GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches S o ft w a r e A d m i n i s t r a t i o n M a n u a l September 2013 202-11263-01 350 East Plumeria Drive San Jose, CA 95134 USA
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Support Thank you for selecting NETGEAR products. After installing your device, locate the serial number on the label of your product and use it to register your product at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR recommends registering your product through the NETGEAR website. For product updates and web support, visit http://support.netgear.com. Phone (US & Canada only): 1-888-NETGEAR.
Contents Chapter 1 Getting Started Getting Started with the NETGEAR Switch . . . . . . . . . . . . . . . . . . . . . . . . 10 Switch Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Connect the Switch to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Discover a Switch in a Network with a DHCP Server. . . . . . . . . . . . . . . . . 13 Discover a Switch in a Network without a DHCP Server . . . . . . . . . . . . . .
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Chapter 3 Configuring Switching Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MVR Group Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 MVR Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 MAC Address Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Dynamic Address Configuration . . . . . . . . . . . . .
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Policy Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Service Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Chapter 6 Managing Device Security Management Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 Change Password .
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Chapter 7 Monitoring the System Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 Switch Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 Port Detailed Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Creating Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 DiffServ Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 802.1X Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 MSTP Configuration Example . . . . . . . . . . . . .
1. 1 Getting Started This manual describes how to configure and operate the GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches by using the web-based graphical user interface (GUI). The manual describes the software configuration procedures and explains the options available within those procedures. The GS716Tv3, GS724Tv4, and GS748Tv5 switches are referred to as the NETGEAR switch throughout this document. The information in this document applies to all three switch models unless otherwise noted.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Getting Started with the NETGEAR Switch This chapter provides an overview of starting your NETGEAR switch and accessing the user interface. It also leads you through the steps to use the Smart Control Center (SCC) application, which can be downloaded to your computer. This guide does not document the SCC application. Full documentation for SCC is found at http://docs.netgear.com/scc/enu/202-10685-01/index.htm.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Switch Management Interface The NETGEAR switch contains an embedded web server and management software for managing and monitoring switch functions. The NETGEAR switch functions as a simple switch without the management software. However, you can use the management software to configure more advanced features that can improve switch efficiency and overall network performance.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Connect the Switch to the Network To enable remote management of the switch through a web browser or SNMP, you must connect the switch to the network and configure it with network information (an IP address, subnet mask, and default gateway). The switch has a default IP address of 192.168.0.239 and a default subnet mask of 255.255.255.0.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Discover a Switch in a Network with a DHCP Server This section describes how to set up your switch in a network that has a DHCP server. The DHCP client on the switch is enabled by default. When you connect it to your network, the DHCP server will automatically assign an IP address to your switch. Use the Smart Control Center to discover the IP address automatically assigned to the switch. To install the switch in a network with a DHCP server: 1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 6. Make a note of the displayed IP address assigned by the DHCP server. You will need this value to access the switch directly from a web browser (without using the Smart Control Center). 7. Select your switch by clicking the line that displays the switch, then click the Web Browser Access button. The Smart Control Center launches a browser that displays the login screen of the selected device. Use your web browser to manage your switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Discover a Switch in a Network without a DHCP Server This section describes how to use the Smart Control Center to set up your switch in a network without a DHCP server. If your network has no DHCP service, you must assign a static IP address to your switch. If you choose, you can assign it a static IP address, even if your network has DHCP service. To assign a static IP address: 1. Connect the switch to your existing network. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 9. Type your password to continue with the configuration change. Tip: You must enter the current password every time you use the Smart Control Center to update the switch setting. The default password is password. 10. Click the Apply button to configure the switch with the network settings. Ensure that your computer and the switch are in the same subnet. Make a note of these settings for later use.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 3. In the Local Area Connection Status window, click the Properties button. The Local Area Connection Properties window displays. 4. Select the Internet Protocol Version 4 (TCP/IPv4) option, and then click the Properties button. The Internet Protocol Version 4 (TCP/IPv4) Properties window appears.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 5. Select the Use the following IP address option and set the IP address of the administrative system to an address in the 192.168.0.0 network, such as 192.168.0.200. The IP address must be different from that of the switch but within the same subnet. WARNING: When you change the IP address of your administrative system, you lose your connection to the rest of the network. Be sure to write down your current network address settings before you change them. 6.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Access the Management Interface from a Web Browser To access the switch management interface, use one of the following methods: • From the Smart Control Center, select the switch and click the Web Browser Access button. For more information, see the Smart Control Center User Guide at http://docs.netgear.com/scc/enu/202-10685-01/index.htm. • Open a web browser and enter the IP address of the switch in the address field.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To log on to the web interface: 1. Open a web browser and enter the IP address of the switch in the web browser address field. The login screen displays. 2. Type the password in the Password field. The factory default password is password. Passwords are case-sensitive. 3. Click the Login button. After the system authenticates you, the System Information screen displays. The following figure shows the layout of the web interface.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Navigation Tabs, Configuration Menus, and Screen Menu The navigation tabs along the top of the web interface give you quick access to the various switch functions. The tabs are always available and remain constant, regardless of which feature you configure. When you select a tab, the features for that tab appear as menus directly under the tabs. The configuration menus in the blue bar change according to the navigation tab that is selected.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 1. Command buttons (continued) Button Function REFRESH Refreshes the screen with the latest information from the device. LOGOUT Ends the session. CLEAR Clears all information and returns the switch to its default settings. Device View The Device View is a Java applet that displays the ports on the switch. This graphic provides an alternate way to navigate to configuration and monitoring options.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The following image shows the Device View of the GS716Tv3. Figure 2. GS716Tv3 The following image shows the Device View of the GS724Tv4. Figure 3. GS724Tv4 The following image shows the Device View of the GS748Tv5. Figure 4. GS748Tv5 Click the port you want to view or configure to see a menu that displays statistics and configuration options. Select the menu option to access the screen that contains the configuration or monitoring options.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Figure 5. Device View Port Menu If you click the graphic, but do not click a specific port, the main menu displays, as the following figure shows. This menu contains the same options as the navigation tabs at the top of the screen. Figure 6.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Help Access Every screen contains a button to launch online help , which contains information to assist in configuring and managing the switch. The online help screens are context-sensitive. For example, if the IP Addressing screen is open, the help topic for that screen displays if you click Help. Figure 1, Smart Switch Web Interface on page 20 shows the location of the Help link on the web interface.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Use SNMPv3 The switch software supports the configuration of SNMP groups and users that can manage traps that the SNMP agent generates. The switch uses both standard public MIBs for standard functionality and private MIBs that support additional switch functionality. All private MIBs begin with a hyphen (-) prefix. The main object for interface configuration is in -SWITCHING-MIB, which is a private MIB.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Interface Naming Convention The switch supports physical and logical interfaces. Interfaces are identified by their type and the interface number. All the physical ports are as follows: • GS716Tv3. Ports 1–16 are gigabit copper ports, and Port 17–18 are dedicated gigabit SFP ports· • GS724Tv4. Ports 1–24 are gigabit copper ports, and Port 25–26 are dedicated gigabit SFP ports· • GS748Tv5.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configuring Interface Settings For some features that allow you to configure interface settings, you can apply the same settings simultaneously to any of the following: • A single port • Multiple ports • All ports • A single LAG • Multiple LAGs • All LAGs • Multiple ports and LAGs • All ports and LAGs Many of the screens that allow you to configure or view interface settings include links to display all ports, all LAGs, or all ports and LAGs o
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To configure a single port by using the Go To Interface field: 1. Ensure that the screen is displaying all ports, and not only the LAGs. 2. In the Go To Interface field, type the port number, for example g4. 3. Click the Go button. The check box associated with the interface is selected, the row for the selected interface is highlighted, and the interface number appears in the heading row. Figure 8. Go To Interface Example 4.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To configure a single port: 1. Ensure that the screen is displaying all ports, and not only the LAGs. 2. Select the check box next to the port number. The row for the selected interface is highlighted, and the interface number appears in the heading row. 3. Configure the desired settings. 4. Click the Apply button. The settings you configure in the heading row are applied to the selected interface. To configure a single LAG: 1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 3. Configure the desired settings. 4. Click the Apply button. The settings you configure in the heading row are applied to all selected interfaces. To configure multiple LAGs: 1. Click the LAGS link or the All link to display the LAGs. 2. Select the check box next to each LAG to configure. The check box associated with each interface is selected, and the row for each selected interface is highlighted. 3. Configure the desired settings. 4.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To configure all LAGs: 1. Click the LAGS link to display only the LAG interfaces. 2. Select the check box in the heading row. The check box associated with every LAG is selected, and the rows for all LAGs are highlighted. 3. Configure the desired settings. 4. Click the Apply button. The settings you configure in the heading row are applied to all LAGs. To configure multiple ports and LAGs: 1. Click the All link to display all ports and LAGs. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Online Help The Help main navigation tab of the web management interface provides access to the menus that are described in the following sections: • Support • User Guide Support The Support screen provides access to the NETGEAR support website at support.netgear.com. To access the support website from the web management interface: 1. Select Help > Support. The Support screen displays. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Registration To qualify for product updates and product warranty, NETGEAR encourages you to register your product. The first time that you connect to the switch while it is connected to the Internet, you have the option to register your product. At any time, you can register your product from the web management interface, or you can visit the NETGEAR website for registration at https://my.netgear.com/registration/login.aspx.
