How it Works
NETGEAR
Loading...
FSM726v2
Setup Manual
156 pgs4.84 Mb0
Specifications
2 pgs503.33 Kb0

NETGEAR FSM726v2, FSM726 Setup Manual

Download
Page 1
700 Series Software Manual v2.1
NETGEAR, Inc.
4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR
202-10132-01 September 2005
Page 2
© 2005 by NETGEAR, Inc. All rights reserved.
Trademarks
NETGEAR, Inc. NETGEAR, the Netgear logo, The Gear Guy and Everybody’s connecting are trademarks of Netgear, Inc. in the United States and/or other countries. Other brand and product names are trademarks of their respective holders. Information is subject to change without notice. All rights reserved.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Customer Support
For assistance with installing and configuring your NETGEAR system or with questions or problems following installation:
Check the NETGEAR Web page at http://www.NETGEAR.com.
Call Technical Support in North America at 1-888-NETGEAR. If you are outside North America, please refer to the phone numbers listed on the Support Information Card that shipped with your switch.
Email Technical Support at support@NETGEAR.com.
Defective or damaged merchandise can be returned to your point-of-purchase representative. NETGEAR maintains a World Wide We b ho me page that you can access at the uniform resource locator (URL) http://
www.NETGEAR.com. A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required.
2
Page 3
Contents
Chapter 1 About This Guide
Audience ............................. ................ ................ ................ ................ ................ ............1-1
Why the Document was Created ....................................................................................1-1
How to Use This Document ............................................................................................1-1
Typographical Conventions ............................................................................................1-2
Special Message Formats ..............................................................................................1-2
Features of the HTML Version of this Manual ................................................................1-3
How to Print this Manual .................................................................................................1-4
Chapter 2 Switch Management Overview
Management Access Overview ......................................................................................1-1
Protocols .................................................................................................................. 1-2
Virtual Terminal Protocols ..................................................................................1-3
SNMP Protocol ..................................................................................................1-3
SNMP Access ..........................................................................................................1-3
Chapter 3 Software Upgrade Procedure
Chapter 4 Administration Console Telnet Interface
Set Up Your Switch Using Direct Console Access .........................................................3-1
Introduction to the Command Menu Interface ................................................................3-3
Main Menu> System ......................................................................................................3-5
Main Menu> Status .........................................................................................................3-5
Main Menu> Status >Switch Statistics .....................................................................3-5
Main Menu> Status >Reset Statistics .......................................................................3-6
Main Menu> Status > MAC Address Table .............................................................3-6
Main Menu> Set-Up ........................................................................................................3-7
Main Menu> Set-Up> System Configuration ................................ ....... ...... ....... ........3-7
Main Menu> Set-Up> IP Configuration ....................................................................3-8
Main Menu> Set-Up> Port Configuration .................................................................3-9
Contents iii
Page 4
Main Menu> Set-Up> GBIC ...................................................................................3-10
Main Menu> Tools ........................................................................................................3-11
Main Menu> Security ...................................................................................................3-12
Main Menu> Advanced .................................................................................................3-12
Main Menu> Advanced> Port Mirroring .................................................................3-14
Main Menu> Advanced> Port Trunking ..................................................................3-15
Main Menu> Advanced> Virtual Cable Tester ..................................................... ...3-15
Main Menu> Advanced> Advanced Security ............ ... ... .... ... ... ... .... ......................3-16
Main Menu> Advanced> Advanced Security> System Authentication ............3-16
Main Menu> Advanced> Advanced Security > Port-Based Authentication .....3-16
Main Menu> Advanced > Trusted MAC Address Table ...................................3-17
Main Menu > Advanced > MAC Address Lockdown Table ..............................3-17
Main Menu> Advanced> Advanced Tools ..............................................................3-18
Main Menu> Advanced> Advanced Tools> Software Upgrade .......................3-18
Main Menu> Advanced> Advanced Tools> Configuration Management .........3-19
Main Menu> Advanced> Traffic Management .......................................................3-19
Main Menu> Advanced> Traffic Management> Port Priority ...........................3-20
Main Menu> Advanced> Traffic Management> DiffServ .................................3-20
Main Menu> Advanced> Traffic Management> Broadcast Control .................3-21
Main Menu> Advanced> VLANS ...........................................................................3-21
Main Menu> Advanced> VLANS> VLAN Admin .............................................3-21
Main Menu> Advanced> VLANS> VLAN Membership .............. ... ... ... ... .... ... ...3-22
Main Menu> Advanced> VLANS> VLAN Ports ..............................................3-22
Main Menu> Advanced> Spanning Tree ................................................................3-23
Main Menu> Advanced> Spanning Tree> Bridge Settings . ............................. 3-23
Main Menu> Advanced> Spanning Tree> Port Settings ..................................3-24
Main Menu> Advanced> MAC Address Manager ..................... ............................. 3-25
Main Menu> Advanced> MAC Address Manager> Aging Time ......................3-26
Main Menu> Advanced> MAC Address Manager> Static Addresses .............3-26
Main Menu> Advanced> Multimedia Support ........................................................3-27
Main Menu> Advanced> Multimedia Support> Enable/Disable IGMP ............3-27
Main Menu> Advanced> Multimedia Support> Static Multicast Administration 3-27 Main Menu> Advanced> Multimedia Support> Static Multicast Membership ..3-28
Main Menu> Advanced> SNMP .............................................................................3-29
Main Menu> Advanced> SNMP> Community Table .......................................3-29
iv Contents
Page 5
Main Menu> Advanced> SNMP> Host Table ..................................................3-30
Main Menu> Advanced> SNMP> Trap Settings .................................... ..........3-30
Chapter 5 Web-Based Management Interface
Web Based Management Overview ...................................... .... ... ...... .... ... ... ... ... .... ... ... ..4-2
System Information .........................................................................................................4-3
Status Menus ..................................................................................................................4-4
Status > Switch Statistics ................ ... .... ... .......................................... ... ... ... .... ... ... ..4-5
Status > Port Statistics .............................................................................................4-7
Status > Error Statistics ............................................................................................4-8
Status > Most Active Ports .......................................................................................4-9
Status > Reset Statistics ........................................................................................4-10
Status > Port Settings ............................................................................................4-10
Status > MAC Address Table .................................................................................4-11
Set-up Menu .................................................................................................................4-12
Set-up> System Configuration ...............................................................................4-12
Set-up> IP Configuration ........................................................................................4-13
Set-up> Port Configuration ....................................................................................4-14
Set-up> GBIC .........................................................................................................4-15
Tools Menu ...................................................................................................................4-16
Tools> Save Configuration ....................................................................................4-16
Tools> Restore Factory Defaults ............................................................................4-17
Tools> Device Reset .............................................................................................4-18
Security> Passwords ....................................................................................................4-18
Advanced Options ........................................................................................................4-19
Advanced > Disable Advanced Alerting .................................................................4-22
Advanced > Port Mirroring .....................................................................................4-22
Advanced > Port Trunking ......................................................................................4-23
Advanced > Virtual Cable Tester ............................................................................4-23
Advanced> Advanced Security ..............................................................................4-24
Advanced > Advanced Security > System Authentication ...............................4-25
Advanced > Advanced Security > Port-Based Authentication ......... ... ... .... ... ...4-25
Advanced > Advanced Security > Trusted MAC Address Table ......................4-26
Advanced > Advanced Security > MAC Address Lockdown Table .................4-27
Advanced > Advanced Tools .... ... ... ... .... .......................................... ... ... ... ... .... ... ...4-28
Contents v
Page 6
Advanced > Advanced Tools > Software Upgrade ...................... ... ... ... .... ... ...4-29
Advanced > Advanced Tools > Configuration Management ............................4-30
Advanced > Traffic Management ...........................................................................4-31
Advanced > Traffic Management > Traffic Priority .............................. .............4-31
Advanced > Traffic Management > Broadcast Control ................................. ...4-32
Advanced> VLANS ................................................................................................4-32
Advanced> VLAN> Primary VLAN ..................................................................4-33
Advanced> VLAN> VLAN Ports ......................................................................4-34
Advanced> Spanning Tree .....................................................................................4-35
Advanced> Spanning Tree >Bridge Settings ...................................................4-35
Advanced> Spanning Tree > Port Settings ......................................................4-36
Advanced> MAC ....................................................................................................4-37
Advanced> MAC> Address Aging ...................................................................4-38
Advanced> MAC> Static Addresses ................................................................4-38
Advanced> Multimedia Support .............................................................................4-39
Advanced> Multimedia Support>Enable/Disable IGMP ..................................4-39
Advanced>Multimedia Support> Static Multicast Groups ...................... ..........4-40
Advanced> SNMP ..................................................................................................4-40
Advanced> SNMP> Community Table ............................................................4-41
Advanced> SNMP> Host Table .......................................................................4-41
Advanced> SNMP> Trap Setting .....................................................................4-42
Chapter 6 Command Line Interface
Manual Syntax ................................................................................................................5-1
Entering the CLI ..............................................................................................................5-1
Help ................................................................................................................................5-2
Ping ................................................................................................................................5-2
Exit ............................... ................ ................. ................ ................ ................ ..................5-3
Show ............................... ................. ................ ................ ................ ................ ...............5-3
Show DiffServ ....................... .... ... ... .......................................... ... .... ... ... ... ...............5-4
Show Dot1x .. ... ... ... ... .... ... .......................................... ... ... .... ... ... ...............................5-4
Show Interfaces ........................... ... ... .... ... ... ... ... .......................................... .... ... ... ..5-4
Show IP . ... .... ... ... ... ... .......................................... .... ... ... ... .... .....................................5-5
Show Mac-Address-Table ............................................ ... .... ... ... ... ............................5-5
Show Mirror .. ... ... ... ... .... ... .......................................... ... ... .... ... ... ...............................5-7
vi Contents
Page 7
Show Multimedia ... ... .... ... ... ... .......................................... .... ... ... ... .... ........................5-7
Show Running-Config ..............................................................................................5-7
Show SNMP . ... ... ... ... .... .......................................... ... ... ... .... ... ..................................5-8
Show Spanning Tree ................................. ... ... ... .... ... ... ... .........................................5-9
Show System .................. ... ... .... .......................................... ... ... ... .... ... ... ................5-10
Show Trunking ............................................................. ... .... ... ... ... ..........................5-11
Show VLAN .. ... .......................................... ... ... ... .... ... .......................................... ...5-11
Configure ......................................................................................................................5-13
DiffServ ..................................................................................................................5-13
Dot1x ............................... ................................ ................................. ...................... 5-14
Exit .........................................................................................................................5-15
Interface ................................................................................................................. 5-15
CoS (Class or Service) ....................................................................................5-16
Exit ............................ ................... .................... ................... ................... ..........5-16
Flow Control ...... .... ... ... ... .... ... .......................................... ... ... .... ... ... ................5-17
Mirror ...............................................................................................................5-17
No .................................................................................................................... 5-18
Type ................................................................................................................5-18
Shutdown .................................. ............................. ............................. ............. 5-18
Spanning Tree ................................. .......................................... ... ... ... ... .... ...... 5-19
Speed ..............................................................................................................5-19
Switchport ........................... ................................................... .......................... 5-19
Trunking ................................................. .......................................... ................ 5-20
Mac-address-table .................................................................................................5-21
Multimedia ................................. ................................... .................................... ...... 5-22
No ..........................................................................................................................5-23
SNMP Server .........................................................................................................5-23
Spanning Tree ................................. ... .... ... ... ... ... .......................................... .... ... ...5-26
System ...................................................................................................................5-27
IP .....................................................................................................................5-28
IP-Filter ............................................................................................................ 5-28
IP-filter address ........ ... ... .... ... ... ... .......................................... .... ... ... ... ... ..........5-29
IP-Mode ........................................................................................................... 5-29
Mask ................................................................................................................ 5-29
Gateway ..........................................................................................................5-29
Contents vii
Page 8
Save ................................................................................................................5-30
Restore ............................................................................................................ 5-30
Web .................................................................................................................5-30
Telnet ...............................................................................................................5-30
Username ........................................................................................................ 5-31
Password ............................... .................................................... ...................... 5-31
Firmware boot ..................................................................................................5-31
Firmware TFTP-IP ...........................................................................................5-32
Firmware TFTP-File .........................................................................................5-32
RADIUS ........................................................................................................... 5-32
Reset ...............................................................................................................5-33
Stat-Reset ........................................................... ............................................. 5-34
VLAN ............................... ................................ ................................. ...................... 5-34
Appendix A Virtual Local Area Network
VLAN Behavior in a 700 Series Managed Switch ......................................................... A-2
Appendix B Cabling Guidelines
Fast Ethernet Cable Guidelines ................ .................... ................... ................... ........... B-1
Category 5 Cable ........................................................................................................... B-2
Category 5 Cable Specifications ............................................................................. B-2
Twisted Pair Cables ................................................................................................ B-3
Patch Panels and Cables ...... .... ... ... ... .... ................................................................. B-4
Using 1000BASE-T Gigabit Ethernet over Category 5 Cable ....................................... B-5
Cabling ............................... .............................................................. ....................... B-5
Near End Cross Talk (NEXT) .................................................................................. B-6
Patch Cables ........................................................................................................... B-6
RJ-45 Plug and RJ-45 Connectors ......................................................................... B-6
Conclusion .............................................................................................................. B-8
Appendix C
802.1x Port-Based Authentication Overview
Understanding 802.1x Port Based Network Access Control .........................................C-1
Glossary Index
viii Contents
Page 9
Chapter 1
About This Guide
Thank you for purchasing the NETGEAR™ 700 Series Switches.
