TXPP The Time Configuration page displays. 6. Select the Clock Source SNTP radio button. The Date and Time fields are disabled because the switch receives the date and time from the network. 7. From the Time Zone Offset menu, select the number of hours that the time zone in which the switch is located differs from the Coordinated Universal Time (UTC). The time zone can affect the display of the current system time. The default value is UTC 0:00.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table displays the nonconfigurable SNTP Global Status information. Table 8. SNTP Global Status information Field Description Version The SNTP version that the client supports. Supported mode The SNTP modes that the client supports. Multiple modes can be supported by a client. Last Update Time The local date and time (UTC) that the SNTP client last updated the system clock.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Select a Daylight Saving (DST) radio button: • Disable. Disable daylight saving time. • Recurring. Daylight saving time occurs at the same time every year. The start and end times and dates for the time shift must be manually configured. • Recurring EU. The system clock uses the standard recurring daylight saving time settings used in countries in the European Union.
Smart Managed Pro Switches MS510TX and MS510TXPP 7. Configure how the daylight saving settings recur as described in the following table. Field Description Begins At If you select the Recurring radio button, specify the start date and time of daylight saving time in the following fields: Note: These fields do not apply if you select • Week. Configure the start week. the Recurring EU radio button or the • Day. Configure the start day. Recurring USA radio button. • Month. Configure the start month.
Smart Managed Pro Switches MS510TX and MS510TXPP View the DayLight Saving Time Status You can view the status of daylight saving time (DST), including information about the daylight saving time settings and whether the time offset for daylight saving time is in effect. To view the daylight saving time status: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure DNS Settings Use these pages to configure information about DNS servers that the network uses and how the switch operates as a DNS client. Configure Global DNS Settings Use the DNS Configuration page to configure global DNS settings and DNS server information. To configure the global DNS settings: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The server is added to the list. You can specify up to eight DNS servers. The Preference field displays the server preference order. The preference is set in the order in which preferences were entered. 9. To remove a DNS server from the list, do the following: a. Select the check box for the server. b. Click the Delete button. 10. Click the Apply button. Your settings are saved. 11. To refresh the page, click the Refresh button.
Smart Managed Pro Switches MS510TX and MS510TXPP Its length cannot exceed 158 characters and it is a required field. 7. In the IPv4/IPv6 Address field, enter the IP address to associate with the host name. 8. Click the Add button. The entry displays in the list on the page. Remove an Entry From the Dynamic Host Mapping Table To remove an entry from the dynamic host mapping table: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. 5. Select System > Management > DNS > Host Configuration. The DNS Host Configuration page display. 6. Select the check box for the entry to update. 7. Enter the new information in the appropriate field. 8. Click the Apply button. Your settings are saved. 9. To clear all the dynamic host name entries from the list, click the Clear button.
Smart Managed Pro Switches MS510TX and MS510TXPP Auto Power Down mode is enabled globally, but you can disable it on a per-port basis for ports g1–g4 (see Manage and View the PoE Port Configuration on page 57). You cannot disable it for other ports. If Auto Power Down mode is enabled on a port and the port link goes down, the physical layer (PHY) automatically shuts down for a short period and wakes up to check link pulses. This mode reduces power consumption on a port if no link partner is present.
Smart Managed Pro Switches MS510TX and MS510TXPP • In the Go To Interface field, enter the port using the respective naming convention (for example, g1 or g12), and click the Go button. The entry corresponding to the specified interface is selected. For more information about naming conventions, see Interface Naming Conventions on page 13. • Select the port. 7. From the Auto Power Down Mode menu, select Enable or Disable.
Smart Managed Pro Switches MS510TX and MS510TXPP 7. To disable the Energy Detect Admin Mode for port g1, g2, g3, or g4, from the Energy Detect Admin Mode, select Disable. The Energy Detect Admin Mode is enabled globally, but you can disable it for ports g1–g4 only. With this mode enabled, the port transitions to low power mode during a link idle condition. The Operational Status field shows whether the energy detect operational status is active or inactive.
Smart Managed Pro Switches MS510TX and MS510TXPP View Green Ethernet Information for Remote Devices To view green Ethernet information for remote devices: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > Management > Green Ethernet > Green Ethernet Summary. The Green Mode Statistics Summary page displays.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Power over Ethernet Note: This section applies to model MS510TXPP only. A Power over Ethernet (PoE) device is a type of power sourcing equipment (PSE) that delivers electrical power to connected powered devices (PDs) over existing Ethernet cables without interfering with the network traffic.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: Although a device is listed as an 802.3at (PoE+) powered or 802.3af (PoE) powered device, it might not require the maximum power limit that is specified. Many devices require less power, allowing all eight PoE ports to be active simultaneously, when the devices correctly report their PoE class to the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP on a port, the port PoE LED lights yellow, and the attached device does not receive power from the port. However, the switch continues to send data through the port connection.
Smart Managed Pro Switches MS510TX and MS510TXPP The delivered power is stated in the Output Power (Watt) column. Configure the Global PoE Settings To configure the global PoE settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable fields on the page. Table 16. PoE Configuration fields Field Description Power Status The power status. Nominal Power The maximum amount of power in watts that the switch can deliver to all ports. Threshold Power If the consumed power is below the threshold power, the switch can power up another port. The consumed power can be between the nominal and threshold power.
Smart Managed Pro Switches MS510TX and MS510TXPP 7. Configure the settings as described in the following table. The settings that you configure apply to all selected PoE+ ports. Menu Item Description Port Power Select the administrative mode of the port: • Enable. The port’s capacity to deliver power is enabled. This is the default setting. • Disable. The port’s capacity to deliver power is disabled.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Output Power (W) The power that is delivered to the PD in watts. Status The operational status of the port. The possible values are as follows: • Disabled. No power is delivered. • Delivering Power. Power is being drawn by the PD. • Requesting Power. The port is requesting power. • Fault. A problem occurred with the power. • Test. The port is in test mode. • Other Fault. The port is idle because of an error condition. • Searching.
Smart Managed Pro Switches MS510TX and MS510TXPP From the System > SNMP menu, you can access pages that are described in the following sections: • Configure the SNMPv1/v2 Community on page 60 • Configure SNMPv1/v2 Trap Settings on page 62 • Configure SNMPv1/v2 Trap Flags on page 64 • View the Supported MIBs on page 65 • Configure SNMPv3 Users on page 65 Configure the SNMPv1/v2 Community Only the communities that you define can access to the switch using the SNMP V1 and SNMP V2 protocols.
Smart Managed Pro Switches MS510TX and MS510TXPP 192.168.1.0 through 192.168.1.255 (inclusive) is allowed access. To allow access from only one station, use a management station IP mask value of 255.255.255.255, and use that machine’s IP address for client address. 8. In the Community String field, specify a community name. 9. From the Access Mode menu, select the access level for this community, which is either Read/Write or Read Only. 10. From the Status menu, select to enable or disable the community.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. In the Recipients IP field, enter the IPv4 address in the x.x.x.x format to receive SNMP traps from this device. 7. From the Version menu, select the trap version to be used by the SNMP trap receiver: • SNMPv1. The switch uses SNMPv1 to send traps to the receiver. • SNMPv2. The switch uses SNMPv2 to send traps to the receiver. 8.
Smart Managed Pro Switches MS510TX and MS510TXPP 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > SNMP > SNMPv1/v2 > Trap Configuration. The Trap Configuration page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP • Authentication. When authentication is enabled, SNMP traps are sent when events involving authentication occur. By default, the Enable radio button is selected. 7. Click the Apply button. Your settings are saved. View the Supported MIBs This page displays a list of all MIBs supported by the switch. To view the supported MIBs: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP • Configure LLDP Port Settings on page 68 • LLDP-MED Network Policy on page 70 • LLDP-MED Port Settings on page 71 • Local Information on page 72 • Neighbors Information on page 74 LLDP is a one-way protocol without any request/response sequences. Information is advertised by stations implementing the transmit function, and is received and processed by stations implementing the receive function.
Smart Managed Pro Switches MS510TX and MS510TXPP The LLDP Properties page displays. The page also displays the LLDP-MED Properties section. 6. To configure nondefault values for the following LLDP properties, specify the following options: • LLDP Status. Enable or disable the LLDP feature. • Forward LLDP PDUs while LLDP Disabled. Enable or disable this feature. If you select the Enable radio button for this feature but the LLDP Status Disable radio button is selected, LLDP PDUs are flooded to all ports.
Smart Managed Pro Switches MS510TX and MS510TXPP 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select System > LLDP > Advanced > LLDP Port Settings. The LLDP Port Settings page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP LLDP-MED Network Policy This page displays information about the LLPD-MED network policy TLV transmitted in the LLDP frames on the selected local interface. To view LLDP-MED network policy information for an interface: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 18. LLDP-MED network policy information (continued) Field Description User Priority The priority associated with the policy. DSCP The DSCP associated with a particular policy type. LLDP-MED Port Settings Use this page to enable LLDP-MED mode on an interface and configure its properties. To configure LLDP-MED settings for a port: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 8. Click the Apply button. Your settings are saved. Local Information Use the LLDP Local Information page to view the data that each port advertises through LLDP. To view local LLDP information: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Port ID Subtype The type of information used to identify the interface in the Port ID field. Port ID The port number. Port Description The user-defined description of the port. For information about how to configure the port description, see Configure the Port Settings on page 90. Advertisement The TLV advertisement status of the port. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged. User Priority The priority associated with the policy. DSCP The DSCP associated with a particular policy type. Neighbors Information Use the LLDP Neighbors Information page to view the data that a specified interface received from other LLDP-enabled systems. To view LLDP information received from a neighbor device: 1.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Port ID The physical address of the port on the remote system from which the data was sent. System Name The system name associated with the remote device. If the field is blank, the name might not be configured on the remote system. 6. To view additional information about the remote device, click the hyperlink in the MSAP Entry column. A pop-up window displays information for the selected port.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description MAC/PHY Details Auto-Negotiation Supported Specifies whether the remote device supports port-speed autonegotiation. The possible values are True or False. Auto-Negotiation Enabled The port speed autonegotiation support status. The possible values are True and False. Auto Negotiation Advertised The port speed autonegotiation capabilities. Capabilities Operational MAU Type The Medium Attachment Unit (MAU) type.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Location Information Civic The physical location, such as the street address, that the remote device advertised in the location TLV, for example, 123 45th St. E. The field value length range is 6–160 characters. Coordinates The location map coordinates that the remote device advertised in the location TLV, including latitude, longitude, and altitude.