2. Configure System Information 2 Use the features you access from the System navigation tab to define the switch’s relationship to its environment.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Management This section describes how to display the switch status and specify some basic switch information, such as the management interface IP address, system clock settings, and DNS information.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The following table describes the status information the System Information screen displays. Table 4. System Information screen status fields Field Description Product Name The product name that describes the switch. Serial Number The serial number of the switch. System Object ID The base object ID for the switch's enterprise MIB. Date & Time The current date and time.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 3. If you selected the Static IP Address option, configure the following network information: • IP Address. The IP address of the network interface. The factory default value is 192.168.0.239. Each part of the IP address must start with a number other than zero. For example, IP addresses 001.100.192.6 and 192.001.10.3 are not valid. • Subnet Mask. The IP subnet mask for the interface. The factory default value is 255.255.255.0. • Default Gateway.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IPv6 Network Configuration Use the IPv6 Network Configuration screen to configure the IPv6 network interface, which is the logical interface used for in-band connectivity with the switch through all of the switch’s front-panel ports. The configuration parameters associated with the switch’s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IPv6 Network Neighbor Use the IPv6 Network Neighbor screen to view information about the IPv6 neighbors the device has discovered through the network interface by using the Neighbor Discovery Protocol (NDP). To display the IPv6 Network Neighbor screen: Select System > Management > IPv6 Network Neighbor. Table 5 describes the information the IPv6 Network Neighbor screen displays about each IPv6 neighbor that the switch has discovered. Table 5.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Time The switch supports the Simple Network Time Protocol (SNTP). You can also set the system time manually. SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The switch software operates only as an SNTP client and cannot provide time services to other systems. Time sources are established by stratums. Stratums define the accuracy of the reference clock.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To configure the time by using SNTP: 1. Select System > Management > Time > Time Configuration. 2. Next to Clock Source, select the SNTP radio button. The screen refreshes, and additional fields appear. 3. Next to Client Mode select Unicast or Broadcast: • Unicast. SNTP operates in a point-to-point fashion.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 6. Time Configuration status fields (continued) Field Description Last Attempt Status Specifies the status of the last SNTP request or unsolicited message for both unicast and broadcast modes. If no message has been received from a server, a status of Other is displayed. These values are appropriate for all operational modes: • Other. The status of the last request is unknown. • Success.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 4. If the UDP port on the SNTP server to which SNTP requests are sent is not the standard port (123), specify the port number. 5. In the Priority field, specify the order in which to query the servers. The SNTP client on the device continues sending SNTP requests to different servers until a successful response is received or all servers are exhausted.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 7. SNTP server status fields (continued) Field Description Requests Specifies the number of SNTP requests made to this server since the last reboot. Failed Requests Specifies the number of failed SNTP requests made to this server since the last reboot. To remove an SNTP server: 1. Select the check box next to the configured server to remove. 2. Click the Delete button. To change the settings for an existing SNTP server: 1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 3. If the selected summer time mode is Recurring or Non Recurring, set the start and end times for the time shift: • Begins At. From the appropriate lists, select the date and time on which summer time begins. • Ends At. From the appropriate lists, select the date and time on which summer time ends. 4. In the Offset field, specify the number of minutes to shift the summer time from the standard time. 5.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configure Denial of Service The Denial of Service Configuration screen allows you to select which types of DoS attacks the switch monitors and blocks. To configure individual DoS settings: 1. Select System > Management > Denial of Service > Denial of Service Configuration. 2. Select the types of DoS attacks for the switch to monitor and block and configure any associated values: • Denial of Service Min TCP Header Size.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • Denial of Service TCP Offset. Enabling TCP Offset DoS prevention causes the switch to drop packets that have a TCP header offset set to 1. • Denial of Service TCP Port. Enabling TCP Port DoS prevention causes the switch to drop packets that have TCP source port equal to TCP destination port. • Denial of Service TCP SYN. Enabling TCP SYN DoS prevention causes the switch to drop packets that have TCP flags SYN set. • Denial of Service TCP SYN&FIN.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The Dynamic Host Configuration table shows host name-to-IP address entries that the switch has learned. The following table describes the dynamic host fields: Table 8. Dynamically learned host name mapping information Field Description Host Lists the host name you assign to the specified IP address. Total Amount of time since the dynamic entry was first added to the table. Elapsed Amount of time since the dynamic entry was last updated.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Green Ethernet Use this screen to configure Green Ethernet features. Using the Green Ethernet Configuration features allows for power consumption savings. To configure the Green Ethernet settings: 1. Select System > Management > Green Ethernet > Green Ethernet Configuration. 2. Enable or disable the Auto Power Down mode. • Enable.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Green Ethernet Detail Use this screen to view detailed per-port Green Ethernet information and to enable or disable Green Ethernet settings on a single port. Using the Green Ethernet features allows for power consumption savings. To configure Green Ethernet mode settings for a port: 1. Click System > Management > Green Ethernet > Green Ethernet Detail. 2. From the Interface list, select the interface to configure. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 9. Green Ethernet local device information (continued) Field Description Tw_sys_rx (uSec) The value of Tw_sys that the local system requests from the remote system. This value is updated by the EEE Receiver L2 state diagram. Tw_sys_rx Echo (uSec) The value of the remote system’s receive Tw_sys that was used by the local system to compute the Tw_sys that it can support.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Green Ethernet Summary This screen summarizes the Green Ethernet Summary settings currently in use. To access the Green Ethernet Summary screen, select System > Management > Green Ethernet > Green Ethernet Summary. The following table describes the information the power saving table displays. Table 10. Green Ethernet power saving information Field Description Current Power Consumption The power consumption (in mWatts) of the all the ports on the switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches View and Configure Green Ethernet LPI History Use this screen to configure and view the Green Ethernet low power idle (LPI) history. Viewing the Green Ethernet LPI History feature allows you to view the Green Ethernet history for the switch. To configure the LPI settings: 1. Select System > Management > Green Ethernet > Green Ethernet LPI History. 2. In the Sampling Interval field, specify the frequency, in seconds, at which EEE LPI history. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches License Some switch features require a special license in order to be active. If a license is not active, the feature associated with the license is not available and cannot be configured. To view information about the license key, click System > License > License Key. The following table describes the non-configurable fields on the License Key page. Table 14. License Key information Field Description License Date The date the license is purchased.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches SNMP This section describes how to configure the Simple Network Management Protocol (SNMP) version 1 and SNMP version 2 information on the switch. For information about configuring the SNMPv3 administrative profile, see Use SNMPv3 on page 26. The screens you access from the SNMPV1/V2 link allow you to configure SNMPv1/v2 community information, traps, and trap flags.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 7. Click the Add button. To modify an existing community: 1. Select the check box next to the community. 2. Update the desired fields. 3. Click the Apply button. To delete a community: 1. Select the check box next to the community to remove. 2. Click the Delete button. Trap Configuration Use this screen to configure settings for each SNMPv1 or SNMPv2 management host that will receive notifications about traps generated by the device.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Trap Flags Use the Trap Flags screen to enable or disable traps the switch can send to an SNMP manager. When the condition identified by an active trap is encountered by the switch, a trap message is sent to any enabled SNMP trap receivers, and a message is written to the trap log. To configure the trap flags: 1. Select System > SNMP > SNMP V1/V2 > Trap Flags. 2. Enable or disable the following system traps: • Authentication.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches LLDP The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches LLDP Configuration Use the LLDP Configuration screen to specify the global LLDP and LLDP-MED parameters that are applied to the switch. To configure global LLDP settings: 1. Select System > LLDP > Basic > LLDP Configuration. 2. (Optionally). Configure non-default values for the following LLDP properties. • TLV Advertised Interval. The number of seconds between transmissions of LLDP advertisements. • Hold Multiplier.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches LLDP Port Settings Use the LLDP Port Settings screen to specify per-interface LLDP settings. To configure LLDP port settings: 1. Select System > LLDP > Advanced > LLDP Port Settings. 2. Select one or more ports to configure. • To configure a single port, select the check box associated with it, or type the port number in the Go To Interface field and click the Go button.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches LLDP-MED Network Policy This screen displays information about the LLPD-MED network policy TLV transmitted in the LLDP frames on the selected local interface. To view LLDP-MED network policy information for an interface: 1. Select System > LLDP > Advanced > LLDP-MED Network Policy. 2. From the Interface list, select the interface with the information to view. Note: The list includes only the interfaces on which LLDP is enabled.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches LLDP-MED Port Settings Use this screen to enable LLDP-MED mode on an interface and configure its properties. To configure LLDP-MED settings for a port: 1. Select System > LLDP > Advanced > LLDP-MED Port Settings. 2. From the Port list, select the port to configure. 3. Use the lists to enable or disable the following LLDP-MED settings for the selected port: • LLDP-MED Status. The administrative status of LLDP-MED on the interface.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 17. LLDP local device information (continued) Field Description System Description The switch description, which includes information about the product model and platform. System Capabilities The primary functions the switch supports. Interface The interface associated with the rest of the data in the row. Port ID Subtype The type of information used to identify the interface in the Port ID field. Port ID The port number.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 18. Detailed LLDP local port information (continued) Field Description MED Details Capabilities Supported The MED capabilities enabled on the port. Current Capabilities The TLVs advertised by the port. Device Class Network Connectivity indicates the device is a network connectivity device. Network Policies Application Type The media application type associated with the policy. VLAN ID The VLAN ID associated with the policy.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Neighbors Information Use the LLDP Neighbors Information screen to view the data that a specified interface has received from other LLDP-enabled systems. To view LLDP information received from a neighbor device, select System > Advanced > LLDP > Neighbor Information. Note: If no information has been received from a neighbor device, or if the link partner is not LLDP-enabled, no information displays.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To view additional information about the remote device, click the link in the MSAP Entry field. A pop-up window displays information for the selected port. The following table describes the information transmitted by the neighbor. Table 20. LLDP neighbor details Field Description Port Details Local Port The interface on the local system that received LLDP information from a remote system.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 20. LLDP neighbor details (continued) Field Description Operational MAU Type The Medium Attachment Unit (MAU) type. The MAU performs physical layer functions, including digital data conversion from the Ethernet interface collision detection and bit injection into the network. MED Details Capabilities Supported The supported capabilities that were received in MED TLV from the device.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 20. LLDP neighbor details (continued) Field Description Network Policies Application Type The media application type associated with the policy advertised by the remote device. VLAN ID The VLAN ID associated with the policy. VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged. User Priority The priority associated with the policy. DSCP The DSCP associated with a particular policy type.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Services This section describes how to configure the DHCP snooping and Dynamic ARP Inspection (DAI) features on the switch. DHCP snooping and DAI are layer 2 security features that examine traffic to help prevent accidental and malicious attacks on the switch or network.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Interface Configuration Use the DHCP Snooping Interface Configuration screen to view and configure each port as a trusted or untrusted port. Any DHCP responses received on a trusted port are forwarded. If a port is configured as untrusted, any DHCP (or BootP) responses received on that port are discarded. To configure DHCP snooping interface settings: 1. Select System > Services > DHCP Snooping > Interface Configuration. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Binding Configuration Use this screen to view, add, and remove static bindings in the DHCP snooping bindings database and to view or clear the dynamic bindings in the bindings table. To configure static DHCP bindings: 1. Select System > Services > DHCP Snooping > Binding Configuration. 2. From the Interface list, select the interface on which the DHCP client is authorized. 3. In the MAC Address field, specify the MAC address for the binding to be added.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Persistent Configuration Use this screen to configure the persistent location of the DHCP snooping bindings database. The bindings database can be stored locally on the device or on a remote system somewhere else in the network. The device must be able to reach the IP address of the remote system to send bindings to a remote database. To configure DHCP snooping persistent settings: 1. Select System > Services > DHCP Snooping > Persistent Configuration. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Statistics Use this screen to view and clear per-interface statistics about the DHCP messages filtered by the DHCP snooping feature on untrusted interfaces. To view and clear the DHCP snooping statistics: 1. Select System > Services > DHCP Snooping > Statistics. 2. Click Clear to clear all interfaces statistics. The following table describes the DHCP snooping statistics. Table 22.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Dynamic ARP Inspection Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The malicious attacker sends ARP requests or responses mapping another station’s IP address to its own MAC address.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 2. Configure LAG 1, which includes ports 11-14, as a trusted port. All other interfaces are untrusted by default. a. Select System > Services > Dynamic ARP Inspection > DAI Interface Configuration. b. Click the LAGS link to view all LAG interfaces. c. Next to l1, select the check box. d. From the Trust Mode list, select Enable. e. Click the Apply button. 3. Configure rate limiting for ports 1–10, which are untrusted ports. a.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configure a DAI ACL DAI relies on the information in the DHCP snooping bindings database to validate ARP packets. For networks that use static IP addresses and do not use DHCP, DAI access control lists (ACLs) can be used to statically map an IP address to a MAC address on a VLAN. When hosts use static IP addresses, the DHCP snooping feature cannot build a bindings database. DAI ACLs are also useful when other switches in the network do not run DAI.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 10. Select System > Services > Dynamic ARP Inspection > DAI VLAN Configuration. 11. Next to VLAN 100, select the check box. 12. In the ARP ACL Name field, specify the name of the DAI ACL to associate with the VLAN. 13. Click the Apply button. Configure Optional DAI Features If you configure the source MAC address validation option, DAI verifies that the sender MAC address in an ARP packet equals the source MAC address in the Ethernet header.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To configure the optional DAI features: 1. Select System > Services > Dynamic ARP Inspection > DAI Configuration. 2. Next to Validate Source MAC, select the Enable radio button. 3. Next to Validate Destination MAC, select the Enable radio button. 4. Next to Validate IP, select the Enable radio button. 5. Click the Apply button.