Audience
This reference manual assumes that the reader has basic-to-intermediate computer and Internet skills. However, basic computer network, Internet, and wireless technology tutorial information is provided in the Appendices.
This document describes configuration commands for the 700 Series Switch es software. The commands can be accessed from the CLI, telnet, and Web interfaces.
Why the Document was Created
This document was created primarily for system administrators configuring and operating a system using 700 Series Switches software. It is intended to provide an understanding of the configuration options of 700 Series Switches software.
It is assumed that the reader has an understanding of the relevant switch platforms. It is also assumed that the reader has a basic knowledge of Ethernet and networking concepts.
How to Use This Document
This document describes configuration commands for the 700 Series Switch es software. The commands can be accessed from the CLI, telnet (CMI), and Web interfaces.
Chapter 4, “Administration Console Telnet Interface” describes the CMI.
Chapter 5, “Web-Based Management Interface” describes the Web interface.
Chapter 6, “Command Line Interface” describes the CLI, which can be reached through the telnet (CMI) interface.
About This Guide 1-1
Page 10
700 Series Software Manual v2.1
Note: Refer to the release notes for the 700 Series Switches Software application level code. The
release notes detail the platform specific functionality of the Switching, SNMP, Config, and Management packages.
Typographical Conventions
This guide uses the following typographical conventions:
Table 1. Typographical conventions
italics Emphasis.
bold times roman User input. [Enter] Named keys in text are shown enclosed in square brackets. The notation [Enter]
is used for the Enter key and the Return key.
[Ctrl]+C Two or more keys that must be pressed simultaneously are shown in text linked
with a plus (+) sign.
SMALL CAPS
DOS file and directory names.
Special Message Formats
This guide uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
This manual is written for the 700 Series Switches according to these specifications:
Table 1-1. Manual Specifications
Product Version 700 Series Switches Manual Publication Date September 2005
Note: Product updates are available on the NETGEAR, Inc. Web site at http://
www.netgear.com/support/main.asp.
1-2 About This Guide
Page 11
Chapter 2
Switch Management Overview
This chapter gives an overview of switch management, including the methods you can use to manage your NETGEAR 700 Series Switches. Topics include:
Management Access Overview
SNMP Access
Protocols
Management Access Overview
Your NETGEAR 700 Series Switches gives you the flexibility to access and manage the switch using any or all of the following methods:
An administration console
Web browser interface
External Simple Network Management Protocol (SNMP)-based network-management application
The administration console and Web browser interface support are embedded in the switch’s firmware and available for immediate use. Each of these management methods has advantages. Table 1-1 compares the three management methods.
Switch Management Overview 2-1
Page 12
700 Series Software Manual v2.1
Table 2-1. Comparing Switch Management Methods
Management Method Advantages Disadvantages
Administration console
Web browser or Telnet
SNMP Agent • Communicates with switch functions at the
• Out-of-band access via direct cable connection means network bottlenecks, crashes, and downtime do not slow or prevent access
• No IP address or subnet needed
• Menu or CLI based
• HyperTerminal access to full functionality (HyperTerminal are built into Microsoft Windows 95/98/NT/2000 operating systems)
• Secure – make sure the switch is installed in a secure area.
• Can be accessed from any location via the switch’s IP address
• Ideal for configuring the switch remotely
• Compatible with Internet Explorer and Netscape Navigator Web browsers
• Familiar browser interface
• Graphical data available
• Most visually appealing
• Menu or CLI interfaces available
Management Information Base (MIB) level
• Based on open standards
• Must be near switch or use dial-up connection
• Not convenient for remote users
• Not graphical
• Security can be compromised (hackers can attack if they know IP address)
• May encounter lag times on poor connections
• Displaying graphical objects over a browser interface may slow navigation
• Requires SNMP manager software
• Least visually appealing of all three methods
• Limited amount of information available
• Some settings require calculations
• Security can be compromised (hackers need only know the community name)
For a more detailed discussion of the Administration Console, see Chapter 4. For a more detailed discussion of the Web Browser Interface, see Chapter 5.
Protocols
Your NETGEAR 700 Series Switches supports the following protocols:
Virtual terminal protocols, such as Telnet
•SNMP
2-2 Switch Management Overview
Page 13
700 Series Software Manual v2.1
Virtual Terminal Protocols
A virtual terminal protocol is a software program, such as Telnet, that allows you to establish a management session from a Macintosh, a PC, or a UNIX workstation. Because Telnet runs over TCP/IP, you must have at least one IP address configured on a NETGEAR 700 Series Switches before you can establish access to it with a virtual terminal protocol.
Terminal emulation differs from a virtual terminal protocol in that you must connect a terminal or PC directly to the console port. Figure 2-1 shows a UNIX workstation connected to the system through a virtual terminal protocol (Telnet), and a terminal connecting direct ly to the console port through a null-modem cable.
Figure 2-1: Administration Console Access
SNMP Protocol
SNMP is the standard management protocol for multi-vendor IP networks. SNMP supports transaction-based queries that allow the protocol to format messages and to transmit information between reporting devices and data-collection programs. SNMP runs on top of the User Datagram Protocol (UDP), offering a connectionless-mode service.
SNMP Access
With this access method, you can use an external SNMP-based application to manage your NETGEAR 700 Series Switches. Figure 2-2 shows an example of this management method.
Switch Management Overview 2-3
Page 14
700 Series Software Manual v2.1
This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string and that the SNMP Network Management Station is entered in the SNMP Host table on the switch. This management method, in fact, uses two community strings: the GET community string and the SET community string. If the SNMP Network management Station only knows the SET community string, it can read from and write to the MIBs. However, if it only knows the GET community string, it can only read MIBs. The default GET community string for the switch is ‘public’, and the host table is empty.
Figure 2-2: SNMP-Based Management Method
2-4 Switch Management Overview
Page 15
700 Series Software Manual v2.1
Switch Management Overview 2-5
Page 16
Chapter 3
Software Upgrade Procedure
As networking technology advances, NETGEAR will release new versions of the software that runs the switch. These software releases will provide new capabilities that can extend the useful life of your switch. This manual is updated whenever there is a change in either the first or second positions of the software version number. The third position in the software version number identifies bug fix and patch versions for which this manu al is no t u pdated. The u pg rad e pro cedure and the required equipment are described in this chapter.
IP address, Network Mask, and Default Gateway are not affected by upgrading the software. These settings will be preserved in non-volatile memory (NVRAM).
The upgrade process is accomplished by having the switch boot from a TFTP server instead of its own NVRAM. To initiate this sequence, the user must set the ‘Next Boot From’ configuration parameter to ‘Boot from Net’, and then perform a ‘reset’. When the ‘Boot from Net’ option is set, the switch will start using an image residing on a TFTP server on the network. Be sure that the TFTP server residing on the network is accessible by the switch. Once completed, the software version should be verified in the System page.
Note: It is highly recommended, though not necessary, to use a RS-232 serial port
connection to the switch during the software upgrade procedure. When using a Telnet Session or Web interface alone, your connection to the switch will not be available until the switch has completed its boot up and entered the Spanning Tree forwarding mode. This can take up to three minutes.
The upgrade procedure below gives the exact steps to follow when using the Web interfa ce. The process is similar with either the CMI or CLI interfaces.
1. Select Advanced > Advanced Tools > Software Upgrade.
2. Select Next boot from: Net.
3. Verify information such as the IP address for the TFTP Server and the file name of the new
software image.
4. Save the setting in non-volatile memory. Press the Apply button and then go to the Tools >
Save Configuration to NVRAM option.
Software Upgrade Procedure 3-1
Page 17
700 Series Software Manual v2.1
Restart the system via the Tools > Reset command. Bootstrap will retrieve the new software
5.
image then pass control to it. The system executes the new software image. The previous software image in non-volatile memory will not be replaced by the new software
image. This enables you to return to the previous image if you do not like the new image.
6. Verify that the new software is loaded by going to the Advanced > Advanced Tools > Software
Upgrade screen and checking the Software Version. Test your switch to make sure the new image is working correctly. If you decide to keep the
new image, go to Software Upgrade again. Select the Next boot from: Net & Save option.
7. Save the setting in non-volatile memory. Press the Apply button, and then go to the Tools >
Save Configuration to NVRAM option.
8. Restart the system via the Tools > Reset c ommand
The new image should overwrite the old image in NVRAM. Verify it by going to the Advanced > Advanced Tools > Software Upgrade screen and checking the Software Version.
Software Upgrade Procedure 3-2
Page 18
700 Series Software Manual v2.1
3-3 Software Upgrade Procedure
Page 19
Chapter 4
Administration Console Telnet Interface
The administration console is an internal, character-oriented, VT-100/ANSI menu-driven user interface for performing management activities. Using this method, you can view the administration console from a terminal, PC, Apple Macintosh, or UNIX workstation connected to the switch’s console port. Figure 4-1 shows an example of this management method.
Figure 4-1: Administration Console Management Method
Set Up Your Switch Using Direct Console Access
The direct access management method is required when you initially set up your switch. Thereafter, the convenience and additional features of the Web management access method (described in Chapter 5) make it the best method to manage the switch.
Direct access to the switch console is achieved by connecting the switch’s console port to a VT-100 or compatible terminal or to a PC, Apple Macintosh, or UNIX workstation equipped with a terminal-emulation program. This connection is made using the null-modem cable supplied with the switch.
Administration Console Telnet Interface 4-1
Page 20
700 Series Software Manual v2.1
Examples of terminal-emulation programs include:
HyperTerminal, which is included with Microsoft Windows operating systems
ZTerm for the Apple Macintosh
TIP for UNIX workstations This example describes how to set up the connection using a HyperTerminal on a PC, but other
systems follow similar steps.
1. Click the Windows S tart button. Select Accessories and then Communications. HyperT erminal
should be one of the options listed in this menu. Select HyperTerminal
2. The following screen will appear . Enter a name for this connection. In the example below, the
name of the connection is FSM726. Click OK.
Figure 4-2: Connection Description
3.
The following screen will appear . In the bottom, drop down box labeled Connect Using, click the arrow and choose the COM port to which the switch will connect. In the example below, COM1 is the port selected. Click OK.
Figure 4-3: COM Port Selection
4-2 Administration Console Telnet Interface
Page 21
700 Series Software Manual v2.1
When the following screen appears, make sure that the port setting are as follows:
4.
Baud Rate: 9600 Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None
Figure 4-4: Connection Settings
5.
Click OK.
The HyperTerminal window will open and you should be connected to the switch. If you do not see the welcome screen or a system menu, press the return key.
In order to use the arrow keys wh en a tta ch ed to the U s er Inte rfa ce via a Telnet Session, make sure the VT100 Arrows option is turned on. Under the terminal pull-down menu, choose Properties to set this option.
