ページ先へ移動 of 310
350 East Plumeria Drive San Jose, CA 95134 USA March 2013 202-1 1254-02 v2.0 XS712T Smart S w it c h Sof t ware Ad mi ni st r a tion M anu al.
2 XS712T Smart Switch ® NETGEAR, Inc. All rights reserved No part of this publication may be re produced, transmitted, tran scribed, stored in a retrie val system, or translated into any langu age in any form or by any me ans without the written permission of NETGEAR, Inc.
T able of Contents | 3 Content s Chapter 1 Getting Started Getting Started with the XS712T Smart Switch . . . . . . . . . . . . . . . . . . . . . . 7 Connect the Switch to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Discover a Switch in a Networ k with a DHCP Server .
4 XS712T Smart Switch Protocol Based VLAN Group Configuration . . . . . . . . . . . . . . . . . . . . . . 90 Protocol Based VLAN Group Membe rship . . . . . . . . . . . . . . . . . . . . . . . 91 Auto-VoIP Configuration . . . . . . . . . . . . . . . .
5 XS712T Smart Switch Chapter 6 Managing Device Security Management Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Change Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6 XS712T Smart Switch Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 TFTP File Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 63 HTTP File Download .
7 1 1. Gettin g S tarted This manual describes how to configure and op erate the XS712T Smart Switch by using the web-based graphical user interface (GUI). The manual describes the softwar e configuration procedures and explains the options available within those procedures.
8 XS712T Smart Switch Switch Management Interface The NETGEAR XS712T Smart Switch cont ain an embedded web server and managemen t software for ma naging and monitoring switch functions. The XS712 T functions as a simple switch without the management sof tware.
9 XS712T Smart Switch host (administrative system) in the 192.16 8.0.0/24 network and change the settings by using the web ma nagement interface on the switch.
10 XS712T Smart Switch 6. Make a note of the displayed IP address assigned by the DHCP server . Y ou will need this value to access the switch directly fro m a web browser (without using the Smart Control Center). 7. Select your switch by clicking the line that displays the switch, then click the Web Browser Access butt on.
11 XS712T Smart Switch 6. Select the switch, then click Configure Device . The screen exp ands to display additional fields at the botto m. 7. Select the Disabled radio butt on to disa ble DHCP . 8. Ente r the static switch IP address, gateway IP address, and subnet mask for t he switch, and then type your password.
12 XS712T Smart Switch Configure the Network Settings on the Administrative System If you choose not to use the Smart Control Center to con figure the network information on the switch, you can connect directly to the switch from a n administrative system, such as a computer or laptop.
13 XS712T Smart Switch 3. In the Local Area Connection S tatus window , click Properties . The Local Area Connection Properties window displays. 4. Select the Internet Protocol V ers ion 4 (TCP/IPv4) option, and then click Properties . The Internet Protocol V ersion 4 (T CP/IPv4) Propert ies window displays.
14 XS712T Smart Switch 5. Select Use the foll owing IP address and set the IP address of t he administrative system to an address in the network, such as 192.168.0. 200. The IP address must be dif ferent from that of the switch but within th e same subnet.
15 XS712T Smart Switch Access the Management Interface from a W eb Browser Y ou must be able to pin g the IP address of the switch web man agement interface from your administrative system for web access to be avai lable .
16 XS712T Smart Switch T o access the management interface form the Smart Control Center: 1. Open a web browser . 2. Enter th e IP address of the switch in the address field of the browser .
Links Configuration st atus and op tions Help Navigation t ab Configuration me nus Logout button pa ge Help link 17 XS712T Smart Switch Figure 1. Smart Swit ch Web Int erface Navigation T abs, Configuration Menus, and Links The navigation t abs along the top of the web interf ace give you quick access to the various switch functions.
Link Submenu Links 18 XS712T Smart Switch Figure 2. Menu hiera rchy Configuration and Status Options The area directly under the configura tion menus and to the right of the links displays the configuration information or st atus for the screen you select.
19 XS712T Smart Switch Device View The Device Vie w is a Java applet that displa ys the ports on the switch. This graphic provides an alternate way to n avigate to configuration and monito ring options. The graphic also provides information about device port s, current configura tion and status, t able information, and feature component s.
20 XS712T Smart Switch Click the port you want to view or configure to see a menu that displays sta tistics and configuration options. Select the menu option to access the screen that cont ains the configuration or monitoring op tions. If you click the graphic, but do not click a specific port, the main menu displays, as the following figure shows.
21 XS712T Smart Switch User - Defined F ields User-defined fields can cont ain 1 to 159 charac ters, unless otherwise noted in the field label on the configuration screen. All alphanumeric and specia l characters can be used except fo r the following (unless specifically noted for that feature): T able 2.
22 XS712T Smart Switch T o configure authentication and encryption settings for the SNMPv3 admin pro file by using the web interface: 1. Select System SNMP SNMPv3 User Configuration . The User Configuration screen displays. The SNMPv3 Access Mode is a read-only field that shows the access privileges for th e user account.
23 XS712T Smart Switch Interface Naming Convention The switch support s physical and logical interfac es. Interfaces are identified by their type and the interface number . All the physical port s are as follows: • Port s 1–10 . Copper port s that operate at 100MB, 1G , or 10G .
24 XS712T Smart Switch Online Help The Help main navigation ta b of the web management interface p rovides access to the menus that are described in the following sections: • Support • User Guide Support The Support screen provides access to the NETGEAR support websit e at support.
25 XS712T Smart Switch Re gi s t ra t i on To qualify for product updates an d product warranty, NETGEAR encourages you to register your product. The first time that you connect to th e switch while it is con nected to the Internet, you have the option to register your product.
26 2 2. Co nfigu r e S y st em In forma tio n Use the features you access from the S ys te m navi gation t ab to define the switch’ s relationship to its enviro nment.
27 XS712T Smart Switch System Information After a successful login, the Sy stem Informatio n screen displays. Use this screen to configure and view general device information. T o define a system name, location, and cont act: 1. Select System Manag ement System Info rmation .
28 XS712T Smart Switch The following t able describes the statu s informat ion the System Information screen d isplays. T able 4. System Information screen status fields Field Description Product Name The product name that describes the switch. Serial Number The serial number of the switch.
29 XS712T Smart Switch IP Configuration Use the IP Configuration screen to confi gure network information for the management interface, which is the logical interface used for in-ban d connectivity with the switch through any of the switch's front-p anel port s.
30 XS712T Smart Switch 4. S pecify the VLAN ID for the management VLAN. Note: Make sure that the VLAN to be configured as the manag ement VLAN exists. And ma ke sure that the PVID of at least one port that is a port of the VLAN is the sa me as the management VLAN ID.
31 XS712T Smart Switch IPv6 Network Configuration Use the IPv6 Network Configuration screen to c onfigure the IPv6 network interface, wh ich is the logical interface used for in-band co nnectivity with the switch through all of the switch's front-panel port s .
32 XS712T Smart Switch information from a DHCPv6 server . Selecting None disables t he DHCPv6 client on the network interface. When DHCPv6 is enabled, the DHCPv6 Client DUID field displays the client identifier used by the DHCPv6 client (if enabled) when sending messages to the DHCPv6 server .
33 XS712T Smart Switch Time The switch support s the Simple Network T ime Protocol (SNTP). Y ou can also set the system time manually SNTP assures accurate network device clock time synchroniza tion up to the millisecond. T ime synchronization is performed by a network SNTP server .
34 XS712T Smart Switch Time Configuration Use the T ime Configuration screen to view and adjust date and time settings. T o manually configure the time: 1. Select System Manag ement Time Time Configuration . The T ime Configuration screen displays.
35 XS712T Smart Switch 3. Next to the Client Mode field, select Unicast or Broadcast: • Unic ast . SNTP operates in a point- to-point fashion. A unicast client sends a request to a designated server.
36 XS712T Smart Switch • Time Zone Nam e . The acronym that represent s the time zone. This field is no t validated against an of ficial list of time zone acro nyms. • Hours Offset . The number of hours the syst em clock is offset from UTC, which is also known as Greenwich Mean T ime (GMT).
37 XS712T Smart Switch Click Refresh to refresh the screen with the most current dat a from the switch. SNTP Server Configuration Use the SNTP Server Configuration screen to view and modify information for adding and modifying Simple Network T ime Protocol SNTP servers.
38 XS712T Smart Switch 5. Under the Priority field, specify the order in which to query the servers. The SNTP client on the device continues sending SNTP request s to different servers until a successful response is received or all serv ers are exhausted.
39 XS712T Smart Switch Click Refresh to refresh the screen with the most current dat a from the switch. Summer Time Configuration Use the Summer T ime Configuration screen to co nfigure set tings for summer time, which is also known as daylight saving time.
40 XS712T Smart Switch 2. Next to the Summer T ime field, select one of the following options: • Recurring . Summer time occurs at the same time every year . The start and end time s and dates for the time shift must be manually configured. • Recurring EU .
