User Manual
Table Of Contents
- 24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports and Cloud Management
- Contents
- 1 Get Started
- Available publications
- Switch management options and default management mode
- Manage the switch by using the device UI
- About on-network and off-network access
- Access the switch on-network and connected to the Internet
- Use a Windows-based computer to access the switch on-network and connected to the Internet
- Use the NETGEAR Insight mobile app to discover the IP address of the switch
- Use the NETGEAR Switch Discovery Tool to discover the switch when it is connected to the Internet
- Discover the switch in a network with a DHCP server using the Smart Control Center
- Use other options to discover the switch IP address
- Access the switch on-network and connected to the Internet when you know the switch IP address
- Access the switch off-network and not connected to the Internet
- Credentials for the device UI
- Register the switch
- Change the language of the device UI
- Change the management mode of the switch
- Use the Device View of the device UI
- Configure interface settings
- Access the NETGEAR support website
- Access the user manual online
- 2 Configure System Information
- View or define switch system information
- Configure the switch IP address settings
- Configure the IPv6 network interface
- Configure the time settings
- Configure Denial of Service settings
- Configure the DNS settings
- Configure Green Ethernet settings
- Manage switch discovery with UPnP and SSDP
- Use the Device View
- Configure Power over Ethernet
- Configure SNMP
- Configure LLDP
- Configure DHCP snooping
- Set up PoE timer schedules
- 3 Configure Switching
- Configure the port settings and maximum frame size
- Configure link aggregation groups
- Configure VLANs
- Configure a voice VLAN
- Configure Auto-VoIP
- Configure Spanning Tree Protocol
- Configure multicast
- Manage IGMP snooping
- Configure IGMP snooping
- Configure IGMP snooping for interfaces
- View, search, or clear the IGMP snooping table
- Configure IGMP snooping for VLANs
- Modify IGMP snooping settings for a VLAN
- Disable IGMP snooping on a VLAN
- Configure one or more IGMP multicast router interfaces
- Configure an IGMP multicast router VLAN
- IGMP snooping querier overview
- Configure an IGMP snooping querier
- Configure an IGMP snooping querier for a VLAN
- Display the status of the IGMP snooping querier for VLANs
- View, search, and manage the MAC address table
- Configure Layer 2 loop protection
- 4 Configure Quality of Service
- 5 Manage Device Security
- Change the device admin password for the device UI
- Manage the RADIUS settings
- Configure the TACACS+ settings
- Manage the Smart Control Center
- Configure management access
- Control access with profiles and rules
- Configure port authentication
- Set up traffic control
- Configure access control lists
- Use the ACL Wizard to create a simple ACL
- Configure a MAC ACL
- Configure MAC ACL rules
- Configure MAC bindings
- View or delete MAC ACL bindings in the MAC binding table
- Configure a basic or extended IPv4 ACL
- Configure rules for a basic IPv4 ACL
- Configure rules for an extended IPv4 ACL
- Configure an IPv6 ACL
- Configure rules for an IPv6 ACL
- Configure IP ACL interface bindings
- View or delete IP ACL bindings in the IP ACL binding table
- Configure VLAN ACL bindings
- 6 Monitor the System
- 7 Maintain or Troubleshoot the Switch
- A Configuration Examples
- B Specifications and Default Settings
24-Port Gigabit (Hi-Power) PoE+ Ethernet Smart Managed Pro Switch with 2 SFP Ports
Manage Device Security User Manual279
• MAB. Specify whether to enable or disable MAC-based Authentication Bypass (MAB)
for 802.1x-unaware clients at the specified port. MAB only functions if the port control
mode is MAC-based. By default, MAB is disabled.
• Guest VLAN ID. Specify the VLAN ID for the guest VLAN.
The range is from 0 to
4093.
The default value is 0. Enter 0 to reset the guest VLAN ID on the interface. The
guest VLAN allows the port to provide a distinguished service to unauthenticated
users, after three authentication failures. This feature provides a mechanism to allow
users access to hosts on the guest VLAN.
• Guest VLAN Period. Specify the time in seconds that the selected port remains in
the quiet state following a failed authentication exchange.
The
guest VLAN time-out
must be a value in the range from 1 to 300. The default value is 90 seconds.
• Unauthenticated VLAN ID. Specify
the VLAN ID of the unauthenticated VLAN for the
selected port. The range is from 0 to 4093. The default value is 0. Hosts that fail the
authentication might be denied access to the network or placed on a VLAN created
for unauthenticated clients. This VLAN might be configured with limited network
access.
• Periodic Reauthentication. Select Enable to allow periodic reauthentication of the
supplicant for the specified port. If you select Disable, connected clients are not
forced to reauthenticate periodically
.
The default is Disable.
• Reauthentication Period. Specify
the time in seconds after which reauthentication of
the supplicant occurs. The reauthentication period must be a value in the range from
1 to 65535. The default value is 3600 seconds.
• Quiet Period. Specify the time in seconds that the port remains in the quiet state
following a failed authentication exchange. While in the quite state, the port does not
attempt to acquire a supplicant. The quite state period must be
a value in the range
from 0 to 65535. A value of 0 means that the port remains in the quiet state and never
attempts to acquire a supplicant. The default value is 60 seconds.
• Resending EAP. Specify the EAP retransmit period for the selected port.
The
transmit period is the time in seconds, after which an EAPoL EA
P Request/Identify
frame is resent to the supplicant. The retransmit period must be a value in the range
from 1 to 65535. The default value is 30 seconds.
• MAX EAP Requests.
Specify
the maximum number of EAP requests for the selected
port. The value is the maximum number of times an EAPoL EAP Request/Identity
message is retransmitted before the supplicant times out. The maximum number of
EAP requests must be a value in the range from 1 to 10. The default value is 2.
• Supplicant Timeout. Specify the supplicant time-out for the selected port.
The
supplicant time-out is the time in seconds after which the supplicant times out.
The
supplicant time-out period must be a value in the range from 1 to 65535. The default
value is 30 seconds.
• Server Timeout. Specify the time in seconds that elapses before the switch resends
a request to the authentication server
.
The server time-out period must be a value in
the range from 1 to 65535. The default value is 30 seconds.
10. Click the Apply button.
Your settings are saved.