Home
/
NETGEAR
/
GS108Tv3
/
User Manual

NETGEAR GS108Tv3, User Manual, Page: 473 / 492

Share

Page: 473 / 492

NETGEAR GS108Tv3 User Manual Download Page 473

8-Port Gigabit (PoE+) Ethernet Smart Managed Pro Switch with (2 SFP or 2 Copper Ports and)

Cloud

Management

Configuration Examples

User Manual

473

Figure 3. 802.1X authentication roles

802.1X example configuration

This example shows how to configure the switch so that 802.1X-based authentication is
required on the ports in a corporate conference room (1/0/5–1/0/8). These ports are available
to visitors and must be authenticated before access is granted to the network. The
authentication is handled by an external RADIUS server. When the visitor is successfully
authenticated, traffic is automatically assigned to the guest VLAN. This example assumes
that a VLAN was configured with a VLAN ID of 150 and VLAN name of Guest.

1.

On the Port Authentication page, select ports

1/0/5

,

1/0/6

,

1/0/7

, and

1/0/8

.

2.

From the

Port Control

menu, select

Unauthorized

.

The selection from the

Port Control

menu for all other ports on which authentication is

not needed must be

Authorized

. When the selection from the

Port Control

menu is

Authorized

, the port is unconditionally put in a force-authorized state and does not

require any authentication. When the selection from the

Port Control

menu is

Auto

, the

authenticator PAE sets the controlled port mode.

3.

In the

Guest VLAN

field for ports 1/0/5–1/0/8, enter

150

to assign these ports to the guest

VLAN.

You can configure additional settings to control access to the network through the ports.
See

Configure a port security interface on page

for information about the settings.

4.

Click the

Apply

button.

5.

On the 802.1X Configuration page, set the port based authentication state and guest VLAN
mode to

Enable

, and then the

Apply

Configure the global port security

.)

This example uses the default values for the port authentication settings, but you can
configure several additional settings. For example, the

EAPOL Flood Mode

field allows

you to enable the forwarding of EAPoL frames when 802.1X is disabled on the device.

«
...
471
472
473
474
475
...
»

Summary of Contents for GS108Tv3

Page 1: ... East Plumeria Drive San Jose CA 95134 USA August 2019 202 11992 02 User Manual 8 Port Gigabit PoE Ethernet Smart Managed Pro Switch with 2 SFP or 2 Copper Ports and Cloud Management Models GS108Tv3 GS110TPv3 GS110TPP ...

Page 2: ...r the local browser interface We changed the login procedures for all tasks 202 11992 01 July 2019 This manual adds supports model GS110TPP We changed the login procedures for all tasks After you register and access the switch with your NETGEAR account you can now access the switch with the local device password In the first publication the local device password was called the local login password...

Page 3: ...4 Discover the switch in a network with a DHCP server using the Smart Control Center 26 Discover the switch in a network without a DHCP server using the Smart Control Center 27 Use other options to discover the switch IP address 28 Access the switch on network when you know the switch IP address 29 Access the switch off network 30 Credentials for the local browser interface 32 NETGEAR Insight and ...

Page 4: ...rver 69 Configure daylight saving time settings 74 View the daylight saving time status 77 Configure denial of service settings 78 Configure Auto DoS 78 Configure denial of service 79 Configure DNS settings 82 Configure the global DNS settings and add a DNS server 82 Remove a DNS server 84 Configure and view host name to IP address information 85 Configure green Ethernet settings 88 Configure the ...

Page 5: ...dule 134 Change the settings for a recurring PoE timer schedule entry 136 Delete a PoE timer schedule entry 137 Delete a PoE timer schedule 138 Chapter 3 Configure Switching Configure the port settings and maximum frame size 140 Configure link aggregation groups 143 Configure LAG settings 143 Configure LAG membership 145 Set the LACP system priority 147 Set the LACP port priority settings 148 Conf...

Page 6: ...09 IGMP snooping querier overview 210 Configure an IGMP snooping querier 211 Configure an IGMP snooping querier for a VLAN 212 Display the status of the IGMP snooping querier for VLANs 213 Manage MLD snooping 215 Enable MLD snooping 215 Configure MLD snooping for interfaces 216 Configure the MLD VLAN settings 218 Modify the MLD snooping settings for a VLAN 219 Remove MLD snooping from a VLAN 220 C...

Page 7: ...263 Configure the CoS settings for an interface 264 Configure the CoS queue settings for an interface 266 Map 802 1p priorities to queues 268 Map DSCP values to queues 269 Manage Differentiated Services 271 Defining DiffServ 271 Configure the DiffServ mode and display the entries in the DiffServ private MIB tables 272 Configure a DiffServ class 273 Configure DiffServ IPv6 class settings 280 Config...

Page 8: ...ation on individual ports 336 View the port summary 341 View the client summary 342 Set up traffic control 344 Manage MAC filtering 344 Configure storm control settings 348 Manage port security 352 Configure protected ports 356 Configure access control lists 357 Use the ACL Wizard to create a simple ACL 358 Configure a MAC ACL 364 Configure MAC ACL rules 367 Configure MAC bindings 372 View or dele...

Page 9: ...o the switch or update the software image 442 Use HTTP to download a file to the switch or update the software image 445 Manage software images 447 Copy a software image 447 Configure dual image settings 448 View the dual image status 451 Perform diagnostics and troubleshooting 452 Ping an IPv4 address 452 Ping an IPv6 address 454 Send an IPv4 traceroute 456 Send an IPv6 traceroute 458 Enable remo...

Page 10: ...ions and Default Settings Switch default settings 480 General feature default settings 481 System setup and maintenance settings 488 Port characteristics 488 Traffic control settings 489 Quality of Service settings 489 Security settings 490 System management settings 490 Settings for other features 491 Hardware technical specifications 491 ...

Page 11: ...rocedures and explains the options that are available within those procedures This chapter contains the following sections Available publications Model descriptions Switch management options and default management mode Manage the switch by using the local browser interface About on network and off network access Access the switch on network and connected to the Internet Access the switch off netwo...

Page 12: ...atures and bug fixes are made available from time to time at netgear com support download Some products can regularly check the site and download new firmware or you can check for and download new firmware manually If the features or behavior of your product does not match what is described in this guide you might need to update your firmware Available publications The following guides are availab...

Page 13: ... access points VoIP phones and IP security cameras so that you do not need to use power supplies for those devices The model can supply up to 30W PoE IEEE 802 3at to each copper port with a maximum PoE power budget of 55W across all active PoE copper ports GS110TPP 8 Port Gigabit PoE Ethernet Smart Managed Pro Switch with 2 Copper Ports and Cloud Management This model provides eight Gigabit PoE RJ...

Page 14: ...nagement mode of the switch to NETGEAR Insight Mobile App and Insight Cloud Portal you can use the following applications to manage the switch remotely NETGEAR Insight app With the NETGEAR Insight app you can discover the switch on the network and add the switch to the NETGEAR Insight app so that you can set up the switch in the network and manage and monitor the switch remotely from your smartpho...

Page 15: ...icles about NETGEAR Insight visit netgear com support Software requirements for the local browser interface To access the switch by using a web browser the browser must meet the following software requirements HTML version 4 0 or later HTTP version 1 1 or later Supported web browsers for the local browser interface The following browsers were tested and support the local browser interface Later br...

Page 16: ... 1 Switch navigation tabs configuration menus and page menu The navigation tabs along the top of the local browser interface give you quick access to the various switch functions The tabs are always available and remain constant regardless of which feature you configure When you select a tab the features for that tab appear as menus directly under the tabs The configuration menus in the blue bar c...

Page 17: ...figuration options for the page Buttons in the local browser interface Each page also contains command buttons The following table shows the command buttons that are used throughout the pages in the local browser interface Table 1 Command buttons in the local browser interface Button Function Add Clicking the Add button adds the new item configured in the heading row of a table Apply Clicking the ...

Page 18: ...ess You can access the switch either on network or off network On network and connected to the Internet When you use the local browser interface for easiest access we recommend that you cable the switch to a network that is connected to the Internet and that includes a router or DHCP server that assigns IP addresses power on the switch and then use a computer that is connected to the same network ...

Page 19: ...ress of the switch on the network NETGEAR Insight app You can install the NETGEAR Insight app on an iOS or Android mobile device and discover the IP address of the switch See Use the NETGEAR Insight app to discover the switch on page 24 NETGEAR Switch Discovery Tool SDT If you use a Mac or a 64 bit Windows based computer you can use the SDT to discover the switch on your network See Use the NETGEA...

Page 20: ...uter to the same network as the switch You can use a WiFi or wired network connection 4 Open Windows Explorer 5 Click the Network link 6 If prompted enable the Network Discovery feature 7 Under Network Infrastructure locate the switch model number The model number can be GS108Tv3 GS110TPv3 or GS110TPP 8 Double click GSmodel xx xx xx xx xx xx where GSmodel is the model number of your switch and xx ...

Page 21: ...account and then register the switch with your NETGEAR email address and password Local device password If you previously logged in to the local browser interface and registered the switch with your NETGEAR email address and password enter the local device password By default the local device password is password Note If you did not yet register the switch you can log in to the local browser inter...

Page 22: ... where GSmodel is the model number of your switch and xx xx xx xx xx xx is the MAC address of the switch or Bookmarks Bonjour Webpages GSmodel xx xx xx xx xx xx depending on your Mac OS version The NETGEAR Business page opens 10 If your browser does not open the NETGEAR Business page but displays a security message and does not let you proceed do one of the following Google Chrome If Google Chrome...

Page 23: ... in to the local browser interface and registered the switch with your NETGEAR email address and password enter the local device password By default the local device password is password Note If you did not yet register the switch you can log in to the local browser interface with the local device password and access the maintenance features To access all features register your switch For more inf...

Page 24: ...i router or access point to which the switch is connected 3 Open the NETGEAR Insight app 4 If you did not set up a NETGEAR account tap Create NETGEAR Account and follow the onscreen instructions 5 Enter the email address and password for your account and tap LOG IN After you log in to your account the IP address of the switch displays in the device list 6 Write down the switch IP address You can t...

Page 25: ...SDT V1 2 102 dmg and install the program on your computer The installation process places a NETGEAR Switch Discovery Tool icon on your desktop 4 Reenable the security services on your computer 5 Power on the switch The DHCP server assigns the switch an IP address 6 Connect your computer to the same network as the switch You can use a WiFi or wired connection The computer and the switch must be on ...

Page 26: ...y default When you connect the switch to your network the DHCP server automatically assigns an IP address to the switch Use the Smart Control Center SCC to discover the IP address automatically assigned to the switch For information about the SCC visit netgear com support product SCC To install the switch in a network with a DHCP server 1 Connect the switch to a network with a DHCP server 2 Power ...

Page 27: ...e the SCC to assign a static IP address to your switch After you do so you can connect your switch to the network For information about the SCC visit netgear com support product SCC To assign a static IP address 1 Connect the switch to your existing network or directly to your computer using an Ethernet cable Note If you connect your computer directly to the switch using an Ethernet cable the IP a...

Page 28: ... on page 34 you can access the local browser interface from the SCC by selecting your switch in the SCC and clicking the Web Browser Access button Use other options to discover the switch IP address If the switch is on network you can use one of the following options to determine the switch IP address Access the DHCP server You can access the DHCP server or router that functions as a DHCP server i...

Page 29: ...ng pop up window opens click the Visit Website button If another pop up window opens to let you confirm changes to your certificate trust settings enter your Mac user name and password and click the Update Setting button Mozilla Firefox If Mozilla Firefox displays a Your connection is not secure message click the ADVANCED button Then click the Add Exception button In the pop up window that opens c...

Page 30: ...ou previously logged in to the local browser interface and registered the switch with your NETGEAR email address and password You changed the management mode to NETGEAR Insight Mobile App and Insight Cloud Portal You changed the management mode back to Direct Connect Web browser Interface Note You must continue to use the Insight network password until you manually change the local device password...

Page 31: ...int The Mac article is written for an access point but is also valid for a switch 2 Connect your computer to the switch using an Ethernet cable 3 Power on the switch by connecting its power cord 4 Launch a web browser 5 Open a web browser and enter http 192 168 0 239 This is the default IP address of the switch The login page displays 6 If your browser does not open the login page but displays a s...

Page 32: ...ccessing the switch local browser interface in either management mode That is it does not apply to accessing the NETGEAR Insight app and Cloud portal Until you register the switch you can log in to the local browser interface with the local device password and access the maintenance features To access all features register your switch For more information visit the NETGEAR knowledge base at netgea...

Page 33: ... initial registration You use the Insight app to discover the switch in your physical network You add the switch to an Insight network location You do want to manage the switch with the Insight app or Insight Cloud portal and therefore you change the management mode on the switch to NETGEAR Insight Mobile App and Insight Cloud Portal mode In this situation the Insight network password for the loca...

Page 34: ...No Insight network password Limited menu Yes Insight network password Limited menu2 2 You can manage the Insight features through the Insight app and Insight Cloud portal Register and access the switch with your NETGEAR account You only need to register and access the switch local browser interface once with your NETGEAR account After you do so you can access the local browser interface with the l...

Page 35: ... click the Add Exception button In the pop up window that opens click the Confirm Security Exception button and install a security certificate Microsoft Internet Explorer If Microsoft Internet Explorer displays a There is a problem with this website s security certificate message click the Continue to this website not recommended link and install a security certificate Microsoft Edge If Microsoft ...

Page 36: ...net on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Clou...

Page 37: ... the cloud server including the switch password that is the password is reset to the Insight network password If you use the Insight app or the Insight Cloud portal you can temporarily change the management mode of the switch back to Directly Connect to Web Browser Interface You can then access the local browser interface for settings that are not Insight manageable for complex tasks such as integ...

Page 38: ...ess the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the In...

Page 39: ...nnect to Web browser Interface To change the management mode of the switch back to Directly Connect to Web Browser Interface 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web brow...

Page 40: ...w of the local browser interface The Device View displays the ports on the switch This graphic tool provides an alternate way to navigate to configuration and monitoring options The graphic tool also provides information about device ports configuration and status tables and feature components To use the Device View 1 Connect your computer to the same network as the switch You can use a WiFi or wi...

