S3300 Smart Managed Pro Switch User Manual Firmware Version 6.6.
S3300 Smart Managed Pro Switch Support Thank you for purchasing this NETGEAR product. You can visit www.netgear.com/support to register your product, get help, access the latest downloads and user manuals, and join our community. We recommend that you use only official NETGEAR support resources. Conformity For the current EU Declaration of Conformity, visit http://kb.netgear.com/app/answers/detail/a_id/11621. Compliance For regulatory compliance information, visit http://www.netgear.com/about/regulatory.
Contents Chapter 1 Getting Started Getting Started with the NETGEAR Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Connect the Switch to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Discover a Switch in a Network with a DHCP Server . . . . . . . . . . . . . . . . . . . . . Discover a Switch in a Network without a DHCP Server . . . . . . . . .
S3300 Smart Managed Pro Switch Advanced Stack-Port Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Multiple Stack Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 PoE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Advanced PoE Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
S3300 Smart Managed Pro Switch Configure OUI-Based Auto-VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Display Auto-VoIP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 STP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 CST Configuration . . . . . . .
S3300 Smart Managed Pro Switch VLAN Routing Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 Configure Router Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Configure and View Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Configure ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 ARP Cache . . . . . . . .
S3300 Smart Managed Pro Switch Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Port Security Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267 Port Security Interface Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267 Security MAC Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 Protected Ports Membership . . . .
S3300 Smart Managed Pro Switch Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318 Port Detailed Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 EAP Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 Cable Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1. 1 Getting Started This manual describes how to configure and operate the ProSAFE® S3300 Smart Switch family by using the web-based graphical user interface (GUI). The manual describes the software configuration procedures and explains the options available within those procedures. The S3300 switches are referred to as the NETGEAR switch throughout this document. The individual switches are: • S3300-28X • S3300-28X-PoE+ • S3300-52X • S3300-52X-PoE+ In Release 6.6.
S3300 Smart Managed Pro Switch standard M4300 firmware image. For the procedure to upgrade the M4300/S3300 firmware, see Smart M4300/S3300 Firmware Upgrade Procedure on page 356. The information in this document applies to all switch models unless otherwise noted. Note: For information about issues and workarounds, see the release notes for the NETGEAR switch.
S3300 Smart Managed Pro Switch Getting Started with the NETGEAR Switch This chapter provides an overview of starting your NETGEAR switch and accessing the user interface. It also leads you through the steps to use the Smart Control Center (SCC) application, which can be downloaded to your computer. This guide does not document the SCC application. Full documentation for SCC is found at http://docs.netgear.com/scc/enu/202-10685-01/index.htm.
S3300 Smart Managed Pro Switch Switch Management Interface The NETGEAR switch contains an embedded web server and management software for managing and monitoring switch functions. The NETGEAR switch functions as a simple switch without the management software. However, you can use the management software to configure more advanced features that can improve switch efficiency and overall network performance.
S3300 Smart Managed Pro Switch Connect the Switch to the Network To enable remote management of the switch through a web browser or SNMP, you must connect the switch to the network and configure it with network information (an IP address, subnet mask, and default gateway). The switch has a default IP address of 192.168.0.239 and a default subnet mask of 255.255.255.0. To change the default network information on the switch, use one of the following three methods: • Dynamic assignment through DHCP.
S3300 Smart Managed Pro Switch Discover a Switch in a Network with a DHCP Server This section describes how to set up your switch in a network that has a DHCP server. The DHCP client on the switch is enabled by default. When you connect it to your network, the DHCP server will automatically assign an IP address to your switch. Use the Smart Control Center to discover the IP address automatically assigned to the switch. To install the switch in a network with a DHCP server: 1.
S3300 Smart Managed Pro Switch Figure 2. Smart Control Center - Device List 7. Select your switch by clicking the line that displays the switch, then click the Web Browser Access button. The Smart Control Center launches a browser that displays the login screen of the selected device. Use your web browser to manage your switch. The default password is password. For more information about the screen layout and options, see Use the Web Interface on page 21.
S3300 Smart Managed Pro Switch Discover a Switch in a Network without a DHCP Server This section describes how to use the Smart Control Center to set up your switch in a network without a DHCP server. If your network has no DHCP service, you must assign a static IP address to your switch. If you choose, you can assign it a static IP address, even if your network has DHCP service. To assign a static IP address: 1. Connect the switch to your existing network. 2.
S3300 Smart Managed Pro Switch Figure 3. Smart Control Center - Configure Device 9. Type your password to continue with the configuration change. Tip: You must enter the current password every time you use the Smart Control Center to update the switch setting. The default password is password. 10. Click the Apply button to configure the switch with the network settings. Ensure that your computer and the switch are in the same subnet. Make a note of these settings for later use.
S3300 Smart Managed Pro Switch The method to change the IP address on an administrative system varies depending on the operating system version. You need Windows Administrator privileges to change these settings. The following procedures show how to change the static IP address on a computer running a Microsoft Windows 7. To modify the network settings on your administrative system: 1. Open the Control Panel and click the Network and Sharing Center option. 2. Click the Local Area Connection link.
S3300 Smart Managed Pro Switch Figure 5. Local Area Connection Properties Window 4. Select the Internet Protocol Version 4 (TCP/IPv4) option, and then click the Properties button. The Internet Protocol Version 4 (TCP/IPv4) Properties window appears. 5. Select the Use the following IP address option and set the IP address of the administrative system to an address in the 192.168.0.0 network, such as 192.168.0.200. The IP address must be different from that of the switch but within the same subnet.
S3300 Smart Managed Pro Switch WARNING: When you change the IP address of your administrative system, you lose your connection to the rest of the network. Be sure to write down your current network address settings before you change them. Figure 6. IP Address Settings 6. Click the OK button. To configure a static address on the switch: 1. Use a straight-through cable to connect the Ethernet port on the administrative system directly to any port on the switch. 2.
S3300 Smart Managed Pro Switch Access the Management Interface from a Web Browser To access the switch management interface, use one of the following methods: • From the Smart Control Center, select the switch and click the Web Browser Access button. For more information, see the Smart Control Center User Guide at http://docs.netgear.com/scc/enu/202-10685-01/index.htm. • Open a web browser and enter the IP address of the switch in the address field.
S3300 Smart Managed Pro Switch • Microsoft Edge • Mozilla Firefox versions 40, 46.0.1 • Chrome version 45 • Safari on Windows OS 5.1, 6.0 • Safari on Mac OS 8.0 To log on to the web interface: 1. Open a web browser and enter the IP address of the switch in the web browser address field. The login screen displays. 2. Type the password in the Password field. The factory default password is password. Passwords are case-sensitive. 3. Click the Login button.
S3300 Smart Managed Pro Switch Navigation Tabs, Configuration Menus, and Screen Menu The navigation tabs along the top of the web interface give you quick access to the various switch functions. The tabs are always available and remain constant, regardless of which feature you configure. When you select a tab, the features for that tab appear as menus directly under the tabs. The configuration menus in the blue bar change according to the navigation tab that is selected.
S3300 Smart Managed Pro Switch Table 1. Command buttons (continued) Button Function Cancel Abandons the configuration changes on the screen and resets the data to the previous values. Delete Removes the selected item. Refresh/Update Refreshes/updates the screen with the latest information from the device. Logout Ends the session. Clear Clears all information and returns the switch to its default settings. Device View The Device View is a Java® applet that displays the ports on the switch.
S3300 Smart Managed Pro Switch Figure 12. S3300-52X-PoE+ In the S3300, the four uplink ports can work in either Stacking mode or in Ethernet mode. • By default those ports are in Stacking mode, and their color is gray. • When these ports are configured in Ethernet mode, then their color is blank (not connected). Depending upon the status of the port, the port color in Device View is either red, green, yellow, gray or black. • Green and yellow indicate that the port is enabled.
S3300 Smart Managed Pro Switch Figure 13. Device View S3300-52X Port Menu If you click the graphic but do not click a specific port, the main menu appears, as Figure 14, Device View Main Menu shows. This menu contains the same option as the navigation menu at the top of the screen. Figure 14. Device View Main Menu The System LEDs are located on the left side of the front panel.
S3300 Smart Managed Pro Switch Power/Status LED The Power LED is a bicolor LED that serves as an indicator of power and diagnostic status. The following indications are given by the following LED states: • A solid green LED indicates that the power is supplied to the switch and operating normally. • A solid yellow LED indicates that system is in the boot-up stage. • No lit LED indicates that power is disconnected.
S3300 Smart Managed Pro Switch Table 2. Disallowed characters in user-defined fields Character Definition \ Backslash / Forward slash * Asterisk ? Question mark < Less than > Greater than | Pipe Getting Started 28
S3300 Smart Managed Pro Switch Use SNMPv3 The switch software supports the configuration of SNMP groups and users that can manage traps that the SNMP agent generates. The switch uses both standard public MIBs for standard functionality and private MIBs that support additional switch functionality. All private MIBs begin with a hyphen (-) prefix. The main object for interface configuration is in -SWITCHING-MIB, which is a private MIB.
S3300 Smart Managed Pro Switch Interface Naming Convention The switch supports physical and logical interfaces. Interfaces are identified by their type and the interface number. All the physical ports are as follows: • S3300-28X. The ProSafe S3300-28X Smart switch is a stackable small/medium business class switch.
S3300 Smart Managed Pro Switch Table 3. Interface naming conventions Interface Description Example Link aggregation group (LAG) LAG interfaces are logical interfaces that are only used for bridging functions. l1, l2, l3 CPU management interface This is the internal switch interface responsible for the switch c1 base MAC address. This interface is not configurable and is always listed in the MAC Address Table.
S3300 Smart Managed Pro Switch Configuring Interface Settings For some features that allow you to configure interface settings, you can apply the same settings simultaneously to any of the following: • A single port • Multiple ports • All ports • A single LAG • Multiple LAGs • All LAGs • Multiple ports and LAGs • All ports and LAGs Many of the screens that allow you to configure or view interface settings include links to display all ports, all LAGs, or all ports and LAGs on the screen.
S3300 Smart Managed Pro Switch 4. Configure the desired settings. 5. Click the Apply button. The settings you configure in the heading row are applied to the selected interface. To configure a single LAG by using the Go To Interface field: 1. Click the LAGS link or the All link to display the LAGs. 2. In the Go To Interface field, type the LAG number, for example l3. 3. Click the Go button.
S3300 Smart Managed Pro Switch Figure 18. Select Multiple Ports 3. Configure the desired settings. 4. Click the Apply button. The settings you configure in the heading row are applied to all selected interfaces. To configure multiple LAGs: 1. Click the LAGS link or the All link to display the LAGs. 2. Select the check box next to each LAG to configure. The check box associated with each interface is selected, and the row for each selected interface is highlighted. 3. Configure the desired settings. 4.
S3300 Smart Managed Pro Switch Figure 19. Select All Ports 3. Configure the desired settings. 4. Click the Apply button. The settings you configure in the heading row are applied to all ports. To configure all LAGs: 1. Click the LAGS link to display only the LAG interfaces. 2. Select the check box in the heading row. The check box associated with every LAG is selected, and the rows for all LAGs are highlighted. 3. Configure the desired settings. 4. Click the Apply button.
S3300 Smart Managed Pro Switch 4. Click the Apply button. The settings you configure in the heading row are applied to all ports and LAGs. Online Help The Help main navigation tab of the web management interface provides access to the menus that are described in the following sections: • Support on page 36 • User Guide on page 36 Support The Support screen provides access to the NETGEAR support website at support.netgear.com. To access the support website from the web management interface: 1.
S3300 Smart Managed Pro Switch Registration To qualify for product updates and product warranty, NETGEAR encourages you to register your product. The first time that you connect to the switch while it is connected to the Internet, you have the option to register your product. At any time, you can register your product from the web management interface, or you can visit the NETGEAR website for registration at https://my.netgear.com/registration/login.aspx. To register the switch with NETGEAR: 1.
2. Configure System Information 2 Use the features you access from the System navigation tab to define the switch’s relationship to its environment.
S3300 Smart Managed Pro Switch Management This section describes how to display the switch status and specify some basic switch information, such as the management interface IP address, system clock settings, and DNS information.
S3300 Smart Managed Pro Switch 2. Define the following fields: • System Name. Enter the name you want to use to identify this switch. You can use up to 255 alphanumeric characters. The factory default is blank. • System Location. Enter the location of this switch. You can use up to 255 alphanumeric characters. The factory default is blank. • System Contact. Enter the contact person for this switch. You can use up to 255 alphanumeric characters. The factory default is blank. 3. Click the Apply button.
S3300 Smart Managed Pro Switch Figure 21. System Information - Temperature Sensors Status The following table describes the status information displayed in the Temperature Sensors section of the System Information screen. Table 5. System Information - Temperature Sensors Status Fields Field Description Unit The unit number in the stack. Sensor The temperature sensor for the given unit. Description The description of the temperature sensor.
S3300 Smart Managed Pro Switch Table 6. System Information - Fans Status Fields (continued) Field Description Duty Level The duty level of the fan. State Specifies whether the fan is running or stopped. Power Supplies This screen shows the power supplies status. Figure 23. System Information - Power Supplies Status The following table describes the status information displayed in the Power Supplies section of the System Information screen. Table 7.
S3300 Smart Managed Pro Switch The following table describes the information displayed in the Versions section of the System Information screen. Table 8. System Information - Versions Information Fields Field Description Unit No. The unit number of the switch. Model Name The model name of the switch. Boot Version The version of the boot code on the switch. Software Version The software version currently running on the switch.
S3300 Smart Managed Pro Switch Figure 25. System CPU Status - Unit CPU Utilization Table 9 describes the information that the System CPU Status screen displays. Table 9. System CPU Status > CPU Memory Status Field Description CPU Memory Status Total System Memory The total memory of the switch in KBytes. Available Memory The available memory space for the switch in KBytes. CPU Utilization Unit No Select the Unit to display the CPU Utilization information.
S3300 Smart Managed Pro Switch Figure 26. CPU Threshold The CPU Threshold screen allows you to configure thresholds that, when crossed, trigger a notification. The notification is done via SNMP trap and SYSLOG messages. 1. Define the CPU Threshold fields listed in Table 10. Table 10. System CPU Status > CPU Threshold Field Description Rising Threshold Notification is generated when the total CPU utilization exceeds this threshold value over the configured time period. The range is 1 to 100.
S3300 Smart Managed Pro Switch To display the USB Device Information page: 1. Select System > Management > USB Device Information. 2. The USB Device Information screen displays as shown in Figure 27, USB Device Information. 3. Click Update to update the information on the page to the latest data on the switch. Note: The system only detects and manages the USB device installed in the master unit.
S3300 Smart Managed Pro Switch Table 11. USB Device Information (continued) Field Description Bytes Used Displays the size of memory used on the USB flash device. Bytes Free Displays the size of memory free on the USB flash device. USB Directory Details File Name Displays the name of the file stored in the USB flash drive. File Size Displays the size, in bytes, of the file stored in the USB flash drive.
S3300 Smart Managed Pro Switch Table 12. Slot Information (continued) Field Description Card Index Displays the index assigned to the selected card type. Card Type Displays the hardware type of this supported card. This is a 32-bit data field. Card Descriptor Displays a data field used to identify the supported card. Supported Switch Switch Model ID Displays the list of models of all supported switches. Switch Index Displays the index assigned to the selected switch.
S3300 Smart Managed Pro Switch • Static IP Address. Specifies that the IP address, subnet mask, and default gateway must be manually configured. Enter this information in the fields below this radio button. 3. If you selected the Static IP Address option, configure the following network information: • IP Address. The IP address of the network interface. The factory default value is 192.168.0.239. Each part of the IP address must start with a number other than zero. For example, IP addresses 001.100.192.
S3300 Smart Managed Pro Switch IPv6 Network Configuration Use the IPv6 Network Configuration screen to configure the IPv6 network interface, which is the logical interface used for in-band connectivity with the switch through all of the switch’s front-panel ports. The configuration parameters associated with the switch’s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
S3300 Smart Managed Pro Switch features to acquire an IPv6 address. Auto configuration can be enabled only when DHCPv6 is not enabled on any of the management interfaces. • DHCPv6. Next to Current Network Configuration Protocol, select DHCPv6 to enable the DHCPv6 client on the interface. The switch attempts to acquire network information from a DHCPv6 server. Selecting None disables the DHCPv6 client on the network interface.
