Netgear GS728TP GS728TP/GS728TPP/GS752TP Software Administration Manual
Netgear GS728TP Manual
View all Netgear GS728TP manuals
Add to My Manuals
Save this manual to your list of manuals |
Netgear GS728TP manual content summary:
- Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 1
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Software Administration Manual December 2013 202-11137-04 350 East Plumeria Drive San Jose, CA 95134 USA - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 2
GS728TP, and GS728TPP Gigabit Smart Switches Support Thank you for selecting NETGEAR products. After installing your device, locate the serial number on the label of your product and use it to register your product at https://my.netgear.com. You must register your product before you can use NETGEAR - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 3
Information 26 IP Configuration 27 IPv6 Network Configuration 29 IPv6 Network Neighbors 31 Time 32 DNS 36 Green Ethernet Configuration 38 PoE 44 PoE Global Configuration 44 PoE Port Configuration 46 Timer Global Configuration 47 SNMP 50 SNMP v1/v2 50 Trap Flags 53 SNMP Supported MIBs - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 4
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches DHCP Snooping Interface Configuration 69 DHCP Snooping Binding Configuration 70 DHCP Snooping Persistent Configuration 72 Chapter 3 Configuring Switching Information Ports 74 Global Configuration 74 Port Configuration 75 Link Aggregation - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 5
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure VLAN Routing 130 Configure and View Routes 131 Configure ARP 133 ARP Cache 134 ARP Entry Configuration 135 Global ARP Configuration 136 ARP Entry Management 137 Chapter 5 Configure Quality of Service Class of Service 139 Basic - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 6
, GS728TP, and GS728TPP Gigabit Smart Switches MAC ACL 191 MAC Rules 192 MAC Binding Configuration 194 MAC Binding Table 195 IP ACL 196 IP Rules 198 IP Extended Rules 199 IPv6 ACL 202 IPv6 Rules 203 IP Binding Configuration 205 IP Binding Table 206 Chapter 7 Monitoring the System Ports - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 7
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Online Help 244 Support 244 User Guide 244 Registration 246 Appendix A Hardware Specifications and Default Values Switch Features and Defaults 250 Appendix B Configuration Examples Virtual Local Area Networks (VLANs 254 Sample VLAN - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 8
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches by using the web-based graphical user interface (GUI). This manual describes the software configuration procedures and explains the options available within those procedures. These switches are referred to as the NETGEAR switch throughout this - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 9
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Getting Started with the NETGEAR Switch This chapter provides an overview of starting your NETGEAR switch and accessing the user interface. It also describes some actions that can be performed in the Smart Control Center (SCC) application, which - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 10
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Switch Management Interface The NETGEAR switch contains an embedded web server and management software for managing and monitoring switch functions. The switch functions as a simple switch without the management software. However, you can use the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 11
, GS728TP, and GS728TPP Gigabit Smart Switches Connect the Switch to the Network To enable remote management of the switch through a web browser or SNMP, you must connect the switch to the network and configure it with network information (an IP address, subnet mask, and default gateway). The switch - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 12
that has a DHCP server. The DHCP client on the switch is enabled by default. When you connect it to your network, the DHCP server automatically assigns an IP address to your switch. To discover the IP address automatically assigned to the switch, use the Smart Control Center. To install the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 13
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 7. Select your switch by clicking the line that displays the switch, then click the Web Browser Access button. The Smart Control Center displays a login window. The default password is password. Use this screen to manage your switch. For more - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 14
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Switch Discovery in a Network Without a DHCP Server This section describes how to use the Smart Control Center to set up your switch in a network without a DHCP server. If your network has no DHCP service, you must assign a static IP address to - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 15
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 7. Select the Disabled radio button to disable DHCP. 8. Enter the static switch IP address, gateway IP address, and subnet mask for the switch and type your password. Tip: You must enter the current password every time you use the Smart Control - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 16
200. The IP address must be different from the switch's address but within the same subnet. 3. Click OK. To configure a static address on the switch: 1. Use a straight-through cable to connect the Ethernet port on the administrative system directly to any port on the NETGEAR switch. 2. Open a web - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 17
the following software requirements: • Internet Explorer version 7 or later • Firefox version 4 or later To log on to the web interface: 1. Open a web browser and enter the IP address of the switch in the web browser address field. 2. The factory default password is password. Type the password in - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 18
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Navigation tab Configuration menus Help link Logout button tabs along the top of the web interface give you quick access to the various switch functions. The tabs are always available and remain constant, regardless of which feature you - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 19
GS728TP, and GS728TPP Gigabit Smart Switches or select options from drop-down lists. Each screen contains access to the HTML-based help that explains the updated configuration to the switch. Configuration changes take effect immediately. Resets the data on the screen to the latest value of the switch - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 20
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Depending upon the status of the port, the LED of the port status lights. Green indicates that the port is enabled. Red indicates that an error occurred on the port and the link is disabled. The LED of the port speed light in either green or - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 21
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Figure 2. Ports and LEDs on the Switching Devices Click the port you want to view or configure to see a menu that displays statistics If you right-click the graphic, the main menu displays. Figure 4. Device View Drop Down Menus Getting Started 21 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 22
GS728TP, and GS728TPP Gigabit Smart Switches Help Screen Access Every screen contains a link to the online help , which contains information to help configure and manage the switch. The online help screens are context-sensitive. For example, if the IP Addressing The switch software supports the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 23
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 4. Click APPLY. To access configuration information for SNMPv1 or SNMPv2: 1. Select System SNMP SNMPv1/v2 2. Follow the link to the screen that contains the information - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 24
GS728TP, and GS728TPP Gigabit Smart Switches Interface Naming Convention The switch supports physical and logical interfaces. Interfaces are identified by their type and the interface number. The switches support the following ports: • GS752TP. Ports 1-48 are 10/100/1000M AutoSensing Gigabit ports - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 25
2. Configuring System Information 2 Use the features in the System tab to define the switch's relationship to its environment. The System tab contains links to screens described in the following sections: • Management • PoE • SNMP • LLDP • Services-DHCP Snooping 25 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 26
GS728TP, and GS728TPP Gigabit Smart Switches Management This section describes how to display the switch status and specify some basic switch information, such as the management interface IP address to identify this switch. You can use up to 160 alphanumeric characters. The factory default is blank. - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 27
information Field Serial Number System Object ID Date & Time System Up Time Base MAC Address Fan Status Model Name Boot Version Software Version Description The serial number of the switch. The base object ID for the switch's enterprise MIB. The current date and time. Displays the number of days - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 28
. The factory default value is 255.255.255.0. • Default Gateway. The default gateway for the IP interface. 4. Specify the VLAN ID for the management VLAN. The management VLAN is used to establish an IP connection to the switch from a workstation that is connected to a port in the same VLAN. If - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 29
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Note: Make sure that the PVID of at least one port that is a port of the VLAN is the same as the management VLAN ID. For information about creating VLANs and configuring the PVID for a port, see VLANs on page 82. The management VLAN has the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 30
GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. In the Global Configuration Section, configure the following: • Admin Mode. Enable or disable the IPv6 network interface on the switch. The default value is Enable. • IPv6 Address Auto Configuration Mode. The IPv6 address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 31
GS728TP, and GS728TPP Gigabit Smart Switches IPv6 Network Neighbors To view the IPv6 Network Interface Neighbors: Select System Management IPv6 Network Neighbors. The following screen displays: Properties of each neighbor are displayed, as described below: • IPv6 Address action as packets are - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 32
GS728TP, and GS728TPP Gigabit Smart Switches Time The switch software supports the Simple Network Time Protocol (SNTP). You can also set the system time manually received from SNTP servers is evaluated based on the time level and server a server for which the IP address is known. SNTP servers that - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 33
using the CPU's clock cycle. When the clock source is set to Local, the Time Zone Offset field is disabled. 5. Click APPLY to send the updated configuration to the switch. Configuration changes take effect immediately. To configure the time through SNTP: 1. Next to the Clock Source, select SNTP - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 34
