Configuracion de Netgear
Configuracion de Netgear
Configuracion de Netgear
NETGEAR, Inc.
April 2019 350 East Plumeria Drive
202-11910-02 San Jose, CA 95134, USA
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
Support
Thank you for purchasing this NETGEAR product. You can visit https://www.netgear.com/support/ to register your
product, get help, access the latest downloads and user manuals, and join our community. We recommend that you
use only official NETGEAR support resources
Trademarks
© NETGEAR, Inc., NETGEAR, and the NETGEAR Logo are trademarks of NETGEAR, Inc. Any non-NETGEAR
trademarks are used for reference purposes only.
Revision History
2 User Manual
Contents
3
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
4 User Manual
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
5 User Manual
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
6 User Manual
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
Chapter 7 Maintenance
Reboot the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Reset the Switch to Its Factory Default Settings . . . . . . . . . . . . . . . . . . . . 324
Export a File From the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325
Use TFTP to Export a File From the Switch to a TFTP Server . . . . . . . 325
Use HTTP to Export a File from the Switch to a Computer . . . . . . . . . 326
Download a File to the Switch or Update the Firmware. . . . . . . . . . . . . . .327
Use TFTP to Download a File to the Switch or Update the
Software Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Use HTTP to Download a File to the Switch or Update the
Software Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Manage Software Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .332
Copy a Software Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Configure Dual Image Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
View the Dual Image Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Enable Remote Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
7 User Manual
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
8 User Manual
1
1 Get Started
This user manual describes how you can configure and operate the NETGEAR S350 Series
24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches with 2 or 4 SFP
Ports by using the local browser–based management interface.
The manual describes the software configuration procedures and explains the options that are
available within those procedures for the following models:
• GS324T. S350 Series 24-Port Gigabit Ethernet Smart Managed Pro Switch with
2 SFP Ports
• GS324TP. S350 Series 8-Port Gigabit PoE+ Ethernet Smart Managed Pro Switch with
2 SFP Ports
• GS348T. S350 Series 48-Port Gigabit Ethernet Smart Managed Pro Switch with
4 SFP Ports
This chapter provides an overview of how you can start your switch and access the local
browser–based management interface.
The chapter contains the following sections:
• Available Publications
• Switch Management and Discovery Overview
• Options to Change the Default IP Address of the Switch
• Discover or Change the Switch IP Address
• About the User Interfaces
• Access the Local Browser Interface
• Navigation Tabs, Configuration Menus, and Page Menu
• Change the Language of the Local Browser Interface
• Use the Device View of the Local Browser Interface
• Interface Naming Conventions
• Configure Interface Settings
• Context-Sensitive Help and Access to the Support WebSite
• Access the User Guide Online
• Register Your Product
9
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
Note: For more information about the topics covered in this manual, visit the
support website at netgear.com/support.
Note: Firmware updates with new features and bug fixes are made available
from time to time at netgear.com/support/download/. Some
products can regularly check the site and download new firmware, or
you can check for and download new firmware manually. If the
features or behavior of your product does not match what is described
in this guide, you might need to update your firmware.
Available Publications
The following guides are available at netgear.com/support/download/:
• Installation Guide
• Hardware Installation Guide
To change the default IP address of the switch, use one of the following methods:
• Dynamic assignment through DHCP. DHCP is enabled on the switch by default. If you
connect the switch to a network with a DHCP server, the switch obtains its network
information automatically. You can use the Smart Control Center to discover the
automatically assigned network information. For more information, see Discover the
Switch in a Network With a DHCP Server on page 12.
• Static assignment through the Smart Control Center. If you connect the switch to a
network that does not include a DHCP server, you can use the Smart Control Center to
assign a static IP address, subnet mask, and default gateway. For more information, see
Discover the Switch in a Network Without a DHCP Server on page 13.
• Static assignment by connecting from a local host. If you do not want to use the
Smart Control Center to assign a static address, you can connect to the switch from a
computer in the 192.168.0.0/24 network and change the settings by using the local
browser interface on the switch. For information about how to set the IP address on the
computer so that it is in the same subnet as the default IP address of the switch, see
Configure a Static IP Address From a Directly Connected Computer on page 16.
Note: For more information about the SCC program, see the SCC user manual,
which you can download by visiting netgear.com/support/download/.
Note: For more information about the SCC program, see the SCC user manual,
which you can download by visiting netgear.com/support/download/.
Tip: You must enter the current password each time that you use the
Smart Control Center to update the switch settings. The default
password is password.
To install the NETGEAR Switch Discovery Tool, discover the switch in your network,
and access the local browser interface of the switch:
1. Download the Switch Discovery Tool by visiting
netgear.com/support/product/netgear-switch-discovery-tool.aspx.
Depending on the computer that you are using, download either the Mac version or the
version for a 64-bit Windows-based computer.
2. Temporarily disable the firewall, Internet security, antivirus programs, or all of these on the
computer that you use to configure the switch.
3. Unzip the Switch Discovery Tool files, double-click the .exe or .dmg file (for example,
NETGEAR+Switch+Discovery+Tool+Setup+1.2.101.exe or
NetgearSDT-V1.2.101.dmg), and install the program on your computer.
The installation process places a NETGEAR Switch Discovery Tool icon on your
desktop.
4. Reenable the security services on your computer.
5. Power on the switch.
The DHCP server assigns the switch an IP address.
6. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection. The computer and the switch must be on the
same Layer 2 network.
7. Open the Switch Discovery Tool.
To open the program, double-click the NETGEAR Switch Discovery Tool icon on your
desktop.
The initial page displays a menu and a button.
8. From the Choose a connection menu, select the network connection that allows the Switch
Discovery Tool to access the switch.
9. Click the Start Searching button.
The Switch Discovery Tool displays a list of Smart Managed Plus Switches that it
discovers on the selected network.
For each switch, the tool displays the IP address.
10. To access the local browser interface of the switch, click the ADMIN PAGE button.
The login page of the local browser interface opens.
11. Enter the switch password.
The default password is password. The password is case-sensitive.
The Switch Information page displays.
To use the NETGEAR Insight mobile app to discover the switch in your network:
1. On your iOS or Android mobile device, go to the app store, search for NETGEAR
Insight, and download and install the app.
2. Connect your mobile device to the WiFi network of the WiFi router or access point to which
the switch is connected.
3. Open the NETGEAR Insight mobile app.
4. Select LOG IN to log in to your existing NETGEAR account or tap the CREATE NETGEAR
ACCOUNT button to create a new account.
After you log in to your account, the IP address of the switch displays in the device list.
5. Write down the IP address for future use.
Note: If you already disabled the DHCP client and assigned a static IP
address to the switch, change the IP settings of your computer to be in
the same subnet as the static IP address.
For more information about changing the IP settings on your computer, see one of the
following knowledge base articles at the NETGEAR website:
• Windows-based computer. See the following article:
https://kb.netgear.com/27476/How-to-set-a-static-IP-address-in-Windows
• Mac. See the following article:
https://kb.netgear.com/000037250/Setting-a-static-IP-address-on-your-network-a
dapter-in-Mac-OS-for-direct-access-to-an-access-point
(The Mac article is written for an access point but is also valid for a switch.)
2. Connect your computer to the switch using an Ethernet cable.
3. Power on the switch by connecting its power cord.
4. Launch a web browser.
5. In the address field of your web browser, enter the IP address of the switch.
If you did not disable the DHCP client and assigned a static IP address to the switch,
enter 192.168.0.239.
The login window opens.
6. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
7. Select System > Management > IP Configuration.
The IP Configuration page displays.
8. Select the Static IP Address radio button.
9. Configure the IP address, subnet mask, and default gateway to be assigned to the switch.
10. Click the Apply button.
Your settings are saved.
Disconnect the Ethernet cable and return the network configuration on your computer to the
original settings.
Navigation tabs
Logout button
Configuration menus Language menu
Help page
Buttons
Page menu
Link
Submenu
links
Button Function
Add Clicking the Add button adds the new item configured in the heading row of a table.
Apply Clicking the Apply button to save your settings. Configuration changes take effect immediately.
Cancel Clicking the Cancel button cancels the configuration on the page and resets the data on the page
to the previous values of the switch.
Refresh Clicking the Refresh button refreshes the page with the latest information from the device.
User-Defined Fields
User-defined fields can contain 1 to 159 characters, unless otherwise noted on the
configuration web page. All characters can be used except for the ones stated in the
following table (unless specifically noted in a procedure for a feature).
Table 2. Invalid characters for user-defined fields
\ <
/ >
* |
Depending upon the link status of the port, both the port and the associated port LED
display green, yellow, or black:
• Green. The port is linking at a speed of 1 Gbps.
• Yellow. The port is linking at a speed of 10 Mbps or 100 Mbps.
• Black or gray. No link is present.
For models GS324T and GS324TP, the associated port LED is at the upper left of the
panel. For model GS348T, the associated port LED is above the port.
For model GS324TP, depending on the PoE status of the port, the associated PoE LED
at the lower left of the panel is either green, yellow, or black:
• Green. The port is delivering PoE power.
• Yellow. A PoE fault occurred.
• Black or gray. The port is not delivering PoE power.
6. Click a port to open a menu that displays statistics and configuration options.
You can select a menu option to access the page that contains the configuration or
monitoring options.
If you right-click the graphic, but do not right-click a specific port, the main menu displays.
This menu contains the same options as the navigation tabs at the top of the page.
The following figure shows the details on the Device View page for model GS324TP.
Right-click the specific port that you want to view or configure to see a menu that displays
statistics and configuration options. Select the menu option to access the page that
contains the configuration or monitoring options.
The system LEDs are located on the left side of the front panel.
Physical The physical ports are Gigabit Ethernet interfaces and are g1, g2, g12
numbered sequentially starting from 1.
Link aggregation group (LAG) LAG interfaces are logical interfaces that are used only for l1, l2, l3
bridging functions.
CPU management interface This is the internal switch interface that is associated with the c1
switch base MAC address. The interface is not configurable
and is always listed in the MAC Address Table.
Many of the pages that allow you to configure or view interface settings include links to
display all ports, all LAGs, or all ports and LAGs on the page.
Use these links as follows:
• To display all ports, click the 1 link.
• To display all LAGs, click the LAG link.
• To display all ports and LAGs, click the All link.
The procedures in this section describe how to select the ports and LAGs to configure. The
procedures assume that you are already logged in to the switch. If you do not know how to
log in to the switch, see Navigation Tabs, Configuration Menus, and Page Menu on
page 20.
The row for the selected interface is highlighted, and the interface number appears in the
heading row.
3. Configure the desired settings.
4. Click the Apply button.
Your settings are saved.
From the local browser interface, you can access the NETGEAR support website at
netgear.com/support.
To access the user manual online from the local browser interface:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
31
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
Field Description
System Object OID The base object ID for the switch's enterprise MIB.
System Up Time The time in days, hours, and minutes since the last switch reboot.
You can view the current temperature of the temperature sensors. The maximum
temperature of the temperature sensors depends on the hardware.
6. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the status information that displays in the Temperature Sensors
section.
Table 5. Temperature sensors information
Field Description
Max Temp (C) The maximum temperature of the CPU and MAC components. The switch
shuts down if it exceeds the maximum temperature.
Note: The fan status information is available for models GS324TP and
GS348T. Model GS324Tdoes not include a fan.
You can view the status of the fans in all units. These fans remove the heat generated by the
power, CPU, and other components, and allow the switch to function normally.
6. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the status information that displays in the Fans section.
Table 6. Fans information
Field Description
6. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the status information that displays in the Power Supplies
section.
Table 7. Power supplies information
Field Description
6. To refresh the page with the latest information about the switch, click the Refresh button.
Versions section.
Table 8. Versions information
Field Description
Software Version The version number of the software that is running on the switch.
The CPU Utilization section shows the memory information, task-related information, and
percentage of CPU utilization per task.
The following table describes CPU Memory Status information.
Table 9. CPU Memory Status information
Field Description
Available Memory The available memory space for the switch in KBytes.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > Management > System CPU Status > CPU Threshold.
To configure the IP network and VLAN settings for the local browser interface:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > Management > IP Configuration.
The IP Configuration page displays.
6. Select one of the following radio buttons to specify how the network information for the
switch must be configured:
• Static IP Address. Specifies that the IP address, subnet mask, and default gateway
must be manually configured. Enter this information in the fields below this radio
button.
• Dynamic IP Address (BOOTP). Specifies that the switch must obtain the IP address
through a BootP server.
• Dynamic IP Address (DHCP). Specifies that the switch must obtain the IP address
through a DHCP server.
7. If you select the Static IP Address radio button, configure the following network information:
• IP Address. The IP address of the network interface. The default value is
192.168.0.239. Each part of the IP address must start with a number other than zero.
For example, IP addresses 001.100.192.6 and 192.001.10.3 are not valid.
• Subnet Mask. The IP subnet mask for the interface. The default value is
255.255.255.0.
• Default Gateway. The default gateway for the IP interface. The default value is
192.168.0.254.
8. To change the management VLAN, specify the VLAN ID for the new management VLAN.
The management VLAN is used to establish an IP connection to the switch from a
computer that is connected to a port in the same VLAN. By default, the management
VLAN ID is 1, which allows an IP connection to be established through any port.
When you change the management VLAN, an IP connection can be made only through a
port that is part of the management VLAN. Also, the port VLAN ID (PVID) of the port to be
connected in that management VLAN must be the same as the management VLAN ID.
The switch can automatically apply the required settings that are associated with
changing the management VLAN. For more information about changing the management
VLAN, see Change the Management VLAN on page 41.
9. Click the Apply button.
Your settings are saved.
Note: If you do not enter a date and time, the switch calculates the date and
time using the CPU’s clock cycle.
Configure the Time Settings With SNTP and Configure the Global SNTP
Settings
To configure the time by using SNTP and configure the global SNTP settings:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > Management > Time > Time Configuration.
The Time Configuration page displays.
6. Select the Clock Source SNTP radio button.
The switch can set its local clock to SNTP only if the following two conditions are met:
• You configured the settings for an SNTP server. (For a unicast SNTP server, see
Configure an SNTP Server on page 47).
• The switch can contact the SNTP server.
7. Next to Client Mode, select the mode of operation of the SNTP client:
• Unicast. SNTP operates in a point-to-point way. A unicast client sends a request to a
designated server at its unicast address and expects a reply from which it can
determine the time and, optionally, the round-trip delay and local clock offset relative
to the server.
• Broadcast. SNTP operates in the same manner as multicast mode but uses a local
broadcast address instead of a multicast address. The broadcast address provides a
single-subnet scope while a multicast address provides an Internet-wide scope.
The default value is Disable.
8. If the SNTP client mode is Unicast, you must add the IP address or DNS name of one or
more SNTP servers that the switch can poll.
For more information, see Configure an SNTP Server on page 47.
9. In the Port field, specify the local UDP port that the SNTP client receives server packets on.
The allowed range is 1025 to 65535 and 123. The default value is 123. When the default
value is configured, the actual client port value used in SNTP packets is assigned by the
switch.
10. In the Unicast Poll Interval field, specify the number of seconds between unicast poll
requests expressed as a power of 2. The allowed range is 6 to 10. The default value is 6.
11. In the Broadcast Poll Interval field, specify the number of seconds between broadcast poll
requests expressed as a power of 2.
Broadcasts received prior to the expiry of this interval are discarded. The allowed range is
6 to 10. The default value is 6.
12. In the Unicast Poll Timeout field, specify the number of seconds to wait for an SNTP
response to a unicast poll request.
The allowed range is 1 to 30. The default value is 5.
13. In the Unicast Poll Retry field, specify the number of times to retry a unicast poll request to
an SNTP server after the first time-out before the switch attempts to use the next configured
server.
The allowed range is 0 to 10. The default value is 1.
14. In the Time Zone Name field, specify the acronym for a time zone.
You can also specify the number of hours and number of minutes that the time zone is
different from the Coordinated Universal Time (UTC). The time zone can affect the
display of the current system time. The default value is UTC.
Note: When you use an SNTP or NTP time server to update the switch’s
clock, the time data received from the server is based on the UTC,
which is the same as Greenwich Mean Time (GMT). However, this
might not be the time zone in which the switch is located.
15. In the Offset Hours field, specify the number of hours that the time zone is different from the
UTC.
For more information see the description for Time Zone Name in Step 14. The allowed
range is –12 to 13. The default value is 0.
16. In the Offset Minutes field, specify the number of minutes that the time zone is different
from UTC.
For more information see the description for Time Zone Name in Step 14. The allowed
range is 0 to 59. The default value is 0.
17. Click the Apply button.
Your settings are saved.
7. Click the Refresh button to refresh the page with the latest information about the switch.
The following table displays the nonconfigurable SNTP Global Status information.
Table 10. SNTP Global Status information
Field Description
Supported mode The SNTP modes that the client supports. Multiple modes can be supported by a client.
Last Update Time The local date and time (UTC) that the SNTP client last updated the system clock.
Last Attempt Time The local date and time (UTC) of the last SNTP request or receipt of an unsolicited
message.
Last Attempt Status The status of the last SNTP request or unsolicited message for both unicast and
broadcast modes. If no message was received from a server, a status of Other is
displayed. These values are appropriate for all operational modes.
• Other. The status of the last request is unknown.
• Success. The SNTP operation was successful and the system time was updated.
• Request Timed Out. After an SNTP request was sent to an SNTP server, the
response timer expired before a response from the server was received.
• Bad Date Encoded. The time provided by the SNTP server is not valid.
• Version Not Supported. The SNTP version supported by the server is not
compatible with the version supported by the client.
• Server Unsynchronized. The SNTP server is not synchronized with its peers. This
is indicated by the leap indicator field in the SNTP message.
• Server Kiss Of Death. The SNTP server indicated that no further queries were to be
sent to this server. This is indicated by a stratum field equal to 0 in a message
received from a server.
Server IP Address The IP address of the server for the last received valid packet. If no message was
received from any server, an empty string is shown.
Address Type The address type of the SNTP server address for the last received valid packet.
Field Description
Server Stratum The claimed stratum of the server for the last received valid packet.
Reference Clock ID The reference clock identifier of the server for the last received valid packet.
Server mode The mode of the server for the last received valid packet.
Unicast Server Max The maximum number of unicast server entries that can be configured on this client.
Entries
Unicast Server The number of current valid unicast server entries configured for this client.
Current Entries
Broadcast Count The number of unsolicited broadcast SNTP messages that were received and processed
by the SNTP client since the last reboot.
method is selected, SNTP information is accepted only from SNTP servers defined on the
device using the SNTP Server Configuration page.
The device retrieves synchronization information, either by actively requesting information or
at every poll interval.
You can view and modify information for adding and modifying Simple Network Time Protocol
SNTP servers.
address is a DNS host name, then that host name is resolved into an IP address each
time an SNTP request is sent to it.
8. If the UDP port on the SNTP server to which SNTP requests are sent is not the standard
port (123), specify the port number in the Port field.
The range is from 1 to 65535. The default value is 123.
9. In the Priority field, specify the priority order which to query the servers.
The SNTP client on the device continues sending SNTP requests to different servers until
a successful response is received, or all servers are exhausted. The priority indicates the
order in which to query the servers. The request is sent to an SNTP server with a priority
value of 1 first, then to a server with a priority value of 2, and so on. If any servers are
assigned the same priority, the SNTP client contacts the servers in the order that they
appear in the table. The range is from 1 to 3. The default value is 1.
10. In the Version field, specify the NTP version running on the server.
The range is 1 to 4. The default value is 4.
11. Click the Add button.
The SNTP server entry is added.
12. Repeat the previous steps to add additional SNTP servers.
You can configure up to three SNTP servers.
The SNTP Server Status table displays status information about the SNTP servers
configured on your switch. The following table describes the SNTP Server Global Status
information.
Table 11. SNTP Server Status information
Field Description
Address All the existing server addresses. If no server configuration exists, a message stating
that no SNTP server exists displays on the page.
Last Update Time The local date and time (UTC) that the response from this server was used to update
the system clock.
Last Attempt Time The local date and time (UTC) that this SNTP server was last queried.
Field Description
Last Attempt Status The status of the last SNTP request or unsolicited message for both unicast and
broadcast modes. If no message was received from a server, a status of Other is
displayed. These values are appropriate for all operational modes:
• Other. The status of the last request is unknown, or no SNTP responses were
received.
• Success. The SNTP operation was successful and the system time was updated.
• Request Timed Out. After an SNTP request was sent to an SNTP server, the
response timer expired before a response from the server was received.
• Bad Date Encoded. The time provided by the SNTP server is not valid.
• Version Not Supported. The SNTP version supported by the server is not
compatible with the version supported by the client.
• Server Unsynchronized. The SNTP server is not synchronized with its peers. This
is indicated by the leap indicator field on the SNTP message.
• Server Kiss Of Death. The SNTP server indicated that no further queries were to
be sent to this server. This is indicated by a stratum field equal to 0 in a message
received from a server.
Requests The number of SNTP requests made to this server since last agent reboot.
Failed Requests The number of failed SNTP requests made to this server since the last reboot.
Field Description
Begins At These fields are used to configure the start values of the date and time.
• Week. Configure the start week in the month.
• Day. Configure the start day in the week.
• Month. Configure the start month.
• Hours. Configure the start hour.
• Minutes. Configure the start minutes.
Table 12. Daylight saving setting is Recurring, Recurring EU, or Recurring USA
Field Description
Ends At These fields are used to configure the end values of date and time.
• Week. Configure the end week in the month.
• Day. Configure the end day in the week.
• Month. Configure the end month.
• Hours. Configure the end hour.
• Minutes. Configure the end minutes.
Offset Configure recurring offset in minutes. The range is from 1 to 1440 minutes.
• If you select the DayLight Saving (DST) Non Recurring radio button, the fields in the
following table are visible and you must configure them.
Table 13. Daylight saving setting is Non Recurring
Field Description
Begins At These fields are used to configure the start values of the date and time.
• Month. Configure the start month.
• Date. Configure the start date in the month.
• Year. Configure the start year.
• Hours. Configure the start hour.
• Minutes. Configure the start minutes.
Ends At These fields are used to configure the end values of date and time.
• Month. Configure the end month.
• Date. Configure the end date in the month.
• Year. Configure the end year.
• Hours. Configure the end hour.
• Minutes. Configure the end minutes.
Offset Specify the number of minutes to shift the summer time from the standard time.
The range is from 1 to 1440 minutes.
Zone Specify the acronym associated with the time zone when summer time is in
effect. This field is not validated against an official list of time zone acronyms.
6. To refresh the page with the latest information about the switch, click the Refresh button.
The following table displays the nonconfigurable daylight saving status information.
Table 14. Daylight Saving (DST) Status information
Field Description
Daylight Saving (DST) The Daylight Saving value, which is one of the following:
• Disable
• Recurring
• Recurring EU
• Recurring USA
• Non Recurring
Begins At The start date of daylight saving time. This field is not displayed when
daylight saving time is disabled.
Field Description
Ends At The end date of daylight saving time. This field is not displayed when
daylight saving time is disabled.
Offset (in Minutes) The offset value in minutes.This field is not displayed when daylight saving
time is disabled.
Zone The zone acronym. This field is not displayed when daylight saving time is
disabled.
Daylight Saving (DST) in Effect Indicates whether daylight saving time is in effect.
Configure Auto-DoS
You can automatically enable all the DoS features available on the switch, except for the L4
Port attack. For information about the types of DoS attacks the switch can monitor and block,
see Configure Denial of Service on page 56.
6. Select the types of DoS attacks for the switch to monitor and block and configure any
associated values:
• Denial of Service Min TCP Header Size. Specify the minimum TCP header size
allowed. If DoS TCP Fragment is enabled, the switch drops packets with a TCP
header smaller than the configured value. The default value is 20.
• Denial of Service ICMPv4. Enabling ICMPv4 DoS prevention causes the switch to
drop ICMPv4 packets with a type set to ECHO_REQ (ping) and a size greater than
the configured ICMPv4 packet size.
• Denial of Service Max ICMPv4 Packet Size. Specify the maximum ICMPv4 packet
size allowed. If ICMPv4 DoS prevention is enabled, the switch drops IPv4 ICMP ping
packets with a size greater than the configured value. The default value is 512.
• Denial of Service ICMPv6. Enabling ICMPv6 DoS prevention causes the switch to
drop ICMPv6 packets with a type set to ECHO_REQ (ping) and a size greater than
the configured ICMPv6 packet size.
• Denial of Service Max ICMPv6 Packet Size. Specify the maximum ICMPv6 packet
size allowed. If ICMPv6 DoS prevention is enabled, the switch drops IPv6 ICMP ping
packets with a size greater than the configured value. The default value is 512.