Page 41: ... on page 32 5 Click the Login button The System Information page displays 6 Select System Device View The Device View page displays The following figure shows the Device View page for model GS110TPv3 The Device View page depends on the model GS108Tv3 For model GS108Tv3 each port provides a left LED and a right LED that combined indicate the link and speed as described in the following table Table ...

Page 42: ...ons as the combined link and speed LED and ports 1 through 8 provide a right LED that indicates the PoE status as described in the following table Table 6 Device view port LEDs for model GS110TTP LED Description RJ 45 left LED Link speed and activity for Ethernet ports 1 to 10 Solid green A valid 1 Gbps port link is established Solid yellow A valid 10 Mbps or 100 Mbps port link is established Blac...

Page 43: ...d on and operating normally Solid yellow does not apply to the Device View If the switch is off or booting you cannot access the Device View GS110TPP The Power LED is a tricolor LED that serves as an indicator of power and management mode status Solid green The switch is powered on and operating normally If you changed the management mode of the switch to NETGEAR Insight the switch is not yet adde...

Page 44: ...d on the front panel You configure the logical interfaces by using the software The following table describes the naming convention for all interfaces available on the switch Table 7 Naming conventions for interfaces Interface Description Example Physical The physical ports are Gigabit Ethernet interfaces and are numbered sequentially starting from 1 g1 g2 g12 Link aggregation group LAG LAG interf...

Page 45: ...LAGs 2 In the Go To Interface field type the port number For example type g4 For more information see Table 7 Naming conventions for interfaces on page 44 3 Click the Go button The check box associated with the interface is selected the row for the selected interface is highlighted and the interface number displays in the heading row 4 Configure the desired settings 5 Click the Apply button Your s...

Page 46: ...ltiple ports 1 Ensure that the page is displaying all ports and not only the LAGs 2 Select the check box next to each port to configure The row for each selected interface is highlighted 3 Configure the desired settings 4 Click the Apply button Your settings are saved To configure multiple LAGs 1 Click the LAG link or the All link to display the LAGs 2 Select the check box next to each LAG to conf...

Page 47: ...utton Your settings are saved To configure multiple ports and LAGs 1 Click the All link to display all ports and LAGs 2 Select the check box associated with each port and LAG to configure The rows for the selected ports and LAGs are highlighted 3 Configure the desired settings 4 Click the Apply button Your settings are saved To configure all ports and LAGs 1 Click the All link to display all ports...

Page 48: ...know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local dev...

Page 49: ...cess the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previous...

Page 50: ... the IP network settings for management access Configure the time settings Configure denial of service settings Configure DNS settings Configure green Ethernet settings Use the Device View Configure Power over Ethernet Configure SNMP Configure Link Layer Discovery Protocol Configure DHCP snooping Set up PoE timer schedules ...

Page 51: ...web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registra...

Page 52: ... to 255 alphanumeric characters The default is blank System Contact Enter the contact person for this switch You can use up to 255 alphanumeric characters The default is blank 7 Click the Apply button Your settings are saved The following table describes the status information that the System Information page displays Table 8 System Information Field Description Product Name The product name of th...

Page 53: ...network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network passw...

Page 54: ... connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page disp...

Page 55: ...gure the CPU thresholds The CPU Utilization Threshold notification feature allows you to configure thresholds that when exceeded trigger a notification The notification occurs through SNMP trap and syslog messages To configure the CPU thresholds 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect direct...

Page 56: ...e total CPU utilization exceeds this threshold value over the configured time period The range is 1 to 100 Rising Interval This utilization monitoring time period can be configured from 5 to 86400 seconds in multiples of 5 seconds Falling Threshold Notification is triggered when the total CPU utilization falls below this level for a configured period of time The falling utilization threshold must ...

Page 57: ...face 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network ...

Page 58: ...he default gateway for the IP interface The default value is 192 168 0 254 9 In the Management VLAN ID field leave the default value or specify the VLAN ID for the management VLAN The management VLAN is used to establish an IP connection to the switch from a computer that is connected to a port in the same VLAN If not specified the active management VLAN ID is 1 default which allows an IP connecti...

Page 59: ...nnection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The logi...

Page 60: ...IPv6 Gateway field specify the default gateway for the IPv6 network interface The gateway address is in IPv6 global or link local address format 10 To configure one or more static IPv6 addresses for the management interface do the following a In the IPv6 Prefix Prefix Length field specify the static IPv6 prefix and prefix to the IPv6 network interface The address is in the global address format b ...

Page 61: ...em Management IPv6 Network Neighbor 7 To refresh the page with the latest information about the switch click the Update button The following table describes the information the IPv6 Network Neighbor page displays about each IPv6 neighbor that the switch discovered Table 11 IPv6 network interface neighbor table information Field Description IPv6 address The IPv6 address of the neighbor that was det...

Page 62: ...directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Re...

Page 63: ...he Coordinated Universal Time UTC The time zone can affect the display of the current system time The default value is UTC Note When using SNTP NTP time servers to update the switch s clock the time data received from the server is based on the UTC which is the same as Greenwich Mean Time GMT This might not be the time zone in which the switch is located 11 In the Offset Hours field specify the nu...

Page 64: ...s of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is pa...

Page 65: ...st mode but uses a local broadcast address instead of a multicast address The broadcast address provides a single subnet scope while a multicast address provides an Internet wide scope The default value is Unicast 9 If the SNTP client mode is Unicast use the SNTP Server Configuration page to add the IP address or DNS name of one or more SNTP servers for the switch to poll For more information see ...

Page 66: ...bal Configuration section configure the following settings a In the Time Zone Name field specify the acronym for a time zone You can also specify the number of hours and number of minutes that the time zone is different from the Coordinated Universal Time UTC The time zone can affect the display of the current system time The default value is UTC Note When using SNTP NTP time servers to update the...

Page 67: ...h on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the...

Page 68: ... If no message was received from a server a status of Other is displayed These values are appropriate for all operational modes Other The status of the last request is unknown Success The SNTP operation was successful and the system time was updated Request Timed Out After an SNTP request was sent to an SNTP server the response timer expired before a response from the server was received Bad Date ...

Page 69: ... evaluated based on the time level and server type SNTP time definitions are assessed and determined by the following time levels T1 Time that the original request was sent by the client T2 Time that the original request was received by the server T3 Time that the server sent a reply T4 Time that the client received the server s reply The device can poll unicast server types for the server time Po...

Page 70: ... Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app o...

Page 71: ...iority value of 2 and so on If any servers are assigned the same priority the SNTP client contacts the servers in the order that they appear in the table The range is from 1 to 3 The default value is 1 11 In the Version field specify the NTP version running on the server The range is 1 to 4 The default value is 4 12 Click the Add button The SNTP server entry is added 13 Repeat the previous steps t...

Page 72: ... the credentials see Credentials for the local browser interface on page 32 Last Attempt Status The status of the last SNTP request or unsolicited message for both unicast and broadcast modes If no message was received from a server a status of Other is displayed These values are appropriate for all operational modes Other The status of the last request is unknown or no SNTP responses were receive...

Page 73: ...ess of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device p...

Page 74: ...f network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch wi...

Page 75: ...d States When this option is selected the rest of the applicable fields on the page are automatically populated and cannot be edited Non Recurring Daylight saving time settings are in effect only between the start date and end date of the specified year When this option is selected the summer time settings do not repeat on an annual basis 8 Depending on your selection configure the additional fiel...

Page 76: ...h Date Configure the end date in the month Year Configure the end year Hours Configure the end hour Minutes Configure the end minutes Offset Specify the number of minutes to shift the summer time from the standard time The range is from 1 to 1440 minutes Zone Specify the acronym associated with the time zone when summer time is in effect This field is not validated against an official list of time...

Page 77: ...rowser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration ...

Page 78: ...daylight saving time is disabled Zone The zone acronym This field is not displayed when daylight saving time is disabled Daylight Saving DST in Effect Indicates whether daylight saving time is in effect Configure denial of service settings You can configure the denial of service DoS settings for the switch The switch provides support for classifying and blocking specific types of DoS attacks Confi...

Page 79: ...on page displays 6 Select System Management Denial of Service Auto DoS Configuration The Auto DoS Configuration page displays 7 Select the Auto DoS Mode Enable radio button When an attack is detected a warning message is logged to the buffered log and is sent to the syslog server At the same time the port is shut down and can be enabled only manually by the admin user 8 Click the Apply button Your...

Page 80: ...cation For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select System Management Denial of Service Denial of Service Configuration 7 Select the types of DoS attacks for the switch to monitor and block and configure any associated values Denial of Service Min TCP Header Size Specify the m...

Page 81: ...ention causes the switch to drop broadcast ICMP echo request packet Denial of Service SIP DIP Enabling SIP DIP DoS prevention causes the switch to drop packets with a source IP address equal to the destination IP address Denial of Service SMAC DMAC Enabling SMAC DMAC DoS prevention causes the switch to drop packets with a source MAC address equal to the destination MAC address Denial of Service TC...

Page 82: ... the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet o...

Page 83: ...d is provides the domain name for example if default domain name is netgear com and the user enters test then test is changed to test netgear com to resolve the name The name must not be longer than 255 characters 9 In the DNS Server field specify the IPv4 address to which the switch sends DNS queries 10 Click the Add button The server is added to the list You can specify up to eight DNS servers T...

Page 84: ...itch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight netw...

Page 85: ...d of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords Afte...

Page 86: ...ress field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passw...

Page 87: ...connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through t...

Page 88: ...ou can configure the global green Ethernet settings To configure the global green Ethernet settings 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address ...

Page 89: ...r mode It is defined by the IEEE 802 3az standard Lower power mode enables both the send and receive sides of the link to disable some functionality for power savings when the load is light Transition to low power mode does not change the link status Frames in transit are not dropped or corrupted in transition to and from low power mode Transition time is transparent to upper layer protocols and a...

Page 90: ...terface select the check box associated with the port or type the port number in the Go To Interface field and click the Go button To configure multiple interfaces with the same settings select the check box associated with each interface To configure all interfaces with the same settings select the check box in the heading row 8 From the Auto Power Down Mode menu select Enable or Disable By defau...

Page 91: ...tings for each port Note For more information about PoE see the hardware installation guide which you can download by visiting netgear com support download PoE concepts Models GS110TPv3 and GS110TPP include eight PoE plus PoE ports The following table shows the capacity for each model Table 19 PoE capacities for models GS110TPv3 and GS110TPP Model Maximum PoE Power Per Individual Port Maximum Powe...

Page 92: ...d to one of its PoE ports and whether that device needs power and how much so that the switch can provide the correct power the device During the Plug and Play process the connected device can provide its Class response to the switch in many ways depending on how the vendor programmed the device The following table shows the device classes for PoE devices adhering to the IEEE 802 3at standard The ...

Page 93: ...y their classes The PD attached to Port 1 consumes 7 3W the PD attached to Port 2 consumes 4 7W and the PD attached to Port 3 consumes 8 9W So even though the switch provides power to two Class 4 devices and one Class 3 device if the default power adapter is installed the available power budget is 99 1W 120W 7 3 4 7 8 9W To determine the delivered power by a PoE port 1 Connect your computer to the...

Page 94: ...u can upgrade the PoE power budget to 190W After you change the power adapter you must use the local browser interface to activate the new power adapter that you connected to the switch Note If you do not change the power adapter you do not need to select the PoE budget and power adapter in the local browser interface By default the 130W power adapter is selected and model GS110TPP provides a PoE ...

Page 95: ... the Login button The System Information page displays 6 Select System PoE Basic PoE Configuration The PoE Configuration page displays At the top of the page the Power Adapter Capacity PoE Budget section displays 7 Select the radio button for the power adapter that you connected 8 Click the Apply button Your setting are saved The PoE power budget adjusts Configure the global PoE settings To config...

Page 96: ... to set the threshold level at which a trap is sent if the consumed power exceeds the threshold power 8 From the Power Management Mode menu select the power management algorithm that the switch uses to deliver power to the requesting powered devices PDs Static Specifies that the power allocated for each port depends on the type of power threshold configured on the port Dynamic Specifies that the p...

Page 97: ...GEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface o...

Page 98: ...t Low Low priority This is the default setting Medium Medium priority High High priority Critical Critical priority The port priority determines which ports can still deliver power after the total power delivered by the switch exceeds the total power budget In such a situation the switch might not be able to deliver power to all connected devices If the same priority applies to two ports the lower...

Page 99: ...es However depending on which option you select a PD that does not report its class correctly might not power up at all 12 In the Power Limit mW field enter the maximum power in mW that the port can deliver The range is 3 000 30 000 mW The default is 30 000 mW 13 From the Detection Type menu select how the port detects the attached PD IEEE 802 The port performs a 4 point resistive detection This i...

Page 100: ...Fault Status The error description when the PoE port is in a fault state No Error The port is not in any error state and can provide power MPS Absent The port detected the absence of the main power supply preventing the port from providing power Short The port detected a short circuit condition preventing the port from providing power Overload The PD that is connected to the port attempts to draw ...

Page 101: ...using SNMP Add an SNMP community To add an SNMP community 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP ad...

Page 102: ... 168 1 0 to 192 168 1 255 inclusive is allowed access To allow access from only one station use a management station IP mask value of 255 255 255 255 and use that computer s IP address as the client address 9 In the Community String field specify a community name 10 From the Access Mode menu select the access level for this community which is either Read Write or Read Only 11 From the Status menu ...

Page 103: ...ext to the community 8 Update the desired fields 9 Click the Apply button Your settings are saved Delete an SNMP community To delete an SNMP community 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the addr...

Page 104: ...ect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connect...

Page 105: ...tton The receiver configuration is added Modify information about an existing SNMP trap recipient To modify information about an existing SNMP trap recipient 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In t...

Page 106: ...s of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device pas...

Page 107: ...ge displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the c...

Page 108: ...do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the lo...

Page 109: ... network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business ...

Page 110: ...tocol LLDP allows stations on an 802 LAN to advertise major capabilities and physical descriptions A network manager can view this information to identify system topology and detect bad configurations on the LAN LLDP is a one way protocol without any request response sequences Information is advertised by stations implementing the transmit function and is received and processed by stations impleme...

Page 111: ...displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 3 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network l...

