8-port gigabit (poe+) ethernet smart managed pro switch with (2 sfp or 2 copper ports and) cloud management (492 pages)
Summary of Contents for NETGEAR GS108T-200NAS
Page 1
GS108T and GS110TP Smart Switch Software Administration Manual NETGEAR, Inc. 350 E. Plumeria Drive San Jose CA 95134 USA 202-10603-02 April 2010...
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3
Voluntary Control Council for Interference (VCCI) Statement This equipment is in the Class B category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
Contents GS108T and GS110TP Smart Switch Software Administration Manual About This Manual Audience ........................... xi Organization ........................xi Conventions, Formats and Scope ................... xii How to Print this Manual ....................xiv Revision History ......................xiv Chapter 1 Getting Started Switch Management Interface ..................1-1 Connecting the Switch to the Network ................1-2 Switch Discovery in a Network with a DHCP Server ............1-3 Switch Discovery in a Network without a DHCP Server ..........1-5...
Page 6
GS108T and GS110TP Smart Switch Software Administration Manual System Information ....................2-1 IP Configuration .......................2-3 Time .........................2-5 Denial of Service ....................2-12 DNS ........................2-15 Green Ethernet Configuration ................2-17 PoE (GS110TP Only) ....................2-18 PoE Configuration ....................2-19 PoE Port Configuration ..................2-20 Timer Global Configuration ..................2-22 Timer Schedule Configuration ................2-23 SNMP ...........................2-25 SNMPV1/V2 ......................2-25...
Page 9
GS108T and GS110TP Smart Switch Software Administration Manual MAC Binding Configuration ..................5-48 MAC Binding Table ....................5-49 IP ACL ........................5-50 IP Rules ........................5-52 IP Extended Rule ....................5-53 IP Binding Configuration ..................5-58 IP Binding Table .....................5-59 Chapter 6 Monitoring the System Ports ..........................6-1 Switch Statistics .......................6-1 Port Statistics ......................6-4 Port Detailed Statistics .....................6-5...
Page 10
GS108T and GS110TP Smart Switch Software Administration Manual Ping ........................7-12 Traceroute ......................7-14 Chapter 8 Help Online Help ........................8-1 Support ........................8-1 User Guide .......................8-2 Appendix A Hardware Specifications and Default Values GS108T Gigabit Smart Switch and GS110TP Gigabit Smart Switch Specifications ..A-1 GS108T and GS110TP Switch Features and Defaults ..........
About This Manual The NETGEAR ® GS108T and GS110TP Software Administration Manual describes how to configure and operate the GS108T Smart Switch and GS110TP Gigabit Smart Switch by using the Web-based graphical user interface (GUI). This manual describes the software configuration procedures and explains the options available within those procedures.
GS108T and GS110TP Smart Switch Software Administration Manual • Chapter 4, “Configuring Quality of Service” page 4-1 describes how to manage the Access Control Lists (ACLs), and how to configure the Differentiated Services and Class of Service features. • Chapter 5, “Managing Device Security” page 5-1 contains information about configuring switch security information such as port access control, TACACS+, and RADIUS server...
Page 13
Product Version GS108T Smart Switch and GS110TP Gigabit Smart Switch Manual Publication Date April 2010 Note: Product updates for the GS108T and GS110TP Smart Switches are available on the NETGEAR, Inc. Website at http://kbserver.netgear.com/products/GS108T.asp http://kbserver.netgear.com/products/GS110TP.asp xiii v1.0, April 2010...
GS108T and GS110TP Smart Switch Software Administration Manual How to Print this Manual Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com.
Chapter 1 Getting Started This chapter provides an overview of starting your NETGEAR GS108T or GS110TP Smart Switch and accessing the user interface. It also leads you through the steps to use the Smart Control Center utility. This chapter contains the following sections: •...
GS108T and GS110TP Smart Switch Software Administration Manual NETGEAR provides the Smart Control Center utility with this product. This program runs under Microsoft Windows XP, Windows 2000, or Windows Vista and provides a front end that ® ® ® discovers the switches on your network segment (L2 broadcast domain). When you power up your switch for the first time, use the Smart Control Center to discover the switch and view the network information that has been automatically assigned to the switch by a DHCP server;...
GS108T and GS110TP Smart Switch Software Administration Manual Switch Discovery in a Network with a DHCP Server This section describes how to set up your switch in a network that has a DHCP server. The DHCP client on the switch is enabled by default. When you connect it to your network, the DHCP server will automatically assign an IP address to your switch.
Page 18
GS108T and GS110TP Smart Switch Software Administration Manual 6. Make a note of the displayed IP address assigned by the DHCP server. You will need this value to access the switch directly from a Web browser (without using the Smart Control Center).
GS108T and GS110TP Smart Switch Software Administration Manual Switch Discovery in a Network without a DHCP Server This section describes how to use the Smart Control Center to set up your switch in a network without a DHCP server. If your network has no DHCP service, you must assign a static IP address to your switch.
Page 20
GS108T and GS110TP Smart Switch Software Administration Manual 6. Select the switch, then click Configure Device. The page expands to display additional fields at the bottom of the page, as Figure 1-4 shows. Figure 1-4 7. Choose the Disabled radio box to disable DHCP. 8.
GS108T and GS110TP Smart Switch Software Administration Manual Configuring the Network Settings on the Administrative System If you choose not to use the Smart Control Center to configure the network information on the switch, you can connect directly to the switch from an administrative system, such as a PC or laptop computer.
GS108T and GS110TP Smart Switch Software Administration Manual Warning: When you change the IP address of your administrative system, you will loose your connection to the rest of the network. Be sure to write down your current network address settings before you change them. To modify the network settings on your administrative system: 1.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 1-6 Smart Control Center Utilities In addition to device discovery and network address assignment, the Smart Control Center includes several maintenance features. This section describes the following Smart Control Center utilities: •...
GS108T and GS110TP Smart Switch Software Administration Manual • Change Password—Allows you to set a new password for the device. In this process, you are required to enter the old password and to confirm the new one, which can contain up to 20 ASCII characters.
Page 25
GS108T and GS110TP Smart Switch Software Administration Manual 4. Click OK. 5. Enter the switch password and click Apply. The file is uploaded to the administrative computer as a *.cfg file. You can open it and view the contents with a text editor. To restore the configuration to a previously saved version: 1.
GS108T and GS110TP Smart Switch Software Administration Manual Note: Click the Tasks tab to view status information about the configuration download. Firmware Upgrade The application software for the GS108T and GS110TP Smart Switches is upgradeable, enabling your switch to take advantage of improvements and additional features as they become available. The upgrade procedure and the required equipment are described in this section.
Page 27
GS108T and GS110TP Smart Switch Software Administration Manual Figure 1-7 Optionally, you can schedule a different date and time to download and install the firmware image. To delay the upgrade process, clear the Run Now? check box and enter a date and time to complete the upgrade.
GS108T and GS110TP Smart Switch Software Administration Manual Viewing and Managing Tasks From the Tasks tab, you can view information about configuration downloads and firmware upgrades that have already occurred, are in progress, or are scheduled to take place at a later time. You can also delete or reschedule selected tasks.
GS108T and GS110TP Smart Switch Software Administration Manual Understanding the User Interfaces GS108T and GS110TP software includes a set of comprehensive management functions for configuring and monitoring the system by using one of the following methods: • Web user interface •...
Page 30
GS108T and GS110TP Smart Switch Software Administration Manual Figure 1-9 shows the layout of the Smart Switch Web interface. Navigation Tab Feature Link Logout Button Help LInk Help Page Page Menu Configuration Status and Options Figure 1-9 Navigation Tabs, Feature Links, and Page Menu The navigation tabs along the top of the Web interface give you quick access to the various switch functions.
Page 31
GS108T and GS110TP Smart Switch Software Administration Manual The configuration pages for each feature are available as links in the page menu on the left side of the page. Some items in the menu expand to reveal multiple configuration pages, as Figure 1-10.
Page 32
GS108T and GS110TP Smart Switch Software Administration Manual Device View The Device View is a Java ® applet that displays the ports on the switch. This graphic provides an alternate way to navigate to configuration and monitoring options. The graphic also provides information about device ports, current configuration and status, table information, and feature components.
Page 33
GS108T and GS110TP Smart Switch Software Administration Manual Figure 1-13 If you click the graphic, but do not click a specific port, the main menu appears, as Figure 1-14 shows. This menu contains the same option as the navigation tabs at the top of the page. Figure 1-14 Getting Started 1-19...
GS108T and GS110TP Smart Switch Software Administration Manual Help Page Access Every page contains a link to the online help , which contains information to assist in configuring and managing the switch. The online help pages are context sensitive. For example, if the IP Addressing page is open, the help topic for that page displays if you click Help.
GS108T and GS110TP Smart Switch Software Administration Manual 3. To enable encryption, select the DES option in the Encryption Protocol field. Then, enter an encryption code of eight or more alphanumeric characters in the Encryption Key field. 4. Click Apply. To access configuration information for SNMPv1 or SNMPv2, click System ...
Page 36
GS108T and GS110TP Smart Switch Software Administration Manual 1-22 Getting Started v1.0, April 2010...
Chapter 2 Configuring System Information Use the features in the System tab to define the switch’s relationship to its environment. The System tab contains links to the following features: • “Management” on page 2-1 • “PoE (GS110TP Only)” on page 2-18 •...
