Home » Netgear Manuals » Hubs & Switches » Netgear GS752TS » Manual Viewer

Netgear GS752TS GS7xxTS-TPS Software Admin Manual - Page 316

The GS728TS, GS728TPS, GS752TS, and GS752TPS switches support a guest VLAN

Add to My Manuals
Save this manual to your list of manuals

Page 316 highlights

GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches The GS728TS, GS728TPS, GS752TS, and GS752TPS switches support a guest VLAN, which allows unauthenticated users to have limited access to the network resources. Note: You can use QoS features to provide rate limiting on the guest VLAN to limit the network resources the guest VLAN provides. Another 802.1X feature is the ability to configure a port to Enable/Disable EAPoL packet forwarding support.You can disable or enable the forwarding of EAPoL when 802.1X is disabled on the device. The ports of an 802.1X authenticator switch provide the means in which it can offer services to other systems reachable via the LAN. Port-based network access control allows the operation of a switch's ports to be controlled in order to ensure that access to its services is only permitted by systems that are authorized to do so. Port access control provides a means of preventing unauthorized access by supplicants to the services offered by a system. Control over the access to a switch and the LAN to which it is connected can be desirable in order to restrict access to publicly accessible bridge ports or to restrict access to departmental LANs. Access control is achieved by enforcing authentication of supplicants that are attached to an authenticator's controlled ports. The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port. A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control interaction: 1. Authenticator: A Port that enforces authentication before allowing access to services available via that Port. 2. Supplicant: A Port that attempts to access services offered by the Authenticator. Additionally, there exists a third role: 3. Authentication server: Performs the authentication function necessary to check the credentials of the Supplicant on behalf of the Authenticator. All three roles are required in order to complete an authentication exchange. The GS728TS, GS728TPS, GS752TS, and GS752TPS switches support the Authenticator role only, in which the PAE is responsible for communicating with the Supplicant. The Authenticator PAE is also responsible for submitting the information received from the Supplicant to the Authentication Server in order for the credentials to be checked, which will determine the authorization state of the Port. The Authenticator PAE controls the authorized/unauthorized state of the controlled Port depending on the outcome of the RADIUS-based authentication process. 316