Page 112: ...ort 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network a...

Page 113: ...lected ports Rx Only Enable only receiving LLDP PDUs on the selected ports Tx and Rx Enable both transmitting and receiving LLDP PDUs on the selected ports Disabled Do not transmit or receive LLDP PDUs on the selected ports The default is Tx and Rx Management IP Address Choose whether to advertise the management IP address from the interface The possible field values are as follows Stop Advertise ...

Page 114: ...rowser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration ...

Page 115: ...LAN ID The VLAN ID associated with the policy VLAN Type Indicates whether the VLAN associated with the policy is tagged or untagged User Priority The priority associated with the policy DSCP The DSCP associated with a particular policy type Configure the LLDP MED port settings You can enable the LLDP MED mode on a port and configure its properties To configure the LLDP MED settings for a port 1 Co...

Page 116: ...n the interface When LLDP MED is enabled the transmit and receive function of LLDP is effectively enabled on the interface Notification When Notification is enabled the port sends a topology change notification if a device is connected or removed MED Capabilities When MED Capabilities is enabled the port transmits the capabilities type length values TLVs in the LLDP PDU frames Network Policy When ...

Page 117: ...through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select System LLDP Advanced Local Information The page includes only the interfaces on which LLDP is enabled The following tab...

Page 118: ...ace uses such as an IPv4 address Address The address used to manage the device Interface SubType The port subtype Interface Number The number that identifies the port MAC PHY Details Auto Negotiation Supported Indicates whether the interface supports port speed autonegotiation The option is True enabled or False disabled Auto Negotiation Enabled The port speed autonegotiation support status The op...

Page 119: ...ogin page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight...

Page 120: ... system name associated with the remote device If the field is blank the name might not be configured on the remote system 7 To view additional information about the remote device click the link in the MSAP Entry column A pop up window displays information for the selected port The following table describes the information transmitted by the neighbor Field Description Port Details Local Port The i...

Page 121: ...ection and bit injection into the network MED Details Capabilities Supported The supported capabilities that were received in MED TLV from the device Current Capabilities The advertised capabilities that were received in MED TLV from the device Device Class The LLDP MED endpoint device class The possible device classes are as follows Endpoint Class 1 indicates a generic endpoint class offering bas...

Page 122: ...rtised by the remote device Asset ID The asset ID advertised by the remote device Location Information Civic The physical location such as the street address that the remote device advertised in the location TLV for example 123 45th St E The field value length range is 6 160 characters Coordinates The location map coordinates that the remote device advertised in the location TLV including latitude...

Page 123: ... using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your N...

Page 124: ...he device drops the packet 9 Click the Apply button Your settings are saved Enable DHCP for all member interfaces of a VLAN To enable DHCP snooping for all member interfaces of a VLAN 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 L...

Page 125: ...m Services DHCP Snooping Global Configuration 7 Select the check box for the VLAN 8 From the DHCP Snooping Mode menu select Enable 9 Click the Apply button Your settings are saved Configure DHCP snooping interface settings You can view and configure each port as a trusted or untrusted port Any DHCP responses received on a trusted port are forwarded If a port is configured as untrusted any DHCP or ...

Page 126: ... information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select System Services DHCP Snooping Interface Configuration 7 Select whether to display physical interfaces LAGs or both by clicking one of the following links above the table heading 1 the unit ID of the switch Only physical interfaces are ...

Page 127: ... packet is received and dropped by the interface 11 In the Rate Limit pps field specify the rate limit value for DHCP snooping purposes If the incoming rate of DHCP packets per second exceeds the configured burst interval per second the port shuts down If the rate limit value is None he burst interval is also nonapplicable and rate limiting is disabled 12 In the Burst Interval secs field specify t...

Page 128: ...nding Configuration 7 From the Interface menu select the interface on which the DHCP client is authorized 8 In the MAC Address field specify the MAC address for the binding to be added This is the key to the binding database 9 From the VLAN ID menu select the ID of the VLAN that the client is authorized to use 10 In the IP Address field specify the IP address of the client 11 Click the Add button ...

Page 129: ...d to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insig...

Page 130: ... untrusted interfaces To view or clear the DHCP snooping statistics 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know...

Page 131: ...FFER DHCPACK DHCPNAK and DHCPRELEASEQUERY messages that were dropped on an untrusted port Set up PoE timer schedules For models GS110TPv3 and GS110TPP you can define multiple timer schedules each with a unique name that you can use for PoE power delivery to attached PDs After you create a timer schedule you can associate it with one or more PoE ports see Configure the PoE port settings on page 97 ...

Page 132: ...r interface on page 32 5 Click the Login button The System Information page displays 6 Select System Timer Schedule Basic Global Configuration The Timer Schedule Name page displays 7 In the Timer Schedule Name field specify the name for a timer schedule 8 Click the Add button The timer schedule is added to the table on the Timer Schedule Name page and is assigned an ID Specify the settings for an ...

Page 133: ...imer schedule that you want to configure You can select only names of schedules that you created see Create a PoE timer schedule on page 131 b Timer Schedule Type Select Absolute The fields in the Timer Schedule Configuration section might adjust to let you configure a timer schedule for specific dates and times c Timer Schedule Entry To add a new entry select new Selecting an existing entry lets ...

Page 134: ... know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local de...

Page 135: ...ect the pattern Daily The timer schedule works with daily recurrence The fields adjust Either select the Every Weekday radio button to let the schedule operate from Monday through Friday or select the Every Day s radio button and enter a number from 0 to 255 in the field In the latter case the schedule is triggered every specified number of days If the number of days is not specified or if you ent...

Page 136: ... network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network pass...

Page 137: ...etwork on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network passwo...

Page 138: ...ccess the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previou...

Page 139: ...the port settings and maximum frame size Configure link aggregation groups Configure VLANs Configure Auto VoIP Configure Spanning Tree Protocol Configure multicast Manage IGMP snooping Manage MLD snooping View search and manage the MAC address table Configure Layer 2 loop protection ...

Page 140: ... you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default t...

Page 141: ...ck box in the heading row 10 In the Description field enter the description string to be attached to a port The string can be up to 64 characters in length 11 From the Admin Mode menu select Enable or Disable This selection specifies the administrative mode for port control You must select Enable in order for the port to participate in the network The default is Enable 12 From the Autonegotiation ...

Page 142: ...es not send pause frames and data loss could occur This is the default setting Symmetric If the port buffers become full the switch sends pause frames to stop traffic Flow control helps to prevent data loss when the port cannot keep up with the number of frames being switched When you enable flow control the switch can send a pause frame to stop traffic on the port if the amount of memory used by ...

Page 143: ...ds to the port when the MIB object type PortList is used to manage in SNMP ifIndex The ifIndex of the interface table entry associated with the port Configure link aggregation groups Link aggregation groups LAGs which are also known as port channels allow you to combine multiple full duplex Ethernet links into a single logical link Network devices treat the aggregation as if it were a single link ...

Page 144: ...NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interfac...

Page 145: ...AG Disable Spanning tree is disabled for this LAG Enable Spanning tree is enabled for this LAG Enable is the default 12 From the Link Trap menu select Enable or Disable to specify whether to send a trap when the link status changes The default is Enable which causes the trap to be sent 13 From the LAG Type menu select Static or LACP Static Disables Link Aggregation Control Protocol LACP on the sel...

Page 146: ...ter and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Creden...

Page 147: ... browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registratio...

Page 148: ...er to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR ...

Page 149: ...t field configure the administrative LACP time out value Long Specifies a long time out value Short Specifies a short time out value 10 Click the Apply button Your settings are saved Configure VLANs Adding virtual LAN VLAN support to a Layer 2 switch offers some of the benefits of both bridging and routing Like a bridge a VLAN switch forwards traffic based on the Layer 2 header which is fast and l...

Page 150: ...to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet...

Page 151: ...a VLAN using this page its type is always static A VLAN that is created by the Generic VLAN Registration Protocol GVRP initially uses a type of dynamic You can change the type of a dynamic VLAN to static 10 Click the Add button The VLAN is added to the switch Delete a VLAN To delete a VLAN from the switch 1 Connect your computer to the same network as the switch You can use a WiFi or wired connect...

Page 152: ...delete VLANs 1 4088 and 4089 all of which are predefined 8 Click the Delete button The VLAN is removed Reset the VLAN configuration on the switch to the default settings If you reset the VLAN configuration on the switch to the default settings all VLANs that you added are deleted The predefined VLANS are not deleted The VLAN default values are as follows All ports are assigned to the default VLAN ...

Page 153: ...entials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Switching VLAN Basic VLAN Configuration The VLAN Configuration page displays 7 Select the Reset Configuration check box 8 Click the Apply button Your settings are saved Except for the predefined default VLANs all VLANs are deleted Configure VLAN membership To co...

Page 154: ...ck the Login button The System Information page displays 6 Select Switching VLAN Advanced VLAN Membership The previous figure shows the LAG Membership page for model GS110TPv3 7 In the VLAN ID menu select the VLAN ID You can select a VLAN that is predefined or that you added see Add a VLAN on page 150 8 In the Group Operation menu select one of the following options which applies to all ports in t...

Page 155: ...elects the LAG as a tagged LAG in the VLAN All frames transmitted on the LAG are tagged for this VLAN U Untagged Selects the LAG as an untagged LAG in the VLAN All frames transmitted on the LAG are untagged for this VLAN Blank The LAG is excluded from the VLAN By default the selection is blank and none of the LAGs are a member of the VLAN VLAN 1 is an exception By default all LAGs are untagged mem...

Page 156: ...Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previo...

Page 157: ...ded in the VLAN Configure the PVID settings for an interface You can assign a port VLAN ID PVID to an interface The following requirements apply to a PVID By default the PVID for each port is 1 If you do not specify another value the default VLAN PVID is used To change the port s default PVID you must first create a VLAN that includes the port as a member see Configure VLAN membership on page 153 ...

Page 158: ... 1 the unit ID of the switch Only physical interfaces are displayed This is the default setting LAG Only LAGs are displayed All Both physical interfaces and LAGs are displayed 8 Select one or more interfaces by taking one of the following actions To configure a single interface select the check box associated with the port or type the port number in the Go To Interface field and click the Go butto...

Page 159: ...ames are forwarded in accordance to the 802 1Q VLAN specification 13 From the Ingress Filtering menu select one of the following options Enable The frame is discarded if the port is not a member of the VLAN with which this frame is associated In a tagged frame the VLAN is identified by the VLAN ID in the tag In an untagged frame the VLAN is the port VLAN ID specified for the port that received thi...

Page 160: ...packet is dropped This implies that you can configure a MAC address mapping to a VLAN that you did not yet create on the switch Add a MAC based VLAN To add a MAC based VLAN 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web...

Page 161: ...nter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter th...

Page 162: ...ce on page 157 You define a protocol based VLAN by creating a group Each group forms a one to one relationship with a VLAN ID can include one to three protocol definitions and can include multiple ports When you create a group you specify a name and a group ID is assigned automatically To configure a protocol based VLAN group 1 Connect your computer to the same network as the switch You can use a ...

Page 163: ...he range from 1 to 4093 All the ports in the group assign this VLAN ID to untagged packets received for the protocols that you included in this group 11 Click the Add button The protocol based VLAN group is added to the switch The Ports field displays all the member ports that belong to the group Configure protocol based VLAN group membership To configure protocol based VLAN group membership 1 Con...

Page 164: ...he Login button The System Information page displays 6 Select Switching VLAN Advanced Protocol Based VLAN Group Membership The previous figure shows the Protocol Based VLAN Group Membership page for model GS110TPv3 7 From the Group ID menu select the protocol based VLAN group ID The Group Name field shows the name that is associated with the group 8 In the Ports table and LAG table click each port...

Page 165: ...cess the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previous...

Page 166: ...ed voice traffic You must enter the VLAN ID in the Value field see the next step Dot1p Configure voice VLAN 802 1p priority tagging for voice traffic You must enter the dot1p value in the Value field see the next step Untagged Configure the phone to send untagged voice traffic 10 In the Value field enter the VLAN ID or dot1p value This field is enabled only if you select VLAN ID or Dot1p from the ...

Page 167: ...on Propagation GIP The part of GARP that distributes data Note It can take up to 10 seconds for GARP configuration changes to take effect To configure the GARP switch settings 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a ...

Page 168: ...ed connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The...

Page 169: ...heck box in the heading row 9 From the GVRP Mode menu select Enable or Disable This selection specifies the administrative mode for GARP on the port The default is Disable which causes the protocol to be inactive and the port settings to be without any effect 10 In the Join Timer field specify the time in centiseconds between the transmission of GARP PDUs registering or reregistering membership fo...

Page 170: ... is provided based on the SIP call control protocol or OUI bits Configure the Auto VoIP protocol based settings To prioritize time sensitive voice traffic over data traffic protocol based Auto VoIP checks for packets carrying the Session Initiation Protocol SIP VoIP protocol VoIP frames that are received on ports that for which the Auto VoIP feature is enabled are marked with the specified CoS tra...

Page 171: ...e Class Value menu specify the CoS class value to be reassigned for packets that the voice VLAN receives 8 In the Protocol Based Global Settings section specify the Auto VoIP Mode settings a Select whether to display physical interfaces LAGs or both by clicking one of the following links above the table heading 1 the unit ID of the switch Only physical interfaces are displayed This is the default ...

Page 172: ...ccess the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previou...

Page 173: ...e switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password B...

Page 174: ...gs select the check box associated with each interface To configure all interfaces with the same settings select the check box in the heading row 9 From the Auto VoIP Mode menu select Disable or Enable Auto VoIP is disabled by default 10 Click the Apply button Your settings are saved The Operational Status field displays the current operational status of an interface Manage the OUI table Device ha...

Page 175: ...usiness page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information a...

Page 176: ...ch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local bro...

Page 177: ...r interface on page 32 5 Click the Login button The System Information page displays 6 Select Switching Auto VoIP Auto VoIP Status The Auto VoIP Status page displays 7 To refresh the page with the latest information about the switch click the Update button The following table describes the nonconfigurable Auto VoIP status information Table 32 Auto VoIP status Field Description Auto VoIP VLAN ID Th...

