Page 1 ProSafe® Managed Switch Web Management User Manual Version 9.0.2 GSM5212P GSM7212F GSM7212P GSM7224P 350 East Plumeria Drive San Jose, CA 95134 November, 2011 202-10967-01 v1.0...
Page 2: Technical Support
NETGEAR, Inc. Technical Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, get support online, or for more information about the topics covered in this manual, visit the Support website at http://support.netgear.com .
Page 3: Table Of Contents
Contents Chapter 1 Getting Started Switch Management Interface ........8 Web Access.
Page 4 Web Management User Guide Chapter 3 Configuring Switching Information VLANs ........... .96 Basic .
Page 5 Web Management User Guide Auto VoIP Configuration ........207 Basic.
Page 6 Web Management User Guide Command Log Configuration ....... .324 Console Log Configuration ........324 SysLog Configuration .
Page 7 Web Management User Guide Virtual Local Area Networks (VLANs)......361 VLAN Example Configuration....... . 362 Access Control Lists (ACLs).
Page 8: Chapter 1 Getting Started
Getting Started This chapter provides an overview of starting your NETGEAR ProSafe® Managed Switches and accessing the user interface. This chapter contains the following sections: on page 8 • Switch Management Interface on page 8 • Web Access on page 9 •...
Page 9: Understanding The User Interfaces
Web Management User Guide Understanding the User Interfaces ProSafe® Managed Switches software includes a set of comprehensive management functions for configuring and monitoring the system by using one of the following methods: Web user interface • Simple Network Management Protocol (SNMP) •...
Page 10 Web Management User Guide Open a Web browser and enter the IP address of the switch in the Web browser address field. The default username is admin, default password is none (no password). Type the username into the field on the login screen and then click Login. Usernames and passwords are case sensitive.
Page 11: Configuration And Monitoring Options
Web Management User Guide Page Link Configuration Pages Configuration and Monitoring Options The area directly under the feature links and to the right of the page menu displays the configuration information or status for the page you select. On pages that contain configuration options, you can input information into fields or select options from drop-down menus.
Page 12: Device View
Web Management User Guide Device View The Device View is a Java applet that displays the ports on the switch. This graphic provides ® an alternate way to navigate to configuration and monitoring options. The graphic also provides information about device ports, current configuration and status, table information, and feature components.
Page 13 Web Management User Guide Help Page Access Every page contains a link to the online help , which contains information to assist in configuring and managing the switch. The online help pages are context sensitive. For example, if the IP Addressing page is open, the help topic for that page displays if you click Help.
Page 14: Using Snmp
Web Management User Guide User-Defined Fields User-defined fields can contain 1 to 159 characters, unless otherwise noted on the configuration Web page. All characters may be used except for the following (unless specifically noted in for that feature): < >| Using SNMP The ProSafe®...
Page 15 Web Management User Guide are numbered on the front panel. You configure the logical interfaces by using the software. describes the naming convention for all interfaces available on the switch. Table 2 Table 2. Naming Conventions for Interfaces Interface Description Example Physical The physical ports are gigabit...
Page 16: Management
Configuring System Information Use the features in the System tab to define the switch’s relationship to its environment. The System tab contains links to the following features: on page 16 • Management Device View (See on page 12) • Device View on page 42 •...
Page 17 Web Management User Guide To display the System Information page, click System   Management System Information. A screen similar to the following displays.
Page 18: Switch Status
Web Management User Guide The System Information provides various statuses: Switch Status To define system information: Open the System Information page. Define the following fields: a. System Name - Enter the name you want to use to identify this switch. You may use up to 255 alphanumeric characters.
Page 19: Fan Status
Web Management User Guide FAN Status The screen shows the status of the fans in all units. These fans remove the heat generated by the power, CPU and other chipsets, make chipsets work normally. Fan status has three possible values: OK, Failure, Not Applicable (NA). The following table describes the Fan Status information.
Page 20 Web Management User Guide Field Description Serial Number The serial number of this switch. Indicates the status of the RPS. The status has three possible values: • Not Present: RPS bank not connected • OK: RPS bank connected. • FAIL: RPS is present, but power is failed. Power Module Indicates the status of the internal power module.
Page 21: Switch Statistics
Web Management User Guide Switch Statistics Use this page to display the switch statistics. To display the Switch Statistics page, click System > Management > Switch Statistics. A screen similar to the following displays. The following table describes Switch Statistics information. Field Description ifIndex...
Page 22 Web Management User Guide Field Description Packets Received Without Errors The total number of packets (including broadcast packets and multicast packets) received by the processor. Unicast Packets Received The number of subnetwork-unicast packets delivered to a higher-layer protocol. Multicast Packets Received The total number of packets received that were directed to a multicast address.
Page 23 Web Management User Guide Field Description Maximum VLAN Entries The maximum number of Virtual LANs (VLANs) allowed on this switch. Most VLAN Entries Ever Used The largest number of VLANs that have been active on this switch since the last reboot. Static VLAN Entries The number of presently active VLAN entries on this switch that have been created statically.
Page 24: System Cpu Status
Web Management User Guide System CPU Status Use this page to display the system resources. To display the System Resource page, click System > Management > System CPU Status. A screen similar to the following displays. System CPU Status The following table describes CPU Memory Status information. Field Description Total System Memory...
Page 25 Web Management User Guide CPU Utilization Information This page displays the CPU Utilization information, which contains the memory information, task-related information and percentage of CPU utilization per task.
Page 26: Loopback Interface
Web Management User Guide Loopback Interface Use this page to create, configure, and remove Loopback interfaces. To display the Loopback Interface page, click System > Management > Loopback Interface. A screen similar to the following displays. Use the Loopback Interface Type field to select IPv4 or IPv6 loopback interface to configure the corresponding attributes.
Page 27: Network Interface
Web Management User Guide Network Interface From the Network Interface link, you can access the following pages: on page 27 • IPv4 Network Configuration on page 29 • IPv6 Network Interface Configuration on page 30 • IPv6 Network Interface Neighbor Table IPv4 Network Configuration To display the IPv4 Network Configuration page, click System >...
Page 28 Web Management User Guide Once you have established in-band connectivity, you can change the IP information using any of the following: Terminal interface via the EIA-232 port • Terminal interface via telnet • SNMP-based management • Web-based management • Use IP Address to specify the IP address of the interface. The factory default value is 169.254.100.100.
Page 29 Web Management User Guide IPv6 Network Interface Configuration To display the IPv6 Network Configuration page, click System > Management > Network Interface > IPv6 Network Interface Configuration. A screen similar to the following displays. The IPv6 network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports.
Page 30: Network Interface
Web Management User Guide Use Current Network Configuration Protocol to configure the IPv6 address for the IPv6 network interface by DHCPv6 protocol if this option is enabled. The default value is None. DHCPv6 can be enabled only when IPv6 Auto config or DHCPv6 are not enabled on any of the management interfaces.
Page 31: Time
Web Management User Guide Field Description Neighbor State The state of the neighboring switch: • reachable(1) - The neighbor is reachable by this switch. • stale(2) - Information about the neighbor is scheduled for deletion. • delay(3) - No information has been received from neighbor during delay period.
Page 32: Sntp Global Configuration
Web Management User Guide Polling for Unicast information is used for polling a server for which the IP address is known. SNTP servers that have been configured on the device are the only ones that are polled for synchronization information. T1 through T4 are used to determine server time. This is the preferred method for synchronizing device time because it is the most secure method.
Page 33 Web Management User Guide SNTP Global Configuration SNTP stands for Simple Network Time Protocol. As its name suggests, it is a less complicated version of Network Time Protocol, which is a system for synchronizing the clocks of networked computer systems, primarily when data transfer is handled via the Internet. Use Client Mode to specify the mode of operation of SNTP Client.
Page 34 Web Management User Guide Broadcast - SNTP operates in the same manner as multicast mode but uses a local • broadcast address instead of a multicast address. The broadcast address has a single subnet scope while a multicast address has Internet wide scope. Default value is Disable.
Page 35: Sntp Server Configuration
Web Management User Guide Field Description Last Attempt Status Specifies the status of the last SNTP request or unsolicited message for both unicast and broadcast modes. If no message has been received from a server, a status of Other is displayed. These values are appropriate for all operational modes.
Page 36 Web Management User Guide To display the SNTP Server Configuration page, click System    Management Time SNTP Server Configuration. To configure a new SNTP Server: Enter the appropriate SNTP server information in the available fields: Server Type - Specifies whether the address for the SNTP server is an IP address •...
Page 37 Web Management User Guide To change the settings for an existing SNTP server, select the check box next to the configured server and enter new values in the available fields, and then click APPLY. Configuration changes take effect immediately. Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 38: Dns
(for example, if default domain name is netgear.com and the user enters test, then test is changed to test.netgear.com to resolve the name). The length of the name should not be longer than 255 characters.
Page 39: Host Configuration
Web Management User Guide To remove a DNS server from the list, select the check box next to the server you want to remove and click DELETE. If no DNS server is specified, the check box is global and will delete all the DNS servers listed.
Page 40: Sdm Template Preference
Web Management User Guide Click ADD. The entry appears in the list below. To remove an entry from the static DNS table, select the check box next to the entry and click DELETE. To change the hostname or IP address in an entry, select the check box next to the entry and enter the new information in the appropriate field, and then click APPLY.
Page 41 Web Management User Guide The following table displays Summary information. Field Description SDM Current Template ID Displays the current active SDM Template. Possible values are: • Dual IPv4 and IPv6 • IPv4-routing Default • IPv4 Data Center SDM Template Identifies the Template. The possible values are: •...
Page 42: Services
Web Management User Guide Services From the Services link, you can access the following pages: on page 42 • DHCP Server on page 51 • DHCP Relay on page 52 • DHCP L2 Relay on page 55 • UDP Relay DHCP Server From the DHCP Server link, you can access the following pages: on page 42...
Page 43 Web Management User Guide Use Ping Packet Count to specify the number of packets a server sends to a Pool address to check for duplication as part of a ping operation. Default value is 2. Valid Range is (0, 2 to 10).
Page 44 Web Management User Guide DHCP Pool Configuration To display the DHCP Pool Configuration page, click System > Services > DHCP Server> DHCP Pool Configuration. A screen similar to the following displays. The following table describes the DHCP Pool Configuration fields.
Page 45 Web Management User Guide Field Description Pool Name* For a user with read/write permission, this field would show names of all the existing pools along with an additional option “Create”. When the user selects “Create” another text box “Pool Name” appears where the user may enter name for the Pool to be created.
Page 46 Web Management User Guide Field Description Host Prefix Length Specifies the subnet mask for a manual binding to a DHCP client. Either Host Mask or Prefix Length can be configured to specify the subnet mask but not both. Valid Range is (0 to 32) Lease Time Can be selected as “Infinite”...
Page 47 Web Management User Guide Use APPLY to change the Pool Configuration. Sends the updated configuration to the switch. Configuration changes take effect immediately. Use DELETE to delete the Pool. This field is not visible to a user with read only permission. DHCP Pool Options To display the DHCP Pool Options page, click System >...
Page 48: Dhcp Server Statistics
Web Management User Guide DHCP Server Statistics To display the DHCP Server Statistics page, click System > Services > DHCP Server> DHCP Server Statistics. A screen similar to the following displays. The following table describes the DHCP Server Statistics fields. Field Description Automatic Bindings...
Page 49 Web Management User Guide Field Description DHCPINFORM Specifies the number of DHCPINFORM messages received by the DHCP Server. DHCPOFFER Specifies the number of DHCPOFFER messages sent by the DHCP Server. DHCPACK Specifies the number of DHCPACK messages sent by the DHCP Server. DHCPNAK Specifies the number of DHCPNAK messages sent by the DHCP Server.
Page 50 Web Management User Guide DHCP Conflicts Information To display the DHCP Conflicts Information page, click System > Services > DHCP Server> DHCP Conflicts Information. A screen similar to the following displays. Choose: All Address Conflicts to specify all address conflicts to be deleted. •...
Page 51: Dhcp Relay
Web Management User Guide DHCP Relay To display the DHCP Relay page, click System > Services> DHCP Relay. A screen similar to the following displays. DHCP Relay Configuration Use Maximum Hop Count to enter the maximum number of hops a client request can take before being discarded.
Page 52: Dhcp L2 Relay
Web Management User Guide Field Description Requests Relayed The total number of DHCP requests forwarded to the server since the last time the switch was reset. Packets Discarded The total number of DHCP packets discarded by this Relay Agent since the last time the switch was reset. DHCP L2 Relay From the DHCP L2 Relay link, you can access the following pages: on page 52...