• Denial of Service First Fragment. Enabling First Fragment DoS prevention causes
the switch to check DoS options for the first-fragment IP packets if the switch receives
fragmented IP packets. Otherwise, the switch ignores the first-fragment IP packets.
• Denial of Service ICMP Fragment. Enabling ICMP Fragment DoS prevention
causes the switch to drop ICMP fragmented packets.
• Denial of Service Smurf. Enabling Smurf DoS prevention causes the switch to drop
broadcast ICMP echo request packet.
• Denial of Service SIP=DIP. Enabling SIP=DIP DoS prevention causes the switch to
drop packets with a source IP address equal to the destination IP address.
• Denial of Service SMAC=DMAC. Enabling SMAC=DMAC DoS prevention causes
the switch to drop packets with a source MAC address equal to the destination MAC
address.
• Denial of Service TCP FIN&URG&PSH. Enabling TCP FIN & URG & PSH DoS
prevention causes the switch to drop packets with TCP flags FIN, URG, and PSH set
and the TCP sequence number equal to 0.
• Denial of Service TCP Flag&Sequence. Enabling TCP Flag DoS prevention causes
the switch to drop packets with TCP control flags set to 0 and the TCP sequence
number set to 0.
• Denial of Service TCP Fragment. Enabling TCP Fragment DoS prevention causes
the switch to drop packets with a TCP payload for which the IP payload length minus
the IP header size is less than the minimum allowed TCP header size.
• Denial of Service TCP Offset. Enabling TCP Offset DoS prevention causes the
switch to drop packets with a TCP header offset set to 1.
• Denial of Service TCP Port. Enabling TCP Port DoS prevention causes the switch to
drop packets for which the TCP source port is equal to the TCP destination port.
• Denial of Service TCP SYN. Enabling TCP SYN DoS prevention causes the switch
to drop packets with TCP flags set.
• Denial of Service TCP SYN&FIN. Enabling TCP SYN & FIN DoS prevention causes
the switch to drop packets with TCP flags SYN and FIN set.
• Denial of Service UDP Port. Enabling UDP Port DoS prevention causes the switch
to drop packets for which the UDP source port is equal to the UDP destination port.
7. Click the Apply button.
Your settings are saved.
6. Select the Disable or Enable radio button to specify whether to disable or enable the
administrative status of the DNS client.
• Enable. Allows the switch to send DNS queries to a DNS server to resolve a DNS
domain name. The DNS is enabled by default.
• Disable. Prevents the switch from sending DNS queries.
7. In the DNS Default Name field, enter the default DNS domain name to include in DNS
queries.
When the system is performing a lookup on an unqualified host name, this field is
provides the domain name (for example, if default domain name is netgear.com and the
user enters test, then test is changed to test.netgear.com to resolve the name). The name
must not be longer than 255 characters.
8. In the DNS Server field, specify the IPv4 address to which the switch sends DNS queries.
9. Click the Add button.
The server is added to the list. You can specify up to eight DNS servers. The Preference
field displays the server preference order. The preference is set in the order in which
preferences were entered.
10. Click the Apply button.
Your settings are saved.
The following table displays DNS Server Configuration information.
Table 15. DNS Server Configuration information
Field Description
Preference Shows the preference of the DNS server. The preferences are determined
by the order in which they were entered.
Note: If you do not select a DNS server, all the DNS servers are removed
after you click the Delete button.
Change the Host Name or IP Address in an Entry of the Dynamic Host Mapping Table, View
All Entries, or Clear All Entries
To change the host name or IP address in an entry of the Dynamic Host Mapping table,
view all entries, or clear all entries
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > Management > DNS > Host Configuration.
The DNS Host Configuration page display.
6. Select the check box next to the entry to update.
7. Enter the new information in the appropriate field.
8. Click the Apply button.
Your settings are saved.
9. To clear all the dynamic host name entries from the list, click the Clear button.
The Dynamic Host Mapping table shows host name-to-IP address entries that the switch
learned. The following table describes the dynamic host fields.
Table 16. Dynamic Host Mapping information
Field Description
Host Lists the host name that you assign to the specified IP address.
Total Time since the dynamic entry was first added to the table.
6. Select the Auto Power Down Mode Disable or Enable radio button.
By default, this mode is disabled. When a port link is down, the underlying physical layer
goes down for a short period and then checks for port link pulses again so that
auto-negotiation remains possible. In this way, the switch saves power when no link
partner is present for the port.
7. Select the EEE Mode Disable or Enable radio button.
By default, this mode is disabled. Energy Efficient Ethernet (EEE) combines the MAC
with a family of physical layers that support operation in a low power mode. It is defined
by the IEEE 802.3az standard. Lower power mode enables both the send and receive
sides of the link to disable some functionality for power savings when the load is light.
Transition to low power mode does not change the link status. Frames in transit are not
dropped or corrupted in transition to and from low power mode. Transition time is
transparent to upper layer protocols and applications.
8. Click the Apply button.
Your settings are saved.
To configure green Ethernet local devices and view or clear device information:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > Management > Green Ethernet > Green Ethernet Details.
Field Description
Cumulative Energy Saved The cumulative energy in watts multiplied by hours that is saved through the
on this port due to Green green modes that are enabled on this port.
mode(s) (Watts * Hours)
Rx Low Power Idle Event The number of Rx low-power idle (LPI) events since the EEE counters were
Count cleared. The counter increments each time that the MAC Rx enters the LPI state.
Rx Low Power Idle Duration The duration of the Rx LPI state since the EEE counters were cleared. The
(uSec) duration of the Rx LPI state is displayed in 10 uSec increments.
Tx Low Power Idle Event The number of Tx LPI events since the EEE counters were cleared. The counter
Count increments each time that the MAC Tx enters the LPI state.
Tx Low Power Idle Duration The duration of the Tx LPI state since the EEE counters were cleared. The
(uSec) duration of the Tx LPI state is displayed in 10 uSec increments.
Tw_sys_tx (uSec) The value in uSecs of Tw_sys that the switch can support.
Tw_sys_tx Echo (uSec) The remote system’s transmitted Tw_sys in uSecs that was used by the switch to
compute the Tw_sys in requests to the remote system.
Tw_sys_rx (uSec) The value of Tw_sys in uSecs that the switch requests from the remote system.
Tw_sys_rx Echo (uSec) The remote system’s received Tw_sys in uSecs that was used by the switch to
compute the Tw_sys that it can support.
Fallback Tw_sys (uSec) The value in uSecs of the fallback Tw_sys that the switch requests from the
remote system.
Tx_dll_enabled Indicates the initialization status of the EEE transmit Data Link Layer
management function on the switch.
Tx_dll_ready Indicates whether the Data Link Layer is ready and the Tx system initialization is
complete and ready to update or receive LLD PDUs containing EEE TLVs.
Rx_dll_enabled Indicates the status of the EEE capability negotiation on the switch.
Rx_dll_ready Indicates whether the Data Link Layer is ready and the Rx system initialization is
complete and ready to update or receive LLD PDUs containing EEE TLVs.
Time Since Counters Last The period since the counters were cleared or the switch was powered up.
Cleared
Field Description
Remote ID The remote client identifier that is assigned to the remote system.
Remote Tw_sys_tx (uSec) The value in uSecs of the Tw_sys that the remote system can support.
Remote Tw_sys_tx Echo The value in uSecs of the Transmit Tw_sys that is echoed back by the remote
(uSec) system.
Remote Tw_sys_rx (uSec) The value in uSecs of the Tw_sys that the remote system requests from the
switch.
Remote Tw_sys_rx Echo The value in uSecs of the Receive Tw_sys echoed back by the remote system.
(uSec)
Remote Fallback Tw_sys The value in uSecs of the fallback Tw_sys that the remote system is advertising.
(uSec)
6. To refresh the page with the latest information about the switch, click the Refresh button.
Field Description
Current Power Consumption (mW) The estimated power consumption by all ports of the switch in mWatts.
Percentage Power Saving (%) The estimated percentage of power saved on all ports of the switch if the
green modes are enabled.
Cumulative Energy Saving (W * H) The estimated cumulative energy saved on the switch in watts multiplied by
hours if all green modes are enabled.
Green Features supported on this The list of green features that are supported on the switch, which could be
unit one or more of the following:
• Energy-Detect (Energy Detect)
• Short-Reach (Short Reach)
• EEE (Energy Efficient Ethernet)
• LPI-History (EEE Low Power Idle History)
• LLDP-Cap-Exchg (EEE LLDP Capability Exchange)
• Pwr-Usg-Est (Power Usage Estimates).
Energy Detect Admin mode Indicates whether the Energy Detect mode is enabled or disabled on the
port. (For more information, see Configure Green Ethernet
Interface Settings on page 64).
Energy Detect Operational Status Indicates the operational status of the Energy Detect mode. (For more
information, see Configure Green Ethernet Interface Settings
on page 64).
EEE Admin mode Indicates whether the Energy Efficient Ethernet mode on the port. (For
more information, see Configure Green Ethernet Interface
Settings on page 64).
To configure and view the port Green Ethernet EEE LPI history:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > Management > Green Ethernet > Green Ethernet LPI History.
Field Description
Time Since The Sample Was The interval between the current time and the time at which the sample was
Recorded recorded.
Table 20. Interface Green Mode EEE LPI History information (continued)
Field Description
Percentage Time spent in LPI The percentage of time spent in LPI mode during the current measurement
mode since last sample interval.
Percentage Time spent in LPI The percentage of time spent in LPI mode since the EEE LPI statistics were
mode since last reset reset.
Configure PoE
On model GS324TP, you can configure the global Power over Ethernet (PoE) settings and
the PoE settings for each port.
Note: For more information about PoE, see the hardware installation guide,
which you can download by visiting
netgear.com/support/download/.
The previous figure shows the PoE Configuration page for model GS324TP.
6. In the System Usage Threshold field, enter a number from 1 to 99 to set the threshold
level at which a trap is sent if the consumed power exceeds the threshold power. The
default is 95 percent.
7. From the Power Management Mode menu, select the power management algorithm that
the switch uses to deliver power to the requesting powered devices (PDs):
• Static. Specifies that the power allocated for each port depends on the type of power
threshold configured on the port.
• Dynamic. Specifies that the power consumption on each port is measured and
calculated in real time. This is the default setting.
8. To active the PoE traps, select the Enable radio button.
Selecting the Disable radio button deactivates the PoE traps. The default setting is
Enabled.
9. Click the Apply button.
Your settings are saved.
The following table describes the nonconfigurable fields on the page.
Table 21. PoE Configuration fields
Field Description
Total Power Available Watts The maximum amount of power in watts that the switch can deliver to all ports.
Threshold Power Watts If the consumed power is below the threshold power, the switch can power up
another port. The consumed power can be between the nominal and threshold
power. The threshold power is displayed in watts.
Note: The threshold power value is determined by the value that you enter in the
System Usage Threshold field.
Consumed Power Watts The total amount of power in watts that is being delivered to all ports.
The previous figure shows the PoE Port Configuration page for model GS324TP.
6. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
7. From the Port Power menu, select the PoE mode of the port:
• Enable. The port’s capacity to deliver power is enabled. This is the default setting.
• Disable. The port’s capacity to deliver power is disabled.
8. From the Port Priority menu, select the priority for the port in relation to other ports if the
total power that the switch is capable of delivering exceeds the total power budget:
• Low. Low priority. This is the default setting.
• Medium. Medium priority.
Note: If a PD does not report its class correctly, use of these options can
preserve additional PoE power by preventing the switch from
delivering more power than the PD requires. However, depending on
which option you select, a PD that does not report its class correctly
might not power up at all.
11. In the Power Limit (mW) field, enter the maximum power (in mW) that the port can deliver.
The range is 3,000–30,000 mW. The default is 30,000 mW.
12. From the Detection Type menu, select how the port detects the attached PD:
• IEEE 802. The port performs a 4-point resistive detection. This is the default setting.
• 4pt 802.3af + legacy. The port performs a 4-point resistive detection, and if required,
continues with legacy detection.
• legacy. The port performs legacy detection.
13. From the Timer Schedule menu, select a timer schedule or select None, which is the
default selection.
For information about setting up and configuring PoE timer schedules, see Set Up PoE
Timer Schedules on page 106.
14. Click the Apply button.
Your settings are saved.
The following table describes the nonconfigurable fields on the page.
Table 22. PoE Port Configuration
Field Description
Max Power (W) The maximum power in watts that can be provided by the port.
Class The class defines the range of power that a powered device (PD) is drawing from
the switch. The class definitions are as follows:
• 0: 0.44–16.2W
• 1: 0.44–4.2W
• 2: 0.44–7.4W
• 3: 0.44–16.2W
• 4: 0.44–31.6W
• Unknown. The class cannot be detected, or no PD is attached to the port.
Field Description
Fault Status The error description when the PoE port is in a fault state:
• No Error. The port is not in any error state and can provide power.
• MPS Absent. The port detected the absence of the main power supply,
preventing the port from providing power.
• Short. The port detected a short circuit condition, preventing the port from
providing power.
• Overload. The PD that is connected to the port attempts to draw more power
than allowed by the port’s settings, preventing the port from providing power at
all.
• Power Denied. The port was denied power because of a shortage of power or
because of an administrative condition. In this condition, the port cannot
provide power.
Configure SNMP
You can configure SNMP settings for SNMPv1/v2 and SNMPv3. The switch software
supports the configuration of SNMP groups and users that can manage traps that the SNMP
agent generates.
The switch uses both standard public MIBs for standard functionality and private MIBs that
support additional switch functionality. All private MIBs begin with a hyphen (-) prefix. The
main object for interface configuration is in -SWITCHING-MIB, which is a private MIB. Some
interface configurations also involve objects in the public MIB, IF-MIB.
6. In the Management Station IP field, specify the IP address of the management station.
7. In the Management Station IP Mask field, specify the subnet mask to associate with the
management station IP address.
Together, the management station IP address and the management station IP mask
denote a range of IP addresses from which SNMP clients can use that community to
access this device. If either the management station IP address or management station
IP mask value is 0.0.0.0, access is allowed from any IP address. Otherwise, every client’s
address is ANDed with the mask, as is the management station IP address. If the values
are equal, access is allowed.
For example, if the management station IP address and management station IP mask
settings are 192.168.1.0/255.255.255.0, any client with an IP address in the range from
192.168.1.0 to 192.168.1.255 (inclusive) is allowed access. To allow access from only
one station, use a management station IP mask value of 255.255.255.255, and use that
computer’s IP address as the client address.
8. In the Community String field, specify a community name.
9. From the Access Mode menu, select the access level for this community, which is either
Read/Write or Read Only.
10. From the Status menu, select to enable or disable the community.
If you select Enable, the community name must be unique among all valid community
names or the set requests are rejected. If you select Disable, the community name
becomes invalid.
11. Click the Add button.
The selected community is added.
The following table describes the SNMP Supported MIBs Status fields.
Table 23. SNMP supported MIBs
Field Description
Name The RFC number if applicable and the name of the MIB.
To configure authentication and encryption settings for the SNMPv3 admin profile by
using the web interface:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > SNMP > SNMPv3 > User Configuration.
The User Configuration page displays.
The SNMPv3 Access Mode field shows the access privileges for the user account.
Access for the admin account is always Read Write. Access for all other accounts is
Read Only.
6. To enable authentication, select an Authentication Protocol radio button.
You can select the MD5 radio button or the SHA radio button. With either of these
options, the user login password is used as SNMPv3 authentication password. For
information about how to configure the login password, see Change the Password for the
Local Browser Interface on page 210.
7. To enable encryption:
a. Select the Encryption Protocol DES radio button to encrypt SNMPv3 packets using
the DES encryption protocol.
b. In the Encryption Key field, enter an encryption code of eight or more alphanumeric
characters.
8. Click the Apply button.
Your settings are saved.
Configure LLDP
The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations
on an 802 LAN to advertise major capabilities and physical descriptions. A network manager
can view this information to identify system topology and detect bad configurations on the
LAN.
The following sections describe how you can configure LLDP:
• Configure LLDP Global Settings on page 85
• Configure LLDP Port Settings on page 87
• View the LLDP-MED Network Policy on page 88
• Configure LLDP-MED Port Settings on page 90
• View the LLDP-MED Neighbors Information on page 91
• View the Local Information Advertised Through LLDP on page 93
• View LLDP Neighbors Information on page 96
LLDP is a one-way protocol without any request/response sequences. Information is
advertised by stations implementing the transmit function, and is received and processed by
stations implementing the receive function. The transmit and receive functions can be
enabled or disabled separately per port. By default, both transmit and receive are disabled on
all ports. The application is responsible for starting each transmit and receive state machine
appropriately, based on the configured status and operational state of the port.
The Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED) is an
enhancement to LLDP with the following features:
• Autodiscovery of LAN policies (such as VLAN, Layer 2 priority, and DiffServ settings),
enabling plug and play networking.
• Device location discovery for creation of location databases.
• Extended and automated power management of Power over Ethernet endpoints.
• Inventory management, enabling network administrators to track their network devices
and determine their characteristics (manufacturer, software and hardware versions,
serial/asset number).
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > LLDP > Basic > LLDP Configuration.
6. To configure nondefault values for the following LLDP properties, specify the following
options:
• TLV Advertised Interval. The number of seconds between transmissions of LLDP
advertisements.
• Hold Multiplier. The transmit interval multiplier value, where transmit hold multiplier ×
transmit interval = the time to live (TTL) value that the device advertises to neighbors.
• Re-initializing Delay. The number of seconds to wait before attempting to re-initialize
LLDP on a port after the LLDP operating mode on the port changes.
• Transmit Delay. The minimum number of seconds to wait between transmissions of
remote data change notifications to one or more SNMP trap receivers configured on
the switch.
7. To configure a nondefault value for LLDP-MED, enter a value in the Fast Start Duration
field.
This value sets the number of LLDP packets sent when the LLDP-MED fast start
mechanism is initialized, which occurs when a new endpoint device links with the
LLDP-MED network connectivity device.
8. Click the Apply button.
Your settings are saved.
7. Use the following menus to configure the LLDP settings for the selected ports:
• Admin Status. Select the status for transmitting and receiving LLDP packets:
- Tx Only. Enable only transmitting LLDP PDUs on the selected ports.
- Rx Only. Enable only receiving LLDP PDUs on the selected ports.
- Tx and Rx. Enable both transmitting and receiving LLDP PDUs on the selected
ports.
- Disabled. Do not transmit or receive LLDP PDUs on the selected ports.
The default is Tx and Rx.
• Management IP Address. Choose whether to advertise the management IP address
from the interface. The possible field values are as follows:
- Stop Advertise. Do not advertise the management IP address from the interface.
- Auto Advertise. Advertise the current IP address of the device as the
management IP address.
The default is Auto Advertise.
• Notification. When notifications are enabled, LLDP interacts with the trap manager to
notify subscribers of remote data change statistics. The default is Disable.
• Optional TLVs. Enable or disable the transmission of optional type-length value (TLV)
information from the interface. The default is Enable. The TLV information includes
the system name, system description, system capabilities, and port description.
For information about how to configure the system name, see View and Configure
the Switch Management Settings on page 32. For information about how to
configure the port description, see Configure the Port Settings and Maximum Frame
Size on page 114.
8. Click the Apply button.
Your settings are saved.
Note: The menu includes only the interfaces on which LLDP is enabled. If no
interfaces are enabled for LLDP, the Interface menu does not display.
7. To refresh the page with the latest data transmitted in the network policy TLVs for the
interface, click the Refresh button.
The following table describes the LLDP-MED network policy information that displays on the
page.
Table 24. LLDP-MED network policy information
Field Description
Application The media application type associated with the policy, which can be one of the
following:
• Unknown
• Voice
• Guest Voice
• Guest Voice Signaling
• Softphone Voice
• Video Conferencing
• Streaming Video
• Video Signaling
A port can receive multiple application types. The application information is
displayed only if a network policy TLV was transmitted from the port.
VLAN Type Indicates whether the VLAN associated with the policy is tagged or untagged.
Field Description
Remote ID Specifies the remote client identifier assigned to the remote system.
Capability Information
This section of the page specifies the supported and enabled capabilities that are received in MED TLV on
this port.
Supported Capabilities Specifies supported capabilities that are received in MED TLV on this port.
Enabled Capabilities Specifies enabled capabilities that are received in MED TLV on this port.
Device Class Specifies device class as advertised by the device remotely connected to the
port.
Field Description
This section of the page specifies if network policy TLV is received in the LLDP frames on this port.
Media Application Type Specifies the application type: unknown, voicesignaling, guestvoice,
guestvoicesignalling, softphonevoice, videoconferencing, streamingvideo, or
videosignaling.
Information for each application type includes the VLAN ID, priority, DSCP,
tagged bit status and unknown bit status. A port can receive information
about one or many of such application types. The application type is
displayed only if a network policy TLV is received on a port.
Unknown Bit Status Specifies the unknown bit associated with a particular policy type.
Tagged Bit Status Specifies the tagged bit associated with a particular policy type.
Inventory Information
This section of the page specifies if inventory TLV is received in LLDP frames on this port.
Location Information
This section of the page specifies if location TLV is received in LLDP frames on this port.
Location Information Specifies the location information as a string for a given type of location ID.
Extended PoE
This section of the page specifies if the remote device is a PoE device.
Device Type Specifies the remote device’s PoE device type connected to this port.
This section of the page specifies if extended PSE TLV is received in LLDP frame on this port.
Device Type Specifies the remote device’s PoE device type connected to this port.
Field Description
Power Value Specifies the remote port’s PSE power value in tenths of watts.
Extended PoE PD
This section of the page specifies if extended PD TLV is received in LLDP frame on this port.
Device Type Specifies the remote device’s PoE device type connected to this port.
Field Description
Device Information
Chassis ID Subtype The type of information used to identify the switch in the Chassis ID field.
System Description The switch description, which includes information about the product model
and platform.
Port Information
Interface The interface associated with the rest of the data in the row.
Port ID Subtype The type of information used to identify the interface in the Port ID field.
Port Description The user-defined description of the port. For information about how to
configure the port description, see Configure the Port Settings and
Maximum Frame Size on page 114.
Advertisement The TLV advertisement status of the port.
7. To view additional details about a port, click the name of the port in the Interface column of
the Port Information table.
The following table describes the detailed local information that displays for the selected
port.
Field Description
Managed Address
Address SubType The type of address the management interface uses, such as an IPv4
address.
MAC/PHY Details
Auto Negotiation Supported Indicates whether the interface supports port speed autonegotiation. The
option is True (enabled) or False (disabled).
Auto Negotiation Enabled The port speed autonegotiation support status. The option is True (enabled)
or False (disabled).
Auto Negotiation Advertised The port speed autonegotiation capabilities such as 1000BASE-T half-duplex
Capabilities mode or 100BASE-TX full-duplex mode.
Operational MAU Type The Medium Attachment Unit (MAU) type. The MAU performs physical layer
functions, including digital data conversion from the Ethernet interface
collision detection and bit injection into the network.
MED Details
Device Class Network Connectivity indicates that the device is a network connectivity
device.
Network Policies
Application Type The media application type associated with the policy.
VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged.
Field Description
MSAP Entry The Media Service Access Point (MSAP) entry number for the remote
device.
Local Port The interface on the local system that received LLDP information from a
remote system.
Chassis ID Subtype The type of data displayed in the Chassis ID field on the remote system.
Port ID Subtype The type of data displayed in the remote system’s Port ID field.
Port ID The physical address of the port on the remote system from which the data
was sent.
System Name The system name associated with the remote device. If the field is blank, the
name might not be configured on the remote system.
7. To view additional information about the remote device, click the link in the MSAP Entry
column.
A pop-up window displays information for the selected port.
The following table describes the information transmitted by the neighbor.
Field Description
Port Details
Local Port The interface on the local system that received LLDP information from a
remote system.
MSAP Entry The Media Service Access Point (MSAP) entry number for the remote device.
Basic Details
Chassis ID Subtype The type of data displayed in the Chassis ID field on the remote system.
Port ID Subtype The type of data displayed in the remote system’s Port ID field.
Port ID The physical address of the port on the remote system from which the data
was sent.
System Name The system name associated with the remote device.
System Description The description of the selected port associated with the remote system.
Managed Addresses
Interface Number The port on the remote device that sent the information.
MAC/PHY Details
Auto-Negotiation Supported Specifies whether the remote device supports port-speed autonegotiation.
The option is True (enabled) or False (disabled).
Auto-Negotiation Enabled The port speed autonegotiation support status. The option is True (enabled)
or False (disabled).
Operational MAU Type The Medium Attachment Unit (MAU) type. The MAU performs physical layer
functions, including digital data conversion from the Ethernet interface
collision detection and bit injection into the network.
Field Description
MED Details
Capabilities Supported The supported capabilities that were received in MED TLV from the device.