Smart Managed Pro Switches MS510TX and MS510TXPP From the System > Services menu, you can access pages that are described in the following sections: • Configure the Global DHCP Snooping Settings on page 78 • Enable DHCP for All Interfaces in a VLAN on page 79 • Configure DHCP Snooping Interface Settings on page 79 • Configure Static DHCP Bindings on page 80 • Configure the DHCP Snooping Persistent Settings on page 82 Configure the Global DHCP Snooping Settings Use this page to view and configure
Smart Managed Pro Switches MS510TX and MS510TXPP Enable DHCP for All Interfaces in a VLAN To enable DHCP snooping for all interfaces that are members of a VLAN: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. 5. Select System> Services > DHCP Snooping > Interface Configuration. The DHCP Snooping Interface Configuration page displays. 6. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. • To display both physical ports and LAGs, click the All link. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure the DHCP Snooping Persistent Settings You can configure the persistent location of the DHCP snooping bindings database. The bindings database can be stored locally on the device. To configure DHCP snooping persistent settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
Smart Managed Pro Switches MS510TX and MS510TXPP delivering power. That is, when a timer schedule is active, PoE is disabled on the port. When the timer schedule is inactive, PoE is enabled on the port. Note: Timer schedules can function only if the switch clock was set, either manually or by SNTP (see Configure the Time Settings on page 34). If the switch clock is set to the default clock, timer schedules do not take effect.
Smart Managed Pro Switches MS510TX and MS510TXPP The timer schedule is added to the table on the Timer Schedule Name page. Specify the Settings for a PoE Timer Schedule A PoE timer schedule can start either immediately or at a specific time on a specific date. Similarly, a PoE timer schedule can continue indefinitely (or until you change the settings) or end at a specific time on a specific date.
Smart Managed Pro Switches MS510TX and MS510TXPP 8. Select the Timer Schedule Absolute End Permanent or Specific radio button. If you select the Permanent radio button, the timer schedule continues indefinitely (or until you change the settings) after you complete the configuration for the timer schedule. You do not need to specify the date and time that the timer schedule ends. If you select the Specific radio button, specify the date and time that the timer schedule ends by doing the following: a.
Smart Managed Pro Switches MS510TX and MS510TXPP You can select only names of schedules that you created (see Create a PoE Timer Schedule on page 83). 7. Select the check boxes for the days on which the PoE timer schedule must be active. 8. In the Start Time field, enter the start time in the hh:mm 24-hour format. The start time applies to all selected days. 9. In the End Time field, enter the end time in the hh:mm 24-hour format. The end time applies to all selected days. 10. Click the Apply button.
Smart Managed Pro Switches MS510TX and MS510TXPP Delete a PoE Timer Schedule You can delete a PoE timer schedule that you no longer need. All periodic schedules that are part of the PoE timer schedule are also deleted. To delete a PoE timer schedule: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
3 3 Configure Switching This chapter covers the following topics: • Configure Port Settings and Flow Control • Configure Link Aggregation Groups • Configure VLANs • Configure a Voice VLAN • Configure Auto-VoIP • Configure Spanning Tree Protocol • Configure Multicast • View, Search, and Manage the MAC Address Table 88
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Port Settings and Flow Control You can configure global flow control for all ports and view, configure, and monitor the port information for individual ports. From the Switching > Ports menu, you can access pages that are described in the following sections: • Configure IEEE 802.3x Global Flow Control on page 89 • Configure the Port Settings on page 90 Configure IEEE 802.
Smart Managed Pro Switches MS510TX and MS510TXPP 7. Click the Apply button. Your settings are saved. Configure the Port Settings You can view, configure, and monitor the physical port information for the ports (that is, the physical interfaces) on the switch. To configure port settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
Smart Managed Pro Switches MS510TX and MS510TXPP • Ports g1-g4. Support the setting of 10 Mbps half duplex, 10 Mbps full duplex, 100 Mbps half duplex, 100 Mbps full duplex (FD), and Auto. When set to Auto, the port advertises 10/100 Mbps half and full duplex and 1000 Mbps full duplex. • Ports mg5-mg6. Support the setting of 100 Mbps FD, 1 Gbps FD, and Auto. When set to Auto, the port advertises 100 Mbps FD, 1000 Mbps FD, and 2.5 Gbps FD. • Ports mg7-mg8.
Smart Managed Pro Switches MS510TX and MS510TXPP sharing. You assign the LAG VLAN membership after you create a LAG. The LAG by default becomes a member of the default management VLAN (that is, VLAN 1). A LAG interface can be either static or dynamic, but not both. All members of a LAG must participate in the same protocols. A static port channel interface does not require a partner system to be able to aggregate its member ports. Static LAGs are supported.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Select one or more LAGs by taking one of the following actions: • To configure a single LAG, select the check box associated with the LAG. • To configure multiple LAGs with the same settings, select the check box associated with each LAG. • To configure all LAGs with the same settings, select the check box in the heading row. 7. In the LAG Name field, enter the name to be assigned to the LAG.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 21. LAG Configuration information Field Description LAG ID Identification of the LAG. Active Ports Indicates the ports that are actively participating in the port channel. LAG State Indicates whether the link is up or down.
Smart Managed Pro Switches MS510TX and MS510TXPP A selected port is displayed by a check mark. 9. Click the Apply button. Your settings are saved. Set the LACP System Priority The LACP configuration page is used to set the LACP system priority. To configure LACP: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching> LAG > Advanced > LACP Port Configuration. The LACP Port Configuration page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP Each VLAN in a network is assigned an associated VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. An end station can omit the tag, or the VLAN portion of the tag, in which case the first switch port to receive the packet can either reject it or insert a tag using its default VLAN ID. A given port can handle traffic for more than one VLAN, but it can support only one default VLAN ID.
Smart Managed Pro Switches MS510TX and MS510TXPP 5. Select Switching> VLAN > Basic > VLAN Configuration. The VLAN Configuration page displays. The page also shows the Reset section. 6. In the VLAN ID field, specify the VLAN identifier for the new VLAN. The range of the VLAN ID can be from 2 to 4093. VLAN ID 1 is reserved for the default VLAN. 7. In the VLAN Name field, specify a name for the VLAN. The VLAN name can be up to 32 alphanumeric characters long, including blanks. The default is blank.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: You cannot delete VLAN 1, which is the default VLAN. 7. Click the Delete button. The VLAN is removed. Reset All VLANs to the Default Settings To reset all VLANs to the default settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > VLAN > Advanced > VLAN Membership. 6. In the VLAN ID menu, select the VLAN ID. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP • T (Tagged). Select the LAGs on which all frames transmitted for this VLAN are tagged. The LAGs that are selected are included in the VLAN. • U (Untagged). Select the LAGs on which all frames transmitted for this VLAN are untagged. The LAGs that are selected are included in the VLAN. By default, the selection is blank, which means that the LAG is excluded from the VLAN but can be dynamically registered (autodetected) in the VLAN through GVRP. 10.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 23. VLAN status Field Definition VLAN ID The VLAN identifier (VID) of the VLAN. The range of the VLAN ID is 1 to 4093. VLAN Name The name of the VLAN. VLAN ID 1 is always named Default. VLAN Type The VLAN type: • Default (VLAN ID = 1). Always present. • Static. A VLAN that you configured. • Dynamic.
Smart Managed Pro Switches MS510TX and MS510TXPP The Port PVID Configuration page displays. 6. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. • To display both physical ports and LAGs, click the All link. 7. Do one of the following: • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button.
Smart Managed Pro Switches MS510TX and MS510TXPP You can enter a number from 0 to 7. 14. Click the Apply button. Your settings are saved. Configure MAC-Based VLAN Groups The MAC-Based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet. You define a MAC-to-VLAN mapping by configuring an entry in the MAC-to-VLAN table. An entry is specified through a source MAC address and the desired VLAN ID.
Smart Managed Pro Switches MS510TX and MS510TXPP 7. In the Prefix Mask field, enter a value from 9 to 48. 8. In the Group ID field, specify a group ID that allows you to identify the group. 9. Click the Add button. The MAC address is added to the MAC-based VLAN group. The following table describes the nonconfigurable information displayed on the page. Table 24. MAC Based VLAN Mapping Field Definition Group ID The ID of the group. VLAN ID The VLAN ID that is associated with the group.
Smart Managed Pro Switches MS510TX and MS510TXPP Manually Add Members to or Remove Them From a MAC-Based VLAN Group To add members to or remove them from a MAC-based VLAN group: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP If you assign a port to a protocol-based VLAN for a specific protocol, untagged frames received on that port for that protocol are assigned the protocol-based VLAN ID. Untagged frames received on the port for other protocols are assigned the port VLAN ID, either the default PVID (1) or a PVID you specifically assigned to the port using the Port VLAN Configuration page. You define a protocol-based VLAN by creating a group.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 25. Protocol Based VLAN Mapping Field Definition Group ID The ID of the group. VLAN ID The VLAN ID that is associated with the group. Ports The ports that are assigned to the VLAN as a result of protocol-based VLAN mapping. Delete a Protocol-Based VLAN Group To delete a protocol-based VLAN group: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > VLAN > Advanced > Protocol Based VLAN Group Membership. The Protocol Based VLAN Group Membership page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: It can take up to 10 seconds for GARP configuration changes to take effect. To configure GARP switch settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching> VLAN > Advanced > GARP Port Configuration. The GARP Port Configuration page displays. 6. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link.
Smart Managed Pro Switches MS510TX and MS510TXPP centiseconds (10 seconds). An instance of this timer exists for each GARP participant for each port. 12. Click the Apply button. Your settings are saved. Configure a Voice VLAN You can configure the global settings for a voice VLAN and enable or disable the voice VLAN for specific ports and LAGs that carry traffic from IP phones.
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. 5. Select Switching> Voice VLAN > Properties. The Properties page displays. 6. Select the Voice VLAN Status Enable radio button. This enables the administrative mode for the voice VLAN for the switch. The default is Disable. 7. In the Voice VLAN ID menu, select the VLAN that must be the voice VLAN. VLAN 1, the default VLAN, cannot be the voice VLAN. 8.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. • To display both physical ports and LAGs, click the All link. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP Add VoIP OUI Prefixes To add VoIP OUI prefixes to the OUI table: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The OUI page displays. 6. Select the check box for each OUI prefix to be removed. 7. Click the Delete button. The telephony OUI entries are removed. Configure Auto-VoIP Voice over Internet Protocol (VoIP) enables telephone calls over a data network.