Page 53 Web Management User Guide DHCP L2 Relay VLAN Configuration VLAN ID shows the VLAN ID configured on the switch. Use Admin Mode to enable or disable the DHCP L2 Relay on the selected VLAN. Use Circuit ID Mode to enable or disable the Circuit ID suboption of DHCP Option-82. Use Remote ID String to specify the Remote ID when Remote ID mode is enabled.
Page 54 Web Management User Guide The following table describes the DHCP L2 Relay Interface Statistics fields. Field Description Interface Shows the interface from which the DHCP message is received. UntrustedServerMsgsWithOpt82 Shows the number of DHCP message with option82 received from an untrusted server. UntrustedClientMsgsWithOpt82 Shows the number of DHCP message with option82 received from an untrusted client.
Page 55: Udp Relay
Web Management User Guide UDP Relay From the UDP Relay link, you can access the following pages: on page 55 • UDP Relay Global Configuration on page 56 • UDP Relay Interface Configuration UDP Relay Global Configuration To display the UDP Relay Global Configuration page, click System > Services > UDP Relay> UDP Relay Global Configuration.
Page 56 Web Management User Guide time - Relay time service (UDP port 37) packets • Other - If this option is selected, the UDP Port Other Value is enabled. This option • permits a user to enter their own UDP port in UDP Port Other Value. Use UDP Port Other Value to specify a UDP Destination Port that lies between 0 and 65535.
Page 57: Poe
Web Management User Guide rip - Relay RIP (UDP port 520) packets • tacacs - Relay TACACS (UDP port 49) packet • tftp - Relay TFTP (UDP port 69) packets • time - Relay time service (UDP port 37) packets •...
Page 58 Web Management User Guide The Unit Selection field displays the current PoE unit. To change the PoE unit, select another unit from the drop down box. The following table describes the PoE Configuration non-configurable fields. Field Description Units Displays the Current PoE Unit. You can change the PoE Unit by selecting another unit ID listed here.
Page 59: Advanced
Web Management User Guide To set the System Usage Threshold, enter a number from 1 to 99. This sets the threshold level at which a trap is sent if consumed power is greater than the threshold power. The Power Management Mode describes or controls the power management algorithm used by the PSE to deliver power to the requesting PDs.
Page 60: Poe Port Configuration
Web Management User Guide Field Description Units Displays the Current PoE Unit. You can change the PoE Unit by selecting another unit ID listed here. Firmware Version Version of the PoE controller's FW image. Power Status Indicates the power status. Total Power (Main AC) Displays the total power provided by the main ac power source.
Page 61 Web Management User Guide Select the Admin Mode (Enable or Disable) to determine the ability of the port to deliver power. Port Priority is used to determine which ports can deliver power when the total power delivered by the system crosses a specific threshold. If the switch is not be able to supply power to all connected devices, priority is used to determine which ports can supply power.
Page 62 Web Management User Guide The Detection Type Describes a PD detection mechanism performed by the PSE port. pre-ieee - Only legacy detection is done. • ieee - 4 Point Resistive Detection is done. • auto - 4 Point Resistive Detection followed by Legacy Detection is done. •...
Page 63 Web Management User Guide Field Description Status The status is the operational status of the port PD detection. Disabled - indicates no power being • delivered. DeliveringPower - indicates power • is being drawn by device. Fault - indicates a problem with the •...
Page 64: Snmp
Web Management User Guide Enter the Port in slot/port format and click Go. The entry corresponding to the specified Port, will be selected. The following table describes the PoE PD Port Status non-configurable fields. Field Description Port The interface for which data is to be displayed. Mode The Mode is PD always.
Page 65: Community Configuration
Web Management User Guide Community Configuration By default, two SNMP Communities exist: Private, with Read/Write privileges and status set to Enable. • Public, with Read Only privileges and status set to Enable. • These are well-known communities. Use this page to change the defaults or to add other communities.
Page 66: Trap Configuration
Web Management User Guide Use Access Mode to specify the access level for this community by selecting Read/Write or Read Only from the pull-down menu. Use Status to specify the status of this community by selecting Enable or Disable from the pull-down menu.
Page 67 Web Management User Guide To delete a recipient, select the check box next to the recipient and click DELETE. Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 68: Trap Flags
Web Management User Guide Trap Flags Use the Trap Flags page to enable or disable traps. When the condition identified by an active trap is encountered by the switch, a trap message is sent to any enabled SNMP Trap Receivers, and a message is written to the trap log. To access the Trap Flags page, click System ...
Page 69: Supported Mibs
Web Management User Guide Supported MIBs This page displays all the MIBs supported by the switch. To access this page, click System    SNMP SNMP V1/V2 Supported MIBs.
Page 70: Snmp V3
Web Management User Guide The following table describes the SNMP Supported MIBs Status fields. Field Description Name The RFC number if applicable and the name of the MIB. Description The RFC title or MIB description. SNMP V3 This is the configuration for SNMP v3. From the SNMP V3 link, you can access the following pages: on page 70 •...
Page 71: Lldp
Web Management User Guide If you select MD5 or SHA, the user login password will be used as the SNMPv3 • authentication password, and you must therefore specify a password, and it must be eight characters long. Use Encryption Protocol to specify the SNMPv3 Encryption Protocol setting for the selected user account.
Page 72: Lldp
Web Management User Guide LLDP From the LLDP link, you can access the following pages: on page 72 • LLDP Global Configuration on page 73 • LLDP Interface Configuration on page 73 • LLDP Statistics on page 75 • LLDP Local Device Information on page 77 •...
Page 73: Lldp Interface Configuration
Web Management User Guide LLDP Interface Configuration To display this page, click System Interface Configuration. A screen similar to the   LLDP following displays. Use Port to specify the list of ports on which LLDP - 802.1AB can be configured. Link Status indicates whether the Link is up or down.
Page 74 Web Management User Guide The following table describes the LLDP Statistics fields. Field Description Last Update Specifies the time when an entry was created, modified or deleted in the tables associated with the remote system. Total Inserts Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point (MSAP) has been inserted into tables associated with the remote systems.
Page 75: Lldp Local Device Information
Web Management User Guide Field Description Total Age outs Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point (MSAP) has been deleted from tables associated with the remote systems because the information timeliness interval has expired.
Page 76 Web Management User Guide Use Interface to specify the list of all the ports on which LLDP - 802.1AB frames can be transmitted. The following table describes the LLDP Local Device Information fields. Field Description Chassis ID Subtype Specifies the string that describes the source of the chassis identifier.
Page 77 Web Management User Guide Field Description System Capabilities Enabled Specifies the system capabilities of the local system which are supported and enabled. Management Address Specifies the advertised management address of the local system. Management Address Type Specifies the type of the management address. LLDP Remote Device Information This page displays information on remote devices connected to the port.
Page 78: Lldp-Med
Web Management User Guide Field Description Time to Live Specifies the Time To Live value in seconds of the received remote entry. Management Address • Management Address - Specifies the advertised management address of the remote system. • Type - Specifies the type of the management address.
Page 79 Web Management User Guide on page 84 • LLDP-MED Remote Device Information on page 86 • LLDP-MED Remote Device Inventory LLDP-MED Global Configuration Use the LLDP-MED Global Configuration page to specify LLDP-MED parameters that are applied to the switch. To display this page, click System Global Configuration.
Page 80 Web Management User Guide Use Interface to specify the list of ports on which LLDP-MED - 802.1AB can be configured. Use MED Status to specify whether LLDP-MED mode is enabled or disabled on this interface. Use Notification Status to specify the LLDP-MED topology notification mode of the interface.
Page 81 Web Management User Guide Field Description Link Status Specifies the link status of the ports whether it is Up/Down. Operational Status Specifies the LLDP-MED TLVs are transmitted or not on this interface. LLDP-MED Local Device Information To display this page, click System Local Device Information.
Page 82 Web Management User Guide Use Interface to select the ports on which LLDP-MED frames can be transmitted. The following table describes the LLDP-MED Local Device Information fields.
Page 83 Web Management User Guide Field Description Network Policy Information: Specifies if network policy TLV is present in the LLDP frames. Media Application Type Specifies the application type. Types of application types are unknown, voicesignaling, guestvoice, guestvoicesignalling, softphonevoice, videoconferencing, streammingvideo, vidoesignalling. Each application type that is received has the VLAN id, priority, DSCP, tagged bit status and unknown bit status.
Page 84 Web Management User Guide LLDP-MED Remote Device Information To display this page, click System Remote Device Information. A    LLDP LLDP-MED screen similar to the following displays. Use Interface to select the ports on which LLDP-MED is enabled. The following table describes the LLDP-MED Remote Device Information fields.
Page 85 Web Management User Guide Field Description Capability Information: Specifies the supported and enabled capabilities that was received in MED TLV on this port. Supported Capabilities Specifies supported capabilities that was received in MED TLV on this port. Enabled Capabilities Specifies enabled capabilities that was received in MED TLV on this port.
Page 86 Web Management User Guide Field Description Inventory Information: Specifies if inventory TLV is received in LLDP frames on this port. Hardware Revision Specifies hardware version of the remote device. Firmware Revision Specifies Firmware version of the remote device. Software Revision Specifies Software version of the remote device.
Page 87: Isdp
Web Management User Guide The following table describes the LLDP-MED Remote Device Inventory fields. Field Definition Port Specifies the list of all the ports on which LLDP-MED is enabled. Management Address Specifies the advertised management address of the remote system. MAC Address Specifies the MAC Address associated with the remote system.
Page 88: Advanced
Web Management User Guide Use Admin Mode to specify whether the ISDP Service is to be Enabled or Disabled. The default value is Enabled. Use Timer to specify the period of time between sending new ISDP packets. The range is 5 to 254 seconds.
Page 89: Global Configuration
Web Management User Guide Global Configuration To display this page, click System Global Configuration. A screen    ISDP Advanced similar to the following displays. Use Admin Mode to specify whether the ISDP Service is to be Enabled or Disabled. The default value is Enabled.
Page 90: Interface Configuration
Web Management User Guide Interface Configuration To display this page, click System Interface Configuration. A screen    ISDP Advanced similar to the following displays. Use Port to select the port on which the admin mode is configured. Use Admin Mode to enable or disable ISDP on the port. The default value is enable. ISDP Neighbor To display this page, click System Neighbor.
Page 91: Isdp Statistics
Web Management User Guide The following table describes the ISDP Neighbor fields. Field Description Device ID The device ID of the ISDP neighbor. Interface The interface on which the neighbor is discovered. Address Displays the address of the neighbor. Capability Displays the capability of the neighbor.
Page 92 Web Management User Guide The following table describes the ISDP Statistics fields. Field Description ISDP Packets Received Displays the ISDP packets received including ISDPv1 and ISDPv2 packets. ISDP Packets Transmitted Displays the ISDP packets transmitted including ISDPv1 and ISDPv2 packets. ISDPv1 Packets Received Displays the ISDPv1 packets received.
Page 93: Timer Schedule
Web Management User Guide Timer Schedule From Timer Schedule link under the System tab, you can configure the Timer Schedule settings. From the Timer Schedule link, you can access the following pages: on page 93 • Timer Global Configuration on page 94 •...
Page 94: Timer Schedule Configuration
Web Management User Guide Click APPLY to send the updated configuration to the switch. The configuration changes take effect immediately. Timer Schedule Configuration Use the Timer Schedule Configuration page to configure the Timer Schedule Configuration settings. To display the Timer Schedule Configuration page, click System > Services > Timer Schedule >...
Page 95 Web Management User Guide Daily Mode - Every WeekDay selection means that the schedule will be triggered • every day from Monday to Friday. Every Day(s) selection means that the schedule will be triggered every defined number of days. If number of days is not specified, then the schedule will be triggered every day.
Page 96: Vlans
Configuring Switching Information Use the features in the Switching tab to define Layer 2 features. The Switching tab contains links to the following features: on page 96 • VLANs on page 112 • Spanning Tree Protocol on page 127 • Multicast on page 147 •...
Page 97: Basic
Web Management User Guide Basic From the Basic link, you can access the following pages: on page 97 • VLAN Configuration VLAN Configuration Use the VLAN Configuration page to define VLAN groups stored in the VLAN membership table. Each switch in the ProSafe® Managed Switches family supports up to 1024 VLANs. Only one VLAN is created by default, VLAN 1 is the only one created: VLAN 1 is the default VLAN of which all ports are members.
Page 98 Web Management User Guide Internal VLAN Configuration This section displays the allocation base and the allocation mode of internal VLAN. The internal VLAN is reserved by port-based routing interface and invisible to the end user. Once these internal VLANs are allocated by port-based routing interface, they are cannot be assigned to a routing VLAN interface.
Page 99: Advanced
Web Management User Guide Advanced From the Advanced link, you can access the following pages: on page 97 • VLAN Configuration on page 100 • VLAN Membership on page 101 • VLAN Status on page 103 • Port PVID Configuration on page 104 •...
Page 100: Vlan Membership