Page 38
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-1 To define system information: 1. Open the System Information page. 2. Define the following fields: • System Name. Enter the name you want to use to identify this switch. You may use up to 31 alphanumeric characters.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the status information the System Page displays. Table 2-1. System Description Fields Field Description Serial Number The serial number of the switch. System Object ID The base object ID for the switch's enterprise MIB. Date &...
Page 40
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-2 To configure the network information for the management interface: 1. Select the appropriate radio button to determine how to configure the network information for the switch management interface: • Dynamic IP Address (DHCP). Specifies that the switch must obtain the IP address through a DHCP server.
GS108T and GS110TP Smart Switch Software Administration Manual • Default Gateway. The default gateway for the IP interface. The factory default value is 192.168.0.254. 3. Specify the VLAN ID for the management VLAN. The management VLAN is used to establish an IP connection to the switch from a workstation that is connected to a port in the same VLAN.
Page 42
GS108T and GS110TP Smart Switch Software Administration Manual Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock. The device receives time from stratum 1 and above since it is itself a stratum 2 device. The following is an example of stratums: •...
Page 43
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-3 To configure the time by using the CPU clock cycle as the source: 1. From the Clock Source field, select Local. 2. In the Date field, enter the date in the DD/MM/YYYY format. 3.
Page 44
GS108T and GS110TP Smart Switch Software Administration Manual To configure the time through SNTP: 1. From the Clock Source field, select SNTP. When the Clock Source is set to SNTP, the Date and Time fields are grayed out (disabled). The switch gets the date and time from the network. 2.
Page 45
GS108T and GS110TP Smart Switch Software Administration Manual Table 2-2. SNTP Global Status Fields (continued) Field Description Last Attempt Status Specifies the status of the last SNTP request or unsolicited message for both unicast mode. If no message has been received from a server, a status of Other is displayed.
Page 46
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-4 To configure a new SNTP Server: 1. Enter the appropriate SNTP server information in the available fields: • Server Type. Specifies whether the address for the SNTP server is an IP address (IPv4) or hostname (DNS).
Page 47
GS108T and GS110TP Smart Switch Software Administration Manual 5. To change the settings for an existing SNTP server, select the check box next to the configured server and enter new values in the available fields, and then click Apply. Configuration changes take effect immediately.
GS108T and GS110TP Smart Switch Software Administration Manual Denial of Service Use the Denial of Service (DoS) page to configure DoS control. The GS108T and GS110TP software provides support for classifying and blocking specific types of DoS attacks. You can configure your system to monitor and block six types of attacks: •...
Page 49
GS108T and GS110TP Smart Switch Software Administration Manual To configure the Auto-DoS feature: 1. Select a radio button to enable or disable Auto-DoS: • Disable. Auto-DoS is disabled (default). • Enable. Auto-DoS is enabled. 2. Click Apply to send the updated configuration to the switch. Configuration changes occur immediately.
Page 50
GS108T and GS110TP Smart Switch Software Administration Manual To configure individual DoS settings: 1. Select the types of DoS attacks for the switch to monitor and block and configure any associated values, as the following list describes. • Denial of Service SIP=DIP. Enable or disable this option by selecting the appropriate radio button.
2. Enter the DNS default domain name to include in DNS queries. When the system is performing a lookup on an unqualified hostname, this field is provided as the domain name (for example, if default domain name is netgear.com and the user enters test, then test is changed to test.netgear.com to resolve the name).
Page 52
GS108T and GS110TP Smart Switch Software Administration Manual 3. To specify the DNS server to which the switch sends DNS queries, enter an IP address in standard IPv4 dot notation in the DNS Server Address and click Add. The server appears in the list below.
GS108T and GS110TP Smart Switch Software Administration Manual 2. Specify the IP address in standard IPv4 dot notation to associate with the hostname. 3. Click Add. The entry appears in the list below. 4. To remove an entry from the static DNS table, select the check box next to the entry and click Delete.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-9 To configure the Green Ethernet feature: 1. Enable or disable the Short Cable Mode. • Enable. The switch performs a cable test on each cable connect to its ports. If the cable is less than 10m in length, the port is placed in low power mode (nominal power).
GS108T and GS110TP Smart Switch Software Administration Manual • “Timer Global Configuration” on page 2-22 • “Timer Schedule Configuration” on page 2-23 PoE Configuration Use the PoE Configuration page to view global PoE power information and to configure PoE SNMP trap settings. To display the PoE Configuration page, click System ...
GS108T and GS110TP Smart Switch Software Administration Manual 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 4. Click Refresh to update the screen with the current information. The PoE Configuration page also provides the following information: Table 2-5.
Page 57
GS108T and GS110TP Smart Switch Software Administration Manual To configure PoE Port settings: 1. To configure settings for a physical port, click PORTS. 2. To configure settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure settings for both physical ports and LAGs, click ALL. 4.
GS108T and GS110TP Smart Switch Software Administration Manual • Timer Schedule. Select the timer schedule to use for the port. By default, no timer schedules are configured. To create a timer schedule, use the Timer Global Configuration page. • Output Voltage. Shows the current voltage being delivered to device in Volts. •...
GS108T and GS110TP Smart Switch Software Administration Manual 3. Assign the timer to the port or LAG on the PoE Port Configuration page. Note: The Timer Schedule feature must be enabled for the settings to be applied to the ports. To display the Timer Global Configuration page, click System ...
Page 60
GS108T and GS110TP Smart Switch Software Administration Manual To display the Timer Schedule Configuration page, click System PoE Advanced Timer Schedule Configuration. Figure 2-13 To configure timer schedules: 1. Select the name of the schedule created on the Timer Global Configuration page. 2.
GS108T and GS110TP Smart Switch Software Administration Manual SNMP From SNMP link under the System tab, you can configure SNMP settings for SNMP V1/V2 and SNMPv3. From the SNMP link, you can access the following pages: • “SNMPV1/V2” on page 2-25 •...
Page 62
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-14 To configure SNMP communities: 1. To add a new SNMP community, enter community information in the available fields described below, and then click Add. • Management Station IP. Specify the IP address of the management station.Together, the Management Station IP and the Management Station IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device.
Page 63
GS108T and GS110TP Smart Switch Software Administration Manual • Status. Specify the status of this community by selecting Enable or Disable from the pull down menu. If you select Enable, the Community Name must be unique among all valid Community Names or the set request will be rejected. If you select Disable, the Community Name will become invalid.
GS108T and GS110TP Smart Switch Software Administration Manual • Version. The trap version to be used by the receiver from the menu. • SNMP v1: Uses SNMP v1 to send traps to the receiver. • SNMP v2: Uses SNMP v2 to send traps to the receiver. •...
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-16 To configure the trap flags: 1. From the Authentication field, enable or disable activation of authentication failure traps by selecting the corresponding button. The factory default is Enable. 2. From the Link Up/Down field, enable or disable activation of link status traps by selecting the corresponding button.
Page 66
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-17 The SNMPv3 Access Mode is a read-only field that shows the access privileges for the user account. The admin account always has Read/Write access, and all other accounts have Read Only access. To configure SNMPv3 settings for the user account: 1.
GS108T and GS110TP Smart Switch Software Administration Manual LLDP The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN. From the LLDP link, you can access the following pages: •...
Page 68
GS108T and GS110TP Smart Switch Software Administration Manual Note: You can also access the LLDP Configuration page by clicking System LLDP Advanced LLDP Configuration. Figure 2-18 To configure global LLDP settings: 1. Configure the following LLDP properties. •...
GS108T and GS110TP Smart Switch Software Administration Manual 2. To change the LLDP-MED properties in the Fast Start Duration field, specify the number of LLDP packets sent when the LLDP-MED Fast Start mechanism is initialized, which occurs when a new endpoint device links with the LLDP-MED network connectivity device. The default value is 3, and the range is from 1–10.
GS108T and GS110TP Smart Switch Software Administration Manual To configure LLDP port settings: 1. Change the LLDP port settings described below: • Interface. Specifies the port to be affected by these parameters. • Admin Status. Select the status for transmitting and receiving LLDP packets: •...
Page 71
GS108T and GS110TP Smart Switch Software Administration Manual To display this page, click System LLDP Advanced LLDP-MED Network Policy. Figure 2-20 From the Interface menu, select the interface with the information to view. The following table describes the LLDP-MED network policy information that displays on the screen. Table 2-6.
GS108T and GS110TP Smart Switch Software Administration Manual Table 2-6. LLPD-MED Network Policy Information Fields (continued) Field Description VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged. User Priority Specifies the priority associated with the policy. DSCP Specifies the DSCP associated with a particular policy type.
GS108T and GS110TP Smart Switch Software Administration Manual 3. From the Notification field, specify whether the port should send a topology change notification if a device is connected or removed. 4. From the Transmit Optional TLVs field, specify whether the port should transmit optional type length values (TLVs) in the LLDP PDU frames.
Page 74
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-22 The following table describes the LLDP local information that displays for each port. Table 2-7. LLDP Local Information Fields Field Description Interface Select the interface with the information to display. Port ID Subtype Identifies the type of data displayed in the Port ID field.