3. Configuring Switching 3 Use the features you access from the Switching tab to define Layer 2 features. The Switching tab contains links to the features described in the following sections. • Ports • Link Aggregation Groups • VLANs • Auto-VoIP Configuration • Spanning Tree Protocol • Multicast • MVR Configuration • Address Table • Multiple Registration Protocol Configuration • 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Ports The screens you access from the Ports menu allow you to view and monitor the physical port information for the ports available on the switch. The Ports menu contains links described in the following sections. • Port Configuration • Flow Control Port Configuration Use the Port Configuration screen to configure various characteristics about the physical ports or LAGs on the switch. To configure port settings: 1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • Link Trap. Select whether or not to send a trap when link status changes. The factory default is Enable. - Enable. Specifies that the system sends a trap when the link status changes. - Disable. Specifies that the system does not send a trap when the link status changes. • Maximum Frame Size. Specify the maximum Ethernet frame size the interface supports. The size includes the Ethernet header, CRC, and payload.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Link Aggregation Groups Link aggregation groups (LAGs), which are also known as port channels, allow you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing. You assign the LAG VLAN membership after you create a LAG. The LAG by default becomes a member of the default management VLAN (that is, VLAN 1).
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • LAG ID. The number assigned to the LAG. This field is read-only. • Link Trap. Specify whether you want to have a trap sent when link status changes. The factory default is Disable, which will cause the trap to be sent. • Admin Mode. Select Enable or Disable from the list. When the LAG (port channel) is disabled, no traffic will flow and LAGPDUs will be dropped, but the links that form the LAG (port channel) will not be released.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches LAG Membership Use the LAG Membership screen to select two or more full-duplex Ethernet links to be aggregated together to form a link aggregation group (LAG), which is also known as a port channel. The switch can treat the port channel as if it were a single link. To add members to a LAG: 1. Select Switching > LAG > Basic > LAG Membership. 2. From the LAG ID list, select the LAG to configure. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches LACP Configuration The LACP configuration screen is used to set the LACP system priority. To configure LACP: 1. Select Switching > LAG > Advanced > LACP Configuration. 2. In the LACP System Priority field, specify the device’s link aggregation priority relative to the devices at the other ends of the links on which link aggregation is enabled. A higher value indicates a lower priority.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches VLANs Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security, and management of multicast traffic. By default, all ports on the switch are in the same broadcast domain.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Basic VLAN Configuration Use the VLAN Configuration screen to define VLAN groups stored in the VLAN membership table. The switch supports up to 256 VLANs. The default VLAN (1), voice VLAN (2) and auto-video VLAN (3) are created by default, and all ports are untagged members. When you create a VLAN on this screen, its type is always static. To add a VLAN: 1. Select Switching > VLAN > Basic > VLAN Configuration. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches VLAN Membership Configuration Use this screen to configure VLAN port membership for a particular VLAN. You can select the Group operation through this screen. To configure VLAN membership for individual ports and LAGs: 1. Select Switching > VLAN > Advanced > VLAN Membership. 2. From the VLAN ID list, select the VLAN to which you want to add ports. 3. Click the orange bar below the VLAN Type field to display the physical ports on the switch. 4.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To configure the same VLAN membership settings for all ports and LAGs: 1. Select Switching > VLAN > Advanced > VLAN Membership. 2. In the VLAN ID list, select the VLAN to which you want to add ports. 3. In the Group Operations list, select one of the following options: • Untag All. All frames transmitted from this VLAN will be untagged. All the ports will be included in the VLAN. • Tag All. All frames transmitted for this VLAN will be tagged.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Port VLAN ID Configuration The Port PVID Configuration screen lets you assign a port VLAN ID (PVID) to an interface. There are certain requirements for a PVID: • All ports must have a defined PVID. • If no other value is specified, the default VLAN PVID is used. • If you want to change the port’s default PVID, you must first create a VLAN that includes the port as a member.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MAC-Based VLAN The MAC Based VLAN feature uses the source MAC address of incoming untagged packets to classify the traffic and to assign the packets to the appropriate VLAN. A MAC to VLAN mapping is defined by configuring an entry in the MAC to VLAN table. An entry is specified by a source MAC address and the desired VLAN ID.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Protocol-Based VLAN Group Configuration Protocol-based VLAN can be used to define filtering criteria for untagged packets. By default, if you do not configure any port (IEEE 802.1Q) or protocol-based VLANs, untagged packets are assigned to VLAN 1. You can override this behavior by defining either port-based VLANs or protocol-based VLANs, or both. Tagged packets are always handled according to the IEEE 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Protocol-Based VLAN Group Membership The Protocol-Based VLAN Group Membership screen is used to define a protocol-based VLAN group. To set up protocol-based VLAN group membership: 1. Select Switching > VLAN > Advanced > Protocol-Based VLAN Group Membership. 2. From the Group ID list, select the protocol-based VLAN group ID for which you want to display or configure data. 3. Click the orange bar to display the port list.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 5. If the interface mode is VLAN ID or Dot1p, specify the VLAN ID or 802.1p priority value in the Value field. This field is valid only when VLAN ID or dot1p is selected as the interface mode. 6. From the CoS Override Mode list, specify the CoS override mode for the selected ports: • Enabled. The port ignores the 802.1p priority value in the Ethernet frames it receives from connected devices. • Disabled.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The Operational Status field displays the current operational status of the interface. 6. Click the Apply button. OUI-Based Properties With Organizationally Unique Identifier (OUI) based Auto VoIP, voice prioritization is provided based on OUI bits. To configure OUI based properties: 1. Select Switching > Auto-VoIP> OUI-based > Properties. 2. In the VoIP VLAN ID list, select the VLAN to use to segregate VoIP traffic from other non-voice traffic.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches OUI Table Device hardware manufacturers can include an OUI in a network adapter to help identify a hardware device. The OUI is a unique 24-bit number assigned by the IEEE registration authority.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Spanning Tree Protocol The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Spanning tree versions supported include Common STP, Multiple STP, and Rapid STP. Classic STP provides a single path between end stations, avoiding and eliminating loops. For information about configuring Common STP, see CST Port Configuration on page 101.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches STP Configuration The STP Configuration screen contains fields for enabling STP on the switch. To configure STP settings on the switch: 1. Select Switching > STP > Basic > STP Configuration. 2. Next to Spanning Tree State, specify whether to enable or disable Spanning Tree operation on the switch. 3. From the STP Operation Mode field, specify the Force Protocol Version parameter for the switch. Options are: • STP (Spanning Tree Protocol). IEEE 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 23. STP status information (continued) Field Description Max Age (secs) Specifies the bridge maximum age for CST. The value must be less than or equal to (2 X Bridge Forward Delay) – 1 and greater than or equal to 2 X (Bridge Hello Time +1). Forward Delay (secs) Derived value of the Root Port Bridge Forward Delay parameter. Hold TIme (secs) Minimum time between transmission of Configuration BPDUs.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The following MSTP status information is displayed on the Spanning Tree CST Configuration screen. Table 24. MSTP status information Field Description MST ID Table consisting of the MST instances (including the CST) and the corresponding VLAN IDs associated with each of them.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • Port ID. The port identifier for the specified port within the CST. It is made up from the port priority and the interface number of the port. • Hello Timer. Specifies the switch Hello time, which indicates the amount of time in seconds a port waits between configuration messages. The value is fixed at 2 seconds. 5. Click the Apply button.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 25. CST port status information (continued) Field Description CST Path Cost The path cost to the CST tree regional root. Port Forwarding State The forwarding state of this port. Click the Refresh button to update the information on the screen with the most current data. Rapid STP Use the Rapid STP screen to view information about Rapid Spanning Tree (RSTP) port status. To display the Rapid STP screen, click Switching > STP > Advanced > RSTP.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MST Configuration Use the Spanning Tree MST Configuration screen to configure Multiple Spanning Tree (MST) on the switch. To configure an MST instance: 1. Select Switching > STP > Advanced > MST Configuration. 2. Configure the MST values: • MST ID. Specify the ID of the MST to create. Valid values for this are between 1 and 4094. • Priority. Specifies the bridge priority value for the MST.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MST Port Configuration Use the MST Port Configuration screen to configure and display Multiple Spanning Tree (MST) settings on a specific port on the switch. To configure MST port settings: 1. Select Switching > STP > Advanced > MST Port Configuration. Note: If no MST instances have been configured on the switch, the screen displays a “No MSTs Available” message. 2. Select the ports or LAGs to configure.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 28. MST port status information (continued) Field Description Port Forwarding State Indicates the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are: • Disabled. STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. • Blocking. The port is currently blocked and cannot be used to forward traffic or learn MAC addresses.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches STP Statistics Use the Spanning Tree Statistics screen to view information about the number and type of bridge protocol data units (BPDUs) transmitted and received on each port. To display the Spanning Tree Statistics screen, select Switching > STP > Advanced > STP Statistics. The following table describes the information available on the STP Statistics screen. Table 29.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Multicast Multicast IP traffic is traffic that is destined to a host group. Host groups for IPv4 multicast are identified by class D addresses, which range from 224.0.0.0 to 239.255.255.255. Host groups for IPv6 multicast are identified by the prefix ff00::/8.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 30. MFDB table information (continued) Field Description Description The text description of this multicast table entry. Possible values are Management Configured, Network Configured and Network Assisted. Interface The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:) for the selected address.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Auto-Video Use this screen to configure the Auto-Video parameters. To configure Auto-Video: 1. Select Switching > Multicast > Auto-Video. 2. Select one of the following radio buttons: • Select the Disable radio button to globally disable Auto-Video administrative mode for the switch. • Select the Enable radio button to globally enable Auto-Video administrative mode for the switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IGMP Snooping Configuration Use the IGMP Snooping Configuration screen to configure the parameters for IGMP snooping. These parameters are used to build forwarding lists for multicast traffic. To configure IGMP snooping: 1. Select Switching > Multicast > IGMP Snooping > IGMP Snooping Configuration. 2. Enable or disable IGMP snooping on the switch: • Enable.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 3. Configure the IGMP snooping values for the selected ports or LAGs: • Admin Mode. Select the interface mode for the selected interface for IGMP snooping for the switch from the menu. The default is Disable. • Host Timeout. Specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group. Enter a value between 2 and 3600 seconds. The default is 260 seconds.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 33. IGMP snooping table information (continued) Field Description Description The text description of this multicast table entry. Possible values are Management Configured, Network Configured, and Network Assisted. Interface The list of interfaces that are designated for forwarding (Fwd) and filtering (Flt) for the associated address.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Multicast Router Configuration If a multicast router is attached to the switch, its existence can be learned dynamically. You can also statically configure an interface as a multicast router interface, which is an interface that faces a multicast router or IGMP querier and receives multicast traffic. Use this screen to manually configure an interface as a static multicast router interface.