Page 178: ...nsitioning of the port to the forwarding state and the suppression of Topology Change Notification These features are represented by the parameters pointtopoint and edgeport MSTP is compatible with both RSTP and STP It behaves in a way that is appropriate for STP and RSTP bridges An MSTP bridge can be configured to behave entirely as an RSTP bridge or an STP bridge Note For two bridges to be in th...

Page 179: ...onfigure the following global settings for the switch a Spanning Tree State Enable or disable the spanning tree operation on the switch By default spanning tree operation is disabled b STP Operation Mode Specify the STP version for the switch The options are STP RSTP and MSTP The default is RSTP c Configuration Name Specify a name to identify the STP RSTP or MSTP configuration The name can be up t...

Page 180: ...of the root bridge It consists of the bridge priority and the base MAC address of the bridge Root Path Cost The path cost to the designated root for the CST Root Port The port to access the designated root for the CST Max Age secs The maximum age timer controls the maximum length of time in seconds that passes before a bridge port saves its configuration BPDU information Forward Delay secs The der...

Page 181: ...nterface on page 32 5 Click the Login button The System Information page displays 6 Select Switching STP Advanced CST Configuration 7 Specify the CST options Bridge Priority When switches or bridges are running STP each is assigned a priority After exchanging BPDUs the switch with the lowest priority value becomes the root bridge Specify the bridge priority value for the Common and Internal Spanni...

Page 182: ... 40 The default is 20 hops 8 Click the Apply button Your settings are saved The following table describes the MSTP Status information that is displayed Table 34 STP advanced CST configuration MSTP status Field Description MST ID The MST instances including the CST and the corresponding VLAN IDs associated with each of them VID ID The VLAN IDs VIDs and the corresponding filtering IDs FIDs associate...

Page 183: ...ck the Login button The System Information page displays 6 Select Switching STP Advanced CST Port Configuration 7 Select whether to display physical interfaces LAGs or both by clicking one of the following links above the table heading 1 the unit ID of the switch Only physical interfaces are displayed This is the default setting LAG Only LAGs are displayed All Both physical interfaces and LAGs are...

Page 184: ...is updated with the external path cost from an incoming STP packet 14 In the Priority field specify the priority for a particular port within the CST The port priority is set in multiples of 16 For example if you attempt to set the priority to any value between 0 and 15 it is set to 0 If you try to set it to any value between 16 and 2 16 1 it is set to 16 and so on The range is 0 to 240 The defaul...

Page 185: ...e switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password B...

Page 186: ...d Root The root bridge for the CST It is made up using the bridge priority and the base MAC address of the bridge Designated Cost The path cost offered to the LAN by the designated port Designated Bridge The identifier of the bridge with the designated port It is made up using the bridge priority and the base MAC address of the bridge Designated Port The port identifier on the designated bridge th...

Page 187: ...the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For ...

Page 188: ...nce 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network a...

Page 189: ...nfigured on the switch You can select VLANs that must be associated with the MST instance or clear VLANs that are already associated with the MST instance 8 Click the Add button The MST is added For each configured instance the information described in the following table displays on the page Table 38 MST configuration Field Description Bridge Identifier The bridge identifier for the selected MST ...

Page 190: ...ge 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click ...

Page 191: ...ntials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Switching STP Advanced MST Configuration The MST Configuration page displays 7 Select the check box for the instance 8 Click the Delete button The MST instance is removed Configure and view the port settings for an MST instance You can configure and display the port setting for ...

Page 192: ...entials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Switching STP Advanced MST Port Configuration Note If no MST instances are configured on the switch the page displays a No MSTs Available message 7 From the Select MST menu select the MST instance You can select only instances that you added to the switch see Co...

Page 193: ...anning Tree CST Configuration page Table 39 MST port status information Field Description Auto Calculated Port Path Cost Indicates whether the path cost is automatically calculated Enabled or not Disabled Path cost is calculated based on the link speed of the port if the configured value for Port Path Cost is zero Port ID The port identifier for the specified port within the selected MST instance ...

Page 194: ...ter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button Port Role Each MST bridge port that is enabled is...

Page 195: ...fresh the page with the latest information about the switch click the Update button The following table describes the information available about the STP Statistics page Table 40 STP Statistics Field Description Interface The physical port or LAG on the switch STP BPDUs Received The number of STP BPDUs received at the selected port STP BPDUs Transmitted The number of STP BPDUs transmitted from the...

Page 196: ... the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Busin...

Page 197: ...he options are IGMP snooping GMRP Static Filtering and MLD snooping Description The text description of this multicast table entry The options are Management Configured Network Configured and Network Assisted Forwarding Interfaces The resultant forwarding list is derived from combining all the forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces View...

Page 198: ...he largest number of entries that were present in the Multicast Forwarding Database table since last reset This value is also known as the MFDB high water mark Current Entries The current number of entries in the Multicast Forwarding Database table Configure the auto video multicast settings You can configure the auto video multicast settings To configure auto video multicast settings 1 Connect yo...

Page 199: ...t IPv4 traffic is traffic that is destined to a host group Host groups are identified by class D IP addresses which range from 224 0 0 0 to 239 255 255 255 Based on the IGMP query and report messages the switch forwards traffic only to the ports that request the multicast traffic This prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance A tradit...

Page 200: ...tion to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login pa...

Page 201: ...click the Update button The following table displays information about the global IGMP snooping status and statistics on the page Table 43 IGMP Snooping Configuration information Field Description Multicast Control Frame Count The number of multicast control frames that are processed by the switch Interfaces Enabled for IGMP Snooping The interfaces that are enabled for IGMP snooping VLAN IDs Enabl...

Page 202: ...Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Switching Multicast IGMP Snooping Interface Configuration 7 Select whether to display physical interfaces LAGs or both by clicking one of the foll...

Page 203: ...he time that the switch must wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached Enter a value between 0 and 3600 seconds The default is 0 seconds A value of zero indicates an infinite time out that is no expiration 13 From the Fast Leave Mode menu select whether fast leave mode is enabled The option are Enable and Disable The defa...

Page 204: ...ess exists the entry is displayed An exact match is required 9 To refresh the page with the latest information about the switch click the Update button 10 To clear all multicast forwarding address entries that were created for IGMP snooping click the Clear button The following table describes the information in the IGMP snooping table Table 44 IGMP Snooping Table information Field Description MAC ...

Page 205: ... NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For inf...

Page 206: ... the multicast hosts by building a Layer 3 membership table The results is that only the most essential reports are sent to the IGMP routers so that the routers can continue to receive the multicast traffic The default is Disable Querier Mode Enable or disable the IGMP querier mode The default is Disable Query Interval Set the IGMP query interval for the specified VLAN ID The range is from 1 to 18...

Page 207: ...he same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on ...

Page 208: ...figure one or more IGMP multicast router interfaces 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address ...

Page 209: ...th the same settings select the check box in the heading row 9 From the Multicast Router menu select Enable or Disable 10 Click the Apply button Your settings are saved Configure an IGMP multicast router VLAN You can configure an interface to forward only snooped IGMP packets from a specific VLAN to the multicast router connected to the interface This configuration is usually not required because ...

Page 210: ...ation about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Switching Multicast IGMP Snooping Multicast Router VLAN Configuration 7 From the Interface menu select the interface 8 In the VLAN ID field enter the VLAN ID 9 From the Multicast Router menu select Enable or Disable 10 Click the Apply button ...

Page 211: ...web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registra...

Page 212: ... seconds 8 Click the Apply button Your settings are saved Configure an IGMP snooping querier for a VLAN You can configure IGMP queriers for use with VLANs on the network To configure IGMP snooping for a VLAN 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network usi...

Page 213: ...LAN The other querier moves to non querier state Snooping Querier VLAN Address Specify the snooping querier IP address to be used as the source address in periodic IGMP queries that are sent to the VLAN 9 Click the Apply button Your settings are saved Display the status of the IGMP snooping querier for VLANs To display the status of the IGMP snooping querier VLANs 1 Connect your computer to the sa...

Page 214: ...N database Operational State The operational state of the IGMP snooping querier on a VLAN It can be in any of the following states Querier The snooping switch is the querier in the VLAN The snooping switch sends out periodic queries with a time interval equal to the configured querier query interval If the snooping switch finds a better querier in the VLAN it moves to non querier mode Non Querier ...

Page 215: ...messages identified in IPv6 packets by a preceding Next Header value of 58 Enable MLD snooping You can enable MLD snooping which is used to build forwarding lists for multicast traffic To enable MLD snooping 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network usi...

Page 216: ...Enabled for MLD Snooping The interfaces on which MLD snooping is administratively enabled MLD snooping must be enabled globally and on an interface for the interface to be able to snoop MLD packets to determine which segments must receive multicast packets directed to the group address VLAN IDs Enabled For MLD Snooping The VLANs on which MLD snooping is administratively enabled Configure MLD snoop...

Page 217: ...itching Multicast MLD Snooping Interface Configuration 7 Select whether to display physical interfaces LAGs or both by clicking one of the following links above the table heading 1 the unit ID of the switch Only physical interfaces are displayed This is the default setting LAG Only LAGs are displayed All Both physical interfaces and LAGs are displayed 8 Select one or more interfaces by taking one ...

Page 218: ...seconds The default is 0 seconds A value of zero indicates an infinite time out that is no expiration 13 From the Fast Leave menu select to enable or disable Fast Leave on the interface If Fast Leave is enabled the interface can be immediately removed from the Layer 2 forwarding table when the switch receives an MLD leave message for a multicast group without first sending MAC based general querie...

Page 219: ...or the group membership interval of MLD snooping for the specified VLAN ID The valid range is Maximum Response Time 1 to 3600 10 In the Maximum Response Time field set the value for the maximum response time of MLD snooping for the specified VLAN ID The valid range is 1 to Group Membership Interval 1 This value must be less than the group membership interval value 11 In the Multicast Router Expiry...

Page 220: ...n about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Switching Multicast MLD Snooping MLD VLAN Configuration The MLD VLAN Configuration page displays 7 Select the check box next to the VLAN ID 8 Change the settings 9 Click the Apply button Your settings are saved Remove MLD snooping from a VLAN To ...

Page 221: ...one or more MLD multicast router interfaces 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the s...

Page 222: ...heck box associated with the port or type the port number in the Go To Interface field and click the Go button To configure multiple interfaces with the same settings select the check box associated with each interface To configure all interfaces with the same settings select the check box in the heading row 9 From the Multicast Router menu select to enable or disable the multicast router for the ...

Page 223: ...d By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Switching Multicast MLD Snoopin...

Page 224: ...onnected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 3 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through th...

Page 225: ...ure the MLD snooping querier VLAN settings To configure the MLD snooping querier VLAN settings 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of th...

Page 226: ...the page Table 47 MLD Snooping Querier VLAN Configuration information Field Description Operational State The operational state of the MLD snooping querier on a VLAN It can be in any of the following states Querier Snooping switch is the querier in the VLAN The snooping switch sends out periodic queries with a time interval equal to the configured querier query interval If the snooping switch sees...

Page 227: ...rk or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page d...

Page 228: ...or example 100 Then click the Go button Search Interface From the Search menu select Interface and enter the interface ID using the respective interface naming convention for example g1 or l1 Then click the Go button 8 To refresh the page with the latest information about the switch click the Update button 9 To clear all dynamic MAC address entries in the table click the Clear button The following...

Page 229: ...iness page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information abo...

Page 230: ...ernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR accoun...

Page 231: ...op protection on specific ports even while port loop protection is enabled If the switch receives a packet with the previously mentioned broadcast destination address the source MAC address in the packet is compared with the MAC address of the switch If the MAC address does not match the packet is forwarded to all ports that are members of the same VLAN just like any other broadcast packet The pac...

Page 232: ...to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight...

Page 233: ... directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see R...

Page 234: ...erface field and click the Go button To configure multiple interfaces with the same settings select the check box associated with each interface To configure all interfaces with the same settings select the check box in the heading row 9 From the Keep Alive menu select Enable or Disable to specify whether keep alives are enabled on an interface The default is Enable 10 From the RX Action menu sele...

Page 235: ...ion Interface Information Field Description Loop Detected Shows whether a loop is detected on the interface If the interface is disabled and then reenabled the status changes to No again Loop Count The number of packets that were received after the loop was detected Time Since Last Loop The time that elapsed since the loop was detected Port Status The status of the interface Enabled Disabled or D ...

Page 236: ...er contains the following sections Routing concepts Configure the routing mode Configure VLAN routing Configure router discovery for a VLAN routing interface Manage routes and view the routing table Configure Address Resolution Protocol ...

Page 237: ...hat were manually added and entries that were dynamically added through ARP Configure the routing mode For information about how to configure the routing mode and display IP routing data see the following sections Configure the router settings on page 237 View the IP routing statistics on page 239 Configure the router settings You can enable routing and configure the routing settings for the switc...

Page 238: ...tials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Routing IP IP Configuration 7 Select the Routing Mode Enable radio button The default value is Disable 8 Click the Apply button Your settings are saved The following table describes the IP configuration information displayed on the page Table 50 Global IP status i...

Page 239: ...h If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By defau...

Page 240: ...drErrors The number of input datagrams discarded because the IP address in their IP header s destination field was not a valid address to be received at this entity This count includes invalid addresses for example 0 0 0 0 and addresses of unsupported classes Class E For entities that are not IP gateways and therefore do not forward datagrams this counter includes datagrams discarded because the d...

Page 241: ...ackets counted in ipForwDatagrams that meet this no route criterion This includes any datagrams that a host cannot route because all of its default gateways are down IpReasmTimeout The maximum number of seconds for which received fragments are held while they are awaiting reassembly at this entity IpReasmReqds The number of IP fragments received that were reassembled at this entity IpReasmOKs The ...

Page 242: ...tErrors IcmpOutErrors The number of ICMP messages that this entity did not send due to problems discovered within ICMP such as a lack of buffers This value does not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram In some implementations there might be no types of error that contribute to this counter s value IcmpOutDestUnreachs The numbe...

Page 243: ...low more than one physical port to reside on the same subnet You can also use VLAN routing if a VLAN spans multiple physical networks or if you require additional segmentation or security A port can either be a VLAN port or a router port but not both However a VLAN port can be part of a VLAN that is itself a router port Create a routing interface with the VLAN Static Routing Wizard The VLAN Static...