Page 75
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-23 The following table describes the detailed local information that displays for the selected port. Table 2-8. Local Port Information Field Description Managed Address Address SubType Displays the type of address the management interface uses, such as an IPv4 address.
GS108T and GS110TP Smart Switch Software Administration Manual Table 2-8. Local Port Information (continued) Field Description Auto Negotiation Displays the port speed auto-negotiation capabilities such as 1000BASE-T Advertised Capabilities half-duplex mode or 100BASE-TX full-duplex mode. Operational MAU Type Displays the Medium Attachment Unit (MAU) type. The MAU performs physical layer functions, including digital data conversion from the Ethernet interface collision detection and bit injection into the network.
Page 77
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-24 The following table describes the information that displays for all LLDP neighbors that have been discovered. Table 2-9. LLDP Neighbors Information Fields Field Description MSAP Entry Displays the Media Service Access Point (MSAP) entry number for the remote device.
Page 78
GS108T and GS110TP Smart Switch Software Administration Manual A popup window displays information for the selected port. Figure 2-25 Table 2-10. LLPD-MED Local Device Information Fields Field Description Port Details Local Port Displays the interface on the local system that received LLDP information from a remote system.
Page 79
GS108T and GS110TP Smart Switch Software Administration Manual Table 2-10. LLPD-MED Local Device Information Fields (continued) Field Description Port Description Identifies the user-defined description of the port. System Name Identifies the system name associated with the remote device. System Description Specifies the description of the selected port associated with the remote system.
Page 80
GS108T and GS110TP Smart Switch Software Administration Manual Table 2-10. LLPD-MED Local Device Information Fields (continued) Field Description PoE Device Type Displays the port PoE type. For example, Powered. PoE Power Source Displays the port's power source. PoE Power Priority Displays the port's power priority.
GS108T and GS110TP Smart Switch Software Administration Manual Services — DHCP Filtering DHCP Filtering is a useful feature that can be employed as a security measure against unauthorized DHCP servers. A known attack is when an unauthorized DHCP server responds to a client that is requesting an IP address.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-26 To configure global DHCP filtering settings: 1. In the Admin Mode field, select Enable or Disable to turn the DHCP Filtering feature on or off. 2. Click Apply to apply the change to the system. Configuration changes take effect immediately.
Page 83
GS108T and GS110TP Smart Switch Software Administration Manual Figure 2-27 To configure DHCP filtering settings for an interface: 1. To configure DHCP filtering settings for a physical port, click PORTS. 2. To configure DHCP filtering settings for a Link Aggregation Group (LAG), click LAGS. 3.
Page 84
GS108T and GS110TP Smart Switch Software Administration Manual 2-48 Configuring System Information v1.0, April 2010...
Chapter 3 Configuring Switching Information Use the features in the Switching tab to define Layer 2 features. The Switching tab contains links to the following features: • “Ports” on page 3-1 • “Link Aggregation Groups” on page 3-5 • “VLANs” on page 3-10 •...
Page 86
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-1 To configure port settings: 1. To configure settings for a physical port, click PORTS. 2. To configure settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure settings for both physical ports and LAGs, click ALL. 4.
Page 87
GS108T and GS110TP Smart Switch Software Administration Manual • Port Speed. Use the menu to select the port’s speed and duplex mode. If you select Auto, the duplex mode and speed will be set by the auto-negotiation process. The port’s maximum capability (full duplex and 1000 Mbps) will be advertised.
GS108T and GS110TP Smart Switch Software Administration Manual Flow Control IEEE 802.3x flow control works by pausing a port when the port becomes oversubscribed and dropping all traffic for small bursts of time during the congestion condition. This can lead to high- priority and/or network control traffic loss.
GS108T and GS110TP Smart Switch Software Administration Manual Link Aggregation Groups Link aggregation groups (LAGs), which are also known as port-channels, allow you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing. You assign the LAG VLAN membership after you create a LAG.
Page 90
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-3 To configure LAG settings: 1. Select the check box next to the LAG to configure. You can select multiple LAGs to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces.
GS108T and GS110TP Smart Switch Software Administration Manual • LAG Type. Select Static or LACP. When the LAG is static, it does not transmit or process received LAGPDUs, for example the member ports do not transmit LAGPDUs and all the LAGPDUs it may receive are dropped.
GS108T and GS110TP Smart Switch Software Administration Manual 2. In the LAG Name field, enter the name you want assigned to the LAG. You may enter any string of up to 15 alphanumeric characters. A valid name has to be specified to create the LAG. 3.
GS108T and GS110TP Smart Switch Software Administration Manual To configure LACP: 1. From the LACP System Priority field, specify the device’s link aggregation priority relative to the devices at the other ends of the links on which link aggregation is enabled. A higher value indicates a lower priority.
GS108T and GS110TP Smart Switch Software Administration Manual To configure LACP port priority settings: 1. Select the check box next to the port to configure. You can select multiple ports to apply the same setting to all selected ports. Note: You cannot select ports that are not participating in a LAG. 2.
GS108T and GS110TP Smart Switch Software Administration Manual From the VLAN link, you can access the following pages: • “VLAN Configuration” on page 3-11 • “VLAN Membership Configuration” on page 3-12 • “Port VLAN ID Configuration” on page 3-14 VLAN Configuration Use the VLAN Configuration page to define VLAN groups stored in the VLAN membership table.
GS108T and GS110TP Smart Switch Software Administration Manual To configure VLANs: 1. To add a VLAN, configure the VLAN ID, name, and type, and then click Add. • VLAN ID. Specify the VLAN Identifier for the new VLAN. (You can only enter data in this field when you are creating a new VLAN.) The range of the VLAN ID is 1–4093.
Page 97
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-9 To configure VLAN membership: 1. From the VLAN ID field, select the VLAN to which you want to add ports. 2. Click the orange bar below the VLAN Type field to display the physical ports on the switch. 3.
GS108T and GS110TP Smart Switch Software Administration Manual 5. Use the Group Operations field to select all the ports and configure them. Possible values are: • Untag All: Select all the ports on which all frames transmitted from this VLAN will be untagged.
Page 99
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-11 To configure PVID information: 1. To configure PVID settings for a physical port, click PORTS. 2. To configure PVID settings for a Link Aggregation Group (LAG), click LAGS. 3. To configure PVID settings for both physical ports and LAGs, click ALL. 4.
GS108T and GS110TP Smart Switch Software Administration Manual 7. Specify how you want the port to handle tagged frames: • Enable: A tagged frame will be discarded if this port is not a member of the VLAN identified by the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID specified for the port that received this frame.
Page 101
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-12 To configure Voice VLAN: 1. From the Voice VLAN Status field, enable or disable Voice VLAN on the switch. If the switch does not handle traffic from IP phones, the status should be disabled. 2.
GS108T and GS110TP Smart Switch Software Administration Manual Voice VLAN Port Setting To display the Voice VLAN Port Setting page, click Switching Voice VLAN Advanced Port Setting. Figure 3-13 To configure Voice VLAN port settings: 1. Select the check box next to the port to configure. You can select multiple check boxes to apply the same setting to all selected ports.
GS108T and GS110TP Smart Switch Software Administration Manual Voice VLAN OUI The Organizational Unique Identifier (OUI) identifies the IP phone manufacturer. The switch comes preconfigured with the following OUIs: • 00:01:E3: SIEMENS • 00:03:6B: CISCO1 • 00:12:43: CISCO2 • 00:0F:E2: H3C •...
GS108T and GS110TP Smart Switch Software Administration Manual To configure OUI settings: 1. To add a new OUI prefix, type the VOIP OUI prefix in the Telephony OUI(s) field, provide a description of the prefix, and click Add. The OUI prefix must be in the format AA:BB:CC. 2.
Page 105
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-15 To configure Auto-VoIP settings: 1. Select the check box next to the port to configure. You can select multiple check boxes to apply the same setting to all selected ports. 2.
GS108T and GS110TP Smart Switch Software Administration Manual Spanning Tree Protocol The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Spanning tree versions supported include Common STP, Multiple STP, and Rapid STP.
GS108T and GS110TP Smart Switch Software Administration Manual STP Switch Configuration The Spanning Tree Switch Configuration/Status page contains fields for enabling STP on the switch. To display the Spanning Tree Switch Configuration/Status page, click SwitchingSTPBasic STP Configuration. Figure 3-16 To configure STP settings on the switch: 1.
Page 108
GS108T and GS110TP Smart Switch Software Administration Manual 3. Specify the configuration name and revision level. • Configuration Name. Name used to identify the configuration currently being used. It may be up to 32 alphanumeric characters. • Configuration Revision Level. Number used to identify the configuration currently being used.
GS108T and GS110TP Smart Switch Software Administration Manual Click Refresh to update the information on the screen with the most current data. CST Configuration Use the Spanning Tree CST Configuration page to configure Common Spanning Tree (CST) and Internal Spanning Tree on the switch. To display the Spanning Tree CST Configuration page, click SwitchingSTPAdvanced ...
Page 110
GS108T and GS110TP Smart Switch Software Administration Manual • Bridge Max Age (secs). Specifies the bridge maximum age time for the Common and Internal Spanning Tree (CST), which indicates the amount of time in seconds a bridge waits before implementing a topological change. The valid range is 6–40, and the value must be less than or equal to (2 * Bridge Forward Delay) –...
