Page 1 GS716Tv2 and GS724Tv3 Software Administration Manual NETGEAR, Inc. 350 E. Plumeria Drive San Jose CA 95134 USA 202-10484-01 July 2009...
Page 2: Technical Support
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3 Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas. When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling. Product and Publication Details Model Number: GS716T and GS724T Publication Date: July 2009...
Page 4 v1.0, July 2009...
Page 5: Table Of Contents
Contents GS716Tv2 and GS724Tv3 Software Administration Manual About This Manual Audience ........................... xi Organization ........................xi Conventions, Formats and Scope ................... xii How to Use This Manual ....................xiv How to Print this Manual ....................xiv Revision History ....................... xv Chapter 1 Getting Started Connecting the Switch to the Network ................1-1...
Page 6 GS716Tv2 and GS724Tv3 Software Administration Manual Chapter 2 Configuring System Information System Information ......................2-1 Defining System Information ..................2-3 Network Connectivity ......................2-3 Time ..........................2-5 Time Configuration ....................2-6 SNTP Global Status ....................2-8 SNTP Server Configuration ..................2-10 SNTP Server Status ....................2-11 Denial of Service ......................2-13 Green Ethernet Configuration ..................2-15 SNMP V1/V2 ........................2-16 Community Configuration ..................2-17...
Page 7 GS716Tv2 and GS724Tv3 Software Administration Manual Port VLAN ID Configuration ...................3-14 Configuring Spanning Tree Protocol ................3-16 STP Switch Configuration/Status ................3-17 CST Configuration ....................3-19 CST Port Configuration ..................3-21 CST Port Status .....................3-23 Rapid STP Configuration ..................3-24 MST Configuration ....................3-26 MST Port Configuration ..................3-27 STP Statistics ......................3-31 Configuring IGMP Snooping ..................3-32 Global Configuration ....................3-32...
Page 8 GS716Tv2 and GS724Tv3 Software Administration Manual Chapter 5 Managing Device Security Management Security Settings ..................5-1 Change Password ....................5-2 RADIUS Configuration .....................5-3 Configuring TACACS+ ...................5-10 Authentication List Configuration ................5-13 Configuring Management Access .................5-15 HTTP Configuration ....................5-15 Secure HTTP Configuration ...................5-16 Certificate Download ....................5-18 Access Profile Configuration ..................5-19 Access Rule Configuration ..................5-21 Port Authentication .......................5-22...
Page 9 GS716Tv2 and GS724Tv3 Software Administration Manual Chapter 6 Monitoring the System Switch Statistics ......................6-1 Viewing Port Statistics ....................6-4 Port Statistics ......................6-4 Port Detailed Statistics .....................6-5 EAP Statistics ......................6-12 Managing Logs ......................6-14 Memory Logs ......................6-14 FLASH Log Configuration ..................6-16 Server Log Configuration ..................6-19 Trap Logs .......................6-21 Event Logs ......................6-22 Configuring Port Mirroring ....................6-23...
Page 10 GS716Tv2 and GS724Tv3 Software Administration Manual Appendix B Configuration Examples Virtual Local Area Networks (VLANs) ................B-1 VLAN Example Configuration ................. B-2 Access Control Lists (ACLs) ..................B-4 MAC ACL Example Configuration ................B-5 Standard IP ACL Example Configuration ..............B-6 802.1X ...........................
Page 11: About This Manual
About This Manual The NETGEAR ® GS716Tv2 and GS724Tv3 Software Administration Manual describes how to configure and operate the Gigabit Smart Switch using its included software features by using the Web-based graphical user interface (GUI). The book describes the software configuration procedures and explains the options available within those procedures.
Page 12: Conventions, Formats And Scope
GS716Tv2 and GS724Tv3 Software Administration Manual • Chapter 5, “Managing Device Security” page 5-1 contains information about configuring switch security information such as port access control, TACACS+, and RADIUS server settings. • Chapter 6, “Monitoring the System” page 6-1 describes how to view a variety of information about the switch and its port, and to configure how the switch monitors events.
Page 13 GS716T and GS724T Gigabit Smart Switch Manual Publication Date July 2009 Note: Product updates for the GS716T are available on the NETGEAR, Inc. website at http://kb.netgear.com/app/products/list/p3/322. Product updates for the GS724T are available on the NETGEAR, Inc. website at http://kb.netgear.com/app/products/list/p3/322.
Page 14: How To Use This Manual
• button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.
Page 15: Revision History
GS716Tv2 and GS724Tv3 Software Administration Manual • Click the print icon in the upper left of your browser window. Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature. Revision History Version Part Number...
Page 16 GS716Tv2 and GS724Tv3 Software Administration Manual v1.0, July 2009...
Page 17: Getting Started
Chapter 1 Getting Started This chapter provides an overview of starting your NETGEAR GS716T/GS724T Gigabit Smart Switch and accessing the user interface. It also leads you through the steps to use the SmartWizard Discovery utility. This chapter contains the following sections: •...
Page 18: Switch Management Interface
IP Configuration, under the System  Management  IP Configuration menu, for either Static, BOOTP, or DHCP IP assignment. Switch Management Interface NETGEAR provides the SmartWizard Discovery utility with this product. This program runs under Microsoft Windows...
Page 19: Smartwizard Discovery In A Network With A Dhcp Server
GS716Tv2 and GS724Tv3 Software Administration Manual SmartWizard Discovery in a Network with a DHCP Server To install the switch in a network with a DHCP server, use the following steps: 1. Connect the Gigabit Smart Switch to a DHCP network. 2.
Page 20: Smartwizard Discovery In A Network Without A Dhcp Server
GS716Tv2 and GS724Tv3 Software Administration Manual Figure 1-2 Use your Web browser to manage your switch. The default password is password. Then use this page to proceed to management of the switch covered in “Using the Web Interface” on page 1-9.
Page 21: Manually Assigning Network Parameters
GS716Tv2 and GS724Tv3 Software Administration Manual Manually Assigning Network Parameters If your network has no DHCP service, you must assign a static IP address to your switch. If you choose, you can assign it a static IP address, even if your network has DHCP service. To assign a static IP address: 1.
Page 22: Configuring The Network Settings On The Administrative System
GS716Tv2 and GS724Tv3 Software Administration Manual Configuring the Network Settings on the Administrative System The settings of your network interface card (NIC) under the MS Windows OS are made with entries into Windows screen pages similar to the ones shown in Figure 1-4.
Page 23: Password Change
GS716Tv2 and GS724Tv3 Software Administration Manual • “Password Change” on page 1-7 • “Firmware Upgrade” on page 1-7 Password Change To set a new password: 1. Click Password Change from the Switch Setting section. The Password Change screen appears. You can set a new password. In this process, you are required to enter the old password and to confirm the new one.
Page 24: Exit
GS716Tv2 and GS724Tv3 Software Administration Manual Figure 1-5 2. Enter the following values into the appropriate places in the form: • Product Assigned Firmware. The location of the new firmware. If you do not know the location, you can click Browse to locate the file. •...
Page 25: Understanding The User Interfaces
GS716Tv2 and GS724Tv3 Software Administration Manual Understanding the User Interfaces GS716T/GS724T software includes a set of comprehensive management functions for configuring and monitoring the system by using one of the following methods: • Web user interface • Simple Network Management Protocol (SNMP) Each of the standards-based management methods allows you to configure and monitor the components of the GS716T/GS724T software.
Page 26 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 1-6 3. After the system authenticates you, the System Information page displays. 1-10 Getting Started v1.0, July 2009...
Page 27 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 1-7 shows the layout of the GS716T/GS724T software Web interface. Each Web page contains three main areas: navigation tree on the left, the configuration status and options, and the tabs at the top that provide access to all the configuration functions of the switch and remain constant.
Page 28 GS716Tv2 and GS724Tv3 Software Administration Manual subfolder, and HTML page in the navigation menu. When you click a folder or subfolder, it becomes preceded by a down arrow symbol and, if there is a subfolder, the folder expands to display the contents. If you click an HTML page, a new page displays in the main frame. Folder HTML Page Figure 1-8...
Page 29 GS716Tv2 and GS724Tv3 Software Administration Manual Device View The Device View is a Java ® applet that displays the ports on the switch. This graphic provides an alternate way to navigate to configuration and monitoring options. The graphic also provides information about device ports, current configuration and status, table information, and feature components.
Page 30: Using Snmp
GS716Tv2 and GS724Tv3 Software Administration Manual If you click the graphic, but do not click a specific port, the main menu appears, as Figure 1-11 shows. This menu contains the same option as the navigation tabs at the top of the page. Figure 1-11 Help Page Access Every page contains a link to the online help...
Page 31: Common Parameter Values