Page 244: ...Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Routing VLAN VLAN Routing Wizard The previous figure shows the VLAN Static Routing Wizard page for model GS110TPv3 7 In the VLAN ID field specify the VLAN ID that is ass...

Page 245: ...autodetected in the VLAN through GVRP 12 Click the Apply button Your settings are saved Manage a VLAN routing interface You can add and manage an existing VLAN see Configure VLAN settings on page 150 as a new VLAN routing interface You can also manage an existing VLAN routing interface that you added with the wizard see Create a routing interface with the VLAN Static Routing Wizard on page 243 To ...

Page 246: ...that to be assigned to the VLAN routing interface 9 In the Subnet Mask field enter the subnet mask to be assigned to the VLAN routing interface 10 Do one of the following New routing VLAN interface If you configure a regular VLAN as a new VLAN routing interface click the Add button The VLAN routing interface is added for the selected VLAN ID The entry in the MAC Address field is automatically ente...

Page 247: ...s the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insi...

Page 248: ...address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local devi...

Page 249: ...nce level of the router as a default router relative to other routers on the same subnet Higher numbered addresses are preferred You must enter an integer The default value is 0 13 Click the Apply button Your settings are saved Manage routes and view the routing table The routing table collects routes from multiple sources static routes and local routes The routing table can learn multiple routes ...

Page 250: ...address subnet mask next hop address and preference Depending on the type of route that you are creating specify the following information In the Network Address field specify the IP interface address that identifies the attached network In the Subnet Mask field specify the subnet mask that identifies the attached network In the Next Hop IP Address field specify the outgoing router IP address to u...

Page 251: ...f the following Local Static Route Type The route type can be Connected Static or Dynamic depending on the protocol Next Hop Interface The outgoing router interface to use when forwarding traffic to the destination Next Hop Address The outgoing router IP address to use when forwarding traffic to the next router if any in the path toward the destination The next router is always one of the adjacent...

Page 252: ...e 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the la...

Page 253: ...ternet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or C...

Page 254: ...nd MAC address in its ARP cache Normally only the requestor receives an ARP response a unicast message and stores the sender s information in its ARP cache The most recent information always replaces existing content in the ARP cache A device can be moved in a network which means that the device s IP address that was associated with one MAC address is now associated with another MAC address A devi...

Page 255: ...e System Information page displays 6 Select Routing ARP Basic ARP Cache 7 Navigate through the table by doing the following From the Rows per page menu select how many table entries are displayed per page Possible values are 20 50 100 200 and All If you select All the browser might be slow to display the information Click the button to display the previous page of the table data entries Click the ...

Page 256: ...ng passwords After registration enter the local device password By default the local device password is password Port The associated interface of the connection MAC Address The unicast MAC address of the device The address is six two digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 Routing VLANs ARP Cache IP Address The IP address This must be the IP address of a device ...

Page 257: ...of the device Enter the address as six two digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 9 Click the Add button The static ARP entry is added to the switch For information about viewing the new entry and other entries in the ARP cache see View the ARP cache on page 254 View or globally configure the ARP table You can change the global settings for the ARP table To vie...

Page 258: ...n the Age Time field enter the time in seconds that a dynamic ARP entry remains in the ARP table before aging out The range is 15 to 21600 seconds The default is 1200 seconds 8 In the Response Time field enter the time in seconds that the device waits for an ARP response to an ARP request that it sends The range is 1 to 10 seconds The default is 1 second 9 In the Retries field enter the maximum nu...

Page 259: ...ernet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cl...

Page 260: ...agement Configure Routing User Manual 260 Specific Static Entry Lets you specify the IP address to be removed 8 If you select Specific Dynamic Gateway Entry or Specific Static Entry in the Remove IP Address field enter the IP address to be removed 9 Click the Apply button Your settings are saved ...

Page 261: ...261 5 5Configure Quality of Service This chapter contains the following sections Quality of Service concepts Manage the Class of Service Manage Differentiated Services ...

Page 262: ...oS queueing feature lets you directly configure certain aspects of switch queueing This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table CoS queue characteristics that affect queue ...

Page 263: ...network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with...

Page 264: ...rust mode options Untrusted Do not trust any CoS packet marking at ingress 802 1p The eight priority tags that are specified in IEEE 802 1p are p0 to p7 The QoS setting lets you map each of the eight priority levels to one of seven internal hardware priority queues The default mode is 802 1p DSCP The six most significant bits of the DiffServ field are called the Differentiated Services Code Point ...

Page 265: ...following links above the table heading 1 the unit ID of the switch Only physical interfaces are displayed This is the default setting LAG Only LAGs are displayed All Both physical interfaces and LAGs are displayed 8 Select one or more interfaces by taking one of the following actions To configure a single interface select the check box associated with the port or type the port number in the Go To...

Page 266: ...ion rate bandwidth in kbps This setting is used to shape the inbound transmission rate in increments of 1 percent in a range of 0 100 The interface discards traffic that arrives at a bandwidth in excess of the specified limit 12 Click the Apply button Your settings are saved Configure the CoS queue settings for an interface You can define what a particular queue does by configuring switch egress q...

Page 267: ...on page displays 6 Select QoS CoS Advanced Interface Queue Configuration 7 Select whether to display physical interfaces LAGs or both by clicking one of the following links above the table heading 1 the unit ID of the switch Only physical interfaces are displayed This is the default setting LAG Only LAGs are displayed All Both physical interfaces and LAGs are displayed 8 Select one or more interfa...

Page 268: ...xample data or voice based on their latency requirements and give preference to time sensitive traffic To map 802 1p priorities to queues 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of ...

Page 269: ... for traffic in higher queues to be sent 8 Click the Apply button Your settings are saved Map DSCP values to queues You can map an internal traffic class to a DSCP value To map DSCP values to queues 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Eth...

Page 270: ... is sent it must wait for traffic in higher queues to be sent The allowed Per Hop Behavior PHBs values besides other DSCP experimental values are as follows Class Selector CS PHB These values are based on IP precedence Assured Forwarding AF PHB These values define four main levels to sort and manipulate some flows within the network Expedited Forwarding EF PHB These values are used to prioritize t...

Page 271: ...ace Packets are classified and processed based on defined criteria The classification criteria are defined by a class The processing is defined by a policy s attributes Policy attributes can be defined on a per class instance basis and it is these attributes that are applied when a match occurs A policy can contain multiples classes When the policy is active the actions taken depend on which class...

Page 272: ... browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one o...

Page 273: ...he total allowed on the switch Policy table The number of configured policies out of the total allowed on the switch Policy Instance Table The number of configured policy class instances out of the total allowed on the switch Policy Attributes Table The number of configured policy attributes attached to the policy class instances out of the total allowed on the switch Service Table The number of c...

Page 274: ...d By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select QoS DiffServ Advanced Class Con...

Page 275: ...s that can be referenced are displayed Select the class to reference A class can reference only one other class of the same type Class of Service Select this radio button to require the Class of Service CoS value in an Ethernet frame header to match the specified CoS value This option lists all the values for the Class of Service match criterion in the range 0 to 7 from which you can select one VL...

Page 276: ...nd zeros to configure the MAC mask An F means that the bit is checked and a zero in a bit position means that the data is not significant For example if the MAC address is aa bb cc dd ee ff and the mask is ff ff 00 00 00 00 all MAC addresses with aa bb xx xx xx xx result in a match where x is any hexadecimal number Note that this is not a wildcard mask which ACLs use Protocol Type Select this radi...

Page 277: ...its of the service type octet in the IP header After you select the radio button use the following fields to configure the ToS match criteria Bits Value Enter a two digit hexadecimal number octet value in the range from 00 to ff to match the bits in a packet s ToS field Bit Mask Specify the bit positions that are used for comparison against the IP ToS field in a packet 11 Click the Apply button Yo...

Page 278: ...he new name 9 Click the Apply button Your settings are saved Change the criteria for an existing DiffServ class To change the criteria for an existing DiffServ class 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browse...

Page 279: ...rectly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Regi...

Page 280: ... LAG interfaces Create and configure an IPv6 DiffServ class To create and configure an IPv6 DiffServ class 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP a...

Page 281: ...he Class Type menu select the class type The switch supports only the class type value All which means that all the various match criteria defined for the class are satisfied for a packet match All signifies the logical AND statement of all the match criteria You can select the class type only when you are creating a new class After the class is created the Class Type field becomes nonconfigurable...

Page 282: ... from 0 to 128 Source L4 Port Select this radio button to require a packet s TCP UDP source port to match the specified protocol which you must select from the menu The range is 0 to 65535 The menu includes Other as an option for unnamed ports Destination Prefix Length Select this radio button to require a packet s destination prefix and prefix length to match the specified source IPv6 prefix and ...

Page 283: ...passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Informa...

Page 284: ...e 32 5 Click the Login button The System Information page displays 6 Select QoS DiffServ Advanced IPv6 Class Configuration The Class Name page displays 7 Click the class name which is a hyperlink The page on which you can change the class configuration displays 8 Change the class configuration as needed 9 Click the Apply button Your settings are saved Delete an IPv6 DiffServ class To delete an IPv...

Page 285: ...ection of classes with one or more policies Create and configure a DiffServ policy To create and configure a DiffServ policy 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web brow...

Page 286: ...rv Advanced Policy Configuration The Policy Configuration page displays 7 Enter a policy name in the Policy Name field You cannot specify the policy type By default the policy type is In indicating that the policy applies to ingress packets 8 From the Member Class menu select an existing class that you want to associate with the new policy 9 Click the Add button The new policy is added 10 After cr...

Page 287: ... style for the class By default this simple policy is color blind and color classes do not apply A simple policy supports a single data rate and results in one of two outcomes conform or violate Packets that violate the policy are always dropped That is you cannot specify any other action for those packets You must specify a policy action for packets that conform to the policy Committed Rate Enter...

Page 288: ...the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight ap...

Page 289: ...Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Logi...

Page 290: ...ut the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select QoS DiffServ Advanced Policy Configuration The Policy Configuration page displays 7 Select the check box next to the policy name 8 Do one of the following To change the class select another class rom the Member Class menu To remove the class select No...

Page 291: ...e check box next to the policy name 8 Click the Delete button The policy is removed Configure the DiffServ service interface You can assign attach a policy to an interface Attach a DiffServ policy to an interface To attach a DiffServ policy to an interface 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or con...

Page 292: ...oth by clicking one of the following links above the table heading 1 the unit ID of the switch Only physical interfaces are displayed This is the default setting LAG Only LAGs are displayed All Both physical interfaces and LAGs are displayed 8 Select one or more interfaces by taking one of the following actions To configure a single interface select the check box associated with the port or type t...

Page 293: ...the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access t...

Page 294: ... connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displa...

Page 295: ...nection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login...

Page 296: ...erv policy that is attached in the inbound direction Direction The traffic direction of interface is inbound In This field shows only the direction for which a DiffServ policy is attached Policy Name The name of the policy that is currently attached to the specified interface and direction Operational Status The operational status of the policy that is attached to the specified interface and direc...

Page 297: ...for the local browser interface Manage the RADIUS settings Configure the TACACS settings Configure authentication lists Manage the Smart Control Center Utility Configure management access Control access with profiles and rules Configure port authentication Set up traffic control Configure access control lists ...

Page 298: ...usiness page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information a...

Page 299: ... in the Timeout Duration field for RADIUS For one RADIUS server a retransmission does not occur until the configured time out period expires without a response from the RADIUS server In addition the maximum number of retransmissions for one RADIUS server must pass before the switch attempts the next RADIUS server Therefore the maximum delay in receiving a RADIUS response on the switch equals the m...

Page 300: ...eld is blank if no servers are configured see Configure a RADIUS authentication server on the switch on page 301 The switch supports up to three RADIUS servers If more than one RADIUS server is configured the current server is the server configured as the primary server If no servers are configured as the primary server the current server is the most recently added RADIUS server CAUTION The maximu...

Page 301: ...imary RADIUS authentication server to the switch To add a primary RADIUS authentication server to the switch and view or reset the RADIUS authentication server statistics 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web b...

Page 302: ...RADIUS secret After you add the RADIUS server this field indicates whether the shared secret for this server was configured 10 In the Secret field type the shared secret text string used for authenticating and encrypting all RADIUS communications between the switch and the RADIUS server This secret must match the RADIUS encryption 11 From the Active menu select Primary 12 From the Message Authenti...

Page 303: ...alid and invalid packets that were received from this server Malformed Access Responses The number of malformed RADIUS access response packets received from this server Malformed packets include packets with an invalid length Bad authenticators or signature attributes or unknown types are not included in malformed access responses Bad Authenticators The number of RADIUS access response packets con...

Page 304: ... the Login button The System Information page displays 6 Select Security Management Security RADIUS Server Configuration The Server Configuration page displays 7 Select the check box next to the server IP address 8 Modify the configuration for the selected server 9 Click the Apply button Your settings are saved Remove a RADIUS authentication server from the switch To remove a RADIUS authentication...

Page 305: ...lete button The RADIUS server is removed 9 Click the Apply button Your settings are saved Configure a RADIUS accounting server You can view and configure various settings for a RADIUS accounting server on the network Add a RADIUS accounting server to the switch To add a RADIUS accounting server to the switch and view or clear the RADIUS accounting server statistics 1 Connect your computer to the s...

Page 306: ... 7 In the Accounting Server Address field specify the IP address of the RADIUS accounting server to add 8 In the Port field specify the UDP port number that the server uses to verify the RADIUS accounting server authentication The default UDP port number is 1813 9 From the Secret Configured menu select Yes to add a RADIUS secret in the next field You must select Yes before you can configure the RA...

Page 307: ...nown types are not included as malformed accounting responses Bad Authenticators The number of RADIUS accounting response packets that contained invalid authenticators received from this accounting server Pending Requests The number of RADIUS accounting request packets sent to this server that did not yet time out or receive a response Timeouts The number of accounting time outs to this server Unk...

Page 308: ...unting server 8 Click the Apply button Your settings are saved Remove a RADIUS accounting server from the switch To remove a RADIUS accounting server from the switch 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browse...