GS108T and GS110TP Smart Switch Software Administration Manual CST Port Configuration Use the Spanning Tree CST Port Configuration page to configure Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To display the Spanning Tree CST Port Configuration page, click SwitchingSTPAdvanced CST Port Configuration.
Page 112
GS108T and GS110TP Smart Switch Software Administration Manual • Fast Link. Specifies if the specified port is an Edge Port with the CST. Possible values are Enable or Disable. The default is Disable. • Port State. The Forwarding state of this port. This field is read-only. •...
GS108T and GS110TP Smart Switch Software Administration Manual CST Port Status Use the Spanning Tree CST Port Status page to display Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To display the Spanning Tree CST Port Status page, click SwitchingSTPAdvanced CST Port Status.
Page 114
GS108T and GS110TP Smart Switch Software Administration Manual Table 3-3. Spanning Tree CST Port Status Fields (continued) Field Description Designated Bridge Bridge Identifier of the bridge with the Designated Port. It is made up using the bridge priority and the base MAC address of the bridge. Designated Port Port Identifier on the Designated Bridge that offers the lowest cost to the LAN.
GS108T and GS110TP Smart Switch Software Administration Manual Rapid STP Use the Rapid STP page to view information about Rapid Spanning Tree (RSTP) port status. To display the Rapid STP page, click SwitchingSTPAdvanced RSTP. Figure 3-20 The following table describes the Rapid STP Status information displayed on the screen. Table 3-4.
GS108T and GS110TP Smart Switch Software Administration Manual MST Configuration Use the Spanning Tree MST Configuration page to configure Multiple Spanning Tree (MST) on the switch. To display the Spanning Tree MST Configuration page, click SwitchingSTPAdvanced MST Configuration. Figure 3-21 To configure an MST instance: 1.
Page 117
GS108T and GS110TP Smart Switch Software Administration Manual • VLAN ID. The menu contains all VLANs configured on the switch. Select a VLAN to associate with the MST instance. 2. To delete an MST instance, select the check box next to the instance and click Delete. 3.
GS108T and GS110TP Smart Switch Software Administration Manual MST Port Configuration Use the Spanning Tree MST Port Configuration page to configure and display Multiple Spanning Tree (MST) settings on a specific port on the switch. To display the Spanning Tree MST Port Status page, click Switching STP Advanced MST Port Configuration.
Page 119
GS108T and GS110TP Smart Switch Software Administration Manual Note: If no MST instances have been configured on the switch, the page displays a “No MSTs Available” message and does not display the fields shown in Table 3-6 on page 3-36. Figure 3-24 To configure MST port settings: 1.
Page 120
GS108T and GS110TP Smart Switch Software Administration Manual Table 3-6. Spanning Tree MST Port Status Fields Field Description Auto-calculated Port Path Displays whether the path cost is automatically calculated (Enabled) or not Cost (Disabled). Path cost is calculated based on the link speed of the port if the configured value for Port Path Cost is zero.
GS108T and GS110TP Smart Switch Software Administration Manual STP Statistics Use the Spanning Tree Statistics page to view information about the number and type of bridge protocol data units (BPDUs) transmitted and received on each port. To display the Spanning Tree Statistics page, click Switching STP Advanced STP Statistics.
GS108T and GS110TP Smart Switch Software Administration Manual Multicast Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255. From the Multicast link, you can access the following pages: •...
GS108T and GS110TP Smart Switch Software Administration Manual 2. Click Apply to send the updated configuration to the switch. Configuration changes take effect immediately. 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch IGMP Snooping Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to...
Page 124
GS108T and GS110TP Smart Switch Software Administration Manual IGMP Snooping Configuration Use the IGMP Snooping Configuration page to configure the parameters for IGMP snooping, which is used to build forwarding lists for multicast traffic. To access the IGMP Snooping Configuration page, click Switching Multicast IGMP Snooping ...
Page 125
GS108T and GS110TP Smart Switch Software Administration Manual The following table displays information about the global IGMP snooping status and statistics on the page. Table 3-8. IGMP Snooping Configuration Fields Field Description IGMP Snooping Status Select the administrative mode for IGMP Snooping for the switch. The default is Disable.
Page 126
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-28 To configure IGMP Snooping interface settings: 1. To configure IGMP Snooping settings for a physical port, click PORTS. 2. To configure IGMP Snooping settings for a Link Aggregation Group (LAG), click LAGS. 3.
Page 127
GS108T and GS110TP Smart Switch Software Administration Manual • Host Timeout. Specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group. Enter a value between 2 and 3600 seconds.
Page 128
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-29 The following table describes the fields in the IGMP Snooping Table. Table 3-9. IGMP Snooping Table Fields Field Description MAC Address A multicast MAC address for which the switch has forwarding and/or filtering information.
Page 129
GS108T and GS110TP Smart Switch Software Administration Manual • Click Refresh to reload the page and display the most current information. Multicast Forwarding Database Table The Layer 2 Multicast Forwarding Database (MFDB) is used by the switch to make forwarding decisions for packets that arrive with a multicast destination MAC address.
Page 130
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the fields in the MFDB Table. Table 3-10. MFDB Table Fields Field Description MAC Address The MAC Address to which the multicast MAC address is related. To search by MAC address, enter the address with the MFDB table entry you want displayed.
Page 131
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-31 The following table describes the information available on the MFDB Statistics page: Table 3-11. Multicast Forwarding Database Statistics Fields Field Description Max MFDB Table Entries Displays the maximum number of entries that the Multicast Forwarding Database table can hold.
Page 132
GS108T and GS110TP Smart Switch Software Administration Manual IGMP Snooping VLAN Configuration Use the IGMP Snooping VLAN Configuration page to configure IGMP snooping settings for VLANs on the system. To access the IGMP Snooping VLAN Configuration page, click Switching Multicast IGMP Snooping ...
GS108T and GS110TP Smart Switch Software Administration Manual • Host Timeout. Sets the value for group membership interval of IGMP snooping for the specified VLAN ID. The valid range is (Maximum Response Time + 1) to 3600 seconds. • Maximum Response Time. Enter the amount of time in seconds that a switch will wait after sending a query on the VLAN because it did not receive a report for a particular group in that interface.
Page 134
GS108T and GS110TP Smart Switch Software Administration Manual IGMP Snooping Querier Configuration Use this page to enable or disable the IGMP Snooping Querier feature, specify the IP address of the router to perform the querying, and configure the related parameters. To access this page, click Switching...
Page 135
GS108T and GS110TP Smart Switch Software Administration Manual 6. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 7. Click Apply to apply the new settings to the switch. Configuration changes take effect immediately 8.
Page 136
GS108T and GS110TP Smart Switch Software Administration Manual • Disabled. Upon seeing another querier of the same version in the VLAN, the snooping querier moves to the non-querier state. • Enabled. The snooping querier participates in querier election, in which the least IP address operates as the querier in that VLAN.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the information available on the Querier VLAN Status page. Table 3-12. IGMP Snooping Querier VLAN Status Fields Field Description VLAN ID Specifies the VLAN ID on which the IGMP Snooping Querier is administratively enabled and for which VLAN exists in the VLAN database.
GS108T and GS110TP Smart Switch Software Administration Manual MAC Address Table The MAC Address Table contains information about unicast entries for which the switch has forwarding and/or filtering information. This information is used by the transparent bridging function in determining how to propagate a received frame. Use the search function of the MAC Address Table page to display information about the entries in the table.
GS108T and GS110TP Smart Switch Software Administration Manual • Interface: Select Interface from the menu, enter the interface ID in g1, g2... format, then, click Go. If any entries learned on that interface exist, they are displayed. 2. Click Clear to clear Dynamic MAC Addresses in the table. 3.
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-37 To configure the Dynamic Address setting: 1. Specify the number of seconds the forwarding database should wait before deleting a learned entry that has not been updated. IEEE 802.1D-1990 recommends a default of 300 seconds. You may enter any number of seconds between 10 and 1000000.
Page 141
GS108T and GS110TP Smart Switch Software Administration Manual Figure 3-38 To configure a static MAC address: 1. To add a static MAC address entry a. Select the VLAN ID corresponding to the MAC address to add. b. Specify the MAC address to add. c.
Page 142
GS108T and GS110TP Smart Switch Software Administration Manual 3-58 Configuring Switching Information v1.0, April 2010...
Chapter 4 Configuring Quality of Service Use the features in the QoS tab to configure Quality of Service (QoS) settings on the switch. The QoS tab contains links to the following features: • “Class of Service” on page 4-1 • “Differentiated Services”...
GS108T and GS110TP Smart Switch Software Administration Manual From the Class of Service link under the QoS tab, you can access the following pages: • “Basic CoS Configuration” on page 4-2 • “CoS Interface Configuration” on page 4-4 • “Interface Queue Configuration” on page 4-5 •...
Page 145
GS108T and GS110TP Smart Switch Software Administration Manual Figure 4-1 To configure global CoS settings: 1. Select the Global radio button to configure the trust mode settings that apply to all interfaces. Alternatively, you can select the Interface radio button to apply trust mode settings to individual interfaces.
GS108T and GS110TP Smart Switch Software Administration Manual CoS Interface Configuration Use the CoS Interface Configuration page to apply an interface shaping rate to all interfaces or to a specific interface. To display the CoS Interface Configuration page, click the QoS CoS tab, and then click the Advanced ...