S3300 Smart Managed Pro Switch IPv6 Network Neighbor Use the IPv6 Network Neighbor screen to view information about the IPv6 neighbors the device has discovered through the network interface by using the Neighbor Discovery Protocol (NDP). To display the IPv6 Network Neighbor screen: Select System > Management > IPv6 Network Neighbor. Figure 30. IPv6 Network Neighbor Table 13 describes the information the IPv6 Network Neighbor screen displays about each IPv6 neighbor that the switch has discovered.
S3300 Smart Managed Pro Switch Time The switch supports the Simple Network Time Protocol (SNTP). You can also set the system time manually. SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The switch software operates only as an SNTP client and cannot provide time services to other systems. Time sources are established by stratums. Stratums define the accuracy of the reference clock.
S3300 Smart Managed Pro Switch 3. In the Date field, enter the date in the DD/MM/YYYY format. 4. In the Time field, enter the time in HH:MM:SS format. Note: If you do not enter a date and time, the switch will calculate the date and time using the CPU’s clock cycle. 5. Click the Apply button. To configure the time by using SNTP: 1. Select System > Management > Time > Time Configuration. 2. Next to Clock Source, select the SNTP radio button.
S3300 Smart Managed Pro Switch 4. If the SNTP client mode is Unicast, use the SNTP Server Configuration screen to add the IP address or DNS name of one or more SNTP servers for the switch to poll. For more information, see SNTP Server Configuration on page 57. 5. In the Port field, specify the local UDP port that the SNTP client receives server packets on. The allowed range is 1025 to 65535 and 123. The default value is 123.
S3300 Smart Managed Pro Switch Figure 33. Time > SNTP Global Status The following table describes the SNTP Global Status fields. Table 14. Time Configuration status fields Field Description Version Specifies the SNTP version the client supports. Supported Mode Specifies the SNTP modes the client supports. Multiple modes can be supported by a client. Last Update Time Specifies the local date and time (UTC) the SNTP client last updated the system clock.
S3300 Smart Managed Pro Switch Table 14. Time Configuration status fields (continued) Field Description Last Attempt Status Specifies the status of the last SNTP request or unsolicited message for both unicast and broadcast modes. If no message has been received from a server, a status of Other is displayed. These values are appropriate for all operational modes: • Other. The status of the last request is unknown. • Success. The SNTP operation was successful, and the system time was updated.
S3300 Smart Managed Pro Switch Figure 34. SNTP Server Configuration 2. From the Server Type list, select the type of SNTP address to enter in the Address field, which is either an IP address (IPv4) or hostname (DNS). 3. In the Address field, specify the IP address or the host name of the SNTP server. 4. If the UDP port on the SNTP server to which SNTP requests are sent is not the standard port (123), specify the port number. 5. In the Priority field, specify the order in which to query the servers.
S3300 Smart Managed Pro Switch Table 15. SNTP Server Status Fields (continued) Field Description Last Attempt Status Specifies the status of the last SNTP request or unsolicited message for both unicast and broadcast modes. If no message has been received from a server, a status of Other is displayed. These values are appropriate for all operational modes: • Other. The status of the last request is unknown, or no SNTP responses have been received. • Success.
S3300 Smart Managed Pro Switch Figure 35. Daylight Saving Configuration 2. Next to Daylight Saving, select one of the following options: • Disable. Use this option to disable Daylight Saving Time (DST). • Recurring. Use this option to configure Recurring Daylight Saving. Summer time occurs at the same time every year. The start and end times and dates for the time shift must be manually configured. • Recurring EU. Use this option to configure Recurring EU Daylight Saving.
S3300 Smart Managed Pro Switch - Day. Use this field to configure the end day. - Month. Use this field to configure the end month. - Hours. Use this field to configure the end hours. - Minutes. Use this field to configure the end minutes. 4. In the Offset field, specify the number of minutes to shift the daylight saving time from the standard time. The valid range is 1 to 1440 minutes. 5. In the Zone field, specify the acronym associated with the time zone when daylight saving time is in effect.
S3300 Smart Managed Pro Switch Configure Auto-DoS The Auto-DoS Configuration screen lets you automatically enable all the DoS features available on the switch, except for the L4 Port attack. For information about the types of DoS attacks the switch can monitor and block, see Configure Denial of Service on page 62. To enable the Auto-DoS feature: 1. Select System > Management > Denial of Service > Auto-DoS Configuration. Figure 36. Auto-DoS Configuration 2. Next to Auto-DoS Mode, select Enable.
S3300 Smart Managed Pro Switch Figure 37. Denial of Service Configuration 2. Select the types of DoS attacks for the switch to monitor and block and configure any associated values: • Denial of Service Min TCP Header Size. Specify the minimum TCP header size allowed. If DoS TCP Fragment is enabled, the switch will drop packets that have a TCP header smaller than the configured value. • Denial of Service ICMPv4.
S3300 Smart Managed Pro Switch • Denial of Service Max ICMPv6 Packet Size. Specify the maximum IPv6 ICMP packet size allowed. If ICMPv6 DoS prevention is enabled, the switch will drop IPv6 ICMP ping packets that have a size greater than this configured maximum ICMPv6 packet size. • Denial of Service First Fragment. Enabling First Fragment DoS prevention causes the switch to check DoS options on first fragment IP packets when switch are receiving fragmented IP packets.
S3300 Smart Managed Pro Switch Configure DNS Use this screen to configure global DNS settings and DNS server information. To configure the global DNS settings: 1. Select System > Management > DNS > DNS Configuration. Figure 38. DNS Configuration 2. Specify whether to enable or disable the administrative status of the DNS Client. • Enable. Allow the switch to send DNS queries to a DNS server to resolve a DNS domain name. The DNS is enabled by default. • Disable.
S3300 Smart Managed Pro Switch The Dynamic Host Configuration table shows host name-to-IP address entries that the switch has learned. The following table describes the dynamic host fields: Table 16. Dynamically learned host name mapping information Field Description Host Lists the host name you assign to the specified IP address. Total Amount of time since the dynamic entry was first added to the table. Elapsed Amount of time since the dynamic entry was last updated.
S3300 Smart Managed Pro Switch To change the host name or IP address in an entry: 1. Select the check box next to the entry to update. 2. Enter the new information in the appropriate field. 3. Click the Apply button. Green Ethernet Use this screen to configure Green Ethernet features. Using the Green Ethernet Configuration features allows for power consumption savings. To configure the Green Ethernet settings: 1. Select System > Management > Green Ethernet > Green Ethernet Configuration. Figure 40.
S3300 Smart Managed Pro Switch Figure 41. Green Ethernet Interface Configuration 2. Select one or more ports to configure. • To configure a single port, select the check box associated with it, or type the port number in the Go To Interface field and click the Go button. • To configure multiple ports with the same settings, select the check box associated with each port to configure. • To configure all ports with the same settings, select the check box in the heading row. 3.
S3300 Smart Managed Pro Switch Figure 42. Green Ethernet Detail 2. From the Interface list, select the interface to configure the Green Ethernet mode settings. 3. Enable or disable the Energy Detect Admin Mode on the port. When energy detect mode enabled, and a port link is down, the PHY automatically goes down for a short period of time, and then wakes up to check link pulses. This will allow performing auto-negotiation and saving power consumption when no link partner is present.
S3300 Smart Managed Pro Switch 5. EEE Transmit Idle Time. Enter the time for which the condition to move to LPI state is satisfied, at the end of which MAC TX transitions to LPI state. The range is 600 to 4294967295. The default value is 600. 6. EEE Transmit Wake Time. Enter the time for which the MAC/switch has to wait to go back to Active state from the LPI state when it receives a packet for transmission. The range is 8 to 65535. The default value is 17. 7.
S3300 Smart Managed Pro Switch Table 17. Green Ethernet Local Device Information (continued) Field Description Tw_sys_tx Echo (uSec) An integer that indicates the remote system's transmit Tw_sys that was used by the local system to compute the Tw_sys that it wants to request from the remote system. Tw_sys_rx (uSec) An integer that indicates the value of Tw_sys that the local system requests from the remote system. This value is updated by the EEE Receiver L2 state diagram.
S3300 Smart Managed Pro Switch To display Green Ethernet mode settings for a Remote Device Figure 43. Remote Device Information 1. From the Interface list, select the interface. Table 18, Green Ethernet Local Device Information displays the following non-configurable information about the Green Ethernet status and statistics on the local device. Table 18. Green Ethernet Local Device Information Field Description Remote ID Specifies the remote client identifier assigned to the remote system.
S3300 Smart Managed Pro Switch Figure 44. Green Ethernet Summary Table 19, Green Ethernet statistics summary describes the information the Green Ethernet Statistics Summary table displays. Table 19. Green Ethernet statistics summary Field Description Current Power Consumption The estimated power consumption (in mWatts) by all the ports on the switch. Percentage Power Saving/Stack The percentage of power saved on all ports due to the Green Ethernet mode(s) being enabled.
S3300 Smart Managed Pro Switch Table 20, Green Ethernet feature summary describes the information in the Green Ethernet feature summary table. Table 20. Green Ethernet feature summary Field Description Unit The unit ID number, which is always 1. Green Features supported on this unit The Green Ethernet features the switch supports. Table 21, Green Ethernet interface summary describes the information in the Green Ethernet interface summary table. Table 21.
S3300 Smart Managed Pro Switch Figure 45. Green Ethernet LPI History 2. In the Sampling Interval field, specify the frequency, in seconds, at which EEE LPI history. 3. In the Max Samples to keep field, specify the maximum number of LPI samples to keep in the history buffer. 4. Click the Apply button. To view per-interface LPI history information, select the interface with the information to view from the Interface list. The screen refreshes and displays the LPI history for the selected interface.
S3300 Smart Managed Pro Switch Device View For Device View information, see Device View on page 24. License Some switch features require a special license in order to be active. If a license is not active, the feature associated with the license is not available and cannot be configured. To view information about the license key, click System > License > License Key. The following table describes the non-configurable fields on the License Key page. Table 23.
S3300 Smart Managed Pro Switch Switch Stack Configuration Stacking Overview A stackable switch is a switch that is a fully functional operating standalone, but can also be set-up to operate together with up to six switches, with this group of switches showing the characteristics of a single switch while having the port capacity of the sum of the combined switches. One of the switches in the stack controls the operation of the stack. This switch is called the stack manager.
S3300 Smart Managed Pro Switch the ability to synchronize the software on the stack unit with the software that is running on the stack manager. Normally, the software is automatically distributed to all units in the stack after downloading new code, but there can be instances where a unit with older code is plugged in to the stack. In this scenario, use the stack firmware synchronization feature to push the code from the stack manager to the stack members.
S3300 Smart Managed Pro Switch Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack manager. This ensures that the switch is re-elected as stack manager if a re-election occurs.
S3300 Smart Managed Pro Switch b. All stacking functionalities of the S3300 extend to these two M4300 platforms. However, Non-Stop Forwarding (NSF) is not supported. c. Either S3300 or M4300 can be stack master or standby. d. CLI under the console port is not supported. e. Service port is not supported for management or any other purposes. 4. New features for the M4300 running the Smart 6.6.4.
S3300 Smart Managed Pro Switch Stack Sample Mode To configure the stack sampling parameters: 1. Select the Stack Sample Mode. The global status management mode which can be: • Cumulative. This tracks the sum of received time stamp offsets cumulatively. • History. This tracks the history of received timestamps. The factory default is Cumulative. 2. Enter a value for Max Samples – the maximum number of samples to keep. The valid range is 100 to 500. Max Samples applies to History mode. Figure 46.
S3300 Smart Managed Pro Switch highest priority value will be chosen to become primary unit. If the value is set to 0, then that switch unit never participates in Manager Election. 5. Select the Management Status. Indicates whether the selected switch is the management unit, or a normal stacking member, or on standby. 6. Click the Apply button. The system prompts the administrator to confirm the management move.
S3300 Smart Managed Pro Switch Table 25. Basic Stack Status Table 26. Field Description Unit ID The Unit ID of the specific switch. Switch Description The description for the unit that can be configured by the user. Serial Number The unique box serial number for this switch. Uptime Displays the relative time since the last reboot of the switch. Preconfigured Model Identifier Displays the model type assigned by the device manufacturer to identify the device.
S3300 Smart Managed Pro Switch Figure 47. Advanced Stack Status The following table describes the non-configurable Advanced Stack Status data that is displayed. Click Refresh to update the page with the latest information on the switch. Table 27. Advanced Stack Status Field Description Unit ID The Unit ID of the specific switch. Neighbor Unit ID The neighboring unit with which data is exchanged. Current Current time of heartbeat message reception.
S3300 Smart Managed Pro Switch Advanced Stack-Port Configuration To configure a Stack-port: 1. Click System > Stacking > Advanced > Stack-port Configuration. Figure 48. Stack-Port Configuration 2. Select either the Unit ID or All. • Select the Unit ID field to display information for the selected unit. • Select All to display information for all units. 3. In the Configured Stack Mode field, specify the operating mode of the port to be either Ethernet or Stack.
S3300 Smart Managed Pro Switch Table 28. Stack-port Configuration (continued) Field Description Link Speed (Gbps) Displays the maximum speed of the stack port. Transmit Data Rate (Mbps) Displays the approximate transmit rate on the stack port. Transmit Error Rate (Error/s) Displays the number of errors in transmit packets per second. Total Transmit Errors Displays the total number of errors in transmit packets since bootup. The counter may wrap.
S3300 Smart Managed Pro Switch The following table describes the non-configurable Stack-port Diagnostics data that is displayed. Table 29. Stack-port Diagnostics Field Description Unit ID The Unit ID of the specific switch. Port Displays the stack port on the given unit. Port Diagnostics Info Displays three text fields (character strings) populated by the driver containing debug and status information.
S3300 Smart Managed Pro Switch The behavior of Firmware Synchronization is the same whether the system is powered on after connecting all the new members or if a new member is adding during the running operation of the stack. Stack Firmware Synchronization starts only after the stack manager selection is complete. You can disable downgrading the image on a stack member during Firmware Synchronization operation.
S3300 Smart Managed Pro Switch multiple links can be connected to an adjacent unit to form a higher bandwidth stacking connection. This is referred to as Multiple Stack Links. The following restrictions and limitations apply when using Multiple Stack Links: • Fiber link takes precedence over the copper link • When fiber link is present between the stacked units, traffic is always carried through the fiber link, whether over a single link or over two links in a trunk.
S3300 Smart Managed Pro Switch PoE Use this screen to configure a few system-level PoE parameters per unit. In other words, the parameters are specific to the whole unit, not specific to any port(s). 1. Select System > PoE > Basic > PoE Configuration. Figure 51. PoE Basic Configuration 2. In the Unit Selection field, select a current PoE unit. You can change the PoE Unit by selecting another unit ID listed in this field. 3. Configure the System Usage Threshold.
S3300 Smart Managed Pro Switch Table 31. PoE Configuration Non-configurable Data (continued) Field Description Power Source The power source currently being used to deliver power - Main AC or RPS. Threshold Power The system can power up one more port if consumed power is less than Threshold Power. In other words, consumed power can be between Nominal and Threshold Power values. The Threshold Power value is effected by changing the System Usage Threshold.
S3300 Smart Managed Pro Switch supply power. When ports have the same priority, the lower numbered port will have a higher priority. Possible priority values are: • Low. Low priority. • Medium. Medium priority. • High. High priority. • Critical. Critical priority. The factory default is Low. 5. Select the Power Mode. • 802.3 af. The PoE port power is limited to IEEE 802.3af mode only. A powered device (PD) that requires IEEE 802.3at power does not receive power if the port functions in the IEEE 802.
S3300 Smart Managed Pro Switch • 4pt 802.3af + legacy. 4-Point Resistive Detection in 802.3af mode, followed by Legacy Detection, is done. • Legacy. Only Legacy Detection is done. The factory default is IEEE 802. 9. Assign a Timer Schedule to the port. Select None to remove the timer schedule assignment. The factory default is None. See Timer Schedule on page 132. 10. Click the Apply button to send the updated configuration to the switch. Configuration changes take effect immediately. 11.
S3300 Smart Managed Pro Switch Table 32. PoE Port Configuration Non-Configurable Data (continued) Field Description Status Operational status of the port PD detection. Possible values are: • Disabled. Indicates that no power is being delivered. • Delivering Power. Indicates that power is being drawn by the device. • Fault. Indicates a problem with the power. • Other Fault. Indicates that the port is idle due to an error condition. • Requesting Power. Indicates that the port is requesting power.