SNTP modes the client supports. Multiple modes might be supported by a client. Last Update Time Specifies the local date and time (UTC) the SNTP client last updated the system clock. Server IP Address Specifies the IP address of the server for the last received valid packet. If no message has - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 35
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Enter the appropriate SNTP server information in the following fields: • Server Type. Specifies whether the address for the SNTP server is an IP address (IPv4) or host name (DNS). • Address. Enter the IP address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 36
GS728TP, and GS728TPP Gigabit Smart Switches Table 6. SNTP Server Status Table Fields Field Address Last Update Time Description Specifies all the existing server addresses by default. • Disable. Prevent the switch from sending DNS queries. 3. In the DNS Default Name field, enter a default DNS - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 37
, GS728TP, and GS728TPP Gigabit Smart Switches domain name. For example, if the default domain name is netgear.com and the host name to resolve is test, test.netgear.com is used in DNS resolution queries. 4. in the DNS Server field, enter an IP address representing the DNS server to which the switch - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 38
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Table 7. Dynamic Host Configuration table fields Field Description Host Lists the host name you assign to the specified IP address. Type The type of the dynamic entry. IPv4/IPv6 Address Lists the IP address associated with the host name. - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 39
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Enable or disable the Auto Power Down Mode. • Enable. When the port link is down, the PHY automatically goes down for a short period and then wakes up to check link pulses. This allows the port to continue to - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 40
factory default is Disable. When the port link up at 1 Gbps, the cable length test is performed. If the length of the cable is less than 10 meters, PHYs are put into low-power mode so enough power is used to support a short cable. Do not enable both EEE and Short Cable modes for a port. • EEE - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 41
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. View or configure the Local Device Information: • Interface. The interface to be displayed or configured. • Energy Detect Admin Mode. Select Enable or Disable. • Operational Status. Displays the Energy Detect - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 42
GS728TP, and GS728TPP Gigabit Smart Switches • Remote Tw_sys_tx (uSec). Displays the amount of time the Remote Tw_sys_tx has been present on the port. • Remote Tw_sys_tx Echo (uSec). Displays the amount of time the Remote Tw_sys_tx Echo has been present on the port (Enable or Disable). • Energy - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 43
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • EEE Admin Mode. Displays the EEE Admin mode for each of the local interfaces (Enable or Disable). Configuring System Information 43 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 44
, updating the physical network, or modifying the network infrastructure. The switches support both IEEE802.3 at and af, as follows: • GS728TP. Ports 1-8 support both IEEE802.3 at and af, and ports 9-24 support IEEE802.3af. The maximum power budget is 192 Watts. • GS728TPP. Ports 1-24 support both - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 45
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The PoE Configuration screen displays the fields described below: Table 8. PoE Configuration Information Field Description Power Status Indicates whether the PoE capability is on or off. Nominal Power Indicates the maximum amount of power - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 46
, GS728TP, and GS728TPP Gigabit Smart Switches PoE Port Configuration Use the PoE Port Configuration screen to configure PoE settings on the ports. The following information is displayed for each port: Table 9. PSE Port Information Field Description Admin Mode Indicates whether the port can - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 47
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Select the check box next to one or more of the ports. 3. Configure the settings in the top row for the selected ports: • Admin Mode. Select whether to enable or disable the ability of the port to deliver power. - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 48
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: b. Enter the name of the timer in the Timer Schedule Name field. c. Click ADD. 2. Configure the timer: a. Select System > PoE > Advanced > Timer Schedule Configuration. The following screen displays: Configuring - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 49
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches b. From the Timer Schedule Name list, select one of the timers save the settings for the selected timer. 3. Attach the timer to a port in the PoE Port Configuration screen. See PoE Port Configuration on page 46. Configuring System Information 49 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 50
GS728TP, and GS728TPP Gigabit Smart Switches SNMP From SNMP menu under the System tab, you can configure SNMP settings for SNMP v1/v2 and SNMPv3. SNMP features are described in the following sections: • SNMP v1/v2 • Trap Flags • SNMP Supported known. To change the defaults or to add other communities - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 51
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. To add a new SNMP community, enter community information in the available fields described below. • Management Station IP. Specify the IP address of the management station. Together, the management station IP and - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 52
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Trap Configuration This screen displays an entry for receives SNMP traps: 1. Enter trap configuration information in the following fields: • Recipients IP. The address in x.x.x.x format to receive SNMP traps from this device. • Version. The trap - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 53
is Enable. 3. From the Authentication field, enable or disable activation of authentication failure traps by selecting the corresponding button. The factory default is Enable. 4. Click APPLY. Configuration changes take effect immediately. SNMP Supported MIBs The screen allows you to view a list of - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 54
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To access the Supported MIBS screen, select System SNMP SNMP v1/v2 Supported MIBS. SNMP v3 User Configuration This is the configuration for SNMP v3. The SNMPv3 Access Mode is a read-only field that shows the access privileges - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 55
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The password is used as SNMPv3 authentication password, and you must therefore specify a password. The password must be eight characters in length. 3. Next to Encryption Protocol, select whether to encrypt SNMPv3 packets transmitted by the switch - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 56
GS728TP, and GS728TPP Gigabit Smart Switches disabled separately per port. By default, both the transmit and receive functions are enabled on all ports. The application is responsible for starting each transmit and receive state machine appropriately, based (manufacturer, software and hardware - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 57
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: Note: You can also access of LLDP packets sent when the LLDP-MED Fast Start mechanism is initialized. This occurs when a new endpoint device links with the LLDP-MED network connectivity device. The default value is - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 58
both transmitting and receiving LLDP PDUs on the selected ports. This value is the default value. • Disabled. Do not transmit or receive LLDP PDUs on the selected ports. • Management IP Address. Select whether to advertise the management IP address from the interface. The possible values are: • Stop - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 59
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Optional TLVs. Enable or disable the transmission of optional type-length value (TLV) information from the interface. The TLV information includes the system name, system description, system capabilities, and port description. For information - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 60
GS728TP, and GS728TPP Gigabit Smart Switches • User Priority. The priority associated with the policy. • DSCP. The DSCP associated with a particular policy type. LLDP-MED Port Optional TLVs list, select Enable or Disable to specify whether the port must transmit optional type length values (TLVs - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 61
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Inventory 6. Click APPLY to apply the new settings to the system. Configuration changes take effect immediately. Local Information Use the LLDP Local Information screen to view the data that each port advertises through LLDP. To display the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 62
, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays information for the selected port: The following table describes the detailed local information that displays for the selected port: Table 10. Detailed local information. Field Description Managed Address Address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 63
GS728TP, and GS728TPP Gigabit Smart Switches Field Operational MAU Type MED Details Capabilities Supported Current Capabilities Device Class Network Policies Application Type VLAN ID VLAN capabilities enabled on the port. Displays the TLVs advertised by the port. Network Connectivity indicates that - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 64
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: The following table describes the information that displays for all LLDP neighbors that have been discovered: Table 11. LLDP neighbors information. Field Description MSAP Entry Displays the Media Service - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 65
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays information for the selected port: The following table describes the information that displays for a selected port: Table 12. Port Details Field Port Details Local Port MSAP Entry Basic Details Chassis ID Subtype - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 66
plus location, 911, Layer 2 switch support, and device information management capabilities. Hardware Revision The hardware version advertised by the remote device. Firmware Revision The firmware version advertised by the remote device. Software Revision The software version advertised by the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 67
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Civic Coordinates ECS ELIN Unknown Network Policies Application Type VLAN ID VLAN Type User Priority DSCP LLDP Unknown TLVs Type Value Description The physical location, such as the street address, the remote device has advertised in the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 68
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Services-DHCP Snooping DHCP snooping is a useful feature that contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information that corresponds to each of the local untrusted interfaces of a switch. An - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 69
, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Next to DHCP Snooping Mode, select Enable or Disable to turn the DHCP snooping feature on or off. The factory default is disabled. 3. Next to MAC Address Validation, select Enable or Disable to turn on or off the MAC - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 70
the check box in the heading row. 5. Select the Trust Mode for the selected ports or LAGs. If you select Enable, DHCP snooping application considers the port as trusted. The factory default is disabled. 6. Click APPLY to apply the change to the system. Configuration changes take effect immediately - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 71
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. In the Static Binding Configuration section, in the Interface list, select the interface for which to add a binding to the DHCP snooping database. 3. In the MAC Address field, specify the MAC address for the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 72
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field VLAN ID IP Address Lease Time Description The VLAN for the binding entry in the binding database. The valid range of the VLAN ID is 1-4093. The IP address for the binding entry in the binding database. The remaining lease time for the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 73
Information 3 Use the features you access from the Switching tab to define Layer 2 features. The Switching tab contains links to features described in the following sections: • Ports • Link Aggregation Groups • VLANs • Voice VLAN • Auto-VoIP Configuration • Spanning Tree Protocol • Multicast - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 74
jumbo frames are not enabled (default), the system supports packet size up to 2048 bytes. For jumbo frames to take effect, the switch must be rebooted after the feature is enabled. To configure global configuration settings: 1. Select Switching Ports > Global Configuration. The following screen - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 75
GS728TP, and GS728TPP Gigabit Smart Switches • Enable. The switch sends pause packets if the port buffers become full. • Disable. The switch does not send pause packets if the port buffers become full. 3. View the Jumbo Frames Status. 4. In the Jumbo Frames After Reset list, select Enable or Disable - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 76
's duplex mode and transmission rate. The factory default is Auto. • Physical Status. Indicates the physical port's speed and duplex mode. • Link Status. Indicates whether the link is up or down. • MAC Address. Displays the physical address of the specified interface. • ifIndex. The ifIndex of the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 77
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Link Aggregation Groups Link aggregation groups (LAGs), which are also known as port channels sharing. You assign the LAG VLAN membership after you create a LAG. The LAG by default becomes a member of the management VLAN. A LAG interface can be - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 78
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The Disable from the list. When the LAG (port channel) is disabled, no traffic flows and LAGPDUs are dropped, but the links that form the LAG (port channel) are not released. The factory default is Enable. • STP Mode. Select Enable or Disable - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 79
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches LAG Membership Use the LAG Membership screen to select two or more full-duplex Ethernet links to aggregate together to form a link aggregation group (LAG), which is also known as a port-channel. The switch can treat the port channel as if it were - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 80
from 1 to 65535. The default value is 32768. 3. Click APPLY to send the updated configuration to the switch. Configuration changes take effect immediately. LACP Port Configuration To configure LACP port priority settings: 1. Select Switching LAG Advanced LACP Port Configuration. Configuring - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 81
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Select the check box next to the port to configure. You can select multiple ports to apply the same settings to all selected ports. Note: You cannot select ports that are not participating in a LAG. 3. Configure - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 82
of the tag, in which case the first switch port to receive the packet can either reject it or insert a tag using its default VLAN ID. A given port can handle traffic for more than one VLAN, but it can support only one default VLAN ID. From the VLAN menu, you can access the features described in - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 83
changes take effect immediately. To reset VLAN settings on the switch to the factory defaults: 1. Select the Reset Configuration check box 2. Click OK in the pop-up message to confirm the operation. If the Management VLAN is set to a non-default VLAN (VLAN 1), it is automatically set to - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 84
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches VLAN Membership Configuration Use this screen to configure VLAN port membership for a particular VLAN. You can select the Group Operation through this screen. To configure VLAN membership: 1. Select Switching VLAN Advanced VLAN Membership - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 85
, GS728TP, and GS728TPP Gigabit Smart Switches In the following screen, ports 6, 7, and 8 are being added as tagged members to VLAN 2. 6. From the Group Operations list, select an identical configuration for all the ports. The possible values are: • Tag All. All frames transmitted for this VLAN are - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 86
of the VLAN identified by the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID specified for the port that received this frame. • Disable. All frames are forwarded in accordance with the IEEE 802.1Q VLAN standard. The factory default is Enable. Configuring Switching Information - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 87
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 6. In the Port Priority field, specify the default 802.1p priority assigned to untagged packets arriving at the port. Possible values are 0-7. 7. Click APPLY to send the updated configuration to the switch. Configuration changes take effect - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 88
, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Next to Voice VLAN Status, enable or disable (default) voice VLAN on the switch. If the switch does not handle traffic from IP phones, the status must be disabled. 3. From the Voice VLAN ID list, select the voice VLAN - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 89
to be configured and click the GO button. 4. From the Voice VLAN Mode list, specify whether to enable or disable voice VLAN on the selected port. 5. Click APPLY to send the updated configuration to the switch. Note: The Membership field displays whether the current operational status of the voice - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 90
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • 00:E0:75. VERILINK • 00:E0:BB. 3COM • 00:04:0D. AVAYA1 • 00:1B:4F. AVAYA2 You can select an existing OUI or add a new OUI and description to identify the IP phones on the network. To configure OUI settings: 1. Select Switching Voice VLAN - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 91
GS728TP, and GS728TPP Gigabit Smart Switches Auto-VoIP Configuration Auto-VoIP automatically makes sure that time-sensitive voice traffic is given priority over data traffic on ports that have this feature enabled. Auto-VoIP checks for packets on the same port, the manual QoS assignment might - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 92
. The entry corresponding to the specified port is selected. 4. Select Enable or Disable from the Auto-VoIP Mode drop-down list, as the Auto-VoIP administrative mode for the interface. 5. Click APPLY to send the updated configuration to the switch. Spanning Tree Protocol The Spanning Tree Protocol - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 93
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches STP Configuration The STP Switch Configuration screen contains fields for enabling STP on the switch. To configure STP settings on the switch: 1. Select Switching STP Basic STP Configuration. The following screen displays: 2. Next to - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 94
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The Forward BPDU while STP Disabled field specifies whether spanning tree BPDUs should be forwarded or not while spanning-tree is disabled on the switch. 6. Click APPLY to send the updated configuration to the switch. Configuration changes take - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 95
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 2. Specify values for CST in the following fields: • Bridge Priority. Specify the bridge priority value for the Common and Internal Spanning Tree (CST). When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 96
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Table 15. MSTP Status Information. Field MST ID VID FID Description Table consisting of the MST instances (including the CST) and the corresponding VLAN IDs associated with each of them. Table consisting of the VLAN IDs and the corresponding - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 97
, GS728TP, and GS728TPP Gigabit Smart Switches • STP Status. Enable or disable the Spanning Tree Protocol administrative mode associated with the port or port channel. • Fast Link. Specifies if the specified port is an edge port with the CST. Possible values are Auto, Enable, or Disable. The default - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 98
the following values: Root, Designated, Alternate, Backup, Master, or Disabled. Root bridge for the CST. It is made up using the bridge priority and the base MAC address of the bridge. Displays cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 99
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field CST Regional Root CST Path Cost Port Forwarding State Description Displays the bridge priority and base MAC address of the CST regional root. Displays the path cost to the CST tree regional root. Displays the forwarding state of this port - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 100
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Fast Link Status Description Indicates whether the port is enabled as an edge port. The forwarding state of this port. MST Configuration Use the MST Configuration screen to configure Multiple Spanning Tree (MST) on the switch. To - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 101
the bridge identifier of the root bridge, which is made up from the bridge priority and the base MAC address of the bridge. Root Path Cost Displays the path cost to the designated root for this MST instance. Root Port Indicates the port to access the designated root for this MST instance. MST - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 102
, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: Note: If no MST instances have been configured on the switch, the screen displays a "No MSTs Available" message. 2. To view CST settings for an interface, click PORTS, LAGS, or All. 3. Select the check box next to the port - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 103
