Home » Netgear Manuals » Hubs & Switches » Netgear GS724TPv2 » Manual Viewer

Netgear GS724TPv2 User Manual - Page 202

Con Port Authentication, Rule Type, Permit, Service Type, Secure HTTP SSL, Source IP Address

Add to My Manuals
Save this manual to your list of manuals

Page 202 highlights

NETGEAR 24-Port Gigabit Smart Managed Pro Switch with PoE+ and 2 SFP Ports Model GS724TPv2 6. From the Rule Type menu, select Permit or Deny to permit or deny access when the selected rules are matched. A Permit rule allows access by traffic that matches the rule criteria. A Deny rule blocks traffic that matches the rule criteria. 7. From the Service Type menu, select the access method to which the rule is applied. The policy is restricted by the selected access method. Possible access methods are HTTP, Secure HTTP (SSL), and SNMP. 8. In the Source IP Address field, enter the source IP address of the client originating the management traffic. 9. In the Mask field, specify the subnet mask of the client that originates the management traffic. 10. In the Priority field, assign a priority to the rule. The rules are validated against the incoming management request in ascending order of their priorities. If a rule matches, the action is performed and subsequent rules below that are ignored. For example, if a source IP 10.10.10.10 is configured with priority 1 to permit, and source IP 10.10.10.10 is configured with priority 2 to deny, then access is permitted if the profile is active, and the second rule is ignored. 11. Click the Add button. The access rule is added. Configure Port Authentication With port-based authentication, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the default authentication mode. An 802.1X network includes three components: • Authenticators. The port that is authenticated before system access is permitted. • Supplicants. The host connected to the authenticated port requesting access to the system services. • Authentication Server. The external server, for example, the RADIUS server that performs the authentication on behalf of the authenticator, and indicates whether the user is authorized to access system services. Manage Device Security 202

Section	Page
24-Port Gigabit Smart Managed Pro Switch with PoE+ and 2 SFP Ports Model GS724TPv2	1
Contents	3
1. Get Started	8
Switch Management Interface Overview	9
Change the Default IP Address of the Switch	9
Discover a Switch in a Network With a DHCP Server	10
Discover a Switch in a Network Without a DHCP Server	11
Configure the Network Settings on Your Computer	12
Access the Web Browser–Based Management Interface	15
About the User Interfaces	15
Software Requirements to Use the Web Interface	15
Supported Web Browsers	16
Use a Web Browser to Access the Switch and Log In	16
Navigation Tabs, Configuration Menus, and Page Menu	17
Configuration and Status Options	18
Web Interface Buttons	18
User-Defined Fields	18
Web Browser–Based Management Interface Device View	19
Interface Naming Conventions	21
Configure Interface Settings	21
Context-Sensitive Help and Access to the Support WebSite	25
User Guide	26
Register Your Product	27
2. Configure System Information	28
View and Configure the Switch Management Settings	29
View or Define System Information and View Software Information	29
Configure the Switch IP Settings	31
Configure the IPv6 Network Interface	33
View the IPv6 Network Neighbor	34
Configure the Time Settings	35
Configure Denial of Service Settings	50
Configure DNS Settings	52
Configure Green Ethernet Settings	56
Use the Device View	58
Configure PoE	58
Configure PoE Trap Settings and View PoE Information	59
Configure the PoE Port Settings	60
Configure SNMP	63
Configure the SNMPv1/v2 Community	63
Configure SNMPv1/v2 Trap Settings	65
Configure SNMPv1/v2 Trap Flags	68
View the Supported MIBs	69
Configure SNMP V3 Users	70
Configure LLDP	71
Configure LLDP Global Settings	71
Configure LLDP Port Settings	73
View LLDP-MED Network Policy Information	74
Configure LLDP-MED Port Settings	76
View Local LLDP Information	77
View LLDP Neighbors Information	79
Configure DHCP Snooping	82
Set Up PoE Timer Schedules	87
Create a PoE Timer Schedule	87
Specify the Settings for a PoE Timer Schedule	88
Delete a PoE Timer Schedule	90
3. Configure Switching	92
Configure Port Settings	93
Configure Link Aggregation Groups	95
Configure LAG Settings	96
Configure LAG Membership	97
Set the LACP System Priority	98
Set the LACP Port Priority Settings	99
Configure VLANs	100
Configure VLAN Settings	101
Configure VLAN Membership	103
View VLAN Status	105
Configure Port PVID Settings	106
Configure a Voice VLAN	108
Configure Auto-VoIP	110
Configure Protocol-Based Port Settings	110
Configure Auto-VoIP OUI-Based Properties	111
Configure OUI-Based Port Settings	112
Manage the OUI Table	113
Display the Auto-VoIP Status	116
Configure Spanning Tree Protocol	117
Configure STP Settings	117
Configure CST Settings	119
Configure CST Port Settings	121
View CST Port Status	122
View Rapid STP Information	124
Manage MST Settings	125
Configure the MST Port Settings	127
View STP Statistics	130
Configure Multicast	131
View the MFDB Table	131
View the MFDB Statistics	132
IGMP Snooping Overview	133
Configure IGMP Snooping	134
Configure IGMP Snooping for Interfaces	135
View the IGMP Snooping Table	137
Configure IGMP Snooping for VLANs	138
Modify IGMP Snooping Settings for a VLAN	139
IGMP Snooping Querier Overview	140
Configure IGMP Snooping Querier	140
Configure IGMP Snooping Querier for VLANs	141
Display IGMP Snooping Querier for VLAN Status	142
Configure a Static Multicast Group	143
Remove a Static Multicast Group	144
Configure Multicast Group Membership	145
Configure the Multicast Forward All Option	147
View and Configure the MAC Address Table	148
Configure the MAC Address Table	148
Set the Dynamic Address Aging Interval	150
Configure a Static MAC Address	151
4. Configure Quality of Service	152
Manage Class of Service	153
CoS Configuration Overview	153
Configure Global CoS Settings	153
Configure CoS Interface Settings for an Interface	155
Configure CoS Queue Settings for an Interface	156
802.1p to Queue Mapping	158
DSCP to Queue Mapping	159
Manage Differentiated Services	160
DiffServ Configuration Overview	161
Configure DiffServ Settings	161
Enable the DiffServ Mode and View the DiffServ Status	161
Configure a DiffServ Class	163
Configure a DiffServ Policy	168
Configure the DiffServ Service Interface	174
View DiffServ Service Statistics	176
5. Manage Device Security	178
Configure the Management Security Settings	179
Change the Password	179
Configure RADIUS Servers	180
Configure TACACS+	189
Configure Authentication Lists	191
Configure Management Access	194
Configure HTTP Settings	194
Configure HTTPS Settings	195
Manage Certificates	197
Download Certificates	198
Configure Access Control	200
Configure Access Rule Settings	201
Configure Port Authentication	202
Configure Global 802.1X Settings	203
Manage Port Authentication	204
View the Port Summary	208
Configure Traffic Control	210
Manage MAC Filtering	210
MAC Filter Summary	212
Configure Storm Control	212
Configure Port Security	214
Configure Protected Ports	218
Configure Access Control Lists	219
Use the ACL Wizard to Create a Simple ACL	220
Configure a MAC ACL	225
Configure MAC ACL Rules	227
Configure MAC Bindings	231
View or Delete MAC ACL Bindings in the MAC Binding Table	233
Configure an IP ACL	234
Configure Rules for a Basic IP ACL	236
Configure Rules for an Extended IP ACL	240
Configure IP ACL Interface Bindings	244
View or Delete IP ACL Bindings in the IP ACL Binding Table	246
6. Monitor the System	248
Monitor the Switch and the Ports	249
View Switch Statistics	249
View Port Statistics	252
View Detailed Port Statistics	254
View EAP Statistics	260
Perform a Cable Test	262
Configure and View Logs	263
Manage the Memory Logs	263
Message Log Format	265
Manage the Flash Log	266
Manage the Server Log	267
View the Trap Logs	270
Configure Port Mirroring	272
7. Maintenance	275
Reboot the Switch	276
Reset the Switch to Its Factory Default Settings	276
Upload a File From the Switch	277
Upload a File to the TFTP Server	277
Upload a File Using HTTP	279
Download a File to the Switch	280
Download a File to the Switch Using TFTP	280
Download a File to the Switch Using HTTP	282
Manage Files	284
Configure Dual Image Settings	284
Delete an Image	285
Display the Dual Image Status	286
Perform Troubleshooting	287
Ping an IPv4 Address	287
Ping an IPv6 Address	288
Enable and Perform Remote Diagnostics	289
A. Configuration Examples	291
Virtual Local Area Networks (VLANs)	292
VLAN Configuration Examples	293
Access Control Lists (ACLs)	294
MAC ACL Sample Configuration	294
Standard IP ACL Sample Configuration	295
Differentiated Services (DiffServ)	296
Class	297
DiffServ Traffic Classes	298
Creating Policies	298
DiffServ Example Configuration	299
802.1X	300
802.1X Example Configuration	302
MSTP	303
MSTP Example Configuration	305
B. Specifications and Default Settings	307
Switch Default Settings	308
General Feature Default Settings	309
System Setup and Maintenance Settings	314
Port Characteristics	315
Traffic Control Settings	315
Quality of Service Settings	316
Security Settings	316
System Management Settings	317