Introduction to the Command Menu Interface
The switch offers a Command Menu Interface (CMI), which is a menu-driven method for managing the switch, as well as a Command Line Interface (CLI), which uses text inputs to manage the switch. The CLI is accessed through the CMI, but is not addressed in this chapter.
Chapter 6 discusses the CLI in detail.
Administration Console Telnet Interface 4-3
Page 22
700 Series Software Manual v2.1
There are several characteristics to the CMI pages that are necessary to know before proceeding to use it. The TAB key or the arrow keys may be used to move within menus and sub-screens. At the bottom of every screen are some key commands available for that particular screen, as well as some helpful information.
The common keystrokes and their definitions and intricacies are listed below:
ESC Return to the previous menu or screen, or abort editing Tab Select field Ctrl-L Refresh the screen Ctrl-D Log off (password enabled) Ctrl-M Move to field (Switch Statistics and Port Configuration menus only) Ctrl-W Saves current configuration to Non-Volatile RAM (NVRAM) Spacebar Toggles between possible settings for a field Enter Select a menu item, edit a field, or accept a value after editing a field Ctrl-X Delete a table entry
The main menu displays all the sub-menus that are available. Pressing ‘Enter’ when an option is highlighted will confirm the choice of the specified sub-menu. The ‘hotkey’ or letter in front of each menu option can also be typed to directly choose that option. As shown below, there are six menu items to choose from:
Figure 4-5: Main Menu
To log out of the user interface, press Ctrl-D at any time during your telnet session. You will be brought back to the login screen (password enabled) or Main Menu (password disabled).
4-4 Administration Console Telnet Interface
Page 23
700 Series Software Manual v2.1
Main Menu> System
This screen displays the main menu System Information options. The user-definable options are: System Name, System Contact, System Location, IP Address, Default Gateway, and Subnet Mask. The System OID option is used for production testing.
Figure 4-6: System Information
Main Menu> Status
There are three Status sub-menus: Switch Statistics, Reset Statistics, and MAC Address Table.
Main Menu> Status >Switch Statistics
The Port-ID field allows you to choose a port to be observed. To get to the left side, use Ctrl-M to move to that field. The screen displays basic statistics associated with the highlighted port.
Administration Console Telnet Interface 4-5
Page 24
700 Series Software Manual v2.1
Figure 4-7: Switch Statistics
Main Menu> Status >Reset Statistics
The Reset Statistics menu allows you to reset the statistics counter to zero. When you choose this option, a prompt will appear asking you for a confirmation. Once the confirmation is made, the statistics counters will be reset to zero.
Figure 4-8: Reset Switch Statistics
Main Menu> Status > MAC Address Table
The MAC Address lookup table displays the MAC addresses that are currently in the address database. When addresses are in the database, the packets intended for those addresses are forwarded directly to those ports. You can filter out addresses in the table by port, VLAN, or MAC address by entering a value in those fields, and selecting Query.
4-6 Administration Console Telnet Interface
Page 25
700 Series Software Manual v2.1
Figure 4-9: Address Manager: MAC Address Table
Main Menu> Set-Up
There are four sub-menus under the Set-Up menu:
System Configuration
IP Configuration
Port Configuration
•GBIC
Main Menu> Set-Up> System Configuration
The System Configuration allows you to enter a number of system-related information for easy reference in the future. Such items include System Name, Contact Person, and System Location. The MAC address is also shown, but it is not user configurable.
Administration Console Telnet Interface 4-7
Page 26
700 Series Software Manual v2.1
Figure 4-10: System Configuration
Main Menu> Set-Up> IP Configuration
This menu manages the IP related information of the system. IP Assignment Mode. You can manually enter IP-related information:
Bootstrap Protocol, which allows the switch to discover its own IP address from a BootP server on the network
DHCP, which allows the switch to accept DHCP broadcasts from a DHCP server and automatically configures IP related information
The default setting is DHCP, to enable quick and easy set-up. However, since you need to know the IP address of your switch to remotely manage it and DHCP assignments can change, change the IP assignment mode from DHCP to manual after the switch has obtained its IP address.
Figure 4-11: Set-up Manager: IP Configuration
Note: In DHCP mode, if the switch fails to get a DHCP assignment, the switch defaults to
192.168.0.1 as its IP address.
If you are in the manual mode and need to configure the IP information, enter a site-specific IP address, Gateway Address, and Network Mask (or subnet mask). Consult yo ur network administrator for the information.
Press Ctrl-W to save any changes to NVRAM.
4-8 Administration Console Telnet Interface
Page 27
700 Series Software Manual v2.1
Main Menu> Set-Up> Port Configuration
On this page, you can set up the port characteristics related to link operations. All of the parameters on this page are toggle settings. To change, or toggle, between options, press Ctrl-M to move the curser to the ports field and simply press the space bar when the appropriate option is highlighted. To modify ports 17 to 26, you must tab through ports 1 to 16. The comm ents field is available for you to enter a description of the port.
Figure 4-12: Port Configuration
Port. The port number on the switch. Name. The name of the port. This is a user-defined label. Link. Indicates if the port is Up or Down. On/Off. Indicates if the port is enabled or disabled by the Administrator. Admin field. Allows you to Enable or Disable the port. State field. The State field displays the Spanning Tree State of the port (Blocking, Listening,
Learning, Forwarding, or Disabled). You can only observe the status of the ports; you cannot modify this field. The Spanning Tree Protocol controls this field.
Rate/Duplex field. Indicates the speed and duplex for the port. The possible entries are Auto-negotiation (Auto); 10 Mbps half duplex (10M Half); 10 Mbps full duplex (10M Full); 100 Mbps half duplex (100M Half); or 100 Mbps full duplex (100M Full).
Administration Console Telnet Interface 4-9
Page 28
700 Series Software Manual v2.1
Enabling auto-negotiation on a port allows a port to sense the communication speed and negotiate the duplex mode (full duplex or half duplex) automatically. The ports will select the highest possible throughput. The port can auto-negotiate with any port that is compliant with IEEE 802.3u. If the other port is not IEEE802.3u compliant, the port will default to half-duplex, 10 Mbps mode. You can operate the communication speed and duplex mode manually.
Flow Control. Allows you to enable or disable Flow Control. Flow control is a protocol that prevents packets from being dropped by reducing the amount of
traffic to a level that can be accommodated. If enabled on both ends of a connection, it will prevent the sender from sending data until the receiver can accept it. This switch complies with the IEEE802.3x flow control standard.
Main Menu> Set-Up> GBIC
This page allows you to choose the port type for the gigabit ports. The default is 1000BASE-T (RJ-45).
Figure 4-13: GBIC Port Configuration
All of the parameters on this page are toggle settings. To change, or toggle, between options, press Ctrl-M to move the curser to the ports field and simply press the space bar when the appropriate option is highlighted.
If you want to use a GBIC, the settings on this page must be set accordingly. The switch auto-detects if the media is copper or GBIC. This Auto-detect feature is enabled by default.
4-10 Administration Console Telnet Interface
Page 29
700 Series Software Manual v2.1
Note: Enabling the GBIC connector for a Gigabit Ethernet port disables the built-in 1000BASE-T port.
Main Menu> Tools
These system tools are provided:
Save Configuration to NVRAM
Restore Factory Values
Reset Switch
After making changes to any of the information on the screens in the console interface, you must save the changed settings to NVRAM. Save Configuration to NVRAM.
Figure 4-14: Save Settings to NVRAM & Restore Factory Values
To Save Configuration to NVRAM, select the Save option, and press either ‘Enter’ or ‘Y’ to save the configuration to NVRAM.
To Restore Factory Values, select the Restore Factory Values to reset the switch parameters to their original default settings. In order for changes to take effect, you must Reset the switch.
Note: Network IP settings (i.e. IP address, Gateway Address, Network Mask) will not be affected by this command.
To use the Reset Switch option, select it from the menu, which will restart the switch. Resetting the switch is the equivalent of turning the power off and on. Resetting the switch will clear the statistical counters to zero.
Administration Console Telnet Interface 4-11
Page 30
700 Series Software Manual v2.1
Main Menu> Security
This screen allows you to enable or disable the web and/or telnet interfaces, as well as change the user name and password. To use password protection, you must enable it. User names and passwords are case sensitive and can be up to 20 characters long. The factory default password is
password in lower case letters.
Figure 4-15: Security
Note: Using telnet, you can only enable/disable the web interface. You cannot enable/disable the telnet interface.
If you forget your password, contact NETGEAR technical support at 1-888-NETGEAR (in North America).
Main Menu> Advanced
The Advanced page allows professional users to operate more complicated features of the device, which include VLAN, Spanning Tree, Port Trunking, Multimedia support (IGMP), traffic prioritization, SNMP, and port mirroring. These features are powerful and can degrad e or disable a network if improperly used. The submenus are introduced below.
Port Mirroring: You can designate a port for monitoring traffic from one or more other ports or of a single VLAN configured on the switch. The switch monitors the network activity by copying all traffic from the specified monitoring sources to the designated monitoring port, to which a network analyzer can be attached.
4-12 Administration Console Telnet Interface
Page 31
700 Series Software Manual v2.1
Port Trunking: A feature that allows multiple links between switches to work as one virtual link (aggregate link). Trunks can be defined for similar port types only. For example, a 10/100 port cannot form a Port Trunk with a gigabit port. For 10/100 ports, trunks can only be formed within the same bank. A bank is a set of eight ports. Up to four trunks can be operating at the same time. T oggle the ports to the correct trunk number to set up a trunk. After clicking Apply, the trunk will be enabled. Spanning Tree will treat trunked ports as a single virtual port.
V irtual Cable Tester (available on some models): You can use this feature to test the continuity of the cable circuit.
Advanced Security: This menu option allows you to configure the advanced security settings of the switch to limit the access to the management interfaces with the following submenus:
System Authentication: You can configure the security settings of the switch by choosing
either to use basic password or RADIUS server to authenticate the user attempting to configure the switch. In addition, you can also set up IP filtering to allow only approved users on the network to configure the switch.
Port-Based Authentication: You can configure the ports of the switch for authentication
through a RADIUS server to authenticate a user attempting to connect to the network through a port on the switch.
Trusted MAC Address Table: You ca n set trusted MAC addresses to allow the switch to
forward traffic from.
MAC Address Lockdown Table: Shows all of the locked down MAC addresses that the
switch has learned. As it reaches the maximum number of MAC addresses (either per port or per system), the switch will lock down address learning for that saturated port or the whole system.
Advanced Tools: You can upgrade the software of the switch or save/load the switch configuration file to a TFTP server.
Traf fic Management: Class of Service (CoS), also referred to as Quality of Service (QoS), is a way of managing traffic in a network, by treating different types of traf fic with dif ferent levels of service priority. Higher priority traffic gets faster treatment during times of switch congestion. Priority can be based on VLAN tags, ports, or Differentiated Service Code Points (DSCP). You can configure the threshold for the maximum broadcast packets per port.
VLANs: A V irtual Local Area Network (VLAN) is a means to electronically separate ports on the same switch from a single broadcast domain into separate broadcast doma ins. By using VLAN, you can group by logical function instead of physical location. There are 64 VLAN supported on this switch.
Administration Console Telnet Interface 4-13
Page 32
700 Series Software Manual v2.1
Spanning Tree: Spanning Tree Protocol (STP) ensures that only one path at a time is active between any two network nodes. There are maybe more than two physical path between any two nodes for redundant paths; STP ensures only one physical path is active and the others are blocked. STP will prevent an inadvertent loop in a network, which can disable your network due to a “Broadcast storm”, the result of a broadcast message traveling through the loop again and again.
MAC: MAC address table. This menu allows you to set the aging time, as well as entering static MAC addresses to the switch.
Multimedia Support (IGMP): The Internet Group Management Protocol (IGMP) is an Internet protocol that provides a way for network devices to report multicast group membership to adjacent routers.
SNMP: You can use an SNMP-based Network Man agement Software program to manage your switch. This menu allows you to set up the appropriate tables to enable the switch to respond to SNMP queries.
Command Line: A user interface that allows you to configure the switch via a command line interface. See Chapter 6 for information about the Command Line Interface (CLI)
Main Menu> Advanced> Port Mirroring
This menu option allows you to enable the Port Mirroring capability . You need to specify both the Source and Monitor port.