values: Root, Designated, Alternate, Backup, Master, or Disabled. Root bridge for the selected MST instance. It is made up using the bridge priority and the base MAC address of the bridge. Displays cost of the port participating in the STP topology. Ports with a lower cost are less likely to be - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 104
that traffic is unnecessary. When a packet enters the switch, the destination MAC address is combined with the VLAN ID, and a search is performed in the Layer 2 Multicast Forwarding Database. If no match is found, the packet is either flooded to all ports in the VLAN or discarded, depending on the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 105
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. In the Search by MAC Address field, enter the MAC address whose : • MAC Address. The multicast MAC address for which you requested data. • VLAN ID. The VLAN ID to which the multicast MAC address is related - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 106
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches MFDB Statistics To access the MFDB Statistics screen, click Switching Multicast MFDB MFDB entries in the MFDB table. Auto-Video Configuration If the switch supports devices or applications running multicast traffic, the Auto-Video feature - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 107
traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group. Class D IP addresses identify host groups, which range from 224.0.0.0 to 239.255.255.255. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 108
segments should receive packets directed to the group address. • Disable. The switch does not snoop IGMP packets. 3. Select whether to block unknown multicast addresses. • Enable. Packets with unknown multicast MAC addresses in the destination field are dropped. Configuring Switching Information 108 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 109
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Disable. Packets with unknown destination multicast MAC addresses are processed. 4. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately. The following table displays information about the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 110
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Table 21. IGMP Snooping Table. Field Description MAC Address A multicast MAC address for which the switch has forwarding and filtering information. The format is six 2-digit hexadecimal numbers that are separated by colons, for example, 01: - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 111
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches the Layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that Multicast group without first sending out MAC-based general queries to the interface. You should enable fast leave admin mode only on VLANs - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 112
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches IGMP Snooping Querier Configuration Use this screen to enable or disable the IGMP Snooping Querier feature, specify the IP address of the router to perform the querying, and configure the related parameters. To configure IGMP Snooping Querier - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 113
the snooping querier IP address to be used as the source address in periodic IGMP queries sent on the specified VLAN. 3. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately. To disable Snooping Querier on a VLAN, select the VLAN ID and click - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 114
expiry interval timer expires, the snooping switch moves into querier mode. • Disabled. The snooping querier is not operational on the VLAN. The snooping querier moves to disabled mode when IGMP snooping is not operational on the VLAN, when the querier address is not configured, or the network - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 115
packets and bridge IPv6 multicast data based on destination IPv6 multicast MAC addresses. The switch can be configured to perform MLD snooping and IGMP snooping simultaneously. The MLD snooping link contains features described in the following sections: • MLD Snooping Configuration • MLD VLAN - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 116
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Next to MLD Snooping admin mode, enable or disable the administrative mode for MLD Snooping for the switch. The default is disabled. The VLAN IDs Enabled For MLD Snooping section displays VLAN IDs enabled for MLD - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 117
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. In the VLAN ID field, select the VLAN IDs for which MLD snooping is enabled. 3. In the Admin Mode field, enable MLD Snooping for the specified VLAN ID. 4. In the Fast Leave Admin Mode field, enable or disable the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 118
In the Multicast Router field, enable or disable multicast router on the selected interface. 5. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately. Static Multicast Address The Static Multicast Address link feature contains features described in - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 119
table contains up to 32 multicast service groups. To add a multicast group: 1. Select Switching Multicast Static Multicast Address Multicast Group Configuration. The following screen displays: 2. Select the VLAN ID. • VLAN ID. Displays the VLAN ID. • VLAN Name. Displays the user-defined - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 120
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configuration changes take place immediately. Multicast Group Membership The multicast Group Membership screen displays the ports and LAGs attached to the selected VLAN and the multicast service group. The Port and LAG tables also reflect the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 121
to a neighboring multicast router or switch. Once IGMP snooping is enabled, multicast packets are forwarded only to the appropriate port or VLAN. To configure the Multicast Forward All feature: 1. Select Switching Multicast Static Multicast Address Multicast Forward All. The following - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 122
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Static. The port receives all multicast manually. 5. Click APPLY to send the updated configuration to the switch. Forwarding Database The forwarding database maintains a list of MAC addresses after having received a packet from this MAC address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 123
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. In the Search By field, select whether to search for MAC addresses by MAC address, VLAN ID, or interface. • MAC Address: Select MAC Address and enter a 6-byte hexadecimal MAC address in 2-digit groups separated - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 124
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Interface Status Description The port where this address was learned: that is, this field displays the port through which the MAC address can be reached. The status of this entry. The possible values are: • Static. The entry was added - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 125
, GS728TP, and GS728TPP Gigabit Smart Switches Static MAC Address Use the Static MAC Address Configuration page to configure and view static MAC addresses on an interface. To configure a static MAC address: 1. Select Switching > Address Table > Advanced > Static MAC Address. 2. Select the VLAN ID - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 126
The switch supports IP routing. Use the menus under the Routing tab to manage routing on the system. This chapter contains the following sections: • Configure IP Settings • Configure VLAN Routing • Configure and View Routes • Configure ARP When a packet enters the switch, the destination MAC address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 127
before you can route through any of the interfaces. Routing is enabled or disabled per VLAN interface. The default value is router mode. 3. Click APPLY to send the updated configuration to the switch. Switching a routing mode requires a reboot. The configuration file is not deleted during the reboot - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 128
, GS728TP, and GS728TPP Gigabit Smart Switches Configure VLAN Routing You can configure the switch software with some ports supporting VLANs and some supporting routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port. When a port is - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 129
, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. In the VLAN ID field specify a VLAN ID. This VLAN identifier (VID) associated with this VLAN is created if it does not exist. The valid range is 1-4093. 3. In the IP Address field, specify the IP address of the VLAN - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 130
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure VLAN Routing Use the VLAN Routing Configuration screen to view information about the VLAN routing interfaces configured on the system or to assign an IP address and subnet mask to VLANs on the system. To configure VLAN routing - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 131
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure and View Routes From the Routing Table screen, you can configure static and default routes and view the routes that the NETGEAR switch has already learned. To configure routes: 1. Select Routing Routing Table. The following screen - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 132
the routes the switch already has in its routing table. Table 24. Learned Routes Table Fields Field Route Type Network Address Subnet Mask Protocol Next Hop Interface Next Hop IP Address Preference Description Indicates whether the learned route is a static or default route. The IP route prefix - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 133
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Configure ARP The Address Resolution Protocol (ARP) associates a Layer 2 MAC address with a Layer 3 IPv4 address. The switch software features both dynamic and manual ARP configuration. With manual ARP configuration, you can statically add - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 134
fields display: • Interface. The routing interface associated with the ARP entry. • IP Address. The associated IP address of a device on a subnet attached to one of the switch's existing routing interfaces. • MAC Address. The unicast MAC address of the device. • Type. The type of the ARP entry. The - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 135
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches ARP Entry Configuration To add a static entry to the ARP table: 1. Select Routing ARP > Advanced ARP Create. The following screen displays: 2. In the IP Address field, specify the IP address that you want to add. It must be the IP address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 136
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Global ARP Configuration Use the Global ARP range is 15 - 21,600 seconds. The default value is 1200 seconds. 3. Click APPLY to send the updated configuration to the switch. Configuration changes take place immediately. Configuring Routing 136 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 137
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches ARP Entry Management Use this screen to remove entries IP address of an entry to remove from the ARP table. • None. Select if you do not want to delete any entry from the ARP Table. 3. Click APPLY to send the updated configuration to the switch - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 138