Current Capabilities The advertised capabilities that were received in MED TLV from the device.
Device Class The LLDP-MED endpoint device class. The possible device classes are as
follows:
• Endpoint Class 1 Indicates a generic endpoint class, offering basic LLDP
services.
• Endpoint Class 2 Indicates a media endpoint class, offering media
streaming capabilities as well as all Class 1 features.
• Endpoint Class 3 Indicates a communications device class, offering all
Class 1 and Class 2 features plus location, 911, Layer 2 switch support,
and device information management capabilities.
PoE Device Type The port PoE type. For example, Powered.
Location Information
Civic The physical location, such as the street address, that the remote device
advertised in the location TLV, for example, 123 45th St. E. The field value
length range is 6–160 characters.
Coordinates The location map coordinates that the remote device advertised in the
location TLV, including latitude, longitude, and altitude.
ECS ELIN The Emergency Call Service (ECS) Emergency Location Identification
Number (ELIN) that the remote device advertised in the location TLV. The
field range is 10–25.
Field Description
Network Policies
Application Type The media application type associated with the policy advertised by the
remote device.
VLAN Type Specifies whether the VLAN associated with the policy is tagged or untagged.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System> Services > DHCP Snooping > Global Configuration.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. From the Trust Mode menu, select the desired trust mode:
• Disabled. The interface is considered to be untrusted and could potentially be used to
launch a network attack. DHCP server messages are checked against the bindings
database. On untrusted ports, DHCP snooping enforces the following security rules:
- DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK,
DHCPRELEASEQUERY) are dropped.
- DHCPRELEASE and DHCPDECLINE messages are dropped if the MAC address
is in the snooping database but the binding’s interface is other than the interface
where the message was received.
- DHCP packets are dropped when the source MAC address does not match the
client hardware address if MAC address validation is globally enabled.
• Enabled. The interface is considered to be trusted and forwards DHCP server
messages without validation.
9. From the Invalid Packets menu, select the packet logging mode.
When enabled, the DHCP snooping feature generates a log message when an invalid
packet is received and dropped by the interface.
10. In the Rate Limit (pps) field, specify the rate limit value for DHCP snooping purposes.
If the incoming rate of DHCP packets per second exceeds the configured burst interval
per second, the port shuts down. If the rate limit value is None, he burst interval is also
nonapplicable, and rate limiting is disabled.
11. In the Burst Interval (secs) field, specify the burst interval value for rate limiting purposes
on the interface.
If the rate limit is N/A, then the burst interval is also nonapplicable, and the field displays
N/A.
12. Click the Apply button.
Your settings are saved.
6. From the Interface menu, select the interface on which the DHCP client is authorized.
7. In the MAC Address field, specify the MAC address for the binding to be added.
This is the key to the binding database.
8. From the VLAN ID menu, select the ID of the VLAN that the client is authorized to use.
9. In the IP Address field, specify the IP address of the client.
10. Click the Add button.
The DHCP snooping binding entry is added to the database.
11. To refresh the page with the latest information about the switch, click the Refresh button.
12. To deletes all DHCP snooping binding entries, click the Clear button.
The Dynamic Binding Configuration table shows information about the DHCP bindings that
were learned on each interface on which DHCP snooping is enabled. The following table
describes the dynamic bindings information.
Table 25. DHCP Dynamic Configuration information
Field Description
Interface The interface on which the DHCP client message was received.
MAC Address The MAC address associated with the DHCP client that sent the message. This is the
key to the binding database.
Lease Time The remaining IP address lease time for the client.
Field Description
Interface The interface associated with the rest of the data in the row.
MAC Verify Failures The number of DHCP messages that were dropped because the source MAC address
and client hardware address did not match. MAC address verification is performed only if
it is globally enabled.
Client Ifc Mismatch The number of packets that were dropped by DHCP snooping because the interface and
VLAN on which the packet was received do not match the client’s interface and VLAN
information stored in the binding database.
DHCP Server Msgs The number of DHCP server messages (such as DHCPOFFER, DHCPACK, DHCPNAK,
Received and DHCPRELEASEQUERY messages) that were dropped on an untrusted port.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > Timer Schedule > Basic > Global Configuration.
The Timer Schedule Name page displays.
6. In the Timer Schedule Name field, specify the name for a timer schedule.
7. Click the Add button.
The timer schedule is added to the table on the Timer Schedule Name page and is
assigned an ID.
To specify the settings for a PoE timer schedule that uses specific dates and times:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System> Timer Schedule > Advanced > Timer Schedule Configuration.
The Timer Schedule Configuration page displays.
6. In the Timer Schedule Selection section, make your selections from the following menus:
a. Timer Schedule Name. Select the name of the timer schedule that you want to
configure.
You can select only names of schedules that you created (see Create a PoE Timer
Schedule on page 106).
b. Timer Schedule Type. Select Absolute.
The fields in the Timer Schedule Configuration section might adjust to let you configure
a timer schedule for specific dates and times.
c. Timer Schedule Entry. To add a new entry, select new.
Selecting an existing entry lets you make changes to that entry.
7. In the Timer Schedule Configuration section, specify the times and dates:
a. In the Time Start field, enter the time of day in the HH:MM format to specify when the
timer schedule must start.
b. In the Time End field, enter the time of day in the HH:MM format to specify when the
timer schedule must stop.
c. Next to the Date Start field, click the calendar icon and use the menus in the pop-up
window to enter the date in the DD-Mon-YYY format to specify when the timer
schedule must start.
d. Next to the Date End field, click the calendar icon and use the menus in the pop-up
window to enter the date in the DD-Mon-YYY format to specify when the timer
schedule must stop.
8. Click the Add button.
The entry for the timer schedule is added.
To specify the settings for a PoE timer schedule that uses a recurring pattern:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
Select a single Week Day check box, multiple check boxes, or all check boxes to
specify the day or days of the week that the schedule must operate.
• Monthly. The timer schedule works with monthly recurrence. The fields adjust.
In the Day field, enter a number from 1 to 31 to specify the day of the month when
the schedule must be triggered.
In the Every Month(s) field, enter a number from 0 to 255 to specify that the
schedule must be triggered every specified number of months. If the number of
months is not specified, or if you enter 0, then the schedule is triggered only once.
8. Click the Add button.
The entry for the timer schedule is added.
To change the settings for an existing recurring PoE timer schedule entry:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > Timer Schedule > Advanced > Timer Schedule Configuration.
The Timer Schedule Configuration page displays.
6. From the Timer Schedule Name menu, select the schedule name.
7. From the Timer Schedule Type menu, select the schedule type.
8. From the Timer Schedule Entry menu, select the schedule entry.
9. Make the changes to the schedule entry.
For more information, see Specify the Settings for a Recurring PoE Timer Schedule on
page 108.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select System > Timer Schedule > Basic > Global Configuration.
The Timer Schedule Name page displays.
6. Select the check box for the schedule that you want to delete.
7. Click the Delete button.
The schedule is deleted.
113
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. In the Description field, enter the description string to be attached to a port.
The string can be up to 64 characters in length.
9. From the Admin Mode menu, select Enable or Disable.
This selection specifies the administrative mode for port control. You must select Enable
in order for the port to participate in the network. The default is Enable.
10. From the Autonegotiation menu, select Enable or Disable.
This selection specifies the autonegotiation mode for the port. The default is Enable.
Note: After you change the autonegotiation mode, the switch might be
inaccessible for a number of seconds while the new settings take
effect.
11. In the Speed field, specify the speed value for the selected port.
Possible field values are as follows:
• Auto. All supported speeds.
• 10. 10 Mbits/second
• 100. 100 Mbits/second
The delimiter characters for setting different speed values are a comma (,), a period (.)
and a space ( ). For you to set the autonegotiation speed, the autonegotiation mode must
be set to Enable. The default is Auto.
Note: After you change the speed value, the switch might be inaccessible for
a number of seconds while the new settings take effect.
12. From the Duplex Mode menu, select the duplex mode for the selected port.
The options are as follows:
• Half. Indicates that the interface supports transmission between the devices in only
one direction at a time.
• Full. Indicates that the interface supports transmission between the devices in both
directions simultaneously.
• Auto. Indicates that speed is set by the auto-negotiation process.
The default is Auto.
Note: After you change the duplex mode, the switch might be inaccessible
for a number of seconds while the new settings take effect.
13. From the Link Trap menu, select whether or not to send a trap when the link status
changes.
By default, the switch sends a link trap.
14. In the Frame Size (1500 to 9198) field, specify the maximum Ethernet frame size that each
interface can support.
The frame size includes the Ethernet header, CRC, and payload. The range is 1500 to
9198. The default maximum frame size is 1500.
15. From the Flow Control menu, select the configuration for IEEE 802.3 flow control.
• Disable. If the port buffers become full, the switch does not send pause frames, and
data loss could occur. This is the default setting.
• Symmetric. If the port buffers become full, the switch sends pause frames to stop
traffic.
Flow control helps to prevent data loss when the port cannot keep up with the number
of frames being switched. When you enable flow control, the switch can send a pause
frame to stop traffic on the port if the amount of memory used by the packets on the
port exceeds a preconfigured threshold and responds to pause requests from partner
devices. The paused port does not forward packets for the time that is specified in the
pause frame. When the pause frame time elapses, or the utilization returns to a
specified low threshold, the switch enables the port to again transmit frames. The
switch also honors incoming pause frames by temporarily halting transmission.
• Asymmetric. If the port buffers become full, the switch does not send pause frames,
and data loss could occur. However, the switch does honor incoming pause frames by
temporarily halting transmission.
Note: For LAG interfaces, flow control mode is displayed as a blank field
because flow control is not applicable.
Field Description
Port Type For normal ports this field is blank. Otherwise, the options are as follows:
• Mirrored. The port is a mirrored port on which all the traffic is copied to
the probe port.
• Probe. Use the port to monitor a mirrored port.
• Trunk Member. The port is a member of a link aggregation trunk. Look
at the LAG pages for more information.
Field Description
PortList Bit Offset The bit offset value that corresponds to the port when the MIB object type
PortList is used to manage in SNMP.
ifIndex The ifIndex of the interface table entry associated with the port.
Note: The switch balances traffic on a port channel (LAG) by selecting one of
the links in the channel over which packets must be transmitted. The
switch selects the link by creating a binary pattern from selected fields
in a packet and associating that pattern with a particular link.
10. From the STP Mode menu, select the Spanning Tree Protocol (STP) administrative mode
associated with the LAG:
• Disable. Spanning tree is disabled for this LAG.
• Enable. Spanning tree is enabled for this LAG. Enable is the default.
11. From the Link Trap menu, select Enable or Disable to specify whether to send a trap when
the link status changes.
The default is Enable, which causes the trap to be sent.
12. From the LAG Type menu, select Static or LACP:
• Static. Disables Link Aggregation Control Protocol (LACP) on the selected LAG. The
LAG is configured manually. The default is Static.
• LACP. Enables LACP on the selected LAG. The LAG is configured automatically.
13. Click the Apply button.
Your settings are saved.
The following table describes the nonconfigurable information displayed on the page.
Table 28. LAG Configuration information
Field Description
Active Ports Indicates the ports that are actively participating in the port channel.
The previous figure shows the LAG Membership page for models GS324T and GS324TP.
6. From the LAG ID menu, select the LAG ID.
7. In the LAG Name field, enter the name to be assigned to the LAG.
You can enter any string of up to 15 alphanumeric characters. You can also use the
default name.
8. In the Ports table, click each port that you want to include as a member of the selected
LAG.
A selected port is displayed by a check mark.
9. Click the Apply button.
Your settings are saved.
To configure LACP:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Switching> LAG > Advanced > LACP Configuration.
6. In the LACP System Priority field, specify the switch’s link aggregation priority relative to
the devices at the other ends of the links on which link aggregation is enabled.
A higher value indicates a lower priority. You can change the setting globally by
specifying a priority from 1 to 65535. The default value is 32768.
7. Click the Apply button.
Your settings are saved.
Configure VLANs
Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both
bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2
header, which is fast, and like a router, it partitions the network into logical segments, which
provides better administration, security, and management of multicast traffic.
By default, all ports on the switch are in the same broadcast domain. VLANs electronically
separate ports on the same switch into separate broadcast domains so that broadcast
packets are not sent to all the ports on a single switch. When you use a VLAN, users can be
grouped by logical function instead of physical location.
Each VLAN in a network is assigned an associated VLAN ID, which appears in the IEEE
802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. An end station can omit
the tag, or the VLAN portion of the tag, in which case the first switch port to receive the
packet can either reject it or insert a tag using its default VLAN ID. A port can handle traffic for
more than one VLAN, but it can support only one default VLAN ID.
You can define VLAN groups stored in the VLAN membership table. The switch supports up
to 256 VLANs.
The following VLANs are preconfigured on the switch and you cannot delete them:
• VLAN 1. The default VLAN of which all ports are untagged members.
• VLAN 4089. The Auto-Video VLAN. By default, this VLAN does not include any members
but you can manually add members.
Add a VLAN
To add a VLAN:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Switching> VLAN > Basic > VLAN Configuration.
6. In the VLAN ID field, specify the VLAN identifier for the new VLAN.
The range of the VLAN ID can be from 2 to 4093, excluding 4089. (The default VLANs
are 1 and 4089).
7. In the VLAN Name field, specify a name for the VLAN.
The VLAN name can be up to 32 alphanumeric characters long, including blanks. You
cannot change the names of the default VLANs (that is, the VLANs with ID 1 and 4089).
8. The VLAN Type field displays the type of the VLAN that you are configuring.
You cannot change the type of the default VLANs (that is, the VLANs with ID 1 and 4089).
When you create a VLAN, its type is always Static. A VLAN that is dynamically created
initially uses a type of Dynamic but you can manually change its type to Static.
9. Click the Add button.
The VLAN is added to the switch.
Delete a VLAN
To delete a VLAN from the switch:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Switching> VLAN > Basic > VLAN Configuration.
The VLAN Configuration page displays.
6. In the VLAN ID field, specify the VLAN identifier.
The range of the VLAN ID can be from 2 to 4093, excluding 4089.
Note: You cannot delete VLANs 1 and 4089, all of which are predefined.
The previous figure shows the LAG Membership page for models GS324T and GS324TP.
6. In the VLAN ID menu, select the VLAN ID.
You can select a VLAN that is predefined or that you added (see Add a VLAN on
page 123).
7. In the Group Operation menu, select one of the following options, which applies to all ports
in the VLAN:
• Untag All. For all ports and LAGs that are members of the VLAN, tags are removed
from all egress packets.
• Tag All. For all ports and LAGs that are members of the VLAN, all egress packets are
tagged.
• Remove All. All ports and LAGs are removed from the VLAN.
8. In the Ports table, click each port once, twice, or three times to configure one of the following
modes or reset the port to the default mode:
• T (Tagged). Selects the port as a tagged port in the VLAN. All frames transmitted on
the port are tagged for this VLAN.
• U (Untagged). Selects the port as an untagged port in the VLAN. All frames
transmitted on the port are untagged for this VLAN.
• Blank. The port is excluded from the VLAN.
By default, the selection is blank and none of the ports are a member of the VLAN.
(VLAN 1 is an exception. By default, all ports are untagged members of VLAN 1.)
9. In the LAG table, click each LAG once, twice, or three times to configure one of the following
modes or reset the LAG to the default mode:
• T (Tagged). Selects the LAG as a tagged LAG in the VLAN. All frames transmitted on
the LAG are tagged for this VLAN.
• U (Untagged). Selects the LAG as an untagged LAG in the VLAN. All frames
transmitted on the LAG are untagged for this VLAN.
• Blank. The LAG is excluded from the VLAN.
By default, the selection is blank and none of the LAGs are a member of the VLAN.
(VLAN 1 is an exception. By default, all LAGs are untagged members of VLAN 1.)
10. Click the Apply button.
Your settings are saved.
The following table describes the nonconfigurable information displayed on the page.
Table 29. Advanced VLAN membership
Field Definition
VLAN Name The name for the VLAN that you selected. It can be up to 32 alphanumeric characters long,
including blanks. The names for the following VLANs are predefined:
• VLAN 1. Default.
• VLAN 4089. Auto-Video.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Switching > VLAN > Advanced > VLAN Status.
The previous figure includes one manually configured VLAN (VLAN ID 33).
Note: A nonoperational LAG is excluded from the VLAN Status page. Only
when the member LAG is operationally up, is the LAG port displayed
on the VLAN Status page. For example, LAG1 (ch1) is not listed in the
Member Ports column for VLAN1 because LAG1 is not operationally
up.
The following table describes the nonconfigurable information displayed on the page.
Table 30. VLAN status
Field Definition
VLAN ID The VLAN identifier (VID) of the VLAN. The range of the VLAN ID is from 1 to 4093.
Member Ports The ports, LAGs, or both that are included in the VLAN.
Note: If you remove the management VLAN (by default, VLAN 1) as the
PVID from all ports, you can no longer access the switch over the
local browser interface. In that situation, you must reset the switch to
factory default settings. However, the PVID Lockout Warning feature
prevents you from removing the management VLAN as the PVID from
all ports. This feature is enabled by default and you cannot disable it.
The previous figure does snot show all columns on the page.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. In the PVID field, specify the VLAN ID to assign to untagged or priority-tagged frames
received on the port.
The default is 1. The range is from 2 to 4093, excluding 4089.
9. In the VLAN Member field, specify the VLAN ID or list of VLANs of a member port.
VLAN IDs range from 2 to 4093, excluding 4089. The default is 1. Use a hyphen (-) to
specify a range or a comma (,) to separate VLAN IDs in a list. Spaces and zeros are not
permitted.
10. In the VLAN Tag field, specify the VLAN ID or list of VLANs of a tagged port.
VLAN IDs range from 2 to 4093, excluding 4089. Use a hyphen (-) to specify a range or a
comma (,) to separate VLAN IDs in a list. Spaces and zeros are not permitted. You can
specify port tagging for the VLAN only if the port that you want to add as a tagged port is
also member of the VLAN. To reset the VLAN tag configuration to the defaults, use the
None keyword.
11. From the Acceptable Frame menu, specify one if the following types of frames that can be
received on the port:
• Admit All. Untagged frames or priority-tagged frames that are received on the port
are accepted and assigned the value of the port VLAN ID for the port. This is the
default selection.
• VLAN Only. Untagged frames or priority-tagged frames that are received on the port
are discarded.
• Admit Untagged Only. Untagged frames that are received on the port are accepted.
With the Admit All and VLAN Only selections, VLAN-tagged frames are forwarded in
accordance to the 802.1Q VLAN specification.
12. From the Ingress Filtering menu, select one of the following options:
• Enable. The frame is discarded if the port is not a member of the VLAN with which
this frame is associated. In a tagged frame, the VLAN is identified by the VLAN ID in
the tag. In an untagged frame, the VLAN is the port VLAN ID specified for the port that
received this frame.
• Disable. All frames are forwarded in accordance with the 802.1Q VLAN bridge
specification. The default is Disable.
13. In the Port Priority field, specify the default 802.1p priority assigned to untagged packets
arriving at the port.
You can enter a number from 0 to 7.
14. Click the Apply button.
Your settings are saved.
The following table describes the nonconfigurable fields.
Table 31. Nonconfigurable fields on the PVID Configuration page
Field Description
Current Ingress Filtering Indicates whether ingress filtering is enabled for the interface.
Dynamic VLANs The number of dynamically added VLANs for the interface.
6. In the MAC Address field, enter a MAC address to be bound to a VLAN ID.
This field is configurable only when a MAC-based VLAN is created.
7. In the VLAN ID field, specify a VLAN ID in the range from 2 to 4093, excluding 4089.
8. Click the Add button.
The MAC address is added to the VLAN mapping.
The previous figure shows the Protocol Based VLAN Group Membership page for models
GS324T and GS324TP.
6. From the Group ID menu, select the protocol-based VLAN group ID.
The Group Name field shows the name that is associated with the group.
7. In the Ports table and LAG table, click each port and LAG that you want to include in the
protocol-based VLAN group.
A protocol-based VLAN group can include both port and LAGs. A selected port or LAG is
displayed by a check mark.
8. Click the Apply button
Your settings are saved.
9. To display the current numbers in the selected protocol-based VLAN group, click the
Current Members button.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Switching> VLAN > Advanced > Voice VLAN Configuration.
12. In the DSCP Value field, configure the Voice VLAN DSCP value for the port.
The range is from 0 to 64. The default value is 0.
13. Click the Apply button.
Your settings are saved.
The Operational State field displays the operational status of the voice VLAN on an
interface.
Configure Auto-VoIP
Voice over Internet Protocol (VoIP) enables telephone calls over a data network. Because
voice traffic is typically more time-sensitive than data traffic, the Auto-VoIP feature provides a
classification for voice packets so that they can be prioritized above data packets, allowing
the switch to provide better Quality of Service (QoS). With the Auto-VoIP feature, voice
prioritization is provided based on call-control protocols (SIP, SCCP, or H.323) or OUI bits.
10. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
11. From the Auto VoIP Mode menu, select Disable or Enable.
Auto-VoIP is disabled by default.
12. Click the Apply button.
Your settings are saved.
The Operational Status field displays the current operational status of an interface.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. From the Auto VoIP Mode menu, select Disable or Enable.
Auto-VoIP is disabled by default.
9. Click the Apply button.
Your settings are saved.
The Operational Status field displays the current operational status of an interface.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Switching > Auto-VoIP > OUI-based > OUI Table.
The OUI Table page displays.
6. In the Telephony OUI(s) field, specify the VoIP OUI prefix to be added in the format
AA:BB:CC.
You can configure up to 128 OUIs.
7. In the Description field, enter the description for the OUI.
The maximum length of description is 32 characters.
8. Click the Add button.
The telephony OUI entry is added.
Field Description
Maximum Number of Voice Channels Supported The maximum number of voice channels supported.
Number of Voice Channels Detected The number of VoIP channels prioritized successfully.
Note: For two bridges to be in the same region, the force version must be
802.1s and their configuration names, digest keys, and revision levels
must match. For additional information about regions and their effect
on network topology, refer to the IEEE 802.1Q standard.
Field Description
Global Settings
Configuration Digest Key The identifier used to identify the configuration currently being used.
STP Status
Field Description
Bridge Identifier The bridge identifier for the CST. It is made up using the bridge priority and
the base MAC address of the bridge.
Time Since Topology Change The time in day-hour-minute-second format since the topology of the CST
last changed.
Topology Change Count The number of times that the topology changed for the CST.
Topology Change The value of the topology change setting for the switch that indicates if a
topology change is in progress on any port assigned to the CST. The option
is True or False.
Designated Root The bridge identifier of the root bridge. It consists of the bridge priority and
the base MAC address of the bridge.
Root Path Cost The path cost to the designated root for the CST.
Root Port The port to access the designated root for the CST.
Max Age (secs) The maximum age timer controls the maximum length of time in seconds
that passes before a bridge port saves its configuration BPDU information.
Forward Delay (secs) The derived value of the Root Port Bridge Forward Delay setting.
Hold Time (secs) The minimum time in seconds between the transmission of configuration
BPDUs.
CST Regional Root The priority and base MAC address of the CST regional root.
CST Path Cost The path cost to the CST tree regional root.
8. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the MSTP Status information that is displayed.
Table 34. STP advanced CST configuration, MSTP status
Field Description
MST ID The MST instances (including the CST) and the corresponding VLAN IDs associated with each
of them.
VID ID The VLAN IDs and the corresponding FID associated with each of them.
FID ID The FIDs and the corresponding VLAN IDs associated with each of them.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. From the STP Status menu, select the option to enable or disable the spanning tree
administrative mode associated with the port or LAG.
The option is Enable or Disable. The default value is Enable.
9. From the Fast Link menu, select whether the specified port is an edge port within the CST.
The option is Enable or Disable. The default value is Disable.
10. From the BPDU Forwarding menu, configure BPDU forwarding.
The option is Enable or Disable. The default value is Disable. When BPDU forwarding is
enabled, the switch forwards the BPDU traffic arriving on the port when STP is disabled
on the port.
11. From the Auto Edge menu, specify if the port is allowed to become an edge port if it does
not detect BPDUs for some time.
The option is Enable or Disable. The default value is Enable.
12. In the Path Cost field, set the path cost to a new value for the specified port in the common
and internal spanning tree.
Specify a value in the range from 0 to 200000000. The default is 0. When the path cost is
set to 0, the value is updated with the external path cost from an incoming STP packet.
13. In the Priority field, specify the priority for a particular port within the CST.
The port priority is set in multiples of 16. For example if you attempt to set the priority to
any value between 0 and 15, it is set to 0. If you try to set it to any value between 16 and
(2*16 – 1), it is set to 16, and so on. The range is 0 to 240. The default value is 128.