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. 5. Select Switching> Auto-VoIP. 6. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. • To display both physical ports and LAGs, click the All link. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: For two bridges to be in the same region, the force version must be 802.1s and their configuration names, digest keys, and revision levels must match. For additional information about regions and their effect on network topology, refer to the IEEE 802.1Q standard.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Configure the following settings: • Spanning Tree State. Enable or disable the spanning tree operation on the switch. • STP Operation Mode. Specify the STP version for the switch. The options are STP, RSTP, and MSTP. • Configuration Name. Specify an identifier used to identify the configuration currently being used. It can be up to 32 alphanumeric characters. • Configuration Revision Level.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable STP Status fields displayed on the page. Table 26. STP Status Field Description Bridge Identifier The bridge identifier for the CST. It is made up using the bridge priority and the base MAC address of the bridge. Time Since Topology Change The time in day-hour-minute-second format since the topology of the CST last changed.
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. 5. Select Switching > STP > Advanced > CST Configuration. The CST Configuration page displays. The page also shows the MSTP Status section. 6. Specify the CST options: • Bridge Priority. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure CST Port Settings Use the CST Port Configuration page to configure Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To configure CST port settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP The possible values are Enable and Disable. The default value is Disable. When BPDU forwarding is enabled, the switch forwards the BPDU traffic arriving on this port when STP is disabled on this port. 11. In the Path Cost field, set the path cost to a new value for the specified port in the common and internal spanning tree. Specify a value in the range of 0 to 200000000. The default is 0.
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. 5. Select Switching > STP > Advanced > CST Port Status. The CST Port Status page displays. 6. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. • To display both physical ports and LAGs, click the All link. 7. To refresh the page with the latest information about the switch, click the Refresh button.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP For each configured instance, the information described in the following table displays on the page. Table 31. MST configuration Field Description Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority and the base MAC address of the bridge. Time Since Topology Change The time since the topology of the selected MST instance last changed.
Smart Managed Pro Switches MS510TX and MS510TXPP Your settings are saved. Delete an MST Instance To delete an MST instance: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. 5. Select Switching > STP > Advanced > MST Port Configuration. 6. In the MST Select menu, select the MST instance. 7. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. • To display both physical ports and LAGs, click the All link. 8.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the read-only MST port configuration information displayed on the Spanning Tree CST Configuration page. Table 32. MST port status information Field Description Auto Calculated Port Path Cost Displays whether the path cost is automatically calculated (Enabled) or not (Disabled). Path cost is calculated based on the link speed of the port if the configured value for Port Path Cost is 0.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP • Configure Auto-Video on page 134 • IGMP Snooping Overview on page 135 • Configure the Global IGMP Snooping Settings on page 135 • View the IGMP Snooping Table on page 137 • Configure IGMP Snooping for VLANs on page 138 • Modify IGMP Snooping Settings for a VLAN on page 139 • Disable IGMP Snooping on a VLAN and Remove It From the Table on page 139 • IGMP Snooping Querier Overview on page 140 • Configure IGMP Snooping Querier on page 140 •
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > Multicast > MFDB > MFDB Table. The MFDB Table page displays. 6. In the Search by MAC Address field, enter a MAC address.
Smart Managed Pro Switches MS510TX and MS510TXPP 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > Multicast > MFDB > MFDB Statistics. The MFDB Statistics page displays.
Smart Managed Pro Switches MS510TX and MS510TXPP • Select the Disable radio button to globally disable Auto-Video administrative mode for the switch. • Select the Enable radio button to globally enable Auto-Video administrative mode for the switch. 7. If you enable the feature, from the Auto-Video VLAN menu, select the ID of the VLAN that must become the Auto-Video VLAN. 8. Click the Apply button. Your settings are saved.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP View the IGMP Snooping Table Use the IGMP Snooping Table page to view all of the entries in the Multicast Forwarding Database that were created for IGMP snooping. To view the entries in the IGMP snooping table: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure IGMP Snooping for VLANs You can configure the parameters for IGMP snooping, which is used to build forwarding lists for multicast traffic. To configure IGMP snooping for a VLAN: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table displays nonconfigurable information about IGMP snooping for VLANs. Table 38. IGMP VLAN snooping information Field Description Host Timeout The period that the switch must wait for a report for a particular group on a particular interface before it deletes that interface from the group. This value is calculated as follows: (Query Interval * 2) + Maximum Response Time.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching> Multicast > IGMP Snooping Querier > Querier Configuration. The Querier Configuration page displays. The page also shows the VLAN IDs Enabled for IGMP Snooping Querier section. 6. Next to Querier Admin Mode, select whether the IGMP snooping querier is enabled on the switch: • Enable.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. 5. Select Switching> Multicast > IGMP Snooping Querier > Querier VLAN Status. The Querier VLAN Status page displays. The following table describes the nonconfigurable information displayed on the page. Table 40. Querier VLAN Status information Field Description VLAN ID The VLAN ID on which IGMP snooping querier is administratively enabled and the VLAN exists in the VLAN database.
Smart Managed Pro Switches MS510TX and MS510TXPP The switch uses MLD snooping to build a forwarding list for multicast traffic. Configure the Global MLD Snooping Settings You can enable MLD snooping globally. To enable MLD snooping globally: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching> Multicast > MLD Snooping > MLD VLAN Configuration. The MLD VLAN Configuration page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure a Multicast Router Interface on a VLAN When you connect an external multicast router to a switch interface that is a member of a VLAN and you configure that switch interface as a multicast router interface, the external multicast router is automatically added to the list of learned multicast routers. This dynamic learning mode is applicable only to multicast router information (that is, to queries from an attached true querier).
Smart Managed Pro Switches MS510TX and MS510TXPP Configure MLD Snooping Querier You can configure the settings for an MLD snooping querier. To configure an MLD snooping querier: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure MLD Snooping Querier VLAN Settings To configure MLD snooping querier VLAN settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 41. MLD Snooping Querier VLAN Configuration information Field Description Operational State The operational state of the MLD snooping querier on a VLAN. It can be in any of the following states: • Enabled. Snooping switch is the querier in the VLAN. The snooping switch sends out periodic queries with a time interval equal to the configured querier query interval.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. From the VLAN ID menu, select the VLAN ID. 7. In the Multicast Address field, enter the multicast MAC address that must become the group identifier. 8. Click the Add button. The multicast group is added. The following table describes the nonconfigurable information displayed on the page. Table 42. Multicast Group Configuration information Field Definition VLAN Name The VLAN name, if any, that is associated with the VLAN ID.
Smart Managed Pro Switches MS510TX and MS510TXPP You cannot select a check box for a dynamically added multicast address. 7. Click the Delete button. The multicast groups are removed. Configure Multicast Group Membership By default, an interface is excluded from multicast groups but could be dynamically added to any multicast group.
Smart Managed Pro Switches MS510TX and MS510TXPP • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface. • To configure all interfaces with the same settings, select the check box in the heading row. 10.
Smart Managed Pro Switches MS510TX and MS510TXPP The Multicast Forward All page displays. 6. From the VLAN ID menu, select the VLAN ID for the VLAN in which the multicast group is located. If a name is associated with the VLAN, the name displays in the VLAN Name field. 7. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. • To display both physical ports and LAGs, click the All link. 8.
Smart Managed Pro Switches MS510TX and MS510TXPP From the Switching > Address Table > Advanced menu, you can access pages that are described in the following sections: • View and Search the MAC Address Table on page 154 • Change the Aging-Out Period of Dynamic MAC Addresses on page 155 • Add a Static MAC Address on page 156 • Remove a Static MAC Address on page 156 View and Search the MAC Address Table To view and search the MAC Address Table: 1.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the information in the MAC Address Table. Table 43. MAC Address Table information Field Description VLAN ID The VLAN that is associated with the MAC address. MAC Address The MAC address. The format is six 2-digit hexadecimal numbers that are separated by colons, for example, 01:00:5e:45:67:89. Interface The interface that is associated with the MAC address. Status The type of the entry.
Smart Managed Pro Switches MS510TX and MS510TXPP Your settings are saved. Add a Static MAC Address To add a static MAC address: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Switching > Address Table > Address Table > Advanced > Static MAC Address. The Static MAC Address page displays. 6. In the Static MAC Address table, select the check box for the MAC address. In the previous figure, none is shown. 7. Click the Delete button.
4 4 Configure Routing This chapter contains the following sections.
Smart Managed Pro Switches MS510TX and MS510TXPP IP Routing Overview The switch supports IP routing. When a packet enters the switch, the destination MAC address is checked to see if it matches any of the configured routing interfaces. If it does, the switch searches the host table for a matching destination IP address. If an entry is found, the packet is routed to the host. If no matching entry is found, the switch performs a longest prefix match on the destination IP address.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Select the Routing Mode Enable radio button. You must enable the routing mode before the switch can route through any of its interfaces. If you enable the routing mode, routing becomes also possible for VLAN interfaces. The default value is Enable. 7. In the IPv4 MTU field, enter the maximum transmission unit (MTU) for IPv4 packets. The MTU for IPv4 packets can range from 576 to 9000. The default is 1500. 8. Click the Apply button.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 45. IP Statistics information Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 45. IP Statistics information (continued) Field Description IpReasmOKs The number of IP datagrams successfully reassembled. IpReasmFails The number of failures detected by the IP reassembly algorithm (for whatever reason: timed out, errors, and so on). This is not necessarily a count of discarded IP fragments since some algorithms can lose track of the number of fragments by combining them as they are received.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 45. IP Statistics information (continued) Field Description IcmpOutDestUnreachs The number of ICMP destination unreachable messages sent. IcmpOutTimeExcds The number of ICMP time exceeded messages sent. IcmpOutParmProbs The number of ICMP parameter problem messages sent. IcmpOutSrcQuenchs The number of ICMP source quench messages sent. IcmpOutRedirects The number of ICMP redirect messages sent.