Page 309: ... during login and through user names and user defined passwords Authorization Performed at login When the authentication session is completed an authorization session starts using the authenticated user name The TACACS server checks the user privileges The TACACS protocol ensures network security through encrypted protocol exchanges between the device and TACACS server Configure the global TACACS ...

Page 310: ...S communications between the switch and the TACACS server The range is from 0 to 128 The key must match the key configured on the TACACS server 8 In the Connection Timeout field specify the maximum number of seconds allowed to establish a TCP connection between the switch and the TACACS server The range is from 1 to 30 seconds The default is 5 seconds 9 Click the Apply button Your settings are sav...

Page 311: ...nter the TACACS server IP address 8 In the Priority field specify the priority for the TACACS server The priority determines the order in which the TACACS servers are contacted when attempting to authenticate a user A value of 0 is the highest priority The range is from 0 to 65535 9 In the Port field specify the authentication port value for TACAS server sessions The value must be in the range fro...

Page 312: ...t on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5...

Page 313: ...ion about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Security Management Security TACACS TACACS Server Configuration The TACACS Server Configuration page displays 7 Select the check box next to the server IP address 8 Click the Delete button The TACACS server is removed Configure authentication l...

Page 314: ...ation List 7 Select the check box next to the httpList name 8 From the menu in the 1 column select the authentication method that must be used first in the selected authentication login list If you select a method that does not time out as the first method such as Local no other method is tried even if you specified more than one method User authentication occurs in the order the methods are selec...

Page 315: ...tion list 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on net...

Page 316: ...cated using the RADIUS server If you select RADIUS or TACACS as the first method and an error occurs during the authentication the switch uses Method 2 to authenticate the user TACACS The user s ID and password are authenticated using the TACACS server If you select RADIUS or TACACS as the first method and an error occurs during the authentication the switch attempts user authentication Method 2 N...

Page 317: ...splays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network loc...

Page 318: ...t know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local d...

Page 319: ...red connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 Th...

Page 320: ...t value is 24 hours 9 In the Maximum Number of HTTP Sessions field specify the maximum number of HTTP sessions that can exist at the same time The range is from 1 to 4 sessions The default is 4 sessions 10 Click the Apply button Your settings are saved Configure HTTPS access settings Secure HTTP HTTPS enables the transmission of HTTP over an encrypted Secure Sockets Layer SSL or Transport Layer Se...

Page 321: ...page 32 5 Click the Login button The System Information page displays 6 Select Security Access HTTPS HTTPS Configuration 7 Select the Admin Mode Enable or Disable radio button This selection enables or disables HTTPS The default value is Enable You can download SSL certificates only when HTTPS is disabled You can enable HTTPS only if a certificate is present on the device 8 In the HTTPS Port field...

Page 322: ... or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page dis...

Page 323: ...cal browser interface over an HTTP session After you delete the certificate you can reenable HTTPS and log back in to the local browser interface over an HTTPS session To delete an SSL certificate 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ether...

Page 324: ...tion select Delete Certificates radio button 9 Click the Apply button The certificate is removed Transfer an existing certificate to the switch You can transfer a certificate file to the switch For the switch to accept HTTPS connections from a device the switch requires a public key certificate You can generate a certificate externally for example offline and transfer it to the switch Before you t...

Page 325: ...ETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface...

Page 326: ...ter up to 32 characters The default is blank 12 Select the Start File Transfer check box 13 Click the Apply button The file transfer starts A status message displays during the transfer and upon successful completion of the transfer Control access with profiles and rules Access control allows you to configure an access control profile and set rules for access to the local browser interface access ...

Page 327: ...ch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you...

Page 328: ...et the switch to its factory default settings on page 438 To add a rule to the access profile 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the...

Page 329: ...ecify the subnet mask from which the management traffic originates 11 In the Priority field assign a priority to the rule The rules are validated against the incoming management request in ascending order of their priorities If a rule matches the action is performed and subsequent rules below that rule are ignored For example if a source IP address 10 10 10 10 is configured with priority 1 to perm...

Page 330: ...sword If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Security Access Access Control Access Profile Configuration The Access Profi...

Page 331: ...R account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on p...

Page 332: ...ter to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR...

Page 333: ...r web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After regist...

Page 334: ...t is authorized to access system services Configure the global 802 1X settings You can configure global port access control settings on the switch To globally enable the 802 1X features 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2...

Page 335: ...lection specifies whether a port can be placed in a particular VLAN The default value is Disable When enabled this feature allows a port to be placed into a particular VLAN based on the result of the authentication or type of 802 1X authentication a client uses when it accesses the device The authentication server can provide information to the device about which VLAN to assign the supplicant Dyna...

Page 336: ... Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter th...

Page 337: ...e network The hosts are distinguished by their MAC addresses MAB Specify whether to enable or disable MAC based Authentication Bypass MAB for 802 1x unaware clients at the specified port MAB only functions if the port control mode is MAC based By default MAB is disabled Guest VLAN ID Specify the VLAN ID for the guest VLAN The range is from 0 to 4093 The default value is 0 Enter 0 to reset the gues...

Page 338: ...me that elapses before the switch resends a request to the authentication server 10 Click the Apply button Your settings are saved The following table describes the port authentication status information available on the page Table 64 Port authentication status information Field Description Control Direction The control direction for the specified port which is always Both The control direction di...

Page 339: ...AR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For informati...

Page 340: ... switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously manag...

Page 341: ... Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previ...

Page 342: ... Operating Control Mode The control mode under which the port is actually operating The options are as follows ForceUnauthorized ForceAuthorized Auto MAC Based N A If the port is in detached state it cannot participate in port access control Reauthentication Enabled This field shows whether reauthentication of the supplicant for the specified port is allowed The option is True or False If the valu...

Page 343: ...ee Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Security Port Authentication Advanced Client Summary The following table describes the fields on the Client Summary page Table 66 Client Summary information Field Description Port The port to be displayed User Name The user name representing the identity of the supplican...

Page 344: ...t your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If...

Page 345: ...u cannot define filters for the following MAC addresses 00 00 00 00 00 00 01 80 C2 00 00 00 to 01 80 C2 00 00 0F 01 80 C2 00 00 20 to 01 80 C2 00 00 21 FF FF FF FF FF FF 10 In the Port and LAG tables in the Source Port Members section select the ports and LAGs that must be included in the inbound filter If a packet with the MAC address and VLAN ID that you specify is received on a port that is not...

Page 346: ... IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device pass...

Page 347: ...ister and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Cred...

Page 348: ...ol settings 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on n...

Page 349: ...he traffic is dropped Broadcast If the rate of incoming Layer 2 broadcast traffic increases beyond the configured threshold on an interface the traffic is dropped 8 If the selection from the Ingress Control Mode menu is not Disabled specify whether the ingress control mode is enabled by selecting Enable or Disable from the Status menu 9 In the Threshold field specify the maximum rate at which unkn...

Page 350: ...er enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration ente...

Page 351: ...nterfaces with the same settings select the check box associated with each interface To configure all interfaces with the same settings select the check box in the heading row 8 From the Status menu specify whether the ingress control mode is enabled for the port by selecting Enable or Disable 9 In the Threshold field specify the maximum rate at which unknown packets are forwarded for the port The...

Page 352: ...onnected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through th...

Page 353: ...ng implements a first arrival mechanism for port security You specify how many addresses can be learned on the locked port If the limit is not reached a packet with an unknown source MAC address is learned and forwarded normally If the limit is reached no more addresses are learned on the port Any packets with source MAC addresses that were not already learned are dropped Static locking allows you...

Page 354: ...e the table heading 1 the unit ID of the switch Only physical interfaces are displayed This is the default setting LAG Only LAGs are displayed All Both physical interfaces and LAGs are displayed 8 Select one or more interfaces by taking one of the following actions To configure a single interface select the check box associated with the port or type the port number in the Go To Interface field and...

Page 355: ...y learned MAC address to a statically locked address To view learned MAC addresses for an individual interface or LAG and convert these MAC addresses to static MAC addresses 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a we...

Page 356: ...ic check box 9 Click the Apply button The dynamic MAC address entries are converted to static MAC address entries in a numerically ascending order until the static limit is reached The Number of Dynamic MAC Addresses Learned field displays the number of dynamically learned MAC addresses on a specific port 10 To refresh the page with the latest information about the switch click the Update button C...

Page 357: ...ocation For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Security Traffic Control Protected Port The previous figure shows the Protected Ports Membership page for model GS110TPv3 7 In the Ports table click each port that you want to configure as a protected port Protected ports ar...

Page 358: ... address If you select a different type of ACL or example an ACL based on a source IPv4 the page displays different information Use the ACL Wizard to create an ACL To use the ACL Wizard to create an ACL 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an...

Page 359: ...on Destination MAC Creates an ACL based on the destination MAC address destination MAC mask and VLAN ACL Based on Source MAC Creates an ACL based on the source MAC address source MAC mask and VLAN ACL Based on Destination IPv4 Creates an ACL based on the destination IPv4 address and IPv4 address mask ACL Based on Source IPv4 Creates an ACL based on the source IPv4 address and IPv4 address mask ACL...

Page 360: ...riteria for the selected ACL type The rest of the rule match criteria fields available for configuration depend on the selected ACL type For information about the possible match criteria fields see the following table ACL Based On Fields Destination MAC Destination MAC Specify the destination MAC address to compare against an Ethernet frame The format is xx xx xx xx xx xx The BPDU keyword might be...

Page 361: ...lect the packet filtering direction for the ACL Only the inbound direction is valid 14 In the Ports and LAG tables in the Binding Configuration section select the ports and LAGs to which the ACL must be applied 15 Click the Add button The rule is added to the ACL 16 Click the Apply button Your settings are saved Destination IPv6 Destination Prefix Specify the destination prefix Destination Prefix ...

Page 362: ...nected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the ...

Page 363: ...witch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local ...

Page 364: ...ional rules are not checked for a match Multiple steps are involved in defining a MAC ACL and applying it to the switch 1 Create a MAC ACL ID see Add a MAC ACL on page 364 2 Create a MAC rule see Configure MAC ACL rules on page 367 3 Associate the MAC ACL with one or more interfaces see Configure MAC bindings on page 372 You can view or delete MAC ACL configurations in the MAC binding table see Vi...

Page 365: ...rd for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Security ACL Basic MAC ACL The MAC ACL Table displays the number of ACLs currently configured in the switch and the maximum number of ACLs that can be configured The current size is equal to ...

Page 366: ...age 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click...

Page 367: ...5 Click the Login button The System Information page displays 6 Select Security ACL Basic MAC ACL The MAC ACL page displays 7 Select check box that is associated with the MAC ACL 8 Click the Delete button The MAC ACL is removed Configure MAC ACL rules You can define rules for MAC based ACLs The access list definition includes rules that specify whether traffic matching the criteria is forwarded no...

Page 368: ...e Number field enter a whole number in the range from 1 to 2147483647 to identify the rule 9 From the Action menu select the action that must be taken if a packet matches the rule s criteria Permit Forwards packets that meet the ACL criteria Deny Drops packets that meet the ACL criteria 10 In the Assign Queue field specify the hardware egress queue identifier that must be used to handle all packet...

Page 369: ...ss of 01 80 C2 xx xx xx 16 In the Destination MAC Mask field specify the destination MAC address mask that must be compared against the information in an Ethernet frame The format is xx xx xx xx xx xx The BPDU keyword can be specified using a destination MAC mask of 00 00 00 ff ff ff 17 From the EtherType Key menu select the EtherType value that must be compared against the information in an Ether...

Page 370: ...e a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network...

Page 371: ...of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is pass...

Page 372: ...the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the loc...

Page 373: ...highest sequence number currently in use for the interface and direction is used The range is from 1 to 4294967295 9 To add the selected ACL to a port or LAG in the Ports table or LAG table click the port or LAG so that a check mark displays You can add the ACL to several ports and LAGs The Ports and LAG tables display the available interfaces for ACL bindings All nonrouting physical interfaces VL...

Page 374: ...witch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed...

Page 375: ...lies as well as whether it applies to inbound or outbound traffic Multiple steps are involved in defining an IPv4 ACL and applying it to the switch 1 Add an IPv4 ACL ID see Add an IPv4 ACL on page 376 The differences between a basic IPv4 ACL and an extended IPv4 ACL are as follows Numbered ACL from 1 to 99 Creates a basic IPv4 ACL which allows you to permit or deny traffic from a source IP address...

Page 376: ...see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials s...

Page 377: ...urrently configured for the IPv4 ACL Type Identifies the ACL as a basic IP ACL with ID from 1 to 99 extended IP ACL with ID from 100 to 199 or a name 8 Click the Add button The IP ACL is added Change the number or name of an IPv4 ACL To change the number or name of an IPv4 ACL 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer ...

Page 378: ...able 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on pa...

Page 379: ...on to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page...

Page 380: ...ria for the rule Sequence Number Enter an ACL sequence number in the range from 1 to 2147483647 that is used to identify the rule An IP ACL can contain up to 50 rules Action Select the ACL forwarding action which is one of the following Permit Forward packets that meet the ACL criteria Egress Queue If the selection form the Action menu is Permit you can specify the hardware egress queue identifier...

Page 381: ...the selected IP ACL rule Source IP Mask Specify the IP mask in dotted decimal notation to be used with the source IP address value 10 Click the Apply button Your settings are saved Modify the match criteria for a basic IPv4 ACL rule To modify the match criteria for a basic IPv4 ACL rule 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your...

Page 382: ...nnection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The logi...

Page 383: ...an extended IPv4 ACL 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the sw...

Page 384: ...select the IP ACL for which you want to add a rule For extended IP ACLs this must be an ID in the range from 101 to 199 or a name 8 Click the Add button 9 Configure the following match criteria for the rule Sequence Number Enter a number in the range from 1 to 2147483647 that is used to identify the rule An extended IP ACL can contain up to 50 rules Action Select the ACL forwarding action which is...

Page 385: ... that a packet s IP protocol must be matched against IP ICMP IGMP TCP UDP EIGRP GRE IPINIP OSPF PIM or Other If you select Other enter a protocol number from 0 to 255 Src In the Src field enter a source IP address using dotted decimal notation to be compared to a packet s source IP address as a match criterion for the selected IP ACL rule If you select the IP Address radio button enter an IP addre...