14. In the External Port Path Cost field, set the external path cost to a new value for the
specified port in the spanning tree.
The value range is 0 to 200000000. The default is 0.
15. Click the Apply button.
Your settings are saved.
16. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the nonconfigurable information displayed on the page.
Table 35. CST port configuration
Field Description
Port State The forwarding state of the port. The default is Disabled.
Port ID The port identifier for the specified port within the CST. It is made up from the port
priority and the interface number of the port.
Hello Timer The value of the setting for the CST. The default is 2 seconds.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the CST Status information displayed on the page.
Table 36. CST port status
Field Description
Interface The physical port or LAG that is associated with the CST.
Port Role Each MST bridge port that is enabled is assigned a port role for each
spanning tree. The port role can be Root, Designated, Alternate, Backup,
Master, or Disabled.
Designated Root The root bridge for the CST. It is made up using the bridge priority and the
base MAC address of the bridge.
Designated Cost The path cost offered to the LAN by the designated port.
Designated Bridge The identifier of the bridge with the designated port. It is made up using the
bridge priority and the base MAC address of the bridge.
Designated Port The port identifier on the designated bridge that offers the lowest cost to the
LAN. It is made up from the port priority and the interface number of the port.
Topology Change Acknowledge Identifies whether the topology change acknowledgement flag is set for the
next BPDU to be transmitted for the port. It is either True or False.
Edge port Indicates whether the port is enabled as an edge port. It is either Enabled or
Disabled.
Field Description
CST Regional Root The bridge identifier of the CST regional root. It is made up using the bridge
priority and the base MAC address of the bridge.
CST Path Cost The path cost to the CST regional root.
Field Description
Interface The physical or port channel interfaces associated with VLANs associated with the CST.
Role Each MST bridge port that is enabled is assigned a port role for each spanning tree. The port
role can be Root, Designated, Alternate, Backup Master, or Disabled.
Mode Specifies the spanning tree operation mode. Different modes are STP, RSTP, and MSTP.
For each configured instance, the information described in the following table displays on the
page.
Table 38. MST configuration
Field Description
Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge
priority and the base MAC address of the bridge.
Last TCN The time in the format “day:hour:minute:second” since the topology of the selected
MST instance last changed.
Topology Change Count The number of times that the topology changed for the selected MST instance.
Topology Change The value of the topology change settings for the switch, indicating if a topology
change is in progress on any port assigned to the selected MST instance. It is either
True or False.
Designated Root The bridge identifier of the root bridge. It is made up from the bridge priority and the
base MAC address of the bridge
Root Path Cost The path cost to the designated root for this MST instance.
Root Port The port to access the designated root for this MST instance.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Switching > STP > Advanced > MST Port Configuration.
The previous figure does not show all columns on the page.
If no MST instances are configured on the switch, the page displays a “No MSTs
Available” message.
6. From the Select MST menu, select the MST instance.
You can select only instances that you added to the switch (see Manage MST Settings
on page 153).
7. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
8. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
9. Configure the MST values for the selected interfaces:
• Port Priority. The priority for a particular port within the selected MST instance. The
port priority is set in multiples of 16. If you specify a value that is not a multiple of 16,
the priority is set to the priority is automatically set to the next lowest priority that is a
multiple of 16. For example, if you set a value between 0 and 15, the priority is set to
0. If you specify a number between 16 and 31, the priority is set to 16. Specify a value
in the range from 0 to 240.
• Port Path Cost. Set the path cost to a new value for the specified port in the selected
MST instance. Specify a value in the range from 0 to 200000000.
10. Click the Apply button.
Your settings are saved.
11. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the read-only MST port configuration information displayed on
the Spanning Tree CST Configuration page.
Table 39. MST port status information
Field Description
Operational Port Path Cost Indicates the operational path cost that is based on the link speed of the port if
the configured value for Port Path Cost is zero.
Auto Calculated Port Path Indicates whether the path cost is automatically calculated (Enabled) or not
Cost (Disabled). Path cost is calculated based on the link speed of the port if the
configured value for Port Path Cost is zero.
Port ID The port identifier for the specified port within the selected MST instance. It is
made up from the port priority and the interface number of the port.
Port Up Time Since Counters The time since the counters were last cleared, displayed in days, hours,
Last Cleared minutes, and seconds.
Port Mode The Spanning Tree Protocol administrative mode that is associated with the port
or port channel. The option is Enable or Disable.
Port Forwarding State The current STP state of a port. If enabled, the port state determines what
forwarding action is taken on traffic. The options are as follows:
• Disabled. STP is currently disabled on the port. The port forwards traffic
while learning MAC addresses.
• Blocking. The port is currently blocked. The port cannot forward traffic nor
can it learn MAC addresses.
• Listening. The port is currently in listening mode. The port cannot forward
traffic nor can it learn MAC addresses.
• Learning. The port is currently in the learning mode. The port cannot
forward traffic. However, it can learn new MAC addresses.
• Forwarding. The port is currently in the forwarding mode. The port can
forward traffic and learn new MAC addresses.
Port Role Each MST bridge port that is enabled is assigned a port role for each spanning
tree. The port role can be Root Port, Designated Port, Alternate Port, Backup
Port, Master Port, or Disabled Port.
Designated Root The root bridge for the selected MST instance. It is made up using the bridge
priority and the base MAC address of the bridge.
Field Description
Designated Cost The cost of the port participating in the STP topology. Ports with a lower cost are
less likely to be blocked if STP detects loops.
Designated Bridge The bridge identifier of the bridge with the designated port. It is made up using
the bridge priority and the base MAC address of the bridge.
Designated Port The port identifier on the designated bridge that offers the lowest cost to the
LAN. It is made up from the port priority and the interface number of the port.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
Field Description
STP BPDUs Received The number of STP BPDUs received at the selected port.
STP BPDUs Transmitted The number of STP BPDUs transmitted from the selected port.
RSTP BPDUs Received The number of RSTP BPDUs received at the selected port.
RSTP BPDUs Transmitted The number of RSTP BPDUs transmitted from the selected port.
MSTP BPDUs Received The number of MSTP BPDUs received at the selected port.
MSTP BPDUs Transmitted The number of MSTP BPDUs transmitted from the selected port.
Configure Multicast
Multicast IP traffic is traffic that is destined to a host group. Host groups for IPv4 multicast are
identified by class D addresses, which range from 224.0.0.0 to 239.255.255.255.
Field Description
MAC Address The multicast MAC address for which you requested data.
Type The type of the entry. Static entries are those that are configured by the end user.
Dynamic entries are added to the table as a result of a learning process or protocol.
Component The component that is responsible for this entry in the Multicast Forwarding Database.
The options are IGMP snooping, GMRP, Static Filtering, and MLD snooping.
Description The text description of this multicast table entry. The options are Management
Configured, Network Configured, and Network Assisted.
Forwarding Interfaces The resultant forwarding list is derived from combining all the forwarding interfaces and
removing the interfaces that are listed as the static filtering interfaces.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Switching > Multicast > MFDB > MFDB Statistics.
The MFDP Statistics page displays.
6. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the MFDB Statistics fields.
Table 42. MFDB Statistics information
Field Description
Max MFDB Table Entries The maximum number of entries that the Multicast Forwarding Database
table can hold (512 entries).
Most MFDB Entries Since Last The largest number of entries that were present in the Multicast Forwarding
Reset Database table since last reset. This value is also known as the MFDB
high-water mark.
Current Entries The current number of entries in the Multicast Forwarding Database table.
The following table displays information about the global IGMP snooping status and statistics
on the page.
Table 43. IGMP Snooping Configuration information
Field Description
Multicast Control Frame Count The number of multicast control frames that are processed by the CPU.
Interfaces Enabled for IGMP The interfaces that are enabled for IGMP snooping.
Snooping
VLAN IDs Enabled For IGMP The IDs of the VLANs that are enabled for IGMP snooping.
Snooping
VLAN IDs Enabled For IGMP The IDs of the VLANs that are enabled for IGMP snooping querier.
Snooping Querier
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. From the Admin Mode menu, select Disable or Enable.
This specifies the interface mode for the selected interface for IGMP snooping for the
switch. The default is Disable.
9. In the Host Timeout field, specify the time that the switch must wait for a report for a
particular group on a particular interface before it deletes that interface from the group.
Enter a value between 1 and 3600 seconds. The default is 260 seconds.
10. In the Max Response Time field, specify the time that the switch must wait after sending a
query on an interface because it did not receive a report for a particular group on that
interface.
Enter a value greater or equal to 1 and less than the group membership interval in
seconds. The default is 10 seconds. The configured value must be less than the group
membership interval.
11. In the MRouter Timeout field, specify the time that the switch must wait to receive a query
on an interface before removing it from the list of interfaces with multicast routers attached.
Enter a value between 0 and 3600 seconds. The default is 0 seconds. A value of zero
indicates an infinite time-out, that is, no expiration.
12. From the Fast Leave Mode menu, select whether fast leave mode is enabled.
The option are Enable and Disable. The default is Disable.
13. Click the Apply button.
Your settings are saved.
Field Description
MAC Address The multicast MAC address for which the switch holds forwarding and/or filtering
information. The format is six two-digit hexadecimal numbers that are separated
by colons, for example, 01:00:5e:45:67:89.
VLAN ID The VLAN ID for which the switch holds forwarding and filtering information.
Field Description
Type The type of the entry. Static entries are those that are configured by the end
user. Dynamic entries are added to the table as a result of a learning process or
protocol.
Description The text description of this multicast table entry. The options are Management
Configured, Network Configured, and Network Assisted.
Interface The interfaces that are designated for forwarding (Fwd) and filtering (Flt) for the
associated address.
7. Configure the IGMP snooping values for the selected VLAN or VLANs:
• Admin Mode. Enable or disable IGMP snooping for the specified VLAN ID. The
default is Disable.
• Fast Leave Mode. Enable or disable the IGMP snooping fast leave mode for the
specified VLAN ID. The default is Disable.
• Host Timeout. Set the value for group membership interval of IGMP snooping for the
specified VLAN ID. The range is from the value for the Maximum Response Time plus
1 to 3600 seconds. The default is 260 seconds.
• Maximum Response Time. Set the value for the maximum response time of IGMP
snooping for the specified VLAN ID. The range is from 1 to the Host Timeout value
minus 1. This value must be greater than group membership interval value. The
default is 10 seconds.
• MRouter Timeout. Set the value for multicast router expiry time of IGMP snooping for
the specified VLAN ID. The range is from 0 to 3600 seconds. The default is
0 seconds.
• Report Suppression Mode. Enable or disable IGMP snooping report suppression
mode for the specified VLAN ID. IGMP snooping report suppression allows the
suppression of the IGMP reports sent by the multicast hosts by building a Layer 3
membership table. The results is that only the most essential reports are sent to the
IGMP routers so that the routers can continue to receive the multicast traffic.The
default is Disable.
• Querier Mode. Enable or disable the IGMP querier mode. The default is Disable.
• Query Interval. Set the IGMP query interval for the specified VLAN ID. The range is
from 1 to 1800 seconds. The default is 60 seconds.
8. Click the Apply button.
Your settings are saved.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. From the Multicast Router menu, select Enable or Disable.
9. Click the Apply button.
Your settings are saved.
6. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the nonconfigurable information displayed on the page.
Table 45. Querier VLAN Status information
Field Description
VLAN ID The VLAN ID on which IGMP snooping querier is administratively enabled and the
VLAN exists in the VLAN database.
Operational State The operational state of the IGMP snooping querier on a VLAN. It can be in any of
the following states:
• Querier. The snooping switch is the querier in the VLAN. The snooping switch
sends out periodic queries with a time interval equal to the configured querier
query interval. If the snooping switch finds a better querier in the VLAN, it
moves to non-querier mode.
• Non-Querier. The snooping switch is in non-querier mode in the VLAN. If the
querier expiry interval timer expires, the snooping switch moves into querier
mode.
• Disabled. The snooping querier is not operational on the VLAN. The snooping
querier moves to disabled mode when IGMP snooping is not operational on
the VLAN or when the querier address is not configured or the network
management address is also not configured.
Last Querier Address The IP address of the last querier from which a query was snooped on the VLAN.
Last Querier Version The IGMP protocol version of the last querier from which a query was snooped on
the VLAN.
Operational Max Response The maximum response time to be used in the queries that are sent by the
Time snooping querier.
6. Use the Search menu and field to search for a MAC address, VLAN ID, or interface number:
• Search by MAC Address. From the Search menu, select MAC Address, and enter
the 6-byte hexadecimal MAC address in two-digit groups separated by colons, for
example, 01:23:45:67:89:AB. Then click the Go button.
If the address exists, that entry is displayed as the first entry followed by the
remaining (higher) MAC addresses. An exact match is required.
• Search VLAN ID. From the Search menu, select VLAN ID, and enter the VLAN ID, for
example, 100. Then click the Go button.
• Search Interface. From the Search menu, select Interface, and enter the interface ID
using the respective interface naming convention (for example, g1 or l1). Then click the
Go button.
7. To refresh the page with the latest information about the switch, click the Refresh button.
8. To clear all dynamic MAC address entries in the table, click the Clear button.
The following table describes the nonconfigurable information displayed on the page.
Table 46. MAC Address Table information
Field Description
MAC Address The unicast MAC address for which the switch holds forwarding and/or
filtering information. The format is a 6-byte MAC address that is separated
by colons, for example 01:23:45:67:89:AB.
Status The status of this entry. The meanings of the values are as follows:
• Static. The value of the corresponding instance was added by the
system or a user and cannot be relearned.
• Learned. The value of the corresponding instance was learned, and is
being used.
• Management. The value of the corresponding instance is also the
value of an existing instance of dot1dStaticAddress.
5. Select Switching > Address Table > Advanced > Dynamic Addresses.
6. In the Address Aging Timeout (seconds) field, specify the time-out period in seconds for
aging out dynamically learned forwarding information.
802.1D-1990 recommends a default of 300 seconds. The value can be any number
between 10 and 1000000 seconds. The default is 300.
7. Click the Apply button.
Your settings are saved.
7. In the Static MAC Address field, enter the static MAC address that you want to add.
8. From the VLAN ID menu, select the VLAN ID that must be associated with the MAC
address.
9. Click the Add button.
The static MAC address is added to the switch.
6. To enable or disable loop protection feature, select the Admin Mode Enable or Disable
radio button.
By default, the Disable radio button is selected.
7. From the Transmit Interval menu, select the time in seconds between transmission of loop
packets.
The default transmit interval is 5 seconds.
8. From the Max PDU Receive menu, select the maximum number of packets to be received
before an action is taken.
The default is 1.
9. In the Disable Timer field, enter the time in seconds after which a port is disabled when a
loop is detected.
The range is from 0 to 604800 seconds. The default is 0 seconds.
10. Click the Apply button.
Your settings are saved.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. From the Keep Alive menu, select Enable or Disable to specify whether keep-alives are
enabled on an interface.
The default is Disable.
9. From the RX Action menu, select the action that occurs when the switch detects a loop on
an interface:
• Log. The switch logs a message.
• Disable. The switch disables the interface. This is the default action.
• Both. The switch both logs a message and disables the interface.
Field Description
Loop Detected Shows whether a loop is detected on the interface. If the interface is disabled and then
reenabled, the status changes to No again.
Loop Count The number of packets that were received after the loop was detected.
Time Since Last Loop The time that elapsed since the loop was detected.
Port Status The status of the interface (Enabled, Disabled, or D-Disabled, which stands for
diagnostically disabled).
183
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
Note: Models GS324T and GS324TP support four hardware queues per
port. Model GS348T supports eight hardware queues per port.
CoS level configured for the ingress port as a whole, based on the existing port default
priority as mapped to a traffic class by the current 802.1p mapping table.
Alternatively, when a port is configured as untrusted, it does not trust any incoming packet
priority designation and uses the port default priority value instead. All packets arriving at the
ingress of an untrusted port are directed to a specific CoS queue on the appropriate egress
ports, in accordance with the configured default priority of the ingress port. This process is
also used for cases where a trusted port mapping cannot be honored, such as when a non-IP
packet arrives at a port configured to trust the IP DSCP value.
6. Either configure the same CoS trust mode settings for all CoS-configurable interfaces or
configure CoS settings per interface.
By default, the Global radio button is selected.
• To configure the same CoS trust mode settings for all CoS configurable interfaces, do
the following:
a. Select the Global radio button.
b. From the Global Trust Mode menu, select one of the following trust mode
options for ingress traffic on the switch:
- Untrusted. Do not trust any CoS packet marking at ingress.
- 802.1p. IEEE 802.1p specifies eight priority tags (p0 to p7). The QoS setting
lets you map each of the eight priority levels to an internal hardware priority
queue. Models GS324T and GS324TP support four hardware queues (0 to 3)
and model GS348T supports eight hardware queues (0 to 7). The default
mode is 802.1p.
- DSCP. The six most significant bits of the DiffServ field are called the
Differentiated Services Code Point (DSCP) bits.
• To configure CoS settings per interface, do the following:
a. Select the Interface radio button.
b. From the Interface Trust Mode menu, select one of the following trust mode
options:
- Untrusted. Do not trust any CoS packet marking at ingress.
- 802.1p. IEEE 802.1p specifies eight priority tags (p0 to p7). The QoS setting
lets you map each of the eight priority levels to an internal hardware priority
queue. Models GS324T and GS324TP support four hardware queues (0 to 3)
and model GS348T supports eight hardware queues (0 to 7). The default
mode is 802.1p.
- DSCP. The six most significant bits of the DiffServ field are called the
Differentiated Services Code Point (DSCP) bits.
7. Click the Apply button.
Your settings are saved.
5. Select QoS > CoS > Advanced > CoS Interface Configuration.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. From the Interface Trust Mode menu, select one of the following trust mode options for
ingress traffic on the selected interfaces:
• Untrusted. Do not trust any CoS packet marking at ingress.
• 802.1p. IEEE 802.1p specifies eight priority tags (p0 to p7). The QoS setting lets you
map each of the eight priority levels to an internal hardware priority queue. Models
GS324T and GS324TP support four hardware queues (0 to 3) and model GS348T
supports eight hardware queues (0 to 7). The default mode is 802.1p.
• DSCP. The six most significant bits of the DiffServ field are called the Differentiated
Services Code Point (DSCP) bits.
9. In the Interface Shaping Rate field, specify the maximum outbound transmission rate
bandwidth in kbps.
This setting is used to shape the outbound transmission rate in increments of 16 kbps in
the range from 16 to 1,000,000 kbps. This value is controlled independently of any
per-queue maximum bandwidth configuration. It is effectively a second-level shaping
mechanism. The default value is 0. The value 0 means that the maximum is unlimited.
The expected shaping at egress interface is calculated as follows:
frameSize × shaping/(frameSize + IFG), where IFG (Inter frame gap) is 20 bytes,
frameSize is configured frame size, and shaping is configured traffic shaping.
For example, if 64 bytes frame size and 64 kbps shaping are configured, the expected
shaping is approximately 48 kbps.
10. In the Interface Ingress Rate Limit field, specify the maximum inbound transmission rate
bandwidth in kbps.
This setting is used to shape the inbound transmission rate in increments of 16 kbps in
the range from 16 to 1,000,000 kbps. The interface discards traffic that arrives at a
bandwidth in excess of the specified limit.
11. Click the Apply button.
Your settings are saved.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. From the Queue ID menu, select the queue to be configured.
Models GS324T and GS324TP support four queues (0 to 3) and model GS348T supports
eight queues (0 to 7).
9. In the Minimum Bandwidth field, specify the minimum guaranteed bandwidth allotted to the
queue.
Setting this value higher than its corresponding maximum bandwidth automatically
increases the maximum to the same value. The default value is 0. The range is 0 to 100
in increments of 1. The value 0 means no guaranteed minimum. The sum of the
individual minimum bandwidth values for all queues for the interface cannot exceed the
defined maximum (100).
10. From the Scheduler Type menu, select one of the following options:
• Strict. The interface services traffic with the highest priority on a queue first.
• Weighted. The interface uses weighted round robin to associate a weight to each
queue. This is the default setting.
The Queue Management Type field displays the queue depth management technique
that is used for queues on the interface. By default, this method is Taildrop, irrespective
of your selection from the Scheduler Type menu.
6. Specify whether the configuration applies to all interfaces that support CoS or to a single
interface by selecting one of the following radio buttons:
• Global. The configuration applies to all interfaces that can support CoS.
• Interface. The configuration applies only to the interface that you must select from the
Interface menu.
7. In the 802.1p to Queue Mapping table, map each of the eight 802.1p priorities to a queue
(internal traffic class).
Models GS324T and GS324TP support four hardware queues (0 to 3) and model
GS348T supports eight hardware queues (0 to 7). The default mode is 802.1p.
The 802.1p Priority row contains traffic class selectors for each of the eight 802.1p
priorities to be mapped. The priority goes from low (0) to high (3 for models GS324T and
GS324TP or 7 for model GS348T). For example, traffic with a priority of 0 is for most data
traffic and is sent using best effort. Traffic with a higher priority might be time-sensitive
traffic, such as voice or video.
The values in the menu under each priority represent the traffic class. The traffic class is
the hardware queue for a port. Higher traffic class values indicate a higher queue
position. Before traffic in a lower queue is sent, it must wait for traffic in higher queues to
be sent.
8. Click the Apply button.
Your settings are saved.
6. For each DSCP value, select from the corresponding Queue menu which internal traffic
class must be mapped to the DSCP value.
The traffic class is the hardware queue for a port. Higher traffic class values indicate a
higher queue position. Before traffic in a lower queue is sent, it must wait for traffic in
higher queues to be sent.
The allowed Per Hop Behavior (PHBs) values, besides other DSCP experimental values,
are as follows:
• Class Selector (CS) PHB. These values are based on IP precedence.
• Assured Forwarding (AF) PHB. These values define four main levels to sort and
manipulate some flows within the network.
• Expedited Forwarding (EF) PHB. These values are used to prioritize traffic for
real-time applications. In many situations, if the network exceeded traffic and you
need some bandwidth guaranteed for an application, the EF traffic must receive this
rate independently of the intensity of any other traffic attempting to transit the node.
The Other DSCP Values (Local/Experimental Use) section allows you to set non-default
values for advanced settings.
7. Click the Apply button.
Your settings are saved.
Internet applications, such as email and file transfers, a slight degradation in service is
acceptable and in many cases unnoticeable. However, any degradation of service can
negatively affect applications with strict timing requirements, such as voice and multimedia.
Defining DiffServ
To use DiffServ for QoS, you must first define the following categories and their criteria:
1. Class. Create classes and define class criteria.
2. Policy. Create policies, associate classes with policies, and define policy statements.
3. Service. Add a policy to an inbound interface.
Packets are classified and processed based on defined criteria. The classification criteria are
defined by a class. The processing is defined by a policy’s attributes. Policy attributes can be
defined on a per-class instance basis, and it is these attributes that are applied when a match
occurs. A policy can contain multiples classes. When the policy is active, the actions taken
depend on which class matches the packet.
Note the following about the DiffServ process:
• Packets are filtered and processed based on defined criteria. The filtering criteria is
defined by a class. The processing is defined by a policy's attributes. Policy attributes can
be defined on a per-class instance basis, and it is these attributes that are applied when a
match occurs.
• The configuration process begins with defining one or more match criteria for a class.
Then one or more classes are added to a policy. Policies are then added to interfaces.
• Packet processing begins by testing the match criteria for a packet. The All class type
option specifies that each match criteria within a class must evaluate to true for a packet
to match that class. The Any class type option specifies that at least one match criteria
must evaluate to true for a packet to match that class. Classes are tested in the order in
which they were added to the policy. A policy is applied to a packet when a class match
within that policy is found.
To configure the global DiffServ mode and display DiffServ general status group
information:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select QoS > DiffServ > Advanced > DiffServ Configuration.
Field Description
Class Table The number of configured DiffServ classes out of the total allowed on the switch.
Class Rule table The number of configured class rules out of the total allowed on the switch.
Policy table The number of configured policies out of the total allowed on the switch.
Policy Instance table The number of configured policy class instances out of the total allowed on the
switch.
Policy Attributes table The number of configured policy attributes (attached to the policy class instances)
out of the total allowed on the switch.
Service table The number of configured services (attached to the policies on specified interfaces)
out of the total allowed on the switch.
9. Define the criteria that must be associated the DiffServ class by selecting one of the
following radio buttons:
• Match Every. Select this radio button to add a match condition that considers all
packets to belong to the class. The only selection from the Match Every menu is Any.
• Reference Class. Select this radio button to reference another class for criteria. The
match criteria defined in the reference class function as match criteria in addition to
the match criteria that you define for the selected class. After you select the radio
button, the classes that can be referenced are displayed. Select the class to
reference. A class can reference only one other class of the same type.