Web Management User Guide All ports are configured to an Acceptable Frame Types value of Admit All Frames. • All ports are configured with Ingress Filtering disabled. • All ports are configured to transmit only untagged frames. • GVRP is disabled on all ports and all dynamic entries are cleared. •...
Page 101: Vlan Status
Web Management User Guide T(Tagged) - Select the ports on which all frames transmitted for this VLAN will be • tagged. The ports that are selected will be included in the VLAN. U(Untagged) - Select the ports on which all frames transmitted for this VLAN will be •...
Page 102 Web Management User Guide Field Definition VLAN Type The VLAN type: • Default (VLAN ID = 1) -- always present • Static -- a VLAN you have configured • Dynamic -- a VLAN created by GVRP registration that you have not converted to static, and that GVRP may therefore remove Routing Interface The interface associated with the VLAN, in the case...
Page 103: Port Pvid Configuration
Web Management User Guide Port PVID Configuration The Port PVID Configuration screen lets you assign a port VLAN ID (PVID) to an interface. There are certain requirements for a PVID: All ports must have a defined PVID. • If no other value is specified, the default VLAN PVID is used. •...
Page 104: Mac Based Vlan
Web Management User Guide Use Acceptable Frame Types to specify the types of frames that may be received on this port. The options are 'VLAN only' and 'Admit All': When set to 'VLAN only', untagged frames or priority tagged frames received on this •...
Page 105: Protocol Based Vlan Group Configuration
Web Management User Guide MAC Address - Valid MAC Address which is to be bound to a VLAN ID. This field is configurable only when a MAC Based VLAN is created. Use VLAN ID to specify a VLAN ID in the range of 1 to 4093. Click ADD to add an entry of MAC Address to VLAN mapping.
Page 106: Protocol Based Vlan Group Membership
Web Management User Guide Use VLAN ID to select the VLAN ID. It can be any number in the range of 1 to 4093. All the ports in the group will assign this VLAN ID to untagged packets received for the protocols you included in this group.
Page 107: Ip Subnet Based Vlan
Web Management User Guide IP Subnet Based VLAN IP Subnet to VLAN mapping is defined by configuring an entry in the IP Subnet to VLAN table. An entry is specified via a source IP address, network mask, and the desired VLAN ID. The IP Subnet to VLAN configurations are shared across all ports of the device.
Page 108: Port Dvlan Configuration
Web Management User Guide Port DVLAN Configuration To display the Port DVLAN Configuration page, click Switching    VLAN Advanced Port DVLAN Configuration. Use Interface to select the physical interface for which you want to display or configure data. Select 'All' to set the parameters for all ports to same values. Use Admin Mode to specify the administrative mode via which Double VLAN Tagging can be enabled or disabled.
Page 109 Web Management User Guide To display the Voice VLAN Configuration page, click Switching    VLAN Advanced Voice VLAN Configuration. Use Admin Mode to select the administrative mode for Voice VLAN for the switch. The default is disable. Use Interface to select the physical interface for which you want to configure data. Use Interface Mode to select the Voice VLAN mode for selected interface: Disable - Default value •...
Page 110: Garp Switch Configuration
Web Management User Guide Field Description Operational State This is the operational status of the voice vlan on the given interface. GARP Switch Configuration It can take up to 10 seconds for GARP configuration changes to Note: take effect. To display the GARP Switch Configuration page, click Switching ...
Page 111 Web Management User Guide Use Interface to select the physical interface for which data is to be displayed or configured. Use Port GVRP Mode to choose the GARP VLAN Registration Protocol administrative mode for the port by selecting enable or disable from the dropdown list. If you select disable, the protocol will not be active and the Join Time, Leave Time and Leave All Time will have no effect.
Page 112: Spanning Tree Protocol
Web Management User Guide The factory default is 60 centiseconds (0.6 seconds). An instance of this timer exists for each GARP participant for each port. Use Leave All Time (centiseconds) to control how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration.
Page 113: Stp Configuration
Web Management User Guide on page 113 • STP Configuration STP Configuration The Spanning Tree Configuration/Status page contains fields for enabling STP on the switch. To display the Spanning Tree Configuration/Status page, click Switching > STP > Basic  STP Configuration. Use Spanning Tree Admin Mode to specify whether spanning tree operation is enabled on the switch.
Page 114 Web Management User Guide Use BPDU Filter to specify whether the BPDU Filter feature is enabled. STP BPDU filtering applies to all operational edge ports. Edge Port in an operational state is supposed to be connected to hosts that typically drop BPDUs. If an operational edge port receives a BPDU, it immediately loses its operational status.
Page 115: Advanced
Web Management User Guide Advanced From the Advanced link, you can access the following pages: on page 115 • STP Configuration on page 117 • CST Configuration on page 119 • CST Port Configuration on page 121 • CST Port Status on page 122 •...
Page 116 Web Management User Guide Use Configuration Revision Level to specify the identifier used to identify the configuration currently being used. The values allowed are between 0 and 65535. The default value is 0. Use Forward BPDU while STP Disabled to specify whether spanning tree BPDUs should be forwarded while spanning-tree is disabled on the switch.
Page 117: Cst Configuration
Web Management User Guide CST Configuration Use the Spanning Tree CST Configuration page to configure Common Spanning Tree (CST) and Internal Spanning Tree on the switch. To display the Spanning Tree CST Configuration page, click Switching > STP > Advanced ...
Page 118 Web Management User Guide attempted to be set to any value between 0 and 4095, it will be set to 0. The default priority is 32768. Bridge Max Age (secs) - Specifies the bridge maximum age time for the Common •...
Page 119: Cst Port Configuration
Web Management User Guide Field Description Hold Time(secs) Minimum time between transmission of Configuration BPDUs. CST Regional Root Priority and base MAC address of the CST Regional Root. CST Path Cost Path Cost to the CST tree Regional Root. CST Port Configuration Use the Spanning Tree CST Port Configuration page to configure Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch.
Page 120 Web Management User Guide Use Auto Edge to configure the auto edge mode of a port, which allows the port to become an edge port if it does not see BPDUs for some duration. The possible values are Enable or Disable.
Page 121: Cst Port Status
Web Management User Guide CST Port Status Use the Spanning Tree CST Port Status page to display Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To display the Spanning Tree CST Port Status page, click Switching > STP > Advanced ...
Page 122: Mst Configuration
Web Management User Guide Field Description Designated Port Port Identifier on the Designated Bridge that offers the lowest cost to the LAN. It is made up from the port priority and the interface number of the port. Topology Change Acknowledge Identifies whether the next BPDU to be transmitted for this port would have the topology change acknowledgement flag set.
Page 123 Web Management User Guide attempted to be set to any value between 0 and 4095, it will be set to 0. The default priority is 32768.The valid range is 0–61440. VLAN ID - This gives a combo box of each VLAN on the switch. These can be •...
Page 124: Mst Port Status
Web Management User Guide MST Port Status Use the Spanning Tree MST Port Status page to configure and display Multiple Spanning Tree (MST) settings on a specific port on the switch. To display the Spanning Tree MST Port Status page, click Switching ...
Page 125 Web Management User Guide Field Description Port Mode Spanning Tree Protocol Administrative Mode associated with the port or port channel. The possible values are Enable or Disable. Port Forwarding State The Forwarding State of this port. Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree.
Page 126: Stp Statistics
Web Management User Guide STP Statistics Use the Spanning Tree Statistics page to view information about the number and type of bridge protocol data units (BPDUs) transmitted and received on each port. To display the Spanning Tree Statistics page, click Switching ...
Page 127: Multicast
Web Management User Guide Field Description MSTP BPDUs Received Number of MSTP BPDUs received at the selected port. MSTP BPDUs Transmitted Number of MSTP BPDUs transmitted from the selected port. Multicast Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255.
Page 128: Mfdb Table
Web Management User Guide MFDB Table The Multicast Forwarding Database holds the port membership information for all active multicast address entries. The key for an entry consists of a VLAN ID and MAC address pair. Entries may contain data for more than one protocol. To display the MFDB Table page, click Switching >...
Page 129: Igmp Snooping
Web Management User Guide MFDB Statistics To display the MFDB Statistics page, click Switching > Multicast > MFDB  MFDB Statistics. Field Description Max MFDB Table Entries The maximum number of entries that the Multicast Forwarding Database table can hold. Most MFDB Entries Since Last Reset The largest number of entries that have been present in the Multicast Forwarding Database table since last...
Page 130: Igmp Snooping Configuration
Web Management User Guide problem of wasting bandwidth is even worse when the LAN segment is not shared, for example in full-duplex links. Allowing switches to snoop IGMP packets is a creative effort to solve this problem. The switch uses the information in the IGMP packets as they are being forwarded throughout the network to determine which segments should receive packets directed to the group address.
Page 131 Web Management User Guide Use the Unknown Multicast Filtering Enable/Disable radio button to select the unknown multicast filtering mode for the switch. The default is disable. The following table displays information about the global IGMP snooping status and statistics on the page. Field Description Multicast Control Frame Count...
Page 132: Igmp Snooping Interface Configuration
Web Management User Guide IGMP Snooping Interface Configuration Use the IGMP Snooping Interface Configuration page to configure IGMP snooping settings on specific interfaces. To access the IGMP Snooping Interface Configuration page, click Switching   Multicast  IGMP Snooping Interface Configuration. To configure IGMP Snooping interface settings: Interface: Lists all physical, VLAN, and LAG interfaces.
Page 133: Igmp Vlan Configuration
Web Management User Guide Use Present Expiration Time to specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached. Enter a value between 0 and 3600 seconds. The default is 0 seconds. A value of zero indicates an infinite time-out, i.e.
Page 134 Web Management User Guide To disable IGMP snooping on a VLAN and remove it from the list, select the check box next to the VLAN ID and click DELETE. To modify IGMP snooping settings for a VLAN, select the check box next to the VLAN ID, update the desired values, and click APPLY.
Page 135: Multicast Router Configuration
Web Management User Guide Multicast Router Configuration This page configures the interface as the one the multicast router is attached to. All IGMP packets snooped by the switch will be forwarded to the multicast router reachable from this interface. The configuration is not needed most of the time since the switch will automatically detect the presence of multicast router and forward IGMP packet accordingly.
Page 136: Igmp Snooping Querier
Web Management User Guide Use Interface to select the interface for which you want Multicast Router to be enabled or to be displayed. Use VLAN ID to select the VLAN ID for which the Multicast Router Mode is to be Enabled or Disabled.
Page 137 Web Management User Guide IGMP Snooping Querier Configuration Use this menu to configure the parameters for IGMP Snooping Querier. Note that only a user with Read/Write access privileges may change the data on this screen. To access this page, click Switching ...
Page 138 Web Management User Guide IGMP Snooping Querier VLAN Configuration Use this page to configure IGMP queriers for use with VLANs on the network. To access this page, click Switching    Multicast IGMP Snooping Querier VLAN Configuration. To configure Querier VLAN settings: To create a new VLAN ID for IGMP Snooping, select New Entry from the VLAN ID field and complete the following fields.
Page 139 Web Management User Guide Field Description Operational State Displays the operational state of the IGMP Snooping Querier on a VLAN. It can be in any of the following states: • Querier: Snooping switch is the Querier in the VLAN. The Snooping switch will send out periodic queries with a time interval equal to the configured querier query interval.
Page 140: Mld Snooping
Web Management User Guide MLD Snooping From the MLD Snooping link, you can access the following pages: on page 140 • MLD Snooping Configuration on page 141 • MLD Snooping Interface Configuration on page 142 • MLD VLAN Configuration on page 142 •...
Page 141: Mld Snooping Interface Configuration
Web Management User Guide MLD Snooping Interface Configuration To access the MLD Snooping Interface Configuration page, click Switching   Multicast  MLD Snooping Interface Configuration. Interface - Displays all physical, VLAN, and LAG interfaces. Select the interface you want to configure. Use Admin Mode to select the interface mode for the selected interface for MLD Snooping for the switch.
Page 142: Mld Vlan Configuration
Web Management User Guide Use Present Expiration Time to specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached. Enter a value between 0 and 3600 seconds. The default is 0 seconds. A value of zero indicates an infinite time-out, i.e.
Page 143 Web Management User Guide Interface: Select the interface for which you want Multicast Router to be enabled. Use Multicast Router to enable or disable Multicast Router on the selected interface. Multicast Router VLAN Configuration To access the Multicast Router VLAN Configuration page, click Switching ...
Page 144: Mld Snooping Querier Configuration
Web Management User Guide Use Multicast Router to enable or disable the multicast router for the Vlan ID. MLD Snooping Querier Configuration Use this menu to configure the parameters for MLD Snooping Querier. Note that only a user with Read/Write access privileges may change the data on this screen. To access the MLD Snooping Querier Configuration page, click Switching...
Page 145 Web Management User Guide VLAN ID - Specifies the VLAN ID on which MLD Snooping Querier is administratively enabled and VLAN exists in the VLAN database. Use Querier Election Participate Mode to enable or disable the MLD Snooping Querier participate in election mode. When this mode is disabled, up on seeing other querier of same version in the vlan, the snooping querier move to non querier state.