Smart Managed Pro Switches MS510TX and MS510TXPP Use the VLAN Static Routing Wizard The VLAN Routing Wizard lets you create a VLAN routing interface, configure the IP address and subnet mask for the interface, and add ports or LAGs to the VLAN. With this wizard, you can do the following: • Create a VLAN. • Add ports to a newly created VLAN. • Remove selected ports from the default VLAN. • Enable tagging on a selected port if the port is in another VLAN.
Smart Managed Pro Switches MS510TX and MS510TXPP • U (Untagged). Select the ports on which all frames transmitted for this VLAN are untagged. The ports that are selected are included in the VLAN. By default, the selection is blank, which means that the port is excluded from the VLAN but can be dynamically registered (autodetected) in the VLAN through GVRP. 10.
Smart Managed Pro Switches MS510TX and MS510TXPP The VLAN routing interface is added for the selected VLAN. The MAC Address field displays the MAC address that is associated with the VLAN routing interface. Manage IPv4 Routes The routing table collects routes from multiple sources: static routes and local routes. The routing table can learn multiple routes to the same destination from multiple sources. The routing table lists all routes.
Smart Managed Pro Switches MS510TX and MS510TXPP 7. Depending on the type of route that you are creating, specify the following information: a. In the Network Address field, specify the IP address for the destination. b. In the Subnet Mask field, specify the subnet mask for the attached network. c. In the Next Hop IP Address field, specify the outgoing router IP address to use when forwarding traffic to the next router (if any) in the path toward the destination.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Address Resolution Protocol The Address Resolution Protocol (ARP) associates a Layer 2 MAC address with a Layer 3 IPv4 address. The switch supports both dynamic and manual ARP configurations. With manual ARP configuration, you can statically add entries into the ARP table. ARP is a necessary part of the Internet Protocol (IP) and is used to translate an IP address to a media (MAC) address, defined by a local area network (LAN) such as Ethernet.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Routing> ARP > Advanced > ARP Create. The Static ARP Configuration page displays. The page also shows the Routing VLAN ARP Cache section. 6. In the IP Address field, specify the IP address. This must be the IP address of a device on a subnet attached to one of the switch’s existing routing interfaces. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Routing> ARP > Advanced > Global ARP Configuration. The Global ARP Configuration page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP • Specific Entry. Lets you specify the IP address to be removed. 7. If you select Specific Entry, in the Remove IP Address field, enter the IP address to be removed. 8. Click the Apply button. Your settings are saved.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure IPv6 IPv6 is supported only on VLAN interfaces, not on physical ports.
Smart Managed Pro Switches MS510TX and MS510TXPP The value is also included in router advertisements. The valid values for hops are 1 to 255, inclusive. The default is 64. 8. In the ICMPv6 Rate Limit Error Interval field, specify the number of ICMP error packets allowed per burst interval. This value controls the ICMPv6 error packets. The default rate limit is 100 packets per second, meaning that the burst interval is 1000 mseconds. To disable ICMP rate limiting, set this field to 0.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. In the IPv6 Prefix field, specify the IPv6 network prefix for the destination. 7. In the Prefix Length field, specify the IPv6 prefix length for the destination. 8. In the Next Hop IPv6 Address Type menu, select one of the following types of IPv6 address for the next hop router: • Link Local. A link-local IPv6 address over a specified interface. With this selection, you must select an interface from the Interface menu. • Global. A global IPv6 address.
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Routing> IPv6 > Basic > Route Table. The Configure Routes page displays. The page also shows the IPv6 Route Table. 6. In the table in the Configure Routes section, select the check box for the static IPv6 route. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP View the IPv6 Route Table The IPv6 Route Table contains IPv6 routes that were statically added, IPv6 routes that were discovered through the Neighbor Discovery (ND) protocol, and IPv6 routes that were derived from manually added IPV6 addresses. To view the IPv6 Route Table: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable data that is displayed. Table 49. IPv6 Route Table information Field Description Number of Routes The total number of active routes in the route table. IPv6 Prefix The network prefix for the active route. Prefix Length The prefix length for the active route. Protocol The type of protocol for the active route: • Static. The route was manually defined. • ND (Neighbor Discovery).
Smart Managed Pro Switches MS510TX and MS510TXPP The page is very wide and is therefore shown in the following two figures. 6. To view more columns, move the gray bar below the table to the right. 7. Select one or more VLANs by taking one of the following actions: • To configure a single VLAN, select the check box associated with the VLAN, or, in the Go To VLAN field, type the VLAN in the format VLANxx in which xx is the VLAN ID, and click the Go button.
Smart Managed Pro Switches MS510TX and MS510TXPP 12. In the Adv NS Interval field, specify the retransmission time of router advertisements that are sent from the VLAN. A value of 0 means the interval is not specified for the router. The range of the neighbor solicit interval is 1000 to 4294967295. The default is 0. 13. In the Adv Reachable Interval field, specify the router advertisement time. This is the time allocated to consider the neighbors reachable after ND confirmation.
Smart Managed Pro Switches MS510TX and MS510TXPP To add an IPv6 global address to an IPv6 VLAN: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14.
Smart Managed Pro Switches MS510TX and MS510TXPP The Current State field is a nonconfigurable field that shows the state of the IPv6 address. The state can be one of the following: • Tent. Routing is disabled or the address does not work because of a duplicate address detection (DAD) condition. • Active. The IPv6 address is valid and active. • Preferred. The IPv6 address was verified to be unique, valid, and active.
Smart Managed Pro Switches MS510TX and MS510TXPP Remove an IPv6 Global Address From an IPv6 VLAN IPv6 link-local addresses are created automatically when you enable the IPv6 admin mode on an VLAN interface, and they cannot be removed or edited. However, you can manually remove one or more IPv6 global addresses from a VLAN. To remove one or more IPv6 global addresses from an IPv6 VLAN: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Routing> IPv6 > Advanced > Prefix Configuration. 6. From the Interface menu, select the VLAN. 7. In the Ipv6 Prefix field, specify the IPv6 prefix. 8. In the Prefix Length field, specify the IPv6 prefix length. 9.
Smart Managed Pro Switches MS510TX and MS510TXPP Change the Settings for an IPv6 Prefix for Advertisement on an IPv6 VLAN You can change the settings for a prefix for advertisement on an IPv6 VLAN. To change the settings for an IPv6 prefix for advertisement on an IPv6 VLAN: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
Smart Managed Pro Switches MS510TX and MS510TXPP 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Routing> IPv6 > Advanced > Prefix Configuration. The IPv6 Interface Selection page displays.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable IPv6 statistics that are displayed. Table 51. IPv6 Statistics information Field Description Total Datagrams Received The total number of input datagrams received by the interface, including those received in error. Received Datagrams Locally Delivered The total number of datagrams successfully delivered to IPv6 user-protocols (including ICMP).
Smart Managed Pro Switches MS510TX and MS510TXPP Table 51. IPv6 Statistics information (continued) Field Description Datagrams Failed To Reassemble The number of failures detected by the IPv6 reassembly algorithm (for whatever reason: timed out, errors, and so on). This is not necessarily a count of discarded IPv6 fragments since some algorithms (notably the algorithm in RFC 815) can lose track of the number of fragments by combining them as they are received.
Smart Managed Pro Switches MS510TX and MS510TXPP If the address exists, the entry is displayed. 7. To clear the IPv6 neighbors for all interfaces, click the Clear button. 8. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the nonconfigurable data that is displayed. Table 52. IPv6 Neighbor Table information Field Description Interface The interface whose settings are displayed in the current table row.
5 5 Configure Quality of Service In a switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria. When a packet is queued for transmission in a port, the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port.
Smart Managed Pro Switches MS510TX and MS510TXPP Manage Class of Service The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required. The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Global CoS Settings To configure CoS trust mode settings on all interfaces: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select QoS > CoS > Advanced > CoS Interface Configuration. The CoS Interface Configuration page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP Your settings are saved. Configure the Global CoS Queue Settings Use the Queue Configuration page to define what a particular queue does by configuring switch egress queues. You can control the amount of bandwidth that is used by the queue and the scheduling of packet transmission from the set of all queues on a port. You can configure eight queues as strict priority, weighted round robin (WRR) priority, or a combination of both.
Smart Managed Pro Switches MS510TX and MS510TXPP You can select more than one check box or you can select the check box in the table heading to configure all queues in the same way. 7. In the Minimum Bandwidth field, specify the minimum guaranteed bandwidth allotted to the queue. Enter a value in the range of 1 to 100 that reflects the relative bandwidth of this queue. The bandwidth allocation per queue is the configured weight divided by the sum of all the configured weights.
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. 5. Select QoS > CoS > Advanced > 802.1p to Queue Mapping. 6. In the 802.1p to Queue Mapping table, map each of the eight 802.1p priorities to a queue (internal traffic class). The 802.1p Priority row contains traffic class selectors for each of the eight 802.1p priorities to be mapped. The priority goes from low (0) to high (7).
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP Standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network attempts to deliver the data in a timely fashion. During times of congestion, packets might be delayed, sent sporadically, or dropped. For typical Internet applications, such as email and file transfer, a slight degradation in service is acceptable and in many cases unnoticeable.
Smart Managed Pro Switches MS510TX and MS510TXPP View the Global DiffServ Resources By default, the DiffServ administrative mode is enabled. (You cannot manually disable it.) You can view the used DiffServ resources. To view the global DiffServ resources: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP For example, assume three levels of service—A, B, and C—and that the DSCP incoming values used to mark these levels are 10, 20, and 30 respectively. If this traffic is forwarded to another service provider that provides the same three levels of service, but uses DSCP values 16, 24, and 48, the DSCP violate action mapping changes the incoming values as they are mapped to the outgoing values. To specify the DSCP remark values for violate action IP packets: 1.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure IPv4 DiffServ Classes You can add a DiffServ class and define the criteria that are associated with a DiffServ class. As packets are received, these DiffServ classes are used to prioritize packets. You can set up multiple match criteria in a class. The logic is a Boolean logical AND for this criteria. After creating a class, click the class link to the Class page as described in the following procedure.
Smart Managed Pro Switches MS510TX and MS510TXPP The class name is a hyperlink to the page on which you can define the class configuration. The class name and class type are stated in the Class Configuration section at the top of the page. These fields are nonconfigurable on this page. 10. Select one of the following Class Definition radio buttons: • Existing ACL. From the menu, select an existing ACL for traffic classification.