S3300 Smart Managed Pro Switch SNMP This section describes how to configure the Simple Network Management Protocol (SNMP) version 1 and SNMP version 2 information on the switch. For information about configuring the SNMPv3 administrative profile, see Use SNMPv3 on page 29. The screens you access from the SNMPV1/V2 link allow you to configure SNMPv1/v2 community information, traps, and trap flags.
S3300 Smart Managed Pro Switch If you select Enable, the community name must be unique among all valid community names or the set request will be rejected. If you select Disable, the community name will become invalid. 7. Click the Add button. To modify an existing community: 1. Select the check box next to the community. 2. Update the desired fields. 3. Click the Apply button. To delete a community: 1. Select the check box next to the community to remove. 2. Click the Delete button.
S3300 Smart Managed Pro Switch 3. Click the Apply button. To delete an SNMP trap recipient: 1. Select the check box next to the recipient to remove. 2. Click the Delete button. Trap Flags Use the Trap Flags screen to enable or disable traps the switch can send to an SNMP manager. When the condition identified by an active trap is encountered by the switch, a trap message is sent to any enabled SNMP trap receivers, and a message is written to the trap log. To configure the trap flags: 1.
S3300 Smart Managed Pro Switch SNMP Supported MIBS This screen displays a list of all MIBs supported by the switch. To view the supported MIBs, select System > SNMP > SNMP V1/V2 > Supported MIBs. The following table describes the fields on the screen. Table 33. SNMP MIB Field Description Name The name of the public or private MIB. Description A description of the MIB’s purpose. LLDP The IEEE 802.
S3300 Smart Managed Pro Switch • Inventory management, enabling network administrators to track their network devices and determine their characteristics (manufacturer, software and hardware versions, serial or asset number). LLDP Configuration Use the LLDP Configuration screen to specify the global LLDP and LLDP-MED parameters that are applied to the switch. To configure global LLDP settings: 1. Select System > LLDP > Basic > LLDP Configuration. Figure 56. LLDP Configuration 2. (Optionally).
S3300 Smart Managed Pro Switch LLDP Port Settings Use the LLDP Port Settings screen to specify per-interface LLDP settings. To configure LLDP port settings: 1. Select System > LLDP > Advanced > LLDP Port Settings. Figure 57. LLDP Port Settings 2. Select one or more ports to configure. • To configure a single port, select the check box associated with it, or type the port number in the Go To Interface field and click the Go button.
S3300 Smart Managed Pro Switch information includes the system name, system description, system capabilities, and port description. For information about how to configure the system name, see Management on page 39. For information about how to configure the port description, see Ports on page 136. 4. Click the Apply button. LLDP-MED Network Policy This screen displays information about the LLPD-MED network policy TLV transmitted in the LLDP frames on the selected local interface.
S3300 Smart Managed Pro Switch Table 34. LLDP-MED network policy information Field Description Network Policy Number The policy number. Application The media application type associated with the policy, which can be one of the following: • Unknown • Voice • Guest Voice • Guest Voice Signaling • Softphone Voice • Video Conferencing • Streaming Video • Video Signaling A port can receive multiple application types.
S3300 Smart Managed Pro Switch Figure 59. LLDP-MED Port Settings 2. From the Port list, select the port to configure. 3. Use the lists to enable or disable the following LLDP-MED settings for the selected port: • LLDP-MED Status. The administrative status of LLDP-MED on the interface. When LLDP-MED is enabled, the transmit and receive function of LLDP is effectively enabled on the interface. • Notification. When enabled, the port sends a topology change notification if a device is connected or removed.
S3300 Smart Managed Pro Switch Figure 60. LLDP-MED Neighbors Information 2. In the LLDP-MED Interface Selection section of the window, the Interface field lists all the ports on which LLDP-MED is enabled. Select the interface from the Interface list to display information about that interface. 3. Table 35, LLDP-MED Neighbors Information below describes the non-configurable LLDP-MED Neighbors information for the selected interface. 4.
S3300 Smart Managed Pro Switch Table 35. LLDP-MED Neighbors Information Field Description LLDP-MED Interface Selection Remote ID Specifies the remote client identifier assigned to the remote system. Capability Information This table specifies the supported and enabled capabilities received in MED TLV on this port. Supported Capabilities Specifies supported capabilities received in MED TLV on this port. Enabled Capabilities Specifies enabled capabilities received in MED TLV on this port.
S3300 Smart Managed Pro Switch Table 35. LLDP-MED Neighbors Information (continued) Field Description Extended PoE This table specifies if the remote device is a PoE device. Device Type Specifies the remote device’s PoE device type connected to this port. Extended PoE PSE This table specifies if the extended PSE TLV is received in an LLDP frame on this port. Device Type Specifies the remote device’s PoE device type connected to this port.
S3300 Smart Managed Pro Switch Figure 61. LLDP Local Device Information The following table describes the LLDP device information and port summary information. Table 36. LLDP local device information Field Description Chassis ID Subtype The type of information used to identify the switch in the Chassis ID field. Chassis ID The hardware platform identifier for the switch. System Name The user-configured system name for the switch.
S3300 Smart Managed Pro Switch Figure 62. LLDP-MED Local Port Information The following table describes the detailed local information that displays for the selected port. Table 37. Detailed LLDP local port information Field Description Managed Address Address SubType The type of address the management interface uses, such as an IPv4 address. Address The address used to manage the device. Interface SubType The port subtype. Interface Number The number that identifies the port.
S3300 Smart Managed Pro Switch Table 37. Detailed LLDP local port information (continued) Field Description Current Capabilities The TLVs advertised by the port. Device Class Network Connectivity indicates the device is a network connectivity device. Network Policies Application Type The media application type associated with the policy. VLAN ID The VLAN ID associated with the policy. VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged.
S3300 Smart Managed Pro Switch Neighbors Information Use the LLDP Neighbors Information screen to view the data that a specified interface has received from other LLDP-enabled systems. To view LLDP information received from a neighbor device, select System > Advanced > LLDP > Neighbors Information. Note: If no information has been received from a neighbor device, or if the link partner is not LLDP-enabled, no information displays. \ Figure 63.
S3300 Smart Managed Pro Switch To view additional information about the remote device, click the link in the MSAP Entry field. A pop-up window displays information for the selected port. The following table describes the information transmitted by the neighbor. Table 39. LLDP neighbor details Field Description Port Details Local Port The interface on the local system that received LLDP information from a remote system.
S3300 Smart Managed Pro Switch Table 39. LLDP neighbor details (continued) Field Description MED Details Capabilities Supported The supported capabilities that were received in MED TLV from the device. Current Capabilities The advertised capabilities that were received in MED TLV from the device. Device Class The LLDP-MED endpoint device class. The possible device classes are: • Endpoint Class 1 Indicates a generic endpoint class, offering basic LLDP services.
S3300 Smart Managed Pro Switch Table 39. LLDP neighbor details (continued) Field Description Type The unknown TLV type field. Value The unknown TLV value field. Services This section describes how to configure the DHCP L2 Relay, DHCP snooping, DHCPv6 snooping, and Dynamic ARP Inspection (DAI) features on the switch. DHCP snooping and DAI are layer 2 security features that examine traffic to help prevent accidental and malicious attacks on the switch or network.
S3300 Smart Managed Pro Switch 4. Click the Cancel button to cancel the configuration on the screen, and reset the data displayed on the screen to the latest value of the switch. DHCP L2 Relay VLAN Configuration Use this screen to configure the DHCP L2 Relay VLAN. Figure 64. DHCP L2 Relay VLAN Configuration To configure DHCP L2 Relay VLAN: 1. Select System> Services > DHCP L2 Relay > DHCP L2 Relay Global Configuration. 2. VLAN ID shows the VLAN ID configured on the switch.
S3300 Smart Managed Pro Switch DHCP L2 Relay Interface Configuration Use this screen to view and configure the DHCP L2 Relay Interface. Figure 65. DHCP L2 Relay Interface Configuration To configure DHCP L2 Relay Interface settings: 1. Select System> Services > DHCP L2 Relay > DHCP L2 Relay Interface Configuration. 2. In the Go To Interface field, enter the interface in unit/slot/port format and click on the Go button. The entry corresponding to the specified interface is selected. 3.
S3300 Smart Managed Pro Switch Figure 66. DHCP L2 Relay Interface Statistics Table 40 describes the non-configurable data that is displayed. Table 40. DHCP L2 Relay Interface Statistics Field Description Interface The interface from which the DHCP message is received. Untrusted Server Messages With Opt82 The number of DHCP message with option82 received from an untrusted server. Untrusted Client Messages With Opt82 The number of DHCP message with option82 received from an untrusted client.
S3300 Smart Managed Pro Switch trusted interface is an interface that is configured to receive only messages from within the network. DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also provides way to differentiate between untrusted interfaces connected to the end user and trusted interfaces connected to the DHCP server or another switch. Global Configuration Use this screen to view and configure the global settings for DHCP snooping.
S3300 Smart Managed Pro Switch Interface Configuration Use the DHCP Snooping Interface Configuration screen to view and configure each port as a trusted or untrusted port. Any DHCP responses received on a trusted port are forwarded. If a port is configured as untrusted, any DHCP (or BootP) responses received on that port are discarded. To configure DHCP snooping interface settings: 1. Select System> Services > DHCP Snooping > Interface Configuration. Figure 68.
S3300 Smart Managed Pro Switch If the incoming rate of DHCP packets exceeds the value of this object for consecutively burst interval seconds, the port will be shut down. If this value is N/A, then the burst interval has no meaning, and rate limiting is disabled. 6. In the Burst Interval (secs) field, specify the burst interval value for rate limiting purposes on this interface. If the rate limit is N/A, then the burst interval has no meaning and the field displays N/A. 7. Click the Apply button.
S3300 Smart Managed Pro Switch The DHCP Snooping Dynamic Binding Configuration table shows information about the DHCP bindings that have been learned on each interface on which DHCP snooping is enabled. Table 41 describes the dynamic bindings information. Table 41. DHCP Snooping Dynamic Binding Information Field Description Interface The interface on which the DHCP client message was received. MAC Address The MAC address associated with the DHCP client that sent the message.
S3300 Smart Managed Pro Switch 3. In the Write Delay field, specify the amount of time to wait between writing bindings information to persistent storage. The delay allows the device to collect as many entries as possible (new and removed) before writing them to the persistent file. 4. Click the Apply button. DHCP Snooping Statistics Use this screen to view and clear per-interface statistics about the DHCP messages filtered by the DHCP snooping feature on untrusted interfaces.
S3300 Smart Managed Pro Switch DHCPv6 Snooping DHCPv6 snooping is a useful feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within your network.
S3300 Smart Managed Pro Switch 2. Select one or more ports or LAGs to configure. For information about how to select and configure one or more ports and LAGs, see Configuring Interface Settings on page 32. 3. From the Trust Mode list, select the desired trust mode. The factory default is Disabled. • Disabled. The interface is considered to be untrusted and could potentially be used to launch a network attack. DHCP server messages are checked against the bindings database.
S3300 Smart Managed Pro Switch 3. In the MAC Address field, specify the MAC address for the binding to be added. This is the key to the binding database. 4. From the VLAN ID list, select the VLAN for the binding rule. The VLAN ID range is 1 to 4093. 5. In the IPv6 Address field, specify a valid IPv6 address for the binding rule. 6. Click the Add button to the DHCPv6 snooping binding entry to the database. 7. Click the Delete button to delete selected static entries from the database. 8.
S3300 Smart Managed Pro Switch a. Specify the Remote IP Address of the TFTP server on which the snooping database is stored when Remote is selected. b. Specify the Remote File Name of the DHCPv6 snooping bindings database in which the bindings are stored when Remote is selected. The Remote File Name can be 1 to 32 alphanumeric characters. 3. In the Write Delay field, specify the maximum amount of time to wait between writing bindings information to persistent storage.
S3300 Smart Managed Pro Switch Dynamic ARP Inspection Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The malicious attacker sends ARP requests or responses mapping another station’s IP address to its own MAC address.
S3300 Smart Managed Pro Switch a. Select System> Services > Dynamic ARP Inspection > DAI Interface Configuration. b. Click the LAGS link to view all LAG interfaces. c. Next to l1, select the check box. d. From the Trust Mode list, select Enable. Figure 73. DAI Interface Configuration - LAGS e. Click the Apply button. 3. Configure rate limiting for ports 1–8, which are untrusted ports. a. Click 1 in the interface-selection field to view all ports. b. Select each check box associated with ports 1–8. c.
S3300 Smart Managed Pro Switch d. Click the Apply button. Configure a DAI ACL DAI relies on the information in the DHCP snooping bindings database to validate ARP packets. For networks that use static IP addresses and do not use DHCP, DAI access control lists (ACLs) can be used to statically map an IP address to a MAC address on a VLAN. When hosts use static IP addresses, the DHCP snooping feature cannot build a bindings database. DAI ACLs are also useful when other switches in the network do not run DAI.
S3300 Smart Managed Pro Switch 8. Click the Add button. 9. Repeat Step 6 through Step 8 to add the second rule. You can add up to 20 static IP address-MAC address mappings to a DAI ACL. Figure 76. DAI Rule Table 10. Select System> Services > Dynamic ARP Inspection > DAI VLAN Configuration. 11. Next to VLAN 100, select the check box. 12. In the ARP ACL Name field, specify the name of the DAI ACL to associate with the VLAN. 13. Click the Apply button. Figure 77.
S3300 Smart Managed Pro Switch since the target MAC address is unspecified in ARP requests. You can also enable IP address checking. When this option is enabled, DAI drops ARP packets with an invalid IP address. The following IP addresses are considered invalid: • 0.0.0.0 • 255.255.255.255 • All IP multicast addresses • All class E addresses (240.0.0.0/4) • Loopback addresses (in the range 127.0.0.0/8) The valid IP check is applied only on the sender IP address in ARP packets.
S3300 Smart Managed Pro Switch Figure 79. Dynamic ARP Inspection Statistics 2. Click Clear to clear all DAI statistics. 3. Click Refresh to refresh the data on the page with the latest information on the switch. Table 45, Dynamic ARP Inspection (DAI) statistics describes the Dynamic ARP Inspection (DAI) statistics. Table 45. Dynamic ARP Inspection (DAI) statistics Field Description VLAN The enabled VLAN ID for which statistics are displayed.
S3300 Smart Managed Pro Switch Timer Schedule The NETGEAR Smart Switch provides timer schedules for use with PoE/PoE+. To use Timer Schedules with PoE/PoE+, you first define a timer schedule on the System > Timer Schedule screen. Then you associate the timer schedule to a PoE/PoE+ port (or ports) on the System > PoE > PoE Port Configuration screen. See PoE on page 90.
S3300 Smart Managed Pro Switch The following table describes the non-configurable fields on the Timer Schedule Global Configuration page. Table 46. Timer Schedule Information Field Description Time Schedule Status Specifies if the current status of the timer schedule is active or inactive. ID Identifies the timer schedule. The maximum number of timer schedules that can be created is 100. Configure Timer Schedule Use this screen to configure timer schedule. Select the Timer Schedule Criteria: 1.
S3300 Smart Managed Pro Switch 2. Enter the Time End. This is the time of day in hh:mm format when the schedule operation is stopped. This field is required. 3. Enter the Date Start. This is the schedule start date. This field is required. 4. Enter the Date End. This is the schedule end date. If No End Date is selected, the schedule operates indefinitely. 5. Select the Recurrence Pattern. This field is displayed only when you select Periodic as the Timer Schedule Type.
3. Configuring Switching 3 Use the features you access from the Switching tab to define Layer 2 features. The Switching tab contains links to the features described in the following sections.
S3300 Smart Managed Pro Switch Ports The screens you access from the Ports menu allow you to view and monitor the physical port information for the ports available on the switch. The Ports menu contains links described in the following sections. • Port Configuration Port Configuration Use the Port Configuration screen to configure various characteristics about the physical ports or LAGs on the switch. To configure port settings: 1. Select Switching > Ports > Port Configuration. Figure 82.