GS108T and GS110TP Smart Switch Software Administration Manual 5. From the Interface Trust Mode field, specify whether or not the selected interface(s) trust a particular packet marking when the packet enters the port. • Untrusted. Do not trust any CoS packet marking at ingress. •...
Page 148
GS108T and GS110TP Smart Switch Software Administration Manual To display the Interface Queue Configuration page, click the QoS CoS tab, and then click the Advanced Interface Queue Configuration link. Figure 4-3 To configure CoS queue settings for an interface: 1.
GS108T and GS110TP Smart Switch Software Administration Manual • Scheduler Type. Selects the type of queue processing from the drop down menu. Options are Weighted and Strict. Defining on a per-queue basis allows the user to create the desired service characteristics for different types of traffic. •...
Page 150
GS108T and GS110TP Smart Switch Software Administration Manual To map 802.1p priorities to queues: 1. Select the Global radio button to apply the same 802.1p priority mapping to all CoS configurable interfaces or select the Interface radio button to apply 802.1p priority mapping to on a per-interface basis.
GS108T and GS110TP Smart Switch Software Administration Manual DSCP to Queue Mapping Use the DSCP to Queue Mapping page to specify which internal traffic class to map the corresponding DSCP value. To display the IP DSCP Mapping page, click QoS CoS Advanced DSCP to Queue Mapping.
GS108T and GS110TP Smart Switch Software Administration Manual To map DSCP values to queues: 1. For each DSCP value, select a hardware queue to associate with the value. The traffic class is the hardware queue for a port. Higher traffic class values indicate a higher queue position.
GS108T and GS110TP Smart Switch Software Administration Manual Packet processing begins by testing the class match criteria for a packet. A policy is applied to a packet when a class match within that policy is found. The Differentiated Services menu page contains links to the various Diffserv configuration and display features.
Page 154
GS108T and GS110TP Smart Switch Software Administration Manual Figure 4-6 To configure the global DiffServ mode: 1. Select the administrative mode for DiffServ: • Enable. Differentiated Services are active. • Disable. The DiffServ configuration is retained and can be changed, but it is not active. 2.
GS108T and GS110TP Smart Switch Software Administration Manual Table 4-1. DiffServ Status Fields (continued) Field Description Policy Table Displays the current and maximum number of rows of the policy table. Policy Instance Table Displays the current and maximum number of rows of the policy instance table.
Page 156
GS108T and GS110TP Smart Switch Software Administration Manual To configure a DiffServ class: 1. To create a new class, enter a class name, select the class type, and click Add. The switch supports only the Class Type value All, which means all the various match criteria defined for the class should be satisfied for a packet match.
Page 157
GS108T and GS110TP Smart Switch Software Administration Manual The class name is a hyperlink. Figure 4-9 shows the configuration fields for the class. Figure 4-9 2. Define the criteria to associate with a DiffServ class: • Reference Class. Selects a class to start referencing for criteria. A specified class can reference at most one other class of the same type.
Page 158
GS108T and GS110TP Smart Switch Software Administration Manual • EtherType. Select the EtherType field to compare the match criteria against the value in the header of an Ethernet frame. Select an EtherType keyword or enter an EtherType value to specify the match criteria.If you specify the EtherType value, select User Value from the menu and enter a custom protocol identifier to which packets are matched.
GS108T and GS110TP Smart Switch Software Administration Manual • Destination L4 Port. Requires a packet’s TCP/UDP destination port to match the port you select. Select the desired L4 keyword from the list on which the rule can be based. If you select Other, the screen refreshes and a Port ID field appears.
Page 160
GS108T and GS110TP Smart Switch Software Administration Manual Figure 4-10 To configure a DiffServ policy: 1. To create a new policy, enter a policy name in the Policy Selector field, select the existing DiffServ class to associate with the policy, and click Add. The available policy type is In, which indicates the type is specific to inbound traffic.
Page 161
GS108T and GS110TP Smart Switch Software Administration Manual Figure 4-11 The policy name is a hyperlink. Figure 4-12 on page 4-20 shows the configuration fields for the policy. Configuring Quality of Service 4-19 v1.0, April 2010...
Page 162
GS108T and GS110TP Smart Switch Software Administration Manual Figure 4-12 2. Select the queue to which packets will of this policy-class will be assigned . 3. Configure the policy attributes:. • Drop. Select this option to drop packets for this policy-class. 4-20 Configuring Quality of Service v1.0, April 2010...
Page 163
GS108T and GS110TP Smart Switch Software Administration Manual • Mark CoS. Enter the specified Class of Service queue number to mark all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header.
Page 164
GS108T and GS110TP Smart Switch Software Administration Manual • Mark IP DSCP. These packets are marked by DiffServ with the specified DSCP value before being presented to the system forwarding element. This selection requires that the DSCP value field be set. •...
GS108T and GS110TP Smart Switch Software Administration Manual Service Configuration Use the Service Configuration page to activate a policy on an interface. To display the page, click QoS DiffServ Advanced Service Configuration. Figure 4-13 To configure DiffServ policy settings on an interface: 1.
GS108T and GS110TP Smart Switch Software Administration Manual 6. To remove a policy from the selected interface(s) select None from the Policy In menu, and then click Apply. 7. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 167
GS108T and GS110TP Smart Switch Software Administration Manual Table 4-2. Service Statistics Fields (continued) Field Description Operational Status Displays the operational status of this service interface, which is either Up or Down. Discarded Packets Displays the total number of packets discarded for all class instances in this service policy for any reason due to DiffServ treatment.
Page 168
GS108T and GS110TP Smart Switch Software Administration Manual 4-26 Configuring Quality of Service v1.0, April 2010...
Chapter 5 Managing Device Security Use the features available from the Security tab to configure management security settings for port, user, and server security.The Security tab contains links to the following features: • “Management Security Settings” on page 5-1 • “Configuring Management Access”...
GS108T and GS110TP Smart Switch Software Administration Manual Change Password Use the page to change the login password. To display the page, click Security Management Security User Configuration Change Password. Figure 5-1 To change the login password for the management interface: 1.
GS108T and GS110TP Smart Switch Software Administration Manual RADIUS Configuration RADIUS servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information. The switch passes information to the configured RADIUS server, which can authenticate a user name and password before authorizing use of the network.
Page 172
GS108T and GS110TP Smart Switch Software Administration Manual The Current Server IP Address field is blank if no servers are configured (see “RADIUS Server Configuration” on page 5-5). The switch supports up to three configured RADIUS servers. If more than one RADIUS servers are configured, the current server is the server configured as the primary server.
Page 173
GS108T and GS110TP Smart Switch Software Administration Manual RADIUS Server Configuration Use the RADIUS Server Configuration page to view and configure various settings for the current RADIUS server configured on the system. To access the RADIUS Server Configuration page, click Security Management Security, and then click the RADIUS ...
Page 174
GS108T and GS110TP Smart Switch Software Administration Manual 2. To modify settings for a RADIUS server that is already configured on the switch, select the check box next to the server address, update the desired fields, and click Apply. 3. Click Refresh to update the page with the most current information. 4.
Page 175
GS108T and GS110TP Smart Switch Software Administration Manual Table 5-1. RADIUS Server Statistics Fields (continued) Field Description Unknown Types The number of RADIUS packets of unknown type which were received from this server on the authentication port. Packets Dropped The number of RADIUS packets received from this server on the authentication port and dropped for some other reason.
Page 176
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-4 To configure the RADIUS accounting server: 1. In the Accounting Server Address field, specify the IP address of the RADIUS accounting server to add. 2. In the Port field, specify the UDP port number the server uses to verify the RADIUS accounting server authentication.
Page 177
GS108T and GS110TP Smart Switch Software Administration Manual 7. To delete a configured RADIUS Accounting server, click Delete. 8. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. The following table describes RADIUS accounting server statistics available on the page.
GS108T and GS110TP Smart Switch Software Administration Manual Configuring TACACS+ TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services: • Authentication: Provides authentication during login and via user names and user-defined passwords.
Page 179
GS108T and GS110TP Smart Switch Software Administration Manual To configure global TACACS+ settings: 1. In the Key String field, specify the authentication and encryption key for TACACS+ communications between the GS108T or GS110TP and the TACACS+ server. The valid range is 0–128 characters.
Page 180
GS108T and GS110TP Smart Switch Software Administration Manual Note: The Add option is available if fewer than five TACACS+ servers are configured on the system, and the Server Address field is only available when Add is selected in the TACACS+ Server IP Address field. After you add one or more TACACS+ servers, additional fields appear on the TACACS+ Server Configuration page.
GS108T and GS110TP Smart Switch Software Administration Manual Authentication List Configuration Use the Authentication List page to configure the default login list. A login list specifies one or more authentication methods to validate switch or port access for the admin user. Note: Admin is the only user on the system and is assigned to a preconfigured list named defaultList, which you cannot delete.
GS108T and GS110TP Smart Switch Software Administration Manual • RADIUS: The user's ID and password will be authenticated using the RADIUS server. If you select RADIUS or TACACS+ as the first method and an error occurs during the authentication, the switch uses Method 2 to authenticate the user. •...