GS716Tv2 and GS724Tv3 Software Administration Manual GS716T/GS724T switches use both standard public MIBs for standard functionality and private MIBs that support additional switch functionality. All private MIBs begin with a “-” prefix. The main object for interface configuration is in -SWITCHING-MIB, which is a private MIB. Some interface configurations also involve objects in the public MIB, IF-MIB.
Page 32: Interface Naming Convention
GS716Tv2 and GS724Tv3 Software Administration Manual Table 1-3. Parameter Descriptions (continued) Parameter Description Interface g1, g2, and so on for the physical interfaces. Logical Interface Represents a logical interface. This is applicable for a LAG (port-channel) interface which is represented as l1, l2, and so on. Interface Naming Convention GS716T/GS724T Switch supports physical and logical interfaces.
Page 33: System Information
Chapter 2 Configuring System Information Use the features in the System tab to define the switch’s relationship to its environment. The System tab contains links to the following features: • “System Information” on page 2-1 • “Network Connectivity” on page 2-3 •...
Page 34 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 2-1 Table 2-1. System Description Fields Field Description System Name Enter the name you want to use to identify this switch. You may use up to 31 alphanumeric characters. The factory default is blank. System Location Enter the location of this switch.
Page 35: Defining System Information
GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-1. System Description Fields (continued) Field Description Boot Version The bootcode version of the switch. Software Version The software version of the switch. Defining System Information 1. Open the System Information page. 2. Define the following fields: System Name, System Location, and System Contact. 3.
Page 36 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 2-2 2. To access the switch over a network, you must first configure it with IP information (IP address, subnet mask, and default gateway). You can configure the IP information using any of the following options: •...
Page 37: Time
GS716Tv2 and GS724Tv3 Software Administration Manual 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 4. If you change any of the network connection parameters, click Apply to apply the changes to the system.
Page 38: Time Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual method is selected, SNTP information is accepted only from SNTP servers defined on the device using the SNTP Server Configuration page. The device retrieves synchronization information, either by actively requesting information or at every poll interval. Time Configuration Use the Time Configuration page to view and adjust SNTP parameters.
Page 39 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 2-3 To configure the time through SNTP: 1. Select the Clock Source as SNTP by checking the radio button. 2. When the Clock Source is set to ‘SNTP’, the Date and Time fields are grayed out (disabled). The switch gets the date and time from the network.
Page 40: Sntp Global Status
GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-3. Time Configuration Fields (continued) Field Description Time Specifies the duration of the box in hours, minutes and seconds since the last reboot. Time Zone When using SNTP/NTP time servers to update the switch’s clock, the time data received from the server is based on Coordinated Universal Time (UTC), which is the same as Greenwich Mean Time (GMT).
Page 41 GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-4. SNTP Global Configuration Fields Field Description Version Specifies the SNTP Version the client supports. Supported Mode Specifies the SNTP modes the client supports. Multiple modes may be supported by a client. Last Update Time Specifies the local date and time (UTC) the SNTP client last updated the system clock.
Page 42: Sntp Server Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-4. SNTP Global Configuration Fields (continued) Field Description Unicast Sever Max Entries Specifies the maximum number of unicast server entries that can be configured on this client. Unicast Server Current Specifies the number of current valid unicast server entries configured Entries for this client.
Page 43: Sntp Server Status
GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-5. SNTP Server Configuration Fields Field Description Server Type Specifies the address type of the configured SNTP server to view or modify information about, or select Add to configure a new SNTP server. You can define up to three SNTP servers.
Page 44 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click System  Management  Time  SNTP Server Configuration in the navigation menu. Figure 2-6 Table 2-6. SNTP Server Status Fields Field Description Address Specifies all the existing Server Addresses. If no Server configuration exists, a message saying “No SNTP server exists”...
Page 45: Denial Of Service
GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-6. SNTP Server Status Fields (continued) Field Description Requests Specifies the number of SNTP requests made to this server since last agent reboot. Failed Requests Specifies the number of failed SNTP requests made to this server since last reboot.
Page 46 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click System  Management  Denial of Service in the navigation menu. Figure 2-7 Table 2-7. Denial of Service Configuration Fields Field Description Denial of Service SIP=DIP Enable or disable this option by selecting the corresponding line on the pulldown entry field.
Page 47: Green Ethernet Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-7. Denial of Service Configuration Fields (continued) Field Description Denial of Service TCP Flag Enable or disable this option by selecting the corresponding line on the pulldown entry field. Enabling TCP Flag DoS prevention causes the switch to drop packets that have TCP flag SYN set and TCP source port less than 1024 or TCP control flags set to 0 and TCP sequence number set to 0 or TCP flags FIN, URG, and PSH set and TCP sequence...
Page 48: Snmp V1/V2
GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click System  Management  Green Ethernet Configuration. Figure 2-8 Table 2-8. Green Ethernet Configuration Fields Field Description Auto Power Down Mode When this is enabled and the port link is down, the PHY automatically goes down for a short amount of time and then wakes up to check link pulses.
Page 49: Community Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Community Configuration To display this page, click System  SNMP  SNMP V1/V2  Community Configuration in the navigation tree. By default, two SNMP Communities exist: • Private, with Read/Write privileges and status set to Enable. •...
Page 50 GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-9. SNMP V1/V2 Community Configurable Data Field Description Management Station IP Taken together, the Management Station IP and the Management Station IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device.
Page 51: Trap Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-10. Command Buttons Field Description Add the currently selected receiver configuration to the switch. Delete Delete the currently selected receiver configuration. Cancel Cancel the configuration on the screen. Reset the data on the screen to the latest value of the switch.
Page 52: Trap Flags
GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-11. SNMP Trap Configuration (continued) Field Description Community String Enter the community string for the SNMP trap packet to be sent to the trap manager. This may be up to 16 characters and is case sensitive. Status Select the receiver’s status from the pulldown menu: •...
Page 53: Snmp V3 User Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Figure 2-11 The fields available on the Trap Flags page depends on the packages installed on your system. Figure 2-11 and the following table show the fields that are available on a system with all packages installed.
Page 54 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 2-12 Table 2-14. SNMP v3 User Configuration Field Description SNMP v3 Access Mode The SNMPv3 access privileges for the user account. The admin account always has Read/Write access, and all other accounts have Read Only access.
Page 55: Lldp
GS716Tv2 and GS724Tv3 Software Administration Manual 3. Click Apply to send the updated configuration to the switch. Configuration changes take effect immediately. LLDP The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations residing on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN.
Page 56: Lldp Port Settings
GS716Tv2 and GS724Tv3 Software Administration Manual Figure 2-13 Table 2-15. LLDP Configuration Fields Field Description LLDP Properties TLV Advertised Interval Specifies the interval at which frames are transmitted. The default is 30 seconds, and the valid range is 1–32768 seconds. Hold Multiplier Specifies multiplier on the transmit interval to assign to Time-to-Live (TTL).
Page 57 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 2-14 Table 2-16. LLDP Port Settings Fields Field Description Interface Specifies the port to be affected by these parameters. Admin Status Select the status for transmitting and receiving LLDP packets. The options are: •...
Page 58 GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-16. LLDP Port Settings Fields (continued) Field Description Notification When notifications are enabled, LLDP interacts with the Trap Manager to notify subscribers of remote data change statistics. The default is disabled. Optional TLV(s) Enable or disable the transmission of optional type-length value (TLV) information from the interface.
Page 59: Local Information
GS716Tv2 and GS724Tv3 Software Administration Manual Local Information Use the LLDP Local Information page to view the data that each port advertises through LLDP. To display the LLDP Local Device Information page: 1. Click SystemAdvanced LLDPLocal Information in the navigation tree. Figure 2-15 Table 2-17.
Page 60 GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-17. LLDP Local Information Fields (continued) Field Description Port Description Identifies the user-defined description of the port. To configure the Port Description, see “Configuring and Viewing Device Port Information” on page 3-1. Advertisement Displays the advertisement status of the port.