Smart Managed Pro Switches MS510TX and MS510TXPP • VLAN. Select this check box to require a packet’s VLAN ID to match a VLAN ID or a VLAN ID within a continuous range. If you configure a range, a match occurs if a packet’s VLAN ID is the same as any VLAN ID within the range. The VLAN value is in the range of 0–4093. • Ethernet Type. Select this check box to require the EtherType value in the Ethernet frame header to match the specified EtherType value.
Smart Managed Pro Switches MS510TX and MS510TXPP • Destination IP. Select this check box to require a packet’s destination IP address to match the specified IP address. After you select the check box, use the following fields to configure the destination IP address match criteria: - Address. The destination IP address format to match in dotted-decimal format. - Mask. The bit mask in IP dotted-decimal format indicating which parts of the destination IP address to use for matching against packet content.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Click the class name, which is a hyperlink. The page on which you can change the class configuration displays. 7. Change the class configuration as needed. 8. Click the Apply button. Your settings are saved. Delete an IPv4 DiffServ Class To delete an IPv4 DiffServ class: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP IPv6 ACL/DiffServ assignment is appropriate for LAG interfaces. The procedures described by an ACL or DiffServ policy are equally applicable on a LAG interface. Add and Configure an IPv6 DiffServ Class To add and configure an IPv6 DiffServ class: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The class name is a hyperlink to the page on which you can define the class configuration. The class name and class type are stated in the IPv6 Class Configuration section at the top of the page. These fields are nonconfigurable on this page. 10. Select one of the following Class Definition radio buttons: • Existing ACL. From the menu, select an existing ACL for traffic classification.
Smart Managed Pro Switches MS510TX and MS510TXPP • Source L4 Port. Select this check box to require a packet’s TCP/UDP source port to match the specified protocol, which you must select from the menu. If you select Other from the menu, you can enter a source port number. • Destination Prefix/Length. Select this check box to require a packet’s destination prefix and prefix length to match the specified source IPv6 prefix and prefix length. The prefix must always be specified with the prefix length.
Smart Managed Pro Switches MS510TX and MS510TXPP Your settings are saved. Delete an IPv6 DiffServ Class To delete an IPv6 DiffServ class: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. 5. Select QoS > DiffServ > Advanced > Policy Configuration. The Policy Configuration page displays. 6. Enter a policy name in the Policy Name field. You cannot specify the policy type. By default, the policy type is In, indicating that the policy applies to ingress packets. 7. From the Member Class menu, optionally select an existing class that you want to associate with the new policy.
Smart Managed Pro Switches MS510TX and MS510TXPP The policy name, policy type, and member class name are stated in the Class Information section at the top of the page. These fields are nonconfigurable on this page. 10. From the Assign Queue menu, select the queue to which packets of this policy class must be assigned. This is a value in the range from 0 to 7. 11. Configure the policy attributes: • Drop. Select this radio button to require each inbound packet to be dropped. • Mark VLAN CoS.
Smart Managed Pro Switches MS510TX and MS510TXPP • Mark CoS. Packets are marked by DiffServ with the specified CoS value before being forwarded. This selection requires that the Mark CoS field is set. You must select a CoS value from 0 to 7 from the menu. This action can apply only to a conforming action. • Mark IP DSCP. Packets are marked by DiffServ with the specified DSCP value before being forwarded. This selection requires that the DSCP field is set. You must select a DSCP code from the menu.
Smart Managed Pro Switches MS510TX and MS510TXPP Assign Another Class to an Existing DiffServ Policy To assign another class to an existing DiffServ policy: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Select the check box for the policy name. 7. Click the Delete button. The policy is removed. Configure DiffServ Service Interfaces You can assign a policy to one or more interfaces. Attach a DiffServ Policy to an Interface To attach a DiffServ policy to an interface: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 53. Service Interface Configuration information Field Description Direction Shows that the traffic direction of this service interface is In. Operational Status Shows the operational status of this service interface, which is always Up. Remove a DiffServ Policy From an Interface To remove a DiffServ policy from an interface: 1.
Smart Managed Pro Switches MS510TX and MS510TXPP 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select QoS > DiffServ > Advanced > Service Statistics. The Service Statistics page displays. 6.
6 6 Manage Device Security This chapter covers the following topics: • Management Security Settings • Configure Management Access • Configure Port Authentication • Set Up Traffic Control • Configure Access Control Lists 217
Smart Managed Pro Switches MS510TX and MS510TXPP Management Security Settings From the Management Security menu, you can access the pages that are described in the following sections: • Change the Password on page 218 • Reset the Password to the Factory Default Value on page 219 • Configure RADIUS Servers on page 220 • Configure TACACS+ Servers on page 226 • Configure Authentication Lists on page 229 Change the Password You can change the login password that is required for access to the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The entered password is displayed in dots. 9. Click the Apply button. Your settings are saved. Reset the Password to the Factory Default Value You can reset the login password that is required for access to the switch to the factory default value. To reset the login password for the web-based management interface: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure RADIUS Servers Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information. The switch passes information to the configured RADIUS server, which can authenticate a user name and password before authorizing use of the network.
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Management Security > RADIUS > Global Configuration. The RADIUS Configuration page displays. The Current Server IP Address field is blank if no servers are configured (see Configure a RADIUS Authentication Server on the Switch on page 222). The switch supports up to eight RADIUS servers.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure a RADIUS Authentication Server on the Switch Use the RADIUS Server Configuration page to view and configure various settings for a RADIUS server configured on the switch. Add a Primary or Secondary RADIUS Authentication Server to the Switch To add a primary or secondary RADIUS authentication server to the switch: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Modify the Settings for a RADIUS Authentication Server on the Switch To modify the settings for a RADIUS authentication server on the switch: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Select the check box for the server. 7. Click the Delete button. The RADIUS server is removed. 8. Click the Apply button. Your settings are saved. Configure a RADIUS Accounting Server You can configure various settings for a single RADIUS accounting server on the network. RADIUS accounting is supported for both AAA and 802.1x sessions. Add a RADIUS Accounting Server to the Switch To add a RADIUS accounting server to the switch: 1.
Smart Managed Pro Switches MS510TX and MS510TXPP The server is added to the switch. Modify the Settings for a RADIUS Accounting Server on the Switch To modify the settings for a RADIUS accounting server on the switch: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Click the Delete button. All fields are set to their defaults. Configure TACACS+ Servers TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services: • Authentication. Provides authentication during login and through user names and user-defined passwords. • Authorization. Performed at login.
Smart Managed Pro Switches MS510TX and MS510TXPP The ACACS+ Configuration page displays. 6. In the Key String field, specify the authentication and encryption key for TACACS+ communications between the switch and the TACACS+ server. The valid range is 0–128. The key must match the key configured on the TACACS+ server. 7. In the Connection Timeout field, specify the maximum number of seconds allowed to establish a TCP connection between the switch and the TACACS+ server. The range is 1–30 seconds.
Smart Managed Pro Switches MS510TX and MS510TXPP 9. In the Key String field, specify the authentication and encryption key for TACACS+ communications between the device and the TACACS+ server. The valid range is 0–128. The key must match the key used on the TACACS+ server. 10. In the Connection Timeout field, specify the time that passes before the connection between the device and the TACACS+ server times out. The range is 1–30 seconds.
Smart Managed Pro Switches MS510TX and MS510TXPP 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Management Security > TACACS+ > TACACS+ Server Configuration. The TACACS+ Server Configuration page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Management Security > Authentication List > HTTP Authentication List. The HTTP Authentication List page displays. 6. Select the check box for the httpList name. 7. From the menu in the 1 column, select the authentication method that must be used first in the selected authentication login list.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure an HTTPS Authentication List Use the HTTPS Authentication List to configure the default login list for secure HTTP (HTTPS). To configure an HTTPS authentication list: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP 8. From the menu in the 2 column, select the authentication method, if any, that must be used second in the selected authentication login list. This is the method that is used if the first method times out. If you select a method that does not time out as the second method, the third method is not tried. 9. From the menu in the 3 column, select the authentication method, if any, that must be used third in the selected authentication login list. 10.
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. 5. Select Security > Access > HTTP > HTTP Configuration. The HTTP Configuration page displays. 6. In the HTTP Session Soft Timeout field, specify the number of minutes an HTTP session can be idle before a time-out occurs. The value must be in the range of 0–60 minutes. The default value is 10 minutes. The currently configured value is shown when the web page is displayed.
Smart Managed Pro Switches MS510TX and MS510TXPP 5. Select Security > Access > HTTPS > HTTPS Configuration. The HTTPS Configuration page displays. 6. Select the HTTPS Admin Mode Enable or Disable radio button. This enables or disables the administrative mode of secure HTTP (HTTPS). The configured value is displayed. The default value is Disable. You can download SSL certificates only when the HTTPS admin mode is disabled. HTTPS admin mode can be enabled only if a certificate is present on the device. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP 5. Select Security > Access > HTTPS > Certificate Management. The Certificate Management page displays. The page also shows the Certificate Generation Status section. 6. Select the Generate Certificates radio button. 7. Click the Apply button. The switch generates a certificate. The Certificate Generation Status field shows progress information. Import a Certificate To import a certificate: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Access > HTTPS > Certificate Management. The Certificate Management page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP 5. Select Security > Access > HTTPS > Certificate Management. The Certificate Management page displays. 6. Select the Delete Certificates radio button. 7. Click the Apply button. The certificate is removed. Configure Access Control Access control allows you to configure an access control profile and set access rules. Access control defines a single access control list (ACL, but in this case referred to as an access profile) for management packets.
Smart Managed Pro Switches MS510TX and MS510TXPP 7. Click the Apply button. Your settings are saved. By default, the new access profile is deactivated, that is, the Deactivate Profile radio button is selected. The Profile Summary does not yet display any information for the access profile because you did not yet add any access rules. Add an Access Rule After you create an access control profile, you must add on ore more security access rules to the profile. To add an access rule for an access profile: 1.