Page 386: ...e who and tftp Each of these values translates into its equivalent port number which is used as both the start and end of the port range Select Other from the menu to enter a port number If you select Other from the menu but leave the field blank it means any The wildcard mask determines which bits are used and which bits are ignored A wildcard mask of 0 0 0 0 indicates that none of the bits are i...

Page 387: ...identify the first and last ports that are part of the port range They values can range from 0 to 65535 You can either select the enter the port range yourself or select one of the following protocols from the menu The destination IP TCP port range names are domain echo ftp ftpdata www http smtp telnet pop2 pop3 and bgp The destination IP UDP port range names are domain echo snmp ntp rip time who ...

Page 388: ...ervice Type Select a service type match condition for the extended IP ACL rule The possible options are IP DSCP IP precedence and IP TOS which are alternative methods to specify a match criterion for the same service type field in the IP header Each method uses a different user notation After you make a selection you can specify the appropriate values IP DSCP This is an optional configuration Spec...

Page 389: ... network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network pass...

Page 390: ...istration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays ...

Page 391: ...u can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off...

Page 392: ...ACL The maximum number of ACLs that can be configured on the switch Rules The number of the rules associated with the IPv6 ACL Type The type is IPv6 ACL Change the name of an IPv6 ACL To change the name of an IPv6 ACL 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off n...

Page 393: ...To delete an IPv6 ACL 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the s...

Page 394: ...nect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays s...

Page 395: ...les table 7 From the ACL Name menu select the IPv6 ACL for which you want to add a rule An IPv6 ACL can contain up to 50 rules 8 Click the Add button 9 Configure the following match criteria for the rule Action Select the ACL forwarding action by selecting one of the following radio buttons Permit Forward packets that meet the ACL criteria Deny Drop packets that meet the ACL criteria Egress Queue ...

Page 396: ... are either permitted or denied In this case you cannot configure other match criteria on the page Protocol Type Specify the IPv6 protocol type in one of the following ways From the Protocol Type menu select IPv6 ICMPv6 TCP or UDP From the Protocol Type menu select Other and in the associated field specify an integer ranging from 0 to 255 This number represents the IPv6 protocol Src In the Src fie...

Page 397: ...cho ftp ftpdata www http smtp telnet pop2 pop3 and bgp The source IP UDP port protocols are domain echo snmp ntp rip time who and tftp Each of these values translates into its equivalent port number which is used as both the start and end of the port range Select Other from the menu to enter port numbers If you select Other from the menu but leave the fields blank it means any Dst In the Dst field...

Page 398: ...om 0 to 65535 You can either enter the port range yourself or select one of the following protocols from the menu The destination IP TCP port protocols are domain echo ftp ftpdata www http smtp telnet pop2 pop3 and bgp The destination IP UDP port protocols are domain echo snmp ntp rip time who and tftp Each of these values translates into its equivalent port number which is used as both the start ...

Page 399: ...ting extension headers in packets IPv6 DSCP Service Specify the IP DiffServ Code Point DSCP field This is an optional configuration The DSCP is defined as the high order 6 bits of the service type octet in the IPv6 header Enter an integer from 0 to 63 To select the IPv6 DSCP select one of the DSCP keywords To specify a numeric value select Other and enter the numeric value of the DSCP 10 Click the...

Page 400: ...aved Delete an IPv6 ACL rule To delete an IPv6 ACL rule 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP addr...

Page 401: ... switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the ...

Page 402: ...ow number indicates high precedence order If a sequence number is already in use for the interface and direction the specified access list replaces the currently attached access list using that sequence number If you do not specify the sequence number meaning that the value is 0 a sequence number that is one number greater than the highest sequence number currently in use for the interface and dir...

Page 403: ...our computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to...

Page 404: ...ying the order of the specified ACL relative to other ACLs assigned to the selected interface and direction Configure VLAN ACL bindings You can associate a MAC ACL any type of IPv4 ACL or an IPv6 ACL with a VLAN When you do so the ACL is applied to all interfaces that are members of the VLAN Add a VLAN ACL binding To add a VLAN ACL binding 1 Connect your computer to the same network as the switch ...

Page 405: ...indicate the order of this access list relative to other access lists that are already assigned to the VLAN ID and selected direction A lower number indicates a higher precedence order If a sequence number is already in use for the VLAN ID and selected direction the specified access list replaces the currently attached ACL using that sequence number If you do not specify a sequence number the valu...

Page 406: ...h your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser i...

Page 407: ...407 7 7Monitor the Switch and the Traffic This chapter contains the following sections Monitor the switch and the ports Configure and view the logs Configure port mirroring ...

Page 408: ... the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the followi...

Page 409: ...rface index of the interface table entry associated with the processor of this switch Octets Received The total number of octets of data received by the processor excluding framing bits but including FCS octets Packets Received Without Errors The total number of packets including broadcast packets and multicast packets received by the processor Unicast Packets Received The number of subnetwork uni...

Page 410: ...s that higher level protocols requested be transmitted to the broadcast address including those that were discarded or not sent Transmit Packets Discarded The number of outbound packets that were chosen to be discarded even though no errors were detected in order to prevent their being delivered to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space M...

Page 411: ...k on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password fo...

Page 412: ...smitted Without Errors The number of frames without errors that were transmitted by the port Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Collision Frames The best estimate of the total number of collisions on this Ethernet segment Link Down Events The total number of link down events on a physical port Time Since Counters Last Cleared The e...

Page 413: ...terfaces 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on netw...

Page 414: ...detailed port statistics You can view a variety of per port traffic statistics To view or clear detailed port statistics 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser ...

Page 415: ...h the interface if available 9 To refresh the page with the latest information about the switch click the Update button 10 To clear all the counters click the Clear button This resets all statistics for the port to the default values The following table describes the detailed port information that displays for a particular port Table 76 Detailed port statistics Field Description ifIndex The interf...

Page 416: ...he default is Enabled Flow Control Mode Indicates whether flow control is enabled or disabled for the port This field does not apply to LAGs LACP Mode Indicates the Link Aggregation Control Protocol administrative state The mode must be enabled for the port to participate in link aggregation Physical Mode Indicates the port speed and duplex mode In autonegotiation mode the duplex mode and speed ar...

Page 417: ...r of packets including bad packets received that were between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets Packets Received 128 255 Octets The total number of packets including bad packets received that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets Packets Received 256 511 Octets The total number of pack...

Page 418: ...s than 64 octets in length with GOOD CRC excluding framing bits but including FCS octets Alignment Errors The total number of packets received with a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but included a bad frame check sequence FCS with a nonintegral number of octets Rx FCS Errors The total number of packets received with a length excluding ...

Page 419: ...s 1522 to 10000 The default maximum frame size is 1522 Total Packets Transmitted Successfully The number of frames that were transmitted successfully by the port Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of...

Page 420: ...on on a particular interface fails due to excessive collisions Dropped Transmit Frames The number of transmit frames discarded at the selected port STP BPDUs Received The number of STP BPDUs received at the selected port STP BPDUs Transmitted The number of STP BPDUs transmitted from the selected port RSTP BPDUs Received The number of RSTP BPDUs received at the selected port RSTP BPDUs Transmitted ...

Page 421: ...h the latest information about the switch click the Update button 8 To clear the counters which resets the EAP and EAPoL statistics to default values take one of the following actions To clear the counters for a specific port select the check box associated with the port and click the Clear button To clear the counters for multiple ports select the check boxes associated with the ports and click t...

Page 422: ...The number of EAPoL start frames that were received by this authenticator EAPOL Logoff Frames Received The number of EAPoL logoff frames that were received by this authenticator EAPOL Last Frame Version The protocol version number carried in the most recently received EAPoL frame EAPOL Last Frame Source The source MAC address carried in the most recently received EAPoL frame EAPOL Invalid Frames R...

Page 423: ...ciated with the port or type the port number in the Go To Interface field and click the Go button To test multiple interfaces select the check box associated with each interface To test all interfaces select the check box in the heading row 8 Select the check boxes that are associated with the physical ports for which you want to test the cables 9 Click the Apply button A cable test is performed o...

Page 424: ...s from the end of the cable to the failure location The failure location is displayed only if the cable status is Open or Short Configure and view the logs The switch generates messages in response to events faults or errors occurring on the platform as well as changes in configuration or other occurrences These messages are stored locally and can be forwarded to one or more centralized points of ...

Page 425: ... Log page displays 7 Select one of the following Admin Status radio buttons Enable Enable system logging This is the default setting Disable Prevent the system from logging messages 8 From the Behavior menu specify the behavior of the log when it is full Wrap When the buffer is full the oldest log messages are deleted as the system logs new messages Stop on Full When the buffer is full the system ...

Page 426: ... interface from a host with IP address 192 168 1 111 11 To refresh the page with the latest information about the switch click the Update button 12 To clear the messages from the buffered log in the memory click the Clear button Manage and view the flash log The flash log is a persistent log that is is a log that is stored in persistent storage Persistent storage survives across platform reboots T...

Page 427: ...le if you select Warning the logged messages include Warning Error Critical Alert and Emergency The default severity level is Error 3 The severity can be one of the following levels Emergency 0 The highest warning level If the device is down or not functioning properly an emergency log message is saved to the device Alert 1 The second highest warning level An alert log message is saved if a seriou...

Page 428: ... hosts A remote log server is the same as a remote syslog host You must enable the server log on the switch and specify one or more remote syslog hosts Enable the server log and add a remote syslog host To enable the server log and add a remote syslog host 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or con...

Page 429: ...hich syslog messages must be sent The default port number is 514 Severity Filter Use the menu to select the severity of the logs that must be sent to the logging host Logs with the selected severity level and all logs of greater severity are sent to the host For example if you select Error the logged messages include Error Critical Alert and Emergency The severity can be one of the following level...

Page 430: ... see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you p...

Page 431: ...nter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login...

Page 432: ...ch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local bro...

Page 433: ...of specific switch ports for analysis by a network analyzer You can select many switch ports as source ports but a single switch port only as the destination port You can configure how traffic is mirrored on a source port by selecting packets that are received transmitted or both A packet that is copied to the destination port is in the same format as the original packet on the wire This means tha...

Page 434: ...information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Monitoring Mirroring Port Mirroring 7 Select an Admin Mode radio button Disable Port mirroring is disabled This is the default setting Enabled Port mirroring is enabled 8 From the Destination Port menu select the physical destination po...

Page 435: ...nterface select the check box associated with the port or type the port number in the Go To Interface field and click the Go button To select multiple interfaces select the check box associated with each interface Traffic from the selected ports will be sent to the destination port 12 From the Direction menu specify the direction of the traffic that must be mirrored from the selected source ports ...

Page 436: ...hapter contains the following sections Reboot the switch Reset the switch to its factory default settings Export a file from the switch Download a file to the switch or update the software Manage software images Perform diagnostics and troubleshooting ...

Page 437: ...cted to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the In...

Page 438: ...ect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays ...

Page 439: ...nfiguration ASCII or log ASCII files from the switch to a TFTP server on the network To export a file from the switch to a TFTP server 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of you...

Page 440: ... tech support file is a text base file that contains a variety of hardware software and configuration information that can assist in device and network troubleshooting Crash Logs The switch crash logs if any are available 8 From the Server Address Type menu select the format for the Server Address field IPv4 Indicates that the TFTP server address is an IP address in dotted decimal format This is t...

Page 441: ... the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page displays If the NETGEAR Business page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device passwor...

Page 442: ...a remote system to the switch by using either TFTP or HTTP In this context downloading is also referred to as updating The following sections describe how you can download a file to the switch Use TFTP to download a file to the switch or update the software image on page 442 Use HTTP to download a file to the switch or update the software image on page 445 Note Use one of these procedures to updat...

Page 443: ...ccount on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page...

Page 444: ...Select image2 to upload image2 Note We recommended that you do not overwrite the active image 9 From the Server Address Type menu select the format for the TFTP Server IP field IPv4 Indicates that the TFTP server address is an IP address in dotted decimal format This is the default setting DNS Indicates that the TFTP server address is a host name 10 In the TFTP Server IP field enter the IP address...

Page 445: ...nnect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the address field of your web browser enter the IP address of the switch If you do not know the IP address of the switch see Access the switch on network and connected to the Internet on page 19 or Access the switch off network on page 30 The login page display...

Page 446: ...l number IP address and download it to that device SSL Trusted Root Certificate PEM File SSL Trusted Root Certificate File PEM Encoded SSL Server Certificate PEM File SSL Server Certificate File PEM Encoded SSL DH Weak Encryption Parameter PEM File SSL Diffie Hellman Weak Encryption Parameter File PEM Encoded SSL DH Strong Encryption Parameter PEM File SSL Diffie Hellman Strong Encryption Paramete...

Page 447: ...updating the switch software Note A switch that runs an older legacy software version might not load a configuration file that is created by a newer software version In such a situation the switch displays a warning The following sections describe how you can manage the software images Copy a software image on page 447 Configure dual image settings on page 448 View the dual image status on page 45...

Page 448: ...urce Image image1 or image2 radio button to specify the image to be copied 8 Select the Destination Image image1 or image2 radio button to specify the destination image 9 Click the Apply button Your settings are saved Configure dual image settings The Dual Image feature allows the switch to retain two images in permanent storage You can select which image must be loaded when the reboots specify an...

Page 449: ...for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Maintenance File Management Dual Image Configuration 7 From the Image Name menu select the image that is not the image displayed in the Current active field but that is the image that you want t...

Page 450: ...siness page displays see Register and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information ab...

Page 451: ...er and access the switch with your NETGEAR account on page 34 4 Enter one of the following passwords After registration enter the local device password By default the local device password is password If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credent...

Page 452: ... displays PING x y z w x y z w size data bytes x y z w ping statistics count packets transmitted 0 packets received 100 packet loss To ping an IPv4 address 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web browser 3 In the...

Page 453: ...al field enter the time between ping packets in seconds The default value is 3 seconds The range is 1 to 60 10 In the Size field enter the size of the ping packet The default value is 0 bytes The range is 0 to 13000 11 From the Source menu as an option you can select the IP address or interface that must be used to send echo request packets None The source address of the ping packet is the address...