Match case Limit results 1 per page

Manage Device Security

202

NETGEAR 24-Port Gigabit Smart Managed Pro Switch with PoE+ and 2 SFP Ports Model GS724TPv2

From the

Rule Type

menu, select

Permit

Deny

to permit or deny access when the

selected rules are matched.

A Permit rule allows access by traffic that matches the rule criteria. A Deny rule blocks

traffic that matches the rule criteria.

From the

Service Type

menu, select the access method to which the rule is applied.

The policy is restricted by the selected access method. Possible access methods are

HTTP,

Secure HTTP (SSL)

, and

SNMP

In the

Source IP Address

field, enter the source IP address of the client originating the

management traffic.

In the

Mask

field, specify the subnet mask of the client that originates the management

traffic.

10.

In the

Priority

field, assign a priority to the rule.

The rules are validated against the incoming management request in ascending order of

their priorities. If a rule matches, the action is performed and subsequent rules below that

are ignored. For example, if a source IP 10.10.10.10 is configured with priority 1 to permit,

and source IP 10.10.10.10 is configured with priority 2 to deny, then access is permitted if

the profile is active, and the second rule is ignored.

11.

Click the

Add

button.

The access rule is added.

Configure Port Authentication

With port-based authentication, when 802.1X is enabled globally and on the port, successful

authentication of any one supplicant attached to the port results in all users being able to use

the port without restrictions. At any given time, only one supplicant is allowed to attempt

authentication on a port in this mode. Ports in this mode are under bidirectional control. This

is the default authentication mode.

An 802.1X network includes three components:

•

Authenticators

. The port that is authenticated before system access is permitted.

•

Supplicants

. The host connected to the authenticated port requesting access to the

system services.

•

Authentication Server

. The external server, for example, the RADIUS server that

performs the authentication on behalf of the authenticator, and indicates whether the user

is authorized to access system services.