Page 146 Web Management User Guide Field Description Last Querier Version Displays the MLD protocol version of the last querier from which a query was snooped on the VLAN. Operational Max Response Time Displays maximum response time to be used in the queries that are sent by the Snooping Querier.
Page 147: Mvr Configuration
Web Management User Guide MVR Configuration From the MVR Configuration link under the Switching tab, you can configure the MVR settings. From the MVR Configuration link, you can access the following pages: on page 147 • Basic on page 148 •...
Page 148: Advanced
Web Management User Guide processing. When an IGMP query is sent from a receiver port, the switch waits for the default or configured MVR querytime for an IGMP group membership report before removing the port from the multicast group membership. The value is equal to the tenths of second.
Page 149: Mvr Interface Configuration
Web Management User Guide MVR Interface Configuration To display the MVR Interface Configuration page, click Switching > MVR > Advanced > MVR Interface Configuration. A screen similar to the following displays. Use Interface to specify the interface you want to configure. Use Admin Mode to Enable or Disable MVR on a port.
Page 150 Web Management User Guide MVR Group Membership To display the MVR Configuration page, click Switching > MVR > Advanced > MVR Group Membership. A screen similar to the following displays. Use the Group IP to specify the IP multicast address of the MVR group for which you want to display or configure data.
Page 151 Web Management User Guide Field Definition IGMP Query Received Displays the number of received IGMP Queries. IGMP Report V1 Received Displays the number of received IGMP Reports V1. IGMP Report V2 Received Displays the number of received IGMP Reports V2. IGMP Leave Received Displays the number of received IGMP Leaves.
Page 152: Address Table
Web Management User Guide Address Table From the Address Table link, you can access the following pages: on page 152 • Basic on page 154 • Advanced Basic From the Basic link, you can access the following pages: on page 152 •...
Page 153 Web Management User Guide Searched by VLAN ID - Select VLAN ID from pull-down menu, enter the VLAN ID, for • example 100. Then click on the “Go” button. If the address exists, the entry will be displayed as the first entry followed by the remaining (greater) mac addresses. Searched by Port - Select Port from pull-down menu, enter the port ID in •...
Page 154: Advanced
Web Management User Guide Advanced From the Advanced link, you can access the following pages: on page 154 • Dynamic Addresses on page 155 • Address Table on page 157 • Static MAC Address Dynamic Addresses This page allows the user to set the Address Aging Interval for the specified forwarding database.
Page 155 Web Management User Guide Address Table This table contains information about unicast entries for which the switch has forwarding and/or filtering information. This information is used by the transparent bridging function in determining how to propagate a received frame. To display the Address Table page, click Switching > Address Table> Advanced ...
Page 156 Web Management User Guide Field Description Total MAC Address Displaying the number of total MAC addresses learned or configured. MAC Address A unicast MAC address for which the switch has forwarding and/or filtering information. The format is a 6 byte MAC Address that is separated by colons, for example 01:23:45:67:89:AB.
Page 157 Web Management User Guide Static MAC Address To display the Static MAC Address page, click Switching > Address Table> Advanced  Static MAC Address. Use Interface to select the physical interface/LAGs for which you want to display data. Use the Static MAC Address to input the MAC address to be deleted. Select the VLAN ID associated with the MAC address.
Page 158: Ports
Web Management User Guide Ports The pages on the Ports tab allow you to view and monitor the physical port information for the ports available on the switch. From the Ports link, you can access the following pages: on page 158 •...
Page 159 Web Management User Guide selection will determine the port's duplex mode and transmission rate. The factory default is auto. Use the Link Trap object to determine whether to send a trap when link status changes. The factory default is enabled. Use Maximum Frame Size to specify the maximum Ethernet frame size the interface supports or is configured, including ethernet header, CRC, and payload (1518 to 9216).
Page 160: Port Description
Web Management User Guide Port Description This screen configures and displays the description for all ports in the box. To access the Port Description page, click Switching   Ports Port Description. Use Port Description to enter the description string to be attached to a port. It can be up to 64 characters in length.
Page 161: Link Aggregation Groups
Web Management User Guide Link Aggregation Groups Link aggregation groups (LAGs), which are also known as port-channels, allow you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing.
Page 162: Lag Configuration
Web Management User Guide LAG Configuration Use the LAG (Port Channel) Configuration page to group one or more full-duplex Ethernet links to be aggregated together to form a link aggregation group, which is also known as a port-channel. The switch treats the LAG as if it were a single link. To access the LAG Configuration page, click Switching...
Page 163: Lag Membership
Web Management User Guide For L2 packets, source and destination MAC address are used for hash • computation. For L3 packets, source IP, destination IP address, TCP/UDP ports are used. • Use Link Trap to specify whether you want to have a trap sent when link status changes. The factory default is enable, which will cause the trap to be sent.
Page 164 Web Management User Guide Use LAG ID to select the identification of the LAG. Use LAG Name to enter the name you want assigned to the LAG. You may enter any string of up to 15 alphanumeric characters. A valid name has to be specified in order to create the LAG.
Page 165 Web Management User Guide Src IP and Src TCP/UDP Port fields - Source IP and Source TCP/UDP fields of the • packet. Dest IP and Dest TCP/UDP Port fields - Destination IP and Destination TCP/UDP Port • fields of the packet. Src/Dest IP and TCP/UDP Port fields - Source/Destination IP and source/destination •...
Page 166: Chapter 4 Routing
Routing The Routing tab contains links to the following features: on page 166 • Routing Table on page 171 • on page 186 • VLAN on page 189 • on page 193 • Router Discovery Routing Table The Routing Table collects routes from multiple sources: static routes, RIP routes, OSPF routes, and local routes.
Page 167: Basic
Web Management User Guide Basic From the Basic link, you can access the following pages: on page 167 • Route Configuration Route Configuration To display the Route Configuration page, click Routing    Routing Table Basic Route Configuration. Route Configuration Use the Route Type field to specify default or static.
Page 168 Web Management User Guide Learned Routes Field Description Route Type This field can be either default or static. If creating a default route, all that needs to be specified is the next hop IP address, otherwise each field needs to be specified.
Page 169: Advanced
Web Management User Guide Advanced From the Advanced link, you can access the following pages: on page 169 • Route Configuration on page 171 • Route Preferences Route Configuration To display the Route Configuration page, click Routing    Routing Table Advanced Route...
Page 170 Web Management User Guide Learned Routes Field Description Route Type This field can be either default or static. If creating a default route, all that needs to be specified is the next hop IP address, otherwise each field needs to be specified.
Page 171: Basic
Web Management User Guide Route Preferences Use this panel to configure the default preference for each protocol, e.g., 60 for static routes, 120 for RIP. These values are arbitrary values in the range of 1 to 255 and are independent of route metrics.
Page 172 Web Management User Guide To display the IP Configuration page, click Routing    Basic IP Configuration. Use Routing Mode to select enable or disable. You must enable routing for the switch before you can route through any of the interfaces. The default value is disable. Use ICMP Echo Replies to select enable or disable.
Page 173 Web Management User Guide Statistics The statistics reported on this screen are as specified in RFC 1213. To display the Statistics page, click Routing    Basic Statistics.
Page 174 Web Management User Guide Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error. IpInHdrErrors The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, etc.
Page 175 Web Management User Guide Field Description IpOutDiscards The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination, but which were discarded (e.g., for lack of buffer space). Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this (discretionary) discard criterion.
Page 176 Web Management User Guide Field Description IcmpInErrors The number of ICMP messages which the entity received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.). IcmpInDestUnreachs The number of ICMP Destination Unreachable messages received. IcmpInTimeExcds The number of ICMP Time Exceeded messages received.
Page 177 Web Management User Guide Field Description IcmpOutSrcQuenchs The number of ICMP Source Quench messages sent. IcmpOutRedirects The number of ICMP Redirect messages sent. For a host, this object will always be zero, since hosts do not send redirects. IcmpOutEchos The number of ICMP Echo (request) messages sent. IcmpOutEchoReps The number of ICMP Echo Reply messages sent.
Page 178: Advanced
Web Management User Guide Advanced From the Advanced link, you can access the following pages: on page 178 • IP Configuration on page 179 • IP Statistics on page 183 • IP Interface Configuration on page 186 • Secondary IP Address IP Configuration Use this menu to configure routing parameters for the switch as opposed to an interface.
Page 179 Web Management User Guide Field Description Default Time to Live The default value inserted into the Time-To-Live field of the IP header of datagrams originated by the switch, if a TTL value is not supplied by the transport layer protocol. Maximum Next Hops The maximum number of hops supported by the switch.
Page 180 Web Management User Guide Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error. IpInHdrErrors The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, etc.
Page 181 Web Management User Guide Field Description IpOutDiscards The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination, but which were discarded (e.g., for lack of buffer space). Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this (discretionary) discard criterion.
Page 182 Web Management User Guide Field Description IcmpInErrors The number of ICMP messages which the entity received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.). IcmpInDestUnreachs The number of ICMP Destination Unreachable messages received. IcmpInTimeExcds The number of ICMP Time Exceeded messages received.
Page 183: Ip Interface Configuration
Web Management User Guide Field Description IcmpOutSrcQuenchs The number of ICMP Source Quench messages sent. IcmpOutRedirects The number of ICMP Redirect messages sent. For a host, this object will always be zero, since hosts do not send redirects. IcmpOutEchos The number of ICMP Echo (request) messages sent. IcmpOutEchoReps The number of ICMP Echo Reply messages sent.
Page 184 Web Management User Guide Use Go To Interface to enter the Interface in unit/slot/port format and click Go. The entry corresponding to the specified interface is selected. Use Port to select the interface for which data is to be displayed or configured. Use Description to enter the description for the interface.
Page 185 Web Management User Guide Use Proxy Arp to disable or enable proxy Arp for the specified interface from the pull-down menu. Use Local Proxy Arp to disable or enable Local Proxy ARP for the specified interface from the pull-down menu. Use Bandwidth to specify the configured bandwidth on this interface.
Page 186: Vlan
Web Management User Guide Secondary IP Address To display the Secondary IP Address page, click Routing    Advanced Secondary IP. Use Interface to select the interface for which data is to be displayed or configured. Use Secondary IP Address to add a secondary IP address to the selected interface. Use Secondary IP Subnet Mask to enter the subnet mask for the interface.
Page 187: Vlan Routing Wizard
VLAN spans multiple physical networks, or when additional segmentation or security is required. This section shows how to configure the NETGEAR switch to support VLAN routing. A port can be either a VLAN port or a router port, but not both. However, a VLAN port may be part of a VLAN that is itself a router port.
Page 188: Vlan Routing Configuration
Web Management User Guide U(Untagged) - Select the ports on which all frames transmitted for this VLAN will be • untagged. The ports that are selected will be included in the VLAN. BLANK(Autodetect) - Select the ports that may be dynamically registered in this •...
Page 189: Arp
Web Management User Guide The ARP protocol associates a layer 2 MAC address with a layer 3 IPv4 address. ProSafe® Managed Switches software features both dynamic and manual ARP configuration. With manual ARP configuration, you can statically add entries into the ARP table. ARP is a necessary part of the internet protocol (IP) and is used to translate an IP address to a media (MAC) address, defined by a local area network (LAN) such as Ethernet.
Page 190: Advanced
Web Management User Guide ARP Cache Use this screen to show ARP entries in the ARP Cache. To display the ARP Cache page, click Routing    Basic ARP Cache. Use Port to select the associated Unit/Slot/Port of the connection IP Address displays the IP address.
Page 191 Web Management User Guide ARP Static Configuration Use this screen to add an entry to the Address Resolution Protocol table. Use IP Address to enter the IP address you want to add. It must be the IP address of a device on a subnet attached to one of the switch's existing routing interfaces.
Page 192: Arp Table Configuration
Web Management User Guide ARP Table Configuration You can use this screen to change the configuration parameters for the Address Resolution Protocol Table. You can also use this screen to display the contents of the table. To display the ARP Table Configuration page, click Routing ...
Page 193: Router Discovery
Web Management User Guide Specific Static Entry - Selecting this allows the user to specify the required IP • Address. None - Selected if the user does not want to delete any entry from the ARP Table. • Use Remove IP Address to enter the IP Address against the entry that is to be removed from the ARP Table.
Page 194 Web Management User Guide Use Advertise Address to enter an integer that specifies the maximum number of times an ARP request will be retried. The range for this field is 0 to 10. The default value for Retries is Use Cache Size to enter the IP Address to be used to advertise the router. Use Maximum Advertise Interval to enter the maximum time (in seconds) allowed between router advertisements sent from the interface.
Page 195 Web Management User Guide...
Page 196: Chapter 5 Configuring Quality Of Service