sections: • Class of Service • Differentiated Services In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 139
for the mapping table to be of any use, so default actions are performed when this is not the case. These actions involve directing the packet to a specific CoS level configured for the ingress port as a whole, based on the existing port default priority as mapped to a traffic class by the current - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 140
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. From the Global Trust Mode menu, specify whether to trust a particular packet marking at ingress. Global Trust Mode can be only one of the following: • Untrusted. Do not trust any CoS packet marking at ingress. • - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 141
GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Select the type of interface for CoS settings to be configured: To configure CoS settings for a physical port, link aggregation group (LAG), or both, click PORTS shaping rate configured. The default value is 0. The value - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 142
GS728TP, and GS728TPP Gigabit Smart Switches Queue Configuration Use the Queue Configuration screen to define what a particular queue does by configuring switch egress queues. User-configurable parameters control the amount of bandwidth used by the queue and the scheduling of packet not per port. - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 143
default. • Strict. Services traffic with the highest priority on a queue first. • Queue Management Type. Displays the type of packet management used for all packets, which is Taildrop. All packets on a queue are safe until congestion occurs. At this point, any additional packets queued are dropped - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 144
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches DSCP to Queue Mapping Use the DSCP to Queue a hardware queue to associate with the value. The traffic class is the hardware queue for a port. Higher traffic class values indicate a higher queue position. Before traffic in a lower queue is sent - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 145
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Differentiated Services The QoS feature provides Differentiated Services (DiffServ) support that enables traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors. For more information, see - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 146
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To view DiffServ general status group IP packets with a new value based on the DSCP Violate Action Mapping table. The switch uses the new values to assign resources and the egress queues to these packets. The switch also physically replaces - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 147
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches DSCP values 16, 24, and 48, the DSCP violate action mapping changes the incoming values as they are mapped to the outgoing values. To configure - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 148
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: All the previously defined classes are displayed. 2. Enter the new class name. 3. Select the class type, and click Add. The switch supports only the Class Type value All, which means all the various match criteria - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 149
and the mask. • Destination MAC. Enter the destination MAC address and the mask. • Protocol Type. Select the protocol type. If you select Other, enter a protocol number in the field that appears. • Source IP. Enter a valid source IP address in dotted-decimal format. Configure Quality of Service 149 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 150
, GS728TP, and GS728TPP Gigabit Smart Switches • Source L4 Port. Select the desired L4 keyword from the list on which the rule can be based. The options are Other, domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, or www. If you select Other, enter a user-defined port ID. • Destination IP - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 151
, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Enter the new class name. 3. Select the class type, and click Add. The switch supports only the Class Type value All, which means all the various match criteria defined for the class must be satisfied for a packet match - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 152
GS728TP, and GS728TPP Gigabit Smart Switches a match condition to the specified class definition whereby all packets are considered to belong to the class. In this case L4 Port. Select a known destination Layer 4 ports. If you select Other, enter a protocol number in the field that appears. • IP DSCP - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 153
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Policy Configuration Use the Policy Configuration screen to associate a collection of classes with one or more policy the policy attributes: 1. In the Policy Configuration screen, click the name of the policy. Configure Quality of Service 153 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 154
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The Policy Attribute section of the screen is the highest). • Drop. Select this option to drop packets for this policy-class. • Mark VLAN CoS. Select the specified Class of Service queue number to mark all packets for the associated traffic - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 155
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Committed Rate. The committed rate is the average Drop. These packets are immediately dropped. 4. Click APPLY to send the updated configuration to the switch. Configuration changes take effect immediately. Service Configuration Use the Service - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 156
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. To configure DiffServ policy settings for a physical port, link aggregation group (LAG) or both, click PORTS, LAGS or ALL, respectively. 3. Select the check box next to the port or LAG to configure. You can - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 157
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: The following fields are displayed: • Interface. The interface for which service statistics display. • Direction. The direction of packets for which service statistics display, which is always In. • Policy Name. The - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 158
6. Managing Device Security 6 Use the features available from the Security tab to configure management security settings for port, user, and server security. The Security tab contains menus that provide links to screens described in the following sections: • Management Security Settings • - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 159
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Management Security Settings From the Management Security menu, you can configure the login password, Remote Authorization Dial-In User Service (RADIUS) settings, Terminal Access Controller Access Control System (TACACS+) settings, and - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 160
of a lost password, press the Factory Default Reset button on the front panel for more than two seconds to restore the factory default. The reset button only reboots the device. Configure RADIUS Settings RADIUS servers provide authentication, authorization, and accounting services for networks. The - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 161
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: The Current Server IP Address field is blank if no servers are configured (see RADIUS Server Configuration on page 162). The switch supports up to three configured RADIUS servers. If more than one RADIUS server is - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 162
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches RADIUS Address field, specify the IP address of the RADIUS server to add. 3. In the Authentication Port field, specify the UDP port number the server uses to verify the RADIUS server authentication. The valid range is 0-65535. The default port - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 163
2. In the Accounting Server Address field, specify the IP address of the RADIUS accounting server to use. 3. In the Port field, specify the UDP port number the server uses to verify the RADIUS accounting server authentication. The valid range is 0-65535. The default port for RADIUS accounting is UDP - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 164
, GS728TP, and GS728TPP Gigabit Smart Switches • Authentication. Provides authentication during login using user names and user-defined passwords. + settings for communication between the switch and the TACACS+ server you configure through the inband management port. To configure global TACACS+ - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 165
, GS728TP, and GS728TPP Gigabit Smart Switches 3. In the Connection Timeout field, specify the maximum number of seconds allowed to establish a TCP connection between the switch and the TACACS+ server. The valid range is 1-30 seconds. The default is 5 seconds. 4. Click APPLY to update the switch - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 166
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 6. In the Connection Timeout field, specify the amount of time that passes before the connection between the device and the TACACS+ server times out. The field range is 1-30 seconds. The default value is 5. 7. Click ADD. Note: The ADD option is - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 167
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Select the check box are selected. Possible methods are as follows: • Local. The user's locally stored ID and password is used for authentication. Since the local method does not time out, if you select this - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 168
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 4. From the list in the 2 column, select the list. 6. Click APPLY to update the switch with the HTTP Authentication settings. HTTPS Authentication List Use the HTTPS Authentication List to configure the default HTTPS login list. To - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 169
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Local. The user's locally stored ID and password is used for authentication. Since the local method does when you first create a login list. 6. Click APPLY to update the switch with the HTTPS Authentication settings. Managing Device Security 169 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 170
GS728TP, and GS728TPP Gigabit Smart Switches Configure Management Access From the Access tab, you can configure HTTP and Secure HTTP access to the switch and must reenter the password to access the management interface. A value of zero corresponds to an infinite timeout. The default value is 5 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 171
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. Click APPLY to update the switch with disable the administrative mode of Secure HTTP. The default value is Disable. You can download SSL certificates only when the HTTPS Admin mode is disabled. 3. In the HTTPS Port field, specify the TCP port - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 172
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches After the session is inactive for the configured amount of time, the administrator is automatically logged out and must reenter the password to access the management interface. The default value is 5 minutes. The maximum number of HTTPS sessions - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 173