Page 61 GS716Tv2 and GS724Tv3 Software Administration Manual Table 2-18. Local Port Information Field Description Managed Address Address SubType Displays the type of address the management interface uses, such as an IPv4 address. Address Displays the address used to manage the device. Interface SubType Displays the port subtype.
Page 62: Neighbors Information
GS716Tv2 and GS724Tv3 Software Administration Manual Neighbors Information Use the LLDP Neighbors Information page to view the data that a specified interface has received from other LLDP-enabled systems. To display the LLDP Neighbors Information page: 1. Click SystemLLDP  Advanced Neighbors Information in the navigation tree. Figure 2-17 Table 2-19.
Page 63 GS716Tv2 and GS724Tv3 Software Administration Manual 3. To view more information about the remote device, click the link in the MSAP Entry field. A popup window displays information for the selected port. Figure 2-18 4. Click Refresh to refresh the page with the most current data from the switch. Configuring System Information 2-31 v1.0, July 2009...
Page 64 GS716Tv2 and GS724Tv3 Software Administration Manual 2-32 Configuring System Information v1.0, July 2009...
Page 65: Configuring Switching Information
Chapter 3 Configuring Switching Information • “Configuring and Viewing Device Port Information” on page 3-1 • “Creating LAGs” on page 3-5 • “Managing VLANs” on page 3-10 • “Configuring Spanning Tree Protocol” on page 3-16 • “Configuring IGMP Snooping” on page 3-32 •...
Page 66 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 3-1 Table 3-1. Port Configuration Fields Field Description Port Select the port from the menu to display or configure data for that port. If you select All, the changes you make to the Port Configuration page apply to all physical ports on the system.
Page 67 GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-1. Port Configuration Fields (continued) Field Description Auto Power Down Mode Use the menu to select the port’s Green Ethernet mode, which can be one of the following: Enable: Specifies that when the port link is down, the PHY automatically goes down for a short amount of time, and wakes up to check link pulses, performs auto-negotiation and saving power consumption routines when a link partner is unavailable.
Page 68: Flow Control
GS716Tv2 and GS724Tv3 Software Administration Manual Flow Control IEEE 802.3x flow control works by pausing a port when the port becomes oversubscribed and dropping all traffic for small bursts of time during the congestion condition. This can lead to high- priority and/or network control traffic loss.
Page 69: Creating Lags
GS716Tv2 and GS724Tv3 Software Administration Manual Creating LAGs Link aggregation groups (LAGs), which are also known as port-channels, allow you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing. You assign the LAG VLAN membership after you create a LAG.
Page 70 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 3-3 Table 3-3. LAG (Port Channel) Configuration Fields Field Description LAG Name Enter the name you want assigned to the LAG. You may enter any string of up to 15 alphanumeric characters. A valid name has to be specified in order to create the LAG Description Enter the Description string to be attached to a LAG.
Page 71: Lag Membership
GS716Tv2 and GS724Tv3 Software Administration Manual 2. Click Add to update the switch with the values on this screen. 3. To remove a configured LAG (port channel), select it and click Delete. All ports that were members of this LAG are removed from the LAG and included in the default VLAN. 4.
Page 72: Lacp Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-4. LAG Membership Fields (continued) Field Description Port Selection Table Select the ports as members of this LAG. Current Members Displays the LAGs on the current channel. 2. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 73: Lacp Port Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 4. If you make any changes to this page, click Apply to send the updated configuration to the switch.
Page 74: Managing Vlans
GS716Tv2 and GS724Tv3 Software Administration Manual Managing VLANs Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security and management of multicast traffic.
Page 75 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Switching VLAN  Basic  VLAN Configuration in the navigation tree. Figure 3-7 Table 3-7. VLAN Configuration Fields Field Description VLAN ID Specify the VLAN Identifier for the new VLAN. (You can only enter data in this field when you are creating a new VLAN.) The range of the VLAN ID is 1–4093.
Page 76: Vlan Membership Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual 5. If you make any changes to this page, click Apply to send the updated configuration to the switch. Configuration changes take effect immediately. VLAN Membership Configuration Use this page to configure VLAN Port Membership for a particular VLAN. You can select the Group operation through this page.
Page 77 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 3-9 3. To change the VLAN tagging for one or more ports, click each port to make traffic forwarded by the interface tagged (T) or untagged (U). Table 3-8. VLAN Membership Configuration Fields Field Description VLAN ID...
Page 78: Port Vlan Id Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-8. VLAN Membership Configuration Fields (continued) Field Description Untagged/Tagged Port Click Untagged Port Members or Tagged Port Members to see the port Members list and use it to add the ports you selected to this VLAN. Each port has three modes: •...
Page 79 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 3-10 Table 3-9. Port VLAN ID Configuration Fields Field Description Interface Select the physical interface for which you want to display or configure data. Port VLAN ID (PVID) Specify the range of Port VLAN IDs you want assigned to untagged or priority tagged frames received on this port.
Page 80: Configuring Spanning Tree Protocol
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-9. Port VLAN ID Configuration Fields (continued) Field Description Ingress Filtering Specify how you want the port to handle tagged frames: • Enable: A tagged frame will be discarded if this port is not a member of the VLAN identified by the VLAN ID in the tag.
Page 81: Stp Switch Configuration/Status
GS716Tv2 and GS724Tv3 Software Administration Manual Note: For two bridges to be in the same region, the force version should be 802.1s and their configuration name, digest key, and revision level should match. For additional information about regions and their effect on network topology, refer to the IEEE standard.
Page 82 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 3-11 Table 3-10. Spanning Tree Switch Configuration/Status Fields Field Description Spanning Tree State Enables or disables Spanning Tree operation on the switch. STP Operation Mode Specifies the Force Protocol Version parameter for the switch. Options are: •...
Page 83: Cst Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-10. Spanning Tree Switch Configuration/Status Fields (continued) Field Description Time Since Topology The time in seconds since the topology of the CST last changed. Change Topology Change Count The number of times the topology has changed for the CST. Topology Change The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the CST.
Page 84 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 3-12 Table 3-11. Spanning Tree CST Configuration/Status Fields Field Description Bridge Priority When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge.
Page 85: Cst Port Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-11. Spanning Tree CST Configuration/Status Fields (continued) Field Description Bridge Forward Delay Specifies the switch forward delay time, which indicates the amount of (secs) time in seconds a bridge remains in a listening and learning state before forwarding packets.
Page 86 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 3-13 Table 3-13. Spanning Tree CST Port Configuration/Status Fields Field Description Interface Select one of the physical or port channel interfaces associated with the VLAN(s) associated with the CST. STP Status Spanning Tree Protocol Administrative Mode associated with the port or port channel.
Page 87: Cst Port Status
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-13. Spanning Tree CST Port Configuration/Status Fields (continued) Field Description Port ID The port identifier for the specified port within the CST. It is made up from the port priority and the interface number of the port. Hello Timer Specifies the switch Hello time, which indicates the amount of time in seconds a port waits between configuration messages.
Page 88: Rapid Stp Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-14. Spanning Tree CST Port Status Fields Field Description Interface Select a physical or port channel interface to configure. The port is associated with the VLAN(s) associated with the CST. Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree.
Page 89 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click SwitchingSTPAdvanced  RSTP in the navigation tree. Figure 3-15 Table 3-15. Rapid STP Field Description Interface The physical or port channel interfaces associated with VLANs associated with the CST. Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree.
Page 90: Mst Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual MST Configuration Use the Spanning Tree MST Configuration page to configure Multiple Spanning Tree (MST) on the switch. To display the Spanning Tree MST Configuration page: 1. Click SwitchingSTPAdvanced  MST Configuration in the navigation tree. Use this page to create and configure a new MST or select an existing MST to display or configure.
Page 91: Mst Port Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-16. Spanning Tree MST Configuration (continued) Field Description VLAN ID This gives a list box of all VLANs on the switch. The VLANs associated with the MST instance which is selected are highlighted on the list. These can be selected or unselected for reconfiguring the association of VLANs to MST instances.
Page 92 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Switching  STP  Advanced  MST Port Configuration in the navigation tree. Figure 3-17 Figure 3-18 show the left and right portions of the Web page. Figure 3-17 Figure 3-18 Note: If no MST instances have been configured on the switch, the page displays a “No MSTs Available”...