Figure 4-16: Port Mirroring
The Monitor port will show a copy of every packet that arrives and departs at the Source port.
4-14 Administration Console Telnet Interface
Page 33
700 Series Software Manual v2.1
Main Menu> Advanced> Port Trunking
Port Trunking is a feature that al lows multiple links between switches to work as one virtual link or aggregate link.
Figure 4-17: Port Trunking
Trunks can be defined for similar port types only. For example, a 10/100 port cannot form a Port Trunk with a gigabit port. For 10/100 ports, trunks can only be formed within the same bank. A bank is ports 1 to 8, ports 9 to 16, ports 17 to 24, or port 25 and port 26 (using an FSM726 as an example), on the same switch unit. Up to four trunks can be enabled at the same time. To set up a trunk, use the space bar to select the ports that will participate in the trunk. Spanning Tree will treat trunked ports as a single virtual port.
Note: You must use straight-though cables for all links in the trunk. Do not use crossover cables. And, you must disable auto-negotiation on the ports in a trunk prior to setting up the trunk.
Main Menu> Advanced> Virtual Cable Tester
The virtual cable tester feature lets you test the continuity of the GBIOC cable circuit.
Figure 4-18: Virtual Cable Tester
Administration Console Telnet Interface 4-15
Page 34
700 Series Software Manual v2.1
The results are reported for the selected port. The test can take up to one minute. Note: Only the console menu will let you run the virtual cable tester on any port. Other
management interfaces require port access and therefore cannot reliably test the cable continuity of the port they are using to access the switch.
Main Menu> Advanced> Advanced Security
This menu option allows you to configure the advanced security settings of the switch to limit the access to the management interfaces.
Main Menu> Advanced> Advanced Security> System Authentication
Figure 4-19: Advanced Security
There are two advanced security options beyond the basic password protection: RADIUS client authentication and IP Filtering. If you have a RADIUS server on your network, you can have authentication of management access done through the RADIUS server. This does not affect traffic passing through the switch, but only authenticates access to the switch management. The same is true for IP Filtering. Here, you can allow only users with specific IP addresses to access the management features, thus preventing unauthorized personnel from configuring to t he switch.
Main Menu> Advanced> Advanced Security > Port-Based Authentication
This menu option allows you to configure the 802.1x security settings of the switch to require RADIUS authentication to access ports on the switch.
4-16 Administration Console Telnet Interface
Page 35
700 Series Software Manual v2.1
Figure 4-20: Port-Based Authentication
802.1x port-based authentication provides RADIUS client authentication and data encryption
features (see Appendix C, “802.1x Port-Based Authentication Overview”). If you have a RADIUS server on your network, you can have authentication of port access done through the RADIUS server. This does affect traffic passing through the switch, which can be helpful is securing your network from wireless eavesdropping when a wireless access point is connected to the switch. To enable 802.1x, provide the IP address of the RADIUS server, and the shared secret authentication key. The re-authentication timer determines how frequently the session will refresh the data encryption with a new key.
Main Menu> Advanced > Trusted MAC Address Table
This page shows all of the trusted MAC addresses you can set to allow the switch to forward traffic from. The maximum number of trusted MAC addresses is 128 per port and 1024 per system. Any traffic from MAC addresses that are not included in the trusted MAC address table will be dropped. There are three functions, which allow you to Add, Delete, or Query entries from the Trusted MAC Address Table.
Main Menu > Advanced > MAC Address Lockdown Table
This page shows all of the locked down MAC addresses that the switch has learned. To use the lockdown feature, you have to enable it first. After triggering the lockdown function, the maximum number of MAC addresses that a system can learn is 1024. As it reaches the maximun number of MAC addresses (either per port or per system), the switch will lock down address learning for that saturated port or the whole system. If an individual port has locked down, it will not accept any new MAC addresses until you remove some MAC addresses from the table.
Administration Console Telnet Interface 4-17
Page 36
700 Series Software Manual v2.1
Menu choices are Per Port Lockdown or Table. You can enable lockdown of a specific port in the Per Port Lockdown page. The Table page has two functions, which allow you to Remove or Query entries from the MAC Address Lockdown Table.
Main Menu> Advanced> Advanced Tools
This menu provides you with the ability to upgrade the software for the switch as well as saving or loading the switch configuration file to a TFTP server.
Main Menu> Advanced> Advanced Tools> Software Upgrade
If new improvements to the software that runs the switch become available, this menu enables you to upgrade your switch to the new software release.
Figure 4-21: Software Upgrade
Once the IP address of the TFTP and the path location of the new software image file is properly configured, you can choose to boot the switch using one of three options. Please refer to Chapter
3, “Software Upgrade Procedure” when updating software.
Net option:. This option allows you to try out a new image before upgrading. It requires a TFTP filename and a server IP address to retrieve the specified image from the given IP address. The new image will not overwrite the one in non-volatile memory.
Net & save option.This option requires the same setup as the Net option, i.e. TFTP server and a new image. However, it copies the image to non-volatile memory directly and then the system boots from non-volatile memory.
Warning: The previous image in non-volatile memory will be lost when the procedure completes.
4-18 Administration Console Telnet Interface
Page 37
700 Series Software Manual v2.1
Last Saved option. The system will boot from non-volatile memory. This option will automatically show up after the ‘Net & save’ option is selected and the unit is reset.
Main Menu> Advanced> Advanced Tools> Configuration Management
This menu allows you to save your configuration, in case you want to keep a copy for back-up purposes.
Warning: Do not edit your configuration file. Editing your file can cause your switch to lose its management capabilities, and possibly degrade its performance. Editing the configuration file will void your warranty.
Figure 4-22: Configuration Management
This menu also allows you to download your configuration file back to the switch to restore your settings.
Main Menu> Advanced> Traffic Management
Traffic management covers the methods to improve the performance of your network by differentiating traffic and limiting excess broadcast traffic.
Figure 4-23: Traffic Management
Administration Console Telnet Interface 4-19
Page 38
700 Series Software Manual v2.1
There are two means to differentiate traffic with this switch- VLAN tags or Differentiated Service Code Points (DSCP) in the header of data packets. By using either the VLAN tags (port-based ) or DSCP (DiffServ), you can configure the switch so that certain traffic will take priority over less critical traffic.
Main Menu> Advanced> Traffic Management> Port Priority
Figure 4-24: Traffic Prioritization
Main Menu> Advanced> Traffic Management> DiffServ
Differentiated Service (DiffServ) uses a priority tag in the packet, the Differentiated Service Code Point (DSCP), to determine the priority of the packet.
Figure 4-25: DiffServ
4-20 Administration Console Telnet Interface
Page 39
700 Series Software Manual v2.1
There are 64 different tags available. This menu maps the various DSCP tags to the two output queues on each port.
Main Menu> Advanced> Traffic Management> Broadcast Control
Broadcast control lets you set a threshold for the number of broadcast packets sent over a port.
Figure 4-26: Broadcast Control
Main Menu> Advanced> VLANS
A Virtual Local Area Network (VLAN) is a means to electronically separate ports on the same switch from a single broadcast domain into separate broadcast domains.
Figure 4-27: VLANS
By using VLAN, you can group by logical function instead of physical location. This switch supports up to 64 VLANs. This switch supports static, port-based VLANs. The VLAN Setup options are as follows:
Main Menu> Advanced> VLANS> VLAN Admin
Up to 64 VLANs with unique ID numbers and names can be added. VLAN ID numbers must be in the range of 1-4094. Per industry standard, the default VLAN has an ID of 1.
Administration Console Telnet Interface 4-21
Page 40
700 Series Software Manual v2.1
Figure 4-28: VLAN Administration
To add a VLAN, enter a unique numeric VLAN ID and then enter a unique VLAN name. To remove a port or an entire VLAN, just press Ctrl-X anywhe re on the line of the VLAN.
Main Menu> Advanced> VLANS> VLAN Membership
This matrix allows for real time management of up to 64 VLANs.
Figure 4-29: VLAN Membership
To add a port to a VLAN, position the cursor in the desired matrix location and toggle the options with the SPACE bar.
A ‘U’ or ‘T’ will be displayed for each port assigned to the VLAN, where ‘U’ stands for untagged and ‘T’ for tagged. If a port is an untagged member of a VLAN, the VLAN tag will be striped from the frame before it is sent out that port. If the port is a tagged member of a VLAN, the VLAN tag will stay in the frame when it is sent. A ‘_’ space indicates that the port is not a member of the particular VLAN, and will not receive or forward any traffic for that VLAN. VLAN tagging is a standard set by the IEEE to facilitate the spanning of VLANs across multiple switches. (Reference: Appendix B and IEEE Std 802.1Q-1998 Virtual Bridged Local Area Networks).
Main Menu> Advanced> VLANS> VLAN Ports
All untagged packets entering the switch will by default be tagged with the ID specified by the port’s PVID.
4-22 Administration Console Telnet Interface
Page 41
700 Series Software Manual v2.1
Figure 4-30: PVID Settings
This screen allows you to specify the PVID for each port. The number next to each port indicates which PVID is set for each port. Following industry standards, PVID 1 is the default PVID.
Main Menu> Advanced> Spanning Tree
This switch is compliant with IEEE802.1D Spanning Tree Protocol (STP).
Figure 4-31: Spanning Tree
STP ensures that only one path at a time is active between any two network nodes. There may be more than one physical path between any two nodes, forming a loop, either created for redundancy or by accident. STP ensures only one physical path is active and the others are blocked. If a loop is created for redundancy, STP will monitor the two paths and activate the stand-by path if the primary path fails. If a loop was created inadvertently, STP will disable one of the two paths. A loop in a network can disable your network by causing a “Broadcast storm”, the result of a broadcast message traveling through the loop again and again.
Main Menu> Advanced> Spanning Tree> Bridge Settings
Spanning Tree can be enabled or disabled in this screen.
Administration Console Telnet Interface 4-23
Page 42
700 Series Software Manual v2.1
Figure 4-32: Spanning Tree: Bridge Settings
When Spanning tree is used in conjunction with a set of aggregated ports, otherwise known as a port trunking, Spanning Tree will treat the trunk as a single virtual port.
Enable: There are four other tunable parameters to be addressed when enabled. Hello Time Time between configuration messages sent by the Spanning Tree algorithm Max Age Amount of time before a configuration message is discarded b y the system Forward Delay Amount of time system spent transitioning from the ‘learning’ to the
‘listening’ to the ‘forwarding’ states
Bridge Priority Priority setting among other switches in the Spanning Tree
Disable: Disable Spanning Tree algorithm on the system.
Main Menu> Advanced> Spanning Tree> Port Settings
For the Port Settings options, you can specify Spanning Tree port priority, cost, and Fastlink parameters for each port.
4-24 Administration Console Telnet Interface
Page 43
700 Series Software Manual v2.1
Table 4-1. STP Port Setting Parameters
PARAMETERS RANGE DESCRIPTION
Prty (Priority) 0-255 STP uses this to determine which path (which port) to use for
forwarding. The port with the lowest number has the highest priority .
Cost 1-65535 The switch uses this to determine which port is the forwarding port
when the priority is equal. All other factors equal, the path with the lowest cost to the root bridge will be the active path. The estimated path cost is the industry standard for the port speed. The default path cost is the maximum speed for the port.
Fastlink Enabled or
Disabled
When a Fastlink enabled port running standard STP is connected, it will go through the STP negotiation (listening -> learning -> forwarding or blocking) before it will be fully available.
Figure 4-33: Spanning Tree: Port Set tings
Fastlink in STP mode. If a client is trying to access a server through the switch running the STP negotiation, it will not be able to connect to it immediately. This can be a problem for some networks. Fastlink mode solves this problem by setting the port to direct forwarding mode, thus allowing any server access request to be forwarded. Fastlink mode can cause temporary loops in your network, but STP will find and eliminate them. Fastlink is best used on end node ports, i.e. ports connected to PCs or servers, and not on uplink ports to other switches.
Main Menu> Advanced> MAC Address Manager
Static Address and Address Aging can be configured here.