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Import Certificates. Select this option to import certificate files. In the Certificate field, Public Key field and Private Key fields, paste the certificate, public key - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 174
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 1. In the Access access profile. The access profile must be deactivated before removal. 3. Click APPLY to update the switch with the new settings. The Profile Summary field displays the access rules for the profile - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 175
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. In the Rule Type field, select Permit or Deny as the action to be performed when the rule is matched. 3. In the Service Type field, select HTTP, Secure HTTP (SSL), or SNMP. The access rule is restricted according - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 176
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Port Authentication In port-based authentication mode, when 802.1x is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 177
, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Next to the Port Based Authentication State, select the radio button to enable or disable 802.1x administrative mode on the switch. • Enable. Port-based authentication is permitted on the switch. • Disable. The switch - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 178
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Port Authentication Use the Port Authentication screen to enable and configure port access control on one or more ports. To configure 802.1x settings for the port: 1. Select Security Port Authentication > Advanced Port Authentication. Note: - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 179
state. The switch cannot provide authentication services to the client through the interface. • MAC Based. Authentication is based on the MAC address. MAC authentication requires that a guest VLAN be configured on the switch, and that the port be enabled for guest VLAN. The guest VLAN is configured - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 180
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches take place between supplicant and authenticator. The unauthorized controlled port exerts control over communication in both directions (disabling both incoming and outgoing frames). This field is not configurable. • Protocol Version. Displays the - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 181
GS728TP, and GS728TPP Gigabit Smart Switches Select Security Port Authentication Advanced Port Summary. The following screen displays: Table 25 describes the fields on the Port Summary screen. Table 25. Port Summary Fields Field Port Control Mode Operating Control Mode Description The port - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 182
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Field Reauthentication Enabled Port Status Description Displays if reauthentication is enabled on the selected port. This is a configurable field. The possible values are TRUE and FALSE. If the value is TRUE, reauthentication occurs. Otherwise, - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 183
, GS728TP, and GS728TPP Gigabit Smart Switches Traffic Control From the Traffic Control menu, you can configure MAC filters, storm control, port security, and protected port settings. The Traffic Control folder contains links to features described in the following sections: • Storm Control • Port - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 184
unknown packets are forwarded. The range is a percentage of the total threshold between 0-100%. The default is 5%. Storm control is configured as a percentage of the maximum port speed. 6. Click APPLY to update the switch with the new settings. Port Security Interface Configuration A MAC address can - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 185
valid range is 0-600. The default value is 600. • Enable Violation Traps. Select Yes or No to enable or disable the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port. 5. Click APPLY to update the switch with the new settings. Security - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 186
MAC addresses table fields. Field VLAN ID MAC Address Description The VLAN ID corresponding to the last violation MAC address. The MAC addresses learned on a specific port. Protected Ports If a port is configured as protected, it does not forward traffic to any other protected port on the switch - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 187
GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Click the orange bar to display the available ports. 3. Click the box below each port to configure it as a protected port. Protected ports are marked with a √. No traffic forwarding is possible between two protected ports - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 188
. The switch software supports IPv4 and MAC ACLs. To configure an ACL, first create an IPv4-based or MAC-based ACL ID. Then, create a rule and assign it to a unique ACL ID. Next, define the rules, which can identify protocols, source, and destination IP and MAC addresses, and other packet-matching - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 189
GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. From the ACL Type list, select the ACL type used to create the ACL. You can select from 10optional types: • ACL Based on Destination MAC. Creates an ACL based on the destination MAC address, destination MAC mask, and VLAN - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 190
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Note: The Rule ID, Disable. • In the remaining two fields, specify data according to Table 27. Table 27. ACL fields according to selected ACL type. ACL Based on Fields Destination MAC • Destination MAC. Specify the destination MAC address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 191
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches ACL Based on Fields Destination IPv6 L4 • Destination L4 port (protocol). Specify the destination IPv6 L4 port protocol. Port • Destination L4 port (value). Specify the destination IPv6 L4 port value. Source IPv6 L4 Port • Source L4 port ( - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 192
. Displays the direction of packet traffic affected by the MAC ACL, which can be Inbound or blank. To change the name of a MAC ACL, select the check box next to the Name field, update the name, then click APPLY. MAC Rules Use the MAC Rules screen to define rules for MAC-based ACLs. The access list - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 193
available. • CoS. Requires a packet's Class of Service (CoS) to match the CoS value listed here. Enter a CoS value between 0-7 to apply this criteria. • Destination MAC. Requires an Ethernet frame's destination port MAC address to match the address listed here. Enter a MAC address in this field. The - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 194
Value from the EtherType drop-down list. The value you enter specifies a customized EtherType to compare against an Ethernet frame. The valid range is 0x0600-0xFFFF. • Source MAC. Requires a packet's source port MAC address to match the address listed here. Enter a MAC address in this field. The - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 195
GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 1. From the ACL ID list, select an existing MAC ACL. The packet filtering direction for ACL is Inbound, which means the MAC ACL rules are applied to traffic entering the port access list replaces the currently attached - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 196
click DELETE. IP ACL IP ACLs allow network managers to define classification actions and rules for specific ingress ports. Packets can be filtered on ingress (inbound) ports only. If the filter rules match, some actions can be taken, including dropping the packet or disabling the port. For example - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 197
, GS728TP, and GS728TPP Gigabit Smart Switches ACLs are composed of access control entries (ACE), or rules, that consist of the filters that determine traffic classifications. Use the IP ACL screen to add or remove IP-based ACLs. To configure an IP ACL: 1. Select Security ACL > Advanced IP ACL - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 198
, GS728TP, and GS728TPP Gigabit Smart Switches IP Rules Use the IP Rules screen to define rules for IP-based standard IP ACL rule. You can create up to ten rules for each ACL. • Action. Select an ACL forwarding action: • Permit. Forwards packets which meet the ACL criteria. • Deny. Drops packets - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 199
, GS728TP, and GS728TPP Gigabit Smart Switches • Disable. Match Every is exclusive to the other filtering rules, so if Match Every is enabled, the other rules on the screen are not available. • Src IP Address. Requires a packet's source IP address to match the address listed here. Enter an IP address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 200
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches In the following screen, an extended IP ACL exists, and two IP ACL rule. You can create up to ten rules for each ACL. • Action. Select an ACL forwarding action: • Permit. Forwards packets which meet the ACL criteria. • Deny. Drops packets which - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 201
rule can be based. • Source L4 Port Number: If the source L4 keyword is Other, enter a user-defined Port ID by which packets are matched to the rule. • Destination IP Address. Requires a packet's destination port IP address to match the address listed here. Enter an IP address using dotted-decimal - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 202
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Destination L4 Port Number: If the destination L4 keyword is Other, enter a user-defined port ID by which packets are matched to the rule. • Service Type. Select one of the Service Type match conditions for the extended IP ACL rule. The - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 203
GS728TP, and GS728TPP Gigabit Smart Switches 2. In the IPv6 ACL field, configure the name of IPv6 ACL. • The number of the rules associated with the IP using the IPv6 ACL screen. By default, no specific value is in effect for IP ACL for which to create or update a rule. Managing Device Security 203 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 204
GS728TPP Gigabit Smart Switches The following screen appears: 3. Configure the settings for the new rule. • Rule ID. Enter a whole number in the range of 1-10 that is used to identify the rule. An IPv6 ACL might have up to 10 rules. • Action. Specify what action must be taken if a packet Disable for - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 205
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Select keyword other from the drop-down list, and specify the number of the port. The valid range is 0 - 65535. • Select one of the keywords from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP, TELNET, TFTP, and WWW. Each - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 206
GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Select an existing IP ACL from the ACL ID menu. The packet filtering direction for ACL is Inbound, which means the IP ACL rules are applied to traffic entering the port specified access list replaces the currently attached - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 207