41 XS712T Smart Switch 2. Next to the Auto-DoS Mode field, select Enable. When an att ack is detected, a warning message is logged to the buffe red log and is sent t o the Syslog server . At the same time, the port is shut down and ca n be enabled only manually by the admin user .
42 XS712T Smart Switch • Denial of Service Min TCP Header Size : S pecify the minimum TCP header size allowed. If DoS TCP Fragme nt is enabled, the switch will drop p acket s that have a TCP header smaller than the configured value.
43 XS712T Smart Switch 3. Click Apply ..
44 XS712T Smart Switch DNS Y ou can use these screens to configure inform atio n about DNS servers the network uses and how the switch operates as a DNS client. Configure DNS Use this screen to configure globa l DNS settings and DNS server information.
45 XS712T Smart Switch Configure and View Hostname -to -IP Address Information Use this screen to manually map host name s to IP addresses or to view dynamic DNS mappings. T o add a sta tic entry to the local DNS t able: 1. Select Sy stem Managemen t DNS Host Configuration .
46 XS712T Smart Switch Green Ethernet The Green Ethernet feature can help reduce the amount of power the switch uses. The switch supports Energy Efficient Ethernet (EEE). T o configure the administrative mode of Energy Efficient Ethernet: 1. Select System Management Green Ethernet Green Ethernet Configuration .
47 XS712T Smart Switch 2. Select the port(s) to co nfigure. • T o configure a single port, select the chec k box associated with it, or type the port number in the Go T o Interface field and click Go . • T o configure multiple ports with t he same settings, select the check box associated with each port to configure.
48 XS712T Smart Switch 2. From the Interface list, select the interface to configure. 3. Enable or disable the a dministrative mode of EEE on the port: When this mode is enabled and the send and receive sides of a link are lightly loaded, the port can tra nsition to low power mode.
49 XS712T Smart Switch Green Ethernet Summary This screen summarizes the Green Ethernet Summary setting s currently in use. T o access this screen, select System Management Green Ethe rnet Green Ethernet Summa ry . A screen similar to the following displays.
50 XS712T Smart Switch Figure 4. Green Ether net summary scr een The following t able describes the informat ion t he power saving table displays. T able 10.
51 XS712T Smart Switch The following ta ble describes the information in the Green Ethernet fe ature support table. The following ta ble describes the information in the Green Ethernet interfa ce table. Click Refresh to refresh the screen with the most current dat a from the switch.
52 XS712T Smart Switch This configuration is applied on all int erfaces on the switch. 4. Click Apply . T o view per-interface LPI history information, se lect the int erface with the information to view from the Interface list. The screen refreshes and displays the LPI history for the selected interface.
53 XS712T Smart Switch SNMP This section describes how t o configure the Simple Network Management Protocol (SNMP) version 1 and SNMP version 2 information on t he switch. For information about configuring the SNMPv3 administrative profile, see Use SNMPv3 on p age 21 .
54 XS712T Smart Switch access from only one station, use a Management S tation IP Mask value of, and use that machin e’s IP address for Client Address. 4. Next to Community S tring, specify a community name. 5. From the Access Mode list, select the access level for this community , which is either Read/Write or Read Only .
55 XS712T Smart Switch T rap Configuration Use this screen to configure settings for each SNMPv1 or SNMPv2 management host that will receive notifications about trap s generated by the device. The SNMP management host is also known as the SNMP trap re ceiver .
56 XS712T Smart Switch T rap Flags Use the T rap Flags screen to enable or disable traps the switch ca n send to an SNMP manager . When the condition identified by an acti ve trap is encountered by the switch, a trap message is sent to any enable d SNMP T rap Receivers, and a message is written to the trap log.
57 XS712T Smart Switch LLDP The IEEE 802.1AB-defined standard, Link Layer Di scovery Protocol (LLDP), allows stations on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to iden tify sy stem topology and detect bad configurations on the LAN.
58 XS712T Smart Switch LLDP Configuration Use the LLDP Configuration screen to specif y the global L LDP and LLDP-MED pa rameters that are applied to the switch. T o configure global LLDP settings: 1. Select System > LL DP > Basic > LLDP Configuration .
59 XS712T Smart Switch LLDP P ort Settings Use the LLDP Port Settings screen to specify per-interface LLDP setting s. T o configure LLDP port settings: 1. Select System LLD P Advanced LLDP Port Settings . The LLDP Port Settings screen displays.
60 XS712T Smart Switch • Notification : When notifications are enabled, LLDP interact s with the T rap Manager to notify subscribers of remote data change statistics. The default is Disab led. • Optional TL V(s) : Enable or disable the tran smission of optional type-length value (TL V) information from the interface.
T able 14. LLDP-MED ne t wo rk po l icy information Field Descrip tion Network Policy Number The policy number . Applic ation The media application type associated with the policy , which can be one o.
62 XS712T Smart Switch 3. Use the lists to enable or disable the following LLDP-MED settings for the selected port: • LLDP-MED S t atus . The administrative status of LLDP-MED on th e interface. When LLDP-MED is enabled, the transmit and re ce ive function of LLDP is ef fectively enabled on the interface.
63 XS712T Smart Switch Note: The list includes only the interfaces on which LLDP is enable d. If no interfaces are enabled for LLDP , the Interface list does not display . The following tab le describes the LLDP devic e information and port summary information.
64 XS712T Smart Switch 3. T o view additional details about a port, click the name of the port in the Interface column of the Port Information t able. A popup window displays in formation for the selected port. The following t able describes the detailed loca l information that displays for the selected port.
65 XS712T Smart Switch Neighbors Information Use the LLDP Neighbors Informa tion screen to view the dat a that a specified interface has received from other LLDP-en abled systems. T o view LLDP information received from a neighbor device: 1. Select System Advanced LLDP Neighbor Information .
66 XS712T Smart Switch The following t able describes the information t hat displays for all LL DP neighbors that have been discovered. Field Description MSAP Entry The Media Service Access Point (M SAP) entry number for the remote device. Local Port The interface on the local system that recei ved LLDP information from a remote system.
67 XS712T Smart Switch The following ta ble describes the information transmitted b y the neighbor . Field Descrip tion Port Det ails Local Port The interface on the local system that received LLDP information from a remote system. MSAP Entry The Media Service Access Poin t (MSAP) entry number for the remote device.
68 XS712T Smart Switch MED Details Capabilities Supported The supported capabilities that were received in MED T L V from the device. Current Capabilities The advertised cap abilities that we re received in MED TL V from the device. Device Class Displays the LLDP-MED endpoint device class.
69 XS712T Smart Switch Services—DHCP Snooping DHCP Snooping is a useful feature that prov ides security by filtering untrusted DHCP messages and by building and maint a ining a DHCP snooping binding table.
70 XS712T Smart Switch Global Configuration Use this screen to view and co nfigure the global settings for DHCP Snooping. T o configure DHCP snooping global settings: 1. Select System Services DHCP Snooping Global Configuration . The DHCP Snooping Global Configuration screen displays.
71 XS712T Smart Switch Interface Configuration Use the DHCP Snooping Interface Con figuration screen to view and conf igure each port as a trusted or untrusted port. Any DHCP responses received on a trusted port are forwarded. If a port is configured as untrusted, any DHCP (or BootP) responses received on that po rt are discarded.
72 XS712T Smart Switch • T o configure a group of interfaces, select the check boxes for the individual interfaces that you want to configure. • T o configure all interfaces, select the check box at th e left in the t able heading. 4. From the T rust Mode list, select the desired trust mode.
73 XS712T Smart Switch Binding Configuration Use this screen to view , add, and remove st atic bindings in the DHCP snooping bindings database and t o view or clear the dyna mic bindings in the bind ings table. T o configure st atic DHCP bindings: 1.
74 XS712T Smart Switch P ersistent Configuration Use this screen to configure the persisten t location of the DHCP snooping bindings dat abase. The bindings database ca n be stored locally on the device or on a remote system somewhere else in the network.
75 XS712T Smart Switch Statistics Use this screen to view and clear per-interfa ce statistics about the DHCP messages filtered by the DHCP snooping feature on untrusted interfaces. T o view and clear the DHCP snooping st atistics: 1. Select System Servi ces DHCP Snooping S tatistics .
76 XS712T Smart Switch Client Ifc Mismatch The number of packets that were dro pped by DHCP snooping because th e interface and VLAN on which the packet was received does no t match the client's interface and VLAN information stored in the bin ding dat abase.
77 3 3. Lay e r 2 S witch i ng Con f ig urat ion Use the features you access from the Switching t ab to define Layer 2 features. The Switching tab cont ains links to the features describ ed in the following sections.
78 XS712T Smart Switch 2. Select whether to configure physical interfaces, link aggregation groups (LAGs), or both by clicking one of the following links above the table heading: • 1 . Only physical interfa ces are displayed. This is the default setting .
79 XS712T Smart Switch port’ s maximum capability (full d uplex and 10 Gbps) will be advertised. Otherwise, your selection will determine the p ort’s duplex mod e and transmission rate. The factory default is Auto. • Phy sical S t atus . Indicates the physical port’ s speed and duplex mode • L ink S t atus .