Administration Console Telnet Interface 4-25
Page 44
700 Series Software Manual v2.1
Figure 4-34: MAC
Main Menu> Advanced> MAC Address Manager> Aging Time
The aging time is the amount of time that an entry is kept in the bridge tables prior to being pur ged (or aged). The range (in parentheses) represents the minimum and the maximum values that the timer can be set. The industry standard default is 300 seconds.
Main Menu> Advanced> MAC Address Manager> Static Addresses
The Static Address Table allows you to specify Media Access Control (MAC) addresses for specific ports that will not be purged from the bridge table by the aging function.
Figure 4-35: MAC: Static Addre ss
Adding an entry. Type the MAC address under the first column, and press Enter. Then, enter the port number associated with that MAC address.If all the information is correct, the new entry will appear in the list, which is listed by port ID. Otherwise, an error message will be displayed and the cursor will return to the MAC Address field.
Removing an entry . Tab to the entry and press Ctrl-X. This will erase the MAC address from NVRAM. This action takes effect immediately; you do not need to use Ctrl-W to save the update.
4-26 Administration Console Telnet Interface
Page 45
700 Series Software Manual v2.1
Main Menu> Advanced> Multimedia Support
In networks where multimedia applications generate multicast traffic, Internet Group Multicast Protocol (IGMP) can greatly reduce unnecessary bandwidth usage by limiting traffic forwarding that is otherwise broadcast to the whole network. Enabling IGMP will allow individual ports to detect IGMP queries, report packets, and manage IP multicast traffic through the switch.
Main Menu> Advanced> Multimedia Support> Enable/Disable IGMP
Figure 4-36: Multimedia Support
Enable. The system will detect IGMP queries, report packets, and manage IP multicast traffic through the switch
Disable. The switch will forward traffic and disregard any IGMP requests.
Main Menu> Advanced> Multimedia Support> Static Multicast Administration
Use this menu to configure permanently reachable multicast groups.
Administration Console Telnet Interface 4-27
Page 46
700 Series Software Manual v2.1
Figure 4-37: Static Multicast Administration
The Static Multicast Administration menu lets you create individual groups by entering MAC addresses for your static multicast group. The membership of each group is configured in the Static Multicast Membership menu.
Main Menu> Advanced> Multimedia Support> Static Multicast Membership
Once the static multicast groups are defined in the Static Multicast Administration menu, you can use this menu to specify the membership of each group by specifying the ports that belong to each group.
Figure 4-38: Static Multicast Membership
4-28 Administration Console Telnet Interface
Page 47
700 Series Software Manual v2.1
Main Menu> Advanced> SNMP
Figure 4-39: SNMP Management
You can manage this switch using the Simple Network Management Protocol (SNMP) from a network management station. T o do so , you must configure your switch to participate in the SNMP community and you must add the SNMP host agent to the host table. This prevents unauthorized SNMP access to your switch from non-approved SNMP hosts.
Support for these Standard MIBs is included:
MIB II (RFC1213)
Ethernet Interface MIB (RFC1643)
Bridge MIB (RFC1493)
Private Enterprise MIB (see the Resource CD for Managed Switches)
4-Group RMON (RFC1757)
Main Menu> Advanced> SNMP> Community Table
You can create up to eight community strings which combine GET, SET, and TRAP privileges.
Figure 4-40: SNMP Management: Community Table
Administration Console Telnet Interface 4-29
Page 48
700 Series Software Manual v2.1
These community strings need to be set prior to setting host access, as the host table depends on the existence of community strings. The public string has GET privileges by default.
Main Menu> Advanced> SNMP> Host Table
The screen, shown in Figure 6-29, grants a host the access rights to the switch. Host Authorization is a security feature to limit people who are not listed in the host table from accessing the switch using SNMP.
Figure 4-41: SNMP Management: Host Table
To add a host, enter the host name, IP address, and the community string. Press Ente r after each entry to move to the next field. In the Status field, press the Spacebar until the desired Status is displayed. Press Ctrl-W to save all changes.
Main Menu> Advanced> SNMP> Trap Settings
When on, the system will generate an SNMP trap upon a host authorization failure. This failure occurs when a host tries to gain access to the system but the host’s IP is not in the SNMP host table.
Figure 4-42: SNMP Management: Trap Settings
With authentication traps enabled, the system generates a SNMP trap when a host authorization fails. Hosts in community strings with TRAP privileges are notified when a trap occurs.
4-30 Administration Console Telnet Interface
Page 49
700 Series Software Manual v2.1
Main Menu> Advanced> Command Line
A user interface that allows you to configure the switch via a command line interface. See
Chapter 6 for information about the Command Line Interface (CLI)
Administration Console Telnet Interface 4-31
Page 50
700 Series Software Manual v2.1
4-32 Administration Console Telnet Interface
Page 51
Chapter 5
Web-Based Management Interface
Your NETGEAR 700 Series Switches provides a built-in browser interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft Internet Explorer 5.0 or later or Netscape Navigator 6.0 or later.
This interface also allows for system monitoring and management of the switch. The ‘help’ page will cover many of the basic functions and features of the switch and it’s web interface.
When you configure the switch for the first time from the console, you can assign an IP address and subnet mask to the switch. Thereafter, you can access the switch’ s Web interface directly using your Web browser by entering the switch’s IP address into the address bar . In this way , you can use your Web b r owser to manage the switch from a central location, just as if you were directly connected to the switch’s console port. Figure 4-1 shows this management method.
Figure 5-1: Web Management Method
Web-Based Management Interface 5-1
Page 52
700 Series Software Manual v2.1
Web Based Management Overview
The 6 menu options available are: System, Status, Set-up, Tools, Security, and Advanced. There is a help menu in the top of right side of screen; you can click the ‘help’ or the question mark to read the help menu.
The help menu contains:
Web-Based Management Introduction to the Web management features.
Device Management Introduction of the basic icons and management of the device
Interface Operations Describes Web browser requirements, and common commands
Product Overview Describes supported SNMP and Web management features
Summary of Features Feature List
Within the various browser interface pages, there are several buttons that you can use. Their names and functions are below:
Reload: Pulls that screen’s data from current values on the system
Apply: Submits change request to system and refreshes screen data
Add: Adds new entries to table information and refreshes screen data
Remove: Removes selected entries from table and refreshes screen data
Reset: Resets the system, which is equivalent to power off /on.
Restore: Restores system factory default values, except password and IP.
Query: System will retrieve the useful information in database.
5-2 Web-Based Management Interface
Page 53
System Information
700 Series Software Manual v2.1
Figure 5-2: System information page
This welcome page displays system information, such as:
System Description
•System Name
System Contact
System Location
Current Local Time (according to your computer)
System Uptime
MAC Address
IP Address
Subnet Mask
Default Gateway
Software Version
System OID (used for production testing)
Web-Based Management Interface 5-3
Page 54
700 Series Software Manual v2.1
These parameters are not editable from this screen. Some of these can be modified in the Set Up> System Configuration page or the Set Up> IP Configuration page.
Status Menus
The Status page contains the following menu choices:
Figure 5-3: Status Menu navigation
“Status > Switch Statistics” on page 4-5
“Status > Port Statistics” on page 4-7
“Status > Error Statistics” on page 4-8
“Status > Most Active Ports” on page 4-9
“Status > Reset Statistics” on page 4-10
“Status > Port Settings” on page 4-10
“Status > MAC Address Table” on page 4-11
Each of these menus is covered in the following sections.
5-4 Web-Based Management Interface
Page 55
700 Series Software Manual v2.1
Status > Switch Statistics
The Switch Statistics Chart allows you to compare one type of statistic across all the ports. You can reset the counters in the Reset Statistics page.
Figure 5-4: Switch Statistics
You can configure the following options on the Switch Statistics Chart:
Statistics The type of system data to be monitored
Refresh Rate The time interval between automatic refreshes (5, 10, 15, 30 seconds)
Color The color setting for the chart
There are 24 kinds of Statistics that you can review on this screen:
Inbound Octet Rate: Received Byte per second.
Inbound Unicast Packet Rate: Received Unicast packet per second.
Inbound Non-unicast Packet rate: Received Non-unicast packet per second.
Inbound Discard Rate: Received and is discarded packet per second.
Inbound Error Rate: Received error packet per second.
Outbound Octet Rate: Transmitted byte per second.
Outbound Unicast Packet Rate: Transmitted unicast packet per second.
Web-Based Management Interface 5-5
Page 56
700 Series Software Manual v2.1
Outbound Non-unicast Packet Rate: Transmitted non-unicast packet per second.
Outbound Discard Rate: Transmitted and is discarded packet per second.
Outbound Error Rate: Transmitted error packet per second.
Ethernet Undersize Packet Rate: Less than 64byte length packet per second.
Ethernet Oversize Packet Rate: More than 1518byte length packet per second
Inbound Octets: Received bytes
Inbound Unicast Packets: Received unicast packet
Inbound Non-unicast Packets: Received non-unicast packet
Inbound Discards: Received and is being discarded packet.
Inbound Errors: Received and is a error packet
Outbound Octets: Transmitted byte
Outbound Unicast Packets: Transmitted unicast packet
Outbound Non-unicast Packets: Transmitted non-unicast packet.
Outbound Discards: Transmitted and is being discarded packet
Outbound Errors: Transmitted and is an Error packet.
Ethernet Undersize Packets: Less than 64byte length packet
Ethernet Oversize Packets: more than 1518 byte length packet.
5-6 Web-Based Management Interface
Page 57
Status > Port Statistics
700 Series Software Manual v2.1
Figure 5-5: Port Statistics
The Port Statistics Chart shows all the statistic types for one port over time. You can reset the counters in the Reset Statistics page.
Port The port on which data will be monitored.
Refresh Rate The time interval between automatic refreshes
Color The color setting for the data
There are 12 kinds of Port Statistics
Inbound Octets: Received bytes
Inbound Unicast Packets: Received unicast packet
Inbound Non-unicast Packets: Received non-unicast packet
Inbound Discards: Received and is being discarded packet.
Inbound Errors: Received and is a error packet
Outbound Octets: Transmitted byte
Outbound Unicast Packets: Transmitted unicast packet
Outbound Non-unicast Packets: Transmitted non-unicast packet.
Web-Based Management Interface 5-7
Page 58
700 Series Software Manual v2.1
Outbound Discards: Transmitted and is being discarded packet
Outbound Errors: Transmitted and is an Error packet.
Ethernet Undersize Packets: Less than 64byte length packet
Ethernet Oversize Packets: more than 1518 byte length packet.
Status > Error Statistics
Figure 5-6: Error Statistics
The Error Statistics Graph allows you to chart one type of statistic for any combination of ports. In the case of the Error Statistics Graph, the chart will present data across time so that fluctuations in time can be easily seen.
All charts have a maximum ceiling of more than 2.1 billion (2,147,483,647). You can see the value of each bar or line in the chart by clicking on the bar. The following will outline the settings for each type of graph.
Statistics The type of system errors to be monitored
Refresh Rate The time interval between automatic refreshes (5,10,15, 30 seconds)
Port Selection The port for data to be monitored
When all of the variables are set, click Draw.
5-8 Web-Based Management Interface
Page 59
Status > Most Active Ports
700 Series Software Manual v2.1
Figure 5-7: Error Statistics
This page allows you to view the transmission and reception utilization of top 10 ports. It is especially useful when you want to see the potential bottlenecks in the switch. A bottleneck is a port with egress traffic closing to line rate. The receive side picture indicates potential nodes causing the problem.
Refresh Rate: The time interval between automatic refreshes (5, 10, 15, 30 seconds).
There are four separate colors in the utilization bar to indicate four different types of packets:
Unicast: blue
Non-Unicast: black
Error: red
Drops: amber
All colors stack together to form a single column (total is up to 100%). There is a scale on the side to indicate the packet/seconds grid with 10% per notch.
Web-Based Management Interface 5-9
Page 60
700 Series Software Manual v2.1
Status > Reset Statistics
Figure 5-8: Statistics Counter Reset
The Reset Statistics screen lets you reset all statistics counters of the switch. By pressing on the Reset button, all counters will be set to 0.
Status > Port Settings
Figure 5-9: Port Settings
This page displays the port settings. To configure the ports, go to the ‘Port Configuration’ under the ‘Set-up’ sub menu.