• Class of Service. Select this radio button to require the Class of Service (CoS) value
in an Ethernet frame header to match the specified CoS value. This option lists all the
values for the Class of Service match criterion in the range 0 to 7 from which you can
select one.
• VLAN. Select this radio button to require a packet’s VLAN ID to match a VLAN ID.
The VLAN value is in the range from 1 to 4093.
• Ethernet Type. Select this radio button to require the EtherType value in the Ethernet
frame header to match the specified EtherType value. After you select the radio
button, select the EtherType keyword from the menu of common protocols that are
mapped to their Ethertype value. You can also select User Value from the menu and
enter a value in the hexadecimal range from 600 to ffff.
• Source MAC. Select this radio button to require a packet’s source MAC address to
match the specified MAC address. After you select this radio button, use the following
fields to configure the source MAC address match criteria:
- Address. The source MAC address to match. The source MAC address is
specified as six two-digit hexadecimal numbers separated by colons.
- Mask. The MAC mask, which specifies the bits in the source MAC address to
compare against the Ethernet frame. Use Fs and zeros to configure the MAC
mask. An F means that the bit is checked, and a zero in a bit position means that
the data is not significant. For example, if the MAC address is aa:bb:cc:dd:ee:ff,
and the mask is ff:ff:00:00:00:00, all MAC addresses with aa:bb:xx:xx:xx:xx result
in a match (where x is any hexadecimal number). Note that this is not a wildcard
mask, which ACLs use.
• Destination MAC. Select this radio button to require a packet’s destination MAC
address to match the specified MAC address. After you select the radio button, use
the following fields to configure the destination MAC address match criteria:
- Address. The destination MAC address to match. The destination MAC address
is specified as six two-digit hexadecimal numbers separated by colons.
- Mask. The MAC mask, which specifies the bits in the destination MAC address to
compare against an Ethernet frame. Use Fs and zeros to configure the MAC
mask. An F means that the bit is checked, and a zero in a bit position means that
the data is not significant. For example, if the MAC address is aa:bb:cc:dd:ee:ff,
and the mask is ff:ff:00:00:00:00, all MAC addresses with aa:bb:xx:xx:xx:xx result
in a match (where x is any hexadecimal number). Note that this is not a wildcard
mask, which ACLs use.
• Protocol Type. Select this radio button to require a packet’s Layer 4 protocol to match
the specified protocol, which you must select from the menu. You can also select
Other from the menu and enter a protocol number from 0 to 255.
• Source IP. Select this radio button to require a packet’s source IP address to match
the specified IP address. After you select the radio button, use the following fields to
configure the source IP address match criteria:
- Address. The source IP address format to match in dotted-decimal.
- Mask. The bit mask in IP dotted-decimal format indicating which parts of the
source IP address to use for matching against packet content.
• Source L4 Port. Select this radio button to require a packet’s TCP/UDP source port to
match the specified protocol, which you must select from the menu. You can also
select Other from the menu and enter a port number from 0 to 65535.
• Destination IP. Select this radio button to require a packet’s destination IP address to
match the specified IP address. After you select the radio button, use the following
fields to configure the destination IP address match criteria:
- Address. The destination IP address format to match in dotted-decimal.
- Mask. The bit mask in IP dotted-decimal format indicating which parts of the
destination IP address to use for matching against packet content.
Field Description
Match Criteria The configured match criteria for the specified class.
10. Configure the policy attributes by selecting one of the following radio buttons:
• Assign Queue. Select this radio button to specify that traffic must be assigned to a
queue, which you must select from the menu. Models GS324T and GS324TP support
four hardware queues (0 to 3) and model GS348T supports eight hardware queues
(0 to 7).
• Drop. Select this radio button to require each inbound packet to be dropped.
• Mark VLAN CoS. Select this radio button to specify the VLAN priority, which you must
select from the menu. The VLAN priority is expressed as a value in the range from 0
to 7.
• Mark IP Precedence. Select this radio button to require packets to be marked with an
IP precedence value before being forwarded. You must select an IP precedence
value from 0 to 7 from the menu.
• Mirror. Select this radio button to require packets to be mirrored to an interface or
LAG, one of which you must select from the menu.
• Redirect. Select this radio button to require packets to be redirected to an interface or
LAG, one of which you must select from the menu.
• Mark IP DSCP. Select this radio button to require packet to be marked with an IP
DSCP keyword code, which you must select from the menu. The DSCP value is
defined as the high-order 6 bits of the Service Type octet in the IP header.
• Simple Policy. Select this radio button to define the traffic policing style for the class.
By default, this simple policy is color blind, and color classes do not apply. A simple
policy supports a single data rate and a single burst size and results in one of two
outcomes: conform or violate.
Specify a policy action for packets that conform or violate to the policy:
a. Committed Rate. Enter the committed rate that is applied to conforming packets
by specifying a value in the range from 1 to 4294967295 Kbps.
b. Committed Burst Size. Enter the committed burst size that is applied to
conforming packets by specifying a value in the range from 1 to 128 Kbps.
c. In the Conform Action section, select one of the following radio buttons:
• Send. Packets are forwarded unmodified. This is the default confirming action.
• Drop. Packets are dropped.
• Mark CoS. Packets are marked by DiffServ with the specified CoS value
before being forwarded. This selection requires that the Mark CoS field is set.
You must select a CoS value from 0 to 7 from the menu.
• Mark IP Precedence. These packets are marked by DiffServ with the specified
IP Precedence value before being forwarded. This selection requires that the
Mark IP Precedence field is set. You must select an IP precedence value from
0 to 7 from the menu.
• Mark IP DSCP. Packets are marked by DiffServ with the specified DSCP value
before being forwarded. This selection requires that the DSCP field is set. You
must either select a DSCP code from the menu or enter an IP DSCP value
from 0 to 63 in the field next to the menu. A value that you enter in the field
overrides any selection from the menu.
The DSCP value is defined as the high-order six bits of the Service Type octet
in the IP header.
d. In the Violate Action section, select one of the following radio buttons:
• Send. Packets are forwarded unmodified. This is the default violating action.
• Drop. Packets are dropped.
• Mark CoS. Packets are marked by DiffServ with the specified CoS value
before being forwarded. This selection requires that the Mark CoS field is set.
You must select a CoS value from 0 to 7 from the menu.
• Mark IP Precedence. These packets are marked by DiffServ with the specified
IP Precedence value before being forwarded. This selection requires that the
Mark IP Precedence field is set. You must select an IP precedence value from
0 to 7 from the menu.
• Mark IP DSCP. Packets are marked by DiffServ with the specified DSCP value
before being forwarded. This selection requires that the DSCP field is set. You
must either select a DSCP code from the menu or enter an IP DSCP value
from 0 to 63 in the field next to the menu. A value that you enter in the field
overrides any selection from the menu.
The DSCP value is defined as the high-order six bits of the Service Type octet
in the IP header.
11. Click the Apply button.
Your settings are saved.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. From the Policy Name menu, select a policy name.
9. Click the Apply button.
Your settings are saved.
The following table describes the nonconfigurable information displayed on the page.
Table 50. Service Interface Configuration information
Field Description
Direction Shows the traffic direction of this service interface, which is always inbound (In).
Operational Status Shows the operational status of this service interface (either Up or Down).
Field Description
Interface All valid port numbers on the switch with a DiffServ policy that is attached in the inbound
direction.
Direction The traffic direction of interface is inbound (In). This field shows only the direction for
which a DiffServ policy is attached.
Policy Name The name of the policy that is currently attached to the specified interface and direction.
Operational Status The operational status of the policy that is attached to the specified interface and
direction. The value is either Up or Down.
Discarded packets The number of packets that were discarded for all class instances in this service policy for
any reason because of the DiffServ treatment. This is the overall count per interface, per
direction. The number of discarded packets is displayed in the inbound direction only.
Member Classes All DiffServ classes that are defined as members of the selected policy name. Select a
member class name to display its statistics. If no class is associated with the selected
policy, then the list is empty.
209
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
Note: If you forget the password and are unable to log in to the switch local
browser interface, press the Factory Defaults button on the front
panel of the switch for more than five seconds. The device reboots,
and all switch settings, including the password, are reset to the factory
default values.
The Current Server IP Address field is blank if no servers are configured (see Configure
a RADIUS Authentication Server on the Switch on page 213). The switch supports up to
three RADIUS servers. If more than one RADIUS server is configured, the current server
is the server configured as the primary server. If no servers are configured as the primary
server, the current server is the most recently added RADIUS server.
CAUTION:
The maximum delay in receiving a RADIUS response on the switch equals
the maximum number of retransmissions multiplied by the time-out period
multiplied by the number of configured RADIUS servers. If the RADIUS
request was generated by a user login attempt, all user interfaces are
blocked until the switch receives a RADIUS response.
6. In the Max Number of Retransmits field, specify the maximum number of times a request
packet is retransmitted to the RADIUS server.
The range is from 1 to 15. The default value is 4.
7. In the Timeout Duration field, specify the time-out value, in seconds, for request
retransmissions.
The range is from 1 to 30. The default value is 5.
8. From he Accounting Mode menu, select to disable or enable RADIUS accounting on the
server.
The default is Disabled.
9. Click the Apply button.
Your settings are saved.
The following table describes the nonconfigurable fields displayed on the page.
Table 52. RADIUS Configuration information
Field Description
Current Server IP Address The IP address of the current server. This field is blank if no servers are
configured.
Number of Configured The number of configured authentication RADIUS servers. The value can range
Servers from 0 to 32.
To add a primary RADIUS authentication server to the switch and view or reset the
RADIUS authentication server statistics:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Security > Management Security > RADIUS > Server Configuration.
6. In the Server Address field, specify the IP address of the RADIUS server.
7. In the Authentication Port field, specify the UDP port number that the server uses to verify
the RADIUS server authentication.
The range is from 1 to 65535. The default value is 1812.
Field Description
Server Address The address of the RADIUS server or the name of the RADIUS server for
which the statistics are displayed.
Round Trip Time The time interval, in hundredths of a second, between the most recent
access-reply/access-challenge and the access-request that matched it from
this RADIUS authentication server.
Access Requests The number of RADIUS access-request packets sent to this server. This
number does not include retransmissions.
Access Retransmissions The number of RADIUS access-request packets retransmitted to this server.
Access Accepts The number of RADIUS access-accept packets, including both valid and
invalid packets, that were received from this server.
Access Rejects The number of RADIUS access-reject packets, including both valid and invalid
packets, that were received from this server.
Access Challenges The number of RADIUS access-challenge packets, including both valid and
invalid packets, that were received from this server.
Malformed Access Responses The number of malformed RADIUS access-response packets received from
this server. Malformed packets include packets with an invalid length. Bad
authenticators or signature attributes or unknown types are not included in
malformed access-responses.
Field Description
Pending Requests The number of RADIUS access-request packets destined for this server that
did not yet time out or receive a response.
Unknown Types The number of RADIUS packets of unknown type that were received from this
server on the authentication port.
Packets Dropped The number of RADIUS packets received from this server on the
authentication port and dropped for some other reason.
To add a RADIUS accounting server to the switch and view or clear the RADIUS
accounting server statistics:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
6. In the Accounting Server Address field, specify the IP address of the RADIUS accounting
server to add.
7. In the Port field, specify the UDP port number that the server uses to verify the RADIUS
accounting server authentication. The default UDP port number is 1813.
8. From the Secret Configured menu, select Yes to add a RADIUS secret in the next field or
select No to ignore the RADIUS secret.
To configure the RADIUS secret, you must select Yes. After you add the RADIUS
accounting server, this field indicates whether the shared secret for this server was
configured.
9. In the Secret field, type the shared secret to use with the specified accounting server.
10. From the Accounting Mode menu, select Enable to enable the RADIUS accounting mode.
11. Click the Add button.
The server is added to the switch.
12. To reset the accounting server and RADIUS statistics to their default values, click the Clear
Counters button.
The following table describes the RADIUS server statistics displayed on the page.
Table 54. RADIUS accounting server statistics information
Field Description
Accounting Server Address The accounting server associated with the statistics.
Round Trip Time (secs) The time interval, in hundredths of a second, between the most recent
accounting-response and the accounting-request that matched it from this
RADIUS accounting server.
Accounting Requests The number of RADIUS accounting-request packets sent not including
retransmissions.
Field Description
Accounting Responses The number of RADIUS packets received on the accounting port from this
server.
Malformed Accounting Responses The number of malformed RADIUS accounting-response packets received
from this server. Malformed packets include packets with an invalid length.
Bad authenticators and unknown types are not included as malformed
accounting responses.
Bad Authenticators The number of RADIUS accounting-response packets that contained invalid
authenticators received from this accounting server.
Pending Requests The number of RADIUS accounting-request packets sent to this server that
did not yet time out or receive a response.
Unknown Types The number of RADIUS packets of unknown type that were received from
this server on the accounting port.
Packets Dropped The number of RADIUS packets that were received from this server on the
accounting port and dropped for some other reason.
Configure TACACS+
TACACS+ provides a centralized user management system, while still retaining consistency
with RADIUS and other authentication processes. TACACS+ provides the following services:
• Authentication. Provides authentication during login and through user names and
user-defined passwords.
• Authorization. Performed at login. When the authentication session is completed, an
authorization session starts using the authenticated user name. The TACACS+ server
checks the user privileges.
The TACACS+ protocol ensures network security through encrypted protocol exchanges
between the device and TACACS+ server.
6. In the Key String field, specify the authentication and encryption key for TACACS+
communications between the switch and the TACACS+ server.
The range is from 0 to 128. The key must match the key configured on the TACACS+
server.
7. In the Connection Timeout field, specify the maximum number of seconds allowed to
establish a TCP connection between the switch and the TACACS+ server.
The range is from 1 to 30 seconds. The default is 5 seconds.
8. Click the Apply button.
Your settings are saved.
If you select a method that does not time out as the first method, such as Local, no other
method is tried, even if you specified more than one method. User authentication occurs
in the order the methods are selected. Possible methods are as follows:
• Local. The user’s locally stored ID and password are used for authentication. Since
the Local method does not time out, if you select this option as the first method, no
other method is tried, even if you specified more than one method. This is the default
method. This is the default selection for Method 1.
• RADIUS. The user’s ID and password are authenticated using the RADIUS server. If
you select RADIUS or TACACS+ as the first method and an error occurs during the
authentication, the switch uses Method 2 to authenticate the user.
• TACACS+. The user’s ID and password are authenticated using the TACACS+
server. If you select RADIUS or TACACS+ as the first method and an error occurs
during the authentication, the switch attempts user authentication Method 2.
• None. The authentication method is unspecified, that is, no authentication is required.
8. From the menu in the 2 column, select the authentication method, if any, that must be used
second in the selected authentication login list.
This is the method that is used if the first method times out. If you select a method that
does not time out as the second method, the third method is not tried.
9. From the menu in the 3 column, select the authentication method, if any, that must be used
third in the selected authentication login list.
10. From the menu in the 4 column, select the method, if any, that must be used fourth in the
selected authentication login list.
This is the method that is used if all previous methods time out.
11. Click the Apply button.
Your settings are saved.
6. In the HTTP Session Soft Timeout field, specify the number of minutes an HTTP session
can be idle before a time-out occurs.
The value must be in the range from 0 to 60 minutes. The default value is 5 minutes.
After the session is inactive for the configured time, you are automatically logged out and
must reenter the password to access the local browser interface A value of zero means
that the session does not time out.
7. In the HTTP Session Hard Timeout field, specify the hard time-out for HTTP sessions.
This time-out is unaffected by the activity level of the session. The value must be in the
range from 0 to 168 hours. A value of zero means that the session does not time out. The
default value is 24 hours.
8. In the Maximum Number of HTTP Sessions field, specify the maximum number of HTTP
sessions that can exist at the same time.
The range is from 1 to 4 sessions. The default is 4 sessions.
9. Click the Apply button.
Your settings are saved.
Note: If you use HTTPS access, before you can generate a certificate, you
must disable HTTPS (see Configure HTTPS Access Settings on
page 229) and log back in to the local browser interface over an
HTTP session. After you generate the certificate, you can reenable
HTTPS and log back in to the local browser interface over an HTTPS
session.
The Certificate Present field displays whether a certificate is present on the switch.
6. In the Certificate Management section, select the Generate Certificates radio button.
7. Click the Apply button.
The switch generates an SSL certificate.
The Certificate Generation Status field shows progress information.
Note: If you use HTTPS access, before you can delete a certificate, you
must disable HTTPS (see Configure HTTPS Access Settings on
page 229) and log back in to the local browser interface over an
HTTP session. After you generate the certificate, you can reenable
HTTPS and log back in to the local browser interface over an HTTPS
session.
Note: If you use HTTPS access, before you can transfer a certificate, you
must disable HTTPS (see Configure HTTPS Access Settings on
page 229) and log back in to the local browser interface over an
HTTP session. After you generate the certificate, you can reenable
HTTPS and log back in to the local browser interface over an HTTPS
session.
6. From the File Type menu, select the type of SSL certificate to download, which can be one
of the following:
• SSL Trusted Root Certificate PEM File. SSL Trusted Root Certificate file (PEM
Encoded)
• SSL Server Certificate PEM File. SSL Server Certificate File (PEM Encoded)
• SSL DH Weak Encryption Parameter PEM File. SSL Diffie-Hellman Weak Encryption
Parameter file (PEM Encoded)
• SSL DH Strong Encryption Parameter PEM File. SSL Diffie-Hellman Strong
Encryption Parameter File (PEM Encoded)
7. From the Server Address Type menu, select IPv4 or DNS to indicate the format for the
TFTP Server IP field.
The default is IPv4.
8. In the TFTP Server IP field, specify the address or host name of the TFTP server.
The address can be an IP address in standard x.x.x.x format or a host name. The host
name must start with a letter of the alphabet.
9. In the Remote File Path field, enter the path of the file to download.
You can enter up to 96 characters. The default is blank.
10. In the Remote File Name field, enter the name of the file on the TFTP server to download.
You can enter up to 32 characters. The default is blank.
11. Select the Start File Transfer check box.
12. Click the Apply button.
The file transfer starts. A status message displays during the transfer and upon
successful completion of the transfer.
CAUTION:
If you configure a security access profile incorrectly and you activate the
access profile, you might no longer be able to access the switch’s local
browser interface. If that situation occurs, you must reset the switch to
factory default settings (see Reset the Switch to Its Factory Default
Settings on page 324).
6. In the Access Profile Name field, enter the name of the access profile to be added.
The maximum length is 32 characters.
7. Click the Apply button.
Your settings are saved. By default, the access profile is deactivated. After you add rules,
you can activate the access profile.
CAUTION:
You must add a permit rule for your device and access method, otherwise
you are locked out from the switch after you activate the access profile. If
that situation occurs, you must reset the switch to factory default settings
(see Reset the Switch to Its Factory Default Settings on page 324).
5. Select Security > Access > Access Control > Access Rule Configuration.
6. From the Rule Type menu, select Permit or Deny to permit or deny access when the
selected rules are matched.
A Permit rule allows access from a device that matches the rule criteria. A Deny rule
blocks a device that matches the rule criteria.
7. From the Service Type menu, select the access method to which the rule is applied.
The policy is restricted by the selected access method. Possible access methods are
TFTP, HTTP, Secure HTTP (SSL), SNMP, and SNTP.
8. In the Source IP Address field, enter the source IP address from which the management
traffic originates.
9. In the Mask field, specify the subnet mask from which the management traffic originates.
10. In the Priority field, assign a priority to the rule.
The rules are validated against the incoming management request in ascending order of
their priorities. If a rule matches, the action is performed and subsequent rules below that
rule are ignored. For example, if a source IP address 10.10.10.10 is configured with
priority 1 to permit, and the same source IP address 10.10.10.10 is also configured with
priority 2 to deny, then access is permitted if the profile is active, and the second rule is
ignored.
11. Click the Add button.
The access rule is added.
CAUTION:
If you configure a security access profile incorrectly and you activate the
access profile, you might no longer be able to access the switch’s local
browser interface. If that situation occurs, you must reset the switch to
factory default settings (see Reset the Switch to Its Factory Default
Settings on page 324).
Display the Access Profile Summary and the Number of Filtered Packets
After you added rules to the active profile, you can view the entries in the summary. If the
access profile is active, you can also view the number of filtered packets.
To display the access profile summary and the number of filtered packets:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Security > Access > Access Control > Access Profile Configuration.
The Packets Filtered field displays the number of packets filtered (none in the previous
figure).
6. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the nonconfigurable data that is displayed.
Table 55. Access profile configuration profile summary
Field Description
Service Type The service type selected. The policy is restricted by the selected service type.
Source IP Address The source IP address of the client originating the management traffic.
The previous figure does not show all columns on the page.
6. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
7. Specify the following settings:
• Port Control. Defines the port authorization state. The control mode is set only if the
link status of the port is link up. Select one of the following options:
- Auto. The switch automatically detects the mode of the interface.
- Authorized. The switch places the interface into an authorized state without
being authenticated. The interface sends and receives normal traffic without client
port-based authentication.
- Unauthorized. The switch denies the selected interface system access by
moving the interface into unauthorized state. The switch cannot provide
authentication services to the client through the interface.
• Host Mode. Defines the host mode for an interface. The host mode determines the
number and types of clients that can be authenticated and authorized on the
interface. The host mode can distinguish between data and voice clients. Select one
of the following options:
- Single-Host. A single data client only can be authenticated and authorized on the
interface before this client is granted access to the interface. Only after the client
logs off, can another client be authenticated and authorized on the interface, and
granted access to the interface.
- Multi-Host. After one data client is authenticated and authorized on the interface,
access is granted to all clients that are connected to the interface.
For example, you can this mode if a WiFi access point is connected to an
access-controlled port of a NAS. After the access point is authenticated by the
NAS, the interface is authorized for traffic of all WiFi clients that are connected to
the access point.
- Multi-Domain. A single voice client and a single data client only can be
authenticated and authorized on the interface before these clients are granted
access to the interface. The voice and data domains are segregated. The
RADIUS server attribute “Cisco-AVPair = ‘device-traffic-class = voice’” is used to
identify a voice client.
For example, you can use this mode if an IP phone is connected to a NAS port
and a laptop is connected to the hub port of the IP phone. Both devices need to
be authenticated to access the network services behind the NAS.
- Multi-Auth. A single voice client and multiple data clients can be authenticated
and authorized on the interface before these clients are granted access to the
interface. The voice and data domains are segregated.
For example, you can use this mode if an IP phone and a network of computers
are connected to a hub that is connected to a NAS port.
- Multi-Domain-Multi-Host. After one voice client and one data client are
authenticated and authorized on the interface, access is granted to all clients that
are connected to the interface, and all these clients are treated as data clients.
The voice and data domains are segregated.
For example, you can use this mode if an IP phone is connected to a NAS port
and a virtual machine controller (VMC) is connected to the hub port of the IP
phone. Both the VMC and the IP phone need to be authenticated to access the
network services behind the NAS. If the VMC hosts multiple virtual machines,
after the VMC is authenticated, traffic is allowed from all virtual machines that are
hosted by the VMC.
Note: If the switch exceeds the limit of one hundred and four (104) 802.1x
users, each interface can authenticate one additional voice client. (The
limit of 104 clients can include MAB clients.) For example, even if the
switch already supports 104 clients, each interface can still
authenticate one additional IP phone.
• Guest VLAN ID. Specify the VLAN ID for the guest VLAN. The range is from 0 to
4093. The default value is 0. Enter 0 to reset the guest VLAN ID on the interface. The
guest VLAN allows the port to provide a distinguished service to unauthenticated
users, after three authentication failures. This feature provides a mechanism to allow
users access to hosts on the guest VLAN.
• Unauthenticated VLAN ID. Specify the VLAN ID of the unauthenticated VLAN for the
selected port. The range is from 0 to 3965. The default value is 0. Hosts that fail the
authentication might be denied access to the network or placed on a VLAN created
for unauthenticated clients. This VLAN might be configured with limited network
access.
• Periodic Reauthentication. To allow periodic reauthentication of the supplicant for
the specified port, select Enable
• Reauthentication Period Type. If you enable period authentication, select the type
of reauthentication:
- Server. The reauthentication time-out value from the server is used. This is the
default setting. The server’s session time-out and session termination settings are
used by the authenticator to reauthenticate a supplicant on the interface. An
example of a server is a RADIUS server.
- User. You must enter the time-out value in the Reauthentication Period field.
• Reauthentication Period. If you enable period authentication and you select User as
the reauthentication period type, specify the time in seconds after which
reauthentication of the supplicant occurs. The reauthentication period must be a value
in the range from 1 to 65535 seconds. The default value is 3600 seconds.
• Max ReAuth Requests. Specify the maximum number of reauthentication requests
for the port.