80 XS712T Smart Switch Link Aggregation Groups Link aggregation group s (LAGs), which are also known as port channels, allow you to combine multiple full-duplex Ethernet links into a single log ical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides loa d sharing.
81 XS712T Smart Switch Note: Click current members in the list to see existing member ports in that LAG. • LA G Name . S pecify the name you want assigned to the LAG . Y ou can enter any string of up to 15 alphanume ric characters . A valid name has to be specified in order to create the LAG • Description .
82 XS712T Smart Switch 3. In the LAG Name field, enter the name you want assigned to the LAG . Y ou can enter any string of up to 15 alph anumeric cha racters. A valid name has to be specified to create the LAG . 4. Click th e unit name in the orange bar to display the ports.
83 XS712T Smart Switch LA CP P ort Configuration The LACP port configuration screen is used to c o nf ig ur e th e LA C P pr io rit y va lue fo r t he selected port and the administrative LACP Timeout value. T o configure LACP port priority settings: 1.
84 XS712T Smart Switch VLANs Adding Virt ual LAN (VLAN) support to a Layer 2 switch of fers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on th.
85 XS712T Smart Switch Basic VLAN Configuration Use the VLAN Configuration scre en to define VLAN group s stored in the VLAN membership table. The XS712T support s up to 256 VLANs. VLAN 1, VLAN 2, and VLAN 3 are created by default, and all port s are unt agged members.
86 XS712T Smart Switch VLAN Membership Configuration Use this screen to configure VLAN Port Membership fo r a particular VLAN. Y ou can select the Group operation through this screen. T o configure VLAN membership for specific port s and LAGs: 1. Select Sw itching VLAN Advanced VLAN Membership .
87 XS712T Smart Switch VLAN Status This VLAN S tatus screen displays the st atus of all currently configured VLANs. T o view the current VLAN st atus: 1. Select Switch ing VLA N Advanced VLAN St atus . 2. View the following VLAN status information: • VLAN ID .
88 XS712T Smart Switch T o configure PVID information: 1. Select Switching VLAN Advanced Port PVID Configuration . 2. T o configure PVID settings for a physical port, en ter the interface and click Go to select that particular interface.
89 XS712T Smart Switch • Enable . A tagged frame is discard ed if this interface is not a member of th e VLAN identified by the VLAN ID in the t ag. In an unt agged frame, the VLAN is the Port VLAN ID specified for the port that received this frame.
90 XS712T Smart Switch P rotocol Based VLAN Group Configuration Protocol-based VLAN can be used to define filter ing criteria for untagged p ackets. By default, if you do not configure any port- (IEEE 802.1Q) or protocol based VLANs, untagged p ackets will be assigned to VLAN 1.
91 XS712T Smart Switch T o modify protocol based VLAN information: 1. Select the check box next to the protocol-b ased VLAN to update. 2. S pecify the desired value in the available fields. 3. Click App ly . T o delete a protocol based VLAN group: 1.
92 XS712T Smart Switch Vo i c e V L A N The V oice VLAN feature enables p orts to carry voice traf fic that has a defined priority . V oice over IP (V oIP) traf fic is inherently time-sensit ive. For a network to provide accept able service, the transmission rate is vit al.
93 XS712T Smart Switch 4. From the Interface Mode list, select one of the following options to determine how an IP phone connected to the selected port should send voice traffic: • VLAN ID . Forward voice traf fic in the specified voice VLAN. • Dot1p .
94 XS712T Smart Switch 2. In the Prioritization T ype list, select method used to p rioritize V oIP traffic when a call-control protocol is detected, which is one of the following: • Remark . Remark the voice traf fic with the specified 802.1p priority value at the ingress interface.
95 XS712T Smart Switch OUI Based P roperties The OUI based properties screen a llows you to configure the OUI based p roperties. T o configure OUI based properties: 1. Select Switch ing Auto-V oIP OUI-based Properties . 2. In the V oIP VLAN ID list, select the VLAN to use to segregate V oIP traffic from other non-voice traffic.
96 XS712T Smart Switch 2. Select the interface(s) to configure. 3. In the Auto V oIP Mode list, select Enable to enable Auto V oIP on the selecte d interfaces. The Operational S tatus field displays th e current operational st atus of the interface. 4.
97 XS712T Smart Switch Y ou can select an existing OUI or add a new OUI and description to identify the IP phones on the network. T o configure OUI settings: 1. Select Switch ing Auto-V oIP OUI-based OUI T able . 2. Under T elephony OUI(s), specify the VOIP OUI prefix.
98 XS712T Smart Switch Spanning T ree Protocol The S panning T ree Protocol (STP) provides a tree topology for a ny arrangement of bridges. STP also provides one p ath between end st ations on a network, eliminating loop s. S panning tree versions supported include Commo n STP , Multiple STP , and Rapid STP .
99 XS712T Smart Switch STP Configuration The STP Configuration screen cont ains fields for enabling STP on the switch. T o configure STP settings on the switch: 1. Select Switch ing STP Basic STP Configuration . 2. From the S panning T ree S tate field, specify whether to enable or disable S panning T ree operation on the switch.
100 XS712T Smart Switch 6. Click Apply . 7. V iew the STP S tatus information displayed o n the screen. Field Description Configuration Digest Key This is used to identify the co nfigura tion currently bein g used. Bridge Identifier The bridge identifi er for the CST .
101 XS712T Smart Switch CST Configuration Use the CST Configuration screen t o configure Common S panning T ree (CST) and Internal S panning T ree on the switch. T o configure CST settings: 1. Select Switch ing STP Advanced CST Configuration .
102 XS712T Smart Switch 3. Click Apply . 4. V iew the MSTP st atus information displayed on the S panning T ree CST Configuration screen. Field Description MST ID T able consisting of the MST instances (including the CST) and the correspo nding VLAN IDs associated with each of them.
103 XS712T Smart Switch 4. Select the check box next to the port or LAG to configure. Y ou can select multiple ports and LAGs to apply the same set ting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces.
104 XS712T Smart Switch CST P ort Status Use the CST Port S tatus screen to disp lay Common S panning T ree (CST) and Internal S panning T ree on a specific port on the switch. T o display the CST port st atus for a specific port: 1. Select Sw itching STP Advanced CST Port St atus .
105 XS712T Smart Switch Click Refresh to update the information on the scre en with the most current dat a. R apid STP Use the Rapid STP screen to view informa tion about Rapid S panning T ree (RSTP) port status. T o display the RSTP port st atus for a specific port: 1.
106 XS712T Smart Switch The following t able describes t he Rapid STP S tatus information d isplayed on the screen. Field Description Interface The physical or port channel interfa c es associated with VLANs associated with the CST . Role Each MST Bridge Port that is ena bled is assigned a Port Role for each spanning tree.
Field Descrip tion Bridge Identifie r The bridge id entifier for the selected MST instance. It is made up using the b ridge priority and the base MAC address of th e bridge. T ime Since T o pology Change Displays the total amount of time si nce the topology of the se lected MST instance last changed.
108 XS712T Smart Switch 3. Select the interfaces for which yo u want to configure the CoS settings: • T o configure MST settings for a Link Aggregation Group (LAG), click LAGS . • T o configure M ST settings for both physical ports and LAGs, click ALL .
109 XS712T Smart Switch 8. Click Refresh to u pdate the screen with the latest MST information. STP Statistics Use the STP S tatistics scree n to view information about the number and type of b ridge protocol data units (BPDUs) transmitted and received on each port.
11 0 XS712T Smart Switch The following t able describes the informati on available on t he STP S tatistics screen. Field Description Interface Select a physical or port channel interface to view its statistics. STP BPDUs Received Number of STP BPDUs received at the selected port.
111 XS712T Smart Switch Multicast Multicast IP traf fic is traffic th at is destined to a h ost group. Host group s for IPv4 multicast are identified by class D addresses, which range from to 2 Host groups fo r IPv6 multicast are identifie d by the prefix f f00::/8.
11 2 XS712T Smart Switch responsibility for accepting or dropping the packet s belongs to the hosts. If a multicast packet is received and there a re ports registered to receive it, the packet is sent on ly to the registered port s. • Forwa rd All .
11 3 XS712T Smart Switch • T ype . This displays the type of the entry . S tatic e ntries are those that are configure d by the end user . Dynamic entries are added to the table as a result of a learning process or protocol. • Description . Th e text description of this multicast t able entry .
11 4 XS712T Smart Switch Auto - Video Use this screen to configure the Auto-V ideo parameters. T o configure Auto-Video: 1. Select Sw itching Multicast Auto-Video . 2. Select one of the following radio buttons: • Select the Disab le radio button to g lobally disable Auto-V ideo administrative mode for the switch.
11 5 XS712T Smart Switch problem of wa sting bandwid th is even worse when the LAN segment is not shared, for example in full-duplex links. Allowing switches to snoop IGMP packet s is a cre ative ef fort to solve this problem.