Port: The port number on the switch
Name: The name of the port. This is a user-defined label.
5-10 Web-Based Management Interface
Page 61
700 Series Software Manual v2.1
Link: A green triangle pointing up indicates a valid link, while a red triangle
pointing down indicates no link.
On/Off: Indicates if the port is enabled or disabled by the Administrator.
State: This refers to the Spanning Tree state of the port. Ports will be Blocking
(Blk), Listening (Lis), Learning (Lrn), Forwarding (Fwd) or Disabled (Dis).
Speed: Indicates the speed and duplex for the port. The possible entries are
Auto-negotiation (Auto); 10 Mbps half duplex (10M Half); 10 Mbps full duplex (10M Full); 100 Mbps half duplex (100M Half); or 100 Mbps full duplex (100M Full).
Flow Control: Indicates whether Flow Control support is set for automatic (Auto) or off
(Disabled)
Priority Indicates if the port is set to high priority or normalpriority. This is an
advanced feature that is configured under Traffic Prioritization
Trunk ID Indicates if the port is a member of a trunk by showing the ID number of the
trunk. This is an advanced feature that is configured under Port Trunking
Status > MAC Address Table
Figure 5-10: MAC Address Table
The MAC Address Table is a dynamic address lookup table that allows you to view the dynamic MAC addresses that are currently in the address database. When a MAC address is in the database, the packets intended for that address are forwarded directly to that port. You can filter the displayed addresses by port, VLAN, and/or MAC address by checking those fields.
Web-Based Management Interface 5-11
Page 62
700 Series Software Manual v2.1
Set-up Menu
There are four kinds of configuration in the Setup page:
Figure 5-11: Setup menu
“Set-up> System Configuration” on page 4-12
“Set-up> IP Configuration” on page 4-13
“Set-up> Port Configuration” on page 4-14
“Set-up> GBIC” on page 4-15
Set-up> System Configuration
Figure 5-12: System Configuration
5-12 Web-Based Management Interface
Page 63
700 Series Software Manual v2.1
This page will allow access to the system information parameters. To do so:
1. Enter System Name, System Contact, or System Location.
2. Click Apply to change the System Configuration and save it in NVRAM.
3. Reset the system to implement the changes (> Save Configuration).
Set-up> IP Configuration
Figure 5-13: IP Configuration
This menu manages the IP related information of the system. IP Assignment Mode
Manual – You manually enter IP-related information
BootP – Bootstrap Protocol, which allows the FSM726 switch to discover its own IP address from a BootP server on the network
DHCP – The switch accepts DHCP broadcast from a DHCP server and automatically configures IP related information
Note: In DHCP mode, if the switch fails to get a DHCP assignment, the switch defaults to
192.168.0.1 as its IP address.
To enable quick and easy set-up, the default setting is DHCP. However, DHCP addresses change over time, and you need to know the IP address of your switch so that you can remotely manage it. After completing the initial setup, change the IP assignment mode from DHCP to manual.
If you choose Manual mode, enter site-specific IP address, Gateway address and Net mask.
Web-Based Management Interface 5-13
Page 64
700 Series Software Manual v2.1
Click Apply to change the IP settings Save Configuration to NVRAM and reset the system to implement the changes (Tools > Sa ve
Configuration).
Set-up> Port Configuration
Figure 5-14: Port Configuration
This menu allows you can configure the status of each port.
Port: The port number on the switch
Name: The name of the port. This is a user-defined label.
Link: A green triangle pointing up indicates a valid link, while a red triangle
pointing down indicates no link.
On/Off: Indicates if the port is enabled or disabled by the Administrator.
State: This refers to the Spanning Tree state of the port. Ports will be Blocking
(Blk), Listening (Lis), Learning (Lrn), Forwarding (Fwd) or Disabled (Dis).
Speed: Indicates the speed and duplex for the port. The possible entries are
Auto-negotiation (Auto); 10 Mbps half duplex (10M Half); 10 Mbps full duplex (10M Full); 100 Mbps half d up lex (1 00 M Half); or 100 Mbps full duplex (100M Full).
5-14 Web-Based Management Interface
Page 65
700 Series Software Manual v2.1
Flow Control: Indicates whether Flow Control support is set for automatic (Auto) or of f
(Disabled)
Set-up> GBIC
This page allows you to choose the port type for the gigabit ports. The default is 1000BASE-T (RJ-45).
Figure 5-15: Setup: GBIC
If you want to use a GBIC, the setting on this page must be set accordingly. The switch auto-detects if the media is copper or GBIC. This Auto-detect feature is enabled by default.
Note: Enabling the GBIC connector for a Gigabit Ethernet port disables the built-in 1000BASE-T port.
Web-Based Management Interface 5-15
Page 66
700 Series Software Manual v2.1
Tools Menu
The Tools page contains functions to maintain your switch.
Figure 5-16: Tools Menu
There is a firmware upgrade; the means to save current settings to non-volatile memory (NVRAM); as well as software reset mechanism. The page has two sub-pages:
“Tools> Save Configuration ” on page 4-16
“Tools> Restore Factory Defaults” on page 4-17
“Tools> Device Reset ” on page 4-18
Tools> Save Configuration
Figure 5-17: Save Configuration
5-16 Web-Based Management Interface
Page 67
700 Series Software Manual v2.1
After making any changes to the screens within the Web Interface, you can save the changed settings to NVRAM. If changes are not saved to NVRAM, then they will be lost during the next switch reset or reboot.
Tools> Restore Factory Defaults
Figure 5-18: Save Configuration
This page allows you to restore the factory configuration by clicking "Restore", the system saves the default settings (including password) into the NVRAM and resets itself.
Note: Network IP settings (i.e. IP address, Gateway Address, Network Mask) will not be affected by the Restore command.
Web-Based Management Interface 5-17
Page 68
700 Series Software Manual v2.1
Tools> Device Reset
Figure 5-19: Device Reset
In this screen you can reset (power cycle) the switch. Reset the switch by selecting 'Reset'
Security> Passwords
Figure 5-20: Security Menu
5-18 Web-Based Management Interface
Page 69
700 Series Software Manual v2.1
The user name and password can be up to 20 characters and are case sensitive. The password entered is encrypted on the screen and will display as a sequence of asterisks (*). The factory default password is
password in lower case letters.
On this page, you can:
Enable or disable password protection
Change the user name and password
Click Apply to activate the new password
Note: If you have enabled password protection without setting your own password, the default password is
password in all lower case letters.
Advanced Options
The following menu choices are available in the Advanced Section:
Figure 5-21: Advanced menu
Web-Based Management Interface 5-19
Page 70
700 Series Software Manual v2.1
“Advanced > Disable Advanced Alerting” on page 4-22
“Advanced > Port Mirroring” on page 4-22
“Advanced > Port Trunking” on page 4-23
“Advanced > Virtual Cable Tester” on page 4-23
“Advanced> Advanced Security” on page 4-24
“Advanced > Advanced Tools ” on page 4-28
“Advanced > Traffic Management” on page 4-31
“Advanced> VLANS” on page 4-32
“Advanced> Spanning Tree” on page 4-35
“Advanced> MAC” on page 4-37
“Advanced> Multimedia Support” on page 4-39
“Advanced> SNMP” on page 4-40
The Advanced page allows professional users to operate more complicated features of the device, which include VLAN, Spanning Tree, Port Trunking, Multimedia support (IGMP), traffic prioritization, SNMP, and port mirroring. These features are powerful and can degrad e or disable a network if improperly used.
Disable Advanced Alerting: When you select a feature in the Advanced menu, an alert will pop up to inform you that the changes you are about to make may have adverse effect on your network. Experienced users may use this option to disable these alerts.
Port Mirroring: You can designate a port for monitoring traffic from one or more other ports or of a single VLAN configured on the switch. The switch monitors the network activity by copying all traffic from the specified monitoring sources to the designated monitoring port, to which a network analyzer can be attached.
Port Trunking: A feature that allows multiple links between switches to work as one virtual link (aggregate link). Trunks can be defined for similar port types only. For example, a 10/100 port cannot form a Port Trunk with a gigabit port. For 10/100 ports, trunks can only be formed within the same bank. A bank is a set of eight ports. Up to four trunks can be operating at the same time. T oggle the ports to the correct trunk number to set up a trunk. After clicking Apply, the trunk will be enabled. Spanning Tree will treat trunked ports as a single virtual port.
V irtual Cable Tester (available on some models): You can use this feature to test the continuity of the cable circuit.
Advanced Security: You can configure the security settings of the switch by choosing either to use basic password or RADIUS server to authenticate the user attempting to configure the switch. In addition, you can also set up IP filtering to allow only approved users on the network to configure the switch.
5-20 Web-Based Management Interface
Page 71
700 Series Software Manual v2.1
Advanced Tools: You can upgrade the software of the switch or save/load the switch configuration file to/from a TFTP server.
Traffic Management (CoS): Class of Service (CoS), also referred to as Quality of Service (QoS), is a way of managing traffic in a network, by treating different types of traffic with different levels of service priority. Higher priority traffic gets faster treatment during times of switch congestion. Priority can be based on VLAN tags, ports, or Differentiated Service Code Points (DSCP).
Broadcast Control: You can configure the threshold for the maximum broadcast packets per port.
VLANs: A V irtual Local Area Network (VLAN) is a means to electronically separate ports on the same switch from a single broadcast domain into separate broadcast doma ins. By using VLAN, you can group by logical function instead of physical location. There are 64 VLAN supported on this switch.
Spanning Tree Protocol (STP) ensures that only one path at a time is active between any two network nodes. There are maybe more than two physical path between any two nodes for redundant paths; STP ensures only one physical path is active and the others are blocked. STP will prevent an inadvertent loop in a network, which can disable your network due to a “Broadcast storm”, the result of a broadcast message traveling through the loop again and again.
MAC: MAC address table. This menu allows you to set the aging time, as well as entering static MAC addresses to the switch.
Multimedia Support (IGMP): The Internet Group Management Protocol (IGMP) is an Internet protocol that provides a way for network devices to report multicast group membership to adjacent routers.
SNMP: You can manage the switch SNMP from a SNMP network management station. You can define SNMP communities and assign access rights to each SNMP community. The SNMP Host Table pa ge allows you to add and remove access rights that have been granted to community groups from specified hosts. While enabled, the system generates an SNMP trap upon a host authentication failure.
Web-Based Management Interface 5-21
Page 72
700 Series Software Manual v2.1
Advanced > Disable Advanced Alerting
Figure 5-22: Advanced > Disable Advanced Alerting
To prevent ac cidental use, warnings appear when an advanced feature is selected. This screen allows experienced users to bypass these warnings during a browser session. The warnings will be re-activated at the next browser session in case another, less experienced user is accessing the switch.
Advanced > Port Mirroring
Figure 5-23: Figure 4-18. Port Mirroring
5-22 Web-Based Management Interface
Page 73
700 Series Software Manual v2.1
Port mirroring is a feature to help in the debugging of a network. This web interface page allows the enabling or disabling of port mirroring and the setting of source and monitor ports. The monitor port will show a copy of every packet that arrives or leaves the source port.
Advanced > Port Trunking
Figure 5-24: Port Trunking
Port Trunking is a feature that al lows multiple links between switches to work as one virtual link (aggregate link). Trunks can be defined for similar port types only. For example, a 10/100 port cannot form a Port Trunk with a gigabit port. For 10/100 ports, trunks can only be formed within the same bank. A bank is a group of 8 10/100 ports or 2 gigabit ports, for example, ports 1 to 8, ports 9 to 16, ports 17 to 24, or port 25 and port 26, on the same switch un it. Up to four trunks can be enabled at the same time. To set up a trunk, click on the ports that will participate in the trunk. Spanning Tree will treat trunked ports as a single virtual port.
Note: You must use straight-though cables for all links in the trunk. Do not use crossover cables. Also, you must disable auto-negotiation on the ports in a trunk prior to setting up the trunk.
Advanced > Virtual Cable Tester
The virtual cable tester feature lets you test the continuity of the GBIOC cable circuit.
Note: This feature is available on some models of the 700 Series. It is not available on the
FSM726.
