Home » Netgear Manuals » Hubs & Switches » Netgear FS728TPv2 » Manual Viewer

Netgear FS728TPv2 FS728TP Software Administration Manual - Page 40

Denial of Service, Refresh, SIP=DIP, First Fragment, TCP Fragment, TCP Flag, L4 Port

Add to My Manuals
Save this manual to your list of manuals

Page 40 highlights

FS728TP Smart Switch Software Administration Manual Field Address Last Update Time Description Specifies all the existing Server Addresses. If no Server configuration exists, a message saying "No SNTP server exists" flashes on the screen. Specifies the local date and time (UTC) that the response from this server was used to update the system clock. Last Attempt Time Last Attempt Status Requests Failed Requests Specifies the local date and time (UTC) that this SNTP server was last queried. Specifies the status of the last SNTP request to this server. If no packet has been received from this server, a status of Other is displayed: • Other: None of the following enumeration values. • Success: The SNTP operation was successful and the system time was updated. • Request Timed Out: A directed SNTP request timed out without receiving a response from the SNTP server. • Bad Date Encoded: The time provided by the SNTP server is not valid. • Version Not Supported: The SNTP version supported by the server is not compatible with the version supported by the client. • Server Unsynchronized: The SNTP server is not synchronized with its peers. This is indicated via the 'leap indicator' field on the SNTP message. • Server Kiss Of Death: The SNTP server indicated that no further queries were to be sent to this server. This is indicated by a stratum field equal to 0 in a message received from a server. Specifies the number of SNTP requests made to this server since last agent reboot. Specifies the number of failed SNTP requests made to this server since last reboot. Click Refresh to refresh the page with the most current data from the switch. Denial of Service Use the Denial of Service (DoS) page to configure DoS control. The FS728TP Smart Switch software provides support for classifying and blocking specific types of DoS attacks. You can configure your system to monitor and block six types of attacks: • SIP=DIP: Source IP address = Destination IP address. • First Fragment: TCP Header size is smaller than the configured value. • TCP Fragment: IP Fragment Offset = 1. • TCP Flag: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN set. • L4 Port: Source TCP/UDP Port = Destination TCP/UDP Port. • ICMP: Limiting the size of ICMP Ping packets. 40 | Chapter 2: Configuring System Information