Page 93 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 3-19 Table 3-17. Spanning Tree MST Port Status Fields Field Description Select MST Select an existing MST instance from the pull down list of MST IDs in the Status table at the top of the screen. Interface Select a physical or port channel interface to configure.
Page 94 GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-17. Spanning Tree MST Port Status Fields (continued) Field Description Port Forwarding State Indicates the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are: •...
Page 95: Stp Statistics
GS716Tv2 and GS724Tv3 Software Administration Manual STP Statistics Use the Spanning Tree Statistics page to view information about the number and type of bridge protocol data units (BPDUs) transmitted and received on each port. To display the Spanning Tree Statistics page: 1.
Page 96: Configuring Igmp Snooping
GS716Tv2 and GS724Tv3 Software Administration Manual Configuring IGMP Snooping Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to forward multicast traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255.
Page 97 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Switching Multicast  IGMP Snooping  IGMP Snooping Configuration in the navigation tree. Figure 3-21 Table 3-19. IGMP Snooping Configuration Fields Field Description IGMP Snooping Status Select the administrative mode for IGMP Snooping for the switch. The default is Disable.
Page 98: Igmp Snooping Interface Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual 2. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 3. If you make any configuration changes, click Apply to apply the new settings to the switch. Configuration changes take effect immediately.
Page 99: Viewing Multicast Forwarding Database Information
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-20. IGMP Snooping Interface Configuration Fields (continued) Field Description Host Timeout Specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group.
Page 100: Igmp Snooping Table
GS716Tv2 and GS724Tv3 Software Administration Manual • “IGMP Snooping Table” on page 3-36 • “MFDB Table” on page 3-37 • “MFDB Statistics” on page 3-39 • “IGMP Snooping VLAN Configuration” on page 3-40 IGMP Snooping Table Use the IGMP Snooping Table page to view all of the entries in the Multicast Forwarding Database that were created for IGMP snooping.
Page 101: Mfdb Table
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-21. IGMP Snooping Table Fields (continued) Field Description Type This displays the type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol.
Page 102 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 3-24 Table 3-22. MFDB Table Fields Field Description MAC Address The MAC Address to which the multicast MAC address is related. To search by MAC address, enter the address with the MFDB table entry you want displayed.
Page 103: Mfdb Statistics
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-22. MFDB Table Fields (continued) Field Description Interface The list of interfaces that are designated for forwarding (Fwd) and filtering (Flt) for the selected address. Forwarding Interfaces The resultant forwarding list is derived from combining all the forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces.
Page 104: Igmp Snooping Vlan Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-23. Multicast Forwarding Database Statistics Fields Field Description Max MFDB Table Entries Shows the maximum number of entries that the Multicast Forwarding Database table can hold. Most MFDB Entries Since The largest number of entries that have been present in the Multicast Last Reset Forwarding Database table since the system was last reset.
Page 105 GS716Tv2 and GS724Tv3 Software Administration Manual To access the IGMP Snooping VLAN Configuration page: 1. Click Switching Multicast  IGMP Snooping  IGMP Snooping VLAN Configuration in the navigation tree. Figure 3-26 Table 3-24. IGMP Snooping VLAN Configuration Fields Field Description VLAN ID List of VLAN IDs for which IGMP Snooping is enabled.
Page 106: Configuring Igmp Snooping Queriers
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-24. IGMP Snooping VLAN Configuration Fields (continued) Field Description Maximum Response Time Enter the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface.
Page 107: Igmp Snooping Querier Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual IGMP Snooping Querier Configuration Use this page to enable or disable the IGMP Snooping Querier feature, specify the IP address of the router to perform the querying, and configure the related parameters. To access this page: 1.
Page 108: Igmp Snooping Querier Vlan Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 4. If you configure an IGMP snooping querier, click Apply to apply the new settings to the switch.
Page 109: Igmp Snooping Querier Vlan Status
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-26. IGMP Snooping Querier VLAN Configuration Fields (continued) Field Description Querier Election Participate Enable or disable Querier Participate Mode. When this mode is Mode disabled, upon seeing another querier of same version in the VLAN, the snooping querier moves to non-querier state.
Page 110 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Switching Multicast  IGMP Snooping Querier  Querier VLAN Status in the navigation tree. Figure 3-29 Table 3-27. IGMP Snooping Querier VLAN Status Fields Field Description VLAN ID Specifies the VLAN ID on which the IGMP Snooping Querier is administratively enabled and for which VLAN exists in the VLAN database.
Page 111: Searching And Configuring The Forwarding Database
GS716Tv2 and GS724Tv3 Software Administration Manual Table 3-27. IGMP Snooping Querier VLAN Status Fields (continued) Field Description Last Querier Version Displays the IGMP protocol version of the last querier from which a query was snooped on the VLAN. Operational Max Response Displays the maximum response time to be used in the queries that are Time sent by the snooping querier.
Page 112 GS716Tv2 and GS724Tv3 Software Administration Manual • Interface: Select Interface from the menu, enter the interface ID in g1, g2... format, then, click Go. If any entries with learned on that interface exist, they are displayed. Figure 3-30 Table 3-28. MAC Address Table Fields Field Description VLAN ID...
Page 113: Dynamic Address Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual 4. Click Refresh to redisplay the page to show the latest MAC Addresses. 5. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. Dynamic Address Configuration Use the Advanced ...
Page 114: Mac Address Table
GS716Tv2 and GS724Tv3 Software Administration Manual Note: IEEE 802.1d recommends a default of 300 seconds, which is the factory default. 2. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 3.
Page 115 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 3-32 Table 3-30. MAC Address Table Fields Field Description VLAN ID The VLAN ID associated with the MAC Address. MAC Address A unicast MAC Address for which the switch has forwarding and/or filtering information. The MAC address is in the format of 6 two-digit hexadecimal numbers that are separated by colons.
Page 116: Static Mac Address
GS716Tv2 and GS724Tv3 Software Administration Manual 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. Static MAC Address Use the Static MAC Address Configuration page to view static MAC addresses configured on an interface.
Page 117 GS716Tv2 and GS724Tv3 Software Administration Manual 4. After you enter the MAC address and VLAN ID of the statically configured MAC address to delete, click Delete to remove the MAC address from the port and apply the new settings to the system.
Page 118 GS716Tv2 and GS724Tv3 Software Administration Manual 3-54 Configuring Switching Information v1.0, July 2009...
Page 119: Configuring Quality Of Service
Chapter 4 Configuring Quality of Service This section gives an overview of Quality of Service (QoS) and explains the QoS features available from the Quality of Service navigation tree menu. This section contains the following subsections: • “Configuring Class of Service” on page 4-1 In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network.
Page 120: Basic Cos Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual • “Interface Queue Configuration” on page 4-5 • “802.1p to Queue Mapping” on page 4-6 • “DSCP to Queue Mapping” on page 4-7 Basic CoS Configuration Use the Trust Mode Configuration page to set the class of service trust mode of an interface. Each port in the switch can be configured to trust one of the packet fields (802.1p or IP DSCP), or to not trust any packet’s priority designation (untrusted mode).
Page 121: Cos Interface Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 4-1. Basic CoS Configuration Fields Field Description Global Select the Global option to apply the same trust mode to all CoS configurable interfaces. Global Trust Mode Specifies whether or not all interfaces trust a particular packet marking when the packet enters the port.
Page 122 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 4-2 Table 4-2. Interface Configuration Fields Field Description Interface Indicates the interface to be affected by the Interface Shaping Rate. Select the check box in the heading row to apply a trust mode or rate to all interfaces.
Page 123: Interface Queue Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Interface Queue Configuration Use the Interface Queue Configuration page to define what a particular queue does by configuring switch egress queues. User-configurable parameters control the amount of bandwidth used by the queue, the queue depth during times of congestion, and the scheduling of packet transmission from the set of all queues on a port.
Page 124: 802.1P To Queue Mapping
GS716Tv2 and GS724Tv3 Software Administration Manual Table 4-3. Interface Queue Configuration Fields (continued) Field Description Minimum Bandwidth Enter a percentage of the maximum negotiated bandwidth for the selected queue on the interface. Specify a percentage from 0–100, in increments of 1. Scheduler Type Selects the type of queue processing from the drop down menu.
Page 125: Dscp To Queue Mapping