Web-Based Management Interface 5-23
Page 74
700 Series Software Manual v2.1
Figure 5-25: Virtual Cable Tester
The results are reported for the selected port. The test can take up to one minute. Note: Only the console menu will let you run the virtual cable tester on any port. Other
management interfaces require port access and therefore cannot reliably test the cable continuity of the port they are using to access the switch.
Advanced> Advanced Security
Advanced Security includes four subpages:
System Authentication
Port-Based Authentication
Trusted MAC Address Table
MAC Address Lockdown Table
5-24 Web-Based Management Interface
Page 75
700 Series Software Manual v2.1
Advanced > Advanced Security > System Authentication
Figure 5-26: System Authentication
This menu option allows you to configure the advanced security settings of the switch to limit the access to the management interface. There are two advanced security options beyond the basic password protection: RADIUS client authentication and IP Filtering. If you have a RADIUS server on your network, you can have authentication of management access done through the RADIUS server. This does not affect traffic passing through the switch, but only authenticates access to the switch management. The same is true for IP Filtering. Here, you can allow only users with specific IP addresses to access the management features, thus preventing unauthorized personnel from configuring the switch.
Advanced > Advanced Security > Port-Based Authentication
This menu option allows you to configure the 802.1x security settings of the switch to require RADIUS authentication to access ports on the switch.
Web-Based Management Interface 5-25
Page 76
700 Series Software Manual v2.1
Figure 5-27: Port-Based Authentication
802.1x port-based authentication provides RADIUS client authentication and data encryption
features (see Appendix C, “802.1x Port-Based Authentication Overview”). If you have a RADIUS server on your network, you can have authentication of port access done through the RADIUS server. This does affect traffic passing through the switch, which can be helpful in securing your network from wireless eavesdropping when a wireless access point is connected to the switch. To enable 802.1x, provide the IP address of the RADIUS server, and the shared secret authentication key. The re-authentication timer determines how frequently the session will refresh the data encryption with a new key.
Advanced > Advanced Security > Trusted MAC Address Table
This page shows all of the trusted MAC addresses you can set to allow the switch to forward traffic from. The maximum number of trusted MAC addresses is 128 per port and 1024 per system. Any traffic from MAC addresses that are not included in the trusted MAC address table will be dropped. There are three functions, which allow you to Add, Remove, or Query entries from the Trusted MAC Address Table.
5-26 Web-Based Management Interface
Page 77
700 Series Software Manual v2.1
Figure 5-28: Trusted MAC Address Table
Advanced > Advanced Security > MAC Address Lockdown Table
This page shows all of the locked down MAC addresses that the switch has learned. To use the lockdown feature, you have to enable it first. After triggering the lockdown function, the maximum number of MAC addresses that a system can learn is 1024. As it reaches the maximun number of MAC addresses (either per port or per system), the switch will lock down address learning for that saturated port or the whole system. If an individual port has locked down, it will not accept any new MAC addresses until you remove some MAC addresses from the table. There are two functions, which allow you to Remove or Query entries from the MAC Address Lockdown Table.
Web-Based Management Interface 5-27
Page 78
700 Series Software Manual v2.1
Figure 5-29: MAC Address Lockdown Table
Advanced > Advanced Tools
Use the advanced tools menu to upgrade the software for the switch through a variety of options using the TFTP protocol and to customize the configuration file of the switch. These are tasks that require advanced expertise.
5-28 Web-Based Management Interface
Page 79
Advanced > Advanced Tools > Software Upgrade
Figure 5-30: Advanced Tools, Software Upgrade menu
700 Series Software Manual v2.1
This menu provides you with the ability to upgrade the software for the switch through a variety of options using TFTP protocol.
If new improvements to the switch software become available, this menu enables you to upgrade to the new software. Once the IP address of the TFTP and the path location of the new software image file is properly configured, you can choose to boot the switch using one of three options. Please refer to Chapter 3, “Software Upgrade Procedure” when updating software.
option
Net This option allows the user to try out a new image before upgrading. It requires a TFTP filename
and a server IP address to retrieve the specified image from the given IP address. The new image will not overwrite the one in non-volatile memory. This is the recommended first step.
Net & save
option
This option requires the same setup as the Net option, i.e. TFTP server and a new image. However, it copies the image to non-volatile memory and then the system boots from non-volatile memory.
Warning: The previous image in non-volatile memory will be lost when this procedure completes. Last Saved
option
Web-Based Management Interface 5-29
Page 80
700 Series Software Manual v2.1
The system will boot from non-volatile memory . This option wi ll au tomatically show up after the ‘Net & save’ option is selected and the unit is reset.
Advanced > Advanced Tools > Configuration Management
Figure 5-31: Configuration Management
Warning: Do not edit your configuration file. Editing your file can cause your switch to lose its management capabilities, and possibly degrade its performance. Editing the configuration file will void your warranty.
This menu allows you to save your configuration, in case you want to keep a copy for back-up purposes. We do not recommend editing your configuration file as many editors introduce unwanted characters that change the way the switch behaves.
You also can choose the switch password saving mode, either Clear Text or Encrypted for security reasons. If you select "Clear Text", your password will be readable in the configuration file.
This menu also allows you to download your configuration file back to the switch to restore your settings. After entering your settings, click "Upload to Server" if you want to upload the configuration file to a TFTP server or click "Download from Server" if you want to download configuration file from a TFTP server.
5-30 Web-Based Management Interface
Page 81
700 Series Software Manual v2.1
Advanced > Tr affic Management
Traffic management covers the methods to improve the performance of your network by differentiating traffic and limiting excess broadcast traffic. There are two means to differentiate traffic with this switch- VLAN tags or using Differentiated Service Code Points (DSCP) in the header of data packets. By using either the VLAN tags (port-based) or DSCP (Dif fServ ), yo u can configure the switch so that certain traffic will take priority over less critical traffic.
Advanced > Traffic Management > Traffic Priority
Port Priority allows the user to specify which ports have greater precedence in situations where traffic may be buffered in the switch due to congestion.
Figure 5-32: Traffic Prioritization Settings
Traf fic that comes in on ports with a setting of ‘high’ will be transmitted before those that come in on a port with a ‘normal’ setting. The settings on this page only affect packets that do not already have VLAN priority tags. To raise the priority of a given port, toggle the port’s setting from ‘normal’ to ‘high’. The default setting for a port is ‘normal’.
You may choose to further differentiate packet priority by using the Differentiated Service (DiffServ) feature. DiffServ uses a priority tag in the packet, the Differentiated Service Code Point (DSCP), to determine the priority of the packet. There are 64 different tags available. This menu maps the various DSCP tags to the two queues in the switch.
Web-Based Management Interface 5-31
Page 82
700 Series Software Manual v2.1
Advanced > Traffic Management > Broadcast Control
Broadcast control lets you set a threshold for the number of broadcast packets sent over a port.
Figure 5-33: Broadcast Control menu
You can specify each port's threshold or apply the same threshold to all ports simply by entering the number in the Broadcast Control Rate field and clicking Apply to All Ports.
Advanced> VLANS
VLANs: A Virtual Local Area Network (VLAN) is a means to electronically separate ports on the same switch from a single broadcast domain into separate broadcast domains. By using VLAN, users can group by logical function instead of physical location. There are 64VLAN supported on this switch. This switch supports static, port-based VLANs.
5-32 Web-Based Management Interface
Page 83
700 Series Software Manual v2.1
Advanced> VLAN> Primary VLAN
Figure 5-34: Primary VLAN
A ‘U’ or ‘T’ will be displayed for each port assigned to the VLAN, where ‘U’ stands for untagged and ‘T’ for tagged. If a port is an untagged member of a VLAN, the VLAN tag will be striped from the frame before it is sent out that port. If the port is a tagged member of a VLAN, the VLAN tag will stay in the frame when it is sent. A blank indicates that the port is not a member of the particular VLAN, and will not get any traffic for that VLAN. The VLAN tagging option is a standard set by the IEEE to facilitate the spanning of VLANs across multiple switches (Reference:
Appendix A, “Virtual Local Area Network” and IEEE Std 802.1Q-1998 Virtual Bridged Local
Area Networks). From this menu, you can create a new VLAN, add new ports to an existing VLAN, remove ports
from an existing VLAN or, delete a VLAN. Create a new VLAN Group:
1. Under the Show VLAN drop-down menu, select Add a new VLAN.
2. Enter the VLAN Id and name in the provided fields.
3. Add VLAN members if so desired. (See below).
4. Click Apply.
Delete a VLAN Group:
1. Check the Remove VLAN box for the VLAN you want to remove.
2. Click Apply.
Web-Based Management Interface 5-33
Page 84
700 Series Software Manual v2.1
Add a port to a VLAN Group:
1. Under the ‘Show VLAN’ drop down menu, select the VLAN you want to edit.
2. Click the box below the port number on the line of the VLAN so that a ‘T’ (tagged) or ‘U’
(untagged) appears.
3. Click Apply.
Remove a port from a VLAN Group:
1. Click the box again until a blank box appears. This will remove VLAN membership from the
port.
2. Click Apply.
Advanced> VLAN> VLAN Ports
Figure 5-35: VLAN Port Settings
All untagged packets entering the switch will by default be tagged with the ID specified by the port’s PVID. This screen allows you to specify the PVID for each port. The number next to each port indicates which PVID is set for each port. Following industry standards, PVID 1 is the default PVID.
5-34 Web-Based Management Interface
Page 85
700 Series Software Manual v2.1
Advanced> Sp anning Tree
This switch is compliant with IEEE802.1D Spanning Tree Protocol (STP). STP ensures that only one path at a time is active between any two network nodes. There maybe more than one physical path between any two nodes, forming a loop, either created for redundancy or by accident. STP ensures only one physical path is active and the others are blocked. If a loop is created for redundancy, STP will monitor the two paths and activate the stand-by path if the primary path fails. If a loop was created inadvertently, STP will disable one of the two paths. A loop in a network can disable your network by causing a “Broadcast storm”, the result of a broadcast message traveling through the loop again and again.
There are two sub-page of Spanning Tree configuration:
Bridge Settings
Port Settings
Advanced> Spanning Tree >Bridge Settings
Figure 5-36: Spanning Tree: Bridge Settings
When Spanning tree is used in conjunction with a set of aggregated ports, also known as a port trunking, Spanning Tree will treat the trunk as a single virtual port.
Web-Based Management Interface 5-35
Page 86
700 Series Software Manual v2.1
Spanning Tree can be enabled or disabled in this screen. Enable: There are four other tunable parameters to be addressed when enabled.
Hello Time Time between configuration messages sent by the Spanning Tree algorithm Max Age Amount of time before a configuration message is discarded b y the system Forward Delay Amount of time system spent transitioning from the ‘learning’ to the
‘listening’ to the ‘forwarding’ states
Bridge Priority Priority setting among other switches in the Spanning Tree
Disable: Disable Spanning Tree algorithm on the system.
Advanced> Spanning Tree > Port Settings
Figure 5-37: Figure 4-26. Spanning Tree: Port Settings
For the Port Settings options, you can specify Spanning Tree port priority, cost, and Fastlink parameters for each port.
5-36 Web-Based Management Interface
Page 87
700 Series Software Manual v2.1
Table 5-1. STP Port Setting Parameters
PARAMETERS RANGE DESCRIPTION
Prty (Priority) 0-255 STP uses this to determine which path (which port) to use for
forwarding. The port with the lowest number has the highest priority .
Cost 1-65535 The switch uses this to determine which port is the forwarding port
when the priority is equal. All other factors equal, the path with the lowest cost to the root bridge will be the active path. The estimated path cost is the industry standard for the port speed. The default path cost is the maximum speed for the port.
Fastlink Enabled or
Disabled
When a Fastlink enabled port running standard STP is connected, it will go through the STP negotiation (listening -> learning -> forwarding or blocking) before it will be fully available.
Fastlink in STP mode. If a client is trying to access a server through the switch running the STP negotiation, it will not be able to connect to it immediately. This can be a problem for some networks. Fastlink mode solves this problem by setting the port to direct forwarding mode, thus allowing any server access request to be forwarded. Fastlink mode can cause temporary loops in your network, but STP will find and eliminate them. Fastlink is best used on end node ports, i.e. ports connected to PCs or servers, and not on uplink ports to other switches.