• Quiet Period. Specify the time in seconds that the port remains in the quiet state
following a failed authentication exchange. While in the quite state, the port does not
attempt to acquire a supplicant.
• Resending EAP. Specify the EAP retransmit period for the selected port. The
transmit period is the time in seconds, after which an EAPoL EAP Request/Identify
frame is resent to the supplicant.
• MAX EAP Requests. Specify the maximum number of EAP requests for the port.
The value is the maximum number of times an EAPoL EAP Request/Identity
message is retransmitted before the supplicant times out.
• Supplicant Timeout. Specify the supplicant time-out for the port. The supplicant
time-out is the time in seconds after which the supplicant times out.
• Server Timeout. Specify the time that elapses before the switch resends a request to
the authentication server.
8. Click the Apply button.
Your settings are saved.
The following table describes the port authentication status information available on the
page.
Table 56. Port authentication status information
Field Description
Control Direction The control direction for the specified port, which is always Both. The control
direction dictates the degree to which protocol exchanges take place between
supplicant and authenticator.The unauthorized controlled port exerts control over
communication in both directions (disabling both incoming and outgoing frames).
PAE Capabilities The port access entity (PAE) functionality of the selected port. The option is
Authenticator or Supplicant.
802.1X on the selected interface is reset to the initialization state. Traffic sent to and from
the port is blocked during the authentication process. This button is available only if the
control mode is auto. When you click this button, the action is immediate. You do not
need to click the Apply button for the action to occur.
The following table describes the fields on the Port Summary page.
Table 57. Port summary
Field Description
Port The port whose settings are displayed in the current table row.
Control Mode This field indicates the configured control mode for the port. The options are as
follows:
• Force Unauthorized. The authenticator port access entity (PAE)
unconditionally sets the controlled port to unauthorized.
• Force Authorized. The authenticator PAE unconditionally sets the controlled
port to authorized.
• Auto. The authenticator PAE sets the controlled port mode to reflect the
outcome of the authentication exchanges between the supplicant,
authenticator, and the authentication server.
• MAC Based. The authenticator PAE sets the controlled port mode to reflect the
outcome of authentication exchanges between a supplicant, an authenticator,
and an authentication server on a per supplicant basis.
Operating Control Mode The control mode under which the port is actually operating. The options are as
follows:
• ForceUnauthorized
• ForceAuthorized
• Auto
• MAC Based
• N/A: If the port is in detached state, it cannot participate in port access control.
Reauthentication Enabled This field shows whether reauthentication of the supplicant for the specified port is
allowed. The option is True or False. If the value is True, reauthentication occurs.
Otherwise, reauthentication is not allowed.
Port Status The authorization status of the specified port. The options are Authorized,
Unauthorized, and N/A. If the port is in detached state, the value is N/A because the
port cannot participate in port access control.
The following table describes the fields on the Client Summary page.
Table 58. Client Summary information
Field Description
User Name The user name representing the identity of the supplicant device.
Filter ID The policy filter ID assigned by the authenticator to the supplicant device.
VLAN Assigned The reason for the VLAN ID assigned by the authenticator to the supplicant device.
Session Timeout The session time-out imposed by the RADIUS server on the supplicant device.
Termination Action The termination action imposed by the RADIUS server on the supplicant device.
The previous figure shows the MAC Filter Configuration page for models GS324T and
GS324TP.
6. From the MAC Filter menu, select Create Filter.
If you did not configure any filters, this is the only option available.
7. From the VLAN ID menu, select the VLAN that must be used with the MAC address.
8. In the MAC Address field, specify the MAC address of the filter in the format
XX:XX:XX:XX:XX:XX.
You cannot define filters for the following MAC addresses:
• 00:00:00:00:00:00
• 01:80:C2:00:00:00 to 01:80:C2:00:00:0F
• 01:80:C2:00:00:20 to 01:80:C2:00:00:21
• FF:FF:FF:FF:FF:FF
9. In the Port and LAG tables in the Source Port Members section, select the ports and LAGs
that must be included in the inbound filter.
If a packet with the MAC address and VLAN ID that you specify is received on a port that
is not part of the inbound filter, the packet is dropped.
10. In the Port and LAG tables in the Destination Port Members section, select the ports and
LAGs that must be included in the outbound filter.
A packet with the MAC address and VLAN ID that you specify can be transmitted only
from a port that is part of the outbound filter.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Security > Traffic Control > MAC Filter > MAC Filter Summary.
6. To refresh the page with the latest information about the switch, click the Refresh button.
The following table describes the information displayed on the page.
Table 59. MAC Filter Summary information
Field Description
MAC Address The MAC address of the filter in the format XX:XX:XX:XX:XX:XX.
VLAN ID The VLAN ID used with the MAC address to fully identify packets you want filtered.
Source Port Members The ports to be used for filtering inbound packets.
Destination Port Members The ports to be used for filtering outbound packets.
6. In the Storm Control section, from the Ingress Control Mode menu, select one of the
following modes for storm control:
• Disabled. Storm control is disabled. This is the default setting.
• Unknown Unicast. If the rate of incoming unknown Layer 2 unicast traffic (that is,
traffic for which a destination lookup failure occurs) increases beyond the configured
threshold on an interface, the traffic is dropped.
• Multicast. If the rate of incoming Layer 2 multicast traffic increases beyond the
configured threshold on an interface, the traffic is dropped.
• Broadcast. If the rate of incoming Layer 2 broadcast traffic increases beyond the
configured threshold on an interface, the traffic is dropped.
7. If the selection from the Ingress Control Mode menu is not Disabled, specify whether the
ingress control mode is enabled by selecting Enable or Disable from the Status menu.
8. In the Threshold field, specify the maximum rate at which unknown packets are forwarded.
The range is a percent of the total threshold between 0 and 100%. The default is 5%.
9. From the Control Action mode menu, select one of the following options:
• None. No action is taken. This is the default setting.
• Trap. If the threshold of the configured broadcast storm is exceeded, a trap is sent.
• Shutdown. If the threshold of the configured broadcast storm is exceeded, the port is
shut down.
10. Click the Apply button.
Your settings are saved.
The default settings in the Port Settings section depends on the global storm control
settings (see Configure Global Storm Control Settings on page 252), which apply to all
ports.
6. In the Port Settings section, select one or more interfaces by taking one of the following
actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
7. From the Status menu, specify whether the ingress control mode is enabled for the port by
selecting Enable or Disable.
8. In the Threshold field, specify the maximum rate at which unknown packets are forwarded
for the port.
The range is a percent of the total threshold between 0 and 100%. The default is 5%.
9. From the Control Action mode menu, select one of the following options for the port:
• None. No action is taken.
• Trap. If the threshold of the configured broadcast storm is exceeded, a trap is sent.
• Shutdown. If the threshold of the configured broadcast storm is exceeded, the port is
shut down.
10. Click the Apply button.
Your settings are saved.
The following table describes the fields in the Port Security Violations table.
Table 60. Port Security Violations information
Field Description
Last Violation MAC The source MAC address of the last packet that was discarded at a locked port.
6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following
links above the table heading:
• 1 (the unit ID of the switch). Only physical interfaces are displayed. This is the default
setting.
• LAG. Only LAGs are displayed.
• All. Both physical interfaces and LAGs are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To configure a single interface, select the check box associated with the port, or type
the port number in the Go To Interface field and click the Go button.
• To configure multiple interfaces with the same settings, select the check box
associated with each interface.
• To configure all interfaces with the same settings, select the check box in the heading
row.
8. Specify the following settings:
• Port Security. Enable or disable the port security feature for the selected interfaces
The default is Disable.
• Max Learned MAC Address. Specify the maximum number of dynamically learned
MAC addresses on the selected interfaces. The default is 4096.
• Max Static MAC Address. Specify the maximum number of statically locked MAC
addresses on the selected interfaces. The default is 48.
• Enable Violation Shutdown. Enable or disable shutdown of the selected interfaces if
a packet with a disallowed MAC address is received. The default value is No, which
means that the option is disabled.
• Enable Violation Traps. Enable or disable the sending of new violation traps if a
packet with a disallowed MAC address is received. The default value is No, which
means that the option is disabled.
9. Click the Apply button.
Your settings are saved.
View Learned MAC Addresses and Convert Them to Static MAC Addresses
After you enabled port security globally (see Configure the Global Port Security Mode on
page 256) and enabled port security for specific interfaces (see Configure a Port Security
Interface on page 257), you can convert a dynamically learned MAC address to a statically
locked address.
To view learned MAC addresses for an individual interface or LAG and convert these
MAC addresses to static MAC addresses:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Security > Traffic Control > Port Security > Security MAC Address.
Field Description
7. To convert the dynamically learned MAC address to a statically locked addresses, select the
Convert Dynamic Address to Static check box.
8. Click the Apply button.
The dynamic MAC address entries are converted to static MAC address entries in a
numerically ascending order until the static limit is reached.
The Number of Dynamic MAC Addresses Learned field displays the number of
dynamically learned MAC addresses on a specific port.
9. To refresh the page with the latest information about the switch, click the Refresh button.
The previous figure shows the Protected Ports Membership page for models GS324T
and GS324TP.
6. In the Ports table, click each port that you want to configure as a protected port.
Protected ports are marked with a check mark. No traffic forwarding is possible between
two protected ports.
7. Click the Apply button.
Your settings are saved.
To configure an ACL:
1. Create an IPv4-based or MAC-based ACL ID.
2. Create a rule and assign it to a unique ACL ID.
3. Define the rules, which can identify protocols, source, and destination IP and MAC
addresses, and other packet-matching criteria.
4. Use the ID number to assign the ACL to a port or to a LAG.
To view ACL configuration examples, see Access Control Lists (ACLs) on page 340.
Note: The steps in the following procedure describe how you can create an
ACL based on the destination MAC address. If you select a different
type of ACL (or example, an ACL based on a source IPv4), the page
displays different information.
The previous figure shows the ACL Wizard page for models GS324T and GS324TP.
6. From the ACL Type menu, select the type of ACL.
You can select from the following ACL types:
• ACL Based on Destination MAC. Creates an ACL based on the destination MAC
address, destination MAC mask, and VLAN.
• ACL Based on Source MAC. Creates an ACL based on the source MAC address,
source MAC mask, and VLAN.
• ACL Based on Destination IPv4. Creates an ACL based on the destination IPv4
address and IPv4 address mask.
• ACL Based on Source IPv4. Creates an ACL based on the source IPv4 address and
IPv4 address mask.
• ACL Based on Destination IPv4 L4 Port. Creates an ACL based on the destination
IPv4 Layer 4 port number.
• ACL Based on Source IPv4 L4 Port. Creates an ACL based on the source IPv4
Layer 4 port number.
Note: For L4 port options, two rules are created (one for TCP and one for UDP).
7. In the Sequence Number field, enter a whole number in the range from 1 to 2147483647
that is used to identify the rule.
8. From the Action menu, select Permit or Deny to specify the action that must be taken if a
packet matches the rule’s criteria.
9. From the Match Every menu, select one of the following options:
• False. Packets do not need to match the selected ACL and rule. With this selection,
you can add a destination MAC address, destination MAC mask, and VLAN.
• True. All packets must match the selected ACL and rule and are either permitted or
denied. In this case, since all packets match the rule, the option of configuring other
match criteria is not offered.
10. Specify the additional match criteria for the selected ACL type.
The rest of the rule match criteria fields available for configuration depend on the selected
ACL type. For information about the possible match criteria fields, see the following table.
Destination MAC • Destination MAC. Specify the destination MAC address to compare against
an Ethernet frame. The format is xx:xx:xx:xx:xx:xx. The BPDU keyword
might be specified using a destination MAC address of 01:80:C2:xx:xx:xx.
• Destination MAC Mask. Specify the destination MAC address mask, which
represents the bits in the destination MAC address to compare against an
Ethernet frame. The format is xx:xx:xx:xx:xx:xx. The BPDU keyword might
be specified using a destination MAC mask of 00:00:00:ff:ff:ff.
• VLAN. Specify the VLAN ID to match within the Ethernet frame.
Source MAC • Source MAC. Specify the source MAC address to compare against an
Ethernet frame. The format is xx:xx:xx:xx:xx:xx.
• Source MAC Mask. Specify the source MAC address mask, which
represents the bits in the source MAC address to compare against an
Ethernet frame. The format is (xx:xx:xx:xx:xx:xx).
• VLAN. Specify the VLAN ID to match within the Ethernet frame.
Destination IPv4 L4 Port • Destination L4 port (Protocol). Specify the destination IPv4 L4 port
protocol.
• Destination L4 port (Value). Specify the destination IPv4 L4 port value.
Source IPv4 L4 Port • Source L4 port (Protocol). Specify the source IPv4 L4 port protocol.
• Source L4 port (Value). Specify the source IPv4 L4 port value.
As a sample, the following steps describe how you can specify the additional match criteria
for an ACL based on the destination MAC address:
a. In the Destination MAC field, specify the destination MAC address that must be
compared against the information in an Ethernet frame.
The format is xx:xx:xx:xx:xx:xx. The BPDU keyword can be specified using a
destination MAC address of 01:80:C2:xx:xx:xx.
b. In the Destination MAC Mask field, specify the destination MAC address mask that
must be compared against the information in an Ethernet frame.
The format is xx:xx:xx:xx:xx:xx. The BPDU keyword can be specified using a
destination MAC mask of 00:00:00:ff:ff:ff.
c. In the VLAN ID field, specify which VLAN must be compared against the information
in an Ethernet frame.
The range is from 1 to 4093. Either a VLAN range or VLAN can be configured.
11. In the Binding Configuration section, from the Direction menu, select the packet filtering
direction for the ACL.
Only the inbound direction is valid.
12. In the Ports and LAG tables in the Binding Configuration section, select the ports and LAGs
to which the ACL must be applied.
13. Click the Add button.
The rule is added to the ACL.
14. Click the Apply button.
Your settings are saved.
The previous figure shows a sample for models GS324T and GS324TP.
For information about the ACL Wizard, see Use the ACL Wizard to Create a Simple ACL on
page 261.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Security > ACL > Basic > MAC ACL.
The MAC ACL Table displays the number of ACLs currently configured in the switch and
the maximum number of ACLs that can be configured. The current size is equal to the
number of configured IPv4 plus the number of configured MAC ACLs.
6. In the Name field, specify a name for the MAC ACL.
The name string can include alphabetic, numeric, hyphen, underscore, or space
characters only. The name must start with an alphabetic character.
7. Click the Add button.
The MAC ACL is added.
Each configured ACL displays the following information:
• Rules. The number of rules currently configured for the MAC ACL.
• Direction. The direction of packet traffic affected by the MAC ACL, which can be
Inbound or blank. (If the ACL is not bound to an interface, the direction is blank.)
The previous figure does not show all columns. The figure shows one MAC ACL
example.
6. From the ACL Name menu, select the MAC ACL.
7. In the Sequence Number field, enter a whole number in the range from 1 to 2147483647 to
identify the rule.
8. From the Action menu, select the action that must be taken if a packet matches the rule’s
criteria:
• Permit. Forwards packets that meet the ACL criteria.
• Deny. Drops packets that meet the ACL criteria.
9. In the Assign Queue field, specify the hardware egress queue identifier that must be used
to handle all packets matching this ACL rule.
For models GS324T and GS324TP, the range for the queue ID is from 0 to 3. For model
GS348T, the range for the queue ID is from 0 to 7.
10. From the Mirror Interface menu, select the specific egress interface to which the matching
traffic stream must be copied, in addition to being forwarded normally by the switch.
This field cannot be set if a redirect interface is already configured for the ACL rule. This
field is visible for a Permit action.
11. From the Redirect Interface menu, select the egress interface to which the matching traffic
stream must be redirected, bypassing any forwarding decision normally performed by the
switch.
This field cannot be set if a mirror interface is already configured for the ACL rule.
12. From the Match Every menu, select whether each Layer 2 MAC packet must be matched
against the rule:
• True. Each packet must match the selected ACL rule.
• False. Not all packets need to match the selected ACL rule.
13. In the CoS field, specify the 802.1p user priority that must be compared against the
information in an Ethernet frame.
The range for the priority is from 0 to 7.
14. In the Destination MAC field, specify the destination MAC address that must be compared
against the information in an Ethernet frame.
The format is xx:xx:xx:xx:xx:xx. The BPDU keyword can be specified using a destination
MAC address of 01:80:C2:xx:xx:xx.
15. In the Destination MAC Mask field, specify the destination MAC address mask that must
be compared against the information in an Ethernet frame.
The format is xx:xx:xx:xx:xx:xx. The BPDU keyword can be specified using a destination
MAC mask of 00:00:00:ff:ff:ff.
16. From the EtherType Key menu, select the EtherType value that must be compared against
the information in an Ethernet frame.
The values are as follows:
• Apple Talk
• IBM SNA
• IPv4
• IPv6
• IPX
• MPLS Multicast
• MPLS Unicast
• NetBios
• Novell
• PPPOE
• RARP
• User Value
17. If you select User Value from the EtherType Key menu, in the EtherType User Value field,
specify the customized EtherType value that must be used.
This value must be compared against the information in an Ethernet frame. The range is
from 0x0600 to 0xFFFF.
18. In the Source MAC field, specify the source MAC address that must be compared against
the information in an Ethernet frame.
The format is xx:xx:xx:xx:xx:xx.
19. In the Source MAC Mask field, specify the source MAC address mask that must be
compared against the information in an Ethernet frame.
The format is xx:xx:xx:xx:xx:xx.
20. In the VLAN field, specify the VLAN ID that must be compared against the information in an
Ethernet frame.
The range is from 1 to 4093. Either VLAN range or VLAN can be configured.
21. If the selection from the Action menu is Deny, from the Logging menu, select whether to
enable or disable logging.
If you select Enable, logging is enabled for this ACL rule (subject to resource availability
on the switch).
Note: If you enable logging and you also enable ACL system traps (see
Configure SNMPv1/v2 Trap Flags on page 82), a SNMP trap is sent
when a packet matches this ACL rule.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Security > ACL > Basic > MAC Binding Configuration.
The previous figure shows the MAC Binding Configuration page for models GS324T and
GS324TP. The figure shows two MAC ACL examples in the table.
6. From the ACL ID menu, select an ACL.
The fixed selection from the Direction menu is Inbound, which means that MAC ACL
rules are applied to traffic entering the interface.
7. In the Sequence Number field, optionally specify a number to indicate the order of the
access list relative to other access lists already assigned to the interface and direction.
A low number indicates high precedence order. If a sequence number is already in use
for the interface and direction, the specified access list replaces the currently attached
access list using that sequence number. If you do not specify the sequence number, a
sequence number that is one number greater than the highest sequence number
currently in use for the interface and direction is used. The range is from 1 to
4294967295.
8. To add the selected ACL to a port or LAG, in the Ports table or LAG table, click the port or
LAG so that a check mark displays.
You can add the ACL to several ports and LAGs.
The Ports and LAG tables display the available interfaces for ACL bindings. All
nonrouting physical interfaces, VLAN interfaces, and interfaces participating in LAGs are
listed.
9. Click the Apply button.
Your settings are saved.
The following table describes the information displayed in the Interface Binding Status table.
Table 61. Interface Binding Status table
Field Description
ACL Type The type of ACL assigned to the selected interface and direction.
ACL ID The ACL name identifying the ACL assigned to the selected interface and direction.
Sequence Number The sequence number signifying the order of the specified ACL relative to other ACLs
assigned to the selected interface and direction.
Field Description
ACL Type The type of ACL assigned to the selected interface and direction.
ACL ID The ACL name identifying the ACL assigned to the selected interface and direction.
Sequence Number The sequence number signifying the order of the specified ACL relative to other ACLs
assigned to the selected interface and direction.
3. Associate the IP ACL with one or more interfaces (see Configure IP ACL Interface
Bindings on page 289).
You can view or delete IP ACL configurations in the IP ACL Binding table (see View or
Delete IP ACL Bindings in the IP ACL Binding Table on page 291.
Add an IP ACL
To add an IP ACL:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Security > ACL > Advanced > IP ACL.
The IP ACL page shows the current size of the ACL table compared to the maximum size
of the ACL table. The current size is equal to the number of configured IPv4 ACLs plus
the number of configured MAC ACLs. The maximum size is 100.
The Current Number of ACL field displays the current number of all ACLs configured on
the switch.
The Maximum ACL field displays the maximum number of IP ACLs that can be
configured on the switch.
6. In the IP ACL ID field, specify the ACL ID or IP ACL name, which depends on the IP ACL
type. The IP ACL ID is an integer in the following range:
• 1–99. Creates a basic IP ACL, which allows you to permit or deny traffic from a
source IP address.
• 100–199. Creates an extended IP ACL, which allows you to permit or deny specific
types of Layer 3 or Layer 4 traffic from a source IP address to a destination IP
address. This type of ACL provides more granularity and filtering capabilities than the
standard IP ACL.
• IP ACL Name. Create an extended IP ACL with a name string that is up to
31 alphanumeric characters in length. The name must start with an alphabetic
character.
Each configured ACL displays the following information:
• Rules. The number of rules currently configured for the IP ACL.
• Type. Identifies the ACL as a basic IP ACL (with ID from 1 to 99), extended IP ACL
(with ID from 100 to 199 or a name).
7. Click the Add button.
The IP ACL is added.
Delete an IP ACL
To delete an IP ACL:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Security > ACL > Advanced > IP ACL.
The IP ACL Configuration page displays.
6. Select the check box that is associated with the IP ACL.
7. Click the Delete button.
The IP ACL is removed.
Note: An implicit deny all rule is included at the end of an ACL list. This
means that if an ACL is applied to a packet, and if none of the explicit
rules match, then the final implicit deny all rule applies and the packet
is dropped.
If no rules exist, the Basic ACL Rule Table shows the message No rules have been
configured for this ACL. If one or more rules exist for the ACL, the rules display in the
Basic ACL Rule Table.
6. From the ACL ID menu, select the IP ACL for which you want to add a rule.
For basic IP ACLs, this must be an ID in the range from 1 to 99.
7. Click the Add button.
Note: An implicit deny all rule is included at the end of an ACL list. This
means that if an ACL is applied to a packet and if none of the explicit
rules match, then the final implicit deny all rule applies and the packet
is dropped.
The previous figure does not show all columns on the page.
If no rules exists, the Extended ACL Rule Table shows the message No rules have been
configured for this ACL. If one or more rules exist for the ACL, the rules display in the
Extended ACL Rule Table.
6. From the ACL ID menu, select the IP ACL for which you want to add a rule.
For extended IP ACLs, this must be an ID in the range from 101 to 199 or a name.
7. Click the Add button.
For models GS324T and GS324TP, the range for the queue ID is from 0 to 3. For
model GS348T, the range for the queue ID is from 0 to 7.
- Deny. Drop packets that meet the ACL criteria.
Logging. If the selection form the Action menu is Deny, you can enable logging
for the ACL by selecting the Enable radio button. (Logging is subject to resource
availability in the device.)
If you enable logging and you also enable ACL system traps (see Configure
SNMPv1/v2 Trap Flags on page 82), a SNMP trap is sent when a packet matches
this ACL rule.
• Interface. For a Permit action, use either a mirror interface or a redirect interface:
- Select the Mirror radio button and use the menu to specify the egress interface to
which the matching traffic stream is copied, in addition to being forwarded
normally by the device.
- Select the Redirect radio button and use the menu to specify the egress interface
to which the matching traffic stream is forced, bypassing any forwarding decision
normally performed by the device.
• Match Every. Select one of the radio buttons to specify whether all packets must
match the selected IP ACL rule:
- False. Not all packets need to match the selected IP ACL rule. You can configure
other match criteria on the page.
- True. All packets must match the selected IP ACL rule and are either permitted or
denied. In this case, you cannot configure other match criteria on the page.
• Protocol Type. From the menu, select a protocol that a packet’s IP protocol must be
matched against: IP, ICMP, IGMP, TCP, UDP, EIGRP, GRE, IPINIP, OSPF, PIM, or
Other. If you select Other, enter a protocol number from 0 to 255.
• Src. In the Src field, enter a source IP address, using dotted-decimal notation, to be
compared to a packet’s source IP address as a match criterion for the selected IP
ACL rule:
- If you select the IP Address radio button, enter an IP address or an IP address
range. You can enter a relevant wildcard mask to apply this criteria. If this field is
left empty, it means any.
- If you select the Host radio button, the wildcard mask is configured as 0.0.0.0. If
this field is left empty, it means any.
The wildcard mask determines which bits are used and which bits are ignored. A
wildcard mask of 0.0.0.0 indicates that none of the bits are important. A wildcard of
255.255.255.255 indicates that all of the bits are important.