GS716Tv2 and GS724Tv3 Software Administration Manual Table 4-4. Current 802.1p Priority Mapping Table Fields Field Description Global Select the Global option to apply the same 802.1p priority mapping to all CoS configurable interfaces. Interface The menu contains all CoS configurable interfaces. Select an individual interface from the menu to override the global settings for 802.1p priority mapping on a per- interface basis.
Page 126 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click the QoS  CoS tab, and then click the Advanced  DSCP to Queue Mapping link. Figure 4-5 Table 4-5. IP DSCP Mapping Configuration Fields Field Description DSCP Lists the DSCP values to which you can map an internal traffic class. The values range from 0–63.
Page 127: Managing Device Security
Chapter 5 Managing Device Security Use the features available from the Security tab to set management security parameters for port, user, and server security. The Security folder contains links to the following features: • “Management Security Settings” • “Configuring Management Access” •...
Page 128: Change Password
GS716Tv2 and GS724Tv3 Software Administration Manual Change Password Use the page to change the login password. To display the page: 1. Click Security  Management Security  User Configuration  Change Password in the navigation tree. Figure 5-1 Table 5-1. User Accounts Fields Field Description Old Password...
Page 129: Radius Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual RADIUS Configuration RADIUS servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information. RADIUS servers provide a centralized authentication method for: • Web Access • Access Control Port (802.1X) The RADIUS folder contains links to the following features: •...
Page 130 GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-2. RADIUS Configuration Fields Field Description Current Server IP Address Shows the IP address of the current server. This field is blank if no servers are configured. If more than one RADIUS servers are configured, the current server is the server configured as the primary server.
Page 131 GS716Tv2 and GS724Tv3 Software Administration Manual Server Configuration Use the RADIUS Server Configuration page to view and configure various settings for the current RADIUS server configured on the system. To access the RADIUS Server Configuration page: 1. Click Security  Management Security, and then click the RADIUS  Server Configuration link.
Page 132 GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-3. RADIUS Server Configuration Fields (continued) Field Description Active Sets the selected server to the Primary or Secondary server. Message Authenticator Enable or disable the message authenticator attribute for the selected server. 2. Click Refresh to update the page with the most current information. 3.
Page 133 GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-4. RADIUS Server Statistics Fields (continued) Field Description Bad Authenticators The number of RADIUS Access-Response packets containing invalid authenticators or signature attributes received from this server. Pending Requests The number of RADIUS Access-Request packets destined for this server that have not yet timed out or received a response.
Page 134 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Security  Management Security, and then click the RADIUS  Accounting Server Configuration in the navigation tree. Figure 5-4 Table 5-5. RADIUS Accounting Server Configuration Fields Field Description Accounting Server Address Enter the IP address of the RADIUS accounting server to add. Port Identifies the authentication port the server uses to verify the RADIUS accounting server authentication.
Page 135 GS716Tv2 and GS724Tv3 Software Administration Manual To add a RADIUS Accounting server: 1. Enter information about the server into the appropriate fields and click Apply. Table 5-6. RADIUS Accounting Server Fields Field Description Accounting Server Address Displays the IP address of the supported RADIUS accounting server. Round Trip Time (secs) Displays the time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched...
Page 136: Configuring Tacacs
GS716Tv2 and GS724Tv3 Software Administration Manual Configuring TACACS+ TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services: • Authentication: Provides authentication during login and via user names and user-defined passwords.
Page 137 GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-7. TACACS+ Configuration Fields Field Description Key String Specifies the authentication and encryption key for TACACS+ communications between the device and the TACACS+ server. The valid range is 0–128 characters. The key must match the key configured on the TACACS+ server.
Page 138 GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-8. TACACS+ Configuration Fields Field Description TACACS+ Server Use the list to select the IP address of the TACACS+ server to view or configure. If fewer than five TACACS+ servers are configured on the system, the Add option is also available.
Page 139: Authentication List Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual 2. If you make changes to the page, or add a new entry, click Apply to apply the changes to the system. 3. To delete a configured TACACS+ server, select the IP address of the server from the TACACS+ Server IP Address drop down menu, and then click Delete.
Page 140 GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-10. Authentication Profile Fields Field Description List Name The switch supports a single list named defaultList. You can change the authentication methods for this list, but you cannot change the list name. To change the authentication method for the defaultList, select the check box next to the defaultList name and use the drop down menus.
Page 141: Configuring Management Access
GS716Tv2 and GS724Tv3 Software Administration Manual Configuring Management Access From the Access page, you can configure HTTP and Secure HTTP access to the GS716T and GS724T. You can also configure Access Control Profiles and Access Rules. The Security  Access tab contains the following folders: •...
Page 142: Secure Http Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-11. HTTP Configuration Fields Field Description Java Mode This select field is used to Enable or Disable the Web Java Mode. This applies to both secure and un-secure HTTP connections. The currently configured value is shown when the Web page is displayed. The default value is Enable.
Page 143 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 5-10 Table 5-12. Secure HTTP Configuration Fields Field Description HTTPS Admin Mode Enables or Disables the Administrative Mode of Secure HTTP. The currently configured value is shown when the Web page is displayed. The default value is Disable.
Page 144: Certificate Download
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-12. Secure HTTP Configuration Fields (continued) Field Description HTTPS Session Hard Sets the hard timeout for HTTPS sessions. This timeout is unaffected Timeout by the activity level of the session. The value must be in the range of (1– 168) hours.
Page 145: Access Profile Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-13. Certificate Download Fields Field Description File Type Select the type of SSL certificate to download, which can be one of the following: • SSL Trusted Root Certificate PEM File: SSL Trusted Root Certificate File (PEM Encoded).
Page 146 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Security  Access, and then click the Access Control  Access Profile Configuration link. Figure 5-12 Table 5-14. Access Profile Configuration Fields Field Description Access Profile Name Enter the name of the access profile to be added. Maximum length is 32 characters.
Page 147: Access Rule Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-15. Profile Summary Fields (continued) Field Description Source IP Address Shows the IP Address of the client that may or may not originate management traffic. Mask Shows the subnet mask associated with the IP address. Priority Shows the priority of the rule.
Page 148: Port Authentication
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-16. Access Rule Configuration Fields Field Description Rule Type Select Permit to allow access to the switch administrative pages for traffic that meets the criteria you configure for the rule. Any traffic that does not meet the rules is denied.
Page 149: 802.1X Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual The 802.1X network has three components: • Authenticators: Specifies the port that is authenticated before permitting system access. • Supplicants: Specifies the host connected to the authenticated port requesting access to the system services. •...
Page 150: Port Authentication
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-17. Port Access Control—Port Configuration Fields Field Description Port Based Authentication Select Enable or Disable 802.1X administrative mode on the switch. State The default is Disable. This feature permits port-based authentication on the switch. Guest VLAN Select to Enable or Disable Guest VLAN Supplicant Mode.
Page 151 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 5-15 Figure 5-16 Managing Device Security 5-25 v1.0, July 2009...
Page 152 GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-18. Port Authentication Port Configuration Fields Field Description Port Selects the Port to configure. Port Control Defines the port authorization state. The control mode is only set if the link status of the port is link up. The possible field values are: •...
Page 153 GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-18. Port Authentication Port Configuration Fields (continued) Field Description Max EAP Requests This input field allows you to enter the maximum requests for the selected port. The maximum requests value is the maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request/Identity before timing out the supplicant.
Page 154: Port Summary
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-18. Port Authentication Port Configuration Fields (continued) Field Description Backend State This field displays the current state of the backend authentication state machine. Possible values are as follows: • Request • Response • Success •...