Advanced> MAC
There are two advanced MAC setup configurations options:
Aging Time
Static Address
Web-Based Management Interface 5-37
Page 88
700 Series Software Manual v2.1
Advanced> MAC> Address Aging
Figure 5-38: MAC > Address Aging
Aging Time is a variable that must be co nfigured. Its purpose is to determine the amount of time an entry is held in the forwarding tables while no activity occurs from that address. Entries should be removed to update the table for MAC addresses that have moved or are turned off.
The industry standard default value is 300 seconds (5 minutes).
The administrator may change this value to any value between 10 and 1,000,000 seconds.
After changing the value, click ‘Apply’
Advanced> MAC> Static Addresses
Figure 5-39: MAC > Static Addresses
5-38 Web-Based Management Interface
Page 89
700 Series Software Manual v2.1
Any system, whose MAC address and the port number are listed in this screen, will not be purged from the system’s forwarding table by the aging process.
1. Add a new entry
2. Enter the MAC address and port in the appropriate boxes
3. Click Add
4. Remove an exist entry
5. Highlight that entry in the table, by clicking on the MAC address
6. Choose Remove
Advanced> Multimedia Support
Use the advanced multimedia support menu to manage high-bandwidth network traffic by enabling/disabling Internet Group Multicast Protocol (IGMP) traffic and configuring static multicast groups. These are tasks that require advanced expertise.
Advanced> Multimedia Support>Enable/Disable IGMP
Figure 5-40: Multimedia Support > Enable/Disable IGMP
In networks where multimedia applications generate multicast traffic, IGMP can great ly reduce unnecessary bandwidth usage by limiting traffic forwarding that is otherwise broadcast to the whole network. Enabling IGMP will allow individual ports to detect IGMP queries, report packets, and manage IP multicast traffic through the switch.
Web-Based Management Interface 5-39
Page 90
700 Series Software Manual v2.1
Enable. The system will detect IGMP queries, report packets, and manage IP multicast traffic through the switch
Disable. The switch will forward traffic and disregard any IGMP requests.
Advanced>Multimedia Support> Static Multicast Groups
Figure 5-41: Multimedia Support > Static Multicast Groups
You can use this menu to configure permanently reachable multicast groups. The Static Multicast Administration menu lets you create individual groups by entering a MAC address of your static multicast group. Click on the ports to add them to the multicast group.
Advanced> SNMP
You can manage this switch using the Simple Network Management Protocol (SNMP) from a network management station. T o do so , you must configure your switch to participate in the SNMP community and you must add the SNMP host agent to the host table. This prevents unauthorized SNMP access to your switch from non-approved SNMP hosts.
Support for these Standard MIBs is included:
MIB II (RFC1213)
Ethernet Interface MIB (RFC1643)
Bridge MIB (RFC1493)
Private Enterprise MIB (see the Resource CD for Managed Switches)
5-40 Web-Based Management Interface
Page 91
700 Series Software Manual v2.1
4-Group RMON (RFC1757)
Advanced> SNMP> Community Table
Figure 5-42: Figure 4-31. SNMP Management: Community Table
The administrator can create up to eight different community strings with combinations of GET, SET and TRAP privileges. These community strings need to be set prior to setting host access, as the host table depends on the existence of community strings. The public string has GET privileges by default.
Advanced> SNMP> Host Table
Figure 5-43: SNMP Management > Host Table
Web-Based Management Interface 5-41
Page 92
700 Series Software Manual v2.1
The SNMP Host Table screen allows you to add and remove hosts from access rights that have been granted to community groups. The permissions GET, SET and TRAP are assigned to a community name and then these permissions are assigned to individual machines by adding those machines and their IP address to the appropriate community string. Host Authorization can be Enabled or Disabled.
Host Authorization is a security feature to limit people who are not listed in the host table from accessing the switch using SNMP.
Advanced> SNMP> Trap Setting
Figure 5-44: Figure 4-33. SNMP Management > Trap Settings
With authentication traps enabled, the system generates a SNMP trap when a host authorization fails. Hosts in community strings with TRAP privileges are notified when a trap occurs.
5-42 Web-Based Management Interface
Page 93
Chapter 6
Command Line Interface
The 700 Series Switches features a Command Line Interface (CLI) designed for expert users who are familiar with common CLIs in use in the market. The CLI follows a tiered structure, enabling different commands at different levels or sections of the CLI.
Manual Syntax
Before discussing the details of the CLI operation, the syntax of the CLI commands used in this manual are listed below:
The CLI syntax is presented in bold ariel text with the 700 Series Managed switch model number followed by a “#”, such as in this example:
FSM726# show spanning-tree interface ethernet <x/y>
In a paragraph with other text, command keywords included are in regular courier font.
The required fields in a command are enclosed in angle brackets (<>), for instance, system password <password>
The optional field in a command are enclosed in square brackets ([]), for instance,
system radius authen-mode [local | local-then-remote | remote]
Command refers to a command used in the command line interface (CI Command)
Entering the CLI
The CLI is an option within the Command Menu Interface (CMI), so you must be using either the console port or a telnet session to use the CLI. See Chapter 4, “Administration Console Telnet
Interface” for information on connecting to the CMI. Once in the CMI, select Advanced, then
Command Line. You will see a prompt similar to this. This is known as the root prompt. FSM726# Note: Your prompt may look different if you gave your switch a different name.
Command Line Interface 6-1
Page 94
700 Series Software Manual v2.1
Once you see the root prompt, you are in CLI mode. If you have a question on what commands you can use, type a question mark ‘?’ at the prompt. A
list of available commands will be presented to you. There are five items in the root prompt.
“Configure” on page 5-13
“Exit” on page 5-3
“Help” on page 5-2
“Ping” on page 5-2
“Show” on page 5-3
These five items will be covered below.
Help
The help command displays instructions on how to access help on the CLI. Syntax:
FSM726# Help FSM726# ?
To access Help on specific command, you enter a question mark behind the command in question, then a list of available options will be presented to you. For example, suppose you want to know the available options to the command cos. You would enter
cos ?.
Ping
The ping command is used to check network connectivity. It lets you send a small packet to a particular host. Once the host receives the packet, it will return the packet to its source. The time the packet takes for this round trip is recorded in milliseconds. If the destination host is not available, an error message is returned.
Syntax
FSM726# ping <IP address>
6-2 Command Line Interface
Page 95
700 Series Software Manual v2.1
Where
<IP Address> = the IP address of the destination host
Exit
The exit command moves you up one level in the CLI structure. For example, when you are in configuration mode, and the prompt looks like
FSM726(config)#. By entering exit at the
prompt, you will exit the configuration mode and be taken back to the root level, where the prompt looks like
FSM726#. When you enter the exit command at the root level, you will return to the
CMI. Syntax
FSM726# exit
Show
You can use the show command to view system configuration. The information that can be shown falls into the following categories:
DiffServ – DiffServ settings. See “Show DiffServ” on page 5-4.
Dot1x – Shows 802.1x settings. See “Show Dot1x” on page 5-4.
Interfaces – Interface status & configuration. See “Show Interfaces” on page 5-4.
IP – IP information. See “Show IP” on page 5-5.
Mac-address-table – the MAC address table and other related items, such as aging timers and static addresses. See “Show Mac-Address-T able” on page 5-5.
Mirror – Mirroring settings. See “Show Mirror” on page 5-7.
Multimedia – IGMP settings. See “Show Multimedia” on page 5-7.
Running-config – Current operating configuration. See “Show Running-Config” on page 5-7.
SNMP – SNMP related information. See “Show SNMP” on page 5-8.
Spanning-tree – the Spanning Tree topology. See “Show Spanning Tree” on page 5-9.
System – System-related settings. See “Show System” on page 5-10.
Trunking – Trunking information. See “Show Trunking” on page 5-11.
VLAN – VLAN information. See “Show VLAN” on page 5-11.
Command Line Interface 6-3
Page 96
700 Series Software Manual v2.1
Show DiffServ
Use the show diffserv command to view the priority associated with each DSCP value. Syntax
FSM726# show diffserv
An example of the partial output is shown below. DSCP Priority ==== ========
0 normal 1 normal 2 normal 3 normal 4 normal 5 normal 6 normal
Show Dot1x
Use the show dot1x command to show the authentication server IP, shared secret, and the Reauthentication Timer value.
Each port is listed with the 802.1x state, which can be forced authorized, forced unauthorized (deny client to access network), or auto detected. The Reauthentication Timer value specifies the time interval between the authentication server's checks of users connected to the network. The default time interval is 3600 seconds.
Show Interfaces
The show interface command displays such information as port statistics, duplex, speed, and other port-related information.
Syntax
6-4 Command Line Interface
Page 97
700 Series Software Manual v2.1
FSM726# show interface Ethernet <x/y>
Where
<x/y> = x is the stack number (always 1 in FSM726), y is the port number
An example of the display output is shown below. FastEthernet1/23 is Up
Hardware is Fast Ethernet Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX pvid is: 1 cos is normal broadcast rate limit is 1488100 packets/second input: 63994 Bytes, 489 Unicast Packets, 83 Non-unicast Packets 0 Packet Discards, 0 Packet Errors 0 Undersized Packets, 0 Oversized Packets output: 223115 Bytes, 484 Unicast Packets, 4 Non-unicast Packets 0 Packet Discards, 0 Packet Errors
Show IP
The show IP s IP information Syntax
FSM726# show ip
An example of the display output is shown below. IP Assignment Mode: Manual
IP address: 169.254.224.1 Subnet mask: 255.255.0.0
Show Mac-Address-Table
The show mac-address-table command displays a variety of information on the status and content of the MAC-address-table.
Command Line Interface 6-5
Page 98
700 Series Software Manual v2.1
Aging Time
The
show mac-address-table aging-timer command is used to display the aging timer of
the mac-address-table. Syntax
FSM726# show mac-address-table aging-timer
Dynamic
show mac-address-table dynamic command displays the dynamically learned MAC
The addresses.
Syntax
FSM726# show mac-address-table dynamic
An example of the display output is shown below. Destination Address Address Type Destination Port
------------------- ------------ ----------------
00.06.5b.69.3d.be Dynamic FastEthernet1/23
Multicast-Static
The
show mac-address-table multicast-static command displays the static multicast
addresses Syntax
FSM726# show mac-address-table multicast-static
Static
show mac-address-table static command displays configured static addresses.
The Syntax
FSM726# show mac-address-table static
6-6 Command Line Interface
Page 99
700 Series Software Manual v2.1
Show Mirror
The show mirror command displays mirroring configurations of the switch. Primarily, it shows which ports are mirroring and being mirrored.
Syntax
FSM726# show mirror
An example of the output is shown below. Port Mirroring is: Enabled
Source: 1/23 Monitor: 1/1
Show Multimedia
The show multimedia command displays IGMP and HPO status, indicating whether they are enabled or disabled
Syntax
FSM726# show multimedia
Show Running-Config
The show running-config command displays the current running configuration. It displays a great deal of information, including system information, interface status of each port, VLAN configuration, DiffServ, and SNMP con f iguration among other things.
Syntax
FSM726# show running-config
A partial example of the display output is shown below. snmp-server name Not Defined snmp-server location Wiring Closet #1 snmp-server contact Tom ! snmp-server community public RO snmp-server community Tom WO snmp-server host-authorization !
Command Line Interface 6-7
Page 100
700 Series Software Manual v2.1
vlan database vlan 1 Default exit ! interface Ethernet 1/1 cos Normal description Not Defined no shutdown speed 100 duplex full flow-ctrl negotiation auto switchport access vlan untagged 1 switchport access native 1 mirror-­ mirror monitor spanning-tree port-priority 128 spanning-tree cost 19 no spanning-tree fastlink exit interface Ethernet 1/2 cos Normal description Not Defined no shutdown speed 100 duplex full flow-ctrl negotiation auto switchport access vlan untagged 1 switchport access native 1 spanning-tree port-priority 128 spanning-tree cost 19 no spanning-tree fastlink exit
--More--
Show SNMP
The show snmp command displays system information that will be reported to an SNMP agent, including the Contact and the Location.
6-8 Command Line Interface
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use