S3300 Smart Managed Pro Switch and 1000 Mbps) will be advertised. Otherwise, your selection will determine the port’s duplex mode and transmission rate. The factory default is Auto. - 10 — 10 Mbits/sec. - 100 — 100 Mbits/sec. - 10G — 10 Gbits/sec. The delimiter characters for setting different speed values is ',', '.' and space. You must set Auto-negotiation mode to Enable in order for you to be able to set the auto-negotiation speeds.
S3300 Smart Managed Pro Switch elapses, or the utilization returns to a specified low threshold, the switch enables the port to again transmit frames. The factory default is Disabled. When flow control is disabled, the switch does not generate PAUSE frames. The switch also does not throttle packet transmission on receiving PAUSE frames from a partner. For LAG interfaces Flow Control Mode is displayed as blank because flow control is not applicable.
S3300 Smart Managed Pro Switch Link Aggregation Groups Link aggregation groups (LAGs), which are also known as port channels, allow you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing. You assign the LAG VLAN membership after you create a LAG. The LAG by default becomes a member of the default management VLAN (that is, VLAN 1).
S3300 Smart Managed Pro Switch • LAG Name. Specify the name you want assigned to the LAG. You can enter any string of up to 15 alphanumeric characters. A valid name has to be specified in order to create the LAG • Description. Specify the description string to be attached to a LAG. It can be up to 64 characters in length. • Admin Mode. Select Enable or Disable from the list.
S3300 Smart Managed Pro Switch across the units. In such a scenario, when this feature is enabled, any known unicast traffic sent to the LAG uses only the LAG interface on the local unit. This ensures that the known unicast traffic, destined to the LAG, does not cross the external stack link when the LAG has a member or members on the local unit. Local preference does not impact behavior with respect to unknown unicast, broadcast and multicast traffic. 4.
S3300 Smart Managed Pro Switch LAG Membership Use the LAG Membership screen to select two or more full-duplex Ethernet links to be aggregated together to form a link aggregation group (LAG), which is also known as a port channel. The switch can treat the port channel as if it were a single link. To add members to a LAG: 1. Select Switching> LAG > Basic > LAG Membership. 2. From the LAG ID list, select the LAG to configure. 3.
S3300 Smart Managed Pro Switch LACP Configuration The LACP configuration screen is used to set the LACP system priority. To configure LACP: 1. Select Switching> LAG > Advanced > LACP Configuration. 2. In the LACP System Priority field, specify the device’s link aggregation priority relative to the devices at the other ends of the links on which link aggregation is enabled. A higher value indicates a lower priority.
S3300 Smart Managed Pro Switch VLANs Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security, and management of multicast traffic. By default, all ports on the switch are in the same broadcast domain.
S3300 Smart Managed Pro Switch Basic VLAN Configuration Use the VLAN Configuration screen to define VLAN groups stored in the VLAN membership table. The switch supports up to 256 VLANs. The default VLAN (1), voice VLAN (2) and auto-video VLAN (3) are created by default, and all ports are untagged members. When you create a VLAN on this screen, its type is always static. To add a VLAN: 1. Select Switching> VLAN > Basic > VLAN Configuration. 2.
S3300 Smart Managed Pro Switch VLAN Membership Configuration Use this screen to configure VLAN port membership for a particular VLAN. You can select the Group operation through this screen. To configure VLAN membership for individual ports and LAGs: 1. Select Switching> VLAN > Advanced > VLAN Membership. 2. From the VLAN ID list, select the VLAN to which you want to add ports. 3. Click the Unit number icon below the VLAN Type field to display the physical ports on the switch. 4.
S3300 Smart Managed Pro Switch To configure the same VLAN membership settings for all ports and LAGs: 1. Select Switching> VLAN > Advanced > VLAN Membership. 2. In the VLAN ID list, select the VLAN to which you want to add ports. 3. In the Group Operations list, select one of the following options: • Untag All. All frames transmitted from this VLAN will be untagged. All the ports will be included in the VLAN. • Tag All. All frames transmitted for this VLAN will be tagged.
S3300 Smart Managed Pro Switch Port VLAN ID Configuration The Port PVID Configuration screen lets you assign a port VLAN ID (PVID) to an interface. There are certain requirements for a PVID: • All ports must have a defined PVID. • If no other value is specified, the default VLAN PVID is used. • If you want to change the port’s default PVID, you must first create a VLAN that includes the port as a member. • Use the Port VLAN ID (PVID) Configuration screen to configure a virtual LAN on a port.
S3300 Smart Managed Pro Switch MAC-Based VLAN The MAC Based VLAN feature uses the source MAC address of incoming untagged packets to classify the traffic and to assign the packets to the appropriate VLAN. A MAC to VLAN mapping is defined by configuring an entry in the MAC to VLAN table. An entry is specified by a source MAC address and the desired VLAN ID.
S3300 Smart Managed Pro Switch Protocol-Based VLAN Group Configuration Protocol-based VLAN can be used to define filtering criteria for untagged packets. By default, if you do not configure any port (IEEE 802.1Q) or protocol-based VLANs, untagged packets are assigned to VLAN 1. You can override this behavior by defining either port-based VLANs or protocol-based VLANs, or both. Tagged packets are always handled according to the IEEE 802.1Q standard, and are not included in protocol-based VLANs.
S3300 Smart Managed Pro Switch 2. Click the Delete button. Protocol-Based VLAN Group Membership The Protocol-Based VLAN Group Membership screen is used to define a protocol-based VLAN group. To set up protocol-based VLAN group membership: 1. Select Switching> VLAN > Advanced > Protocol-Based VLAN Group Membership. 2. From the Group ID list, select the protocol-based VLAN group ID for which you want to display or configure data. 3. Click display the port list.
S3300 Smart Managed Pro Switch 5. If the interface mode is VLAN ID or Dot1p, specify the VLAN ID or 802.1p priority value in the Value field. This field is valid only when VLAN ID or dot1p is selected as the interface mode. 6. From the CoS Override Mode list, specify the CoS override mode for the selected ports: • Enabled. The port ignores the 802.1p priority value in the Ethernet frames it receives from connected devices. • Disabled. The port trusts the priority value in the received frame. 7.
S3300 Smart Managed Pro Switch GARP Port Configuration To configure a GARP port: 1. Select Switching> VLAN > Advanced > GARP Port Configuration. The GARP Port Configuration table is displayed. 2. To navigate the page, select one of the following links. For more navigation information, see Configuring Interface Settings on page 32. • To display all of the physical ports, click the 1 link. • To display all LAGs, click the LAGS link. • To display all ports and LAGs, click the All link.
S3300 Smart Managed Pro Switch Auto-VoIP Configuration Voice over Internet Protocol (VoIP) enables telephone calls over a data network. Because voice traffic is typically more time-sensitive than data traffic, the Auto VoIP feature helps provide a classification mechanism for voice packets so that they can be prioritized above data packets in order to provide better Quality of Service (QoS). With the Auto VoIP feature, voice prioritization is provided based on call-control protocols (SIP, SCCP, H.
S3300 Smart Managed Pro Switch Configure OUI-Based Auto-VoIP With Organizationally Unique Identifier (OUI)-based Auto VoIP, voice prioritization is provided based on OUI bits. From the OUI-based link, you can access the following pages: • OUI-Based Properties on page 155 • OUI-Based Port Settings on page 155 • OUI-Based OUI Table on page 155 OUI-Based Properties To configure OUI based properties: 1. Select Switching> Auto-VoIP> OUI-based > Properties. 2.
S3300 Smart Managed Pro Switch authority. The switch comes preconfigured with the following OUIs that identify the IP phone manufacturer: • 00:01:E3: SIEMENS • 00:03:6B: CISCO1 • 00:12:43: CISCO2 • 00:0F:E2: H3C • 00:60:B9: NITSUKO • 00:D0:1E: PINTEL • 00:E0:75: VERILINK • 00:E0:BB: 3COM • 00:04:0D: AVAYA1 • 00:1B:4F: AVAYA2 • 00:04:13: SNOM You can select an existing OUI or add a new OUI and description to identify the IP phones on the network. To add a new OUI prefix: 1.
S3300 Smart Managed Pro Switch Figure 86. Auto-VoIP Status The following table shows the non-configurable information displayed on the screen. Table 49. Auto-VoIP Status Field Description Auto-VoIP VLAN ID Displays the Auto-VoIP VLAN ID. Maximum Number of Voice Channels Supported Displays the maximum number of VoIP channels supported. Number of Voice Channels Detected Displays the number of VoIP channels prioritized successfully.
S3300 Smart Managed Pro Switch Spanning Tree Protocol The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Spanning tree versions supported include Common STP, Multiple STP, and Rapid STP. Classic STP provides a single path between end stations, avoiding and eliminating loops. For information about configuring Common STP, see CST Port Configuration on page 161.
S3300 Smart Managed Pro Switch STP Configuration The STP Configuration screen contains fields for enabling STP on the switch. To configure STP settings on the switch: 1. Select Switching > STP > Basic > STP Configuration. 2. Next to Spanning Tree State, specify whether to enable or disable Spanning Tree operation on the switch. 3. From the STP Operation Mode field, specify the Force Protocol Version parameter for the switch. Options are: • STP (Spanning Tree Protocol). IEEE 802.
S3300 Smart Managed Pro Switch Table 50. STP status information (continued) Field Description Max Age (secs) Specifies the bridge maximum age for CST. The value must be less than or equal to (2 X Bridge Forward Delay) – 1 and greater than or equal to 2 X (Bridge Hello Time +1). Forward Delay (secs) Derived value of the Root Port Bridge Forward Delay parameter. Hold TIme (secs) Minimum time between transmission of Configuration BPDUs.
S3300 Smart Managed Pro Switch The following MSTP status information is displayed on the Spanning Tree CST Configuration screen. Table 51. MSTP status information Field Description MST ID Table consisting of the MST instances (including the CST) and the corresponding VLAN IDs associated with each of them. VID Table consisting of the VLAN IDs and the corresponding FID associated with each of them FID Table consisting of the FIDs and the corresponding VLAN IDs associated with each of them.
S3300 Smart Managed Pro Switch • STP Status. Enable or disable the Spanning Tree Protocol Administrative Mode associated with the port or port channel. • Fast Link. Specifies if the specified port is an Edge Port with the CST. Possible values are Enable or Disable. The default is Disable. • BPDU Forwarding. Specifies whether spanning tree BPDUs should be forwarded while spanning-tree is disabled on the switch. The value is enabled or disabled. • Auto Edge.
S3300 Smart Managed Pro Switch Table 53. CST port status information Field Description Interface The port associated with the VLAN(s) associated with the CST. Port Role Each MST bridge port that is enabled is assigned a port role for each spanning tree. The port role will be one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master Port, or Disabled Port. Designated Root Root Bridge for the CST.
S3300 Smart Managed Pro Switch Table 54. Rapid STP status information (continued) Field Description Mode Specifies the spanning tree operation mode. Different modes are STP, RSTP, and MSTP. Fast Link Indicates whether the port is enabled as an edge port. Status The Forwarding State of this port.
S3300 Smart Managed Pro Switch MST Configuration Use the Spanning Tree MST Configuration screen to configure Multiple Spanning Tree (MST) on the switch. To configure an MST instance: 1. Select Switching > STP > Advanced > MST Configuration. 2. Configure the MST values: • MST ID. Specify the ID of the MST to create. Valid values for this are between 1 and 4094. • Priority. Specifies the bridge priority value for the MST. When switches or bridges are running STP, each is assigned a priority.
S3300 Smart Managed Pro Switch MST Port Configuration Use the MST Port Configuration screen to configure and display Multiple Spanning Tree (MST) settings on a specific port on the switch. A port can become Diagnostically Disabled (D-Disable) when DOT1S experiences a severe error condition. The most common cause is when the DOT1S software experiences BPDU flooding. The flooding criteria is such that DOT1S receives more than 15 BPDUs in a 3-second interval.
S3300 Smart Managed Pro Switch Table 56. MST port status information (continued) Field Description Port Mode Spanning Tree Protocol Administrative Mode associated with the port or port channel. Possible values are Enable or Disable. Port Forwarding State Indicates the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are: • Disabled. STP is currently disabled on the port.
S3300 Smart Managed Pro Switch STP Statistics Use the Spanning Tree Statistics screen to view information about the number and type of bridge protocol data units (BPDUs) transmitted and received on each port. To display the Spanning Tree Statistics screen, select Switching > STP > Advanced > STP Statistics. The following table describes the information available on the STP Statistics screen. Table 57.
S3300 Smart Managed Pro Switch Multicast Multicast IP traffic is traffic that is destined to a host group. Host groups for IPv4 multicast are identified by class D addresses, which range from 224.0.0.0 to 239.255.255.255. Host groups for IPv6 multicast are identified by the prefix ff00::/8.
S3300 Smart Managed Pro Switch Table 58. MFDB table information (continued) Field Description Description The text description of this multicast table entry. Possible values are Management Configured, Network Configured and Network Assisted. Interface The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:) for the selected address.
S3300 Smart Managed Pro Switch Auto-Video Use this screen to configure the Auto-Video parameters. To configure Auto-Video: 1. Select Switching> Multicast > Auto-Video. 2. Select one of the following radio buttons: • Select the Disable radio button to globally disable Auto-Video administrative mode for the switch. • Select the Enable radio button to globally enable Auto-Video administrative mode for the switch. The Auto-Video VLAN field shows the number of Auto-configured IGMP snooping VLANs. 3.
S3300 Smart Managed Pro Switch IGMP Snooping Configuration Use the IGMP Snooping Configuration screen to configure the parameters for IGMP snooping. These parameters are used to build forwarding lists for multicast traffic. To configure IGMP snooping: 1. Select Switching> Multicast > IGMP Snooping > IGMP Snooping Configuration. 2. Enable or disable IGMP snooping on the switch: • Enable.
S3300 Smart Managed Pro Switch 3. Configure the IGMP snooping values for the selected ports or LAGs: • Admin Mode. Select the interface mode for the selected interface for IGMP snooping for the switch from the menu. The default is Disable. • Host Timeout. Specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group. Enter a value between 2 and 3600 seconds. The default is 260 seconds.
S3300 Smart Managed Pro Switch Table 61. IGMP snooping table information (continued) Field Description Description The text description of this multicast table entry. Possible values are Management Configured, Network Configured, and Network Assisted. Interface The list of interfaces that are designated for forwarding (Fwd) and filtering (Flt) for the associated address.
S3300 Smart Managed Pro Switch Multicast Router Configuration If a multicast router is attached to the switch, its existence can be learned dynamically. You can also statically configure an interface as a multicast router interface, which is an interface that faces a multicast router or IGMP querier and receives multicast traffic. Use this screen to manually configure an interface as a static multicast router interface.
S3300 Smart Managed Pro Switch IGMP Snooping Querier IGMP snooping requires that one central switch or router periodically query all end-devices on the network to announce their multicast memberships. This central device is the IGMP querier. The IGMP query responses, known as IGMP reports, keep the switch updated with the current multicast group membership on a port-by-port basis.
S3300 Smart Managed Pro Switch IGMP Snooping Querier VLAN Configuration To create a new VLAN ID for IGMP snooping: 1. Select Switching> Multicast > IGMP Snooping Querier > Querier VLAN Configuration. 2. From the VLAN ID list, select New Entry and complete the following fields: • VLAN ID. Specify the VLAN ID for which the IGMP snooping querier is to be enabled. • • Querier Election Participate Mode. Enable or disable Querier Participate Mode. - Disabled.
S3300 Smart Managed Pro Switch Table 62. IGMP snooping querier VLAN status (continued) Field Description Last Querier Version The IGMP protocol version of the last querier from which a query was snooped on the VLAN. Operational Max Response Time The maximum response time to be used in the queries that are sent by the snooping querier.
S3300 Smart Managed Pro Switch Table 63. MLD snooping status information (continued) Field Description Interfaces Enabled for MLD Snooping A list of all the interfaces currently enabled for MLD snooping. For information about how to enable an interface for MLD snooping, see MLD Interface Configuration on page 179. VLAN IDs Enabled For MLD Snooping The VLANs enabled for MLD snooping. For information about how to enable a VLAN for MLD snooping, see MLD VLAN Configuration on page 180.
S3300 Smart Managed Pro Switch MLD VLAN Configuration MLD snooping can be enabled on a per VLAN basis. It is necessary to keep track of the interfaces that are participating in a VLAN in order to apply or remove configurations. To configure the MLD VLAN: 1. Select Switching> Multicast > MLD Snooping > MLD VLAN Configuration. 2. In the VLAN ID field, specify the on which MLD snooping is enabled. 3. In the Admin Mode list, select Enable. 4.