11 6 XS712T Smart Switch The following t able displays information abo ut the globa l IGMP snooping status and statistics on the scre en. Field Description Multicast Control Frame Co unt Displays the number of multicast control frames that have been processed by the CPU .
11 7 XS712T Smart Switch 3. Select the interfaces for which you want to configure the CoS settings: • T o configure IGMP Snooping settings f or a Link Aggregation Group (LAG), click LAGS . • T o co nf ig ur e IGMP Snooping se tt in gs for bo th ph ys ic al por ts and LAGs, click ALL .
11 8 XS712T Smart Switch 3. View the information associated with the IGMP snooping table entry . The following t able describes the information in the IGMP snoo ping table. Field Description MAC Address A multicast MAC address for whic h the switch has fo rwarding and/or filtering information.
11 9 XS712T Smart Switch port but were still interested in receiving mu lticast t raffic directed to that group . Also, fast-leave processing is supported on ly with IGMP ve rsion 2 host s. • Host Time out . Sets the value fo r group membership interval of IGMP snooping for the specified VLAN ID.
120 XS712T Smart Switch 2. Select each interface to configure. 3. Use the Multicast Router menu to enable or disable Multicast Router on the selected interfaces.
121 XS712T Smart Switch 2. Select the Interface for which you want Multicast Router to be enabled or to be disabled. 3. Ent er the VLAN ID for which the Multicast Router Mode is to be Enab led or Disabled. 4. Enable the VLAN ID for the multicast router .
122 XS712T Smart Switch 2. From the Querier Admin Mod e field, enable or disable the administrative mode for IGMP Snooping Querier . 3. S pecify the IP address to be used as sour ce address in periodic IGMP queries om the Snooping Querier Address field.
123 XS712T Smart Switch 2. Select New Entry from the VLAN ID field and complete the following fields: • VLAN ID . S pecifies the VLAN ID for which the IGMP Sn ooping Querier is to be enabled. • Querier Elec tion Particip ate Mode . Enable or disa ble Querier Participate Mode .
T able 17. IGMP snoopin g querier VLAN st atus Field Description VLAN ID S pecifies the VLAN ID on whic h the IGMP Snooping Querier is administratively ena bled and for which VLAN exists in the VLAN database.
125 XS712T Smart Switch MLD Snooping Configuration In IPv4, Layer 2 switches can use IGMP Snoop ing to limit the flooding of multicast traf fic by dynamically configuring Layer 2 in terfaces so that multicast traf fic is forwarded to only those interfaces associated with IP multicast addres s.
126 XS712T Smart Switch 2. T o configure MLD settings for a physica l port, enter the interface and click Go to select that particular interface. 3. Select the interfaces for which yo u want to configure the CoS settings: • T o configure MLD settings for a Link Aggregation Group (LAG), click LAGS .
127 XS712T Smart Switch Enter a value greater or equal to 1 and less than the Group Membership Interva l in seconds. The default is 10 seconds. The co nfigured value must be less than the Group Membership Interval.
128 XS712T Smart Switch 8. Under Multicast Router Expiry T ime, specify t he number of seconds the VLAN should wait to receive a query before it is removed from the list of VLANs with multicast routers attached. 9. Click Add . T o disable MLD snooping on a VLAN: 1.
129 XS712T Smart Switch • T o configure Multicast Router settings for a Link Aggregation Group (LAG), click LAGS . • T o configure M ul ti ca st Ro ut e r settings for both physica l ports and LAGs, click ALL . 4. Use the Multicast Router field to enable or disable Multicast Router on the selected interface.
130 XS712T Smart Switch 2. From the Querier Admin Mod e field, enable or disable the administrative mode for MLD Snooping Querier . 3. In the Querier Address field, specify the Snooping Querier Address to be used as source address in periodic MLD queries.
131 XS712T Smart Switch 2. Under VLAN ID, specify the VLAN ID for which the ML D Snooping Querier is to be enabled. 3. From the Querie r Election Participate Mode list, select the mode: • Dis abled . Upon seeing anothe r querier of the same version in the VLAN, the snooping querier moves to the n on-querier state.
132 XS712T Smart Switch T o remove an MLD snooping querier configuration: 1. Select the check box next to each entry to remove. 2. Click Delete . Forwarding Database The forwarding dat abase maintains a list of MAC a ddresses after having rece ived a packet from this MAC address.
133 XS712T Smart Switch • Interface . Select Interface from the me nu, enter the interface ID in g1, g2... fo rmat, then, click Go . If any entries learned o n that interface exist, they are displayed. 3. Click Clea r to clear Dynamic MAC Addresses in the t able.
134 XS712T Smart Switch Note: IEEE 802.1D recommends a default of 30 0 seconds, which is the factory default. 3. Click Apply . Address T able The MAC Address T able cont ains information about unicast entries for wh ich the switch has forwarding and filtering information.
135 XS712T Smart Switch • Interface . Select Interface from the me nu, enter the interface ID in g1, g2... fo rmat, then, click Go . If any entries learned o n that interface exist, they are displayed. 3. Click Clea r to clear Dynamic MAC Addresses in the t able.
136 XS712T Smart Switch T o delete a stati c MAC address: 1. Select the check box next to each entry to remove. 2. Click Delete ..
137 4 4. Con f igu r i ng R o uti ng The XS712T Smart Switch support s IP routing. Use the menus under the Routing t ab to manage routing on the system. When a packe t enters the switch, the destinati on MAC address is checked to see if it matches any of the configured rout ing interfaces.
138 XS712T Smart Switch IP Configuration Use the IP Configuration screen to conf igure routing p arameters for the switch. T o enable routing on the switch: 1. Select Routing IP > IP Configuration . 2. Next to Routing Mode, select Enable . Y ou must enable routing for the switch before you can route through any of t he interfaces.
139 XS712T Smart Switch Figure 5. IP st atistics screen The following ta ble describes the IP st atistics information displayed on the screen. T able 18. IP routing statistics Field Descrip tion IpInReceives The total number o f input datagrams received from interfaces, including th ose recei ved in error .
140 XS712T Smart Switch IpForwDat agram s The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination.
141 XS712T Smart Switch IpFragFails The nu mber of IP dat agrams that have been discarded because they needed to b e fragmented at this enti ty but could not be, e.g., because their Don't Fragment flag was set. IpFragCreates T he number of IP dat agram frag ments that have be en generated as a result of fragment ation at this en tity .
142 XS712T Smart Switch Configure VLAN R outing Y ou can configure XS712T Smart Switch soft ware with some ports supporting VLANs and some supporting routing. Y ou can also configure the sof tware to allow traffic on a VLAN to be treated as if the VLAN were a rou ter port.
143 XS712T Smart Switch • Create a LAG , add selected port s to a LAG , then add LAG to the ne wly created VLAN. • Ena ble tag ging on selected port s if the port is in another VLAN. Disable t agging if a selected port does not exist in another VLAN.
144 XS712T Smart Switch VLAN R outing Configuration Use the VLAN Routing Configuration screen to view information about the VLAN routin g interfaces configured on the system o r to assign an IP address and subnet mask to VLANs on the system. T o configure V ALN routing: 1.
145 XS712T Smart Switch Configure R outer Discovery The Router Discovery protocol is used by hosts t o identify operational route rs on the subnet. Router Discovery messages are of two types: Ro uter Advertisements and Router Solicitation s. The protocol mandates that every router periodically advertise the IP Addresses it is associated with.
146 XS712T Smart Switch 8. S pecify the preference leve l of the router as a default router relative to other ro uters on the same subnet. Higher numbered addresses are preferred. Y ou must enter an integer . The value must be in t he range of (-2147483648 to 2147483647).
147 XS712T Smart Switch The preference is an integer value from 1 to 255. Y ou can specify the preference value (sometimes called administrative dist ance of an individual st atic route. For more information, see the Preference description in T able 19 .
148 XS712T Smart Switch Configure ARP The address resolution protocol (ARP) associat es a layer 2 MAC address with a layer 3 IPv4 address. XS712T Smart Switch sof tware features both dynamic and manual ARP configuration. With manu al ARP configuration, you can statically ad d entries into the ARP table.
149 XS712T Smart Switch The following ta ble provides information included in the managemen t VLAN ARP section. T able 20. ARP cache info rm ation Field Descrip tion IP Address Displays the associated IP address of a device on a subnet attached to o ne of the switch's existing routing interfaces.
150 XS712T Smart Switch T o add an entry to the ARP t able: 1. Select Routing ARP > Advanced ARP Create . 2. Under IP Address, specify the IP address to add. It must be the IP address of a device on a subnet attached to one of the switch's existing routing in terfaces.
151 XS712T Smart Switch Y ou must enter a valid integer , which represent s the number of seconds the switch will wait for a response to an ARP request. The range for this field is 1 to 10 second s. The default value for Response T ime is 10 second. 4.
152 XS712T Smart Switch R emove an ARP Entry F rom the ARP Cache Use this screen to remove cert ain entries from the ARP T able. T o remove entries from the ARP t able: 1. sel ect Routing ARP > Advanced ARP Entry Management . 2. Select the type of ARP entry to be removed from the Remove From T able drop down menu.