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IGMP Snooping Querier IGMP snooping requires that one central switch or router periodically query all end-devices on the network to announce their multicast memberships. This central device is the IGMP querier. The IGMP query responses, known as IGMP reports, keep the switch updated with the current multicast group membership on a port-by-port basis.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IGMP Snooping Querier VLAN Configuration To create a new VLAN ID for IGMP snooping: 1. Select Switching > Multicast > IGMP Snooping Querier > Querier VLAN Configuration. 2. From the VLAN ID list, select New Entry and complete the following fields: • VLAN ID. Specify the VLAN ID for which the IGMP snooping querier is to be enabled. • • Querier Election Participate Mode. Enable or disable Querier Participate Mode. - Disabled.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 34. IGMP snooping querier VLAN status (continued) Field Description Last Querier Address The IP address of the last querier from which a query was snooped on the VLAN. Last Querier Version The IGMP protocol version of the last querier from which a query was snooped on the VLAN. Operational Max Response Time The maximum response time to be used in the queries that are sent by the snooping querier.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The following table describes the MLD snooping status information the screen displays. Table 35. MLD snooping status information Field Description Multicast Control Frame Count The number of multicast control frames that are processed by the CPU. Interfaces Enabled for MLD Snooping A list of all the interfaces currently enabled for MLD snooping.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 7. From the Fast Leave Admin Mode list, select the Fast Leave mode for a particular interface from the menu. The default is Disable. 8. Click the Apply button. MLD VLAN Configuration MLD snooping can be enabled on a per VLAN basis. It is necessary to keep track of the interfaces that are participating in a VLAN in order to apply or remove configurations. To configure the MLD VLAN: 1. Select Switching > Multicast > MLD Snooping > MLD VLAN Configuration. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches management. The default value for the multicast router expiration time is zero, which indicates an infinite time-out, that is, no expiration. To configure the Multicast Router: 1. Select Snooping > Multicast Router Configuration. 2. Select each interface to configure. For information about how to select and configure one or more ports or LAGs, see Configuring Interface Settings on page 28. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 4. In the MLD Version field, the MLD protocol version used in periodic MLD queries is displayed. The supported MLD Version is 1. 5. In the Query Interval field, specify the time interval in seconds between periodic queries sent by the snooping querier. The Query Interval must be a value in the range of 1–1800 seconds. The default value is 60. 6.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The following table describes the MLD snooping querier status information on the screen. Table 36. Field Description Operational State Specifies the operational state of the IGMP snooping querier on a VLAN: • Querier. The snooping switch is the querier in the VLAN. The snooping switch will send out periodic queries with a time interval equal to the configured querier query interval.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MVR Configuration IGMP snooping helps limit multicast traffic when member ports are in the same VLAN; however, when ports belong to different VLANs, a copy of the multicast stream is sent to each VLAN that has member ports in the multicast group. MVR eliminates the need to duplicate the multicast traffic when multicast group member ports belong to different VLANs. MVR uses a dedicated multicast VLAN to forward multicast traffic over the L2 network.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MVR Configuration Use the MVR Configuration screen to enable MVR and to configure global MVR settings on the switch. To configure basic MVR settings: 1. Select Switching > MVR > Basic > MVR Configuration 2. Next to MVR Running select Enable. 3. In the MVR Multicast VLAN field, specify the VLAN on which MVR multicast data will be received. All source ports belong to this VLAN. The value can be set in a range of 1 to 4093. The default value is 1. 4.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MVR Group Configuration Use the MVR Group Configuration screen to create and manage MVR groups on the switch. In this example, five MVR groups are created. To create multiple MVR groups in the same step, the groups must have contiguous IP addresses, such as 239.1.1.1, 239.1.1.2, 239.1.1.3, and so on. To configure five contiguous MVR groups: 1. Select Switching > MVR > Advanced > MVR Group Configuration. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MVR Interface Configuration Use the MVR Interface Configuration screen to configure the ports that belong to the MVR groups and their roles within the groups. To configure the MVR interfaces: 1. Select Switching > MVR > Advanced > MVR Interface Configuration. 2. Select the ports to configure. For information about how to select and configure one or more ports, see Configuring Interface Settings on page 28. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MVR Statistics Use the MVR Statistics screen to view information about the IGMP messages and IGMP packages the switch has transmitted. To view MVR statistics, select Switching > MVR > Advanced > MVR Statistics. The following table describes the MVR statistics. Table 39. MVR statistics Field Definition IGMP Query Received The number of received IGMP Queries. IGMP Report V1 Received The number of received IGMP Reports V1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Address Table The address table maintains a list of MAC addresses after having received a packet from this MAC address. The transparent bridging function uses the forwarding database entries to determine how to forward a received frame. The Address Table link contains links described in the following sections.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The following table describes the information available for each entry in the address table. Table 40. Field Description VLAN ID Specifies the VLAN ID on which the IGMP Snooping Querier is administratively enabled and for which VLAN exists in the VLAN database. MAC Address A unicast MAC address for which the switch has forwarding and/or filtering information. The format is a six-byte MAC address with each byte separated by colons.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Static MAC Address Use the Static MAC Address Configuration screen to configure and view static MAC addresses on an interface. To add a static MAC address: 1. Select Switching > Address Table > Advanced > Static MAC Address. 2. From the Interface list, select the port to associate with the statically configured MAC address. 3. In the MAC Address field, specify the MAC address to add. 4.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Multiple Registration Protocol Configuration1 Multiple Registration Protocol (MRP) is a base registration protocol that enables devices running an MRP application to register attributes to other devices in a network. MRP provides an application to register attributes such as bandwidth requirement for a given AV stream and MAC address information. It is used by various applications to propagate the registration.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches With MRP, network attributes are declared, registered, withdrawn, and removed completely dynamically without any user intervention. This dynamic nature is especially useful in networks where: • Network attributes are likely to change frequently, requiring reconfiguration of the intermediate devices. • Recipients of these attributes frequently increase or decrease in number.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MRP Configuration Use the MRP Configuration screen to configure global MRP settings for the switch. To configure global MRP settings: 1. Select Switching > MRP > Basic > MRP Configuration. 2. Next to MVRP Mode, select Enable to enable MVRP globally on the switch. MVRP provides an application to dynamically register VLAN information. The default mode is Disable. 3. Next to MMRP Mode, select Enable to enable MMRP globally on the switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MRP Port Settings Use the MRP Port Settings screen to configure the per-port MRP mode and timer settings. The timers control when and how often various messages are transmitted on each interface. To configure the MRP port parameters: 1. Select Switching > MRP > Advanced > Port Settings. 2. Select the interfaces to configure. For information about how to select and configure one or more ports, see Configuring Interface Settings on page 28. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MMRP Statistics The MMRP Statistics screen displays information regarding the MMRP frames transmitted and received by the switch and by each interface. To view the MMRP Statistics screen, select Switching > MRP > Advanced > MMRP Statistics. The following table describes the fields on the MMRP Statistics screen. Table 41. MMRP statistics Field Description Global MMRP Statistics Frames Received The number of MMRP frames which were received on the switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MVRP Statistics The MVRP Statistics screen displays information regarding the MVRP frames transmitted and received by the switch and by each interface. To view the MVRP Statistics screen, select Switching > MRP > Advanced > MVRP Statistics. The following table describes the fields on the MVRP Statistics screen. Table 42. MVRP statistics Field Description Global MVRP Statistics Frames Received The number of MVRP frames which were received on the switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MSRP Statistics The MSRP Statistics screen displays information about the MSRP frames transmitted and received by the switch and by each interface. To view the MMRP Statistics screen, select Switching > MRP > Advanced > MSRP Statistics. The following table describes the fields on the MSRP Statistics screen. Table 43. MSRP statistics Field Description Global MSRP Statistics Frames Received The number of MSRP frames that have been received on the switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MSRP Reservation Parameters Use the MSRP Reservation Parameters screen to view information about the talker, listener, and intermediate device status for the devices involved in each MSRP stream flowing through the switch. To view the MSRP Reservation Parameters screen, select Switching > MRP > Advanced > MSRP Reservation Parameters. The following table describes status fields on the MSRP Reservation Parameters screen. Table 44.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 44. MSRP reservation parameters (continued) Field Description Failure Bridge MAC The MAC address of the switch where the failure occurred. Stream Age The time, in seconds, since the stream destination address was added to the Dynamic Reservations Entries table. A value of zero indicates the destination address has not been added to the table. Qav Parameters Use the Qav Parameters screen to configure and view the per-port IEEE 802.1Qav settings.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 45. Qav parameter status information (continued) Field Description Total Bandwidth Allocated The Sum of the allocated Class A and Class B traffic rates on interface (in Bps). Total Remaining Bandwidth 75% of the interface speed minus total allocated bandwidth (in Bps/sec). MSRP Streams Information Use the MSRP Stream Information screen to view information about MSRP streams flowing through each interface.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 46. MSRP streams information (continued) Field Description TSpec Max Interval Frames The 32-bit unsigned Frame Rate component is used to allocate resources and adjust queue selection parameters in order to supply the quality of service requested by an MSRP Talker Declaration. It represents the maximum number of frames that the Talker may transmit in one second. Stream VLAN The VLAN ID of the traffic stream.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 802.1AS1 The IEEE 802.1AS standard specifies the protocol and procedures used to ensure that the QoS requirements are guaranteed for time-sensitive applications, such as audio and video. The IEEE 1588 Precision Time Protocol (PTP) forms the basis of the IEEE 802.1AS standard. PTP specifies a precise clock synchronization protocol that relies on time-stamped packets.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The following table shows the non-configurable information on the 802.1AS Configuration screen. Table 47. 802.1AS global status Field Description GrandMaster Present Identifies whether Grand Master Clock is present. The default is False. Best Clock Identity The Best Clock Identity detected by this time-aware bridge. Best Clock Priority1 The Priority1 value of the best clock on the switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 7. In the Pdelay Interval field, specify the desired transmission rate of PDELAY_REQ messages. This value is the logarithm to the base 2 of the mean time interval between successive PDELAY_REQ messages sent on this interface. The configured initial interval becomes the current interval only after the port is initialized or re-initialized for 802.1AS operation. 8. In the Announce Interval field, specify the desired transmission rate of ANNOUNCE messages.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 48. 802.1AS port settings (continued) Field Description Current Pdelay Interval The current mean time interval between successive PDELAY_REQ messages sent over a link, in logarithm to base 2 format. Current Announce Interval The current mean time interval between successive ANNOUNCE messages sent over a link, in logarithm to base 2 format. 802.1AS Statistics The 802.1AS Statistics screen displays information regarding the 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 49. 802.1AS statistics (continued) Field Description Signaling Rx The total number of SIGNALING packets received without error. Sync Timeouts The total number of SYNC receipt time-outs occurred. Sync Discards The total number of SYNC packets discarded. Announce Timeouts The total number of ANNOUNCE receipt time-outs occurred. Announce Discards The total number of ANNOUNCE packets discarded.