S3300 Smart Managed Pro Switch 2. Select each interface to configure. For information about how to select and configure one or more ports or LAGs, see Configuring Interface Settings on page 32. 3. Use the Multicast Router field to enable or disable Multicast Router on the selected interface. 4. Click the Apply button.
S3300 Smart Managed Pro Switch 5. In the Query Interval field, specify the time interval in seconds between periodic queries sent by the snooping querier. The Query Interval must be a value in the range of 1–1800 seconds. The default value is 60. 6. In the Querier Expiry Interval field, specify the time interval in seconds after which the last querier information is removed. The querier expiry Interval must be a value in the range of 60–300 seconds. The default value is 60. 7. Click the Apply button.
S3300 Smart Managed Pro Switch The following table describes the MLD snooping querier status information on the screen. Table 64. Field Description Operational State Specifies the operational state of the IGMP snooping querier on a VLAN: • Querier. The snooping switch is the querier in the VLAN. The snooping switch will send out periodic queries with a time interval equal to the configured querier query interval.
S3300 Smart Managed Pro Switch MVR Configuration IGMP snooping helps limit multicast traffic when member ports are in the same VLAN; however, when ports belong to different VLANs, a copy of the multicast stream is sent to each VLAN that has member ports in the multicast group. MVR eliminates the need to duplicate the multicast traffic when multicast group member ports belong to different VLANs. MVR uses a dedicated multicast VLAN to forward multicast traffic over the L2 network.
S3300 Smart Managed Pro Switch MVR Configuration Use the MVR Configuration screen to enable MVR and to configure global MVR settings on the switch. To configure basic MVR settings: 1. Select Switching > MVR > Basic > MVR Configuration 2. Next to MVR Running select Enable. 3. In the MVR Multicast VLAN field, specify the VLAN on which MVR multicast data will be received. All source ports belong to this VLAN. The value can be set in a range of 1 to 4093. The default value is 1. 4.
S3300 Smart Managed Pro Switch MVR Group Configuration Use the MVR Group Configuration screen to create and manage MVR groups on the switch. In this example, five MVR groups are created. To create multiple MVR groups in the same step, the groups must have contiguous IP addresses, such as 239.1.1.1, 239.1.1.2, 239.1.1.3, and so on. To configure five contiguous MVR groups: 1. Select Switching > MVR Configuration > Advanced > MVR Group Configuration. 2.
S3300 Smart Managed Pro Switch MVR Interface Configuration Use the MVR Interface Configuration screen to configure the ports that belong to the MVR groups and their roles within the groups. To configure the MVR interfaces: 1. Select Switching > MVR > Advanced > MVR Interface Configuration. 2. Select the ports to configure. For information about how to select and configure one or more ports, see Configuring Interface Settings on page 32. 3.
S3300 Smart Managed Pro Switch MVR Statistics Use the MVR Statistics screen to view information about the IGMP messages and IGMP packages the switch has transmitted. To view MVR statistics, select Switching > MVR > Advanced > MVR Statistics. The following table describes the MVR statistics. Table 67. MVR statistics Field Definition IGMP Query Received The number of received IGMP Queries. IGMP Report V1 Received The number of received IGMP Reports V1.
S3300 Smart Managed Pro Switch Address Table The address table maintains a list of MAC addresses after having received a packet from this MAC address. The transparent bridging function uses the forwarding database entries to determine how to forward a received frame. The Address Table link contains links described in the following sections.
S3300 Smart Managed Pro Switch Table 68. Address Table (continued) Field Description Interface The port where this address was learned: that is, this field displays the port through which the MAC address can be reached. Status The status of this entry. The possible values are: • Static. The entry was added when a static MAC filter was defined. • Learned. The entry was learned by observing the source MAC addresses of incoming traffic, and is currently in use. • Management.
S3300 Smart Managed Pro Switch Static MAC Address Use the Static MAC Address Configuration screen to configure and view static MAC addresses on an interface. To add a static MAC address: 1. Select Switching> Address Table > Advanced > Static MAC Address. 2. From the Interface list, select the port to associate with the statically configured MAC address. 3. In the MAC Address field, specify the MAC address to add. 4. From the VLAN ID list, select the VLAN ID corresponding to the MAC address to add. 5.
S3300 Smart Managed Pro Switch Multiple Registration Protocol Configuration1 Note: The Multiple Registration Protocol (MRP) feature is only supported on a standalone S3300 switch. Standalone here means that all four stack ports are running in Ethernet mode. Multiple Registration Protocol (MRP) is a base registration protocol that enables devices running an MRP application to register attributes to other devices in a network.
S3300 Smart Managed Pro Switch With MRP, network attributes are declared, registered, withdrawn, and removed completely dynamically without any user intervention. This dynamic nature is especially useful in networks where: • Network attributes are likely to change frequently, requiring reconfiguration of the intermediate devices. • Recipients of these attributes frequently increase or decrease in number.
S3300 Smart Managed Pro Switch MRP Configuration Use the MRP Configuration screen to configure global MRP settings for the switch. To configure global MRP settings: 1. Select Switching > MRP > Basic > MRP Configuration. 2. Next to MVRP Mode, select Enable to enable MVRP globally on the switch. MVRP provides an application to dynamically register VLAN information. The default mode is Disable. 3. Next to MMRP Mode, select Enable to enable MMRP globally on the switch.
S3300 Smart Managed Pro Switch MRP Port Settings Use the MRP Port Settings screen to configure the per-port MRP mode and timer settings. The timers control when and how often various messages are transmitted on each interface. To configure the MRP port parameters: 1. Select Switching> MRP > Advanced > Port Settings. 2. Select the interfaces to configure. For information about how to select and configure one or more ports, see Configuring Interface Settings on page 32. 3.
S3300 Smart Managed Pro Switch MMRP Statistics The MMRP Statistics screen displays information regarding the MMRP frames transmitted and received by the switch and by each interface. To view the MMRP Statistics screen, select Switching > MRP > Advanced > MMRP Statistics. The following table describes the fields on the MMRP Statistics screen. Table 69. MMRP statistics Field Description Global MMRP Statistics Frames Received The number of MMRP frames which were received on the switch.
S3300 Smart Managed Pro Switch MVRP Statistics The MVRP Statistics screen displays information regarding the MVRP frames transmitted and received by the switch and by each interface. To view the MVRP Statistics screen, select Switching > MRP > Advanced > MVRP Statistics. The following table describes the fields on the MVRP Statistics screen. Table 70. MVRP statistics Field Description Global MVRP Statistics Frames Received The number of MVRP frames which were received on the switch.
S3300 Smart Managed Pro Switch MSRP Statistics The MSRP Statistics screen displays information about the MSRP frames transmitted and received by the switch and by each interface. To view the MMRP Statistics screen, select Switching > MRP > Advanced > MSRP Statistics. The following table describes the fields on the MSRP Statistics screen. Table 71. MSRP statistics Field Description Global MSRP Statistics Frames Received The number of MSRP frames that have been received on the switch.
S3300 Smart Managed Pro Switch MSRP Reservation Parameters Use the MSRP Reservation Parameters screen to view information about the talker, listener, and intermediate device status for the devices involved in each MSRP stream flowing through the switch. To view the MSRP Reservation Parameters screen, select Switching > MRP > Advanced > MSRP Reservation Parameters. The following table describes status fields on the MSRP Reservation Parameters screen. Table 72.
S3300 Smart Managed Pro Switch Qav Parameters Use the Qav Parameters screen to configure and view the per-port IEEE 802.1Qav settings. The IEEE 802.1Qav standard supports time-sensitive traffic streams by pacing all switch traffic, including legacy asynchronous Ethernet traffic, through queuing and forwarding. When a Talker declares a stream, it identifies whether the stream is Class A or Class B and specifies the stream’s bandwidth requirements.
S3300 Smart Managed Pro Switch The following table describes the fields on the MSRP Stream Information screen. Table 74. MSRP Streams Information Field Description Stream ID A 16-bit unsigned integer value, Unique ID, used to distinguish among multiple streams sourced by the same system. Stream Source MAC Address The MAC address of the traffic stream’s source.
S3300 Smart Managed Pro Switch 802.1AS1 Note: The 802.1AS feature is only supported on a standalone S3300 switch. Standalone here means that all four stack ports are running in Ethernet mode. The IEEE 802.1AS standard specifies the protocol and procedures used to ensure that the QoS requirements are guaranteed for time-sensitive applications, such as audio and video. The IEEE 1588 Precision Time Protocol (PTP) forms the basis of the IEEE 802.1AS standard.
S3300 Smart Managed Pro Switch The following table shows the non-configurable information on the 802.1AS Configuration screen. Table 75. 802.1AS Global Status Field Description GrandMaster Present Identifies whether Grand Master Clock is present. The default is False. Best Clock Identity The Best Clock Identity detected by this time-aware bridge. Best Clock Priority1 The Priority1 value of the best clock on the switch. Best Clock Priority2 The Priority2 value of the best clock on the switch.
S3300 Smart Managed Pro Switch In a similar manner, if EAV is enabled, then the stack port pages are disabled. When stack ports are not configured (in other words, the 10G ports are configured as Ethernet) and EAV is enabled globally: 1. Configure the Uplink ports in Ethernet mode and reload the switch, using the System > Stacking > Advanced > Stack-port Configuration screen as shown in Figure 91, Configure Uplink Ports in Ethernet Mode. See Advanced Stack Configuration on page 83 Figure 91.
S3300 Smart Managed Pro Switch Figure 93. Stack Configuration is Unavailable 802.1AS Port Settings Use the 802.1AS Port Settings screen to configure and view per-port 802.1AS settings. To configure the 802.1AS port settings: 1. Select Switching > 802.1AS > Advanced > 802.1AS Port Settings. 2. Select the ports to configure. For information about how to select and configure one or more ports, see Configuring Interface Settings on page 32. 3. From the Admin Mode list, select Enable. 4.
S3300 Smart Managed Pro Switch 8. In the Announce Interval field, specify the desired transmission rate of ANNOUNCE messages. This value is the logarithm to the base 2 of the mean time interval between successive ANNOUNCE messages sent on this interface. The configured initial interval becomes the current interval only after the port is initialized or re-initialized for 802.1AS operation. 9. Configure the SyncRx Timeout.
S3300 Smart Managed Pro Switch The following table describes the non-configurable information on the 802.1AS Port Settings screen. Table 76. 802.1AS port settings Field Description Port Role The 802.1AS role of the interface. The possible roles are as follows: • Disabled (default) • Master • Slave • Passive Propagation Delay The mean propagation delay on the interface Measuring Pdelay Indicates whether the interface is receiving PDELAY response messages from other end of the link. 802.
S3300 Smart Managed Pro Switch Table 77. 802.1AS statistics (continued) Field Description Followup Tx The total number of FOLLOWUP packets transmitted without error. Followup Rx The total number of FOLLOWUP packets received without error. Announce Tx The total number of ANNOUNCE packets transmitted without error. Announce Rx The total number of ANNOUNCE packets received without error. Pdelay Req Tx The total number of PDELAY_REQ packets transmitted without error.
4. 4 Configuring Routing The switch supports IP routing. Use the menus under the Routing tab to manage routing on the system. When a packet enters the switch, the destination MAC address is checked to see if it matches any of the configured routing interfaces. If it does, then the switch searches the host table for a matching destination IP address. If an entry is found, then the packet is routed to the host.
S3300 Smart Managed Pro Switch Configure IP Settings For information about how to configure and display IP routing data, see the following sections: • IP Configuration on page 210 • VLAN Routing Wizard on page 214 • IP Statistics on page 211 IP Configuration Use the IP Configuration screen to configure routing parameters for the switch. To enable routing on the switch: 1. Select Routing > IP > IP Configuration. 2. Next to Routing Mode, select Enable.
S3300 Smart Managed Pro Switch IP Statistics The statistics reported on the IP Statistics screen are as specified in RFC 1213. To display the IP statistics screen, select Routing > IP >Statistics. The following table describes the IP statistics information displayed on the screen. Table 79. IP routing statistics Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error.
S3300 Smart Managed Pro Switch Table 79. IP routing statistics (continued) Field Description IpReasmTimeout The maximum number of seconds which received fragments are held while they are awaiting reassembly at this entity. IpReasmReqds The number of IP fragments received which needed to be reassembled at this entity. IpReasmOKs The number of IP datagrams successfully re-assembled.
S3300 Smart Managed Pro Switch Table 79. IP routing statistics (continued) Field Description IcmpOutMsgs The total number of ICMP messages which this entity attempted to send. Note that this counter includes all those counted by icmpOutErrors. IcmpOutErrors The number of ICMP messages which this entity did not send due to problems discovered within ICMP such as a lack of buffers.
S3300 Smart Managed Pro Switch Configure VLAN Routing You can configure the switch software with some ports supporting VLANs and some supporting routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port. When a port is enabled for bridging (default) rather than routing, all normal bridge processing is performed for an inbound packet, which is then associated with a VLAN.
S3300 Smart Managed Pro Switch 6. Click the box under each port or LAG to add to the VLAN as a VLAN member. Each port or LAG has three modes: • T(Tagged). Select the ports on which all frames transmitted for this VLAN will be tagged. The ports that are selected will be included in the VLAN. • U(Untagged). Select the ports on which all frames transmitted for this VLAN will be untagged. The ports that are selected will be included in the VLAN. • BLANK(Autodetect).
S3300 Smart Managed Pro Switch Configure Router Discovery The Router Discovery protocol is used by hosts to identify operational routers on the subnet. Router discovery messages are of two types: router advertisements and router solicitations. The protocol mandates that every router periodically advertise the IP addresses it is associated with. Hosts listen for these advertisements and discover the IP addresses of neighboring routers.
S3300 Smart Managed Pro Switch Configure and View Routes From the Route Configuration screen, you can configure static and default routes and view the routes that the switch has already learned. To configure a static route: 1. Select Routing > Route Configuration. 2. From the Route Type field, select Static. When you create a default route, you must specify only the next hop IP address. By default, the default route has a preference of 1. 3.
S3300 Smart Managed Pro Switch The Route Status table provides information about the static routes configured on the switch and the dynamic routes the switch has learned. Table 81. Routing table information Field Description Route Type Indicates whether the learned route is a static or default route. Network Address The IP route prefix for the destination.
S3300 Smart Managed Pro Switch Configure ARP The address resolution protocol (ARP) associates a layer 2 MAC address with a layer 3 IPv4 address. Switch software features both dynamic and manual ARP configuration. With manual ARP configuration, you can statically add entries into the ARP table. ARP is a necessary part of the Internet protocol (IP) and is used to translate an IP address to a media (MAC) address, defined by a local area network (LAN) such as Ethernet.
S3300 Smart Managed Pro Switch ARP Cache Use the ARP Cache screen to view entries in the ARP table, a table of the remote connections most recently seen by this switch. To display entries in the ARP table, select Routing > ARP > Basic > ARP Cache. The following table provides information included in the management VLAN ARP cache section. Table 82.
S3300 Smart Managed Pro Switch Create a Static ARP Entry Use this screen to add a static entry to the ARP table. To add an entry to the ARP table: 1. Select Routing > ARP > Advanced > ARP Create. 2. In the IP Address field, specify the IP address to add. It must be the IP address of a device on a subnet attached to one of the switch’s existing routing interfaces. 3. In the MAC Address field, specify the unicast MAC address of the device.
S3300 Smart Managed Pro Switch Remove an ARP Entry From the ARP Cache Use this screen to remove certain entries from the ARP Table. To remove entries from the ARP table: 1. Select Routing > ARP > Advanced > ARP Entry Management. 2. From the Remove From Table list, select the type of ARP entry to be removed.
5. Configuring Quality of Service 5 In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria. When a packet is queued for transmission in a port, the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port.
S3300 Smart Managed Pro Switch Class of Service The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required. The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table.
S3300 Smart Managed Pro Switch Global Trust Mode can be one of the following: • Untrusted. Do not trust any CoS packet marking at ingress. • 802.1p. The eight priority tags that are specified in IEEE 802.1p are p0 to p7. The QoS setting lets you map each of the eight priority levels to one of seven internal hardware priority queues. • DSCP. The six most significant bits of the DiffServ field are called the Differentiated Services Code Point (DSCP) bits. 4. Click the Apply button.