Page 454: ...ing message displays PING x y z w x y z w size data bytes x y z w ping statistics count packets transmitted 0 packets received 100 packet loss To ping an IPv6 address 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is off network using an Ethernet cable 2 Launch a web brows...

Page 455: ... the interface 8 In the IPv6 Address Hostname field enter the IPv6 address or host name of the station that must be pinged The format is xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx The maximum number of characters is 255 9 In the Count field enter the number of echo requests that must be sent The range is 1 to 15 The default value is 3 10 In the Interval field enter the time in seconds between ping pa...

Page 456: ... traceroute to x y z w x y z w maxTTL hops max size byte packets initTTL x y z w x y z w 0 000 ms 0 000 ms initTTL 1 x y z w x y z w 0 000 ms 0 000 ms initTTL 2 x y z w x y z w 0 000 ms 0 000 ms To send an IPv4 traceroute 1 Connect your computer to the same network as the switch You can use a WiFi or wired connection to connect your computer to the network or connect directly to a switch that is o...

Page 457: ...enter the number of probes per hop The default value is 3 The range is 1 to 10 9 In the Max TTL field enter the maximum time to live TTL for the destination The default value is 30 The range is 1 to 255 10 In the Init TTL field enter the initial TTL to be used The default value is 1 The range is 1 to 255 11 In the MaxFail field enter the maximum number of failures allowed in the session The defaul...

Page 458: ...rable data in the Results field Send an IPv6 traceroute You can configure the switch to send a traceroute request to a specified IPv6 address or host name You can use this to discover the paths that packets take to a remote destination When you send a traceroute the switch displays the results below the configurable data If a reply to the traceroute is received the following message displays trace...

Page 459: ...n about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Maintenance Troubleshooting Traceroute IPv6 7 In the IPv6 Address Host Name field enter the IPv6 address or host name of the device for which the path must be discovered 8 In the Probes Per Hop field enter the number of probes per hop The default...

Page 460: ...the source Interface The interface that must be used when probe request packets are sent The Interface menu displays but the only available selection from the menu is Network 16 Click the Apply button A traceroute request is sent to the specified IP address or host name The results are displayed below the configurable data in the Results field Enable remote diagnostics For enhanced security the re...

Page 461: ...sword If you previously managed the switch through the Insight app or Cloud portal enter the Insight network password for the last Insight network location For information about the credentials see Credentials for the local browser interface on page 32 5 Click the Login button The System Information page displays 6 Select Maintenance Troubleshooting Remote Diagnostics The Remote Diagnostics page d...

Page 462: ...xamples This appendix contains the following sections Virtual Local Area Networks VLANs Access control lists ACLs Differentiated Services DiffServ 802 1X access control Multiple Spanning Tree Protocol VLAN routing interfaces ...

Page 463: ...LANs present a number of advantages It is easy to do network segmentation Users who communicate most frequently with each other can be grouped into common VLANs regardless of physical location Each group s traffic is contained largely within the VLAN reducing extraneous traffic and improving the efficiency of the whole network They are easy to manage The addition of nodes as well as moves and othe...

Page 464: ...e see Configure VLANs on page 149 create the following VLANs A VLAN with VLAN ID 10 A VLAN with VLAN ID 20 2 On the VLAN Membership page see Configure VLAN membership on page 153 specify the VLAN membership as follows For the default VLAN with VLAN ID 1 specify the following members port 7 U and port 8 U For the VLAN with VLAN ID 10 specify the following members port 1 U port 2 U and port 3 T For ...

Page 465: ... of permit and deny conditions This collection of conditions known as the filtering criteria is applied to each packet that is processed by the switch or the router The forwarding or dropping of a packet is based on whether or not the packet matches the specified criteria Traffic filtering requires the following two basic steps 1 Create an access list definition The access list definition includes...

Page 466: ...tion and source MAC addresses and MAC masks defined in the rule Also the frame must be tagged with VLAN ID 2 which is the Sales department VLAN The CoS value of the frame must be 0 which is the default value for Ethernet frames Frames that match this criteria are permitted on interfaces 6 7 and 8 and are assigned to the hardware egress queue 0 which is the default queue All other traffic is explic...

Page 467: ...hernet interfaces 2 3 and 4 of the switch The second rule permits all non Finance traffic on the ports The second rule is required because an explicit deny all rule exists as the lowest priority rule Differentiated Services DiffServ Standard IP based networks are designed to provide best effort data delivery service Best effort service implies that the network delivers the data in a timely fashion...

Page 468: ...ce network Use these same blocks in different ways to build other types of QoS architectures You must configure three key QoS building blocks for DiffServ Class Policy Service the assignment of a policy to a directional interface Class You can classify incoming packets at Layers 2 3 and 4 by inspecting the following information for a packet Source destination MAC address EtherType Class of Service...

Page 469: ... DiffServ perspective two types of policies exist Traffic Conditioning Policy A policy applied to a DiffServ traffic class Service Provisioning Policy A policy applied to a DiffServ service level You must manually configure the various statements and rules used in the traffic conditioning and service provisioning policies to achieve the desired Traffic Conditioning Specification TCS and the Servic...

Page 470: ...packets belonging to the class Redirecting Forces a classified traffic stream to a specified egress port physical or LAG This can occur in addition to any marking or policing action It can also be specified along with a QoS queue assignment DiffServ example configuration To create a DiffServ class and policy and attach them to a switch interface follow these steps 1 On the QoS Class Configuration ...

Page 471: ...ity hardware queue By default data traffic uses hardware queue 0 which is designated as a best effort queue Also the confirmed action on this flow is to send the packets with a committed rate of 1000000 Kbps Packets that violate the committed rate and burst size are dropped 802 1X access control Local area networks LANs are often deployed in environments that permit unauthorized devices to be phys...

Page 472: ... to a switch and the LAN to which it is connected can be desirable when you restrict access to publicly accessible bridge ports or to restrict access to departmental LANs Access control is achieved by enforcing authentication of supplicants that are attached to an authenticator s controlled ports The result of the authentication process determines whether the supplicant is authorized to access ser...

Page 473: ...for all other ports on which authentication is not needed must be Authorized When the selection from the Port Control menu is Authorized the port is unconditionally put in a force authorized state and does not require any authentication When the selection from the Port Control menu is Auto the authenticator PAE sets the controlled port mode 3 In the Guest VLAN field for ports 1 0 5 1 0 8 enter 150...

Page 474: ... is the rapid transitioning of the port to the forwarding state The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and recognize full duplex connectivity and ports that are connected to end stations resulting in rapid transitioning of the port to the Forwarding state and the suppression of Topology Change Notification These features are represented by t...

Page 475: ...es attached that cannot receive and transmit MSTP BPDUs The MST configuration identifier includes the following components 1 Configuration identifier format selector 2 Configuration name 3 Configuration revision level 4 Configuration digest 16 byte signature of type HMAC MD5 created from the MST Configuration Table a VLAN ID to MSTID mapping Because multiple instances of spanning tree exist an MST...

Page 476: ...onfigure MSTP 1 On the VLAN Configuration page create VLANs 300 and 500 see Configure VLAN settings on page 150 2 On the VLAN Membership page include ports 1 0 1 1 0 8 as tagged T or untagged U members of VLAN 300 and VLAN 500 see Configure VLAN settings on page 150 3 On the STP Configuration page enable the Spanning Tree State option see Configure the STP settings and view the STP status on page ...

Page 477: ...ew the Rapid STP information on page 187 10 Click the Add button 11 Create a second MST instance with the following settings MST ID 2 Priority 49152 VLAN ID 500 12 Click the Add button In this example assume that Switch 1 became the root bridge for the MST instance 1 and Switch 2 became the root bridge for MST instance 2 Switch 3 supports hosts in the sales department ports 1 0 1 1 0 2 and 1 0 3 a...

Page 478: ... but not both However a VLAN port can be part of a VLAN that is itself a router port Complete these steps to configure a switch to perform interVLAN routing 1 Use the IP Configuration page to enable routing on the switch For more information about this step see Configure the router settings on page 237 2 Determine the IP addresses that you want to assign to the VLAN interface on the switch For the...

Page 479: ...ections Switch default settings General feature default settings System setup and maintenance settings Port characteristics Traffic control settings Quality of Service settings Security settings System management settings Settings for other features Hardware technical specifications ...

Page 480: ...Disabled Minimum length for the local device password Eight characters SNTP client Enabled Global logging Enabled Memory logging Enabled Severity level informational and above Persistent flash logging Disabled DNS Enabled No servers configured SNMP Traps Enabled Automatic saving to the startup configuration Enabled but you must click the Apply button to save changes that you make on a page TACACS ...

Page 481: ...o VLAN GARP switch configuration GVRP Disabled RADIUS assigned VLANs Disabled Multiple Spanning Tree Disabled Link aggregation No link aggregation groups LAGs configured LACP system priority 32768 DiffServ Enabled no rules configured IGMP snooping Disabled IGMP multicast routing Disabled IGMP snooping querier Disabled MLD snooping Disabled MLD multicast routing Disabled MLD snooping querier Disabl...

Page 482: ...e Disabled GVRP Interface Port GVRP Mode Disabled Jumbo Frames Frame size 1522 Flow Control Admin mode Disabled 802 1X Port based authentication state Disabled VLAN assignment mode Disabled Dynamic VLAN creation mode Disabled EAPOL Flood Mode Disabled Port Control Auto Unauthenticated VLAN ID 0 none Periodic reauthentication Disabled Reauthentication period 3600 Quiet period 60 Number of EAP reque...

Page 483: ...ge maximum age 20 CST bridge hello time 2 CST bridge forward delay 15 CST spanning tree maximum number of hops 20 MST default instance ID 0 MST instance 0 priority 32768 MST instance 0 VLAN IDs 1 4088 4089 STP RSTP MSTP Interface CST STP status Enabled CST auto edge Enabled CST fast link Disabled CST BDPU forwarding Disabled CST path cost 0 CST priority 128 CST external path cost 0 Link Aggregatio...

Page 484: ...Interface Admin status Tx and Rx Management IP address Auto advertise Notification Disabled Optional TLVs Enabled DHCP Snooping Global Admin mode Disabled MAC address validation Enabled DHCP Snooping Interface Trust mode Disabled Logging invalid packets Disabled Rate limit N A Burst interval N A Persistent Configuration Store Local Write delay 300 IP Routing Admin mode Disabled Time to live 64 Max...

Page 485: ...ence level 0 ARP ARP Aging Age time seconds 1200 Response time seconds 1 Retries 10 Cache size 512 Dynamic renewal Enabled Differentiated Services DiffServ Admin mode Enabled Class of Service CoS Global Trust mode 802 1p 802 1p to queue mapping 802 1p queue 0 1 1 0 2 0 3 1 4 2 5 2 6 3 7 3 Class selector CS 0 000000 1 CS 1 001000 0 CS 2 010000 0 CS 3 011000 1 CS 4 100000 2 CS 5 101000 2 CS 6 110000...

Page 486: ... 1 AF 32 011100 1 AF 33 011110 1 AF 41 100010 1 AF 42 100100 1 AF 43 100110 1 Expedited forwarding EF 101110 2 Other 1 000001 1 2 000010 1 3 000011 1 4 000100 1 5 000101 1 6 000110 1 7 000111 1 9 001001 0 11 001011 0 13 001101 0 15 001111 0 17 010001 0 19 010011 0 21 010101 0 23 010111 0 25 011001 1 27 011011 1 29 011101 1 31 011111 1 33 100001 2 35 100011 2 37 100101 2 39 100111 2 39 100111 2 41 ...

Page 487: ... 3 60 111100 3 61 111101 3 62 111110 3 63 111111 3 Class of Service CoS Interface Trust mode 802 1p Interface shaping rate 0 802 1p to queue mapping 802 1p queue 0 1 1 0 2 0 3 1 4 2 5 2 6 3 7 3 Queue minimum bandwidth 0 Queue scheduler type Weighted Auto VoIP Protocol Based Admin mode Disabled Prioritization type Traffic class Auto VoIP traffic class 7 Auto VoIP OUI Based Admin mode Disabled Auto ...

Page 488: ... Configuration save restore 1 N A Firmware upgrade 1 N A Restore defaults 1 local browser interface and rear panel button N A Dual image support 1 Enabled Factory reset 1 N A Port characteristics The following table describes the port characteristics L2 Loop Protection Admin mode Disabled Table 84 Port characteristics Feature Sets Supported Default Auto negotiating speed and full half duplex All p...

Page 489: ...owing table describes the Quality of Service settings Table 86 Quality of Service settings Feature Sets Supported Default Number of queues 8 N A 802 1p 1 Enabled DSCP 1 Disabled Egress Rate limiting All ports Disabled Port trunking aggregation 8 Preconfigured 802 1D spanning tree 1 Disabled 802 1w RSTP 1 Enabled 802 1s spanning tree 8 instances Disabled Static 802 1Q tagging 256 VID 1 Max member p...

Page 490: ...lowed Password control access 1 Idle time out 5 mins Local device password 1 Password password Management security 1 profile with 20 rules for HTTP HTTPS SNMP access to allow deny an IP address subnet All IP addresses allowed Port MAC lockdown All ports Disabled System management settings The following table describes the system management settings Table 88 System management settings Feature Sets ...

Page 491: ... A Number of supported VLANs 64 N A Number of supported routed VLANs 15 N A Number of supported ARP entries 512 N A Hardware technical specifications The following table describes the hardware technical specifications Table 90 Hardware technical specifications Feature Model GS108Tv3 Model GS110TPv3 Model GS110TPP Network interfaces Eight 10 100 1000BASE T RJ 45 copper ports of which port 1 is a Po...

Page 492: ...0ºC Storage humidity 95 maximum relative humidity noncondensing Electromagnetic certifications and compliance CE 55032 2012 AC 2013 CISPR 32 2012 EN 61000 3 2 2014 Class B EN 61000 3 3 2013 EN 55024 2010 VCCI VCCI CISPR 32 2016 Class B RCM AS NZS CISPR 32 2013 Class B CCC GB4943 1 2011 YD T993 1998 GB T9254 2008 Class B FCC 47 CFR FCC Part15 Class B ANSI C63 4 2014 ISED ICES 003 2016 Issue 6 Class...

Reviews:

No comments