4. Configuring Routing 4 The switch supports IP routing. Use the menus under the Routing tab to manage routing on the system. When a packet enters the switch, the destination MAC address is checked to see if it matches any of the configured routing interfaces. If it does, then the switch searches the host table for a matching destination IP address. If an entry is found, then the packet is routed to the host.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configure IP Settings For information about how to configure and display IP routing data, see the following sections: • IP Configuration • VLAN Routing Wizard • IP Statistics IP Configuration Use the IP Configuration screen to configure routing parameters for the switch. To enable routing on the switch: 1. Select Routing > IP > IP Configuration. 2. Next to Routing Mode, select Enable.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IP Statistics The statistics reported on the IP Statistics screen are as specified in RFC 1213. To display the IP statistics screen, select Routing > IP >Statistics. The following table describes the IP statistics information displayed on the screen. Table 51. IP routing statistics Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 51. IP routing statistics (continued) Field Description IpOutNoRoutes The number of IP datagrams discarded because no route could be found to transmit them to their destination. Note that this counter includes any packets counted in ipForwDatagrams which meet this `no-route' criterion. Note that this includes any datagrams which a host cannot route because all of its default gateways are down.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 51. IP routing statistics (continued) Field Description IcmpInTimestampReps The number of ICMP Timestamp Reply messages received. IcmpInAddrMasks The number of ICMP Address Mask Request messages received. IcmpInAddrMaskReps The number of ICMP Address Mask Reply messages received. IcmpOutMsgs The total number of ICMP messages which this entity attempted to send. Note that this counter includes all those counted by icmpOutErrors.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configure VLAN Routing You can configure the switch software with some ports supporting VLANs and some supporting routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port. When a port is enabled for bridging (default) rather than routing, all normal bridge processing is performed for an inbound packet, which is then associated with a VLAN.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 6. Click the box under each port or LAG to add to the VLAN as a VLAN member. Each port or LAG has three modes: • T(Tagged). Select the ports on which all frames transmitted for this VLAN will be tagged. The ports that are selected will be included in the VLAN. • U(Untagged). Select the ports on which all frames transmitted for this VLAN will be untagged. The ports that are selected will be included in the VLAN. • BLANK(Autodetect).
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configure Router Discovery The Router Discovery protocol is used by hosts to identify operational routers on the subnet. Router discovery messages are of two types: router advertisements and router solicitations. The protocol mandates that every router periodically advertise the IP addresses it is associated with. Hosts listen for these advertisements and discover the IP addresses of neighboring routers.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configure and View Routes From the Route Configuration screen, you can configure static and default routes and view the routes that the switch has already learned. To configure a static route: 1. Select Routing > Route Configuration. 2. From the Route Type field, select Static. When you create a default route, you must specify only the next hop IP address. By default, the default route has a preference of 1. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The Route Status table provides information about the static routes configured on the switch and the dynamic routes the switch has learned. Table 53. Routing table information Field Description Route Type Indicates whether the learned route is a static or default route. Network Address The IP route prefix for the destination.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configure ARP The address resolution protocol (ARP) associates a layer 2 MAC address with a layer 3 IPv4 address. Switch software features both dynamic and manual ARP configuration. With manual ARP configuration, you can statically add entries into the ARP table. ARP is a necessary part of the Internet protocol (IP) and is used to translate an IP address to a media (MAC) address, defined by a local area network (LAN) such as Ethernet.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches ARP Cache Use the ARP Cache screen to view entries in the ARP table, a table of the remote connections most recently seen by this switch. To display entries in the ARP table, select Routing > ARP > Basic > ARP Cache. The following table provides information included in the management VLAN ARP cache section. Table 54.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Create a Static ARP Entry Use this screen to add a static entry to the ARP table. To add an entry to the ARP table: 1. Select Routing > ARP > Advanced > ARP Create. 2. In the IP Address field, specify the IP address to add. It must be the IP address of a device on a subnet attached to one of the switch’s existing routing interfaces. 3. In the MAC Address field, specify the unicast MAC address of the device.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Remove an ARP Entry From the ARP Cache Use this screen to remove certain entries from the ARP Table. To remove entries from the ARP table: 1. Select Routing > ARP > Advanced > ARP Entry Management. 2. From the Remove From Table list, select the type of ARP entry to be removed.
5. Configuring Quality of Service 5 In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria. When a packet is queued for transmission in a port, the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Class of Service The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required. The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Global Trust Mode can be one of the following: • Untrusted. Do not trust any CoS packet marking at ingress. • 802.1p. The eight priority tags that are specified in IEEE 802.1p are p0 to p7. The QoS setting lets you map each of the eight priority levels to one of seven internal hardware priority queues. • DSCP. The six most significant bits of the DiffServ field are called the Differentiated Services Code Point (DSCP) bits. 4. Click the Apply button.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches CoS Interface Configuration Use the CoS Interface Configuration screen to configure the trust mode for one or more interfaces and to apply an interface shaping rate to all interfaces or to a specific interface. To configure CoS settings for an interface: 1. Select QoS > CoS > Advanced > CoS Interface Configuration. 2. Select the interfaces to configure.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Interface Queue Configuration Use the Interface Queue Configuration screen to define what a particular queue does by configuring switch egress queues. User-configurable parameters control the amount of bandwidth used by the queue, the queue depth during times of congestion, and the scheduling of packet transmission from the set of all queues on a port. Each port has its own CoS queue-related configuration.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 802.1p to Queue Mapping Use this screen to view or change which internal traffic classes are mapped to the 802.1p priority class values in Ethernet frames the device receives. The priority-to-traffic class mappings can be applied globally or per-interface. The mapping allows the switch to group various traffic types (for example, data or voice) based on their latency requirements and give preference to time-sensitive traffic. To map 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Differentiated Services The QoS feature contains Differentiated Services (DiffServ) support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors. Standard IP-based networks are designed to provide “best effort” data delivery service. “Best effort” service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Diffserv Configuration Use the DiffServ Configuration screen to display DiffServ general status group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. To configure the global DiffServ mode: 1. Select QoS > DiffServ > Advanced > DiffServ Configuration. 2. Next to DiffServ Admin Mode, select Enable.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Class Configuration Use the Class Configuration screen to add a new DiffServ class name, or to rename or delete an existing class. The screen also allows you to define the criteria to associate with a DiffServ class. As packets are received, these DiffServ classes are used to prioritize packets. You can have multiple match criteria in a class. The logic is a Boolean logical-and for this criteria.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 2. Define the criteria to associate with a DiffServ class: • Match Every. This adds to the specified class definition a match condition whereby all packets are considered to belong to the class. • Reference Class. Selects a class to start referencing for criteria. A specified class can reference at most one other class of the same type. • Class of Service. Select the field and enter a class of service 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • Protocol Type. Requires a packet’s layer 4 protocol to match the protocol you select. If you select Other, enter a protocol number in the field that displays. The valid range is 0–255. • Source IP Address. Requires a packet’s source port IP address to match the address listed here. In the IP Address field, enter a valid source IP address in dotted decimal format. • Source Mask.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IPv6 Class Configuration The IPv6 Class Configuration feature extends the existing QoS ACL and DiffServ functionality by providing support for IPv6 packet classification. An Ethernet IPv6 packet is distinguished from an IPv4 packet by its unique Ethertype value, so all IPv6 classifiers include the Ethertype field. An IPv6 access list serves the same purpose as its IPv4 counterpart.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches criteria fields and create classifier entries, it is necessary for the configuration to specify what type of packet a class defines. Policy Configuration Use the Policy Configuration screen to associate a collection of classes with one or more policy statements. After creating a Policy, click the policy link to the Policy screen. To create a new DiffServ policy: 1. Select QoS > DiffServ > Advanced > Policy Configuration. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The policy name is a hyperlink. The following figure shows the configuration fields for the policy. 2. Configure the policy attributes: • Assign Queue. Select this value from the drop-down list. This is an integer value in the range 0 to 7. • Drop. Select this option to drop packets for this policy-class. • Mark VLAN CoS. Select this value from the drop-down list. This is an integer value in the range from 0 to 7 for setting the VLAN priority.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 4. If you select the Simple Policy attribute, configure the following fields: • Color Mode. Color Aware mode requires the existence of one or more color classes that are valid for use with this policy instance; otherwise, the color mode is color blind, which is the default. • Color Conform Mode. The match-criteria of the color Conform class. • Committed Rate. The committed rate is specified in kilobits-per-second (Kbps) and is an integer from 1–4294967295.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Service Configuration Use the Service Configuration screen to activate a policy on an interface. To attach a DiffServ policy to an interface: 1. Select QoS > DiffServ > Advanced > Service Configuration. 2. Select the interfaces to attach to the policy. 3. For information about how to select and configure one or more ports and LAGs, see Configuring Interface Settings on page 28From the Policy In Name list, select the policy to attach to the interface. 4.