153 5 5. Co nf i gur ing Qu alit y o f Ser v ice Use the features you access from the QoS tab to configure Quality of Service (QoS) settings on the switch.
154 XS712T Smart Switch From the Advanced link, the Class of service menu under the QoS t ab, you can access the following screens: • Basic CoS Configuration • CoS Interface Configuration • Interface Queue Configuration • 802.
155 XS712T Smart Switch Global T rust Mode can be one of the following: • Untrusted . Do not trust any CoS p acket marking at ingress. • 8 02.1p . The eight priority t ags that are specified in IEEE 802.1p are p0 to p7. The QoS setting lets you map e ach of the eight priority levels to one of seven interna l hardware priority queues.
156 XS712T Smart Switch 2. T o configure CoS settings for a specific interface, enter the interface and click Go to sele ct that particular interface. 3.
157 XS712T Smart Switch T o configure CoS queue settings for an interface: 1. Select Qo S CoS > Advanced Interface Queue Configuration . 2. T o configure CoS queue settings for a physical port, enter the interface and click Go to select that particular interface.
158 XS712T Smart Switch - Weighted . Weighted round robin associates a weight to each queue. T his is the default. - St r ict . Services traf fic with the highest priority on a queue first. - Queu e Management T ype . Displays the type of packet management used for all packet s, which is T aildrop.
159 XS712T Smart Switch The values in each drop-do wn menu represent the traf fic class. The traf fic class is the hardware queue for a port. Higher traffic class values indicate a h igher queue position. Before traf fic in a lower queue is sent, it must wait for traf fic in higher queue s to be sent.
160 XS712T Smart Switch Differentiated Services The QoS feature contains Dif ferentiated Services (Dif fServ) support that allows traf fic to be classified into streams and give n certain QoS treatment in accordance with de fined per-hop behaviors. S tandard IP-based n etworks are designed to prov ide “best ef fort” dat a delivery service.
161 XS712T Smart Switch Diffserv Configuration Use the DiffServ Config uration screen to displa y Dif fServ General S tatus Group information, which includes the current administrative mode setting as well as t he current and maximum number of rows in each of the main DiffServ private MIB t ables.
162 XS712T Smart Switch Class Configuration Use the Class Configuration screen to add a new Dif fServ class name, or to rename or delete an existing class. The screen also allows you to define the criteria to associate with a Diff Serv class. As packet s are received, these Dif fServ classes are used to prioritize p ackets.
163 XS712T Smart Switch 2. Define the criteria to a s sociate with a Dif fServ class: • Match Ev ery . This adds to the specified class definition a match condition whe reby all packet s are considered to belong to the class. • Refe rence Class . Select s a class to st art referencing for criteria.
164 XS712T Smart Switch • Protocol T ype . Requires a packet’ s layer 4 protocol to match the protocol yo u select. If you select Other , enter a protocol number in the field that displays. The valid range is 0–255. • Source IP Address . Requires a p acket’s source port IP address to match the address listed here.
165 XS712T Smart Switch IPv6 Class Configuration The IPv6 Class Configuration feature ex tends the existing QoS ACL and Dif fServ functionality by providing support for I Pv6 packet classification. An Ethernet IPv6 p acket is distinguished from an IPv4 p acket by its u niq ue Ethertype value, so all I Pv6 classifiers include the Ethertype field.
166 XS712T Smart Switch T o delete a class: 1. Select the check box next to the class name. 2. Click Delete . The same set of fields described for IPv6 AC L classification are also su pported as match criteria for Dif fServ classes.
167 XS712T Smart Switch T o configure the policy attributes: 1. Click the name of the policy . The policy name is a h yperlink. The following fi gure shows the configuration fields for the policy . 2. Configure the policy attributes: • Ass ign Queue .
168 XS712T Smart Switch • Mark IP DSCP . This lists the keywords for the known DSCP values from which one can be selected. • Simple Policy . This lists the keywords for the known DSCP values from which one can be selected. 3. Color Conform Class .
169 XS712T Smart Switch - Mark IP Precedence . These p acket s are marked by Di ffServ with the specified IP Precedence value before being p resented to the system forwarding element. This selection requires that the Ma rk IP Precedence value field be set.
170 XS712T Smart Switch Y ou can select multiple port s and LAGs to apply the same setting to the selecte d interfaces. Select the check box in th e heading row to apply the same settings t o all interfaces. 5. From the Policy In Name list, select the policy to attach to the interface.
171 6 6. Man a gi n g D e v i c e S ec ur ity Use the features available from the Security t a b to configure management security se ttings for port, user , and server security .
172 XS712T Smart Switch 2. S pecify the current password in the Old Password field. The entered pa ssword will be displayed in a sterisks (*). Passwords are 1–20 alphanumeric characters in length an d are case sensitive. 3. Enter th e new password. It will not display as it is typed, and only aste risks (*) will show on the screen.
173 XS712T Smart Switch RADIUS Configuration RADIUS servers provide additional security for networks. The RADIUS server maint ains a user data base, which contains per-user auth entication information.
174 XS712T Smart Switch 3. In the T imeout Duration field, specify the timeout value, in seconds, for request retransmissions. Consideration to maximum delay time should be given when configuring RADIUS maximum re transmit and RADIUS timeout.
175 XS712T Smart Switch T o modify settings for a RADIUS server that is already configured on the s witch: 1. Select the check box next to the server IP addre ss. 2. Upda te the desired fields for the selected server . 3. Click App ly . T o delete a configured RADIUS server: 1.
176 XS712T Smart Switch Use the buttons at the bottom of the screen to perform the following actions: • Click Clea r Counters to clear the aut hentication server and RADIUS statistics to their default values. • Click Refresh to refre sh the screen with the most curre nt data from the switch.
177 XS712T Smart Switch The following ta ble describes RADIUS accounting se rver statistics availa ble on the screen. T able 25. RADIUS accounting serv er st atistics Field Descrip tion Accountin g Server Address Displays the IP address of the s upp orted RADIUS accounting server .
178 XS712T Smart Switch Configuring T A CA CS+ T ACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. T ACACS+ provides the following services: • Authentica tion . Provides authentication duri ng login and via user na mes and user-defined passwords.
179 XS712T Smart Switch T ACACS+ Server Configuration Use the T ACACS+ Server Configuration screen to configure up to five T ACACS+ servers with which the switch can communicate. T o configure T ACACS+ server: 1. Select Security Management Secur ity > T ACACS+ Se r v e r Co nfiguration .
180 XS712T Smart Switch Authentication List Configuration Use the Authentication List screen to configure the default login list . A login list specifies one or more authentication methods to validate switch or port access for the admin user .
181 XS712T Smart Switch 4. Use the menu in the 2 column to select the authentication method, if any , that should appear second in the selected authentication login list. This is the method that will be used if the first method times out. If you select a method t hat does not time out as th e second method, the third meth od will not be tried.
182 XS712T Smart Switch • T ACACS+ . The u ser's ID and password will b e authenticated using the T ACACS+ server . If you select RADIUS or T ACACS+ as the first method and an error occurs during the authentication, the switch attempt s user authentication Method 2.
183 XS712T Smart Switch 4. Click Apply . Configure Management Access From the Access menu, you can co nfigure HTTP and Secure HTTP access to the XS7 12T management interface. Y ou can also configure Access Control Profiles and Access Rules. The Access tab cont ains links des crib ed in the following sections.
184 XS712T Smart Switch 5. In the Maximum Number of HTTP Se ssions field, specify the maximum number of HTTP sessions that can exist at the same time. The value must be in the range of (0–4).
185 XS712T Smart Switch After the session is inactive for the configured amount of time, the administrator is automatically logged out and must re-enter t he p assword to access the management interface. A value of zero corresponds to an infinite timeout.
186 XS712T Smart Switch Certificate Download For the Web server on the switch to accept HTTPS connections from a mana gement station, the Web serve r needs a public key certificate. Y ou can generate a certificate externally (for example, of f-line) and download it to the switch.
187 XS712T Smart Switch Y ou can enter up to 32 characters. 7. Select the S tart File T ransfer check box. 8. Click Apply to start the transfer . A status message displays during the transfer and up on successful completion of the transfer .
188 XS712T Smart Switch Access Control Access control allows you to define a pr ofile configuration and set a ccess rules. A ccess P rofile C o nfiguration Use the Access Profile Configuration scr een to set up a security access profile . T o configure an access profile: 1.
189 XS712T Smart Switch IP is configured with priority 1 to permit, and Source IP 10.10.1 0.10 is configured with priority 2 to Deny , then access is permitted if the profile is active, a nd the second rule is ignore d. 4. Click App ly . Access Rule Configuration Use the Access Rule Configuration screen to add security access ru les.
190 XS712T Smart Switch P ort Authentication In port-based authentication mode, when 802. 1X is enabled globally and on the port, successful authentication o f any one supplicant att ached to the port result s in all users being able to use the port without restrictions.