Section	Page
GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches	1
Contents	3
1. Getting Started	9
Getting Started with the Smart Switches	10
Switch Management Interface	10
Connecting the Switch to the Network	11
Switch Discovery in a Network with a DHCP Server	12
Switch Discovery in a Network without a DHCP Server	14
Configuring the Network Settings on the Administrative System	15
Web Access	16
Smart Control Center Utilities	17
Network Utilities	17
Configuration Upload and Download	19
Firmware Upgrade	20
Viewing and Managing Tasks	22
Understanding the User Interfaces	23
Using the Web Interface	23
Using SNMP	29
Interface Naming Convention	30
2. Configuring System Information	31
Management	31
System Information	32
Slot Information	33
IP Configuration	35
IPv6 Network Configuration	37
IPv6 Network Neighbor	38
Time	40
Denial of Service	45
DNS	49
Green Ethernet	51
Stacking	61
Stack Features	61
Firmware Synchronization and Upgrade	62
Configuration Maintenance	62
Stack Master Election	62
Factory Defaults Reset Behavior	63
Stack Configuration	63
Stack Port Configuration	66
Stack Port Diagnostics	68
Stack Firmware Synchronization	69
PoE/PoE+ (GS728TPS and GS752TPS Only)	70
PoE Configuration	70
PoE Port Configuration	72
SNMP	75
SNMPv1/v2	75
Trap Configuration	77
Trap Flags	78
SNMP Supported MIBs	79
SNMP v3 User Configuration	79
LLDP	80
LLDP Configuration	81
LLDP Port Settings	82
LLDP-MED Network Policy	83
LLDP-MED Port Settings	85
Local Information	86
Neighbors Information	88
Services — DHCP Snooping	92
DHCP Snooping Global Configuration	93
Interface Configuration	94
Binding Configuration	95
Persistent Configuration	97
Statistics	98
Timer Schedule (GS728TPS and GS752TPS Only)	99
Timer Global Configuration	99
Timer Schedule Configuration	100
3. Configuring Switching Information	102
Ports	102
Port Configuration	102
Flow Control	104
Link Aggregation Groups	105
LAG Configuration	105
LAG Membership	107
LACP Configuration	108
LACP Port Configuration	109
VLANs	110
VLAN Configuration	110
VLAN Membership Configuration	112
Port VLAN ID Configuration	113
MAC Based VLAN	114
Protocol Based VLAN Group Configuration	115
Protocol Based VLAN Group Membership	116
Voice VLAN	118
Voice VLAN Properties	118
Voice VLAN Port Setting	119
Voice VLAN OUI	120
Auto-VoIP	121
Spanning Tree Protocol	122
STP Switch Configuration	123
CST Configuration	125
CST Port Configuration	126
CST Port Status	128
Rapid STP	129
MST Configuration	130
MST Port Configuration	131
STP Statistics	134
Multicast	135
MFDB	135
Auto-Video Configuration	137
IGMP Snooping	138
IGMP Snooping Querier	144
MLD Snooping	147
Forwarding Database	156
MAC Address Table	156
Dynamic Address Configuration	158
Static MAC Address	159
4. Configuring Routing	160
Configuring IP Settings	160
IP Configuration	161
IP Statistics	162
Configuring VLAN Routing	165
VLAN Routing Wizard	165
VLAN Routing Configuration	167
Configuring Router Discovery	168
Router Discovery Configuration	168
Configuring and Viewing Routes	169
Configuring ARP	171
ARP Cache	172
ARP Create	173
Global ARP Configuration	174
ARP Entry Management	175
5. Configuring Quality of Service	177
Class of Service	177
Basic CoS Configuration	178
CoS Interface Configuration	179
Interface Queue Configuration	180
802.1p to Queue Mapping	182
DSCP to Queue Mapping	183
Differentiated Services	184
Defining DiffServ	184
Diffserv Configuration	185
Class Configuration	186
IPv6 Class Configuration	189
Policy Configuration	191
Service Configuration	195
Service Statistics	196
6. Managing Device Security	197
Management Security Settings	197
Change Password	198
RADIUS Configuration	199
Configuring TACACS+	204
Authentication List Configuration	207
Configuring Management Access	210
HTTP Configuration	211
Secure HTTP Configuration	212
Certificate Management	213
Certificate Download	214
Access Profile Configuration	215
Access Rule Configuration	217
Port Authentication	218
802.1X Configuration	219
Port Authentication	220
Port Summary	224
Traffic Control	225
MAC Filter Configuration	225
MAC Filter Summary	227
Storm Control	228
Port Security Configuration	230
Port Security Interface Configuration	231
Security MAC Address	232
Protected Ports Membership	233
Configuring Access Control Lists	234
ACL Wizard	235
MAC ACL	237
MAC Rules	238
MAC Binding Configuration	240
MAC Binding Table	241
IP ACL	242
IP Rules	243
IP Extended Rule	245
IPv6 ACL	248
IPv6 Rules	249
IP Binding Configuration	252
IP Binding Table	254
VLAN Binding Table	255
7. Monitoring the System	256
Ports	256
Switch Statistics	256
Port Statistics	259
Port Detailed Statistics	260
EAP Statistics	266
Cable Test	268
System Logs	270
Memory Logs	270
FLASH Log Configuration	272
Server Log Configuration	274
Trap Logs	276
Event Logs	277
Port Mirroring	278
Multiple Port Mirroring	278
8. Maintaining the System	280
Reset	280
Device Reboot	280
Factory Default	281
Upload File From Switch	282
TFTP File Upload	282
HTTP File Upload	283
Download File To Switch	284
TFTP File Download	285
HTTP File Download	287
File Management	288
Copy	288
Dual Image Configuration	289
Dual Image Status	291
Troubleshooting	292
Ping	292
Ping IPv6	293
Traceroute	294
9. Accessing Help	296
Online Help	296
Support	296
User Guide	297
Registration	298
A. Hardware Specifications and Default Values	300
Switch Specifications	300
GS728TS Specifications	300
GS728TPS Specifications	300
GS752TS Specifications	301
GS752TPS Specifications	301
Switch Performance	301
Switch Features and Defaults	302
Traffic Control	302
Quality of Service	303
Security	303
System Setup and Maintenance	304
System Management	304
Other Features	305
B. Configuration Examples	306
Virtual Local Area Networks (VLANs)	306
VLAN Example Configuration	307
Access Control Lists (ACLs)	308
MAC ACL Example Configuration	309
Standard IP ACL Example Configuration	310
Differentiated Services (DiffServ)	311
Class	312
DiffServ Traffic Classes	312
Creating Policies	313
DiffServ Example Configuration	314
802.1X	315
802.1X Example Configuration	317
MSTP	318
MSTP Example Configuration	320
Configuring VLAN Routing	322
Creating VLAN Routing Interfaces	322
C. Notification of Compliance	323

Match case Limit results 1 per page

316

GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches

The GS728TS, GS728TPS, GS752TS, and GS752TPS switches support a guest VLAN,

which allows unauthenticated users to have limited access to the network resources.

Note:

You can use QoS features to provide rate limiting on the guest VLAN

to limit the network resources the guest VLAN provides.

Another 802.1X feature is the ability to configure a port to Enable/Disable EAPoL packet

forwarding support.You can disable or enable the forwarding of EAPoL when 802.1X is

disabled on the device.

The ports of an 802.1X authenticator switch provide the means in which it can offer services

to other systems reachable via the LAN. Port-based network access control allows the

operation of a switch’s ports to be controlled in order to ensure that access to its services is

only permitted by systems that are authorized to do so.

Port access control provides a means of preventing unauthorized access by supplicants to

the services offered by a system. Control over the access to a switch and the LAN to which it

is connected can be desirable in order to restrict access to publicly accessible bridge ports or

to restrict access to departmental LANs.

Access control is achieved by enforcing authentication of supplicants that are attached to an

authenticator's controlled ports. The result of the authentication process determines whether

the supplicant is authorized to access services on that controlled port.

A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control

interaction:

Authenticator

: A Port that enforces authentication before allowing access to services

available via that Port.

Supplicant

: A Port that attempts to access services offered by the Authenticator.

Additionally, there exists a third role:

Authentication server

: Performs the authentication function necessary to check the

credentials of the Supplicant on behalf of the Authenticator.

All three roles are required in order to complete an authentication exchange.

The GS728TS, GS728TPS, GS752TS, and GS752TPS switches support the Authenticator

role only, in which the PAE is responsible for communicating with the Supplicant. The

Authenticator PAE is also responsible for submitting the information received from the

Supplicant to the Authentication Server in order for the credentials to be checked, which will

determine the authorization state of the Port. The Authenticator PAE controls the

authorized/unauthorized state of the controlled Port depending on the outcome of the

RADIUS-based authentication process.