6. Managing Device Security 6 Use the features available from the Security navigation tab to configure management security settings for port, user, and server security. The Security tab contains links to the features described in the following sections.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Management Security Settings From the Management Security menu, you can configure the login password, Remote Authorization Dial-In User Service (RADIUS) settings, Terminal Access Controller Access Control System (TACACS+) settings, and authentication lists. The Management Security folder contains links described in the following sections.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches RADIUS Configuration RADIUS servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information. The switch passes information to the configured RADIUS server, which can authenticate a user name and password before authorizing use of the network. RADIUS servers provide a centralized authentication method for: • Web access • Port access control (802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches RADIUS Server Configuration Use the RADIUS Server Configuration screen to view and configure various settings for the current RADIUS server configured on the system. To add a primary RADIUS server with a shared secret: 1. Select Security > Management Security > RADIUS > Server Configuration. 2. In the Server Address field, specify the IP address of the RADIUS server to add. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 58. RADIUS server statistics (continued) Field Description Access Challenges The number of RADIUS Access-Challenge packets, including both valid and invalid packets, that were received from this server. Malformed Access Responses The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 5. In the Secret field, type the shared secret to use with the specified accounting server. 6. From the Accounting Mode menu, select Enable to enable the RADIUS accounting mode. 7. Click the Apply button. The following table describes RADIUS accounting server statistics available on the screen. Table 59. RADIUS accounting server statistics Field Description Accounting Server Address The IP address of the supported RADIUS accounting server.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configure TACACS+ TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services: • Authentication. Provides authentication during login and through user names and user-defined passwords. • Authorization. Performed at login. When the authentication session is completed, an authorization session starts using the authenticated user name.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches TACACS+ Server Configuration Use the TACACS+ Server Configuration screen to configure up to five TACACS+ servers with which the switch can communicate. To configure TACACS+ server: 1. Select Security > Management Security > TACACS+ > Server Configuration. 2. In the TACACS Server field, specify the IP address of the TACACS server. 3. In the Priority field, specify the priority for the TACAS+ server.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Authentication List Configuration Use the Authentication List screen to configure the default login list. A login list specifies one or more authentication methods to validate switch or port access for the admin user. Note: Admin is the only user on the system and is assigned to a preconfigured list named defaultList, which you cannot delete. HTTP Authentication List Use the HTTP Authentication List to configure the default HTTP login list.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 6. From the list in the 4 column, select the method, if any, that should appear fourth in the selected authentication login list. This is the method that will be used if all previous methods time out. 7. Click the Apply button. HTTPS Authentication List Use the HTTPS Authentication List to configure the default login list for secure HTTP (HTTPS). To configure the HTTPS authentication method for the defaultList: 1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Dot1x Authentication List The Dot1x authentication list defines the IEEE 802.1X authentication method used for the default list. To change the Dot1x authentication method for the defaultList: 1. Select Security > Management Security > Authentication List > Dot1x Authentication List. 2. Select the check box next to the dot1xList name. 3. From the list in the 1 column, select the method that should appear first in the selected authentication login list.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configuring Management Access From the Access menu, you can configure HTTP and secure HTTP access to the switch management interface. You can also configure access control profiles and access rules. The Access menu contains links to the features described in the following sections.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Secure HTTP Configuration Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When you manage the switch by using the web management interface, secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man-in-the-middle attacks.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Certificate Management Use this screen to generate or delete certificates. To generate an SSL certificate: 1. Select Security > Access > HTTPS > Certificate Management. From the Certificate Present field, a Yes or No status displays. 2. In the Certificate Management area, select Generate Certificates. 3. Click the Apply button. The switch begins generating an SSL certificate. The Certificate Generation Status field shows information about the progress.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 3. From the Server Address Type list, specify either IPv4 or DNS to indicate the format of the TFTP Server Address field. The default is IPv4. 4. In the TFTP Server IP field, specify the address of the TFTP server. The address can be an IP address in standard x.x.x.x format or a hostname. The hostname must start with a letter of the alphabet. Make sure that the software image or other file to be downloaded is available on the TFTP server. 5.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Access Control Access control allows you to configure a profile and set access rules. Access Profile Configuration Use the Access Profile Configuration screen to set up a security access profile. To configure an access profile: 1. Select Security > Access > Access Control > Access Profile Configuration. 2. In the Access Profile Name field, specify the name of the access profile to be added. 3. Select one of the following options: • Activate Profile.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Access Rule Configuration Use the Access Rule Configuration screen to add security access rules. To configure access rules: 1. Select Security > Access > Access Control > Access Rule Configuration. 2. From the Rule Type field, select the action to be performed when the rules selected are matched. A permit rule allows access by traffic that matches the rule criteria. A deny rule blocks traffic that matches the rule criteria. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Port Authentication In port-based authentication mode, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the default authentication mode. The 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 3. In the VLAN Assignment Mode field, select Enable. When enabled, this feature allows a port to be placed into a particular VLAN based on the result of the authentication or type of 802.1X authentication a client uses when it accesses the device. The authentication server can provide information to the device about which VLAN to assign the supplicant. 4. Next to Dynamic VLAN Creation Mode, select Enable.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches - Unauthorized. The system denies the selected interface system access by moving the interface into unauthorized state. The switch cannot provide authentication services to the client through the interface. - MAC based. This mode allows multiple supplicants connected to the same port to each authenticate individually. Each host connected to the port must authenticate separately in order to gain access to the network.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The following table describes the 802.1X status information available on the screen. Table 61. Port authentication status information Field Description Control Direction The control direction for the specified port, which is always Both. The control direction dictates the degree to which protocol exchanges take place between Supplicant and Authenticator.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To restart the 802.1X authentication process on a port: 1. Select the check box associated with the port to reauthenticate. 2. Click the Reauthenticate button. The selected port is forced to restart the authentication process.This button is available only if the control mode is auto. If the button is not selectable, it will be grayed out. When this button is pressed, the action is immediate.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Client Summary This screen displays information about supplicant devices that are connected to the local authenticator ports. If there are no active 802.1X sessions, the table is empty. To access the Client Summary screen, select Security > Port Authentication > Advanced > Client Summary. The Client Summary screen for the 802.1X feature displays. The following table describes the fields on the Client Summary screen. Table 63. IEEE 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Traffic Control From the Traffic Control menu, you can configure MAC Filters, Storm Control, Port Security, and Protected Port settings. The Traffic Control menu contains links to the features described in the following sections.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 5. Click the orange bar under the Source Port Members heading to display the available ports. Select the ports to include in the inbound filter. If a packet with the MAC address and VLAN ID you specify is received on a port that is not in the list, it will be dropped. 6. Click the orange bar under the Destination Port Members heading to display the available ports. Select the ports to include in the outbound filter.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Storm Control A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses can overload network resources and/or cause the network to time out. The switch measures the incoming broadcast/multicast/unknown unicast packet rate per port and discards packets when the rate exceeds the defined value.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Port Security Configuration Use the Port Security feature to lock one or more ports on the system. When a port is locked, only packets with an allowable source MAC addresses can be forwarded. All other packets are discarded. To configure the global port security mode: 1. Select Security > Traffic Control > Port Security > Port Security Configuration. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 3. Specify the following settings: • Port Security. Enable or Disable the port security feature for the selected port. • Max Allowed Dynamically Learned MAC. Specify the maximum number of dynamically learned MAC addresses on the selected interface. • Max Allowed Statically Locked MAC. Specify the maximum number of statically locked MAC addresses on the selected interface. • Enable Violation Traps.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Protected Ports Membership If a port is configured as protected, it does not forward traffic to any other protected port on the switch, but it will forward traffic to unprotected ports. Use the Protected Ports Membership screen to configure the ports as protected or unprotected. To configure protected ports: 1. Select Security > Traffic Control > Protected Ports. 2. Click the orange bar to display the available ports. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Configure Access Control Lists Access control lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network. Switch software supports IPv4 and MAC ACLs.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches ACL Wizard The ACL Wizard helps you to create a simple ACL and apply it to the selected ports easily and quickly. First, you can select an ACL type. Then, you can add an ACL rule to this ACL, and a rule can be applied this ACL on the selected ports. The ACL Wizard allows you to create, but not modify, the ACL. For information about how to modify the rule, see Access Rule Configuration on page 193. To create an ACL by using the ACL Wizard: 1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 6. Specify the additional match criteria for the selected ACL type. The rest of the rule match criteria fields available for configuration depend on the selected ACL type. For information about the possible match criteria fields, see Table 67. Table 67. ACL fields according to selected ACL type. ACL Based On Fields Destination MAC • • • Source MAC • Destination MAC. Specify the destination MAC address to compare against an ethernet frame.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 67. ACL fields according to selected ACL type. ACL Based On Fields Destination IPv6 L4 Port • • Source IPv6 L4 Port • • Destination L4 port (protocol). Specify the destination IPv6 L4 port protocol. Destination L4 port (value). Specify the destination IPv6 L4 port value. Source L4 port (protocol). Specify the source IPv6 L4 port protocol. Source L4 port (value). Specify the source IPv6 L4 port value. 7.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To modify a rule: 1. Select check box associated with the rule to remove. 2. Update the match criteria as needed. 3. Click the Apply button. To remove a rule: 1. Select check box associated with the rule to remove. 2. Click the Delete button. MAC ACL A MAC ACL consists of a set of rules which are matched sequentially against a packet.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To delete a MAC ACL: 1. Select the check box next to the Name field. 2. Click the Delete button. MAC Rules Use the MAC Rules screen to define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default deny all rule is the last rule of every list. Note: To create a new MAC ACL, use the MAC ACL screen. To add rules to a MAC ACL: 1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MAC addresses with aa:bb:xx:xx:xx:xx result in a match (where x is any hexadecimal number). A MAC mask of 00:00:00:00:00:00 matches a single MAC address. • EtherType Key. Requires a packet’s EtherType to match the EtherType you select. Select the EtherType value from the drop-down menu. If you select User Value, you can enter a custom EtherType value. • EtherType User Value.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MAC Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the MAC Binding Configuration screen to assign MAC ACL lists to ACL priorities and interfaces. To configure MAC ACL interface bindings: 1. Select Security > ACL > Basic > MAC Binding Configuration. 2. From the ALC ID menu, select the MAC ACL to bind to one or more interfaces.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MAC Binding Table Use the MAC Binding Table screen to view or delete the MAC ACL bindings. The following table describes the information displayed in the MAC Binding Table. Table 68. MAC binding table information Field Description Interface The interface to which the MAC ACL is bound. Direction The packet filtering direction for ACL. The only valid direction is Inbound, which means the MAC ACL rules are applied to traffic entering the port.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IP ACL IP ACLs allow network managers to define classification actions and rules for specific ingress ports. Packets can be filtered on ingress (inbound) ports only. If the filter rules match, then some actions can be taken, including dropping the packet or disabling the port. For example, a network administrator defines an ACL rule that says port number 20 can receive TCP packets. However, if a UDP packet is received the packet is dropped.