Configuring Quality of Service Use the features in the QoS tab to configure Quality of Service (QoS) settings on the switch. The QoS tab contains links to the following features: on page 197 • Class of Service on page 204 •...
Page 197: Class Of Service
Web Management User Guide Class of Service The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required. The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table.
Page 198 Web Management User Guide ingress of an untrusted port are directed to a specific CoS queue on the appropriate egress port(s), in accordance with the configured default priority of the ingress port. This process is also used for cases where a trusted port mapping is unable to be honored, such as when a non-IP packet arrives at a port configured to trust the IP DSCP value.
Page 199: Advanced
Web Management User Guide Advanced From the Advanced link, you can access the following pages: on page 199 • CoS Configuration on page 200 (Advanced) • 802.1p to Queue Mapping on page 201 (Advanced • IP DSCP to Queue Mapping on page 202 (Advanced) •...
Page 200: P To Queue Mapping
Web Management User Guide 802.1p to Queue Mapping The 802.1p to Queue Mapping page also displays the Current 802.1p Priority Mapping table. To display the 801.p to Queue Mapping page, click QoS    Advanced 802.1p to Queue Mapping. To map 802.1p priorities to queues: Use Interface to specify CoS configuration settings based per-interface or specify all CoS configurable interfaces.
Page 201 Web Management User Guide IP DSCP to Queue Mapping Use the IP DSCP to Queue Mapping page to specify which internal traffic class to map the corresponding DSCP value. To display the IP DSCP Queue Mapping page, click QoS  ...
Page 202: Cos Interface Configuration
Web Management User Guide CoS Interface Configuration Use the CoS Interface Configuration page to apply an interface shaping rate to all interfaces or to a specific interface. To display the CoS Interface Configuration page, click QoS  CoS> Advanced > CoS Interface Configuration.
Page 203: Interface Queue Configuration
Web Management User Guide Click APPLY to send the updated configuration to the switch. Configuration changes take effect immediately. Interface Queue Configuration Use the Interface Queue Configuration page to define what a particular queue does by configuring switch egress queues. User-configurable parameters control the amount of bandwidth used by the queue, the queue depth during times of congestion, and the scheduling of packet transmission from the set of all queues on a port.
Page 204: Differentiated Services
Web Management User Guide Use Minimum Bandwidth to specify the minimum guaranteed bandwidth allotted to • this queue. Setting this value higher than its corresponding Maximum Bandwidth automatically increases the maximum to the same value. Default value is 0. Valid Range is 0 to 100 in increments of 1.
Page 205: Diffserv Wizard
Web Management User Guide occurs. A policy can contain multiples classes. When the policy is active, the actions taken depend on which class matches the packet. Packet processing begins by testing the class match criteria for a packet. A policy is applied to a packet when a class match within that policy is found.
Page 206 Web Management User Guide Use Traffic Type to define the DiffServ Class. Traffic type options: VOIP, HTTP, FTP, Telnet, and Every. Ports displays the ports which can be configured to support a DiffServ policy. The DiffServ policy will be added to selected ports. Use Enable Policing to add policing to the DiffServ Policy.
Page 207: Auto Voip Configuration
Web Management User Guide Auto VoIP Configuration To display the Auto VoIP Configuration page, click QoS   DiffServ Auto VoIP. Interface - Specifies the Auto VoIP configurable interfaces. Use Auto VoIP Mode to enable or disable the Auto VoIP mode. Auto VoIP Mode can only be one of the following: Enable •...
Page 208: Diffserv Configuration
Web Management User Guide DiffServ Configuration Packets are filtered and processed based on defined criteria. The filtering criteria is defined by a class. The processing is defined by a policy's attributes. Policy attributes may be defined on a per-class instance basis, and it is these attributes that are applied when a match occurs. The configuration process begins with defining one or more match criteria for a class.
Page 209: Advanced
Web Management User Guide Field Description Policy table Displays the number of configured policies out of the total allowed on the switch. Policy Instance table Displays the number of configured policy class instances out of the total allowed on the switch. Policy Attributes table Displays the number of configured policy attributes (attached to the policy class instances) out of the...
Page 210 Web Management User Guide To configure the global DiffServ mode: Select the administrative mode for DiffServ: Enable. Differentiated Services are active. • Disable. The DiffServ configuration is retained and can be changed, but it is not • active. Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 211: Class Configuration
Web Management User Guide Field Description Displays the number of configured policy attributes Policy Attributes table (attached to the policy class instances) out of the total allowed on the switch. Displays the number of configured services Service table (attached to the policies on specified interfaces) out of the total allowed on the switch.
Page 212 Web Management User Guide To configure the class match criteria: Click the class name for an existing class. The class name is a hyperlink. The following figure shows the configuration fields for the class.
Page 213 Web Management User Guide Class Name - Displays the name for the configured DiffServ class. Class Type - Displays the DiffServ class type. Options: • Only when a new class is created, this field is a selector field. After class creation this becomes a non-configurable field displaying the configured class type.
Page 214: Ipv6 Class Configuration
Web Management User Guide Precedence Value -This lists the keywords for the IP Precedence value in the range 0 • to 7. IP ToS - Configure the IP ToS field: • ToS Bits - This is the Type of Service octet value in the range 00 to ff to compare •...
Page 215 Web Management User Guide To configure the class match criteria: Click the class name for an existing class. The class name is a hyperlink. The following figure shows the configuration fields for the class. Class Name - Displays the name for the configured DiffServ class. Class Type - Displays the DiffServ class type.
Page 216: Policy Configuration
Web Management User Guide Match Every - This adds to the specified class definition a match condition whereby • all packets are considered to belong to the class. Reference Class - This lists the class(es) that can be assigned as reference class(es) •...
Page 217 Web Management User Guide Use Policy Name to uniquely identify a policy using a case-sensitive alphanumeric string from 1 to 31 characters. Member Class - This lists all existing DiffServ classes currently defined as members of the specified Policy, from which one can be selected. This list is automatically updated as a new class is added to or removed from the policy.
Page 218 Web Management User Guide Select the queue to which packets will of this policy-class will be assigned. This is an integer value in the range 0 to 7. Configure the policy attributes: Drop - Select the drop radio button. This flag indicates that the policy attribute is •...
Page 219 Web Management User Guide match criterion for one of the following fields (provided the field does not conflict with the classifier of the policy instance itself): • • IP DSCP • IP Precedence Committed Rate - This value is specified in the range 1 to 4294967295 •...
Page 220 Web Management User Guide Service Interface Configuration Use the Service Interface Configuration page to activate a policy on an interface. To display the page, click QoS    DiffServ Advanced Service Interface Configuration. To configure DiffServ policy settings on an interface: Use Interface to select the interface on which you will configure the DiffServer service.
Page 221 Web Management User Guide the specified interface and direction and hence the attached policy (if any). Highlighting a member class name displays the statistical information for the policy-class instance for the specified interface and direction. To display the Service Statistics page, click QoS DiffServ >...
Page 222 Web Management User Guide Field Description Discarded Packets/Octets A count of the total number of packets/octets discarded for all class instances in this service policy for any reason due to DiffServ treatment. This is the overall count per-interface, per-direction. Sent Packets/Octets A count of the total number of packets/octets forwarded for all class instances in this service policy after their defined DiffServ treatments were applied.
Page 223 Web Management User Guide...
Page 224: Management Security Settings
Managing Device Security Use the features available from the Security tab to configure management security settings for port, user, and server security. The Security tab contains links to the following features: on page 224 • Management Security Settings on page 241 •...
Page 225 Web Management User Guide User Management By default, two user accounts exist: admin, with 'Read/Write' privileges • guest, with 'Read Only' privileges • By default, both of these accounts have blank passwords. The names are not case sensitive. If you logon with a user account with 'Read/Write' privileges (i.e. as admin) you can use the User Accounts screen to assign passwords and set security parameters for the default accounts, and to add and delete accounts (other than admin) up to the maximum of six.
Page 226 Web Management User Guide Field Description Lockout Status Indicates whether the user account is locked out (TRUE or FALSE). Password Expiration Date Indicates the current password expiration date in date format. User Password Configuration To display the User Password Configuration page, click Security ...
Page 227: Enable Password Configuration
Web Management User Guide Enable Password Configuration This page prompts you to change the Privileged EXEC password. Passwords are a maximum of 64 alphanumeric characters. The password is case sensitive. To display the Enable Password Configuration page, click Security  ...
Page 228: Radius
Web Management User Guide The Encrypted option allows the administrator to transfer the privileged EXEC • password between devices without having to know the password. The Password field must be exactly 128 hexidecimal characters. Use SSH Password to enter the SSH password. Passwords are a maximum of 64 alphanumeric characters.
Page 229: Radius Configuration
Web Management User Guide Radius Configuration Use the Radius Configuration page to add information about one or more RADIUS servers on the network. To access the Radius Configuration page, click Security   Management Security RADIUS  Radius Configuration. The Current Server IP Address field is blank if no servers are configured (see “RADIUS Server Configuration”...
Page 230: Radius Server Configuration
Web Management User Guide retransmit will not occur until the configured time-out value on that server has passed without a response from the RADIUS server. Therefore, the maximum delay in receiving a response from the RADIUS application equals the sum of (retransmit times time-out) for all configured servers.
Page 231 Web Management User Guide Use Secret to specify the shared secret for this server. • to set the selected server to the Primary or Secondary server. • Primary Server Use Message Authenticator to enable or disable the message authenticator attribute •...
Page 232 Web Management User Guide Field Description Malformed Access Responses The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed access-responses.
Page 233 Web Management User Guide In the Port field, specify the UDP port number the server uses to verify the RADIUS accounting server authentication. The valid range is 0–65535. If the user has READONLY access, the value is displayed but cannot be changed. From the Secret Configured menu, select Yes to add a RADIUS secret in the next field.
Page 234: Configuring Tacacs
Web Management User Guide Field Description Unknown Types Displays the number of RADIUS packets of unknown type that were received from this server on the accounting port. Packets Dropped Displays the number of RADIUS packets that were received from this server on the accounting port and dropped for some other reason.
Page 235 Web Management User Guide range is 0–128 characters. The key must match the key configured on the TACACS+ server. In the Connection Timeout field, specify the maximum number of seconds allowed to establish a TCP connection between the Managed Switch and the TACACS+ server. Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 236: Authentication List Configuration
Web Management User Guide Authentication List Configuration The Authentication List folder contains links to the following features: on page 236 • Login Authentication List on page 237 • Enable Authentication List on page 238 • Dot1x Authentication List on page 238 •...
Page 237 Web Management User Guide Use the dropdown menu to select the method, if any, that should appear second in the selected authentication login list. This is the method that will be used if the first method times out. If you select a method that does not time out as the second method, the third method will not be tried.
Page 238 Web Management User Guide Use the dropdown menu to select the method, if any, that should appear second in the selected authentication login list. This is the method that will be used if the first method times out. If you select a method that does not time out as the second method, the third method will not be tried.
Page 239 Web Management User Guide List Name - Select the HTTP list name for which you want to configure data. Use the dropdown menu to select the method that should appear first in the selected authentication login list. If you select a method that does not time out as the first method, such as 'local' no other method will be tried, even if you have specified more than one method.
Page 240: Login Sessions
Web Management User Guide Use the dropdown menu to select the method that should appear first in the selected authentication login list. If you select a method that does not time out as the first method, such as 'local' no other method will be tried, even if you have specified more than one method.
Page 241: Configuring Management Access
Web Management User Guide Configuring Management Access From the Access page, you can configure HTTP and Secure HTTP access to the ProSafe® Managed Switches management interface. The Security Access tab contains the following folders:  on page 241 • HTTP on page 243 •...
Page 242 Web Management User Guide To configure the HTTP server settings: Use HTTP Access to specify whether the switch may be accessed from a web browser. If you choose to enable web mode you will be able to manage the switch from a web browser.
Page 243: Https
Web Management User Guide HTTPS From the HTTPS link, you can access the following pages: on page 243 • HTTPS Configuration on page 244 • Certificate Management on page 245 • Certificate Download HTTPS Configuration Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection.
Page 244: Certificate Management