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To display the IP Binding Table, click Security ACL > Advanced IP Binding Table. The following screen displays: The following table describes the information displayed in the IP Binding Table. Table 29. IP Binding table fields. Field - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 208
the features available from the Monitoring tab to view various information about the switch and its ports and to configure how the switch monitors events. The Monitoring tab contains menus that provide access to the following features: • Ports • Logs • Mirroring • System Resources Utilization 208 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 209
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Ports The screens available from the Ports menu contain various information about the number and type of traffic transmitted from and received on the switch. From the Ports menu, you can access the following sections: • Switch Statistics • Port - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 210
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Multicast Packets Received. The total number of packets received that were directed to a multicast address. This number does not include packets directed to the broadcast address. • Broadcast Packets Received. The total number of packets - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 211
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: The following fields are displayed: • Interface. The ports on the system. • Total Packets Received Without Errors. The total number of packets received that were without errors. • Packets Received With Error. The - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 212
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Port Detailed Statistics The Port Detailed Statistics screen displays a variety of per-port traffic statistics. To display a summary of per-port traffic statistics and clear or refresh the counters: 1. Select Monitoring Ports Port Detailed - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 213
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • STP Mode. The Spanning Tree Protocol (STP) administrative mode for the port or LAG. The possible values for this field are: • Enable. Spanning Tree Protocol is enabled for this port. • Disable. Spanning Tree Protocol is disabled for this port. - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 214
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Packets Received 128-255 Octets. The total number of packets (including bad packets) received that were 128 through 255 octets in length inclusive (excluding framing bits but including FCS octets). • Packets Received 256-511 Octets. The total - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 215
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • 802.3x Pause Frames Received. A count of MAC control frames received on this interface with an operation code indicating the pause operation. This counter does not increment when the interface is operating in half-duplex mode. • Total Packets - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 216
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches EAP Statistics Use the EAP Statistics screen to display information about EAP packets received on a specific port. To display a EAP Statistic: 1. Select Monitoring Ports EAP Statistics. The following screen displays: 2. Select the interface - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 217
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Length Error Frames Received. The number of EAPOL frames with an invalid packet body length received on this port. • Response/ID Frames Received. The number of EAP respond ID frames that have been received on the port. • Response Frames - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 218
GS728TP, and GS728TPP Gigabit Smart Switches This can be done by either clicking the check box by the required port or by entering the port name in the Go to Interface field and clicking Go. 3. Click APPLY to execute the test per port log stores messages in memory based on the settings for message - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 219
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To configure the Buffered Logs settings: 1. Select Monitoring Logs Buffered Logs. The following screen displays: 2. In the Admin Status field select Enable to enable system logging or Disable to disable it. 3. In the Behavior field, select - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 220
to allow the switch to send log messages to the remote logging hosts configured on the system. To add a remote log server: 1. Select Monitoring Logs Server Log. The following screen displays: 2. Specify the following settings and click Add. • Host Address. Specify the IP address or host name - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 221
GS728TP, and GS728TPP Gigabit Smart Switches • Port. Specify the port on the host to which syslog messages are sent. The default port only be performed by qualified support personnel. The Status field in • Click Cancel to reset the data o the latest value of the switch. Trap Logs Use the Trap - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 222
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches To view SNMP traps: • Select Monitoring Logs Trap Logs. The following screen displays: The Number of Traps Since Last Reset field is displayed. Note: Check the detailed contents of the reported traps through the SNMP trap server. This - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 223
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Mirroring The screen you access from the Mirroring menu enables you to view and configure port mirroring on the system. Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch. - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 224
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Enable. Multiple-port mirroring is active on the selected port (that is, on all the configured source ports). • Disable. Port mirroring is not active on the selected port, but the mirroring information is retained. 5. From the Direction list, - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 225
GS728TP, and GS728TPP Gigabit Smart Switches System Resources Utilization The switch architecture uses a Ternary Content Addressable Memory (TCAM) to support packet DiffServe. Number of TCAM entries used by Dynamic VLAN (DVA) • DHCP Snooping. Number of TCAM entries used by DHCP snooping Monitoring - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 226
8. Maintenance 8 Use the features available from the Maintenance tab to help you manage the switch. The Maintenance tab contains menus that provide access to the following features: • Reset • Upload a File from the Switch • Download a File to the Switch • File Management • Troubleshooting 226 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 227
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Reset The Reset menu contains links that provide access to the features described in the following sections: • Device Reboot • Factory Default Device Reboot Use the Device Reboot screen to reboot the switch. To reboot the switch: 1. Select - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 228
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Note: If you reset the switch to the default configuration, the IP address is reset to 192.168.0.239, and the DHCP client is enabled. If you loose network connectivity after you reset the switch to the factory defaults, see Connect the Switch to - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 229
to translate the contents for the switch to understand. The most common usage of text-based configuration is to download a working configuration from a device, edit it offline to personalize it for another similar device (for example, change the device name, IP address), and upload it to that device - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 230
file. • Buffered Log. Retrieve the syslog file. The factory default is Archive. 3. From the Server Address Type field, select the format to use for the address you type in the Server Address field: • IPv4. The TFTP server address is an IP address in dotted-decimal format. • DNS. The TFTP server - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 231
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches When the transfer actually begins, the last row using an HTTP session (for example, through your web browser). To upload a file from the switch to another system by using HTTP: 1. Select Maintenance Upload HTTP File Upload. The following - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 232
to translate the contents for the switch to understand. The most common usage of text-based configuration is to upload a working configuration from a device, edit it offline to personalize it for another similar device (for example, change the device name, IP address), and download it to that device - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 233
-based configuration file. • Boot. Code that runs when the switch is brought up. It performs initiation actions and loads the software. 3. From the Server Address Type field, select the format for the address you type in the TFTP Server Address field: • IPv4. The TFTP server address is an IP address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 234
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 7. Select the Start File Transfer switch. For more information, see Download File Types on page 232. • Archive. Software image file. Note: The system always downloads the software image to the non-active image. • Text Configuration. A text-based - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 235
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. In the Select File field, enter the name of . The active image is loaded during subsequent switch restarts. This feature reduces switch down time when upgrading or downgrading the switch software. The File Management menu contains links that - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 236
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. In the Image Name field, select one of the images from the list. The Current-active field displays the name of the active image. 3. To configure a descriptive name for the selected software image, type the name - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 237
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: The Dual Image Status screen displays the following: • Image1 Ver. The version of the image1 code file. • Image2 Ver. The version - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 238
Smart Switches Troubleshooting The Troubleshooting menu contains links that provide access to the features described in the following sections: • Ping • Ping IPv6 • Traceroute • Remote Diagnostics Ping Use the Ping screen to instruct the switch to send a ping request to a specified IP address. You - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 239
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The initial value is blank. This information is not packet to send. The valid range is 0-65507. • The Results field displays the result after the switch sends a ping request to the specified address. 4. Click APPLY to send the ping. The switch - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 240
, GS728TP, and GS728TPP Gigabit Smart Switches 2. In the Ping field, select either Global or Link Global to select either the global IPv6 Address or host name or link local address to ping. 3. Optionally, configure the following settings: • In the IPv6 Address/Host Name field, enter the IPv6 address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 241