GS108T and GS110TP Smart Switch Software Administration Manual HTTP Configuration Use the HTTP Configuration page to configure the HTTP server settings on the system. To access the HTTP Configuration page, click the Security tab, then click Access, and then click the HTTP ...
GS108T and GS110TP Smart Switch Software Administration Manual 4. In the Maximum Number of HTTP Sessions field, specify the maximum number of HTTP sessions that can exist at the same time. The value must be in the range of (0–16). The default value is 16.
Page 185
GS108T and GS110TP Smart Switch Software Administration Manual To configure HTTPS settings: 1. Use the radio buttons in the HTTPS Admin Mode field to enable or disable the Administrative Mode of Secure HTTP. The currently configured value is shown when the Web page is displayed. The default value is Disable.
GS108T and GS110TP Smart Switch Software Administration Manual Certificate Download For the Web server on the switch to accept HTTPS connections from a management station, the Web server needs a public key certificate. You can generate a certificate externally (for example, off-line) and download it to the switch.
Page 188
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-12 To configure an Access Profile: 1. In the Access Profile Name field, specify the name of the access profile to be added. The maximum length is 32 characters. 2. To activate an access profile, select the Activate Profile check box. You cannot add rules to an active profile.
GS108T and GS110TP Smart Switch Software Administration Manual The Profile Summary table shows the rules that are configured for the profile, as the following table describes. Table 5-3. Profile Summary Fields Field Description Rule Type Identifies the action the rule takes, which is either Permit or Deny. Service Type Displays the type of service to allow or prohibit from accessing the switch management interface:...
Page 190
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-13 Before you create access rules, make sure: • An access profile exists. • The access profile is deactivated. To configure access profile rules: 1. To add an access profile rule, configure the following settings and click Add. •...
GS108T and GS110TP Smart Switch Software Administration Manual • Source IP Address. Specify the IP Address of the client originating the management traffic. • Mask. Specify the subnet mask associated with the IP address. The subnet mask is a standard subnet mask, and not an inverse (wildcard) mask that you use with IP ACLs. •...
GS108T and GS110TP Smart Switch Software Administration Manual From the Port Authentication link, you can access the following pages: • Basic: • “802.1X Configuration” on page 5-24 • Advanced: • “Port Authentication” on page 5-25 • “Port Summary” on page 5-30 802.1X Configuration Use the 802.1X Configuration page to enable or disable port access control on the system.
GS108T and GS110TP Smart Switch Software Administration Manual Note: If 802.1X is enabled, authentication is performed by a RADIUS server. This means the primary authentication method must be RADIUS. To set the method, go to Security > Management Security > Authentication List and select RADIUS as method 1 for defaultList.
Page 195
GS108T and GS110TP Smart Switch Software Administration Manual To configure 802.1X settings for the port: 1. Select the check box next to the port to configure. You can also select multiple check boxes to apply the same settings to the select ports, or select the check box in the heading row to apply the same settings to all ports.
Page 196
GS108T and GS110TP Smart Switch Software Administration Manual • Resending EAP. This input field allows you to configure the transmit period for the selected port. The transmit period is the value, in seconds, of the timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request/Identify frame to the supplicant.
Page 197
GS108T and GS110TP Smart Switch Software Administration Manual • Aborting • Held • ForceAuthorized • ForceUnauthorized • Backend State. This field displays the current state of the backend authentication state machine. Possible values are as follows: • Request • Response •...
GS108T and GS110TP Smart Switch Software Administration Manual Port Summary Use the Port Summary page to view information about the port access control settings on a specific port. To access the Port Summary page, click Security Port Authentication Advanced Port Summary.
Page 199
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the fields on the Port Summary page. Table 5-4. Port Summary Fields Field Description Port The port whose settings are displayed in the current table row. Control Mode Defines the port authorization state.
GS108T and GS110TP Smart Switch Software Administration Manual Traffic Control From the Traffic Control link, you can configure MAC Filters, Storm Control, Port Security, and Protected Port settings. To display the page, click the Security Traffic Control tab. The Traffic Control folder contains links to the following features: •...
Page 201
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-18 To configure MAC filter settings: 1. To configure a new MAC filter: a. Select Create Filter from the MAC Filter menu. If no filters have been configured, this is the only option available. b.
GS108T and GS110TP Smart Switch Software Administration Manual e. Click the orange bar to display the available ports and select the port(s) you to include in the outbound filter. Packets with the MAC address and VLAN ID you selected will be transmitted only out of ports that are in the list.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the information displayed on the page: Table 5-5. MAC Filter Summary Fields Field Description MAC Address Identifies the MAC address that is filtered. VLAN ID The VLAN ID used with the MAC address to fully identify packets you want filtered. You can only change this field when you have selected the Create Filter option.
Page 204
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-20 To configure storm control settings: 1. Select the check box next to the port to configure. Select multiple check boxes to apply the same setting to all selected ports. Select the check box in the heading row to apply the same settings to all ports.
GS108T and GS110TP Smart Switch Software Administration Manual • Multicast. If the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. • Broadcast. If the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
GS108T and GS110TP Smart Switch Software Administration Manual To configure the global port security mode: 1. In the Port Security Mode field, select the appropriate radio button to enable or disable port security on the switch. 2. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 207
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-22 To configure port security settings: 1. To configure port security settings for a physical port, click PORTS. 2. To configure port security settings for a Link Aggregation Group (LAG), click LAGS. 3.
GS108T and GS110TP Smart Switch Software Administration Manual • Max Allowed Statically Locked MAC. Sets the maximum number of statically locked MAC addresses on the selected interface. Valid range is 0–20. • Enable Violation Traps. Enables or disables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port.
GS108T and GS110TP Smart Switch Software Administration Manual The Dynamic MAC Address Table shows the MAC addresses and their associated VLANs learned on the selected port. Use the Port List menu to select the interface for which you want to display data.
GS108T and GS110TP Smart Switch Software Administration Manual 2. Click the box below each port to configure as a protected port. Protected ports are marked with an X. No traffic forwarding is possible between two protected ports. 3. Click Refresh to refresh the page with the most current data from the switch. 4.
GS108T and GS110TP Smart Switch Software Administration Manual ACL Wizard The ACL Wizard simplifies the ACL rule configuration process. The Wizard contains a short list of access criteria that you can either permit or deny. When you select the permit or deny link associated with the access criteria, you are redirected to a page that is automatically configured with several of the settings.
GS108T and GS110TP Smart Switch Software Administration Manual • To permit or deny traffic based on the TCP or UDP Source Port ID, create an Extended ACL. • To permit or deny traffic based on the TCP or UDP Destination Port ID, create an Extended ACL.
Page 213
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-26 The MAC ACL table displays the number of ACLs currently configured in the switch and the maximum number of ACLs that can be configured. The current size is equal to the number of configured IPv4 ACLs plus the number of configured MAC ACLs.
GS108T and GS110TP Smart Switch Software Administration Manual MAC Rules Use the MAC Rules page to define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default 'deny all' rule is the last rule of every list.
Page 215
GS108T and GS110TP Smart Switch Software Administration Manual • Destination MAC. Requires an Ethernet frame’s destination port MAC address to match the address listed here. Enter a MAC address in this field. The valid format is xx:xx:xx:xx:xx:xx. • Destination MAC Mask. If desired, enter the MAC Mask associated with the Destination MAC to match.
GS108T and GS110TP Smart Switch Software Administration Manual MAC Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the MAC Binding Configuration page to assign MAC ACL lists to ACL Priorities and Interfaces.
GS108T and GS110TP Smart Switch Software Administration Manual 3. Click the appropriate orange bar to expose the available ports or LAGs. • To add the selected ACL to a port or LAG, click the box directly below the port or LAG number so that an X appears in the box.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the information displayed in the MAC Binding Table. Table 5-8. MAC ACL Rule Configuration Fields Field Description Interface Displays the interface to which the MAC ACL is bound. Direction Specifies the packet filtering direction for ACL.
Page 219
GS108T and GS110TP Smart Switch Software Administration Manual The IP ACL area shows the current size of the ACL table versus the maximum size of the ACL table. The current size is equal to the number of configured IPv4 plus the number of configured MAC ACLs.
GS108T and GS110TP Smart Switch Software Administration Manual IP Rules Use the IP Rules page to define rules for IP-based standard ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: There is an implicit “deny all”...
GS108T and GS110TP Smart Switch Software Administration Manual • Assign Queue ID. Specifies the hardware egress queue identifier used to handle all packets matching this ACL rule. Enter an identifying number from 0–3 in the appropriate field. • Match Every. Requires a packet to match the criteria of this ACL. Select True or False from the drop down menu.
Page 222
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-31 To configure rules for an IP ACL: 1. To add an IP ACL rule, select the ACL ID to add the rule to, select the check box in the Extended ACL Rule table, and click Add. The page displays the extended ACL Rule Configuration fields, as Figure 5-32 on page 5-55 shows.
Page 223
GS108T and GS110TP Smart Switch Software Administration Manual Figure 5-32 2. Configure the new rule. • Rule ID. Specify a number from 1–10 to identify the IP ACL rule. You can create up to 10 rules for each ACL. • Action.
Page 224
GS108T and GS110TP Smart Switch Software Administration Manual • Protocol Type. Requires a packet’s protocol to match the protocol listed here. Select a type from the drop down menu or enter the protocol number in the available field. • Src IP Address. Requires a packet’s source IP address to match the address listed here. Type an IP Address in the appropriate field using dotted-decimal notation.