Smart Managed Pro Switches MS510TX and MS510TXPP are ignored. For example, if a source IP 10.10.10.10 is configured with priority 1 to permit, and source IP 10.10.10.10 is configured with priority 2 to deny, then access is permitted if the profile is active, and the second rule is ignored. 11. Click the Add button. The access rule is added.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP The Access Profile Configuration page displays. The page also shows the Profile Summary section. 6. Take one of the following actions: • To activate the access profile, select the Activate Profile radio button. • To deactivate the access profile, select the Deactivate Profile radio button. 7. Click the Apply button. Your settings are saved. 8. To refresh the page with the latest information about the switch, click the Refresh button.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Select the Remove Profile radio button. 7. Click the Apply button. Your settings are saved.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Port Authentication With port-based authentication, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions (unless dynamic VLAN assignment is enabled on port, in which case user authentication occurs individually). At any time, only one supplicant is allowed to attempt authentication on a port in this mode.
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. 5. Select Security > Port Authentication > Basic > 802.1X Configuration. The 802.1X Configuration page displays. 6. To enable the 802.1X administrative mode on the switch, select the Port Based Authentication State Enable radio button. The default value is Disable. Note: If 802.1X is enabled, authentication is performed by a RADIUS server.
Smart Managed Pro Switches MS510TX and MS510TXPP Manage Port Authentication Use the Port Authentication page to enable and configure port access control on one or more ports. Configure 802.1X Settings for a Port To configure 802.1X settings for a port: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP • Dynamic VLAN Assignment. From the menu, select Enable to enable dynamic VLAN assignment on the port. By default, dynamic VLAN assignment is disabled on all ports. This feature is also known as RADIUS Assigned VLAN Attribute (RAVA). If this feature is enabled, RADIUS servers can assign a VLAN ID to a port based on 802.1 authentication. If a user is authenticated, the user is assigned to this VLAN.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable port authentication status information available on the page. Table 57. Port authentication status information Field Description Control Direction The control direction for the specified port, which is always Both. The control direction dictates the degree to which protocol exchanges take place between supplicant and authenticator.
Smart Managed Pro Switches MS510TX and MS510TXPP 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Port Authentication > Advanced > Port Summary. The Port Summary page displays.
Smart Managed Pro Switches MS510TX and MS510TXPP View the Client Summary This page displays information about supplicant devices that are connected to the local authenticator ports. If no active 802.1X sessions exist, the table is empty. To view the client summary: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP Set Up Traffic Control You can configure storm control, port security, protected port, and private VLAN settings.
Smart Managed Pro Switches MS510TX and MS510TXPP • To configure a single port, select the check box associated with the port, or type the port number in the Go To Interface field and click the Go button. • To configure multiple ports with the same settings, select the check box associated with each port. • To configure all ports with the same settings, select the check box in the heading row. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Traffic Control > Port Security > Interface Configuration. The Interface Configuration page displays. 6. Select which type of ports display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link.
Smart Managed Pro Switches MS510TX and MS510TXPP 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Traffic Control > Port Security > Port Security Configuration. The Port Security Configuration page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Protected Ports If a port is configured as protected, it does not forward traffic to any other protected port on the switch, but it does forward traffic to unprotected ports. Use the Protected Ports Membership page to configure the ports as protected or unprotected. You need read/write access privileges to modify the configuration. To configure protected ports: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP • Configure a Private VLAN Host Interface on page 257 • Configure a Private VLAN Promiscuous Interface on page 258 Configure the Private VLAN Type To configure a private VLAN type: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Traffic Control > Private Vlan > Private Vlan Association Configuration.
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > Traffic Control > Private Vlan > Private Vlan Port Mode Configuration. The Private Vlan Port Mode Configuration page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. 5. Select Security > Traffic Control > Private Vlan > Private Vlan Host Interface Configuration. The Private Vlan Host Interface Configuration page displays. 6. Select which type of interfaces display onscreen: • To display physical interfaces only, click PORTS. • To display LAGs only, click LAGS. • To display both physical interfaces and LAGs, click All. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. 5. Select Security > Traffic Control > Private Vlan > Private Vlan Promiscuous Interface Configuration. The Private Vlan Promiscuous Interface Configuration page displays. 6. Select which type of interfaces display onscreen: • To display physical interfaces only, click PORTS. • To display LAGs only, click LAGS. • To display both physical interfaces and LAGs, click All. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network. The switch supports IPv4, IPv6, and MAC ACLs. To configure an ACL: 1. Create an IPv4-based, IPv6-based, or MAC-based ACL ID. 2. Create a rule and assign it to a unique ACL ID. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP Use the ACL Wizard to create an ACL To use the ACL Wizard to create an ACL: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP • ACL Based on Source IPv4. Creates an ACL based on the source IPv4 address and IPv4 address mask. • ACL Based on Destination IPv6. Creates an ACL based on the destination IPv6 prefix and IPv6 prefix length. • ACL Based on Source IPv6. Creates an ACL based on the source IPv6 prefix and IPv6 prefix length. • ACL Based on Destination IPv4 L4 Port. Creates an ACL based on the destination IPv4 Layer 4 port number. • ACL Based on Source IPv4 L4 Port.
Smart Managed Pro Switches MS510TX and MS510TXPP For information about the possible match criteria fields, see the following table. ACL Based On Fields Destination MAC • • Source MAC • Source MAC. Specify the source MAC address to compare against an Ethernet frame. The valid format is xx:xx:xx:xx:xx:xx. Source MAC Mask. Specify the source MAC address mask, which represents the bits in the source MAC address to compare against an Ethernet frame. The valid format is (xx:xx:xx:xx:xx:xx).
Smart Managed Pro Switches MS510TX and MS510TXPP Modify an ACL Rule To modify an ACL rule: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. Select check box for the rule. 7. Click the Delete button and the rule is removed. ACL Wizard Example In the following figure, the ACL rule is configured to check for packet matches on ports 4 and 5 and on LAG 2. Only the Inbound option is valid. Packets that include a source address in the 192.168.4.0/16 network are permitted to be forwarded by the interfaces.
Smart Managed Pro Switches MS510TX and MS510TXPP Add a MAC ACL To add a MAC ACL: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens.
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. 5. Select Security > ACL > Basic > MAC ACL. The MAC ACL page displays. 6. Select check box for the rule. 7. In the Name field, specify the new name. 8. Click the Apply button. Your settings are saved. Delete a MAC ACL To delete a MAC ACL: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Add a Rule to a MAC ACL To add a rule to a MAC ACL: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14.
Smart Managed Pro Switches MS510TX and MS510TXPP The MAC address mask specifies which bits in the destination MAC to compare against an Ethernet frame. Use Fs and 0s in the MAC mask, which is in a wildcard format. An F means that the bit is not checked, and a 0 in a bit position means that the data must equal the value given for that bit.
Smart Managed Pro Switches MS510TX and MS510TXPP 17. From the Logging menu, select whether to enable or disable logging. When set to Enable, logging is enabled for this ACL rule (subject to resource availability on the switch). If the access list trap flag is also enabled, periodic traps are generated, indicating the number of times the rule was evoked during the report interval. A trap is not issued if the ACL rule hit count is zero for the interval. This field is supported only for a deny action. 18.
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > ACL > Basic > MAC Rules. The MAC Rules page displays. 6. Select the check box for the rule. 7. Click the Delete button. The rule is removed.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. From the ACL ID menu, select a MAC ACL. The fixed selection from the Direction menu is Inbound, which means that MAC ACL rules are applied to traffic entering the interface. 7. In the Sequence Number field, optionally specify a number to indicate the order of the access list relative to other access lists already assigned to the interface and direction. A low number indicates high precedence order.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the information displayed in the Interface Binding Status table. Table 61. Interface Binding Status table Field Description Interface The interface of the ACL assigned. Direction The selected packet filtering direction for the ACL. ACL Type The type of ACL assigned to the selected interface and direction.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the information that is displayed in the MAC Binding Table. Table 62. MAC Binding Table Field Description Interface The interface of the ACL assigned. Direction The selected packet filtering direction for the ACL. ACL Type The type of ACL assigned to the selected interface and direction. ACL ID The ACL name identifying the ACL assigned to the selected interface and direction.
Smart Managed Pro Switches MS510TX and MS510TXPP • 1–99. Creates a basic IP ACL, which allows you to permit or deny traffic from a source IP address. • 100–199. Creates an extended IP ACL, which allows you to permit or deny specific types of Layer 3 or Layer 4 traffic from a source IP address to a destination IP address. This type of ACL provides more granularity and filtering capabilities than the standard IP ACL. Each configured ACL displays the following information: • Rules.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: An implicit deny all rule is included at the end of an ACL list. This means that if an ACL is applied to a packet, and if none of the explicit rules match, then the final implicit deny all rule applies and the packet is dropped. Add a Rule for a Basic IP ACL To add a rule for a basic IP ACL: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP • Rule ID. Enter an ACL sequence number in the range of 1 to 50 that is used to identify the rule. An IP ACL can contain up to 50 rules. • Action. Select the ACL forwarding action, which is one of the following: • - Permit. Forward packets that meet the ACL criteria. - Deny. Drop packets that meet the ACL criteria. Logging. If the selection from the Action menu is Deny, you can enable logging for the ACL by selecting the Enable radio button.
Smart Managed Pro Switches MS510TX and MS510TXPP 5. Select Security > ACL > Advanced > IP Rules. The IP Rules page displays. 6. From the ACL ID menu, select the ACL that includes the rule that you want to modify. 7. In the Basic ACL Rule Table, click the rule. The rule is a hyperlink. The Standard ACL Rule Configuration (1-99) page displays. 8. Modify the basic IP ACL rule criteria. 9. Click the Apply button. Your settings are saved. Delete a Basic IP ACL RUle To delete a basic IP ACL rule: 1.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: An implicit deny all rule is included at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit deny all rule applies and the packet is dropped. Add a Rule for an Extended IP ACL To add a rule for an extended IP ACL: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 8. Configure the following match criteria for the rule: • Rule ID. Enter a whole number in the range of 1 to 50 that is used to identify the rule. An extended IP ACL can contain up to 50 rules. • • Action. Select the ACL forwarding action, which is one of the following: - Permit. Forward packets that meet the ACL criteria. - Deny. Drop packets that meet the ACL criteria. Logging.
Smart Managed Pro Switches MS510TX and MS510TXPP • Src IP Mask. In the Src IP Mask field, enter a source IP mask, using dotted-decimal notation, to be compared to a packet’s source IP mask as a match criterion for the selected IP ACL rule. Wildcard masks determine which bits are used and which bits are ignored. A wildcard mask of 255.255.255.255 indicates that none of the bits are important. A wildcard mask of 0.0.0.0 indicates that all of the bits are important.