Page 155 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Security  Port Authentication  Advanced  Port Summary in the navigation menu. Figure 5-17 Table 5-19. Port Summary Fields Field Description Port The port whose settings are displayed in the current table row. Control Mode Defines the port authorization state.
Page 156: Traffic Control
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-19. Port Summary Fields (continued) Field Description Reauthentication Enabled Displays if reauthentication is enabled on the selected port. This is a configurable field. The possible values are 'true' and 'false'. If the value is 'true' reauthentication will occur.
Page 157: Mac Filter
GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Security  Traffic Control, and then click the MAC Filter  MAC Filter Configuration link. Figure 5-18 Table 5-20. Switch Configuration Fields Field Description MAC Filter This is the list of MAC address and VLAN ID pairings for all configured filters. To change the port mask(s) for an existing filter, select the entry you want to change.
Page 158: Mac Filter Summary
GS716Tv2 and GS724Tv3 Software Administration Manual 2. To delete a configured MAC Filter, select it from the menu, and then click Delete. 3. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 159: Storm Control
GS716Tv2 and GS724Tv3 Software Administration Manual Storm Control A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses can overload network resources and/or cause the network to time out. The switch measures the incoming broadcast/multicast/unknown unicast packet rate per port and discards packets when the rate exceeds the defined value.
Page 160: Port Security Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-22. Storm Control Fields Field Description Ingress Control Select the mode of broadcast affected by storm control. Mode • Disable — Do not use storm control. • Unknown Unicast — If the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 161: Port Security Interface Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Figure 5-21 Table 5-24. Port Security Configuration Fields Field Description Port Security Mode Enable or Disable the port security feature. Table 5-25. Port Security Violation Fields Field Description Port Identifies the port where a violation occurred. Last Violation MAC Displays the source MAC address of the last packet that was discarded at a locked port.
Page 162 GS716Tv2 and GS724Tv3 Software Administration Manual Dynamic locking implements a ‘first arrival’ mechanism for Port Security. You specify how many addresses can be learned on the locked port. If the limit has not been reached, then a packet with an unknown source MAC address is learned and forwarded normally.
Page 163: Security Mac Address
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-26. Port Security Configuration Fields (continued) Field Description Max Allowed Sets the maximum number of dynamically learned MAC addresses on the Dynamically selected interface. Valid range is 0–600. Learned MAC Max Allowed Sets the maximum number of statically locked MAC addresses on the selected Statically Locked interface.
Page 164: Protected Ports Membership
GS716Tv2 and GS724Tv3 Software Administration Manual Figure 5-23 Table 5-27. Port Security Settings Fields Field Description Convert Dynamic Select the check box to convert a dynamically learned MAC address to a Address to Static statically locked address. The Dynamic MAC Address entries are converted to Static MAC address entries in a numerically ascending order until the Static limit is reached.
Page 165: Configuring Access Control Lists
GS716Tv2 and GS724Tv3 Software Administration Manual To display the Protected Ports Membership page: 1. Click the Security  Traffic Control  Protected Ports link. Figure 5-24 Table 5-29. Protected Ports Membership Fields Field Description Protected Port(s) The selection list consists of physical ports, protected as well as unprotected. The protected ports are highlighted to differentiate between them.
Page 166: Mac Acl
GS716Tv2 and GS724Tv3 Software Administration Manual You first create an IPv4-based or MAC-based ACL ID. Then, you create a rule and assign it to a unique ACL ID. Next, you define the rules, which can identify protocols, source, and destination IP and MAC addresses, and other packet-matching criteria.
Page 167 GS716Tv2 and GS724Tv3 Software Administration Manual To display the MAC ACL page: 1. Click Security  ACL. The MAC ACL page is under the Basic link. Figure 5-25 The MAC ACL table shows the number of ACLs currently configured in the switch and the maximum number of ACLs that can be configured.
Page 168: Mac Rules
GS716Tv2 and GS724Tv3 Software Administration Manual MAC Rules Use the MAC Rules page to define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default 'deny all' rule is the last rule of every list. To display the MAC Rules page: 1.
Page 169 GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-31. MAC ACL Rule Configuration Fields (continued) Field Description Assign Queue Specifies the hardware egress queue identifier used to handle all packets matching this ACL rule. Enter an identifying number from 0–3 in this field.
Page 170: Mac Binding Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual 3. To delete a rule, select the check box associated with the rule and click Delete. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 171: Mac Binding Table
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-32. MAC ACL Rule Configuration Fields Field Description ACL ID Select an existing MAC ACL. Direction Specifies the packet filtering direction for ACL. The only valid direction is Inbound, which means the MAC ACL rules are applied to traffic entering the port.
Page 172 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Security  ACL, then click the Basic  Binding Table link. Figure 5-28 Table 5-33. MAC ACL Rule Configuration Fields Field Description Interface Shows the interface to which the MAC ACL is bound. Direction Specifies the packet filtering direction for ACL.
Page 173: Ip Acl
GS716Tv2 and GS724Tv3 Software Administration Manual IP ACL IP ACLs allow network managers to define classification actions and rules for specific ingress ports. Packets can be filtered on ingress (inbound) ports only. If the filter rules match, then some actions can be taken, including dropping the packet or disabling the port. For example, a network administrator defines an ACL rule that says port number 20 can receive TCP packets.
Page 174: Ip Rules
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-34. IP ACL Configuration Fields Field Description IP ACL Enter an ACL ID. The ID is an integer in the following range: • 1–99: Creates an IP Standard ACL, which allows you to permit or deny traffic from a source IP address.
Page 175 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Security  ACL, then click the Advanced  IP Rules link. Figure 5-30 2. To add an IP ACL rule, select the ACL ID to add the rule to, complete the fields in the Basic ACL Rule Table and then click Add.
Page 176: Ip Extended Rule
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-35. IP ACL Rule Configuration Fields (continued) Field Description Action Selects the ACL forwarding action, which is one of the following: • Permit — Forwards packets which meet the ACL criteria. • Deny — Drops packets which meet the ACL criteria. Assign Queue ID Specifies the hardware egress queue identifier used to handle all packets matching this ACL rule.
Page 177 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Security  ACL, then click the Advanced  IP Extended Rules link. Figure 5-31 2. To add an IP ACL rule, select the ACL ID to add the rule to, and then click Add. The Extended ACL Rules configuration page displays as shown in Figure 5-32 on page 5-52.
Page 178 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 5-32 Table 5-36. IP ACL Rule Configuration Fields Field Description ACL ID Identifies the ACL to which the rule is being added. Rule ID Enter a whole number in the range 1–10 that will be used to identify the rule.
Page 179 GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-36. IP ACL Rule Configuration Fields (continued) Field Description Src IP Address Requires a packet’s source port IP address to match the address listed here. Enter an IP Address in the appropriate field using dotted-decimal notation.
Page 180: Ip Binding Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-36. IP ACL Rule Configuration Fields (continued) Field Description Dst L4 Port Requires a packet’s TCP/UDP destination port to match the port listed here. Complete one of the following fields: • Destination L4 Keyword: Select the desired L4 keyword from a list of destination ports on which the rule can be based.
Page 181 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 5-33 Table 5-37. IP ACL Binding Configuration Fields Field Description ACL ID Select an existing IP ACL. Direction Specifies the packet filtering direction for ACL. The only valid direction is Inbound, which means the IP ACL rules are applied to traffic entering the port.
Page 182: Ip Binding Table
GS716Tv2 and GS724Tv3 Software Administration Manual IP Binding Table Use the IP Binding Table page to view or delete the IP ACL bindings. To display the IP Binding Table: 1. Click Security  ACL, then click the Advanced  Binding Table link. Figure 5-34 Table 5-38.
Page 183: Monitoring The System
Chapter 6 Monitoring the System Use the features available from the Monitoring tab to view a variety of information about the switch and its ports and to configure how the switch monitors events. The Monitoring tab contains links to the following features: •...
Page 184 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 6-1 Table 6-1. Switch Statistics Fields Field Description ifIndex This object indicates the ifIndex of the interface table entry associated with the processor of this switch. Octets Received The total number of octets of data received by the processor (excluding framing bits, but including FCS octets).
Page 185 GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-1. Switch Statistics Fields (continued) Field Description Octets Transmitted The total number of octets transmitted out of the interface, including framing characters. Packets Transmitted The total number of packets transmitted out of the interface. Without Errors Unicast Packets The total number of packets that higher level protocols requested be...