Page 225
GS108T and GS110TP Smart Switch Software Administration Manual • Service Type. Choose one of the Service Type match conditions for the extended IP ACL rule. The possible values are IP DSCP, IP precedence, and IP TOS, which are alternative ways of specifying a match criterion for the same Service Type field in the IP header, however each uses a different user notation.
GS108T and GS110TP Smart Switch Software Administration Manual IP Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the IP Binding Configuration page to assign ACL lists to ACL Priorities and Interfaces.
GS108T and GS110TP Smart Switch Software Administration Manual 3. Click the appropriate orange bar to expose the available ports or LAGs. • To add the selected ACL to a port or LAG, click the box directly below the port or LAG number so that an X appears in the box.
Page 228
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the information displayed in the MAC Binding Table. Table 5-9. IP ACL Binding Table Fields Field Description Interface Displays the interface to which the IP ACL is bound. Direction Specifies the packet filtering direction for ACL.
Chapter 6 Monitoring the System Use the features available from the Monitoring tab to view a variety of information about the switch and its ports and to configure how the switch monitors events. The Monitoring tab contains links to the following features: •...
Page 230
GS108T and GS110TP Smart Switch Software Administration Manual Figure 6-1 The following table describes the Switch Statistics displayed on the screen. Table 6-1. Switch Statistics Fields Field Description ifIndex This object indicates the ifIndex of the interface table entry associated with the processor of this switch.
Page 231
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-1. Switch Statistics Fields (continued) Field Description Multicast Packets Received The total number of packets received that were directed to a multicast address. This number does not include packets directed to the broadcast address.
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-1. Switch Statistics Fields (continued) Field Description VLAN Deletes The number of VLANs on this switch that have been created and then deleted since the last reboot. Time Since Counters Last The elapsed time, in days, hours, minutes, and seconds, since the statistics Cleared for this switch were last cleared.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the per-port statistics displayed on the screen. Table 6-2. Port Statistics Fields Field Description Interface Lists the ports on the system. Total Packets Received The total number of packets received that were without errors. Without Errors Packets Received With The number of inbound packets that contained errors preventing them from...
Page 234
GS108T and GS110TP Smart Switch Software Administration Manual Figure 6-3 The following table describes the detailed port information displayed on the screen. To view information about a different port, select the port number from the Interface menu. Table 6-3. Port Detailed Statistics Fields Field Description Interface...
Page 235
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description ifIndex This field indicates the ifIndex of the interface table entry associated with this port on an adapter. Port Type For most ports this field is blank. Otherwise the possible values are: •...
Page 236
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Physical Mode Indicates the port speed and duplex mode. In auto-negotiation mode, the duplex mode and speed are set from the auto-negotiation process. Physical Status Indicates the port speed and duplex mode status.
Page 237
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Packets Received 65-127 The total number of packets (including bad packets) received that were Octets between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
Page 238
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Fragments Received The total number of packets received that were less than 64 octets in length with ERROR CRC (excluding framing bits but including FCS octets). Undersize Received The total number of packets received that were less than 64 octets in length with GOOD CRC (excluding framing bits but including FCS octets).
Page 239
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Packets Transmitted 64 The total number of packets (including bad packets) transmitted that were 64 Octets octets in length (excluding framing bits but including FCS octets). Packets Transmitted 65- The total number of packets (including bad packets) transmitted that were 127 Octets...
Page 240
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Underrun Errors The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission. Total Transmit Packets The sum of single collision frames discarded, multiple collision frames Discarded discarded, and excessive frames discarded.
GS108T and GS110TP Smart Switch Software Administration Manual EAP Statistics Use the EAP Statistics page to display information about EAP packets received on a specific port. To display the EAP Statistics page, click the Monitoring Ports tab, and then click the EAP Statistics link.
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-4. EAP Statistics Fields (continued) Field Description Invalid Frames Received Displays the number of unrecognized EAPOL frames received on this port. Length Error Frames Displays the number of EAPOL frames with an invalid Packet Body Received Length received on this port.
GS108T and GS110TP Smart Switch Software Administration Manual Memory Logs The in-memory log stores messages in memory based upon the settings for message component and severity. Use the Memory Logs page to set the administrative status and behavior of logs in the system buffer.
Page 244
GS108T and GS110TP Smart Switch Software Administration Manual • Stop on Full: When the buffer is full, the system stops logging new messages and preserves all existing log messages. 3. If you change the buffered log settings, click Apply to apply the changes to the system and the changes will be saved.
GS108T and GS110TP Smart Switch Software Administration Manual FLASH Log Configuration The FLASH log is a log that is stored in persistent storage, which means that the log messages are retained across a switch reboot. • The first log type is the system startup log. The system startup log stores the first N messages received after system reboot.
Page 246
GS108T and GS110TP Smart Switch Software Administration Manual To configure the FLASH Log settings: 1. Use the radio buttons in the Admin Status field to determine whether to log messages to persistent storage. • Enable: Enables persistent logging. • Disable: Prevents the system from logging messages in persistent storage. 2.
GS108T and GS110TP Smart Switch Software Administration Manual Server Log Configuration Use the Server Log Configuration page to allow the switch to send log messages to the remote logging hosts configured on the system. To access the Server Log Configuration page, click the Monitoring Logs tab, and then click the Server Log link.
Page 248
GS108T and GS110TP Smart Switch Software Administration Manual The Server Log Configuration area also displays the following information: • The Messages Relayed field shows the number of messages forwarded by the syslog function to a syslog host. Messages forwarded to multiple hosts are counted once for each host. •...
GS108T and GS110TP Smart Switch Software Administration Manual 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. The Status field in the Server Configuration table shows whether the remote logging host is currently active.
GS108T and GS110TP Smart Switch Software Administration Manual Table 6-6. Trap Log Statistics (continued) Field Description Trap Log Capacity The maximum number of traps stored in the log. If the number of traps exceeds the capacity, the entries will overwrite the oldest entries. Number of Traps The number of traps that have occurred since the traps were last displayed.
Page 251
GS108T and GS110TP Smart Switch Software Administration Manual Figure 6-9 The following table describes the Event Log information displayed on the screen. Table 6-8. Event Log Fields Field Description Entry The number of the entry within the event log. The most recent entry is first. Type Specifies the type of entry.
GS108T and GS110TP Smart Switch Software Administration Manual Port Mirroring The page under the Mirroring link allows you to view and configure port mirroring on the system. Multiple Port Mirroring Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch.
Page 253
GS108T and GS110TP Smart Switch Software Administration Manual To configure Port Mirroring: 1. Select the check box next to a port to configure it as a source port. 2. In the Destination Port field, specify the port to which port traffic is be copied. Use the g1, g2,...format to specify the port.
Page 254
GS108T and GS110TP Smart Switch Software Administration Manual 6-26 Monitoring the System v1.0, April 2010...
Chapter 7 Maintenance Use the features available from the Maintenance tab to help you manage the switch. The Maintenance tab contains links to the following features: • “Reset” on page 7-1 • “Upload File From Switch” on page 7-3 • “Download File To Switch”...
GS108T and GS110TP Smart Switch Software Administration Manual Figure 7-1 To reboot the switch: 1. Select the check box on the page. 2. Click Apply. The switch resets immediately. The management interface is not available until the switch completes the boot cycle. After the switch resets, the login screen appears. Factory Default Use the Factory Default page to reset the system configuration to the factory default values.
GS108T and GS110TP Smart Switch Software Administration Manual To access the Factory Defaults page, click Maintenance Reset Factory Default. Figure 7-2 To reset the switch to the factory default settings: 1. Select the check box on the page. 2.
Page 258
GS108T and GS110TP Smart Switch Software Administration Manual To display the File Upload page, click Maintenance Upload File Upload. Figure 7-3 To upload a file from the switch to the TFTP server: 1. Use the File Type menu to specify the type of file you want to upload: •...
GS108T and GS110TP Smart Switch Software Administration Manual 5. In the Transfer File Path field, specify the path on the TFTP server where you want to put the file. You may enter up to 32 characters. Include the backslash at the end of the path. A path name with a space is not accepted.
Page 260
GS108T and GS110TP Smart Switch Software Administration Manual To access the TFTP File Download page, click Maintenance Download TFTP File Download. Figure 7-4 Before you download a file to the switch, the following conditions must be true: • The file to download from the TFTP server is on the server in the appropriate directory.
Page 261
GS108T and GS110TP Smart Switch Software Administration Manual • Boot Code: The boot code used to automatically boot the system. • SSL Trusted Root Certificate PEM File: SSL Trusted Root Certificate File (PEM Encoded). • SSL Server Certificate PEM File: SSL Server Certificate File (PEM Encoded). •...
GS108T and GS110TP Smart Switch Software Administration Manual HTTP File Download Use the HTTP File Download page to download files of various types to the switch using an HTTP session (for example, via your Web browser). To display this page, click Maintenance Download HTTP File Download. Figure 7-5 To download a file to the switch from by using HTTP: 1.
GS108T and GS110TP Smart Switch Software Administration Manual Dual Image Configuration The system running a legacy software version will ignore (not load) a configuration file created by the newer software version. When a configuration file created by the newer software version is discovered by the system running an older version of the software, the system will display an appropriate warning to the user.