Smart Managed Pro Switches MS510TX and MS510TXPP 9. Click the Apply button. Your settings are saved. Modify the Match Criteria for an Extended IP ACL Rule To modify the match criteria for an existing extended IP ACL rule: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. 5. Select Security > ACL > Advanced > IP Extended Rules. The Extended IP Rules page displays. 6. From the ACL ID menu, select the ACL that includes the rule that you want to delete. 7. In the Extended ACL Rule Table, select the check box for the rule. 8. Click the Delete button. The rule is removed.
Smart Managed Pro Switches MS510TX and MS510TXPP The IPv6 ACL is added. The following table describes the nonconfigurable information displayed on the page. Table 63. IPv6 ACL Table information Field Description Rules The number of the rules that are associated with the IP ACL. Type The type is IPv6 ACL. Delete an IPv6 ACL To delete an IPv6 ACL: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP • Logging. If you select the Deny radio button, you can enable logging for the ACL by selecting the Enable radio button. (Logging is subject to resource availability in the device.) If the access list trap flag is also enabled, periodic traps are generated, indicating the number of times this rule was evoked during the report interval. A fixed five-minute report interval is used for the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP a numeric value, select Other from the menu and enter a numeric value from 0 to 63. 9. Click the Apply button. Your settings are saved. Modify the Match Criteria for an IPv6 ACL Rule To modify the match criteria for an IPv6 ACL rule: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
Smart Managed Pro Switches MS510TX and MS510TXPP 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Security > ACL > Advanced > IPv6 Rules. The IPv6 Rules page displays. 6. From the ACL Name menu, select the ACL that includes the rule that you want to delete. 7. In the IPv6 ACL Rules Table, select the check box for the rule. 8. Click the Delete button. The rule is removed.
Smart Managed Pro Switches MS510TX and MS510TXPP 6. From the ACL ID menu, select an existing IP ACL for which you want to add an IP ACL interface binding. The fixed selection from the Direction menu is Inbound, which means that ACL rules are applied to traffic entering the interface. 7. In the Sequence Number field, optionally specify a number to indicate the order of the access list relative to other access lists already assigned to this interface and direction.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 64. Interface Binding Status table information Field Description Interface The selected interface. Direction The selected packet filtering direction for the ACL. ACL Type The type of ACL assigned to the selected interface and direction.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the information displayed in the IP Binding Status table. Table 65. IP Binding Status table information Field Description Interface The selected interface. Direction The selected packet filtering direction for the ACL. ACL Type The type of ACL assigned to the selected interface and direction.
7 7 Monitor the System This chapter covers the following topics: • Monitor the Switch and the Ports • Configure and View Logs • Configure Port Mirroring • View the System Resource Utilization 292
Smart Managed Pro Switches MS510TX and MS510TXPP Monitor the Switch and the Ports The pages available from the Monitoring > Ports menu contain a variety of information about the number and type of traffic transmitted from and received on the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the switch statistics displayed on the page. Table 66. Switch statistics information Field Description ifIndex The interface index of the interface table entry associated with the processor of this switch. Octets Received The total number of octets of data received by the processor (excluding framing bits, but including FCS octets).
Smart Managed Pro Switches MS510TX and MS510TXPP 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Monitoring > Ports > Port Statistics. 6. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. • To display both physical ports and LAGs, click the All link. 7.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 67. Port Status information (continued) Field Description Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors. Collision Frames The best estimate of the total number of collisions on this Ethernet segment. Reset Counters for All or Selected Interfaces on the Switch To reset the counters for all or selected interfaces on the switch: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP View Detailed Port Statistics The Port Detailed Statistics page displays a variety of per-port traffic statistics. To view detailed port statistics for an interface: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 68. Detailed port statistics (continued) Field Description STP Mode The Spanning Tree Protocol administrative mode associated with the port or port channel. The possible values are as follows: • Enabled. Spanning Tree Protocol is enabled for this port. • Disabled. Spanning Tree Protocol is disabled for this port. STP State The port's current Spanning Tree state. This state controls what action a port takes on receipt of a frame.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 68. Detailed port statistics (continued) Field Description Packets received > 1024 Octets The total number of packets received that were in excess of 1024 octets (excluding framing bits but including FCS octets) and were otherwise well formed. Total Packets Received Without Errors The total number of packets received that were without errors. Unicast Packets Received The number of subnetwork-unicast packets delivered to a higher-layer protocol.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 68. Detailed port statistics (continued) Field Description Unicast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent. Multicast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to a multicast address, including those that were discarded or not sent.
Smart Managed Pro Switches MS510TX and MS510TXPP 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Monitoring > Ports > EAP Statistics. The EAP Statistics page displays. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 69. EAP Statistics information (continued) Field Description EAP Response Frames Received This displays the number of valid EAP response frames (other than resp/ID frames) that were received by this authenticator. EAP Request/ID Frames Transmitted This displays the number of EAP request/identity frames that were transmitted by this authenticator.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 70. Cable Test information Field Description Cable Status Displays the cable status: • Normal. The cable is working correctly. • Open Cable. The cable is disconnected or a faulty connector exists. A cable is connected to the port, but it is not connected to the other side (no link).
Smart Managed Pro Switches MS510TX and MS510TXPP Manage the Buffered Logs The buffered log stores messages in RAM memory based on the settings for message component and severity. You can set the administrative status and behavior of logs in the system buffer. These log messages are cleared when the switch reboots. To manage and view the buffered logs: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The syslog message includes the following fields: • Date • Time • Module (AAA in the previous examples). • Severity (I in the previous examples). • Action (DISSCONNECT and CONNECT in the previous examples). • Description (http connection for user admin, source 10.5.70.19 destination 10.5.234.201 TERMINATED in the first example; http connection for user admin, source 10.5.70.19 destination 10.5.234.201 ACCEPTED in the second example.) 8.
Smart Managed Pro Switches MS510TX and MS510TXPP Critical, Alert, and Emergency. The default severity level is Alert. The severity can be one of the following levels: • Emergency. The highest warning level. If the device is down, or not functioning properly, an emergency log message is saved to the device. • Alert. The second-highest warning level. An alert log message is saved if a serious device malfunction occurs, such as all device features being down. Action must be taken immediately. • Critical.
Smart Managed Pro Switches MS510TX and MS510TXPP Manage the Server Log You can allow the switch to send log messages to remote logging hosts configured on the switch. Add a Remote Syslog Host A remote syslog host is the same as a remote log server. To add a remote syslog host: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2.
Smart Managed Pro Switches MS510TX and MS510TXPP - Error. A device error occurred, such as a port being offline. - Warning. The lowest level of a device warning. - Notice. Provides the network administrators with device information. - Informational. Provides device information. - Debug. Provides detailed information about the log. 7. Click the Add button. The Status field in the Server Configuration table shows whether the remote logging host is enabled, which it is by default.
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Monitoring > Logs > Server Log. The Server Configuration page displays. 6. Select the check box that is associated with the host. 7. Click the Delete button. The host is removed.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Port Mirroring Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch. As such, many switch ports are configured as source ports and one switch port is configured as a destination port. You can configure how traffic is mirrored on a source port.
Smart Managed Pro Switches MS510TX and MS510TXPP 8. From the Direction menu, specify the direction of the traffic that must be mirrored from the selected source ports: • Rx only. The switch monitors received (ingress) packets only. • Tx only. The switch monitors transmitted (egress) packets only. • Tx and Rx. The switch monitors transmitted and received packets. This is the default setting. 9. Click the Apply button. Your settings are saved.
Smart Managed Pro Switches MS510TX and MS510TXPP 5. Select Monitoring > Mirroring > System Resource Utilization. The System Resource Utilization page displays. The page also shows the Used Resources section. 6. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the nonconfigurable information displayed on the page. Table 72.
8 Maintain the Switch and Perform Troubleshooting 8 This chapter covers the following topics: • Reboot the Switch • Reset the Switch to Its Factory Default Settings • Export a File From the Switch • Download a File to the Switch • Manage Files • Troubleshooting 313
Smart Managed Pro Switches MS510TX and MS510TXPP Reboot the Switch Use the Device Reboot page to reboot the switch. To reboot the switch: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP To reset the switch to the factory default settings: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14.
Smart Managed Pro Switches MS510TX and MS510TXPP To export a file from the switch to the TFTP server: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 14.
Smart Managed Pro Switches MS510TX and MS510TXPP The page displays information about the file transfer progress. The page refreshes automatically when the file transfer completes. HTTP File Export Use the HTTP File Export page to export files of various types from the switch to the management system through an HTTP session by using your web browser. To export a file from the switch to another system by using HTTP: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Export a File From the Switch to a USB Device Use the USB File Export page to export configuration text files from the switch to a USB device. To export a file from the switch to a USB device: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP Download a File to the Switch The switch supports system file downloads from a remote system to the switch by using either TFTP, HTTP or USB. The Maintenance > Download menu contains links to the features described in the following sections.
Smart Managed Pro Switches MS510TX and MS510TXPP from the nonactive image. This is a safety feature for faults occurring during the boot upgrade process. The default setting is Software. With this selection, the switch downloads the new software image and overwrites the nonactive image. • Text Configuration. A text-based configuration file enables you to edit a configured text file (startup-config) offline as needed.
Smart Managed Pro Switches MS510TX and MS510TXPP Download a File to the Switch Using HTTP Use the HTTP File Download page to download files of various types to the switch through an HTTP session by using your web browser. To download a file to the switch using HTTP: 1. Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable. 2. Launch a web browser. 3.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: After a file transfer is started, wait until the page refreshes. When the page refreshes, the option to select a file option is no longer available, indicating that the file transfer is complete. Download a File From a USB Device Use the USB File Download page to download a file to the switch from a USB device. To download a file from a USB device: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP You can enter up to 32 characters. Include the slash or backslash at the end of the path. A path name with a space is not accepted. Leave this field blank to copy the file from the root USB directory. 8. In the USB File field, specify the path and file name for the file that you want to download. You can enter up to 32 characters. The transfer fails if you do not specify a file name. 9. Click the Apply button. The file transfer begins.
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 14. The login window opens. 4. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. 5. Select Maintenance > File Management > Dual Image Configuration. The Dual Image Configuration page displays. 6. From the Image Name menu, select the image that is not the image displayed in the Current-active field.