S3300 Smart Managed Pro Switch CoS Interface Configuration Use the CoS Interface Configuration screen to configure the trust mode for one or more interfaces and to apply an interface shaping rate to all interfaces or to a specific interface. To configure CoS settings for an interface: 1. Select QoS > CoS > Advanced > CoS Interface Configuration. 2. Select the interfaces to configure.
S3300 Smart Managed Pro Switch Interface Queue Configuration Use the Interface Queue Configuration screen to define what a particular queue does by configuring switch egress queues. User-configurable parameters control the amount of bandwidth used by the queue, the queue depth during times of congestion, and the scheduling of packet transmission from the set of all queues on a port. Each port has its own CoS queue-related configuration.
S3300 Smart Managed Pro Switch 802.1p to Queue Mapping Use this screen to view or change which internal traffic classes are mapped to the 802.1p priority class values in Ethernet frames the device receives. The priority-to-traffic class mappings can be applied globally or per-interface. The mapping allows the switch to group various traffic types (for example, data or voice) based on their latency requirements and give preference to time-sensitive traffic. To map 802.1p priorities to queues: 1.
S3300 Smart Managed Pro Switch Differentiated Services The QoS feature contains Differentiated Services (DiffServ) support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors. Standard IP-based networks are designed to provide “best effort” data delivery service. “Best effort” service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will.
S3300 Smart Managed Pro Switch Diffserv Configuration Use the DiffServ Configuration screen to display DiffServ general status group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. To configure the global DiffServ mode: 1. Select QoS > DiffServ > Advanced > DiffServ Configuration. 2. Next to DiffServ Admin Mode, select Enable.
S3300 Smart Managed Pro Switch Class Configuration Use the Class Configuration screen to add a new DiffServ class name, or to rename or delete an existing class. The screen also allows you to define the criteria to associate with a DiffServ class. As packets are received, these DiffServ classes are used to prioritize packets. You can have multiple match criteria in a class. The logic is a Boolean logical-and for this criteria. After creating a Class, click the class link to the Class screen.
S3300 Smart Managed Pro Switch Figure 95. DiffServ Class Configuration Criteria 2. Define the criteria to associate with a DiffServ class: • Match Every. This adds to the specified class definition a match condition whereby all packets are considered to belong to the class. • Reference Class. Selects a class to start referencing for criteria. A specified class can reference at most one other class of the same type. • Class of Service. Select the field and enter a class of service 802.
S3300 Smart Managed Pro Switch • Destination MAC Mask. This is a bit mask in the same format as MAC Address indicating which part(s) of the destination MAC Address to use for matching against packet content. • Protocol Type. Requires a packet’s layer 4 protocol to match the protocol you select. If you select Other, enter a protocol number in the field that displays. The valid range is 0–255. • Source IP Address. Requires a packet’s source port IP address to match the address listed here.
S3300 Smart Managed Pro Switch IPv6 Class Configuration The IPv6 Class Configuration feature extends the existing QoS ACL and DiffServ functionality by providing support for IPv6 packet classification. An Ethernet IPv6 packet is distinguished from an IPv4 packet by its unique EtherType value, so all IPv6 classifiers include the EtherType field. An IPv6 access list serves the same purpose as its IPv4 counterpart.
S3300 Smart Managed Pro Switch The same set of fields described for IPv6 ACL classification are also supported as match criteria for DiffServ classes. Prior to the introduction of IPv6 class rule fields, any layer 3 or layer 4 item was interpreted as a field in an IPv4 packet. To properly interpret the match criteria fields and create classifier entries, it is necessary for the configuration to specify what type of packet a class defines.
S3300 Smart Managed Pro Switch The policy name is a hyperlink. The following figure shows the configuration fields for the policy. Figure 97. Policy Configuration 2. Configure the policy attributes: • Assign Queue. Select this value from the drop-down list. This is an integer value in the range 0 to 6. • Drop. Select this option to drop every inbound packet. • Mark VLAN CoS. Select this value from the drop-down list. This is an integer value in the range from 0 to 7 for setting the VLAN priority.
S3300 Smart Managed Pro Switch One of the classes must be selected from this list. 4. If you select the Simple Policy attribute, configure the following fields: • Color Mode. Color Aware mode requires the existence of one or more color classes that are valid for use with this policy instance; otherwise, the color mode is color blind, which is the default. • Color Conform Mode. The match-criteria of the color Conform class. • Committed Rate.
S3300 Smart Managed Pro Switch Service Configuration Use the Service Configuration screen to activate a policy on an interface. To attach a DiffServ policy to an interface: 1. Select QoS > DiffServ > Advanced > Service Configuration. 2. Select the interfaces to attach to the policy. For information about how to select and configure one or more ports and LAGs, see Configuring Interface Settings on page 32. 3. From the Policy In Name list, select the policy to attach to the interface. 4.
S3300 Smart Managed Pro Switch Table 85. Service statistics (continued) Field Description Discarded Packets The total number of packets discarded for all class instances in this service policy for any reason due to DiffServ treatment. This is the overall count per-interface, per-direction. Member Classes Selects the member class for which octet statistics are to display. Click Update to update the page with the latest information on the switch.
6. Managing Device Security 6 Use the features available from the Security navigation tab to configure management security settings for port, user, and server security. The Security tab contains links to the features described in the following sections.
S3300 Smart Managed Pro Switch Management Security Settings From the Management Security menu, you can configure the login password, Remote Authorization Dial-In User Service (RADIUS) settings, Terminal Access Controller Access Control System (TACACS+) settings, and authentication lists. The Management Security folder contains links described in the following sections.
S3300 Smart Managed Pro Switch Note: In you have forgotten the password and are unable to log in to the switch management interface, press the Factory Defaults button on the front panel of the switch for more than 1 second. The device reboots, and all switch settings, including the password, are reset to the factory default values. If you press the button for less than 1 second, the switch reboots, but the switch loads the saved configuration.
S3300 Smart Managed Pro Switch RADIUS Configuration RADIUS servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information. The switch passes information to the configured RADIUS server, which can authenticate a user name and password before authorizing use of the network. RADIUS servers provide a centralized authentication method for: • Web access • Port access control (802.
S3300 Smart Managed Pro Switch RADIUS Server Configuration Use the RADIUS Server Configuration screen to view and configure various settings for the current RADIUS server configured on the system. To add a primary RADIUS server with a shared secret: 1. Select Security > Management Security > RADIUS > Server Configuration. 2. In the Server Address field, specify the IP address of the RADIUS server to add. 3.
S3300 Smart Managed Pro Switch Table 86. RADIUS server statistics (continued) Field Description Access Challenges The number of RADIUS Access-Challenge packets, including both valid and invalid packets, that were received from this server. Malformed Access Responses The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length.
S3300 Smart Managed Pro Switch You must select Yes before you can configure the RADIUS secret. After you add the RADIUS accounting server, this field indicates whether the shared secret for this server has been configured. 5. In the Secret field, type the shared secret to use with the specified accounting server. 6. From the Accounting Mode menu, select Enable to enable the RADIUS accounting mode. 7. Click the Apply button.
S3300 Smart Managed Pro Switch Configure TACACS+ TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services: • Authentication. Provides authentication during login and through user names and user-defined passwords. • Authorization. Performed at login. When the authentication session is completed, an authorization session starts using the authenticated user name.
S3300 Smart Managed Pro Switch The priority determines the order in which the TACACS+ servers are contacted when attempting to authenticate a user. A value of 0 is the highest priority. 4. (Optionally) In the Port field, specify the authentication port value for TACAS+ server sessions. If you do not specify a value, the switch uses the standard TCP port 49 for sessions with the server. 5.
S3300 Smart Managed Pro Switch Authentication List Configuration Use the Authentication List screen to configure the default login list. A login list specifies one or more authentication methods to validate switch or port access for the admin user. Note: Admin is the only user on the system and is assigned to a preconfigured list named defaultList, which you cannot delete. HTTP Authentication List Use the HTTP Authentication List to configure the default HTTP login list.
S3300 Smart Managed Pro Switch 7. Click the Apply button. HTTPS Authentication List Use the HTTPS Authentication List to configure the default login list for secure HTTP (HTTPS). To configure the HTTPS authentication method for the defaultList: 1. Select Security > Management Security > Authentication List > HTTPS Authentication List. 2. Select the check box next to the httpsList name. 3.
S3300 Smart Managed Pro Switch To change the Dot1x authentication method for the defaultList: 1. Select Security > Management Security > Authentication List > Dot1x Authentication List. 2. Select the check box next to the dot1xList name. 3. From the list in the 1 column, select the method that should appear first in the selected authentication login list. The options are: • Local. The user’s locally stored ID and password will be used for authentication. • Radius.
S3300 Smart Managed Pro Switch Configuring Management Access From the Access menu, you can configure HTTP and secure HTTP access to the switch management interface. You can also configure access control profiles and access rules. The Access menu contains links to the features described in the following sections.
S3300 Smart Managed Pro Switch Secure HTTP Configuration Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When you manage the switch by using the web management interface, secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man-in-the-middle attacks.
S3300 Smart Managed Pro Switch Certificate Management Use this screen to generate or delete certificates. To generate an SSL certificate: 1. Select Security > Access > HTTPS > Certificate Management. From the Certificate Present field, a Yes or No status displays. 2. In the Certificate Management area, select Generate Certificates. 3. Click the Apply button. The switch begins generating an SSL certificate. 4. The Certificate Generation Status field shows information about the progress.
S3300 Smart Managed Pro Switch The default is IPv4. 4. In the TFTP Server IP field, specify the address of the TFTP server. The address can be an IP address in standard x.x.x.x format or a hostname. The hostname must start with a letter of the alphabet. Make sure that the software image or other file to be downloaded is available on the TFTP server. 5. Enter the path of the file which you want to download in the Remote File Path field. You can enter up to 96 characters. The factory default is blank. 6.
S3300 Smart Managed Pro Switch Access Control Access control allows you to configure a profile and set access rules. Access Profile Configuration Use the Access Profile Configuration screen to set up a security access profile. To configure an access profile: 1. Select Security > Access > Access Control > Access Profile Configuration. 2. In the Access Profile Name field, specify the name of the access profile to be added. 3. Select one of the following options: • Activate Profile.
S3300 Smart Managed Pro Switch 2. From the Rule Type field, select the action to be performed when the rules selected are matched. A permit rule allows access by traffic that matches the rule criteria. A deny rule blocks traffic that matches the rule criteria. 3. From the Service Type field, select the access method to which the rule is applied. THe policy is restricted by the management chosen from the menu. Possible access methods are: • HTTP • Secure HTTP (SSL) • SNMP • JAVA 4.
S3300 Smart Managed Pro Switch Port Authentication In port-based authentication mode, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the default authentication mode. The 802.
S3300 Smart Managed Pro Switch 3. In the VLAN Assignment Mode field, select Enable. When enabled, this feature allows a port to be placed into a particular VLAN based on the result of the authentication or type of 802.1X authentication a client uses when it accesses the device. The authentication server can provide information to the device about which VLAN to assign the supplicant. 4. Next to Dynamic VLAN Creation Mode, select Enable.
S3300 Smart Managed Pro Switch - Unauthorized. The system denies the selected interface system access by moving the interface into unauthorized state. The switch cannot provide authentication services to the client through the interface. - MAC based. This mode allows multiple supplicants connected to the same port to each authenticate individually. Each host connected to the port must authenticate separately in order to gain access to the network. The hosts are distinguished by their MAC addresses.
S3300 Smart Managed Pro Switch The following table describes the 802.1X status information available on the screen. Table 89. Port Authentication Status Information Field Description Control Direction The control direction for the specified port, which is always Both. The control direction dictates the degree to which protocol exchanges take place between Supplicant and Authenticator.
S3300 Smart Managed Pro Switch 2. Click the Reauthenticate button. The selected port is forced to restart the authentication process.This button is available only if the control mode is auto. If the button is not selectable, it will be grayed out. When this button is pressed, the action is immediate. It is not required to click the Apply button for the action to occur. Port Summary Use the Port Summary screen to view summary information about the port-based authentication settings for each port.
S3300 Smart Managed Pro Switch Client Summary This screen displays information about supplicant devices that are connected to the local authenticator ports. If there are no active 802.1X sessions, the table is empty. To access the Client Summary screen, select Security > Port Authentication > Advanced > Client Summary. The Client Summary screen for the 802.1X feature displays. The following table describes the fields on the Client Summary screen. Table 91. IEEE 802.
S3300 Smart Managed Pro Switch Traffic Control From the Traffic Control menu, you can configure MAC Filters, Storm Control, Port Security, and Protected Port settings. The Traffic Control menu contains links to the features described in the following sections.
S3300 Smart Managed Pro Switch If a packet with the MAC address and VLAN ID you specify is received on a port that is not in the list, it will be dropped. 6. From the list of Destination Port Members, select the ports to include in the outbound filter. Packets with the MAC address and VLAN ID you selected will be transmitted only out of ports that are in the list. Destination ports can be included only in the Multicast filter. 7. Click the Apply button. To delete a configured MAC filter: 1.
S3300 Smart Managed Pro Switch Storm Control A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses can overload network resources and/or cause the network to time out. The switch measures the incoming broadcast/multicast/unknown unicast packet rate per port and discards packets when the rate exceeds the defined value.
S3300 Smart Managed Pro Switch Port Security Configuration Use the Port Security feature to lock one or more ports on the system. When a port is locked, only packets with an allowable source MAC addresses can be forwarded. All other packets are discarded. To configure the global port security mode: 1. Select Security > Traffic Control > Port Security > Port Security Configuration. 2. In the Port Security Mode field, select the appropriate radio button to enable or disable port security on the switch.
S3300 Smart Managed Pro Switch • Port Security. Enable or Disable the port security feature for the selected port. The default is Disable. • Max Allowed Dynamically Learned MAC. Specify the maximum number of dynamically learned MAC addresses on the selected interface. • Max Allowed Statically Locked MAC. Specify the maximum number of statically locked MAC addresses on the selected interface. • Enable Violation Traps.
S3300 Smart Managed Pro Switch Protected Ports Membership If a port is configured as protected, it does not forward traffic to any other protected port on the switch, but it will forward traffic to unprotected ports. Use the Protected Ports Membership screen to configure the ports as protected or unprotected. To configure protected ports: 1. Select Security > Traffic Control > Protected Ports. 2. Click the box to display the available ports. 3.
S3300 Smart Managed Pro Switch Configure Access Control Lists Access control lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network. Switch software supports IPv4 and MAC ACLs.
S3300 Smart Managed Pro Switch ACL Wizard The ACL Wizard helps you to create a simple ACL and apply it to the selected ports easily and quickly. First, you can select an ACL type. Then, you can add an ACL rule to this ACL, and a rule can be applied this ACL on the selected ports. The ACL Wizard allows you to create, but not modify, the ACL. For information about how to modify the rule, see Access Rule Configuration on page 256. To create an ACL by using the ACL Wizard: 1.
S3300 Smart Managed Pro Switch 6. Specify the additional match criteria for the selected ACL type. The rest of the rule match criteria fields available for configuration depend on the selected ACL type. For information about the possible match criteria fields, see Table 95. Table 95. ACL fields according to selected ACL type ACL Based On Fields Destination MAC • • • Source MAC Destination MAC. Specify the destination MAC address to compare against an ethernet frame.
S3300 Smart Managed Pro Switch In Figure 99 on page 273, the ACL rule is configured to check for packet matches on ports 8, 9, 13, and LAG 1. Packets that have a source address in the 192.168.3.0/24 network are permitted to be forwarded by the interfaces. All other packets are dropped because every ACL has an implicit deny all rule as the last rule. Figure 99. ACL Wizard 9. Click the Add button. To modify a rule: 1. Select check box associated with the rule to remove. 2.
S3300 Smart Managed Pro Switch MAC ACL A MAC ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. There are multiple steps involved in defining a MAC ACL and applying it to the switch: 1. Create the ACL ID. See MAC ACL on page 274. 2. Create a MAC rule. See MAC Rules on page 274. 3.
S3300 Smart Managed Pro Switch Note: To create a new MAC ACL, use the MAC ACL screen. See MAC ACL on page 274. To add rules to a MAC ACL: 1. Select Security > ACL > Basic > MAC Rules. 2. From the ACL Name list, select the MAC ACL for which to create or update a rule. 3. In the Sequence Number field, specify ID for the rule. 4. Configure the ACL rule criteria by selecting options or specifying values as follows: • Action.