• Src L4. The options are available only when the protocol is set to TCP or UDP. Use the
source L4 port option to specify relevant matching conditions for L4 port numbers in
the extended ACL rule.
You can select either the Port radio button or the Range radio button:
- Port. If you select the Port radio button, you can either enter the port number
yourself or select one of the following protocols from the menu:
• The source IP TCP port protocols are Domain, Echo, FTP, FTP data,
www-http, SMTP, Telnet, POP2, POP3, and bgp.
• The source IP UDP port protocols are Domain, Echo, SNMP, NTP, RIP, Time,
Who, and TFTP.
Each of these values translates into its equivalent port number, which is used as
both the start and end of the port range.
Select Other from the menu to enter a port number. If you select Other from the
menu but leave the field blank, it means any.
The relevant matching conditions for L4 port numbers are as follows:
• Equal. IP ACL rule matches only if the Layer 4 source port number is equal to
the specified port number or port protocol.
• Less Than. IP ACL rule matches if the Layer 4 source port number is less
than the specified port number.
• Greater Than. IP ACL rule matches if the Layer 4 source port number is
greater than the specified port number.
• Not Equal. IP ACL rule matches only if the Layer 4 source port number is not
equal to the specified port number or port protocol.
- Range. If you select the Range radio button, the IP ACL rule matches only if the
Layer 4 source port number is within the specified port range. The starting port,
ending port, and all ports in between are a part of the Layer 4 port range.
The Start Port and End Port fields identify the first and last ports that are part of
the port range. The values can range from 0 to 65535.
You can either enter the port range yourself or select one of the following
protocols from the menu:
• The source IP TCP port range names are Domain, Echo, FTP, FTP data,
www-http, SMTP, Telnet, POP2, POP3, and bgp.
• The source IP UDP port range names are Domain, Echo, SNMP, NTP, RIP,
Time, Who, and TFTP.
Each of these values translates into its equivalent port number, which is used as
both the start and end of the port range. Select Other from the menu to enter a
port number. If you select Other from the menu but leave the field blank, it means
any.
The wildcard mask determines which bits are used and which bits are ignored. A
wildcard mask of 0.0.0.0 indicates that none of the bits are important. A wildcard
of 255.255.255.255 indicates that all of the bits are important.
• Dst. In the Dst field, enter a destination IP address, using dotted-decimal notation, to
be compared to a packet’s destination IP address as a match criterion for the selected
IP ACL rule:
- If you select the IP Address radio button, enter an IP address with a relevant
wildcard mask to apply this criteria. If this field is left empty, it means any.
- If you select the Host radio button, the wildcard mask is configured as 0.0.0.0. If
this field is left empty, it means any.
The wildcard mask determines which bits are used and which bits are ignored. A
wildcard mask of 0.0.0.0 indicates that none of the bits are important. A wildcard of
255.255.255.255 indicates that all of the bits are important.
• Dst L4. The options are available only when the protocol is set to TCP or UDP. Use the
destination L4 port option to specify relevant matching conditions for L4 port numbers
in the extended ACL rule.
You can select either the Port radio button or the Range radio button:
- Port. If you select the Port radio button, you can either enter the port number
yourself or select one of the following protocols from the menu.
• The destination IP TCP port protocols are Domain, Echo, FTP, FTP data,
www-http, SMTP, Telnet, POP2, POP3, and bgp.
• The destination IP UDP port protocols are Domain, Echo, SNMP, NTP, RIP,
Time, Who, and TFTP.
Each of these values translates into its equivalent port number, which is used as
both the start and end of the port range.
Select Other from the menu to enter a port number. If you select Other from the
menu but leave the field blank, it means any.
The relevant matching conditions for L4 port numbers are as follows:
• Equal. The IP ACL rule matches only if the Layer 4 destination port number is
equal to the specified port number or port protocol.
• Less Than. The IP ACL rule matches if the Layer 4 destination port number is
less than the specified port number.
• Greater Than. The IP ACL rule matches if the Layer 4 destination port
number is greater than the specified port number.
• Not Equal. The IP ACL rule matches only if the Layer 4 destination port
number is not equal to the specified port number or port protocol.
- Range. If you select the Range radio button, the IP ACL rule matches only if the
Layer 4 destination port number is within the specified port range. The starting
port, ending port, and all ports in between are a part of the Layer 4 port range.
The Start Port and End Port fields identify the first and last ports that are part of
the port range. They values can range from 0 to 65535.
You can either select the enter the port range yourself or select one of the
following protocols from the menu:
• The destination IP TCP port range names are Domain, Echo, FTP, FTP data,
www-http, SMTP, Telnet, POP2, POP3, and bgp.
• The destination IP UDP port range names are Domain, Echo, SNMP, NTP,
RIP, Time, Who, and TFTP.
Each of these values translates into its equivalent port number, which is used as
both the start and end of the port range.
Select Other from the menu to enter a port number. If you select Other from the
menu but leave the field blank, it means any.
The wildcard mask determines which bits are used and which bits are ignored. A
wildcard mask of 0.0.0.0 indicates that none of the bits are important. A wildcard
of 255.255.255.255 indicates that all of the bits are important.
• IGMP Type. If your selection from the Protocol Type menu is IGMP and you specify
the IGMP type, the IP ACL rule matches the specified IGMP message type. The
range is from 0 to 255. If this field is left empty, it means any.
• ICMP. If your selection from the Protocol Type menu is ICMP, you can select either
the Type or Message radio button:
- Type. If you select the Type radio button, note the following:
• The Type and Code fields are enabled only if the protocol is ICMP. Use these
fields to specify a match condition for ICMP packets:
• If you specify information in the Type field, the IP ACL rule matches the
specified ICMP message type. The type number can be from 0 to 255.
• If you specify information in the Code field, the IP ACL rule matches the
specified ICMP message code. The code can be from 0 to 255.
• If these fields are left empty, it means any.
- Message. If you select the Message radio button, from the menu, select the type
of the ICMP message to match with the selected IP ACL rule. Specifying a type of
message implies that both the ICMP type and ICMP code are specified. The
ICMP message is decoded into the corresponding ICMP type and ICMP code
within the ICMP type.
The IPv4 ICMP message types are Echo, echo-reply, host-redirect,
mobile-redirect, net-redirect, net-unreachable, redirect, packet-too-big,
port-unreachable, source-quench, router-solicitation, router-advertisement,
TTL-exceeded, time-exceeded, and unreachable.
• Fragments. Either select the Enable radio button to allow initial fragments (that is,
the fragment bit is asserted) or leave the default Disable radio button selected to
prevent initial fragments from being used.
This option is not valid for rules that match L4 information such as a TCP port
number, because that information is carried in the initial packet.
• Service Type. Select a service type match condition for the extended IP ACL rule.
The possible options are IP DSCP, IP precedence, and IP TOS, which are alternative
methods to specify a match criterion for the same service type field in the IP header.
Each method uses a different user notation. After you make a selection, you can
specify the appropriate values:
- IP DSCP. This is an optional configuration. Specify the IP DiffServ Code Point
(DSCP) field. The DSCP is defined as the high-order 6 bits of the service type
octet in the IP header. Enter an integer from 0 to 63. To select the IP DSCP, select
one of the DSCP keywords from the menu. To specify a numeric value, select
Other and a field displays in which you can enter numeric value of the DSCP.
- IP Precedence. This is an optional configuration. The IP precedence field in a
packet is defined as the high-order 3 bits of the service type octet in the IP header.
Enter a number from 0 to 7.
- IP TOS. This is an optional configuration. The IP ToS field in a packet is defined
as all 8 bits of the service type octet in the IP header. The ToS bits value is a
hexadecimal number that is composed of numbers 00 to 09 and AA to FF. The
ToS mask value is a hexadecimal number that is composed of numbers 00 to FF.
The ToS mask denotes the bit positions in the ToS bits value that are used for
comparison against the IP ToS field in a packet.
For example, to check for an IP ToS value for which bit 7 is set and is the most
significant value, for which bit 5 is set, and for which bit 1 is cleared, use a ToS
bits value of 0xA0 and a ToS mask of 0xFF.
9. Click the Apply button.
Your settings are saved.
6. From the ACL ID menu, select the ACL that includes the rule that you want to modify.
7. In the Extended ACL Rule Table, click the rule.
The rule is a hyperlink. The Extended ACL Rule Configuration page displays.
8. Modify the extended IP ACL rule criteria.
9. Click the Apply button.
Your settings are saved.
The previous figure shows the IP Binding Configuration page for models GS324T and
GS324TP.
6. From the ACL ID menu, select the existing IP ACL for you which you want to add an IP ACL
interface binding.
The fixed selection from the Direction menu is Inbound, which means that IP ACL rules
are applied to traffic entering the interface.
7. In the Sequence Number field, optionally specify a number to indicate the order of the
access list relative to other access lists already assigned to the interface and direction.
A low number indicates high precedence order. If a sequence number is already in use
for the interface and direction, the specified access list replaces the currently attached
access list using that sequence number. If you do not specify the sequence number
(meaning that the value is 0), a sequence number that is one number greater than the
highest sequence number currently in use for the interface and direction is used. The
range is from 1 to 4294967295.
8. To add the selected ACL to a port or LAG, in the Ports table or LAG table, click the port or
LAG so that a check mark displays.
You can add the ACL to several ports and LAGs.
The Ports and LAG tables display the available interfaces for ACL bindings. All
nonrouting physical interfaces, VLAN interfaces, and interfaces participating in LAGs are
listed.
9. Click the Apply button.
Your settings are saved.
The following table describes the nonconfigurable information displayed on the page.
Table 63. IP Binding Status table
Field Description
Direction The selected packet filtering direction for the ACL, which is always Inbound.
ACL Type The type of ACL assigned to the selected interface and direction.
ACL ID/Name The ACL number (for an IP ACL) or ACL name (for a named IP ACL) identifying the ACL
assigned to the selected interface and direction.
Sequence Number The sequence number signifying the order of specified ACL relative to other ACLs
assigned to the selected interface and direction.
Field Description
Direction The selected packet filtering direction for the ACL, which is always Inbound.
ACL Type The type of ACL assigned to the selected interface and direction.
ACL ID/Name The ACL number (for an IP ACL) or ACL name (for a named IP ACL) identifying the ACL
assigned to the selected interface and direction.
Sequence Number The sequence number signifying the order of the specified ACL relative to other ACLs
assigned to the selected interface and direction.
293
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
6. Click the Refresh button to refresh the page with the latest information about the switch.
7. Click the Clear button to clear all the statistics counters, resetting all switch summary and
detailed statistics to default values.
The discarded packets count cannot be cleared.
The following table describes the switch statistics displayed on the page.
Table 65. Switch statistics
Field Description
ifIndex The interface index of the interface table entry associated with the processor of
this switch.
Octets Received The total number of octets of data received by the processor (excluding framing
bits, but including FCS octets).
Packets Received Without The total number of packets (including broadcast packets and multicast
Errors packets) received by the processor.
Unicast Packets Received The number of subnetwork-unicast packets delivered to a higher-layer protocol.
Multicast Packets Received The total number of packets received that were directed to a multicast address.
This number does not include packets directed to the broadcast address.
Field Description
Broadcast Packets Received The total number of packets received that were directed to the broadcast
address. This does not include multicast packets.
Receive Packets Discarded The number of inbound packets that were chosen to be discarded, even though
no errors were detected, in order to prevent their being delivered to a
higher-layer protocol. A possible reason for discarding a packet could be to free
up buffer space.
Octets Transmitted The total number of octets transmitted out of the interface, including framing
characters.
Packets Transmitted Without The total number of packets transmitted out of the interface.
Errors
Unicast Packets Transmitted The total number of packets that higher-level protocols requested be
transmitted to a subnetwork-unicast address, including those that were
discarded or not sent.
Multicast Packets The total number of packets that higher-level protocols requested be
Transmitted transmitted to a multicast address, including those that were discarded or not
sent.
Broadcast Packets The total number of packets that higher-level protocols requested be
Transmitted transmitted to the broadcast address, including those that were discarded or not
sent.
Transmit Packets Discarded The number of outbound packets that were chosen to be discarded, even
though no errors were detected, in order to prevent their being delivered to a
higher-layer protocol. A possible reason for discarding a packet could be to free
up buffer space.
Most Address Entries Ever The highest number of Forwarding Database Address Table entries that were
Used learned by this switch since the most recent reboot.
Address Entries in Use The number of learned and static entries in the Forwarding Database Address
Table for this switch.
Maximum VLAN Entries The maximum number of VLANs allowed on this switch.
Most VLAN Entries Ever The largest number of VLANs that were active on this switch since the last
Used reboot.
Static VLAN Entries The number of active VLAN entries on this switch that were created statically.
VLAN Deletes The number of VLANs on this switch that were created and then deleted since
the last reboot.
Time Since Counters Last The elapsed time, in days, hours, minutes, and seconds, since the statistics for
Cleared this switch were last cleared.
6. Select whether to display physical interfaces, link aggregation groups (LAGs), or both by
clicking one of the following links above the table heading:
• 1 (or the unit ID of the switch). Only physical interfaces are displayed. This is the
default setting.
• LAG. Only link aggregation groups are displayed.
• All. Both physical interfaces and link aggregation groups are displayed.
7. Select one or more interfaces by taking one of the following actions:
• To view a single interface, select the check box associated with the port, or type the
port number in the Go To Interface field and click the Go button.
• To view multiple interfaces, select the check box associated with each interface.
The following table describes the per-port statistics displayed on the page.
Table 66. Port statistics
Field Description
Total Packets Received The total number of packets received that were without errors.
Without Errors
Packets Received With Error The number of inbound packets that contained errors preventing them from
being deliverable to a higher-layer protocol.
Broadcast Packets Received The total number of good packets received that were directed to the
broadcast address. This does not include multicast packets.
Packets Transmitted Without The number of frames without errors that were transmitted by the port.
Errors
Transmit Packet Errors The number of outbound packets that could not be transmitted because of
errors.
Collision Frames The best estimate of the total number of collisions on this Ethernet segment.
Link Down Events The total number of link down events on a physical port.
Time Since Counters Last The elapsed time in days, hours, minutes, and seconds since the statistics
Cleared for the port were last cleared.
The previous figure does not show all fields on the Port Detailed Statistics page.
6. From the Interface menu, select the interface for which you want to view the statistics.
7. From the MST ID menu, select the MST ID associated with the interface (if available).
8. To refresh the page with the latest information about the switch, click the Refresh button.
9. To clear all the counters, click the Clear button. This resets all statistics for the port to the
default values.
The following table describes the detailed port information that displays for a particular port.
Table 67. Detailed port statistics
Field Description
Port Type For normal ports this field displays Normal. Otherwise, the options are as
follows:
• Mirrored. The port is a participating in port mirroring as a mirrored port.
• Probe. The port is a participating in port mirroring as the probe port.
• Port Channel. The port is a member of a LAG.
Port Channel ID If the port is a member of a port channel (LAG), the port channel’s interface ID
and name are shown. Otherwise, Disable is shown.
Port Role Each MST bridge port that is enabled is assigned a port role for each spanning
tree. The port role is one of the following values: Root, Designated, Alternate,
Backup, Master, or Disabled.
STP Mode The Spanning Tree Protocol administrative mode that is associated with the port
or port channel. The options are as follows:
• Enable. Spanning tree is enabled for the port.
• Disable. Spanning tree is disabled for the port.
STP State The port's current Spanning Tree state. This state controls what action a port
takes on receipt of a frame. If the bridge detects a malfunctioning port, it places
that port into the broken state. The states are defined in IEEE 802.1D:
• Disabled
• Blocking
• Listening
• Learning
• Forwarding
• Broken
Admin Mode The port control administration state. The port must be enabled for it to be
allowed into the network. The default is Enabled.
Flow Control Mode Indicates whether flow control is enabled or disabled for the port. This field does
not apply to LAGs.
LACP Mode Indicates the Link Aggregation Control Protocol administrative state. The mode
must be enabled for the port to participate in link aggregation.
Physical Mode Indicates the port speed and duplex mode. In autonegotiation mode the duplex
mode and speed are set from the autonegotiation process.
Physical Status Indicates the port speed and duplex mode for physical interfaces.
Field Description
Link Trap Indicates whether or not the port sends a trap when link status changes.
Packets RX and TX 64 The total number of packets (including bad packets) received or transmitted that
Octets were 64 octets in length (excluding framing bits but including FCS octets).
Packets RX and TX 65-127 The total number of packets (including bad packets) received or transmitted that
Octets were between 65 and 127 octets in length inclusive (excluding framing bits but
including FCS octets).
Packets RX and TX 128-255 The total number of packets (including bad packets) received or transmitted that
Octets were between 128 and 255 octets in length inclusive (excluding framing bits but
including FCS octets).
Packets RX and TX 256-511 The total number of packets (including bad packets) received or transmitted that
Octets were between 256 and 511 octets in length inclusive (excluding framing bits but
including FCS octets).
Packets RX and TX 512-1023 The total number of packets (including bad packets) received or transmitted that
Octets were between 512 and 1023 octets in length inclusive (excluding framing bits
but including FCS octets).
Packets RX and TX The total number of packets (including bad packets) received or transmitted that
1024-1518 Octets were between 1024 and 1518 octets in length inclusive (excluding framing bits
but including FCS octets).
Packets RX and TX The total number of packets (including bad packets) received or transmitted that
1519-2047 Octets were between 1519 and 2047 octets in length inclusive (excluding framing bits
but including FCS octets).
Packets RX and TX The total number of packets (including bad packets) received or transmitted that
2048-4095 Octets were between 2048 and 4095 octets in length inclusive (excluding framing bits
but including FCS octets).
Packets RX and TX The total number of packets (including bad packets) received or transmitted that
4096-9216 Octets were between 4096 and 9216 octets in length inclusive (excluding framing bits
but including FCS octets).
Octets Received The total number of octets of data (including those in bad packets) received on
the network (excluding framing bits but including FCS octets). This object can be
used as a reasonable estimate of Ethernet utilization. If you need greater
precision, the etherStatsPkts and etherStatsOctets objects must be sampled
before and after a common interval.
Packets Received 64 Octets The total number of packets (including bad packets) received that were 64
octets in length (excluding framing bits but including FCS octets).
Packets Received 65-127 The total number of packets (including bad packets) received that were between
Octets 65 and 127 octets in length inclusive (excluding framing bits but including FCS
octets).
Packets Received 128-255 The total number of packets (including bad packets) received that were between
Octets 128 and 255 octets in length inclusive (excluding framing bits but including FCS
octets).
Field Description
Packets Received 256-511 The total number of packets (including bad packets) received that were between
Octets 256 and 511 octets in length inclusive (excluding framing bits but including FCS
octets).
Packets Received 512-1023 The total number of packets (including bad packets) received that were between
Octets 512 and 1023 octets in length inclusive (excluding framing bits but including
FCS octets).
Packets Received 1024-1518 The total number of packets (including bad packets) received that were between
Octets 1024 and 1518 octets in length inclusive (excluding framing bits but including
FCS octets).
Packets Received > 1518 The total number of packets received that were longer than 1518 octets
Octets (excluding framing bits, but including FCS octets) and were otherwise well
formed.
Total Packets Received The total number of packets received that were without errors.
Without Errors
Unicast Packets Received The number of subnetwork-unicast packets delivered to a higher-layer protocol.
Multicast Packets Received The total number of good packets received that were directed to a multicast
address. This number does not include packets directed to the broadcast
address.
Broadcast Packets Received The total number of good packets received that were directed to the broadcast
address. This does not include multicast packets.
Receive Packets Discarded The number of inbound packets that were discarded even though no errors were
detected to prevent their being delivered to a higher-layer protocol. A possible
reason for discarding a packet could be to free up buffer space.
Total Packets Received with The total number of inbound packets that contained errors preventing them from
MAC Errors being deliverable to a higher-layer protocol.
Jabbers Received The total number of packets received that were longer than 1518 octets
(excluding framing bits, but including FCS octets), and included either a bad
frame check sequence (FCS) with an integral number of octets (FCS Error) or a
bad FCS with a nonintegral number of octets (alignment error). This definition of
jabber is different from the definition in IEEE-802.3 section 8.2.1.5 (10BASE5)
and section 10.3.1.4 (10BASE2). These documents define jabber as the
condition where any packet exceeds 20 ms. The allowed range to detect jabber
is between 20 ms and 150 ms.
Fragments Received The total number of packets received that were less than 64 octets in length with
ERROR CRC (excluding framing bits but including FCS octets).
Undersize Received The total number of packets received that were less than 64 octets in length with
GOOD CRC (excluding framing bits but including FCS octets).
Alignment Errors The total number of packets received with a length (excluding framing bits, but
including FCS octets) of between 64 and 1518 octets, inclusive, but included a
bad frame check sequence (FCS) with a nonintegral number of octets.
Field Description
Rx FCS Errors The total number of packets received with a length (excluding framing bits, but
including FCS octets) of between 64 and 1518 octets, inclusive, but included a
bad frame check sequence (FCS) with an integral number of octets.
Overruns The total number of frames discarded because the port was overloaded with
incoming packets, and could not keep up with the inflow.
Total Received Packets Not The number of valid frames received that were discarded (that is, filtered) by the
Forwarded forwarding process.
802.3x Pause Frames The number of MAC control frames received on the interface with an opcode
Received indicating the PAUSE operation. This counter does not increment when the
interface is operating in half-duplex mode.
Unacceptable Frame Type The number of frames discarded from the port because of an unacceptable
frame type.
Total Packets Transmitted The total number of octets of data (including those in bad packets) transmitted
(Octets) on the network (excluding framing bits but including FCS octets). This object can
be used as a reasonable estimate of Ethernet utilization. If yo need greater
precision, the etherStatsPkts and etherStatsOctets objects must be sampled
before and after a common interval.
Packets Transmitted 64 The total number of packets (including bad packets) received that were 64
Octets octets in length (excluding framing bits but including FCS octets).
Packets Transmitted 65-127 The total number of packets (including bad packets) received that were between
Octets 65 and 127 octets in length inclusive (excluding framing bits but including FCS
octets).
Packets Transmitted 128-255 The total number of packets (including bad packets) received that were between
Octets 128 and 255 octets in length inclusive (excluding framing bits but including FCS
octets).
Packets Transmitted 256-511 The total number of packets (including bad packets) received that were between
Octets 256 and 511 octets in length inclusive (excluding framing bits but including FCS
octets).
Packets Transmitted The total number of packets (including bad packets) received that were between
512-1023 Octets 512 and 1023 octets in length inclusive (excluding framing bits but including
FCS octets).
Packets Transmitted The total number of packets (including bad packets) received that were between
1024-1518 Octets 1024 and 1518 octets in length inclusive (excluding framing bits but including
FCS octets).
Packets Transmitted > 1518 The total number of packets transmitted that were longer than 1518 octets
Octets (excluding framing bits, but including FCS octets) and were otherwise well
formed. This counter supports a maximum increment rate of 815 counts per sec
at 10 Mb/s.
Maximum Frame Size The maximum Ethernet frame size the interface supports or is configured to use,
including Ethernet header, CRC, and payload. The possible range is 1518 to
9216. The default maximum frame size is 1518.
Field Description
Total Packets Transmitted The number of frames that were transmitted by the port.
Unicast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted
to a subnetwork-unicast address, including those that were discarded or not
sent.
Multicast Packets The total number of packets that higher-level protocols requested be transmitted
Transmitted to a multicast address, including those that were discarded or not sent.
Broadcast Packets The total number of packets that higher-level protocols requested be transmitted
Transmitted to the broadcast address, including those that were discarded or not sent.
Transmit Packets Discarded The number of outbound packets which were chosen to be discarded even
though no errors were detected to prevent them from being delivered to a
higher-layer protocol. A possible reason for discarding a packet could be to free
up buffer space.
Total Transmit Errors The sum of single, multiple, and excessive collisions.
Tx FCS Errors The total number of packets sent with a length (excluding framing bits, but
including FCS octets) of between 64 and 1518 octets, inclusive, but included a
bad frame check sequence (FCS) with an integral number of octets.
Total Transmit Packets The sum of single collision frames discarded, multiple collision frames
Discarded discarded, and excessive frames discarded.
Single Collision Frames The number of successfully transmitted frames on a particular interface for
which transmission is inhibited by exactly one collision.
Multiple Collision Frames The number of successfully transmitted frames on a particular interface for
which transmission is inhibited by more than one collision.
Excessive Collision Frames The number of frames for which transmission on a particular interface fails due
to excessive collisions.
Dropped Transmit Frames The number of transmit frames discarded at the selected port.
STP BPDUs Received The number of STP BPDUs received at the selected port.
STP BPDUs Transmitted The number of STP BPDUs transmitted from the selected port.
RSTP BPDUs Received The number of RSTP BPDUs received at the selected port.