Web Management User Guide Use HTTPS Port to set the HTTPS Port Number. The value must be in the range of 1 to 65535. Port 443 is the default value. The currently configured value is shown when the web page is displayed. Use HTTPS Session Soft Timeout(Minutes) to set the inactivity time-out for HTTPS sessions.
Page 245: Certificate Download
Web Management User Guide Field Description Certificate Generation Status Displays whether SSL certificate generation is in progress. Certificate Download Use this menu to transfer a certificate file to the switch. For the Web server on the switch to accept HTTPS connections from a management station, the Web server needs a public key certificate.
Page 246: Ssh
Web Management User Guide Use Transfer Mode to specify the protocol to use to transfer the file: TFTP - Trivial File Transfer Protocol • SFTP - Secure File Transfer Program • SCP - Secure Copy • Use Server Address Type to specify either IPv4 or IPv6 to indicate the format of the TFTP/SFTP/SCP Server Address field.
Page 247 Web Management User Guide Use SSH Version 2 to Enable or Disable Protocol Level 2 for SSH. The currently configured value is shown when the web page is displayed. The default value is Enable. Use SSH Session Timeout to configure the inactivity time-out value for incoming SSH sessions to the switch.
Page 248 Web Management User Guide Use Generate RSA Keys to begin generating the RSA host keys. Note that to generate SSH key files SSH must be administratively disabled and there can be no active SSH sessions. Use DELETE RSA Keys to delete the corresponding RSA key file, if it is present. DSA Keys Management - None is the default selection.
Page 249: Telnet
Web Management User Guide SSH-2 DSA Key PEM File - SSH-2 Digital Signature Algorithm (DSA) Key File (PEM • Encoded) Use Transfer Mode to specify the protocol to use to transfer the file: TFTP - Trivial File Transfer Protocol • SFTP - Secure File Transfer Program •...
Page 250: Outbound Telnet Client Configuration
Web Management User Guide Telnet Authentication List This page allows you to select the login and enable authentication list available. The login list specifies the authentication method(s) you want used to validate switch or port access for the users associated with the list. The enable list specifies the authentication method(s) you want used to validate privileged EXEC access for the users associated with the list.
Page 251: Console Port
Web Management User Guide Console Port To display the Console Port page, click Security  Access > Console Port. Use Serial Port Login Timeout (minutes) to specify how many minutes of inactivity should occur on a serial port connection before the switch closes the connection. Enter a number between 0 and 160: the factory default is 5.
Page 252: Denial Of Service
Web Management User Guide Denial of Service To display the Denial of Service page, click Security  Access > Denial of Service. Use Denial of Service Min TCP Header Size to specify the Min TCP Hdr Size allowed. If DoS TCP Fragment is enabled, the switch will drop these packets: First TCP fragments that has a TCP payload - IP_Payload_Length - IP_Header_Size •...
Page 253: Port Authentication
Web Management User Guide the switch will drop ICMP ping packets that have a size greater then this configured Max ICMP Packet Size minus the ICMP header size of 8 bytes. The factory default is 512. Use Denial of Service SIP=DIP to enable SIP=DIP DoS prevention causing the switch to drop packets that have a source IP address equal to the destination IP address.
Page 254: Basic
Web Management User Guide Basic From the Basic link, you can access the following pages: on page 254 • 802.1X Configuration 802.1X Configuration Use the 802.1X Configuration page to enable or disable port access control on the system. To display the 802.1X Configuration page, click Security ...
Page 255: Advanced
Web Management User Guide Use Users to select the user name that will use the selected login list for 802.1x port security. Use Login to select the login to apply to the specified user. All configured logins are displayed. Field Description Authentication List Displays the authentication list which is used by...
Page 256 Web Management User Guide Use Login to select the login to apply to the specified user. All configured logins are displayed. Field Description Authentication List Displays the authentication list which is used by 802.1X. Port Authentication Use the Port Authentication page to enable and configure port access control on one or more ports.
Page 257 Web Management User Guide force authorized - The authenticator PAE unconditionally sets the controlled port • to authorized. auto - The authenticator PAE sets the controlled port mode to reflect the outcome • of the authentication exchanges between the supplicant, authenticator, and the authentication server.
Page 258 Web Management User Guide must be a value in the range of 1 and 65535. The default value is 30. Changing the value will not change the configuration until the APPLY button is pressed. Maximum Requests - This input field allows the user to enter the maximum requests •...
Page 259: Port Summary
Web Management User Guide Port Summary Use the Port Summary page to view information about the port access control settings on a specific port. To access the Port Summary page, click Security    Port Authentication Advanced Port Summary. The following table describes the fields on the Port Summary page.
Page 260 Web Management User Guide Field Description Reauthentication Enabled This field shows whether reauthentication of the supplicant for the specified port is allowed. The possible values are 'true' and 'false'. If the value is 'true' reauthentication will occur. Otherwise, reauthentication will not be allowed. Control Direction This displays the control direction for the specified port.
Page 261: Client Summary
Web Management User Guide Field Description Vlan Assigned This field displays the vlan id assigned to the selected interface by the Authenticator. This field is displayed only when the port control mode of the selected interface is not mac-based. This field is not configurable.
Page 262: Traffic Control
Web Management User Guide Field Description Port The port to be displayed. User Name This field displays the User Name representing the identity of the supplicant device. Supplicant Mac Address This field displays supplicant's device Mac Address. Session Time This field displays the time since the supplicant as logged in seconds.
Page 263: Mac Filter
Web Management User Guide on page 273 • Storm Control MAC Filter The MAC Filter folder contains links to the following features: on page 264 • MAC Filter Configuration on page 265 • MAC Filter Summary...
Page 264: Mac Filter Configuration
Web Management User Guide MAC Filter Configuration Use the MAC Filter Configuration page to create MAC filters that limit the traffic allowed into and out of specified ports on the system. To display the MAC Filter Configuration page, click Security ...
Page 265: Port Security
Web Management User Guide selected will be transmitted only out of ports that are in the list. Destination ports can be included only in the Multicast filter. To delete a configured MAC Filter, select it from the menu, and then click DELETE. Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 266: Port Security Configuration
Web Management User Guide Port Security Configuration Use the Port Security feature to lock one or more ports on the system. When a port is locked, only packets with an allowable source MAC addresses can be forwarded. All other packets are discarded.
Page 267: Port Security Interface Configuration
Web Management User Guide Port Security Interface Configuration A MAC address can be defined as allowable by one of two methods: dynamically or statically. Both methods are used concurrently when a port is locked. Dynamic locking implements a first arrival mechanism for Port Security. You specify how many addresses can be learned on the locked port.
Page 268: Dynamic Mac Address
Web Management User Guide Select the check box next to the port or LAG to configure. Select multiple check boxes to apply the same setting to all selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. Specify the following settings: Security Mode - Enables or disables the Port Security feature for the selected •...
Page 269: Static Mac Address
Web Management User Guide Field Description Number of Dynamic MAC Addresses Learned Displays the number of dynamically learned MAC addresses on a specific port. VLAN ID Displays the VLAN ID corresponding to the MAC address. MAC Address Displays the MAC addresses learned on a specific port.
Page 270: Private Group
Web Management User Guide Private Group The Private Group folder contains links to the following features: on page 270 • Private Group Configuration on page 271 • Private Group Membership Private Group Configuration To display the Private Group Configuration page, click Security ...
Page 271 Web Management User Guide Private Group Membership To display the Private Group Membership page, click Security  Traffic Control> Private  Group Private Group Membership. Use Group ID to select the Group ID for which you want to display or configure data. Use Port List to add the ports you selected to this private group.
Page 272: Protected Ports Configuration
Web Management User Guide Protected Ports Configuration If a port is configured as protected, it does not forward traffic to any other protected port on the switch, but it will forward traffic to unprotected ports. Use the Protected Ports Configuration page to configure the ports as protected or unprotected. You need read-write access privileges to modify the configuration.
Page 273: Storm Control
Web Management User Guide Storm Control A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses can overload network resources and/or cause the network to time out. The switch measures the incoming broadcast/multicast/unknown unicast packet rate per port and discards packets when the rate exceeds the defined value.
Page 274 Web Management User Guide for Unicast Storm Recovery and the Unicast traffic on any Ethernet port exceeds the configured threshold, the switch blocks (discards) the unicast traffic. The factory default is disabled. Storm Control Interface Configuration To display the Storm Control Interface Configuration page, click Security ...
Page 275: Control
Web Management User Guide Field Description Multicast Storm Recovery Level Specify the threshold at which storm control activates. The factory default is 5 percent of port speed for pps type. Unicast Storm Recovery Mode Enable or disable this option by selecting the corresponding line on the pull-down entry field.
Page 276 Web Management User Guide DHCP Snooping Configuration Use DHCP Snooping Mode to enable or disable the DHCP Snooping feature. The factory default is disabled. Use MAC Address Validation to enable or disable the validation of sender MAC Address for DHCP Snooping. The factory default is enabled. DHCP Snooping VLAN Configuration Use VLAN ID to enter the VLAN for which the DHCP Snooping Mode is to be enabled.
Page 277: Dhcp Snooping Interface Configuration
Web Management User Guide DHCP Snooping Interface Configuration To display the DHCP Snooping Interface Configuration page, click Security  Control> DHCP  Snooping Interface Configuration. Interface - Selects the interface for which data is to be configured. If Trust Mode is enabled, DHCP snooping application considers as port trusted. The factory default is disabled.
Page 278: Dhcp Snooping Persistent Configuration
Web Management User Guide Static Binding Configuration Interface - Selects the interface to add a binding into the DHCP snooping database. Use MAC Address to specify the MAC address for the binding to be added. This is the Key to the binding database. Use VLAN ID to select the VLAN from the list for the binding rule.
Page 279 Web Management User Guide Use Store to select the local store or remote store. Local selection disable the Remote objects like Remote File Name and Remote IP address. Use Remote IP Address to configure Remote IP Address on which the snooping database will be stored when Remote is selected.
Page 280: Dhcp Snooping Statistics
Web Management User Guide DHCP Snooping Statistics To display the DHCP Snooping Statistics page, click Security   Control> DHCP Snooping Statistics. Field Description Interface The untrusted and snooping enabled interface for which statistics to be displayed. MAC Verify Failures Number of packets that were dropped by DHCP Snooping as there is no matching DHCP Snooping binding entry found.
Page 281: Ip Source Guard
Web Management User Guide IP Source Guard The IP Source Guard folder contains links to the following features: on page 281 • IP Source Guard Interface Configuration on page 282 • IP Source Guard Binding Configuration IP Source Guard Interface Configuration To display the IP Source Guard Interface Configuration page, click Security ...
Page 282 Web Management User Guide IP Source Guard Binding Configuration To display the IP Source Guard Binding Configuration page, click Security  Control> IP  Source Guard Binding Configuration. Static Binding Configuration Interface - Selects the interface to add a binding into the IPSG database. Use MAC Address to specify the MAC address for the binding.
Page 283: Dynamic Arp Inspection
Web Management User Guide Dynamic ARP Inspection The Dynamic ARP Inspection (DAI) folder contains links to the following features: on page 283 • DAI Configuration on page 283 • DAI VLAN Configuration on page 285 • DAI Interface Configuration on page 285 •...
Page 284 Web Management User Guide VLAN ID - Select the DAI Capable VLANs for which information has to be displayed or configured. Use Dynamic ARP Inspection to indicate whether the Dynamic ARP Inspection is enabled on this VLAN. If this object is set to 'Enable' Dynamic ARP Inspection is enabled. If this object is set to 'Disable', Dynamic ARP Inspection is disabled.
Page 285: Dai Interface Configuration
Web Management User Guide DAI Interface Configuration To display the DAI Interface Configuration page, click Security  Control> Dynamic ARP  Inspection DAI Interface Configuration. Interface - Selects the physical interface for which data is to be configured. Use Trust Mode to indicate whether the interface is trusted for Dynamic ARP Inspection purpose.
Page 286: Dai Acl Rule Configuration
Web Management User Guide Use Name to create New ARP ACL for DAI. Click ADD to add a new DAI ACL to the switch configuration. Click DELETE to remove the currently selected DAI ACL from the switch configuration. DAI ACL Rule Configuration This screen shows the Rules for selected DAI ARP ACL.
Page 287 Web Management User Guide Field Description VLAN The enabled VLAN ID for which statistics to be displayed. DHCP Drops Number of ARP packets that were dropped by DAI as there is no matching DHCP Snooping binding entry found. DHCP Permits Number of ARP packets that were forwarded by DAI as there is a matching DHCP Snooping binding entry found.
Page 288: Configuring Access Control Lists
Web Management User Guide Configuring Access Control Lists Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network.
Page 289: Basic
Web Management User Guide ACL Based on Destination MAC - To create a ACL based on the destination MAC • address, destination MAC mask and VLAN. ACL Based on Source MAC - To create a ACL based on the source MAC address, •...