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IP Rules Use the IP Rules screen to define rules for IP-based standard ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: There is an implicit deny all rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit “deny all” rule applies and the packet is dropped. To add IP rules: 1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 5. Select or specify values for one or more of the following match criteria: • Rule ID. Specify a number from 1–50 to identify the IP ACL rule. You can create up to 50 rules for each ACL. • Action. Select the ACL forwarding action, which is one of the following: - Permit. Forward packets which meet the ACL criteria. - Deny. Drop packets which meet the ACL criteria. • Egress Queue.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IP Extended Rules Use the IP Extended Rules screen to define rules for IP-based extended ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: There is an implicit deny all rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit deny all rule applies and the packet is dropped.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches - Deny. Drops packets which meet the ACL criteria. • Egress Queue. Specify the hardware egress queue identifier used to handle all packets matching this ACL rule. • Match Every. Require a packet to match the criteria of this ACL. Select True or False from the drop-down menu. Match Every is exclusive to the other filtering rules, so if Match Every is True, the other rules on the screen are not available. • Protocol Type.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches alternative ways of specifying a match criterion for the same Service Type field in the IP header, however each uses a different user notation. After you select the service type, specify the value associated with the type. - IP DSCP. Specify the IP DiffServ Code Point (DSCP) value. The DSCP is defined as the high-order six bits of the Service Type octet in the IP header. Select an IP DSCP value from the menu.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IPv6 ACL An IPv6 ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On this menu, the interfaces to which an IP ACL applies must be specified, as well as whether it applies to inbound or outbound traffic. Rules for the IPv6 ACL are specified/created using the IPv6 Rules screen.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IPv6 Rules Use the IPv6 Rules screen to configure the rules for the IPv6 Access Control Lists. The IPv6 Access Control Lists are created using the IPv6 Access Control List Configuration screen. By default, no specific value is in effect for any of the IPv6 ACL rules. To add a rule to an IPv6 ACL: 1. Select Security > ACL > Advanced > IPv6 Rules. 2. In the ACL Name list, select the name of the ACL to add a rule to. 3. Click the Add button.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • Mirror Interface. Specifies the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface is already configured for the ACL rule. This field is visible for a Permit action. • Redirect Interface.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • IPv6 DSCP Service. Specify the IP DiffServ Code Point (DSCP) field. The DSCP is defined as the high-order six bits of the Service Type octet in the IPv6 header. This is an optional configuration. Enter an integer from 0 to 63. The IPv6 DSCP is selected by possibly selection one of the DSCP keyword from a drop-down menu.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches IP Binding Table Use the IP Binding Table screen to view or delete the IP ACL bindings. The following table describes the information displayed in the IP binding table. Table 69. IP binding table information Field Description Interface The interface to which the IP ACL is bound. Direction Specifies the packet filtering direction for ACL. The only valid direction is Inbound, which means the IP ACL rules are applied to traffic entering the port.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 5. From the ACL Type list, select the type of ACL: • IP ACL • MAC ACL • IPv6 ACL 6. From the ACL ID list, select the ID of the ACL to bind to the specified VLAN. The ACL ID field displays all the ACLs configured, depending on the ACL Type selected. 7. Click the Add button. To delete a VLAN binding: 1. Select the check box next to the VLAN with the ACL binding to remove. 2. Click the Delete button.
7. Monitoring the System 7 Use the features available from the Monitoring navigation tab to view a variety of information about the switch and its ports and to configure how the switch monitors events. The Monitoring tab contains configuration menus described in the following sections. • Ports • Logs • Mirroring Ports The screens available from the Ports menu contain a variety of information about the number and type of traffic transmitted from and received on the switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Switch Statistics The Switch Statistics screen displays detailed statistical information about the traffic the switch handles. To view the switch statistics, select Monitoring > Ports > Switch Statistics. The following table describes the switch statistics displayed on the screen. Table 70. Switch statistics Field Description ifIndex The interface index of the interface table entry associated with the processor of this switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 70. Switch statistics (continued) Field Description Transmit Packets Discarded The number of outbound packets which were chosen to be discarded, even though no errors had been detected, in order to prevent their being delivered to a higher layer protocol. A possible reason for discarding a packet could be to free up buffer space.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Port Statistics The Port Statistics screen displays a summary of per-port traffic statistics on the switch. To access the port summary screen: 1. Select Monitoring > Ports > Port Statistics. 2. Select whether to display physical interfaces, link aggregation groups (LAGs), or both by clicking one of the following links above the table heading: • 1 (or the unit ID of the switch). Only physical interfaces are displayed. This is the default setting. • LAGS.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To reset the counters for a specific interface: 1. Select the check box next to the interface for which you want to clear the counters. You can also type the interface number (for example, g7) in the Go To Interface field at the top or bottom of the table and click the Go button. 2. Click the Clear button. Port Detailed Statistics The Port Detailed Statistics screen displays a variety of per-port traffic statistics.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 72. Detailed interface statistics (continued) Field Description STP State The port's current state Spanning Tree state. This state controls what action a port takes on receipt of a frame. If the bridge detects a malfunctioning port it will place that port into the broken state. The other five states are defined in IEEE 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 72. Detailed interface statistics (continued) Field Description Packets RX and TX 256-511 Octets The total number of packets (including bad packets) received or transmitted that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 72. Detailed interface statistics (continued) Field Description Packets Received > 1518 Octets The total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets) and were otherwise well formed. Total Packets Received Without Errors The total number of packets received that were without errors.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 72. Detailed interface statistics (continued) Field Description 802.3x Pause Frames Received A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation. This counter does not increment when the interface is operating in half-duplex mode. Unacceptable Frame Type The number of frames discarded from this port due to being an unacceptable frame type.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 72. Detailed interface statistics (continued) Field Description Multicast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to a Multicast address, including those that were discarded or not sent. Broadcast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Use the buttons at the bottom of the screen to perform the following actions: • Click the Clear button to clear all the counters. This resets all statistics for this port to the default values. • Click the Refresh button to refresh the data on the screen and display the most current statistics. EAP Statistics Use the EAP Statistics screen to display information about EAP packets received on a specific port.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • To clear the counters for a specific port, select the check box associated with the port and click the Clear button. • Click the Refresh button to refresh the data on the screen and display the most current statistics. Cable Test Use the Cable Test screen to display information about the cables connected to switch ports. To perform the cable test: 1. Select Monitoring > Ports > Cable Test. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The following table describes the cable information displayed on the screen. Table 74. Cable information Field Description Port Specifies the port that has the connected cable. Cable Status The cable status. • Normal. The cable is working correctly. • Open. The cable is disconnected or there is a faulty connector. • Short. There is an electrical short in the cable. • Cable Test Failed. The cable status could not be determined.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Memory Logs The Memory Log stores messages in memory based upon the settings for message component and severity. Use the Memory Log screen to set the administrative status and behavior of logs in the system buffer. These log messages are cleared when the switch reboots. To configure the memory log settings: 1. Select Monitoring > Logs > Memory Log. 2. Next to Admin Status, select one of the following radio buttons: • Enable. Enable system logging.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Use the buttons at the bottom of the screen to perform the following actions: • Click the Clear button to clear the messages out of the buffered log in the memory. • Click the Refresh button to update the screen with the latest messages in the log. FLASH Log The FLASH log stores log messages in persistent storage, which means that the log messages can be retained across a switch reboot.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To view log messages stored in persistent storage: 1. Select Monitoring > Logs > FLASH Log. 2. Next to Logs to be Displayed, select the log messages to view: • Current Logs. View the messages logged to persistent storage during the current boot cycle. • Previous Logs. View the messages logged to persistent storage during the previous boot cycle. The screen displays up to 64 messages logged to persistent storage during the previous boot cycle.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches To add a remote syslog host (log server): 1. Specify the following settings in the following list. • IP Address Type. Specify the IP Address Type of Host. It can be one of the following: - IPv4 - IPv6 - DNS • Host Address. Specify the hostname of the host configured for syslog. • Port. Specify the port on the host to which syslog messages are sent. The default port is 514. • Severity Filter.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Trap Logs Use the Trap Logs screen to view information about the SNMP traps generated on the switch. To view trap log information, select Monitoring > Logs > Trap Logs. The Trap Logs screen displays. The following table describes the Trap Log information displayed on the screen. Table 75. Trap log statistics Field Description Number of Traps Since The number of traps that have occurred since the switch last reboot.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Event Logs Use the Event Logs screen to display the event log, which is used to hold error messages for catastrophic events. After the event is logged and the updated log is saved in flash memory, the switch will be reset. The log can hold at least 2,000 entries and is erased when an attempt is made to add an entry after it is full. The event log is preserved across system resets. To view the event logs, select Monitoring > Logs > Event Logs.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • Enable. Multiple Port Mirroring is active on the selected port. • Disable. Port mirroring is not active on the selected port, but the mirroring information is retained. 4. Select the source port or ports. You can configure multiple ports and LAGs as source ports. The CPU port can also be configured as a source port. When the CPU is a source port, traffic received or sent by the CPU is mirrored to the probe port. a.
8. 8 Maintenance Use the features available from the Maintenance tab to help you manage the switch. The Maintenance tab contains links to the features described in the following sections. • Reset • Upload • Download • File Management Reset The Reset menu contains links to the features described in the following sections. • Device Reboot • Factory Default Device Reboot Use the Device Reboot screen to reboot the switch. To reboot the switch: 1. Select Maintenance > Reset > Device Reboot. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Factory Default Use the Factory Default screen to reset the system configuration to the factory default values. Note: If you reset the switch to the default configuration, the IP address is reset to 192.168.0.239, and the DHCP client is enabled. If you loose network connectivity after you reset the switch to the factory defaults, see Connect the Switch to the Network on page 12. To reset the switch to the factory default settings: 1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches TFTP File Upload Use the TFTP File Upload screen to upload configuration (ASCII), log (ASCII), and image (binary) files from the switch to a TFTP server on the network. To upload a file from the switch to the TFTP server: 1. Select Maintenance > Upload > TFTP File Upload. 2. From the File Type list, specify the type of file you want to upload: • Archive. Retrieve the image from the operational flash. • Text Configuration.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The last row of the table displays information about the file transfer progress. The screen refreshes automatically until the file transfer completes or fails. HTTP File Upload Use the HTTP File Upload screen to upload files of various types from the switch to the management system through an HTTP session by using your web browser. To upload a file from the switch to another system by using HTTP: 1. Select Maintenance > Upload > HTTP File Upload. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Download The switch supports system file downloads from a remote system to the switch by using either TFTP or HTTP. The Download menu contains links to the features described in the following sections. • TFTP File Download • HTTP File Download TFTP File Download Use the Download File to switch screen to download device software, the image file, the configuration files, and SSL files from a TFTP server to the switch.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 3. If you are downloading a switch image (Archive), select the image on the switch to overwrite from the Image Name field. This field is visible only when Archive is selected as the File Type. Note: It is recommended that you do not overwrite the active image. The system will display a warning that you are trying to overwrite the active image. 4.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches HTTP File Download Use the HTTP File Download screen to download files of various types to the switch through an HTTP session by using your web browser. To download a file to the switch by using HTTP: 1. Select Maintenance > Download > HTTP File Download. 2. From the File Type list, specify the type of file to download to the switch: • Archive. The system software image, which is saved in one of two flash sectors called images (image1 and image2).