Page 186: Port Statistics
GS716Tv2 and GS724Tv3 Software Administration Manual Viewing Port Statistics The pages in the Ports folder contain a variety of information about the number and type of traffic transmitted from and received on the switch. • “Port Statistics” on page 6-4 •...
Page 187: Port Detailed Statistics
GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-2. Port Statistics Fields Field Description Interface Lists the ports on the system. Total Packets Received The total number of packets received that were without errors. Without Errors Packets Received With The number of inbound packets that contained errors preventing them Error from being deliverable to a higher-layer protocol.
Page 188 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 6-3 Table 6-3. Port Detailed Statistics Fields Field Description Interface Use the drop down menu to select the interface for which data is to be displayed or configured. MST ID Displays the created or existing MSTs. ifIndex This field indicates the ifIndex of the interface table entry associated with this port on an adapter.
Page 189 GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Port Channel ID If the port is a member of a port channel, the port channel's interface ID and name are shown. Otherwise, Disable is shown. Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree.
Page 190 GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Packets RX and TX 64 The total number of packets (including bad packets) received or Octets transmitted that were 64 octets in length (excluding framing bits but including FCS octets).
Page 191 GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Packets Received 512-1023 The total number of packets (including bad packets) received that were Octets between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).
Page 192 GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Rx FCS Errors The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with an integral number of octets Overruns...
Page 193 GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Packets Transmitted 128- The total number of packets (including bad packets) transmitted that 255 Octets were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets).
Page 194: Eap Statistics
GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-3. Port Detailed Statistics Fields (continued) Field Description Single Collision Frames A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision. Multiple Collision Frames A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision.
Page 195 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 6-4 Table 6-4. EAP Statistics Fields Field Description Ports Specifies the interface which is polled for statistics. Frames Received Displays the number of valid EAPOL frames received on the port. Frames Transmitted Displays the number of EAPOL frames transmitted through the port. Start Frames Received Displays the number of EAPOL Start frames received on the port.
Page 196: Managing Logs
GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-4. EAP Statistics Fields (continued) Field Description Request/ID Frames Displays the number of EAP Requested ID frames transmitted Transmitted through the port. Request Frames Transmitted Displays the number of EAP Request frames transmitted through the port.
Page 197 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 6-5 Table 6-5. Memory Log Configuration Fields Field Description Admin Status Determines whether to log messages. • Enable: Enables system logging. • Disable: Prevents the system from logging messages. Behavior Indicates the behavior of the log when it is full. •...
Page 198: Flash Log Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual The rest of the page displays the Memory Log messages. The following example applies to the format of all logged messages which are displayed for the message log, persistent log, or console log. Messages logged to a collector or relay via syslog have an identical format of either type. <15>Aug 24 05:34:05 STK0 MSTP[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on message age timer expiry The example log message above indicates a message with severity 7(15 mod 8) (debug).
Page 199 GS716Tv2 and GS724Tv3 Software Administration Manual • The second log type is the system operation log. The system operation log stores the last N messages received during system operation. This log always has the log full operation attribute set to overwrite. This log can store up to 1000 messages. Either the system startup log or the system operation log stores a message received by the log subsystem that meets the storage criteria, but not both.
Page 200 GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-7. FLASH Log Configuration Fields Field Description Admin Status Enable or disable logging by selecting the corresponding check box. The default is Disable. • Enable: A log that is ‘Enabled’ logs messages. • Disable: A log that is ‘Disabled’ does not log messages. Severity Filter A log records messages equal to or above a configured severity threshold.
Page 201: Server Log Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Server Log Configuration Use the Server Log Configuration page to allow the switch to send log messages to the remote logging hosts configured on the system. To access the Server Log Configuration page: 1. Click the Monitoring  Logs tab, and then click the Server Log link. Figure 6-7 Table 6-9.
Page 202 GS716Tv2 and GS724Tv3 Software Administration Manual The Server Log Configuration page also contains the Server Configuration table. Table 6-10. Host Configuration Fields Field Description Host Address Enter the IP address of the host configured for syslog. Status Shows whether the remote logging host is currently active. Port Identifies the port on the host to which syslog messages are sent.
Page 203: Trap Logs
GS716Tv2 and GS724Tv3 Software Administration Manual Trap Logs Use the Trap Logs page to view information about the SNMP traps generated on the switch. To access the Trap Logs page: 1. Click the Monitoring  Logs tab, and then click the Trap Logs link. Figure 6-8 Table 6-11.
Page 204: Event Logs
GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-12. Trap Logs Field Description The sequence number of this trap. System Up Time The time at which this trap occurred, expressed in days, hours, minutes and seconds since the last reboot of the switch. Trap Information identifying the trap.
Page 205: Configuring Port Mirroring
GS716Tv2 and GS724Tv3 Software Administration Manual Table 6-13. Event Log Fields Field Description Entry The number of the entry within the event log. The most recent entry is first. Type Specifies the type of entry. Filename The GS716T/GS724T source code filename identifying the code that detected the event.
Page 206 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Monitoring  Port Mirroring in the navigation menu. Figure 6-10 Table 6-14. Multiple Port Mirroring Fields Field Description Source Port Lists all the ports on the system. Select the check box next to a port to configure it as a source port.
Page 207: Maintenance
Chapter 7 Maintenance The Maintenance tab contains links to the following pages that help you manage the switch: • “Reset” on page 7-1 • “Upload File From Switch” on page 7-3 • “Download File To Switch” on page 7-5 • “File Management”...
Page 208: Reset Configuration To Defaults
GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Maintenance  Reset  Device Reboot in the navigation tree. Figure 7-1 2. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 3.
Page 209: Upload File From Switch
GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Maintenance  Reset  Factory Default in the navigation tree. Figure 7-2 2. Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch.
Page 210 GS716Tv2 and GS724Tv3 Software Administration Manual To display the File Upload page: 1. Click Maintenance  Upload  File Upload in the navigation tree. Figure 7-3 Table 7-1. Upload File from Switch Fields Field Description File Type Specify the type of file you want to upload: •...
Page 211: Uploading Files
GS716Tv2 and GS724Tv3 Software Administration Manual Table 7-1. Upload File from Switch Fields (continued) Field Description Transfer File Path Enter the path on the TFTP server where you want to put the file. You may enter up to 32 characters. A file name with a space is not accepted. The factory default is blank.
Page 212: Tftp File Download
GS716Tv2 and GS724Tv3 Software Administration Manual TFTP File Download Use the Download File to Switch page to download device software, the image file, the configuration files and SSL files from a TFTP server to the switch. You can also download files via HTTP. See “HTTP File Download”...
Page 213 GS716Tv2 and GS724Tv3 Software Administration Manual Table 7-2. Download File to Switch Fields Field Description File Type Specify what type of file you want to download to the switch: • Code: The code is the system software image, which is saved in one of two flash sectors called images (image1 and image2).
Page 214: Http File Download
GS716Tv2 and GS724Tv3 Software Administration Manual Downloading a File to the Switch Before you download a file to the switch, the following conditions must be true: • The file to download from the TFTP server is on the server in the appropriate directory. •...
Page 215 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Maintenance  Download  HTTP File Download in the navigation menu. Figure 7-5 Table 7-3. HTTP File Download Fields Field Description File Type Specify the type of file you want to download: •...
Page 216: File Management
GS716Tv2 and GS724Tv3 Software Administration Manual Note: After a file transfer is started, please wait until the page refreshes. When the page refreshes, the “Select File” option will be blanked out. This indicates that the file transfer is done. File Management The system maintains two versions of the GS716T/GS724T software in permanent storage.
Page 217 GS716Tv2 and GS724Tv3 Software Administration Manual 1. Click Maintenance  File Management  Dual Image  Dual Image Configuration in the navigation menu. Figure 7-6 The Active Image page contains the following fields: Table 7-4. Dual Image Configuration Fields Field Description Image Name Select image1 or image2 from the drop down menu to display or configure...