Page 290 Web Management User Guide on page 291 • MAC Rules on page 292 • MAC Binding Configuration on page 293 • MAC Binding Table MAC ACL A MAC ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match.
Page 291 Web Management User Guide Direction - Displays the direction of packet traffic affected by the MAC ACL, which • can be Inbound or blank. To delete a MAC ACL, select the check box next to the Name field, then click DELETE. To change the name of a MAC ACL, select the check box next to the Name field, update the name, then click APPLY.
Page 292: Mac Binding Configuration
Web Management User Guide Destination MAC Mask - Specifies the destination MAC address mask specifying • which bits in the destination MAC to compare against an Ethernet frame. Valid format is (xx:xx:xx:xx:xx:xx). The BPDU keyword may be specified using a Destination MAC mask of 00:00:00:ff:ff:ff.
Page 293: Mac Binding Table
Web Management User Guide The packet filtering direction for ACL is Inbound, which means the MAC ACL rules are applied to traffic entering the port. Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction.
Page 294: Advanced
Web Management User Guide Field Description ACL Type Displays the type of ACL assigned to selected interface and direction. ACL ID Displays the ACL Number (in case of IP ACL) or ACL Name (in case of MAC ACL) identifying the ACL assigned to selected interface and direction.
Page 295 Web Management User Guide IP ACL An IP ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On this menu the interfaces to which an IP ACL applies must be specified, as well as whether it applies to inbound or outbound traffic.
Page 296: Ip Rules
Web Management User Guide Click ADD to add a new IP ACL to the switch configuration. IP Rules Use these screens to configure the rules for the IP Access Control Lists created using the IP Access Control List Configuration screen. What is shown on this screen varies depending on the current step in the rule configuration process.
Page 297 Web Management User Guide Assign Queue ID - Specifies the hardware egress queue identifier used to handle all • packets matching this ACL rule. Enter an identifying number from 0–6 in the appropriate field. Match Every - Select true or false from the pull-down menu. True signifies that all •...
Page 298: Ip Extended Rules
Web Management User Guide IP Extended Rules Use these screens to configure the rules for the IP Access Control Lists created using the IP Access Control List Configuration screen. What is shown on this screen varies depending on the current step in the rule configuration process. There is an implicit “deny all”...
Page 299 Web Management User Guide cannot be set if a Redirect Interface is already configured for the ACL rule. This field is visible for a 'Permit' Action. Match Every - Select true or false from the pull-down menu. True signifies that all •...
Page 300: Ipv6 Acl
Web Management User Guide possibly selection one of the DSCP keyword from a dropdown box. If a value is to be selected by specifying its numeric value, then select the 'Other' option in the dropdown box and a text box will appear where the numeric value of the DSCP can be entered.
Page 301: Ipv6 Rules
Web Management User Guide IP Extended ACL. IPv6 ACL Name string includes alphanumeric characters only. The name must start with an alphabetic character. Click ADD to add a new IP ACL to the switch configuration. Click DELETE to remove the currently selected IP ACL from the switch configuration. Field Description Current Number of ACL...
Page 302 Web Management User Guide Use Mirror Interface to specify the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface is already configured for the ACL rule. This field is visible for a 'Permit' Action.
Page 303: Ip Binding Configuration
Web Management User Guide Flow label is 20-bit number that is unique to an IPv6 packet, used by end stations to signify quality-of-service handling in routers. Flow label can specified within the range (0 to 1048575). Use IPv6 DSCP Service to specify the IP DiffServ Code Point (DSCP) field. The DSCP is defined as the high-order six bits of the Service Type octet in the IPv6 header.
Page 304: Displays The Type Of Acl Assigned To Selected
Web Management User Guide user, a sequence number that is one greater than the highest sequence number currently in use for this interface and direction will be used. The valid range is 1–4294967295. Click the appropriate orange bar to expose the available ports or LAGs. The Port Selection Table specifies list of all available valid interfaces for ACL mapping.
Page 305: Vlan Binding Table
Web Management User Guide Field Description Interface Displays selected interface. Direction Displays selected packet filtering direction for ACL. ACL Type Displays the type of ACL assigned to selected interface and direction. ACL ID/Name Displays the ACL Number (in the case of IP ACL) or ACL Name (in the case of Named IP ACL and IPv6 ACL) identifying the ACL assigned to selected interface and direction.
Page 306 Web Management User Guide Field Description VLAN ID Specifies VLAN ID for ACL mapping. Sequence Number An optional sequence number may be specified to indicate the order of this access list relative to other access lists already assigned to this VLAN and direction.
Page 307 Web Management User Guide...
Page 308: Ports
Monitoring the System Use the features available from the Monitoring tab to view a variety of information about the switch and its ports and to configure how the switch monitors events. The Monitoring tab contains links to the following features: on page 308 •...
Page 309: Port Statistics
Web Management User Guide Port Statistics The Port Statistics page displays a summary of per-port traffic statistics on the switch. To access the Port Statistics page, click Monitoring  Ports> Port Statistics. The following table describes the per-port statistics displayed on the screen. Use the buttons at the bottom of the page to perform the following actions: To clear all the counters for all ports on the switch, select the check box in the row •...
Page 310 Web Management User Guide Field Description Broadcast Packets Received The total number of good packets received that were directed to the broadcast address. Note that this does not include multicast packets. Packets Transmitted Without The number of frames that have been transmitted by this port to its segment. Errors Transmit Packet Errors The number of outbound packets that could not be transmitted because of...
Page 311: Port Detailed Statistics
Web Management User Guide Port Detailed Statistics The Port Detailed Statistics page displays a variety of per-port traffic statistics. To access the Port Detailed page, click Monitoring  Ports> Port Detailed Statistics. (Following figure show some, but not all, of the fields on the Port Detailed Statistics page.) The following table describes the detailed port information displayed on the screen.
Page 312 Web Management User Guide Click REFRESH to refresh the data on the screen and display the most current statistics. • Field Description ifIndex This object indicates the ifIndex of the interface table entry associated with this port on an adapter. Port Type For normal ports this field will be ‘normal.’...
Page 313 Web Management User Guide Field Description Packets RX and TX 64 Octets The total number of packets (including bad packets) received or transmitted that were 64 octets in length (excluding framing bits but including FCS octets). Packets RX and TX 65-127 The total number of packets (including bad packets) received or transmitted Octets that were between 65 and 127 octets in length inclusive (excluding framing...
Page 314 Web Management User Guide Field Description Packets Received 512-1023 The total number of packets (including bad packets) received that were Octets between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets). Packets Received 1024-1518 The total number of packets (including bad packets) received that were Octets between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
Page 315 Web Management User Guide Field Description Total Received Packets Not A count of valid frames received which were discarded (i.e. filtered) by the Forwarded forwarding process. Local Traffic Frames The total number of frames dropped in the forwarding process because the destination address was located off of this port.
Page 316 Web Management User Guide Field Description Packets Transmitted The total number of packets (including bad packets) received that were 512-1023 Octets between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets). Packets Transmitted The total number of packets (including bad packets) received that were 1024-1518 Octets between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
Page 317: Eap Statistics
Web Management User Guide Field Description Dropped Receive Frames Number of Receive frames discarded at the selected port. STP BPDUs Received Number of STP BPDUs received at the selected port. STP BPDUs Transmitted Number of STP BPDUs transmitted from the selected port. RSTP BPDUs Received Number of RSTP BPDUs received at the selected port.
Page 318 Web Management User Guide The following table describes the EAP statistics displayed on the screen. Use the buttons at the bottom of the page to perform the following actions: To clear all the EAP counters for all ports on the switch, select the check box in the •...
Page 319 Web Management User Guide Field Description EAPOL Last Frame Source This displays the source MAC address carried in the most recently received EAPOL frame. EAPOL Invalid Frames This displays the number of EAPOL frames that have been received by this Transmitted authenticator in which the frame type is not recognized.
Page 320: Cable Test
Web Management User Guide Cable Test To display the Cable Test page, click Monitoring  Ports> Cable Test. Interface - Indicates the interface to which the cable to be tested is connected. Click APPLY to perform a cable test on the selected interface. The cable test may take up to 2 seconds to complete.
Page 321: Logs
Web Management User Guide Field Description Cable Length The estimated length of the cable in meters. The length is displayed as a range between the shortest estimated length and the longest estimated length. Unknown is displayed if the cable length could not be determined. The Cable Length is only displayed if the cable status is Normal.
Page 322: Buffered Logs
Web Management User Guide Buffered Logs To access the Buffered Logs page, click Monitoring  Logs > Buffered Logs. Buffered Log Configuration This log stores messages in memory based upon the settings for message component and severity. On stackable systems, this log exists only on the top of stack platform. Other platforms in the stack forward their messages to the top of stack log.
Page 323: Message Log
Web Management User Guide Message Log This help message applies to the format of all logged messages which are displayed for the message log, persistent log or console log. Format of the messages Messages logged to a collector or relay via syslog have an identical format of either type: If system is not stacked <15>Aug 24 05:34:05 STK0 MSTP[2110]: mspt_api.c(318) 237 %% Interface 12 •...
Page 324: Command Log Configuration
Web Management User Guide Command Log Configuration To access the Command Log Configuration page, click Monitoring  Logs > Command Log Configuration. Use Admin Mode to enable/disable the operation of the CLI Command logging by selecting the corresponding radio button. Console Log Configuration This allows logging to any serial device attached to the host.
Page 325: Syslog Configuration
Web Management User Guide SysLog Configuration To access the SysLog Configuration page, click Monitoring  Logs > Sys Log Configuration. Use Admin Status to enable/disable logging to configured syslog hosts. Setting this to disable stops logging to all syslog hosts. Disable means no messages will be sent to any collector/relay.
Page 326: Trap Logs
Web Management User Guide Trap Logs This screen lists the entries in the trap log. The information can be retrieved as a file by using System Utilities, Upload File from Switch. To access the Trap Logs page, click Monitoring  Logs>...
Page 327 Web Management User Guide Field Description Number of Traps Since Last The number of traps that have occurred since the switch last reboot. Reset Trap Log Capacity The maximum number of traps stored in the log. If the number of traps exceeds the capacity, the entries will overwrite the oldest entries.
Page 328: Event Logs
Web Management User Guide Event Logs This panel displays the event log, which contains error messages from the system. Event log is not cleared on a system reset. To access the Event Log page, click Monitoring  Logs> Event Logs. The following table describes the Event Log information displayed on the screen.
Page 329: Persistent Logs
Web Management User Guide Click CLEAR to clear the messages out of the Event Log. • Click REFRESH to refresh the data on the screen and display the most current • information. Field Description Entry The sequence number of the event. Type The type of the event.
Page 330: Port Mirroring
Web Management User Guide Alert (1) - action must be taken immediately • Critical (2) - critical conditions • Error (3) - error conditions • Warning (4) - warning conditions • Notice(5) - normal but significant conditions • Informational(6) - informational messages •...
Page 331 Web Management User Guide To configure Port Mirroring: Select the check box next to a port to configure it as a source port. Mode - Specifies the Mode for mirroring. By default Mode is disabled. • Use Source Port to specify the configured port(s) as mirrored port(s). Traffic of the configured port(s) is sent to the probe port.
Page 332: Sflow
Agent Version string must have the following structure: MIB Version;Organization;Software Revision where: • MIB Version: '1.3', the version of this MIB. • Organization: NETGEAR Inc. • Revision: 1.0 The IP address associated with this agent. Agent Address Click REFRESH to refresh the web page to show the latest sFlow agent information.
Page 333: Advanced
Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version;Organization;Software Revision where: • MIB Version: '1.3', the version of this MIB. • Organization: NETGEAR Inc. • Revision: 1.0 Agent Address The IP address associated with this agent.
Page 334 Web Management User Guide Receiver Index. Selects the receiver for which data is to be displayed or configured. Allowed range is 1 to 8. Use Receiver Owner to specify the entity making use of this sFlowRcvrTable entry. The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to default values.
Page 335 Web Management User Guide To display the sFlow Interface Configuration page, click Monitoring    sFlow Advanced sFlow Interface Configuration. Interface - Interface for this flow poller and sampler. This Agent will support Physical ports only. Use Receiver Index to specify the allowed range for the sFlowReceiver associated with this counter poller.
Page 336: Save Configuration
Maintenance Use the features available from the Maintenance tab to help you manage the switch. The Maintenance tab contains links to the following features: on page 336 • Save Configuration on page 337 • Reset on page 339 • Upload File From Switch on page 342 •...
Page 337: Auto Install Configuration