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. 5. Select Maintenance > File Management > Dual Image > Dual Image Status. The Dual Image Status page displays. The page also shows the Dual Image Description section. 6. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the information available on the page. Table 73.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: A subnet broadcast ping and loopback ping are not supported. The switch cannot ping the special broadcast address 255.255.255.255, the local network broadcast address, or a reachable network broadcast address. To configure the ping settings and ping an IPv4 address on the network: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Tx = 1, Rx = 0 Min/Max/Avg RTT = 0/0/0 msec Maintain the Switch and Perform Troubleshooting 327 User Manual
Smart Managed Pro Switches MS510TX and MS510TXPP Ping an IPv6 Address This page is used to send a ping request to a specified host name or IPv6 address. You can use this to check whether the switch can communicate with a particular IPv6 station. When you click the Apply button, the switch sends a specified number of ping requests and the results are displayed below the configurable data. To send an IPv6 ping: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Send an IPv4 Traceroute Use this page to tell the switch to send a traceroute request to a specified IP address or host name. You can use this to discover the paths that packets take to a remote destination. Once you click the Apply button, the switch sends a traceroute and the results are displayed below the configurable data. To send an IPv4 traceroute: 1. Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP 13. In the Size field, enter the size of the probe packets. The range is 64 to 1472. The default value is 64. 14. Click the Apply button. A traceroute request is sent to the specified IPv4 address or host name. The results are displayed below the configurable data in the Results field. If a reply to the traceroute is received, a message similar to the following one is displayed: 1 10.5.225.33 20 ms 10 ms 30 ms 2 10.5.225.225 10 ms 10 ms 10 ms 3 192.254.254.
Smart Managed Pro Switches MS510TX and MS510TXPP 9. In the InitTTL field, enter the initial TTL to be used. The range is 1 to 255. The default value is 1. 10. In the MaxFail field, enter the maximum number of failures allowed in the session. The range is 0 to 255. The default value is 5. 11. In the Interval(secs) field, enter the time between probes in seconds. The range is 1 to 60. The default value is 0. 12. In the Port field, enter the UDP destination port for the probe packets. The range is 1–65535.
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. 5. Select Maintenance > Troubleshooting > Tech Support Info. The Tech Support Info page displays. 6. Click the Generate Request button. Technical support information is exported from the switch and displayed in the text window on the page. You can then select, copy, and paste the information into a text file on your computer.
A Configuration Examples A This appendix covers the following topics: • Virtual Local Area Networks (VLANs) • Access Control Lists (ACLs) • Differentiated Services (DiffServ) • 802.
Smart Managed Pro Switches MS510TX and MS510TXPP Virtual Local Area Networks (VLANs) A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs together, routing the traffic to the appropriate port.
Smart Managed Pro Switches MS510TX and MS510TXPP • If the port is a member of the VLAN specified by the packet’s VLAN ID, the packet can be sent to other ports with the same VLAN ID. • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged.
Smart Managed Pro Switches MS510TX and MS510TXPP • If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet can access port 5 and port 6. The outgoing packet is stripped of its tag to become an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a tagged packet with VLAN ID 20. Access Control Lists (ACLs) ACLs ensure that only authorized users can access specific resources while blocking off any unwarranted attempts to reach network resources.
Smart Managed Pro Switches MS510TX and MS510TXPP • ID. 1 • Action. Permit • Match Every. False • CoS. 0 • Destination MAC. 01:02:1A:BC:DE:EF • Destination MAC Mask. 00:00:00:00:FF:FF • Source MAC. 02:02:1A:BC:DE:EF • Source MAC Mask. 00:00:00:00:FF:FF • VLAN ID. 2 For more information about MAC ACL rules, see Configure MAC ACL Rules on page 267. 3. On the MAC Binding Configuration page, assign the Sales_ACL to ports 6, 7, and 8, and then click the Apply button.
Smart Managed Pro Switches MS510TX and MS510TXPP For additional information about IP ACL rules, see Configure Rules for a Basic IP ACL on page 275. 3. Click the Add button. 4. On the IP Rules page, create a second rule for IP ACL 1 with the following settings: • Rule ID. 2 • Action. Permit • Match Every. True 5. Click the Add button. 6. On the IP Binding Configuration page, assign ACL ID 1 to ports 2, 3, and 4, and assign a sequence number of 1. (See Configure IP ACL Interface Bindings on page 288.
Smart Managed Pro Switches MS510TX and MS510TXPP Two basic types of QoS are supported: • Integrated Services. Network resources are apportioned based on request and are reserved (resource reservation) according to network management policy (RSVP, for example). • Differentiated Services. Network resources are apportioned based on traffic classification and priority, giving preferential treatment to data with strict timing requirements. The switch supports DiffServ.
Smart Managed Pro Switches MS510TX and MS510TXPP • Address-based You can combine these classifiers with logical AND or OR operations to build complex MF-classifiers (by specifying a class type of all or any, respectively). That is, within a single class, multiple match criteria are grouped together as an AND expression or a sequential OR expression, depending on the defined class type.
Smart Managed Pro Switches MS510TX and MS510TXPP • Mark DSCP. The packet DSCP is marked or remarked and forwarded. • Send. The packet is forwarded without DiffServ modification. • Color mode awareness. Policing in the DiffServ feature uses either color blind or color aware mode. Color blind mode ignores the coloration (marking) of the incoming packet. Color aware mode takes into consideration the current packet marking when the switch determines the policing outcome.
Smart Managed Pro Switches MS510TX and MS510TXPP For more information about this page, see Configure a DiffServ Policy on page 209. 6. Click the Add button. The policy is added. 7. Click the Policy1 hyperlink to view the Policy Class Configuration page for this policy. 8. Configure the Policy attributes as follows: • Assign Queue. 3 • Policy Attribute. Simple Policy • Color Mode. Color Blind • Committed Rate. 1000000 Kbps • Committed Burst Size. 128 KB • Confirm Action. Send • Violate Action.
Smart Managed Pro Switches MS510TX and MS510TXPP point of attachment to the LAN, such as a port of a MAC bridge and an association between stations or access points in IEEE 802.11 wireless LANs. The IEEE 802.11 standard describes an architectural framework within which authentication and consequent actions take place.
Smart Managed Pro Switches MS510TX and MS510TXPP controls the authorized/unauthorized state of the controlled port depending on the outcome of the RADIUS-based authentication process. Supplicant Authenticator switch Radius authentication server (192.100.10.23) Supplicant Figure 1. 802.1X authentication roles 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (mg7–mg8).
Smart Managed Pro Switches MS510TX and MS510TXPP 5. On the 802.1X Configuration page, set the port-based authentication state and guest VLAN mode to Enable, and then click the Apply button. (See Configure Global 802.1X Settings on page 243.) This example uses the default values for the port authentication settings, but you can configure several additional settings. For example, the EAPOL Flood Mode field allows you to enable the forwarding of EAPoL frames when 802.1X is disabled on the device. 6.
Smart Managed Pro Switches MS510TX and MS510TXPP VLANs to follow separate paths, each based on an independent Multiple Spanning Tree Instance (MSTI), within Multiple Spanning Tree (MST) regions composed of LANs and or MSTP bridges. These regions and the other bridges and LANs are connected into a single Common Spanning Tree (CST). (IEEE DRAFT P802.1s/D13) MSTP connects all bridges and LANs with a single Common and Internal Spanning Tree (CIST).
Smart Managed Pro Switches MS510TX and MS510TXPP With this allocation we ensure that every VLAN is assigned to one and only one MSTI. The CIST is also an instance of spanning tree with an MSTID of 0. VIDs might be not be allocated to an instance, but every VLAN must be allocated to one of the other instances of spanning tree.
Smart Managed Pro Switches MS510TX and MS510TXPP 2. On the VLAN Membership page, include ports g1–mg7 as tagged (T) or untagged (U) members of VLAN 300 and VLAN 500 (see Configure VLAN Membership on page 99). 3. On the STP Configuration page, enable the Spanning Tree State option (see Configure STP Settings on page 118). Use the default values for the rest of the STP configuration settings. By default, the STP operation mode is MSTP and the configuration name is the switch MAC address. 4.
Smart Managed Pro Switches MS510TX and MS510TXPP and 2 also include hosts in the sales and HR departments. The hosts connected from switch 2 use VLAN 500, MST instance 2 to communicate with the hosts on switch 3 directly. Likewise, hosts of switch 1 use VLAN 300, MST instance 1 to communicate with the hosts on switch 3 directly. The hosts use different instances of MSTP to effectively use the links across the switch. The same concept can be extended to other switches and more instances of MSTP.
Smart Managed Pro Switches MS510TX and MS510TXPP For more information about this step, see Use the VLAN Static Routing Wizard on page 164. 4. Use the VLAN Routing Configuration page to view or modify the VLAN as a routing VLAN. In the following figure, VLAN 30 is a routing VLAN with IP address 10.1.1.1 and subnet mask 255.255.255.0. (For more information about this page, see VLAN Routing Configuration on page 165.
B Hardware Specifications and Default Settings B This appendix covers the following topics: • Hardware Specifications • Switch Default Settings 351
Smart Managed Pro Switches MS510TX and MS510TXPP Hardware Specifications Table 74. Hardware specifications Feature Description Interfaces Nine Ethernet RJ-45 ports and one fiber SFP+ ports: • Ports g1–g4. 1 Gbps Ethernet ports • Ports mg5–mg6. 2.5 Gbps Multi-Gigabit Ethernet ports • Ports mg7–mg8. 5 Gbps Multi-Gigabit Ethernet ports • Port xmg9. 10 Gbps Multi-Gigabit Ethernet port • Port xg10.
Smart Managed Pro Switches MS510TX and MS510TXPP Switch Default Settings Table 75. Switch default settings Feature Sets Supported Default Setting Auto negotiation/static speed/duplex All ports Auto-negotiation Auto MDI/MDIX N/A Enabled 802.3x flow control/back pressure 1 (per system) Disabled Port mirroring 1 destination port and 8 source ports Disabled Link aggregation groups (LAGs) 8 Preconfigured 802.1D spanning tree 1 Disabled 802.1w RSTP 1 Enabled 802.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 75. Switch default settings (continued) Feature Sets Supported Default Setting Port MAC lock down All ports Disabled Boot code update Boot code is automatically updated together with firmware upgrade. N/A DHCP/static IP 1 DHCP enabled/192.168.0.239 Default gateway 1 192.168.0.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 75.