Page 218: Viewing The Dual Image Status
GS716Tv2 and GS724Tv3 Software Administration Manual 6. Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch. 7. Click Apply to update the image description on the switch. Viewing the Dual Image Status You can use the Dual Image Status page to view information about the system images on the device.
Page 219: Troubleshooting
GS716Tv2 and GS724Tv3 Software Administration Manual Table 7-5. Dual Image Status Fields (continued) Field Description Image2 Description Displays the description associated with the image2 code file. 2. Click Refresh to display the latest information from the router. 3. For information about how to update or change the system images, see “File Management”...
Page 220: Traceroute
GS716Tv2 and GS724Tv3 Software Administration Manual Table 7-6. Ping Fields Field Description IP Address Specify the IP address. Count Specify the number of pings to send. The valid range is 1–15. Interval Specify the number of seconds between pings sent. The valid range is 1–60.
Page 221 GS716Tv2 and GS724Tv3 Software Administration Manual Figure 7-9 Table 7-7. TraceRoute Fields Field Definition IP Address Specify the IP address. Probes Per Hop Enter the number of times each hop should be probed. The valid range is 1–10. MaxTTL Enter the maximum time-to-live for a packet in number of hops. The valid range is 1–255.
Page 222 GS716Tv2 and GS724Tv3 Software Administration Manual 7-16 Maintenance v1.0, July 2009...
Page 223: Hardware Specifications And Default Values
Appendix A Hardware Specifications and Default Values GS7xxT Gigabit Smart Switch Specifications The GS7xxT Gigabit Smart Switch conforms to the TCP/IP, UDP, HTTP, ICMP, TFTP, DHCP, IEEE 802.1D, IEEE 802.1p, and IEEE 802.1Q standards. Table A-1. GS7xxT Gigabit Smart Switch Specifications Feature Value Interfaces...
Page 224: Gs7Xxtr Gigabit Smart Switch Features And Defaults
GS716Tv2 and GS724Tv3 Software Administration Manual GS7xxTR Gigabit Smart Switch Features and Defaults Table A-3. Port Characteristics Feature Sets Supported Default Auto negotiation/static speed/ 16 on GS716T/ Auto negotiation duplex 24 on GS724T (per port) Auto MDI/MDIX Enabled 802.3x flow control/back 1 (per system) Disabled pressure...
Page 225 GS716Tv2 and GS724Tv3 Software Administration Manual Table A-5. Security Feature Sets Supported Default 802.1x 16 on GS716T/ Disabled 24 on GS724T (per port) MAC ACL 100 (Shared with IP ACL) All MAC addresses allowed IP access list 100 (shared with MACACL) All IP addresses allowed Password control access Idle timeout = 5 mins.
Page 226 GS716Tv2 and GS724Tv3 Software Administration Manual Table A-8. Other Features Feature Sets Supported Default IGMP snooping v1/v2 16 on GS716T/ Disabled 24 on GS724T (per port) Configurations upload/download EAPoL flooding 16 on GS716T/ Disabled 24 on GS724T (per port) BPDU flooding 16 on GS716T/ Disabled 24 on GS724T (per port)
Page 227: Appendix B Configuration Examples
Appendix B Configuration Examples This chapter contains information about how to configure the following features: • “Virtual Local Area Networks (VLANs)” on page B-1 • “Access Control Lists (ACLs)” on page B-4 • “Access Control Lists (ACLs)” on page B-4 •...
Page 228: Vlan Example Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual VLANs have a number of advantages: • It is easy to do network segmentation. Users that communicate most frequently with each other can be grouped into common VLANs, regardless of physical location. Each group’s traffic is contained largely within the VLAN, reducing extraneous traffic and improving the efficiency of the whole network.
Page 229 GS716Tv2 and GS724Tv3 Software Administration Manual In this example, you create two new VLANs, change the port membership for default VLAN 1, and assign port members to the two new VLANs: 1. In the Basic VLAN Configuration screen (see “VLAN Configuration” on page 3-10), create the following VLANs: •...
Page 230: Access Control Lists (Acls
GS716Tv2 and GS724Tv3 Software Administration Manual Access Control Lists (ACLs) ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and provide security for the network.
Page 231: Mac Acl Example Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual 1. Create an access list definition. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Additionally, you can assign traffic that matches the criteria to a particular queue or redirect the traffic to a particular port. A default deny all rule is the last rule of every list.
Page 232: Standard Ip Acl Example Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual 3. From the MAC Binding Configuration screen, assign the Sales_ACL to the interface gigabit ports 6, 7, 8, 9, and 10, and then click Apply (See “MAC Binding Configuration” on page 5-44). Figure B-1 You can assign an optional sequence number to indicate the order of this access list relative to other access lists if any are already assigned to this interface and direction.
Page 233 GS716Tv2 and GS724Tv3 Software Administration Manual 1. From the IP ACL screen, create a new IP ACL with an IP ACL ID of 1 (See “IP ACL” on page 5-47). 2. From the IP Rules screen, create a rule for IP ACL 1 with the following settings: •...
Page 234 GS716Tv2 and GS724Tv3 Software Administration Manual The IP ACL in this example matches all packets with the source IP address and subnet mask of the Finance department's network and deny it on the Ethernet interfaces 14, 15, 16, 17, 18, 19, and 20 of the switch.
Page 235 GS716Tv2 and GS724Tv3 Software Administration Manual The ports of an 802.1X authenticator switch provide the means in which it can offer services to other systems reachable via the LAN. Port-based network access control allows the operation of a switch’s ports to be controlled in order to ensure that access to its services is only permitted by systems that are authorized to do so.
Page 236: 802.1X Example Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual Authenticator Supplicant Switch Authentication Server (RADIUS) 192.168.10.23 Supplicant Figure B-2 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (g21–g24). These ports are available to visitors and need to be authenticated before granting access to the network.
Page 237: Mstp
GS716Tv2 and GS724Tv3 Software Administration Manual This example uses the default values for the port authentication settings, but there are several additional settings that you can configure. For example, the EAPOL Flood Mode field allows you to enable the forwarding of EAPoL frames when 802.1X is disabled on the device. 6.
Page 238 GS716Tv2 and GS724Tv3 Software Administration Manual The MSTP algorithm and protocol provides simple and full connectivity for frames assigned to any given VLAN throughout a Bridged LAN comprising arbitrarily interconnected networking devices, each operating MSTP, STP or RSTP. MSTP allows frames assigned to different VLANs to follow separate paths, each based on an independent Multiple Spanning Tree Instance (MSTI), within Multiple Spanning Tree (MST) Regions composed of LANs and or MSTP Bridges.
Page 239: Mstp Example Configuration
GS716Tv2 and GS724Tv3 Software Administration Manual To support multiple spanning trees, a MSTP bridge has to be configured with an unambiguous assignment of VLAN IDs (VIDs) to spanning trees. This is achieved by: 1. Ensuring that the allocation of VIDs to FIDs is unambiguous. 2.
Page 240 GS716Tv2 and GS724Tv3 Software Administration Manual Ports g1-g5 Ports g1-g5 Connected to Hosts Connected to Hosts Ports g6-g10 Connected to Switch 2 and 3 Ports g6-g10 Switch 1 Connected to Root Bridge Switch 1 and 3 Switch 2 Ports g6-g10 Connected to Switch 1 and 2 Switch 3 Ports g1-g5...
Page 241 GS716Tv2 and GS724Tv3 Software Administration Manual Note: Bridge priority values are multiples of 4096. If you do not specify a root bridge and all switches have the same Bridge Priority value, the switch with the lowest MAC address is elected as the root bridge (see “CST Configuration”...
Page 242 GS716Tv2 and GS724Tv3 Software Administration Manual also have hosts in the Sales and HR departments. The hosts connected from Switch 2 use VLAN 500, MST instance 2 to communicate with the hosts on Switch 3 directly. Likewise, hosts of Switch 1 use VLAN 300, MST instance 1 to communicate with the hosts on Switch 3 directly. The hosts use different instances of MSTP to effectively use the links across the switch.
Page 243: Index
GS716Tv2 and GS724Tv3 Software Administration Manual Index Port VLAN ID 3-14 Alert 6-18 6-20 RADIUS authentication Global enable 1-15 Secure HTTP 5-16 SNMP v3 User 2-21 Certificate 5-18 SNTP Server 2-10 Changing the password Standard IP ACL Example Configuration 3-16 802.1X 5-23 TACACS+...
Page 244 GS716Tv2 and GS724Tv3 Software Administration Manual Dual Image Status Interface Queue Configuration 7-12 IP DSCP Mapping 6-12 ipaddr 1-15 EAPOL 6-13 Emergency 6-18 6-20 Error LACP 6-18 6-20 Port Configuration System Priority file management 7-10 LAG interface firmware LAG VLAN upgrade LAGPDUs LAGs...
Page 245 GS716Tv2 and GS724Tv3 Software Administration Manual Utilities utility password SNMP change using 1-14 login V1/V2 2-16 2-21 reset SNTP Ping 7-13 Global Status port Server Configuration 2-10 authentication 5-22 Server Status 2-11 summary 5-28 Specifications Profiles 5-13 5-16 status HTML pages 1-11 storm control 5-33...
Page 246 GS716Tv2 and GS724Tv3 Software Administration Manual Local upload configuration Zone VLAN 3-10 Time Zone 3-10 TraceRoute 7-14 managing 3-10 Traffic Control 5-30 Port VLAN ID 3-14 Trap Flags 2-20 Warning 6-18 6-20 Manager 2-20 Web interface panel 1-11 Unicast upload a file Index-4 v1.0, July 2009...

This manual is also suitable for:

Gs716tv2

NETGEAR GS724Tv3 - ProSafe Gigabit Managed Switch Admin Manual

About this Manual

Chapter 1 Getting Started

Chapter 2 Configuring System Information

Chapter 3 Configuring Switching Information

Chapter 4 Configuring Quality of Service

Chapter 5 Managing Device Security

Figure

Chapter 6 Monitoring the System

Chapter 7 Maintenance

Appendix A Hardware Specifications and Default Values

Appendix B Configuration Examples

Index

Quick Links

Need help?

Questions and answers

Related Manuals for NETGEAR GS724Tv3 - ProSafe Gigabit Managed Switch

Summary of Contents for NETGEAR GS724Tv3 - ProSafe Gigabit Managed Switch