Web Management User Guide Select the check box and click the APPLY button to have configuration changes you have made saved across a system reboot. All changes submitted since the previous save or system reboot will be retained by the switch. Auto Install Configuration To access the Auto Install Configuration page, click Maintenance ...
Page 338: Device Reboot
Web Management User Guide Device Reboot Use the Device Reboot page to reboot ProSafe® Managed Switches. To access the Device Reboot page, click Maintenance   Reset Device Reboot. To reboot the switch: Use Reboot Unit No to select the unit to reset. Select all to run reset for all units. Select the Save prior to reboot radio button and click the APPLY button to reboot the switch.
Page 339: Password Reset
Web Management User Guide Select the check box and click the APPLY button to have all configuration parameters reset to their factory default values. All changes you have made will be lost, even if you have issued a save. You will be shown a confirmation screen after you select the button. Password Reset Use the Password Reset page to reset all user passwords to defaults.
Page 340: File Upload
Web Management User Guide File Upload To display the File Upload page, click Maintenance   Upload File Upload. To upload a file from the switch to the TFTP server: Use File Type to specify what type of file you want to upload: Archive - Specify archive (STK) code when you want to retrieve from the operational •...
Page 341: Http File Upload
Web Management User Guide Use Server Address Type to specify either IPv4 or IPv6 to indicate the format of the Server Address field. The factory default is IPv4. Use Server Address to enter the IP address of the server in accordance with the format indicated by the Seer Address Type.
Page 342: Usb File Upload
Web Management User Guide Use Local File Name to specify the local script file name you want to upload. USB File Upload Use this menu to upload a file from the switch to USB device. To display the HTTP File Upload page, click Maintenance ...
Page 343: File Download
Web Management User Guide File Download To display the File Download page, click Maintenance   Download File Download. Use File Type to specify what type of file you want to transfer. Archive - Specify archive (STK) code when you want to upgrade the operational •...
Page 344: Http File Download
Web Management User Guide The factory default is Image1. To download SSH key files, SSH must be administratively disabled Note: and there can be no active SSH sessions. To download SSL PEM files SSL must be administratively disabled Note: and there can be no active SSH sessions. Use Transfer Mode to specify what protocol to use to transfer the file: TFTP - Trivial File Transfer Protocol •...
Page 345 Web Management User Guide To download a file to the switch by using HTTP: Use File Type to specify what type of file you want to transfer: Archive - Specify archive (STK) code when you want to upgrade the operational •...
Page 346: Usb File Download
Web Management User Guide After a file transfer is started, please wait until the page refreshes. Note: When the page refreshes, the Select File option will be blanked out. This indicates that the file transfer is done. To download SSH key files SSH must be administratively disabled Note: and there can be no active SSH sessions.
Page 347: File Management
Web Management User Guide Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. Click APPLY to send the updated configuration to the switch. Configuration changes take effect immediately.
Page 348: Dual Image Configuration
Web Management User Guide Dual Image Configuration The Dual Image feature allows switch to retain two images in permanent storage. The user designates one of these images as the active image to be loaded during subsequent switch restarts. This feature reduces switch down time when upgrading / downgrading the image. To display the Dual Image Configuration page, click Maintenance ...
Page 349: Troubleshooting
Web Management User Guide Troubleshooting The Troubleshooting menu contains links to the following options: on page 349 • Ping IPv4 on page 350 • Ping IPv6 on page 351 • Traceroute IPv4 on page 352 • Traceroute IPv6 Ping IPv4 Use this screen to tell the switch to send a Ping request to a specified IP address.
Page 350: Ping Ipv6
Web Management User Guide Use IP Address/Host Name to enter the IP address or Hostname of the station you want the switch to ping. The initial value is blank. The IP Address or Hostname you enter is not retained across a power cycle. Optionally, configure the following settings: Count - Enter the number of echo requests you want to send.
Page 351: Traceroute Ipv4
Web Management User Guide Result - Displays the result after the switch send a Ping IPv6 request to the specified IPv6 address. Traceroute IPv4 Use this screen to tell the switch to send a TraceRoute request to a specified IP address or Hostname.
Page 352: Traceroute Ipv6
Web Management User Guide InitTTL - Enter the initial TTL to be used. The initial value is default value. The InitTTL • you enter is not retained across a power cycle. MaxFail - Enter the maximum Failures allowed in the session. The initial value is •...
Page 353 Web Management User Guide...
Page 354: Chapter 9 Help
355 • User Guide Support Use the Support page to connect to the Online Support site at netgear.com. To access the Support page, click Help  Online Help > Support. To connect to the NETGEAR support site for ProSafe® Managed Switches, click APPLY.
Page 355: User Guide
Web Management User Guide User Guide Use the User Guide page to access the ProSafe® Managed Switch (the guide you are now reading) that is available on the NETGEAR Website. To access the User Guide page, click Help  Online Help > User Guide.
Page 356 Web Management User Guide...
Page 357: Appendix A Default Settings
Default Settings This appendix describes the default settings for many of the NETGEAR 7000 series Managed Switch software features. Table 3. Default Settings Feature Default IP address 169.254.100.100 Subnet mask 255.255.0.0 Default gateway 0.0.0.0 Protocol DHCP Management VLAN ID Minimum password length...
Page 358 Web Management User Guide Table 3. Default Settings (Continued) Feature Default ISDP Enabled (Versions 1 and 2) RMON Enabled TACACS+ Not configured RADIUS Not configured SSH/SSL Disabled Telnet Enabled Denial of Service Protection Disabled Captive Portal Disabled Dot1x Authentication Disabled (IEEE 802.1X) MAC-Based Port Security All ports are unlocked...
Page 359 Web Management User Guide Table 3. Default Settings (Continued) Feature Default Default VLAN ID Default VLAN Name Default GVRP Disabled GARP Timers Leave: 60 centiseconds Leave All: 1000 centiseconds Join: 20 centiseconds Voice VLAN Disabled Guest VLAN Disabled RADIUS-assigned VLANs Disabled Double VLANs Disabled...
Page 360 Web Management User Guide...
Page 361: Appendix B Configuration Examples
Configuration Examples This appendix contains information about how to configure the following features: on page 361 • Virtual Local Area Networks (VLANs) on page 363 • Access Control Lists (ACLs) on page 366 • Differentiated Services (DiffServ) on page 370 •...
Page 362: Vlan Example Configuration
Web Management User Guide They are easy to manage. The addition of nodes, as well as moves and other changes, • can be dealt with quickly and conveniently from a management interface rather than from the wiring closet. They provide increased performance. VLANs free up bandwidth by limiting node-to-node •...
Page 363: Access Control Lists (Acls)
Web Management User Guide For the VLAN with VLAN ID 10, specify the following members: port 1 (U), port 2 (U), • and port 3 (T). For the VLAN with VLAN ID 20, specify the following members: port 4 (U), port 5 (T), •...
Page 364: Mac Acl Example Configuration
Web Management User Guide criteria to a particular queue or redirect the traffic to a particular port. A default deny all rule is the last rule of every list. APPLY the access list to an interface in the inbound direction. ProSafe®...
Page 365: Standard Ip Acl Example Configuration
Web Management User Guide ports, you must add a new permit rule with the desired match criteria and bind the rule to interfaces 6, 7, and 8. Standard IP ACL Example Configuration The following example shows how to create an IP-based ACL that prevents any IP traffic from the Finance department from being allowed on the ports that are associated with other departments.
Page 366: Differentiated Services (Diffserv)
• and priority, giving preferential treatment to data with strict timing requirements. NETGEAR® switches support DiffServ. The DiffServ feature contains a number of conceptual QoS building blocks you can use to construct a differentiated service network. Use these same blocks in different ways to build other types of QoS architectures.
Page 367: Diffserv Traffic Classes
Web Management User Guide IP Service Type octet (also known as: ToS bits, Precedence value, DSCP value) • Layer 4 protocol (TCP, UDP etc.) • Layer 4 source/destination ports • Source/destination IP address • From a DiffServ point of view, there are two types of classes: DiffServ traffic classes •...
Page 368: Diffserv Example Configuration
Web Management User Guide Dropping - Drop a packet upon arrival. This is useful for emulating access control list • operation using DiffServ, especially when DiffServ and ACL cannot co-exist on the same interface. Marking IP DSCP or IP Precedence - Marking/re-marking the DiffServ code point in a •...
Page 369 Web Management User Guide From the QoS Class Configuration screen, create a new class with the following settings: Class Name: Class1 • Class Type: All • For more information about this screen, see on page 425. Class Configuration Click the Class1 hyperlink to view the DiffServ Class Configuration screen for this class. Configure the following settings for Class1: Protocol Type: UDP •...
Page 370: 370
(the system that requests authentication), as well as between the authenticator and the authentication server. The NETGEAR® switches support a guest VLAN, which allows unauthenticated users to have limited access to the network resources. You can use QoS features to provide rate limiting on the guest VLAN Note: to limit the network resources the guest VLAN provides.
Page 371: 802.1X Example Configuration
Supplicant on behalf of the Authenticator. All three roles are required in order to complete an authentication exchange. NETGEAR® switches support the Authenticator role only, in which the PAE is responsible for communicating with the Supplicant. The Authenticator PAE is also responsible for submitting the information received from the Supplicant to the Authentication Server in order for the credentials to be checked, which will determine the authorization state of the Port.
Page 372: Mstp
Web Management User Guide From the Port Authentication screen, select ports 1/0/5, 1/0/6, 1/0/7 and 1/0/8. From the Port Control menu, select Unauthorized. The Port Control setting for all other ports where authentication is not needed should Authorized. When the Port Control setting is Authorized, the port is unconditionally put in a force-Authorized state and does not require any authentication.
Page 373 Web Management User Guide working but not the end effect (chief among the effects is the rapid transitioning of the port to the Forwarding state). The difference between the RSTP and the traditional STP (IEEE 802.1D) is the ability to configure and recognize full duplex connectivity and ports that are connected to end stations, resulting in rapid transitioning of the port to the Forwarding state and the suppression of Topology Change Notification.
Page 374: Mstp Example Configuration
Web Management User Guide Configuration Digest: 16-byte signature of type HMAC-MD5 created from the MST Configuration Table (a VLAN ID to MSTID mapping) As there are Multiple Instances of Spanning Tree, there is a MSTP state maintained on a per-port, per-instance basis (or on a per port per VLAN basis: as any VLAN can be in one and only one MSTI or CIST).
Page 375 Web Management User Guide Ports 1/0/1 - 1/0/5 Ports 1/0/1 - 1/0/5 Connected to Hosts Connected to Hosts Ports 1/0/6 - 1/0/8 Connected to Switch 2 and 3 Ports 1/0/6 - 1/0/8 1/0/1 - 1/0/5 Switch 1 Connected to Switch 1 and 3 Root Bridge Switch 2 Ports 1/0/6 - 1/0/8...
Page 376 Web Management User Guide Select ports 1/0/1 - 1/0/5 (edge ports), and select Enable from the Fast Link menu. Since the edge ports are not at risk for network loops, ports with Fast Link enabled transition directly to the Forwarding state. Click APPLY.
Page 377 Web Management User Guide...
Page 378: Appendix C Notification Of Compliance
Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). This equipment meets the following conformance standards: EN300 328 (2.4Ghz), EN301 489-17, EN301 893 (5Ghz), EN60950-1 For complete DoC, visit the NETGEAR EU Declarations of Conformity website at: http://support.netgear.com/app/answers/detail/a_id/11621/ EDOC in Languages of the European Community...
Page 379 Hereby, NETGEAR Inc., declares that this Radiolan is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. Español Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los [Spanish] requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE.
Page 380: Fcc Declaration Of Conformity
FCC Declaration of Conformity We, NETGEAR, Inc., 350 East Plumeria Drive, San Jose, CA 95134, declare under our sole responsibility that the Web Management User Guide complies with Part 15 Subpart B of FCC CFR47 Rules. Operation is subject to the...
Page 381 When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling. GPL License Agreement GPL may be included in this product; to view the GPL license agreement go to ftp://downloads.netgear.com/files/GPLnotice.pdf.
Page 382 For GNU General Public License (GPL) related information, please visit http://support.netgear.com/app/answers/detail/a_id/2649 . Interference Reduction Table The table below shows the Recommended Minimum Distance between NETGEAR equipment and household appliances to reduce interference (in feet and meters). Table 4. Household Appliance...
Page 383: Index
Index Trap Numerics VLAN 802.1X VLAN example example configuration access control defaults ACL example configuration ACLs authentication Device View 802.1X DiffServ enable port-based RADIUS download SNMP from a remote system TACACS+ certificate compliance Configuration file management 802.1X Access Control Lists firmware download Class Community...
Page 384 Web Management User Guide IEEE 802.1s switch IEEE 802.1w RSTP IEEE 802.1X IGMP interface Simple Network Time Protocol SNMP logical traps naming convention using physical v1, v2 queue configuration SNTP IP DSCP server configuration Mapping server status storm control LAG VLAN LAGPDUs example configuration Status...
Page 385 Web Management User Guide PVID...

This manual is also suitable for:

Gsm7224p Gsm5212p Gsm7212f

NETGEAR GSM7212P User Manual

Table of Contents

Chapter 1 Getting Started

Configuring System Information 2

Chapter 2 Configuring System Information

Chapter 3 Configuring Switching Information

Advanced

Advanced

Chapter 4 Routing

Chapter 5 Configuring Quality of Service

Managing Device Security 6

Chapter 6 Managing Device Security

Configuring Management Access

Advanced

Chapter 7 Monitoring the System

Chapter 8 Maintenance

Chapter 9 Help

Appendix A Default Settings

Appendix B Configuration Examples

Appendix C Notification of Compliance

Quick Links

Chapters

Related Manuals for NETGEAR GSM7212P

Summary of Contents for NETGEAR GSM7212P