191 XS712T Smart Switch Note: If 802.1X is enabled, authentication is perfo rmed by a RADIUS server . This means the primary authentication method must be RADIUS. T o set the method, select Secu rity Management Security Authentication List and sele ct RADIUS as method 1 for defaultList.
192 XS712T Smart Switch 2. Select the check box next to the port to configure. Y ou can also select multiple check boxe s to apply the same settings to the select ports, o r select the check box in the heading row to ap ply the same settings to all ports .
193 XS712T Smart Switch - Auto . The system automatically detect s the mode of the interface. - Authorized . The system places the interface in to an authorized st ate without being authenticated. The interface sends and receives normal traf fic without client port-based authentication.
194 XS712T Smart Switch • Max EAP Request s . This input field allows you to enter the maximum requests for the selected port. The maximum requests value is the maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request/Identity before timing out the supplicant.
195 XS712T Smart Switch P ort Summary Use the Port Summary screen to view inform ation about the port access control settings on a specific port. T o access the port Summary screen: Select Security Port Authentication Advan ced Port Summary .
196 XS712T Smart Switch The following t able describes the fi elds on the Port Summary screen. T able 27. IEEE 802.1X po rt summary information Field Description Port The port whose settings are displayed in the current table row . Control Mode Defines the port auth orization st ate.
197 XS712T Smart Switch T raffic Control From the T raffic Control menu, you can configure MAC Filters, S torm Control, Port Security , and Protected Port settings.
198 XS712T Smart Switch 2. Select Create Filter from the MAC Filter menu. If no filters have been config ured, this is the only option available. 3. From the VLAN ID menu, select the VLAN to use with the MAC address to fully identify packet s you want filtered.
199 XS712T Smart Switch MA C Filter Summary Use the MAC Filter Summary screen to view the MAC filters that are configured on the system. T o display the MAC filter summary screen: Select Security T raffic Control > MAC Filter MAC Filter Summary .
200 XS712T Smart Switch Storm Control A broadcast storm is the result of an excessive number o f broadcast messages simultaneously transmitt ed across a network by a single port. Forwarded messag e responses can overload network resources and/or cause the network to time out.
201 XS712T Smart Switch • Unknown Unicast . If the rate of unknown L2 unicast (destination lookup failure) traffic ing ressing on an interface increases beyond the configure d threshold, the traf fic will be dropped.
T able 29. Port se curity violation information Field Description Port Identifies the port where a violation occurred. Last Violation MAC Displays the source MAC address of th e last p acket that was discarded at a locked port. VLAN ID Displays the VLAN ID corresponding to the Last Violation MAC address.
203 XS712T Smart Switch 2. T o configure port security settings for a Link Aggregation Group (LAG), click LAGS . 3. T o configure port security settings for both physical ports and LAGs, click ALL . 4. T o configure settings for a physical port, enter the port in unit/slot/ port format and click on the Go button.
204 XS712T Smart Switch Security MA C Address Use the Security MAC Address screen to c onve rt a dynamically learned MAC address to a statically locked address. T o convert learned MAC addresses: 1. Select Security T raffic Control > Port Security Security MAC Address .
205 XS712T Smart Switch P rotected P orts Membership If a port is configured as p rotected, it does not forward traf fic to any other protected port on the switch, but it will forward traff ic to unprotected ports. Use the Protected Ports Membership screen to configure the port s as protected or unprotected.
206 XS712T Smart Switch 2. Use the Private VLAN T ype menu to select the type of private vlan. The fact ory default is Unconfigured. • Primary . A private VLAN that forwards the traffic from the promiscuous ports to isolated ports, community port s, and other promiscuous ports in the same private VLAN.
207 XS712T Smart Switch 4. Click Apply . T able 32. Private VLAN assoc ia tio n table information Field Description Isolated VLAN The VLAN ID of th e isolated VLAN associ ated with the primary VLAN. If the field is blank, no isolated VLAN has been asso ciated with the primar y VLAN.
208 XS712T Smart Switch 3. Use the Port Vlan Mode menu to select the Switch Port Mode. The factory default is General. • Ge neral. The interface is in general mode and is not a member of a privat e VLAN.
209 XS712T Smart Switch • T o configure a single port, select the chec k box associated with it, or type the port number in the Go T o Interface field and click Go . • T o configure multiple ports with the same settings, select the check box associated with each port to configure.
210 XS712T Smart Switch P rivate VLAN P romiscuous Interface Configuration The private VLAN Promiscuous interface configur ation screen allows you to configure the primary and secondary Promiscuous VLAN IDs for the host association mode. T o configure the private VLAN Promiscuous interface: 1.
21 1 XS712T Smart Switch • Y ou can specify an individual VLAN ID. Example: 10. • Y o u can specify the VLAN range values separated by a '-'. Example, 10–13. • Y ou can specify a combination of both separated by ','. Example, 12,15,40–43,1000–1005,20 00.
212 XS712T Smart Switch Configuring Access Control Lists Access Control Lists (ACLs) ensure that on ly authorized users have access to spe cific resources while b locking of f any unwarranted a ttemp ts to reach network resource s.
213 XS712T Smart Switch AC L W i za r d ACL Wizard helps you to create a simple ACL and apply it to the selected ports easily and quickly . First, you can select an ACL type. Then, you can add an ACL rule to this ACL and a rule can be applied this ACL on the selected por t s.
214 XS712T Smart Switch • ACL Based on Dest ination IPv6 L4 Port . Use this to create an ACL based on the destination IPv6 layer4 port number . • ACL Based on Source IPv6 L4 Port . Use this to create an ACL based on the source IPv6 layer4 port number .
215 XS712T Smart Switch MA C A CL A MAC ACL consists of a set of rules wh ich are matched sequentially against a p acket. When a packet me ets the match criteria of a ru le, th e specified rule actio n (Permit/Deny) is taken and the additional rules are not checked for a match.
216 XS712T Smart Switch T o delete a MAC ACL: 1. Select the check box next to the Name field. 2. Click Delete . MA C R ules Use the MAC Rules screen to define ru les for MAC-based ACLs. The access list definition includes rules that specify whether traf fic matching the criteria is forwarded normally or discarded.
217 XS712T Smart Switch • Destination MAC . Requires an Ethernet frame’ s destination port MAC address to match the address listed here. Enter a MAC address in this field. The valid format is xx:xx:xx:xx: xx:xx. • Destination MAC Mask . If desired, ente r the MAC Mask associated with the Destination MAC to match.
218 XS712T Smart Switch MA C Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the MAC Binding Configuration screen to assign MAC ACL lists to ACL Priorities and Interfaces.
219 XS712T Smart Switch The Interface Binding S tatus sect ion on the MA C Binding Configuration screen displays the following information: • Interface . Displays sel ected interface. • Direction . Displays selected packet filtering direction for ACL.
220 XS712T Smart Switch IP A CL IP ACLs allow network managers to define classi fication actions a nd rules for specific ingress ports. Pa ckets can be filtered on ingress (inbound) port s only . If the filter rules match, then some actions can be taken, including dropping t he p acket or disabling the port.
221 XS712T Smart Switch IP R ules Use the IP Rules screen to define rule s for IP-based st andard ACLs. The access list definition includes rules that specify whe ther traffic mat ching the criteria is forwarded normally or discarded. Note: There is an implicit deny a ll rule at the end of an ACL list.
222 XS712T Smart Switch - Deny . Drops packe ts which meet the ACL crite ria. • Egress Queue . S pecifies the hardware egress queue iden tifier used to handle all packet s matching this ACL rule. • Logging . When set to Enable, lo gging is enabled for this ACL rule (subject to resource availability in the device).
223 XS712T Smart Switch Note: There is an implicit “deny a ll” rule at the end of an ACL list. This means that if an ACL is applied to a packet and if no ne of the explicit rules match, then the final implicit “deny all” rule applies and the packet is dropped.
224 XS712T Smart Switch 5. Select or specify values for one or more of the following match criteria: • Action . Select the ACL forwarding action, which is one of the following: - Permit . Forwards packet s which meet the ACL crite ria. - Deny . Drops packe ts which meet the ACL crite ria.
225 XS712T Smart Switch - Destination L4 Keyword . Select the desired L4 keyword from a list o f destination ports on which the rule ca n be based. - Destination L4 Port Number . If the destination L4 keyword is Other , enter a user-defined Port ID by which p ackets are matched to the ru le.
226 XS712T Smart Switch taken and th e additional rules are not checked for a match. On this me nu, the interfaces to which an IP ACL applies must be specified, as well as whether it ap plies to inbound or outbound traf fic. Rules for the IPv6 ACL are specified/crea ted using the IPv6 Rules screen.
227 XS712T Smart Switch 2. In the ACL Name list, select the name of the ACL to add a rule to. 3. Click Add . The screen displays the IPv6 ACL Rule Configuration fields. 4. N ex t to Ru le I D, specify a number from 1–10 to identify the IPv6 ACL rule.