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches File Management The system maintains two versions of the switch software in permanent storage. One image is the active image, and the second image is the backup image. The active image is loaded during subsequent switch restarts. This feature reduces switch down time when upgrading or downgrading the switch software. A legacy software version will ignore (not load) a configuration file created that is created by a newer software version.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Dual Image Configuration Use the Dual Image Configuration screen to select which image to load during the next boot cycle, configure an image description, or delete an image. To change the image that loads during boot-up: 1. Select Maintenance > File Management > Dual Image > Dual Image Configuration. 2. From the Image Name list, select the image that is not the image shown in the Current-active field.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Dual Image Status The Dual Image Status screen shows information about the active and backup images on the system. To view dual image status information, select Maintenance > File Management > Dual Image > Dual Image Status The following table describes the information available on the screen. Table 78. Dual image status information Field Description Image1 Ver The version of the image1 code file. Image2 Ver The version of the image2 code file.
9. 9 Troubleshooting This chapter covers the following topics: • Troubleshooting Configuration Menu • Troubleshooting Chart Troubleshooting Configuration Menu The Maintenance main navigation tab gives access to the Troubleshooting configuration menu.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • In the Size field, specify the size of the ping (ICMP) packet to send. • In the Source field, select the source type from which the ping is sent, which is one of the following: - None. The source is the IP address of the default outgoing interface. - IP address. The source is an IP address that you specify. If you select this option, the IP Address field appears. Specify the source IP address of the ping in the IP address field. - Interface.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 4. Optionally, configure the following settings: • In the Count field, specify the number of pings to send. • In the Interval (secs) field, specify the number of seconds between pings sent. • In the Datagram Size field, specify the size of the ping packet. • In the Source field, select the source type from which the ping is sent, which is one of the following: - None. The source is the IP address of the default outgoing interface. - IP address.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • Source. Select the source type from which the packet is sent: - None. The source is the IP address of the default outgoing interface. - IP address. The source is an IP address that you specify. If you select this option, the IP Address field appears. Specify the source IP address of the probe packet in the IP address field. - Interface. The probe packet is sent from a specified interface. If you select this option, the Interface field appears.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Troubleshooting Chart The following table lists symptoms, causes, and solutions of possible problems. Table 79. Troubleshooting chart Symptom Cause Solution Power LED is off. No power is received. Check the power cord connections for the switch at the switch and the connected AC power source. Link/ACT LED is off when a cable connects the port to a valid device. Port connection is not working.
A. Configuration Examples This appendix contains information about how to configure: • Virtual Local Area Network Configuration Example • Access Control Lists (ACLs) • Differentiated Services • 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Virtual Local Area Network Configuration Example A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs together, routing the traffic to the appropriate port.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged. Inversely, a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches For more information about how to perform this step, see VLAN Membership Configuration on page 89. 3. In the Port PVID Configuration screen, specify the PVID for ports g1 and g4 so that packets entering these ports are tagged with the port VLAN ID: • Port g1: PVID 10 • Port g4: PVID 20 For more information about how to perform this step, see Port VLAN ID Configuration on page 91.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Access Control Lists (ACLs) ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and provide security for the network.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • CoS. 0 • Destination MAC. 01:02:1A:BC:DE:EF • Destination MAC Mask. 00:00:00:00:FF:FF • Source MAC. 02:02:1A:BC:DE:EF • Source MAC Mask. 00:00:00:00:FF:FF • VLAN ID. 2 For more information about how to perform this step, see MAC Rules on page 211. 4. From the MAC Binding Configuration screen, assign the Sales_ACL to Ethernet ports 6, 7, and 8.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Standard IP ACL Configuration Example The following example shows how to create an IP-based ACL that prevents any IP traffic from the Finance department from being allowed on the ports that are associated with other departments. Traffic from the Finance department is identified by each packet’s network IP address. 1. From the IP ACL screen, create a new IP ACL with an IP ACL ID of 1. For more information about this step, see IP ACL on page 215. 2.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Differentiated Services Standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network deliver the data in a timely fashion, although there is no guarantee that it will. During times of congestion, packets can be delayed, sent sporadically, or dropped.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • Layer 4 protocol (such as TCP or UDP) • Layer 4 source/destination ports • Source/destination IP address From a DiffServ point of view, there are two types of classes: • DiffServ traffic classes • DiffServ service levels/forwarding classes DiffServ Traffic Classes With DiffServ, you define which traffic classes to track on an ingress interface.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Traffic Conditioning Policy • Dropping. Drop a packet upon arrival. This is useful for emulating access control list operation using DiffServ, especially when DiffServ and ACL cannot co-exist on the same interface. • Mark IP DSCP or IP Precedence. Marking/re-marking the DiffServ code point in a packet with the DSCP value representing the service level associated with a particular DiffServ traffic class.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches DiffServ Configuration Example To create a DiffServ Class/Policy and attach it to a switch interface, follow these steps: 1. From the QoS Class Configuration screen, create a new class with the following settings: • Class Name. Class1 • Class Type. All For more information about this step, see Class Configuration on page 169. 2. Click the Class1 hyperlink to view the DiffServ Class Configuration screen for this class. 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches 9. From the Service Configuration screen, select the check box next to interfaces g7 and g8 to attach the policy to these interfaces, For more information about this step, see Service Configuration on page 176. 10. Click the Apply button. All UDP packet flows destined to the 192.12.2.0 network with an IP source address from the 192.12.1.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Another 802.1X feature is the ability to configure a port to Enable/Disable EAPoL packet forwarding support.You can disable or enable the forwarding of EAPoL when 802.1X is disabled on the device. The ports of an 802.1X authenticator switch provide the means in which it can offer services to other systems reachable via the LAN.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (g1–g8). These ports are available to visitors and need to be authenticated before granting access to the network. The authentication is handled by an external RADIUS server. When the visitor is successfully authenticated, traffic is automatically assigned to the guest VLAN.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MSTP Spanning Tree Protocol (STP) runs on bridged networks to help eliminate loops. If a bridge loop occurs, the network can become flooded with traffic. IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) supports multiple instances of Spanning Tree to efficiently channel VLAN traffic over different interfaces. Each instance of the Spanning Tree behaves in the manner specified in IEEE 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches An MST Region comprises of one or more MSTP Bridges with the same MST Configuration Identifier, using the same MSTIs, and which have no Bridges attached that cannot receive and transmit MSTP BPDUs.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches MSTP Configuration Example This example shows how to create an MSTP instance on the switch. The example network has three different switches that serve different locations in the network. In this example, ports g1–g5 are connected to host stations, so those links are not subject to network loops. Ports g6–g8 are connected across switches 1, 2, and 3.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Note: Bridge priority values are multiples of 4096. If you do not specify a root bridge and all switches have the same Bridge Priority value, the switch with the lowest MAC address is elected as the root bridge (see CST Configuration on page 100). 5. From the CST Port Configuration screen, select ports g1–g8 and select Enable from the STP Status list. For more information about this step, see CST Port Configuration on page 101. 6. Click the Apply button. 7.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches VLAN Routing Interface Configuration Example VLANs divide broadcast domains in a LAN environment. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic must be routed between them. This is known as inter-VLAN routing. On the switch, it is accomplished by creating Layer 3 interfaces (switch virtual interfaces (SVI)).
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches The following figure shows the VLAN Routing screen with the configured VLAN routing interface.
B. Hardware Specifications and Default Values B Switch Specifications The switch conforms to the TCP/IP, UDP, HTTP, ICMP, TFTP, DHCP, IEEE 802.1D, IEEE 802.1p, and IEEE 802.1Q standards. Table 80.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Switch Features and Defaults The tables in this section provide information about the switch features and default values. Table 81. Port characteristics Feature Sets Supported Default Auto negotiation/static speed/duplex All ports Auto negotiation Auto MDI/MDIX N/A Enabled 802.3x flow control/back pressure 1 (per system) Disabled Port mirroring 1 Disabled Port trunking (aggregation) 8 Pre-configured 802.1D spanning tree 1 Disabled 802.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 84. Security Feature Sets Supported Default 802.1X All ports Disabled MAC ACL 100 (shared with IP and IPv6 ACLs) All MAC addresses allowed IP ACL 100 (shared with MAC and IPv6 ACLs) All IP addresses allowed IPv6 ACL 100 (shared with IP ACL and MAC All IP addresses allowed ACL) Password control access 1 Idle timeout = 5 mins.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 86.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Table 87. Other features (continued) Feature Sets Supported Default Dynamic ARP Inspection N/A Disabled Multiple VLAN Registration (MVR) N/A Disabled Multiple Registration Protocol (MRP) N/A Disabled 802.
C. Notification of Compliance N ET G EAR W ir e d P ro du c ts C Certificate of the Manufacturer/Importer It is hereby certified that the ProSafe™ GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches have been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches Europe – EU Declaration of Conformity Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). This equipment meets the following conformance standards: EN300 328, EN301 489-17, EN60950 For the current EU Declaration of Conformity, visit http://kb.netgear.com/app/answers/detail/a_id/11621/. EDOC in Languages of the European Community Cesky [Czech] NETGEAR Inc.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches EDOC in Languages of the European Community Nederlands [Dutch] Hierbij verklaart NETGEAR Inc. dat het toestel Radiolan in overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG. Malti [Maltese] Hawnhekk, NETGEAR Inc., jiddikjara li dan Radiolan jikkonforma mal-htigijiet essenzjali u ma provvedimenti ohrajn relevanti li hemm fid-Dirrettiva 1999/5/EC. Magyar [Hungarian] Alulírott, NETGEAR Inc.
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • This device must accept any interference received, including interference that may cause undesired operation. FCC Radio Frequency Interference Warnings & Instructions This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