S3300 Smart Managed Pro Switch • EtherType User Value. This field is configurable if you select User Value from the EtherType drop-down menu. The value you enter specifies a customized EtherType to compare against an Ethernet frame. The valid range of values is 0x0600–0xFFFF. • Source MAC. Requires a packet’s source port MAC address to match the address listed here. Enter a MAC address in the this field. The valid format is xx:xx:xx:xx:xx:xx. • Source MAC Mask.
S3300 Smart Managed Pro Switch MAC Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the MAC Binding Configuration screen to assign MAC ACL lists to ACL priorities and interfaces. To configure MAC ACL interface bindings: 1. Select Security > ACL > Basic > MAC Binding Configuration. 2. From the ALC ID menu, select the MAC ACL to bind to one or more interfaces.
S3300 Smart Managed Pro Switch MAC Binding Table Use the MAC Binding Table screen to view or delete the MAC ACL bindings. The following table describes the information displayed in the MAC Binding Table. Table 96. MAC binding table information Field Description Interface The interface to which the MAC ACL is bound. Direction The packet filtering direction for ACL. The only valid direction is Inbound, which means the MAC ACL rules are applied to traffic entering the port.
S3300 Smart Managed Pro Switch IP ACL IP ACLs allow network managers to define classification actions and rules for specific ingress ports. Packets can be filtered on ingress (inbound) ports only. If the filter rules match, then some actions can be taken, including dropping the packet or disabling the port. For example, a network administrator defines an ACL rule that says port number 20 can receive TCP packets. However, if a UDP packet is received the packet is dropped.
S3300 Smart Managed Pro Switch IP Rules Use the IP Rules screen to define rules for IP-based standard ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: There is an implicit deny all rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit “deny all” rule applies and the packet is dropped. To add IP rules: 1.
S3300 Smart Managed Pro Switch Figure 101. Standard ACL Rule Configuration 4. In the Sequence Number field, specify a number in the range from 1 to 2147483647 to identify the IP ACL rule. 5. Select or specify values for one or more of the following match criteria: • Sequence Number. Specify a number in the range of 1 to 2147483647 to identify the IP ACL rule. You can create up to 50 rules for each ACL. • Action. Select the ACL forwarding action, which is one of the following: - Permit.
S3300 Smart Managed Pro Switch subnet mask. A wildcard mask is in essence the inverse of a subnet mask. For example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, enter 0.0.0.255 in the Source IP Mask field. This field is required when you configure a source IP address. 6. Click the Apply button. To modify the match criteria for an ACL rule: 1. From the ACL Name list on the IP Rules screen, select the ACL that includes the rule to update. 2. In the Basic ACL Rule Table, click the rule ID.
S3300 Smart Managed Pro Switch Figure 102. Extended ACL Rule Configuration 4. Next to Sequence Number, specify a number in the range of 1 to 2147483647 to identify the IP ACL rule. You can create up to 50 rules for each ACL. 5. Select or specify values for one or more of the following match criteria: • Action. Select the ACL forwarding action, which is one of the following: - Permit. Forwards packets which meet the ACL criteria. - Deny. Drops packets which meet the ACL criteria. • Egress Queue.
S3300 Smart Managed Pro Switch 0.0.0.255 in the Source IP Mask field. This field is required when you configure a source IP address. • Src L4 Port. Require a packet’s TCP/UDP source port to match the port listed here. Click Complete one of the following fields: - Source L4 Keyword. Select the desired L4 keyword from a list of source ports on which the rule can be based. - Source L4 Port Number. If the source L4 keyword is Other, enter a user-defined Port ID by which packets are matched to the rule.
S3300 Smart Managed Pro Switch example, to check for an IP TOS value having bits 7 and 5 set and bit 1 clear, where bit 7 is most significant, use a TOS Bits value of a0 and a TOS Mask of 00. 6. Click the Apply button. To modify the match criteria for an ACL rule: 1. From the ACL Name list on the Extended ACL Rules screen, select the ACL that includes the rule to update. 2. In the Extended ACL Rule Table, click the rule. The rule is a hyperlink to the Extended ACL Rule Configuration screen. 3.
S3300 Smart Managed Pro Switch IPv6 ACL An IPv6 ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On this menu, the interfaces to which an IP ACL applies must be specified, as well as whether it applies to inbound or outbound traffic. Rules for the IPv6 ACL are specified/created using the IPv6 Rules screen.
S3300 Smart Managed Pro Switch IPv6 Rules Use the IPv6 Rules screen to configure the rules for the IPv6 Access Control Lists. The IPv6 Access Control Lists are created using the IPv6 Access Control List Configuration screen. By default, no specific value is in effect for any of the IPv6 ACL rules. To add a rule to an IPv6 ACL: 1. Select Security > ACL > Advanced > IPv6 Rules. 2. In the ACL Name list, select the name of the ACL to add a rule to. 3. Click the Add button.
S3300 Smart Managed Pro Switch • Assign Queue ID. Specifies the hardware egress queue identifier used to handle all packets matching this IPv6 ACL rule. The valid range of Queue IDs is from 0 to 6. This field is visible for a Permit Action. • Mirror Interface. Specifies the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface is already configured for the ACL rule.
S3300 Smart Managed Pro Switch • Flow Label. Flow label is 20-bit number that is unique to an IPv6 packet, used by end stations to signify quality-of-service handling in routers. Flow label can be specified within the range (0 to 1048575). • IPv6 DSCP Service. Specify the IP DiffServ Code Point (DSCP) field. The DSCP is defined as the high-order six bits of the Service Type octet in the IPv6 header. This is an optional configuration. Enter an integer from 0 to 63.
S3300 Smart Managed Pro Switch • To remove the selected ACL from a port or LAG, click the box directly below the port or LAG number to clear the selection. A check mark in the box indicates that the ACL is applied to the interface. 5. Click the Apply button. IP Binding Table Use the IP Binding Table screen to view or delete the IP ACL bindings. The following table describes the information displayed in the IP binding table. Table 97.
S3300 Smart Managed Pro Switch number. If the sequence number is not specified by the user (i.e., the value is 0), a sequence number that is one greater than the highest sequence number currently in use for this VLAN and direction will be used. Valid range is (1 to 4294967295). 5. From the ACL Type list, select the type of ACL: • IP ACL • MAC ACL • IPv6 ACL 6. From the ACL ID list, select the ID of the ACL to bind to the specified VLAN.
7. 7 Maintenance Use the features available from the Maintenance tab to help you manage the switch. The Maintenance tab contains links to the features described in the following sections.
S3300 Smart Managed Pro Switch Reset The Reset menu contains links to the features described in the following sections. • Device Reboot on page 293 • Factory Default on page 293 Device Reboot Use the Device Reboot screen to reboot the switch. To reboot the switch: 1. Select Maintenance > Reset > Device Reboot. 2. In the Reboot Unit No. field, select the unit to reset.
S3300 Smart Managed Pro Switch Export (Upload) a File From the Switch The switch supports system file exports (uploads) from the switch to a remote system by using either TFTP or HTTP. The Export menu contains links to the features described in the following sections.
S3300 Smart Managed Pro Switch 3. From the Server Address Type list, select the format to use for the address you type in the TFTP Server Address field. The default is IPv4. • IPv4. Indicates that the TFTP server address is an IP address in dotted-decimal format. • DNS. Indicates that the TFTP server address is a host name. 4. In the Server Address field, specify the IP address or host name of the TFTP server. The address you type must be in the format indicated by the TFTP server address type. 5.
S3300 Smart Managed Pro Switch 2. From the File Type list, specify what type of file you want to export from the switch. The factory default is Text Configuration. • Text Configuration. A text-based configuration file enables you to edit a configured text file (startup-config) offline as needed without having to translate the contents for the switch to understand.
S3300 Smart Managed Pro Switch 3. In the File Path field, enter the path for the file to export. You may enter up to 139 characters. The factory default is blank. 4. In the USB File field, specify a destination filename for the file to export. You can enter up to 32 characters. The factory default is blank. The transfer fails if you do not specify a filename. 5. Click the Apply button. The file transfer begins.
S3300 Smart Managed Pro Switch Figure 108. TFTP File Download 2. From the File Type list, specify what type of file you want to download to the switch. The factory default is Software. • Software. The system software image (STK) that is saved in one of two flash sectors called images (image1 and image2). The active image stores the active copy while the other image stores a second copy. The device boots and runs from the active image.
S3300 Smart Managed Pro Switch Note: To download SSH key files, SSH must be administratively disabled, and there can be no active SSH sessions. Note: To download SSL PEM files, SSL must be administratively disabled, and there can be no active SSH sessions. 3. The Image Name field is visible only when File Type - Software is selected. From the Image Name field, select one of the images from the list. • image1 — Select image1 to download image1. • image2 — Select image2 to download image2. 4.
S3300 Smart Managed Pro Switch 10. Click the Cancel button to cancel the configuration on the screen and reset the data on the screen to the latest value on the switch. HTTP File Download Use the HTTP File Download screen to download files of various types to the switch through an HTTP session by using your web browser. To download a file to the switch by using HTTP: 1. Select Maintenance > Download > HTTP File Download. Figure 109. HTTP File Download 2.
S3300 Smart Managed Pro Switch Note: To download SSL PEM files, SSL must be administratively disabled, and there can be no active SSH sessions. 3. The Image Name field is visible only when File Type - Software is selected. From the Image Name field, select one of the images from the list. • image1 — Select image1 to download image1. • image2 — Select image2 to download image2. Note: Do not overwrite the active image. If you attempt to do this, the system will display a warning. 4.
S3300 Smart Managed Pro Switch Figure 110. USB File Download To download a file to the switch from a USB device: 1. From the File Type list, specify the type of file to download to the switch: • Software. The STK system software image, which is saved in one of two flash sectors called images (image1 and image2). The active image stores the active copy; the other image stores a second copy. The device boots and runs from the active image.
S3300 Smart Managed Pro Switch File Management The system maintains two versions of the switch software in permanent storage. One image is the active image, and the second image is the backup image. The active image is loaded during subsequent switch restarts. This feature reduces switch down time when upgrading or downgrading the switch software. A legacy software version will ignore (not load) a configuration file created that is created by a newer software version.
S3300 Smart Managed Pro Switch The Current-active field displays the name of the active image. 3. From the Unit Number list, select the specific unit number or All units to configure. 4. (Optionally) In the Image Description field, specify a name for the selected image. 5. Next to Activate Image, select the check box. 6. Click the Apply button. Note: After activating an image, you must perform a system reset of the switch to run the new code.
S3300 Smart Managed Pro Switch Troubleshooting Configuration Menu The Maintenance main navigation tab gives access to the Troubleshooting configuration menu. From this menu, you can perform basic troubleshooting functions such as pinging an IPv4 or IPv6 address to check if the switch can communicate with a particular network host and tracing an IPv4 or IPv6 route to determine the packet’s path to a remote destination.
S3300 Smart Managed Pro Switch Figure 111. Ping IPv4 2. In the IP Address/Host Name field, specify the IP address or Hostname of the station you want the switch to ping. The initial value is blank. The IP Address or Hostname you enter is not retained across a power cycle. 3. Optionally, configure the following settings: • In the Count field, specify the number of pings to send. The default value is 3. The range is 1 to 15. The Count you enter is not retained across a power cycle.
S3300 Smart Managed Pro Switch 5. Click Apply to send the ping to the specified address. The switch sends the number of pings specified in the Count field, and the results are displayed below the configurable data in the Results area. • If the ping is successful, you see “Reply From IP/Host: icmp_seq = 0. time = xx usec. Tx = x, Rx = x Min/Max/Avg RTT = x/x/x msec.” • If a reply to the ping is not received, you will see “Reply From IP/Host: Destination Unreachable.
S3300 Smart Managed Pro Switch 4. Use Count to enter the number of echo requests you want to send. The range is 1 to 15. The default value is 3. 5. In the Interval field, specify the number of seconds between pings sent. The range is 1 to 60. The default value is 3. 6. In the Datagram Size field, specify the datagram size of the ping packet. The valid range is 0 to 13000. The default value is 0 bytes. 7. Enter the Source IP address or interface to use when sending the echo request packets.
S3300 Smart Managed Pro Switch Figure 113. Traceroute IPv4 2. Use IP Address/Hostname to enter the IP address or Hostname of the station you want the switch to discover a path. The default value is blank. The IP Address or Hostname you enter is not retained across a power cycle. 3. Enter the number of Probes Per Hop, the number of times each hop should be probed. The default value is 3. The range is 1 to 10. The Probes per Hop you enter is not retained across a power cycle. 4.
S3300 Smart Managed Pro Switch • IP Address — The source is an IP address that you specify using when sending the Echo request packets. This field is shown when IP Address is selected as the source option. • Interface — The interface to use when sending the Echo request packets. This field is shown when Interface is selected as the source option. Note: Values configured in the fields above are not saved to the switch. As a result, refreshing the page sets these fields to the default values. 11.
S3300 Smart Managed Pro Switch Figure 114. Traceroute IPv6 2. Use IPv6 Address/Hostname to enter the IPv6 address or Hostname of the station to which the switch should find a path. The initial value is blank. The IPv6 Address or Hostname you enter is not retained across a power cycle. 3. Enter the Probes Per Hop. Specify the number of times each hop should be probed. The default value is 3. The range is 1 to 10. 4.
S3300 Smart Managed Pro Switch - Interface. The probe packet is sent from a specified interface. If you select this option, the Interface field appears. Use the menu to select the interface from which to send the probe packet. Note: Values configured in the fields above are not saved to the switch. As a result, refreshing the page sets these fields to the default values. 10. Click Apply to send a traceroute request to the specified IPv6 address or hostname.
S3300 Smart Managed Pro Switch Troubleshooting Chart The following table lists symptoms, causes, and solutions of possible problems. Table 99. Troubleshooting chart Symptom Cause Solution Power LED is off. No power is received. Check the power cord connections for the switch at the switch and the connected AC power source. Link/ACT LED is off when Port connection is not working. a cable connects the port to a valid device.
S3300 Smart Managed Pro Switch 3. Click the Apply button. The updated configuration is sent to the switch. Configuration changes take effect immediately. Full Memory Dump Use this screen to tell the switch to do a full memory dump to help with troubleshooting. To display the Full Memory Dump screen, click Maintenance > Troubleshooting > Full Memory Dump. Figure 115. Full Memory Dump 1. Specify the Protocol used to store the coredump file. Possible values are: a. None — Disable coredump. b.
8. Monitoring the System 8 Use the features available from the Monitoring navigation tab to view a variety of information about the switch and its ports and to configure how the switch monitors events. The Monitoring tab contains configuration menus described in the following sections.
S3300 Smart Managed Pro Switch Ports The screens available from the Ports menu contain a variety of information about the number and type of traffic transmitted from and received on the switch.
S3300 Smart Managed Pro Switch Table 100. Switch statistics (continued) Field Description Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent. Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a Multicast address, including those that were discarded or not sent.
S3300 Smart Managed Pro Switch Port Statistics The Port Statistics screen displays a summary of per-port traffic statistics on the switch. To access the port summary screen: 1. Select Monitoring > Ports > Port Statistics. 2. Select whether to display physical interfaces, link aggregation groups (LAGs), or both by clicking one of the following links above the table heading: • 1 (or the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAGS.
S3300 Smart Managed Pro Switch You can also type the interface number (for example, g7) in the Go To Interface field at the top or bottom of the table and click the Go button. 2. Click the Clear button. Port Detailed Statistics The Port Detailed Statistics screen displays a variety of per-port traffic statistics. To view the detailed port statistics: 1. Select Monitoring > Ports > Port Detailed Statistics. 2. From the Interface list, select the interface with the statistics to view. 3.
S3300 Smart Managed Pro Switch Table 102. Detailed Interface Statistics (continued) Field Description STP State The port's current state Spanning Tree state. This state controls what action a port takes on receipt of a frame. If the bridge detects a malfunctioning port it will place that port into the broken state. The other five states are defined in IEEE 802.1D: • Disabled • Blocking • Listening • Learning • Forwarding • Broken Admin Mode The port control administration state: • Enable.