RSTP BPDUs Transmitted The number of RSTP BPDUs transmitted from the selected port.
MSTP BPDUs Received The number of MSTP BPDUs received at the selected port.
MSTP BPDUs Transmitted The number of MSTP BPDUs transmitted from the selected port.
802.3x Pause Frames The number of MAC control frames transmitted on the interface with an opcode
Transmitted indicating the PAUSE operation. This counter does not increment when the
interface is operating in half-duplex mode.
EAPOL Frames Received The number of valid EAPoL frames of any type that were received by this
authenticator.
Field Description
EAPOL Frames Transmitted The number of EAPoL frames of any type that were transmitted by this
authenticator.
Time Since Counters Last The elapsed time in days, hours, minutes, and seconds since the statistics for
Cleared the port were last cleared.
The previous figure does not show all fields on the EAP Statistics page.
6. To refresh the page with the latest information about the switch, click the Refresh button.
7. To clear the counters, which resets the EAP and EAPoL statistics to default values, take
one of the following actions:
• To clear the counters for a specific port, select the check box associated with the port,
and click the Clear button.
• To clear the counters for multiple ports, select the check boxes associated with the
ports, and click the Clear button.
• To clear all counters for all ports, select the check box in the row heading, and click
the Clear button.
The following table describes the EAP statistics displayed on the page.
Table 68. EAP statistics
Field Description
EAPOL Frames Received The number of valid EAPoL frames of any type that were received by this
authenticator.
EAPOL Frames Transmitted The number of EAPoL frames of any type that were transmitted by this
authenticator.
EAPOL Start Frames The number of EAPoL start frames that were received by this authenticator.
Received
EAPOL Logoff Frames The number of EAPoL logoff frames that were received by this authenticator.
Received
EAPOL Last Frame Version The protocol version number carried in the most recently received EAPoL frame.
EAPOL Last Frame Source The source MAC address carried in the most recently received EAPoL frame.
EAPOL Invalid Frames The number of EAPoL frames that were received by this authenticator in which
Received the frame type is not recognized.
EAPOL Length Error Frames The number of EAPoL frames that were received by this authenticator in which
Received the frame type is not recognized.
EAP Response/ID Frames The number of EAP response/identity frames that were received by this
Received authenticator.
EAP Response Frames The number of valid EAP response frames (other than resp/ID frames) that were
Received received by this authenticator.
EAP Request/ID Frames The number of EAP request/identity frames that were transmitted by this
Transmitted authenticator.
EAP Request Frames The number of EAP request frames (other than request/identity frames) that
Transmitted were transmitted by this authenticator.
10/100 Ethernet adapter then the cable status might be Open or Short because some
Ethernet adapters leave unused wire pairs unterminated or grounded.
The following table describes the nonconfigurable information displayed on the page.
Table 69. Cable Test information
Field Description
Cable Length The estimated length of the cable in meters. The length is displayed as a range between
the shortest estimated length and the longest estimated length. Unknown is displayed if the
cable length could not be determined. The cable length is displayed only if the cable status
is Normal.
Failure Location The estimated distance in meters from the end of the cable to the failure location. The
failure location is displayed only if the cable status is Open or Short.
To configure the memory log settings and view or clear the memory log:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Monitoring > Logs > Memory Log.
The Memory Log page displays.
6. Select one of the following Admin Status radio buttons:
• Enable. Enable system logging. This is the default setting.
• Disable. Prevent the system from logging messages.
7. From the Behavior menu, specify the behavior of the log when it is full.
• Wrap. When the buffer is full, the oldest log messages are deleted as the system logs
new messages.
• Stop on Full. When the buffer is full, the system stops logging new messages and
preserves all existing log messages.
8. From the Severity Filter menu, select one of the following severity levels:
• Emergency (0). System is unusable.
• Alert (1). Action must be taken immediately.
• Critical (2). Critical conditions.
• Error (3). Error conditions.
• Warning (4). Warning conditions.
• Notice (5). Normal but significant conditions.
• Informational (6). Informational messages.
• Debug (7). Debug-level messages.
console log. Messages logged to a collector or relay through syslog support the same
format as well.
The following example shows the standard format for a log message:
<14> Mar 24 05:34:05 10.131.12.183-1 UNKN[2176789276]:
main_login.c(179) 3855 %% HTTP Session 19 initiated for user admin
connected from 10.27.64.122
The number contained in the angle brackets represents the message priority, which is
derived from the following values:
Priority = (facility value × 8) + severity level.
The facility value is usually 1, which means it is a user-level message. Therefore, to
determine the severity level of the message, subtract 8 from the number in the angle
brackets. The sample log message shows a severity level of 6 (informational). For more
information about the severity of a log message, see Manage the Server Log on
page 313.
The message was generated on March 24 at 5:34:05 a.m. by the switch with an IP
address of 10.131.12.183. The component that generated the message is unknown, but it
came from line 179 of the main_login.c file. This is the 3,855th message logged since
the switch was last booted. The message indicates that the administrator logged on to the
HTTP management interface from a host with an IP address of 10.27.64.122.
10. To refresh the page with the latest information about the switch, click the Refresh button.
11. To clear the messages from the buffered log in the memory, click the Clear button.
- Alert (1). The second-highest warning level. An alert log is saved if a serious
device malfunction occurs, such as all device features being down.
- Critical (2). The third-highest warning level. A critical log is saved if a critical
device malfunction occurs, for example, two device ports are not functioning,
while the rest of the device ports remain functional.
- Error (3). A device error occurred, such as a port being offline.
- Warning (4). The lowest level of a device warning.
- Notice (5). Provides the network administrators with device information.
- Informational (6). Provides device information.
- Debug (7). Provides detailed information about the log.
7. Click the Add button.
The remote syslog host is added.
The Status field in the Server Configuration table shows whether the remote logging host
is currently active.
6. To refresh the page with the latest information about the switch, click the Refresh button.
7. To clear the messages from the trap logs in the memory and clear the counters, click the
Clear button.
The following table describes the Trap Log information that is displayed on the page.
Table 70. Trap Logs information
Field Description
Number of Traps Since Last The number of traps that occurred since the switch last rebooted.
Reset
Trap Log Capacity The maximum number of traps stored in the log. If the number of traps exceeds
the capacity, the entries overwrite the oldest entries.
Number of Traps since log The number of traps that occurred since the traps were last displayed. Displaying
last viewed the traps by any method (terminal interface display, web display, upload file from
switch, and so on) causes this counter to be cleared to 0.
System Up Time The time when this trap occurred, expressed in days, hours, minutes, and
seconds, since the last reboot of the switch.
6. To refresh the page with the latest information about the switch, click the Refresh button.
7. To clear the messages from the event logs in the memory, click the Clear button.
The following table describes the event log information that is displayed on the page.
Table 71. Event Logs information
Field Description
To globally enable port mirroring, specify the destination port, and specify one or
more source ports:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Monitoring > Mirroring > Port Mirroring.
• To select multiple interfaces, select the check box associated with each interface.
Traffic from the selected ports will be sent to the destination port.
12. From the Direction menu, specify the direction of the traffic that must be mirrored from the
selected source ports:
• None. No traffic direction is selected. This is the default setting.
• Tx and Rx. Monitors both transmitted and received packets.
• Rx. Monitors received (ingress) packets only.
• Tx. Monitors transmitted (egress) packets only.
13. Click the Apply button.
Your settings are saved.
The Status field indicates the interface status.
322
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
Note: If you reset the switch to the default configuration, the IP address is
reset to 192.168.0.239, and the DHCP client is enabled. If you lose
network connectivity after you reset the switch to the factory defaults
and do not know the IP address of the switch, see Discover or
Change the Switch IP Address on page 12.
offline to personalize it for another similar device (for example, change the device
name or IP address), and download it to that device. This is the default setting.
• Error Log. The switch error log.
• Trap Log. The trap log with the switch trap records.
• Buffered Log. The switch buffered (in-memory) log.
• Tech Support. The tech support file is a text-base file that contains a variety of
hardware, software, and configuration information that can assist in device and
network troubleshooting.
• Crash Logs. The switch crash logs, if any are available.
7. From the Server Address Type menu, select the format for the Server Address field:
• IPv4. Indicates that the TFTP server address is an IP address in dotted-decimal
format. This is the default setting.
• DNS. Indicates that the TFTP server address is a host name.
8. In the Server Address field, enter the IP address of the server in accordance with the
format indicated by the server address type.
The default is the IPv4 address 0.0.0.0.
9. In the Transfer File Path field, specify the path on the TFTP server where you want to save
the file.
You can enter up to 32 characters. Include the backslash at the end of the path. A path
name with a space is not accepted. Leave this field blank to save the file to the root TFTP
directory.
10. In the Transfer File Name field, specify a destination file name for the file to be uploaded.
You can enter up to 32 characters. The transfer fails if you do not specify a file name.
11. Select the Start File Transfer check box.
12. Click the Apply button.
The file transfer begins.
The page displays information about the file transfer progress. The page refreshes
automatically when the file transfer completes.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Maintenance > Export > HTTP File Export.
The HTTP File Export page displays.
6. From the File Type menu, select the type of file:
• Text Configuration. A text-based configuration file enables you to edit a configured
text file (startup-config) offline as needed. The most common usage of
text-based configuration is to upload a working configuration from a device, edit it
offline to personalize it for another similar device (for example, change the device
name or IP address), and download it to that device.
• Tech Support. The tech support file is a text-base file that contains a variety of
hardware, software, and configuration information that can assist in device and
network troubleshooting.
• Crash Logs. The switch crash logs, if any are available.
7. Click the Apply button.
The file transfer begins.
The page displays information about the file transfer progress. The page refreshes
automatically when the file transfer completes.
Note: We recommended that you do not overwrite the active image. If you do
so, the switch displays a warning that you are trying to overwrite the
active image.
8. From the Server Address Type menu, select the format for the TFTP Server IP field:
• IPv4. Indicates that the TFTP server address is an IP address in dotted-decimal
format. This is the default setting.
• DNS. Indicates that the TFTP server address is a host name.
9. In the TFTP Server IP field, enter the IP address of the TFTP server indicated by the server
address type.
The default is the IPv4 address 0.0.0.0.
10. In the Transfer File Path field, specify the path on the TFTP server where the file is located.
Enter up to 160 characters. Include the backslash at the end of the path. A path name
with a space is not accepted. Leave this field blank to save the file to the root TFTP
directory.
11. In the Remote File Name field, specify the name of the file to download from the TFTP
server.
You can enter up to 32 characters. A file name with a space is not accepted.
12. Select the Start File Transfer check box to initiate the file upload.
13. Click the Apply button.
The file transfer begins.
The page displays information about the progress of the file transfer. The page refreshes
automatically when the file transfer completes.
Note: After a software image file is downloaded, you might need to select
the new software image file (see Change the Software Image That
Loads When the Switch Starts or Reboots on page 333) and reboot
the switch.
Note: We recommended that you do not overwrite the active image. If you do
so, the switch displays a warning that you are trying to overwrite the
active image.
8. Click the Browse button and locate and select the file that you want to download.
The file name can contain up to 80 characters.
9. Click the Apply button.
The file transfer begins.
The page displays information about the progress of the file transfer. After a file transfer is
started, wait until the page refreshes. When the page refreshes, the option to select a file
option is no longer available, indicating that the file transfer is complete.
Note: After a software image file is downloaded, you might need to select
the new software image file (see Change the Software Image That
Loads When the Switch Starts or Reboots on page 333) and reboot
the switch. After a text configuration file is downloaded, the switch
applies the configuration automatically.
Note: A switch that runs an older (legacy) software version might not load a
configuration file that is created by a newer software version. In such
a situation, the switch displays a warning.
The following sections describe how you can manage the software images:
• Copy a Software Image on page 332
• Configure Dual Image Settings on page 333
6. Select the Source Image image1 or image2 radio button to specify the image to be copied.
7. Select the Destination Image image1 or image2 radio button to specify the destination
image.
8. Click the Apply button.
Your settings are saved.
Change the Software Image That Loads When the Switch Starts or Reboots
To change the image that loads during the boot process:
1. Connect your computer to the same network as the switch.
You can use a WiFi or wired connection to connect your computer to the network, or
connect directly to a switch that is off-network using an Ethernet cable.
2. Launch a web browser.
3. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Discover or Change the Switch IP
Address on page 12.
The login window opens.
4. Enter the switch’s password in the Password field.
The default password is password.
The System Information page displays.
5. Select Maintenance > File Management > Dual Image Configuration.
6. From the Image Name menu, select the image that is not the image displayed in the
Current-active field but that is the image that you want the switch to run after it reboots.
The Current-active field displays the name of the active image.
7. As an option, specify a name for the selected image by entering one in the Image
Description field.
8. Select the Activate Image check box.
9. Click the Apply button.
Your settings are saved.
IMPORTANT:
After activating an image, you must reboot the switch. Otherwise,
the switch continues running the image shown in the Current-active
field until the switch reboots.
Field Description
337
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
• If the port is a member of the VLAN specified by the packet’s VLAN ID, the packet can be
sent to other ports with the same VLAN ID.
• Packets leaving the switch are either tagged or untagged, depending on the setting for
that port’s VLAN membership properties. A U for a port means that packets leaving the
switch from that port are untagged. Inversely, a T for a port means that packets leaving
the switch from that port are tagged with the VLAN ID that is associated with the port.
The example in this section comprises numerous steps to illustrate a wide range of
configurations to help provide an understanding of tagged VLANs.
• If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet
can access port 5 and port 6. The outgoing packet is stripped of its tag to become an
untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a
tagged packet with VLAN ID 20.
2. On the MAC Rules page, create a rule for the Sales_ACL with the following settings:
• Sequence Number. 1
• Action. Permit
• Assign Queue ID. 0
• Match Every. False
• CoS. 0
• Destination MAC. 01:02:1A:BC:DE:EF
• Destination MAC Mask. 00:00:00:00:FF:FF
• EtherType. User Value.
• Source MAC. 02:02:1A:BC:DE:EF
• Source MAC Mask. 00:00:00:00:FF:FF
• VLAN ID. 2
For more information about MAC ACL rules, see Configure MAC ACL Rules on
page 268.
3. On the MAC Binding Configuration page, assign the Sales_ACL to the interface Gigabit
ports 6, 7, and 8, and then click the Apply button. (See Configure MAC Bindings on
page 272.)
You can assign an optional sequence number to indicate the order of the access list
relative to other access lists if any are already assigned to the interface and direction.
4. The MAC Binding Table displays the interface and MAC ACL binding information. (See
View or Delete MAC ACL Bindings in the MAC Binding Table on page 274.)
The ACL named Sales_ACL looks for Ethernet frames with destination and source MAC
addresses and MAC masks defined in the rule. Also, the frame must be tagged with VLAN ID
2, which is the Sales department VLAN. The CoS value of the frame must be 0, which is the
default value for Ethernet frames. Frames that match this criteria are permitted on interfaces
6, 7, and 8 and are assigned to the hardware egress queue 0, which is the default queue. All
other traffic is explicitly denied on these interfaces. To allow additional traffic to enter these
ports, you must add a new Permit rule with the desired match criteria and bind the rule to
interfaces 6, 7, and 8.
Class
You can classify incoming packets at Layers 2, 3, and 4 by inspecting the following
information for a packet:
• Source/destination MAC address
• EtherType
• Class of Service (802.1p priority) value (first/only VLAN tag)
• VLAN ID range (first/only VLAN tag)
• Secondary 802.1p priority value (second/inner VLAN tag)
• Secondary VLAN ID range (second/inner VLAN tag)
• IP Service Type octet (also known as: ToS bits, Precedence value, DSCP value)
• Layer 4 protocol (TCP, UDP and so on)
• Layer 4 source/destination ports
• Source/destination IP address
From a DiffServ point of view, two types of classes exist:
• DiffServ traffic classes
• DiffServ service levels/forwarding classes
Creating Policies
Use DiffServ policies to associate a collection of classes that you configure with one or more
QoS policy statements. The result of this association is referred to as a policy.
From a DiffServ perspective, two types of policies exist:
• Traffic Conditioning Policy. A policy applied to a DiffServ traffic class
• Service Provisioning Policy. A policy applied to a DiffServ service level
You must manually configure the various statements and rules used in the traffic conditioning
and service provisioning policies to achieve the desired Traffic Conditioning Specification
(TCS) and the Service Level Specification (SLS) operation, respectively.
between the authenticator (the system that passes an authentication request to the
authentication server) and the supplicant (the system that requests authentication), as well
as between the authenticator and the authentication server.
The switch supports a guest VLAN, which allows unauthenticated users limited access to the
network resources.
Note: You can use QoS features to provide rate limiting on the guest VLAN
to limit the network resources that the guest VLAN provides.
Another 802.1X feature is the ability to configure a port to enable or disable EAPoL packet
forwarding support. You can disable or enable the forwarding of EAPoL when 802.1X is
disabled on the device.
The ports of an 802.1X authenticator switch provide the means by which it can offer services
to other systems reachable through the LAN. Port-based network access control allows the
operation of a switch’s ports to be controlled to ensure that access to its services is permitted
only by systems that are authorized to do so.
Port access control provides a means of preventing unauthorized access by supplicants to
the services offered by a system. Control over the access to a switch and the LAN to which it
is connected can be desirable when you restrict access to publicly accessible bridge ports or
to restrict access to departmental LANs.
Access control is achieved by enforcing authentication of supplicants that are attached to an
authenticator's controlled ports. The result of the authentication process determines whether
the supplicant is authorized to access services on that controlled port.
A port access entity (PAE) is able to adopt one of two distinct roles within an access control
interaction:
1. Authenticator. A port that enforces authentication before allowing access to services
available through that port.
2. Supplicant. A port that attempts to access services offered by the authenticator.
Additionally, there exists a third role:
3. Authentication server. Performs the authentication function necessary to check the
credentials of the supplicant on behalf of the authenticator.
All three roles are required for you to complete an authentication exchange.
The switch supports the authenticator role only, in which the PAE is responsible for
communicating with the supplicant. The authenticator PAE is also responsible for submitting
the information received from the supplicant to the authentication server for the credentials to
be checked, which determines the authorization state of the port. The authenticator PAE
controls the authorized/unauthorized state of the controlled port depending on the outcome
of the RADIUS-based authentication process.
6. On the RADIUS Server Configuration page, configure a RADIUS server with the following
settings:
• Server Address. 192.168.10.23
• Secret Configured. Yes
• Secret. secret123
• Active. Primary
For more information, see Manage the RADIUS Settings on page 211.
7. Click the Add button.
8. On the Authentication List page, configure the default list to use RADIUS as the first
authentication method. (See Configure Authentication Lists on page 223.)
This example enables 802.1X-based port security on the switch and prompts the hosts
connected on ports g5-g8 for an 802.1X-based authentication. The switch passes the
authentication information to the configured RADIUS server.
interconnecting these regions, and an Internal Spanning Tree (IST) within each region.
MSTP ensures that frames with a VLAN ID are assigned to one and only one of the MSTIs or
the IST within the region, that the assignment is consistent among all the networking devices
in the region, and that the stable connectivity of each MSTI and IST at the boundary of the
region matches that of the CST. The stable active topology of the bridged LAN with respect to
frames consistently classified as belonging to any VLAN thus simply and fully connects all
LANs and networking devices throughout the network, though frames belonging to different
VLANs can take different paths within any region, per IEEE DRAFT P802.1s/D13.
All bridges, whether they use STP, RSTP, or MSTP, send information in configuration
messages through Bridge Protocol Data Units (BPDUs) to assign port roles that determine
each port’s participation in a fully and simply connected active topology based on one or
more spanning trees. The information communicated is known as the spanning tree priority
vector. The BPDU structure for each of these different protocols is different. An MSTP bridge
transmits the appropriate BPDU depending on the received type of BPDU from a particular
port.
An MST region comprises of one or more MSTP bridges with the same MST configuration
identifier, using the same MSTIs, and without any bridges attached that cannot receive and
transmit MSTP BPDUs. The MST configuration identifier includes the following components:
1. Configuration identifier format selector
2. Configuration name
3. Configuration revision level
4. Configuration digest: 16-byte signature of type HMAC-MD5 created from the MST
Configuration Table (a VLAN ID to MSTID mapping)
Because multiple instances of spanning tree exist, an MSTP state is maintained on a
per-port, per-instance basis (or on a per-port, per-VLAN basis, as any VLAN can be in one
and only one MSTI or CIST). For example, port A can be forwarding for instance 1 while
discarding for instance 2. The port states changed since IEEE 802.1D specification.
To support multiple spanning trees, configure an MSTP bridge with an unambiguous
assignment of VLAN IDs (VIDs) to spanning trees. For such a configuration, ensure the
following:
1. The allocation of VIDs to FIDs is unambiguous.
2. Each FID that is supported by the bridge is allocated to exactly one spanning tree instance.
The combination of VID to FID and then FID to MSTI allocation defines a mapping of VIDs to
spanning tree instances, represented by the MST Configuration Table.
With this allocation we ensure that every VLAN is assigned to one and only one MSTI. The
CIST is also an instance of spanning tree with an MSTID of 0.
VIDs might be not be allocated to an instance, but every VLAN must be allocated to one of
the other instances of spanning tree.
The portion of the active topology of the network that connects any two bridges in the same
MST region traverses only MST bridges and LANs in that region, and never bridges of any
kind outside the region. In other words, connectivity within the region is independent of
external connectivity.
If you do not specify a root bridge and all switches are assigned the same bridge priority
value, the switch with the lowest MAC address is elected as the root bridge (see
Configure and View the CST Settings on page 146).
5. On the CST Port Configuration page, select ports 1/0/1–1/0/8 and select Enable from the
STP Status menu (see Configure and View the CST Port Settings on page 148).
6. Click the Apply button.
7. Select ports 1/0/1–1/0/5 (edge ports), and select Enable from the Fast Link menu.
Since the edge ports are not at risk for network loops, ports with Fast Link enabled
transition directly to the forwarding state.
8. Click the Apply button.
You can use the CST Port Status page to view spanning tree information about each port.
9. On the MST Configuration page, create a MST instances with the following settings:
• MST ID. 1
• Priority. Use the default (32768)
• VLAN ID. 300
For more information, see View Rapid STP Information on page 152.
10. Click the Add button.
11. Create a second MST instance with the following settings
• MST ID. 2
• Priority. 49152
• VLAN ID. 500
12. Click the Add button.
In this example, assume that Switch 1 became the root bridge for the MST instance 1, and
Switch 2 became the root bridge for MST instance 2. Switch 3 supports hosts in the sales
department (ports 1/0/1, 1/0/2, and 1/0/3) and in the HR department (ports 1/0/4 and 1/0/5).
Switches 1 and 2 also include hosts in the sales and HR departments. The hosts connected
from Switch 2 use VLAN 500, MST instance 2 to communicate with the hosts on Switch 3
directly. Likewise, hosts of Switch 1 use VLAN 300, MST instance 1 to communicate with the
hosts on Switch 3 directly.
The hosts use different instances of MSTP to effectively use the links across the switch. The
same concept can be extended to other switches and more instances of MSTP.
353
S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
Feature Default
IP address 192.168.0.239
Protocol DHCP
Management VLAN ID 1
Default VLAN ID 1
Feature Default
DiffServ Enabled
PVID 1
Port priority 0
Ports
802.1X
Quiet period 60
STP/RSTP/MSTP, Global
STP/RSTP/MSTP, Interface
Link Aggregation
Hold multiplier 4
Reinitializing delay 2
Transmit delay 5
Notification Disabled
Persistent Configuration
Storage Local
Auto-VoIP, Protocol-Based
Auto-VoIP, OUI-Based
OUI-based priority 7
L2 Loop Protection
Recovery time 0
Port Characteristics
The following table describes the port characteristics.
Table 76. Port characteristics
Learning process Supports static and dynamic MAC Dynamic learning is enabled by
entries default
802.1p 1 Enabled
DSCP 1 Disabled
Security Settings
The following table describes the security settings.
Table 79. Security settings
MAC ACL 100 (shared with IP ACLs) All MAC addresses allowed
Logging 5 logs: memory, flash, server, Memory, traps, and events logs
traps, and events are enabled
Power consumption without From 6.5 W to 13.5W From 11.1W to 16.3W From 25.0 to 39.1W
PoE
Dimensions (W x D x H) 12.9 x 6.7 x 1.7 in. 13.0 x 8.1 x 1.7 in. 17.3 x 8.1 x 1.7 in.
(328 x 169 x 43 mm) (330 x 206 x 43 mm) (440 x 206 x 43 mm)
Weight 3.57 lb (1.62 kg) 5.93 lb (2.69 kg) 6.72 lb (3.05 kg)
Fans None 2 1
For more information, see the data sheet, which you can download by visiting
netgear.com/support/download/.