GS108T and GS110TP Smart Switch Software Administration Manual Note: After activating an image, you must perform a system reset of the switch in order to run the new code. 4. To remove the selected image from permanent storage on the switch, select the Delete Image check box.
GS108T and GS110TP Smart Switch Software Administration Manual The following table describes the information on the Dual Image Status page. Table 7-1. Dual Image Status Fields Field Description Unit The unit ID of the switch is always 1. Image1 Ver Displays the version of the image1 code file.
Page 267
GS108T and GS110TP Smart Switch Software Administration Manual Figure 7-8 To configure the settings and ping a host on the network: 1. In the Hostname/IP Address field, specify the IP address or the hostname of the station you want the switch to ping. The initial value is blank. This information is not retained across a power cycle.
GS108T and GS110TP Smart Switch Software Administration Manual Traceroute Use the Traceroute utility to discover the paths that a packet takes to a remote destination. To display this page, click Maintenance Troubleshooting Traceroute. Figure 7-9 To configure the Traceroute settings and send probe packets to discover the route to a host on the network: 1.
Page 269
GS108T and GS110TP Smart Switch Software Administration Manual • InitTTL. Specify the initial time-to-live for a packet in number of hops. The valid range is 0– 255. • MaxFail. Specify the maximum number of failures allowed in the session. The valid range is 0–255.
Page 270
GS108T and GS110TP Smart Switch Software Administration Manual 7-16 Maintenance v1.0, April 2010...
Use the Support page to connect to the Online Support site at netgear.com. To access the Support page, click Help Support. Figure 8-1 To connect to the NETGEAR support site for the GS108T or GS110TP, click Apply. v1.0, April 2010...
User Guide Use the User Guide page to access the GS108T and GS110TP Smart Switch Software Administration Manual (the guide you are now reading) that is available on the NETGEAR Website. To access the User Guide page, click Help User Guide.
GS108T and GS110TP Smart Switch Software Administration Manual Table A-3. GS108T and GS110TP Switch Performance Feature Value Switching capacity Non-Blocking Full WireSpeed on all packet sizes Forwarding method Store and Forward Packet forwarding rate 10M:14,880 pps/ 100M:148,810 pps/ 1G:1,488,000 pps MAC addresses Green Ethernet Power consumption savings by cable length (<10m)
Page 275
GS108T and GS110TP Smart Switch Software Administration Manual Table A-5. Traffic Control Feature Sets Supported Default Storm control All ports Disabled Jumbo frame All ports Disabled Max = 9216 bytes Table A-6. Quality Of Service Feature Sets Supported Default Number of queues Port based 802.1p Enabled...
Page 276
GS108T and GS110TP Smart Switch Software Administration Manual Table A-8. System Setup Feature Sets Supported Default Boot code update DHCP/manual IP DHCP enabled/192.168.0.239 Default gateway 192.168.0.254 System name configuration NULL Configuration save/restore Firmware upgrade Restore defaults 1 (Web and front-panel button) Dual image support Enabled Factory reset...
Page 277
GS108T and GS110TP Smart Switch Software Administration Manual Table A-10. Other Features Feature Sets Supported Default IGMP snooping v1/v2 All ports Disabled Configurations upload/download EAPoL flooding All ports Disabled BPDU flooding All ports Disabled Static multicast groups Disabled Filter multicast control Disabled Hardware Specifications and Default Values v1.0, April 2010...
Page 278
GS108T and GS110TP Smart Switch Software Administration Manual Hardware Specifications and Default Values v1.0, April 2010...
Appendix B Configuration Examples This chapter contains information about how to configure the following features: • “Virtual Local Area Networks (VLANs)” on page B-1 • “Access Control Lists (ACLs)” on page B-4 • “Differentiated Services (DiffServ)” on page B-7 • “802.1X”...
Page 280
GS108T and GS110TP Smart Switch Software Administration Manual VLANs have a number of advantages: • It is easy to do network segmentation. Users that communicate most frequently with each other can be grouped into common VLANs, regardless of physical location. Each group’s traffic is contained largely within the VLAN, reducing extraneous traffic and improving the efficiency of the whole network.
GS108T and GS110TP Smart Switch Software Administration Manual VLAN Example Configuration This example demonstrates several scenarios of VLAN use and describes how the switch handles tagged and untagged traffic. In this example, you create two new VLANs, change the port membership for default VLAN 1, and assign port members to the two new VLANs: 1.
GS108T and GS110TP Smart Switch Software Administration Manual Access Control Lists (ACLs) ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and provide security for the network.
Page 283
GS108T and GS110TP Smart Switch Software Administration Manual 2. From the MAC Rules screen, create a rule for the Sales_ACL with the following settings: • ID: 1 • Action: Permit • Assign Queue: 0 • Match Every: False • CoS: 0 •...
GS108T and GS110TP Smart Switch Software Administration Manual You can assign an optional sequence number to indicate the order of this access list relative to other access lists if any are already assigned to this interface and direction. 4. The MAC Binding Table displays the interface and MAC ACL binding information (See “MAC Binding Table”...
GS108T and GS110TP Smart Switch Software Administration Manual 6. From the IP Binding Configuration page, assign ACL ID 1 to the interface gigabit ports 2, 3, and 4, and assign a sequence number of 1 (See “IP Binding Configuration” on page 5-58).
GS108T and GS110TP Smart Switch Software Administration Manual The DiffServ feature contains a number of conceptual QoS building blocks you can use to construct a differentiated service network. Use these same blocks in different ways to build other types of QoS architectures. There are 3 key QoS building blocks needed to configure DiffServ: •...
GS108T and GS110TP Smart Switch Software Administration Manual You can combine these classifiers with logical AND or OR operations to build complex MF- classifiers (by specifying a class type of all or any, respectively). That is, within a single class, multiple match criteria are grouped together as an AND expression or a sequential OR expression, depending on the defined class type.
GS108T and GS110TP Smart Switch Software Administration Manual • Policing: a method of constraining incoming traffic associated with a particular class so that it conforms to the terms of the TCS. Special treatment can be applied to out-of-profile packets that are either in excess of the conformance specification or are non-conformant. The DiffServ feature supports the following types of traffic policing treatments (actions): •...
Page 289
GS108T and GS110TP Smart Switch Software Administration Manual 3. Configure the following settings for Class1: • Protocol Type: UDP • Source IP Address: 192.12.1.0 • Source Mask: 255.255.255.0 • Source L4 Port: Other, and enter 4567 as the source port value •...
Page 290
GS108T and GS110TP Smart Switch Software Administration Manual On this network, traffic from streaming applications uses UDP port 4567 as the source and 4568 as the destination. This real-time traffic is time sensitive, so it is assigned to a high-priority hardware queue.
Page 291
GS108T and GS110TP Smart Switch Software Administration Manual The ports of an 802.1X authenticator switch provide the means in which it can offer services to other systems reachable via the LAN. Port-based network access control allows the operation of a switch’s ports to be controlled in order to ensure that access to its services is only permitted by systems that are authorized to do so.
GS108T and GS110TP Smart Switch Software Administration Manual Authenticator Supplicant Switch Authentication Server (RADIUS) 192.168.10.23 Supplicant Figure B-2 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (g5–g8). These ports are available to visitors and need to be authenticated before granting access to the network.
GS108T and GS110TP Smart Switch Software Administration Manual This example uses the default values for the port authentication settings, but there are several additional settings that you can configure. For example, the EAPOL Flood Mode field allows you to enable the forwarding of EAPoL frames when 802.1X is disabled on the device. 6.
Page 294
GS108T and GS110TP Smart Switch Software Administration Manual The MSTP algorithm and protocol provides simple and full connectivity for frames assigned to any given VLAN throughout a Bridged LAN comprising arbitrarily interconnected networking devices, each operating MSTP, STP or RSTP. MSTP allows frames assigned to different VLANs to follow separate paths, each based on an independent Multiple Spanning Tree Instance (MSTI), within Multiple Spanning Tree (MST) Regions composed of LANs and or MSTP Bridges.
GS108T and GS110TP Smart Switch Software Administration Manual To support multiple spanning trees, a MSTP bridge has to be configured with an unambiguous assignment of VLAN IDs (VIDs) to spanning trees. This is achieved by: 1. Ensuring that the allocation of VIDs to FIDs is unambiguous. 2.
Page 296
GS108T and GS110TP Smart Switch Software Administration Manual Ports g1-g5 Ports g1-g5 Connected to Hosts Connected to Hosts Ports g6-g8 Connected to Switch 2 and 3 Ports g6-g8 Switch 1 Connected to Root Bridge Switch 1 and 3 Switch 2 Ports g6-g8 Connected to Switch 1 and 2 Switch 3...
Page 297
GS108T and GS110TP Smart Switch Software Administration Manual Note: Bridge priority values are multiples of 4096. If you do not specify a root bridge and all switches have the same Bridge Priority value, the switch with the lowest MAC address is elected as the root bridge (see “CST Configuration”...
Page 298
GS108T and GS110TP Smart Switch Software Administration Manual Switch 2 use VLAN 500, MST instance 2 to communicate with the hosts on Switch 3 directly. Likewise, hosts of Switch 1 use VLAN 300, MST instance 1 to communicate with the hosts on Switch 3 directly.