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. In the IP Address/Hostname field, specify the IP address or the host name of the station you want the switch to ping. The initial value is blank. This information is not retained across a power cycle. 3. - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 242
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Next to Remote Diagnostics, select Enable or Disable. 3. Click APPLY to send the updated configuration to the switch. Configuration changes occur immediately. Maintenance 242 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 243
9. Help 9 Use the features available from the Help tab to connect to online resources for assistance, and to register your device. 243 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 244
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Online Help The Online Help link provides links to the sections described in the following sections: • Support • User Guide Support Use the Support screen to connect to the online support site at netgear.com. To connect to online support: 1. - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 245
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. To access the user guide that is available online, click APPLY. Help 245 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 246
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Registration Use the Registration screen to register your switch. Completing the registration confirms your email address, lowers technical support resolution time, and ensures your shipping address accuracy. NETGEAR makes an effort to - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 247
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches The following screen displays: 2. Click REGISTER to register the switch. The switch attempts to contact the NETGEAR registration server. If the switch successfully contacts the registration server, the NETGEAR product registration screen opens in - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 248
power. GS728TPP. All 24 ports are PoE+ providing 30W of DC power. This model includes an external power supply to support the increased power requirements. Four 100/1000M SFP ports (port 25-29 or 49-52) to support optical module 32 MB 128 MB DDR2 Feature Switching capacity Forwarding method Packet - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 249
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Feature MAC addresses Green Ethernet Value 8 K Automatic power-down on port when link is down, short cable mode and EEE mode Hardware Specifications and Default Values 249 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 250
GS728TP, and GS728TPP Gigabit Smart Switches Switch Features and Defaults Feature Sets Supported Default Auto negotiation/static speed/duplex All ports Auto-negotiation Auto MDI/MDIX N/A Enabled 802.3x flow control/back pressure 1 (per system) Disabled Port mirroring 1 destination port - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 251
All IP addresses allowed Port MAC lock down All ports Disabled Boot code update 1 N/A DHCP/manual IP 1 DHCP enabled/192.168.1.1 Default gateway 1 192.168.0.254 System name configuration 1 NULL Configuration save/restore 1 N/A Firmware upgrade 1 N/A Factory default reset 1 (web - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 252
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Feature Number of ARP cache entries Number of DHCP snooping bindings Number of DHCP static entries MLD snooping Sets Supported Default 1024 in switch mode, N/A approximately 100 in router mode 8K N/A 1024 N/A N/A N/A Hardware - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 253
B. Configuration Examples B This chapter contains information about how to configure the following features: • Virtual Local Area Networks (VLANs) • Access Control Lists (ACLs) • Differentiated Services (DiffServ) • 802.1x • MSTP • Configure VLAN Routing with Static Route 253 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 254
, router-based security measures can be used to restrict access to each VLAN. Packets received by the switch are treated in the following way: • When an untagged packet enters a port, it is automatically tagged with the port's default VLAN ID tag number. Each port has a default VLAN ID setting - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 255
, GS728TP, and GS728TPP Gigabit Smart Switches • Packets leaving the switch are either tagged or untagged, depending on the setting for that port's VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged. Inversely, a T for a given port - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 256
enables ACLs to be bound to physical ports and LAGs.The switch software supports MAC ACLs and IP ACLs. Sample MAC ACL Configuration The following example shows how to create a MAC-based ACL that permits Ethernet traffic from the Sales department on specified ports and denies all other traffic on - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 257
following example shows how to create an IP-based ACL that prevents any IP traffic from the Finance department from being allowed on the ports that are associated with other departments. Traffic from the Finance department is identified by each packet's network IP address. Configuration Examples 257 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 258
Table on page 206. The IP ACL in this example matches all packets with the source IP address and subnet mask of the Finance department network and denies it on the Ethernet interfaces 2, 3, and 4 of the switch. The second rule permits all non-Finance traffic on the ports. The second rule is required - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 259
Layers 2, 3, and 4 by inspecting the following information for a packet: • Source and destination MAC addresses • EtherType • Class of Service (802.1 p priority) value (first or only VLAN tag) • VLAN ID range (first or only VLAN tag) • IP service type octet (also known as: ToS bits, precedence value - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 260
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Layer 4 protocol (such as TCP or UDP) • Layer 4 source and destination ports • Source and destination IP addresses From a DiffServ point of view, there are two types of classes: • DiffServ traffic classes • DiffServ service levels or forwarding - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 261
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches • Dropping. Drops a packet upon arrival. This is useful for emulating access control list operation using DiffServ, especially when DiffServ and ACL cannot co-exist on the same interface. • Marking IP DSCP. Marks and remarks the DiffServ code - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 262
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 3. Configure the following settings for Class1: • Protocol Type. UDP • Source IP Address. 192.12.1.0 • Source Mask. 255.255.255.0 • Source L4 Port. Other, and enter 4567 as the source port value • Destination IP Address. 192.12.2.0 • Destination - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 263
to enable or disable EAPoL packet forwarding support. You can disable or enable the forwarding of EAPoL when 802.1x is disabled on the device. The ports of an 802.1x authenticator switch provide the means to offer services to other systems reachable through the LAN. Port-based network access control - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 264
, GS728TP, and GS728TPP Gigabit Smart Switches A port access entity (PAE) is able to adopt one of the following roles within an access control interaction: • Authenticator. A port that enforces authentication before allowing access to services available through that port. • Supplicant. A port that - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 265
, GS728TP, and GS728TPP Gigabit Smart Switches You can configure more settings to control access to the network through the ports. See Port Security Interface Configuration on page 184 for information about the settings. 4. Click APPLY. 5. In the 802.1x Configuration screen, set the port-based - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 266
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches MSTP Spanning Tree Protocol (STP) runs on bridged networks to help eliminate loops. If a bridge loop occurs, the network can become flooded with traffic. IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) supports multiple instances of spanning - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 267
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches receive and transmit port, per VLAN basis, as any VLAN can be in only one MSTI or CIST). For example, port A can be forwarding for example 1 while discarding for example 2. The port states have changed since IEEE 802.1D specification. To support - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 268
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Ports g1-g5 connected to hosts Ports g1-g5 connected to hosts Ports g6-g8 connected to Switch 2 and 3 Switch 1 root bridge Switch 2 Ports g6-g8 connected to Switch 1 and 2 Ports g1-g5 connected to hosts Switch 3 Perform the following - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 269
Root bridge for MST instance 2. Switch 3 has hosts in the Sales department (ports g1, g2, and g3) and in the Human Resources department (ports g4 and g5). Switches 1 and 2 also have hosts in the Sales and HR departments. The hosts connected from Switch 2 use VLAN 500, MST instance 2 to communicate - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 270
NETGEAR switches it is accomplished by creating Layer 3 interfaces (switch virtual interfaces [SVI]). When a port is enabled for bridging (default) rather than routing, all normal bridge processing is performed for an inbound packet, which is then associated with a VLAN. Its MAC destination address - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 271
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Note: You can use the VLAN Routing Wizard for creating VLANs, adding ports, and enabling them for routing by assigning the IP address and mask. Configuration Examples 271 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 272
22 port-based 176 RADIUS 160, 162 SNMP 22, 53, 55 TACACS+ 163 authentication list configuration 166 auto-video configuration 106 Auto-VoIP configuration 91 B basic CoS configuration 139 C cable tests 217 certificate management 172 change password 159 class of service 139 connect the switch to - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 273
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches E EAP statistics 216 EAPOL 216 F factory defaults 227 Fan Status LED 20 firmware download 232 flow control 74 forwarding database address table 122 G Green Ethernet configuration 38 details 40 interface configuration 39 summary 42 guest VLAN 264 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 274
configuration 160 server 160 Rapid STP (RSTP) 99 registration of switch 246 remote diagnostics 241 reset configuration to defaults 227 menu 227 routing table 131 VLANs 128 S security MAC address 185 SNMP 50 community configuration 50 supported MIBs 53 trap configuration 52 trap flags 53 traps 52 - Netgear GS728TP | GS728TP/GS728TPP/GS752TP Software Administration Manual - Page 275
Protocol (STP) 92 SSL 171 static multicast address 118 storm control 183 STP configuration 93 support 244 switch features and defaults 250 management interface 10 switch discovery in a network without a DHCP server 14 switch software management 235 system information 26 system resources utilization
350 East Plumeria Drive
San Jose, CA 95134
USA
December 2013
202-11137-04
GS752TP, GS728TP, and GS728TPP
Gigabit Smart Switches
Software Administration Manual