228 XS712T Smart Switch • Assign Queue ID . S pecifies the hardware egress queue identifier used to handle all packet s matching this IPv6 ACL rule. The valid range of Queu e IDs is from 0 to 6. This field is visible for a Permit Action. • Mirror Interface .
229 XS712T Smart Switch • Flow Label . Flow label is 20-bit n umber that is unique to an IPv6 packet, used by end stations to sign ify quality-of-service handling in routers. Flow label can be specified within the range (0 to 1048575). • IPv6 DSCP Service .
230 XS712T Smart Switch IP Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the IP Binding Configuration screen to assign ACL list s to ACL Priorities and Interfaces.
231 XS712T Smart Switch IP Binding T able Use the IP Binding T able screen to vi ew or delete the I P ACL bindings. T o delete an IP ACL binding: 1. Select Security ACL > Advanced Binding T able . 2. Select the check box associated with the ACL-to-interface binding to remove.
232 XS712T Smart Switch VLAN Binding T able Use the VLAN binding t able screen to associate an ACL with a VLAN. T o configure an ACL-to-VLAN binding: 1. Select Security ACL > Advanced Vlan Binding T able . 2. In the VLAN ID field, specify a VLAN ID for ACL mapping.
233 7 7. Mon i t o r in g t he S y s t e m Use the features available from the Monito ring tab to view a variety of information abou t the switch and its po rts and to configur e how the switch monitors event s. The Monitoring t ab contains configurati on menus described in the following sections.
234 XS712T Smart Switch Figure 7. Switch S tatistics scr een The following t able describes the switch statistics displayed on the screen. T able 37. Switch st atistics Field Description ifIndex This object indicates the ifIndex of the interface table entry associated with the processo r of this switch.
235 XS712T Smart Switch Use the buttons at the bottom of the scree n to perform the following actions: • Click Clear to clear all the statist ics counters, resetting all switch summary and det ailed statistics to default values. The d isc arded packet s count cannot be cleared.
236 XS712T Smart Switch Po r t S t a t i s t i c s The Port S tatistics screen displays a su mmary of per-port traf fic statistics on the switch. T o access the port summary screen: 1.
237 XS712T Smart Switch T o reset the counters for all interfaces on the switch: 1. Select the check box in the heading of the t able. 2. Click Clear . T o reset the counters for a specific interface: 1. Select the check box next to the interf ace for which you want to clear the co unters.
238 XS712T Smart Switch P ort Detailed Statistics The Port Deta iled S tatistics screen displays a va riety of per-port traf fic statistics. T o access the port det ailed screen: 1. Select Moni toring Port s > Port Detailed S t atistics . The Port Deta iled S tatistics figure shows some, but not a ll, of the fields on the screen .
239 XS712T Smart Switch The following ta ble describes the det ailed port information displayed on the screen. T able 39. De t ail ed interface statistics Field Descrip tion ifIndex This field indicates the ifIndex of the interfa c e table entry associated with this port on an adapt er .
240 XS712T Smart Switch LACP Mode Selects the Link Aggregation Cont rol Protocol admin istration st ate: • Enable. S pec ifies that the port is allow ed to participate in a port channel (LAG), which is the defa ult mode. • Disable. S pecifies that th e port cannot p art icipate in a port channel (LAG).
241 XS712T Smart Switch Octets Received The total number of octets of data (including those in bad packets) received on the network (excluding framing bit s but including FCS octets). This object can be used as a reasonable e s timate of Ether net utilization.
242 XS712T Smart Switch Jabbers Received The total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either a ba d Frame Check Seque nce (FCS) with an integral nu mber of octets (FCS Error) or a bad FCS with a non-integra l number of octet s (Alignment Error).
243 XS712T Smart Switch Packets T r ansmitted 256-51 1 Octets The total number of packets (including bad packets) transmitted that were between 256 and 51 1 octe t s in length inclusive (excluding frami ng bit s but including FCS octets).
244 XS712T Smart Switch Use the buttons at the bottom of the screen to perform the following actions: • Click Clear to clear all the counters. This resets all statistics for this port to the default values. • Click Refresh to refresh the data on th e screen and display the most current st atistics.
245 XS712T Smart Switch EAP Statistics Use the EAP S tatistics screen to display information about EAP packet s received on a specific port. T o display the EAP st atistics screen: 1.
246 XS712T Smart Switch Use the buttons at the bottom of the screen to perform the following actions: • T o clear all the EAP counters for all ports on the switch, select the check box in the row heading and click Clear . The button reset s all statistics for all port s to default values.
247 XS712T Smart Switch Cable T est Use the Cable T est screen to display information about the cables connected to switch ports. T o display the cable test screen: 1.
248 XS712T Smart Switch The following t able describes the cable information displayed on the screen. Logs The switch can generate messages in response to events, fault s, or errors occurring on the platform as well as changes in configuration or othe r occurrences.
249 XS712T Smart Switch Memory Log The Memory Log stores messages in memory ba sed upon the settings for message component and severity . Use the Memory Log screen to set the admin istrative status and behavior of logs in the system b uffer . Thes e log messages are cleared when the switch reboot s.
250 XS712T Smart Switch Priority = (facility val ue × 8) + severity level . The facility value is usually one, which means it is a user-level message. Th erefore, to determine the severity level of the message, subtract eight from the number in the angle brackets.
251 XS712T Smart Switch 3. From the Severity Filter field, specify the type of log messages to record. A log records messages equal to or above a c onfigured se verity thre shold. For example, if you select Error , the logged messages include Error , Critical, Alert, and Emergency .
252 XS712T Smart Switch Server Log Use the Server Log screen to allow th e switch to send log messag es to the remote logging hosts configur ed on the system. T o configure local log server settings: 1. Select Moni toring Logs > Server Log link.
253 XS712T Smart Switch T o add a remote syslog host (log server): 1. S pecify the following settings in the following list. • IP Address T ype . S pecify the IP Address T ype of Host. It can be one of the following: - IPv4 - IPv6 - DNS • Host Address .
254 XS712T Smart Switch T rap Logs Use the T rap Logs screen to view information about the SNMP traps generated on the switch. T o view trap log information: Select Monitoring Logs > T rap Logs . The T rap Logs screen displays. Figure 8. T rap log sc reen The following t able describes the T rap Log information displayed on the screen.
255 XS712T Smart Switch Event Logs Use the Event Log screen to display the eve nt log, which is used to hold error messa ges for catastrophic event s. After the event is logged and the updated log is saved in flash memory , the switch will be reset.
256 XS712T Smart Switch Mirroring The Port Mirroring screen allows you to view and configure port mirroring on the system. Port mirroring selects the network tr affic for analysis by a ne twork analyzer . This is done for spe cific port s of the switch.
257 XS712T Smart Switch 3. Select the mode for port mirroring on the selected port from the Session Mode: • Enable . Multiple Port Mirroring is active on the sele cted port. • Disable . Port mirroring is not active on the se lected port, but the mirroring information is retained.
258 XS712T Smart Switch.
259 8 8. Mai n t en an ce Use the features available from the Mainte nance t ab to help you manage the switch. The Maintenance tab cont ains links des cribed in the following sections. • Reset • Upload • Download • File Management Re se t The Reset menu contains links descr ibed in the following sections.
260 XS712T Smart Switch Factory Default Use the Factory Default screen to reset the syst em configuration to the factory default values. Note: If you reset the switch to the default configuration, the IP addre ss is reset to, and th e DHCP client is enabled.
261 XS712T Smart Switch TFTP File Upload Use the TFTP File Upload screen to upload c onfiguration (ASCII), log (ASCII ), and image (binary) files from the switch to a TFTP serve r on the network. T o upload a file from the switch to the TFTP server: 1.
262 XS712T Smart Switch 8. Select the S tart File T ransfer check box to initiate the file upload. 9. Click Apply to begin the file tra nsfer . Note: The file transfer will not begin until you click Apply . The last row of the tab le displays information about the prog ress of the file transfer .
263 XS712T Smart Switch Download The switch supports system file do wnloads from a remote system to the switch by using either TFTP or HTTP . The Down load menu cont ains links descri bed in the following sections.
264 XS712T Smart Switch • T ext Configuration . A text-based configuration file enables you to edit a config ured text file (startup-conf ig) offline as need ed without having to translate the conte nts for the switch to understand .
265 XS712T Smart Switch 9. Click Apply to begin the file transfer . The last row of the t able displays informati on abo ut the progress of the file transfer . The screen refreshes automatically until t he file transfe r completes or fails. T o activate a software image that you download to the switch, see File Management on pag e 266 .
266 XS712T Smart Switch Note: It is recommended that you do not overwrite the a ctive image. The system will display a warning that you are trying to overwrite the active image. 4. Next to the Select File field, click Browse to locate the file you want to download.
267 XS712T Smart Switch Dual Image Configuration The system running a leg acy software versi on will ignore (not load) a configuration file created by the newer sof tware version.
268 XS712T Smart Switch Dual Image Status The Dual Image S tatus screen shows th e following: • Image 1 V er . The version of the image1 code file. • Image 2 V er . The version of the image2 code file. • Curren t-active . The currently active image on this unit.