Section	Page
FS728TP Smart Switch	1
Table of Contents	3
1. Getting Started	9
Getting Started with the FS728TP Smart Switch	10
Switch Management Interface	11
Connecting the Switch to the Network	12
Switch Discovery in a Network with a DHCP Server	13
Switch Discovery in a Network without a DHCP Server	15
Configuring the Network Settings on the Administrative System	16
Web Access	18
Smart Control Center Utilities	19
Network Utilities	19
Configuration Upload and Download	20
Firmware Upgrade	22
Viewing and Managing Tasks	24
Understanding the User Interfaces	25
Using the Web Interface	25
Using SNMP	29
Interface Naming Convention	30
2. Configuring System Information	31
Management	32
System Information	32
IP Configuration	33
Time	35
Denial of Service	40
DNS	43
Green Ethernet Configuration	46
PoE	47
PoE Configuration	47
PoE Port Configuration	48
Timer Global Configuration	50
Timer Schedule Configuration	51
SNMP	53
SNMPV1/V2	53
Trap Flags	55
SNMP v3 User Configuration	57
LLDP	58
LLDP Configuration	58
LLDP Port Settings	59
LLDP-MED Network Policy	61
LLDP-MED Port Settings	62
Local Information	63
Neighbors Information	65
Services — DHCP Filtering	70
DHCP Filtering Configuration	70
Interface Configuration	71
3. Configuring Switching Information	73
Ports	74
Port Configuration	74
Flow Control	75
Link Aggregation Groups	77
LAG Configuration	77
LAG Membership	78
LACP Configuration	80
LACP Port Configuration	81
VLANs	82
VLAN Configuration	82
VLAN Membership Configuration	83
Port VLAN ID Configuration	84
Voice VLAN	87
Voice VLAN Properties	87
Voice VLAN Port Setting	88
Voice VLAN OUI	89
Spanning Tree Protocol	91
STP Switch Configuration	91
CST Configuration	93
CST Port Configuration	95
CST Port Status	96
Rapid STP	98
MST Configuration	98
MST Port Configuration	100
STP Statistics	102
Multicast	104
IGMP Snooping	104
IGMP Snooping Querier	112
Forwarding Database	116
MAC Address Table	116
Dynamic Address Configuration	117
Static MAC Address	118
4. Configuring Quality of Service	121
Class of Service	122
Basic CoS Configuration	122
CoS Interface Configuration	123
Interface Queue Configuration	125
802.1p to Queue Mapping	126
DSCP to Queue Mapping	127
Differentiated Services	129
Defining DiffServ	129
Diffserv Configuration	130
Class Configuration	131
Policy Configuration	134
Service Configuration	137
Service Statistics	138
5. Managing Device Security	141
Management Security Settings	142
Change Password	142
RADIUS Configuration	143
Configuring TACACS+	148
Authentication List Configuration	151
Configuring Management Access	153
HTTP Configuration	153
Secure HTTP Configuration	154
Certificate Download	155
Access Profile Configuration	157
Access Rule Configuration	158
Port Authentication	160
802.1X Configuration	160
Port Authentication	161
Port Summary	165
Traffic Control	166
MAC Filter Configuration	166
MAC Filter Summary	168
Storm Control	168
Port Security Configuration	170
Port Security Interface Configuration	171
Security MAC Address	172
Protected Ports Membership	173
Configuring Access Control Lists	174
MAC ACL	174
MAC Rules	175
MAC Binding Configuration	177
MAC Binding Table	178
IP ACL	179
IP Rules	181
IP Extended Rule	182
IP Binding Configuration	185
IP Binding Table	187
6. Monitoring the System	189
Ports	190
Switch Statistics	190
Port Statistics	192
Port Detailed Statistics	193
EAP Statistics	200
Cable Test	201
System Logs	203
Memory Logs	203
FLASH Log Configuration	205
Server Log Configuration	207
Trap Logs	208
Event Logs	210
Port Mirroring	211
Multiple Port Mirroring	211
7. Maintenance	213
Reset	214
Device Reboot	214
Factory Default	214
Upload File From Switch	216
TFTP File Upload	216
HTTP File Upload	217
Download File To Switch	219
TFTP File Download	219
HTTP File Download	221
File Management	223
Dual Image Configuration	223
Dual Image Status	224
Troubleshooting	226
Ping	226
Traceroute	227
8. Help	229
Online Help	229
Support	229
User Guide	230
A. Hardware Specifications and Default Values	232
FS728TP Smart Switch Specifications	232
FS728TP Switch Features and Defaults	233
B. Configuration Examples	237
Virtual Local Area Networks (VLANs)	238
VLAN Example Configuration	239
Access Control Lists (ACLs)	240
MAC ACL Example Configuration	240
Standard IP ACL Example Configuration	242
Differentiated Services (DiffServ)	243
Class	243
DiffServ Traffic Classes	244
Creating Policies	244
DiffServ Example Configuration	245
802.1X	247
802.1X Example Configuration	248
MSTP	250
MSTP Example Configuration	251
C. Notification of Compliance	254

Match case Limit results 1 per page

Chapter 2:

Configuring System Information

FS728TP Smart Switch Software Administration Manual

Click

Refresh

to refresh the page with the most current data from the switch.

Denial of Service

Use the Denial of Service (DoS) page to configure DoS control. The FS728TP Smart Switch

software provides support for classifying and blocking specific types of DoS attacks. You can

configure your system to monitor and block six types of attacks:

•

SIP=DIP

: Source IP address = Destination IP address.

•

First Fragment

: TCP Header size is smaller than the configured value.

•

TCP Fragment

: IP Fragment Offset = 1.

•

TCP Flag

: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP

Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence

Number

0 or TCP Flags SYN and FIN set.

•

L4 Port

: Source TCP/UDP Port = Destination TCP/UDP Port.

•

ICMP

: Limiting the size of ICMP Ping packets.

Field

Description

Address

Specifies all the existing Server Addresses. If no Server configuration exists, a

message saying “No SNTP server exists” flashes on the screen.

Last Update Time

Specifies the local date and time (UTC) that the response from this server was

used to update the system clock.

Last Attempt Time

Specifies the local date and time (UTC) that this SNTP server was last queried.

Last Attempt Status

Specifies the status of the last SNTP request to this server. If no packet has been

received from this server, a status of Other is displayed:

•

Other

: None of the following enumeration values.

•

Success

: The SNTP operation was successful and the system time was

updated.

•

Request Timed Out

: A directed SNTP request timed out without receiving a

response from the SNTP server.

•

Bad Date Encoded

: The time provided by the SNTP server is not valid.

•

Version Not Supported

: The SNTP version supported by the server is not

compatible with the version supported by the client.

•

Server Unsynchronized

: The SNTP server is not synchronized with its

peers. This is indicated via the 'leap indicator' field on the SNTP message.

•

Server Kiss Of Death

: The SNTP server indicated that no further queries

were to be sent to this server. This is indicated by a stratum field equal to 0 in

a message received from a server.

Requests

Specifies the number of SNTP requests made to this server since last agent

reboot.

Failed Requests

Specifies the number of failed SNTP requests made to this server since last

reboot.