S3300 Smart Managed Pro Switch Table 102. Detailed Interface Statistics (continued) Field Description Packets RX and TX 512-1023 Octets The total number of packets (including bad packets) received or transmitted that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).
S3300 Smart Managed Pro Switch Table 102. Detailed Interface Statistics (continued) Field Description Unicast Packets Received The number of subnetwork-unicast packets delivered to a higher-layer protocol. Multicast Packets Received The total number of good packets received that were directed to a multicast address. This number does not include packets directed to the broadcast address. Broadcast Packets Received The total number of good packets received that were directed to the broadcast address.
S3300 Smart Managed Pro Switch Table 102. Detailed Interface Statistics (continued) Field Description Total Packets Transmitted (Octets) The total number of octets of data (including those in bad packets) transmitted on the network (excluding framing bits but including FCS octets). This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
S3300 Smart Managed Pro Switch Table 102. Detailed Interface Statistics (continued) Field Description Total Transmit Packets Discarded The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. Single Collision Frames A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
S3300 Smart Managed Pro Switch EAP Statistics Use the EAP Statistics screen to display information about EAP packets received on a specific port. To display the EAP statistics screen, select Monitoring > Ports > EAP Statistics. The following table describes the EAP statistics displayed on the screen. Table 103. EAP statistics Field Description Ports The interface which is polled for statistics. Frames Received The number of valid EAPOL frames received on the port.
S3300 Smart Managed Pro Switch Cable Test Use the Cable Test screen to display information about the cables connected to switch ports. To perform the cable test: 1. Select Monitoring > Ports > Cable Test. 2. Select the check box next to each port on which to run the cable test. 3. Click the Apply button. The cable test is run on all selected ports. The cable test can take up to 2 seconds to complete. If the port has an active link then the link is not taken down and the cable status is always Normal.
S3300 Smart Managed Pro Switch logging capability includes filtering of messages logged or forwarded based on severity and generating component. The Logs menu contains links to the features described in the following sections. • Memory Logs on page 327 • FLASH Log on page 328 • Server Log on page 330 • Trap Logs on page 332 • Event Logs on page 333 Memory Logs The Memory Log stores messages in memory based upon the settings for message component and severity.
S3300 Smart Managed Pro Switch • Critical (2): Critical conditions. • Error (3): Error conditions. • Warning (4): Warning conditions. • Notice (5): Normal but significant conditions. • Informational (6): Informational messages. • Debug (7): Debug-level messages. 5. Click the Apply button. The Memory Log table displays on the Memory Log screen. The Total Number of messages displays the number of messages the system has logged in memory.
S3300 Smart Managed Pro Switch prior to the last reboot. Only the messages that meet the configured severity level are logged to FLASH memory. Use the FLASH Log screen to enable or disable persistent logging, set the severity filter of persistent log messages, and view log messages stored in FLASH for the current boot cycle or for the previous boot cycle. To enable persistent logging and configure the severity level: 1. Select Monitoring > Logs > FLASH Log. 2.
S3300 Smart Managed Pro Switch during the previous boot cycle. The persistent log file from the previous boot cycle stores the following messages: - Up to 32 startup messages, which are messages that occurred immediately after the previous boot cycle completed (system startup). - Up to 32 operational messages, which are messages that occurred immediately preceding the last boot. 3. Total Number of Messages. Total number of persistent log messages stored on the switch.
S3300 Smart Managed Pro Switch - IPv4 - IPv6 - DNS • Host Address. Specify the hostname of the host configured for syslog. • Port. Specify the port on the host to which syslog messages are sent. The default port is 514. • Severity Filter. Use the menu to select the severity of the logs to send to the logging host. Logs with the selected severity level and all logs of greater severity are sent to the host.
S3300 Smart Managed Pro Switch Trap Logs Use the Trap Logs screen to view information about the SNMP traps generated on the switch. To view trap log information, select Monitoring > Logs > Trap Logs. The Trap Logs screen displays. The following table describes the Trap Log information displayed on the screen. Table 105. Trap log statistics Field Description Number of Traps Since The number of traps that have occurred since the switch last reboot.
S3300 Smart Managed Pro Switch Event Logs Use the Event Logs screen to display the event log, which is used to hold error messages for catastrophic events. After the event is logged and the updated log is saved in flash memory, the switch will be reset. The log can hold at least 2,000 entries and is erased when an attempt is made to add an entry after it is full. The event log is preserved across system resets. To view the event logs, select Monitoring > Logs > Event Logs.
S3300 Smart Managed Pro Switch Figure 117. Port Mirroring 2. In the Global Configuration section of the screen, click the option to enable (True) or disable (False) the Admin Mode for the current session. When Admin Mode is enabled, any traffic entering or leaving the source ports of the current session is copied (mirrored) onto the corresponding destination port. The default mode is disabled (False). 3.
S3300 Smart Managed Pro Switch • CPU. The CPU port is displayed. • All. Both physical interfaces and link aggregation groups are displayed. b. Select the check box next to each physical port or LAG to configure as the mirrored source. 7. From the Direction list, specify the direction of the traffic to be mirrored from the configured mirrored port(s). If the value is not configured, it will be shown as None. The default value is None. • None. The value is not configured. • Tx and Rx.
A. Configuration Examples This appendix contains information about: • Virtual Local Area Network Configuration Example on page 337 • Differentiated Services on page 343 • 802.
S3300 Smart Managed Pro Switch Virtual Local Area Network Configuration Example A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs together, routing the traffic to the appropriate port.
S3300 Smart Managed Pro Switch • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged. Inversely, a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port.
S3300 Smart Managed Pro Switch Figure 119. VLAN Membership For more information about how to perform this step, see VLAN Membership Configuration on page 146. 3. In the Port PVID Configuration screen, specify the PVID for ports g1 and g4 so that packets entering these ports are tagged with the port VLAN ID: • Port g1: PVID 10 • Port g4: PVID 20 For more information about how to perform this step, see Port VLAN ID Configuration on page 148.
S3300 Smart Managed Pro Switch Access Control Lists Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and provide security for the network.
S3300 Smart Managed Pro Switch • CoS. 0 • Destination MAC. 01:02:1A:BC:DE:EF • Destination MAC Mask. 00:00:00:00:FF:FF • Source MAC. 02:02:1A:BC:DE:EF • Source MAC Mask. 00:00:00:00:FF:FF • VLAN ID. 2 Figure 120. MAC ACL For more information about how to perform this step, see MAC Rules on page 274. 4. From the MAC Binding Configuration screen, assign the Sales_ACL to Ethernet ports 6, 7, and 8. Figure 121.
S3300 Smart Managed Pro Switch ports, you must add a new permit rule with the desired match criteria and bind the rule to interfaces 6, 7, and 8. Standard IP ACL Configuration Example The following example shows how to create an IP-based ACL that prevents any IP traffic from the Finance department from being allowed on the ports that are associated with other departments. Traffic from the Finance department is identified by each packet’s network IP address. 1.
S3300 Smart Managed Pro Switch Differentiated Services Standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network deliver the data in a timely fashion, although there is no guarantee that it will. During times of congestion, packets can be delayed, sent sporadically, or dropped. For typical Internet applications, such as e-mail and file transfer, a slight degradation in service is acceptable and in many cases unnoticeable.
S3300 Smart Managed Pro Switch • Layer 4 protocol (such as TCP or UDP) • Layer 4 source/destination ports • Source/destination IP address From a DiffServ point of view, there are two types of classes: • DiffServ traffic classes • DiffServ service levels/forwarding classes DiffServ Traffic Classes With DiffServ, you define which traffic classes to track on an ingress interface.
S3300 Smart Managed Pro Switch • Mark IP DSCP or IP Precedence. Marking/re-marking the DiffServ code point in a packet with the DSCP value representing the service level associated with a particular DiffServ traffic class. Alternatively, the IP Precedence value of the packet can be marked/re-marked. • Mark CoS (802.1p). Sets the three-bit priority field in the first/only 802.1p header to a specified value when packets are transmitted for the traffic class. An 802.
S3300 Smart Managed Pro Switch • Class Type. All For more information about this step, see Class Configuration on page 231. 2. Click the Class1 hyperlink to view the DiffServ Class Configuration screen for this class. 3. Configure the following settings for Class1: • Protocol Type. UDP • Source IP Address. 192.12.1.0 • Source Mask. 255.255.255.0 • Source L4 Port. Other, and enter 4567 as the source port value • Destination IP Address. 192.12.2.0 • Destination Mask. 255.255.255.
S3300 Smart Managed Pro Switch On this network, traffic from streaming applications uses UDP port 4567 as the source and 4568 as the destination. This real-time traffic is time sensitive, so it is assigned to a high-priority hardware queue. By default, data traffic uses hardware queue 0, which is designated as a best-effort queue. Also the confirmed action on this flow is to send the packets with a committed rate of 1,000,000 Kbps and burst size of 128 KB.
S3300 Smart Managed Pro Switch is connected can be desirable in order to restrict access to publicly accessible bridge ports or to restrict access to departmental LANs. Access control is achieved by enforcing authentication of supplicants that are attached to an authenticator’s controlled ports. The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port.
S3300 Smart Managed Pro Switch The Port Control setting for all other ports where authentication is not needed should Authorized. When the Port Control setting is Authorized, the port is unconditionally put in a force-Authorized state and does not require any authentication. When the Port Control setting is Auto, the authenticator PAE sets the controlled port mode. 3. In the Guest VLAN field for ports g1–g8, enter 150 to assign these ports to the guest VLAN.
S3300 Smart Managed Pro Switch The difference between the RSTP and the traditional STP (IEEE 802.1D) is the ability to configure and recognize full duplex connectivity and ports that are connected to end stations, resulting in rapid transitioning of the port to the Forwarding state and the suppression of Topology Change Notification. These features are represented by the parameters pointtopoint and edgeport. MSTP is compatible to both RSTP and STP. It behaves appropriately to STP and RSTP bridges.
S3300 Smart Managed Pro Switch As there are Multiple Instances of Spanning Tree, there is a MSTP state maintained on a per-port, per-instance basis (or on a per port per VLAN basis: as any VLAN can be in one and only one MSTI or CIST). For example, port A can be forwarding for instance 1 while discarding for instance 2. The port states have changed since IEEE 802.1D specification.
S3300 Smart Managed Pro Switch MSTP Configuration Example This example shows how to create an MSTP instance on the switch. The example network has three different switches that serve different locations in the network. In this example, ports g1–g5 are connected to host stations, so those links are not subject to network loops. Ports g6–g8 are connected across switches 1, 2, and 3.
S3300 Smart Managed Pro Switch Note: Bridge priority values are multiples of 4096. If you do not specify a root bridge and all switches have the same Bridge Priority value, the switch with the lowest MAC address is elected as the root bridge (see CST Configuration on page 160). 5. From the CST Port Configuration screen, select ports g1–g8 and select Enable from the STP Status list. For more information about this step, see CST Port Configuration on page 161. 6. Click the Apply button. 7.
S3300 Smart Managed Pro Switch VLAN Routing Interface Configuration Example VLANs divide broadcast domains in a LAN environment. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic must be routed between them. This is known as inter-VLAN routing. On the switch, it is accomplished by creating Layer 3 interfaces (switch virtual interfaces (SVI)).
S3300 Smart Managed Pro Switch Figure 124. VLAN Routing Wizard The following figure shows the VLAN Routing screen with the configured VLAN routing interface. Figure 125.
S3300 Smart Managed Pro Switch Smart M4300/S3300 Firmware Upgrade Procedure This section describes the firmware upgrade procedures in the following typical scenarios: • Bringing Up M4300 and S3300 to Form Mixed Stacking on page 356 • Regular Image Upgrade After Mixed Stacking is Formed with 6.6.
S3300 Smart Managed Pro Switch Note: This stack can be any one of the M4300 models, but this procedure example uses M4300-12X12F and M4300-24X for the steps below. 3. When the 12.0.2.17 image is running, download the 6.6.4.x image into this unit/stack. Note: The 6.6.4.x image can be downloaded in the usual way via the Web UI (and also through CLI). This image can be downloaded as the Active or as the Backup image.
S3300 Smart Managed Pro Switch Note: The 6.6.4.x release will accept configuration from the 6.6.0 or 6.6.1 release. Thus configuration from those previous releases will be accepted on 6.6.4.x. 2. Once the switch is running with 6.6.4.x, configure (if not done already) a maximum of four uplink 10G ports (the last four) into stacking mode and reload the switch. Forming Mixed Stacking Now that both M4300 and S3300 units are running with the exact same 6.6.4.
S3300 Smart Managed Pro Switch The stack should come up with the new 6.6.4 image (such as, 6.6.4.2). Converting the M4300 Units Back Into Fully Managed M4300 Mode The two M4300 units that are part of mixed stacking with S3300 can be brought back to regular M4300 mode (in Fully Managed form with a 12.0.2 image). To do that, follow the steps below: 1. Disconnect the M4300 units from the mixed stack such that they either become standalone, or form a homogeneous stack among themselves. 2.
B. Hardware Specifications and Default Values B Switch Specifications The switch conforms to the TCP/IP, UDP, HTTP, ICMP, TFTP, DHCP, IEEE 802.1D, IEEE 802.1p, and IEEE 802.1Q standards. Table 108.
S3300 Smart Managed Pro Switch Table 109. M4300 Switch Specifications Feature Value M4300-12X12F (XSM4324S) A stackable, fully-managed L2+ Gigabit switch. 24-port Gigabit Ethernet Layer 2 switch. 12 10G Copper ports. 12 10G Fiber ports. These are the existing M4300 series switches that have been reconfigured to act as S3300 switches. The capabilities of the switches match the S3300 capabilities. M4300-24X (XSM4324CS) A stackable, fully-managed L2+ Gigabit switch. 24-port 10GBaseT with 4 shared SFP+.
S3300 Smart Managed Pro Switch Table 110. Feature Default Values and Default State (continued) Feature Name/Parameter Default Stack Firmware Synchronization Stack Firmware Auto Upgrade Disabled Traps Enabled Allow Downgrade Enabled PoE Global System Usage Threshold 95% Power Management Mode Dynamic Traps Enabled Interface Admin Mode Enabled Port Priority Low Power Mode 802.
S3300 Smart Managed Pro Switch Table 110. Feature Default Values and Default State (continued) Feature Name/Parameter Default Flow Control Admin Mode Disabled 802.
S3300 Smart Managed Pro Switch Table 110.
S3300 Smart Managed Pro Switch Table 110.
S3300 Smart Managed Pro Switch Table 110.
S3300 Smart Managed Pro Switch Table 110. Feature Default Values and Default State (continued) Feature Name/Parameter Default Join Timer 20 Leave Timer 300 Leave All Timer 2000 MSRP SR Class PVID 2 802.1Qav Class A MSRP Delta Bandwidth (percent) 75 802.
S3300 Smart Managed Pro Switch Table 110. Feature Default Values and Default State (continued) Feature Name/Parameter Default 802.1p to Queue Mapping (802.
S3300 Smart Managed Pro Switch Table 110.
S3300 Smart Managed Pro Switch Table 110. Feature Default Values and Default State (continued) Feature Name/Parameter Default Interface Shaping Rate 0 802.1p to Queue Mapping (802.1p –> Queue) 0 -> 1 1 -> 0 2 -> 0 3 -> 1 4 -> 2 5 -> 2 6 -> 3 7 -> 3 Queue Minimum Band Width 0 Queue Scheduler Type Weighted Auto-VoIP Protocol-based Admin Mode Disabled Prioritization Type Traffic Class Traffic Class 3 OUI-based Admin Mode Disabled Auto-VoIP VLAN 2 OUI-based priority 7 Table 111.
S3300 Smart Managed Pro Switch Table 112. Quality of service Feature Sets Supported Default Number of queues 7 N/A 802.1p 1 Enabled DSCP 1 Disabled Rate limiting All ports Disabled Feature Sets Supported Default 802.
S3300 Smart Managed Pro Switch Table 114. System setup and maintenance (continued) Feature Sets Supported Default Dual image support 1 Enabled Factory reset 1 N/A Table 115.
S3300 Smart Managed Pro Switch Table 116. Other features (continued) Feature Sets Supported Default MLD Snooping N/A N/A Protocol and MAC-based VLAN N/A N/A Dynamic ARP Inspection N/A Disabled Multiple VLAN Registration (MVR) N/A Disabled Multiple Registration Protocol (MRP) N/A Disabled 802.