269 A A. Sm art Cont r o l Center Uti li ties The NETGEAR Smart Control Center (SCC) is a Wi ndows based application. Its main function is to discover NETGEAR Smart switches in your network and co nnect them to your network. For information about device discover y and net work connectivity , see Chapter 1, Getting S tarted .
270 XS712T Smart Switch • Configure Device . Allows you to modify network info rmation for the switch, including the IP address, DHCP client mode, system name , a nd location. For more information about this feature, see Configure the Device on p age 271 .
271 XS712T Smart Switch Configure the Device Use the Configure Device button to define basic switch configuration informat ion. T o modify switch information: 1. Sel ect the swit ch. 2. Click Con figure De vice . Additional fields appear on the screen.
272 XS712T Smart Switch Change the Switch P assword Use the Change Password button to change the administrative password you u se to log in to the switch management interface. T o change the switch password: 1. Select the sw itch. 2. Click Chang e Password .
273 XS712T Smart Switch Manage the Switch Configuration and Firmware The Maintenance ta b includes links to perform the following t asks: • Uplo ad and download the configuration .
274 XS712T Smart Switch 4. Click OK . 5. Enter the switch password and click Apply . The file is uploaded to the administra tive computer as a *.cfg file. Y ou can open it and view the conten ts with a text editor . T o restore the configuration to a previously saved vers ion: 1.
275 XS712T Smart Switch Upgrade the Firmware The application sof tware for the XS712T Smart Switch is upgradeable, enabling your switch to take advant age of improvement s and additional features as they become availab le.
276 XS712T Smart Switch 6. Download the firmware to primary or secondary storage. • Download the firmware as to primary s torage . By default, the firmware is downloaded to primary storage and will be become the active image after the download completes and the switch reboot s.
277 XS712T Smart Switch View and Manage T asks From the T asks t ab, you can view informat ion about configurati on downloads and firmware upgrades that have already occurred, are in progress, or are scheduled to take place at a later time. Y ou can also delete or reschedule selected tasks.
278 XS712T Smart Switch.
279 B B. Tr o u b l e s h o o t i n g This appendix covers th e following topics: • T roubleshooting Configuration Menu • T roubleshooting Chart T roubleshooting Configuration Menu The Maintenance main naviga tion tab gives access to the T roubleshooting configuration menu.
280 XS712T Smart Switch 2. In the IP Address/Host Name field, specify the IP address or the host name of the station you want the switch to ping. The initial value is blank. This information is not retained across a power cycle. 3. Configu re the following settings: • In the Count field, specify the number of pings to se nd.
281 XS712T Smart Switch Ping IPv6 Use the Ping IPv6 screen to send a Ping requ est to a specified host name or IPv6 address. Y ou can use this to check whether the switch c an communicate with a p articular IPv6 st ation.
282 XS712T Smart Switch Tr a c e R o u t e Use the T raceroute utility to discover the paths t hat a packet t akes to a remote destination. T o trace a route to an IPv4 address or host: 1. Select Main tenance T roubleshooting T raceRoute .
283 XS712T Smart Switch T roubleshooting Chart The following ta ble lists sympto ms, caus es, and solutions of possible problems. T able 45. T roubleshooting chart Symptom Cause Solution Power LED is off. No power is received. Check the power cord conn ections for the switch at the sw itch and the connected AC power so urce.
284 XS712T Smart Switch.
285 C C. Con f ig ur at ion Exam ple s This appendix cont ains inform ation about how to configure: • Virtual Local Area Networks (VLANs) • Access Control List s (ACLs) • Differentiated Services (DiffServ) • 802.
286 XS712T Smart Switch • They are easy to manage. The addition of n odes, as we ll as moves and other changes, can be dealt with quickly and c onveniently from a manage ment interface rather than from the wiring closet. • They provide increased performance.
287 XS712T Smart Switch • For the VLAN with VLAN ID 10, specify the following members: port 1 (U), po rt 2 (U), and port 3 (T). • For the VLAN with VLAN ID 20, specify th e following members: port 4 (U), port 5 (T), and port 6 (U).
288 XS712T Smart Switch criteria to a particular que ue or redirect the traf fic to a particular p ort. A default deny all rule is the last rule of every list. 2. Apply the access list to an interface in the inbound direction. The XS712T Smart Switch allows ACLs to be bound to physical port s and LAGs.
289 XS712T Smart Switch Y ou can assign an optional sequence number to indicate the order of this access list relative to other access list s if any are al ready assign ed to this interface and direction. 4. The MAC Binding T able displays the interface and MAC ACL binding information (see MAC Binding T able on page 219 ).
290 XS712T Smart Switch 8. Use the IP Binding T able screen to view the interfaces and IP ACL binding inf ormation (see IP Binding T able on page 231 ).
291 XS712T Smart Switch Class Y ou can classify incoming packet s at layers 2, 3, and 4 by inspecting the following information for a pa cket: • Source/destination MAC address • EtherT ype • Class of Service (802.
292 XS712T Smart Switch Create P olicies Use DiffServ policies to associat e a collection of classes that you configure with one or more QoS policy st atement s. The result of this association is referred to as a po licy . From a DiffServ pe rspective, there are two types of policie s: • T raffic Conditioning Policy .
293 XS712T Smart Switch designating the incoming color value to be use d as the conforming color . The color of exceeding traf fic can be opti onally specified as well. • Count ing . Updating octet and packet st atistics to keep track of dat a handling along traf fic paths wit hin DiffServ .
294 XS712T Smart Switch 8. Configure the Policy attributes as follows: • Assign Queu e. 3 • Policy Attribute . Simple Policy • Color Mode . Color Blind • Committed Rate . 1000000 Kbps • Committed Burst Size . 128 KB • Confirm Action . Send • Violate Action .
295 XS712T Smart Switch The XS712T Smart Switch support s a guest VLAN , which allows unauthenticated u sers to have limited access to the network resource s. Note: Y ou can use QoS f eatures to provide rate limiting on the guest VLAN to limit the network resources th e guest VLAN provides.
Supplicant Supplicant Authenticator Switch Authentication Server (RADIUS) 296 XS712T Smart Switch Sample 802.1X Configuration This example shows how to configu re the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (g1–g8).
297 XS712T Smart Switch For more information, see RADIUS Configuration on page 173 . 7. Click Add . 8. From the Authentication List screen, configure the default List to use RADIUS as the first authentication method (see Authentication List Configu ration on page 180 ).
298 XS712T Smart Switch All bridges, whether they use STP , RSTP or MSTP , send information in configuration messages via Bridge Protocol Dat a Units ( BPDUs) to assign port roles that determine each port’s particip ation in a fully and simply co nnected active topo logy based on one or more spanning t rees.
299 XS712T Smart Switch Sample MSTP Configuration This example shows how to create an MSTP instance from the XS712T switch. The exa mple network has three dif ferent XS712T switches that serve different loca tions in the network. In this example, port s g1–g5 are connected to host stations, so those links are not subject to network loops.
300 XS712T Smart Switch If you do not specify a root bridge and all swit ches have the same Bridge Priority value, the switch with the lowest MAC address is elected as the root bridge (see CST Configuration on p age 101 ).
301 XS712T Smart Switch VLAN R outing with a Static R o ute Refer to the following sections to conf igure VLAN routing with a st atic route. VLAN Routing Overview VLANs divide broadcast domains in a LAN env ironment. Whene ver hosts in one VLAN need to communicate with host s in another VLAN, the traf fic must be routed between them.
302 XS712T Smart Switch Note: Y ou can only use the VLAN Routing Wizard for creating VLANs, adding ports, and enabling it for routing by assigning the IP address and mask.
303 D D. H a rd wa re S p e c i fi c a t i o n s a n d D e fa u l t Va l u e s XS712T Smart Switch Specifications The XS712T Smart Switch conforms to the TCP/IP , UDP , HTTP , ICMP , TFTP , DHCP , IEEE 802.1D, IEEE 802.1p, and IE EE 802.1Q st andards.
304 XS712T Smart Switch XS712T Switch Features and Defaults T able 47. Switch fea tures and default s Feature Sets Supported Default Auto negotiation/static speed/duplex All ports Auto negotiation Auto MDI/MDIX N/A Enabled 802.
305 XS712T Smart Switch Password control access 1 Idle timeout = 5 mins. Password = “password” Management security 1 profile wi th 20 rules for HTTP/HTTPS/SNMP access to allow/deny an IP address/subnet All IP addresses allowed Port MAC lock down All ports Disabled Boot code update 1 N/A DHCP/manual IP 1 DHCP enabled/192.
306 XS712T Smart Switch Number of rout ed VLANs 15 N/A Number of ARP Cache ent ries 1024 N/A Number of DHCP snoopin g bindings 8K N/A Number of DHCP static entri es 1 024 N/ A MLD Snooping N/A Disabled Protocol and MAC-based VLAN N/A N/A Private VLAN N/A N/ A T able 47.
307 E E. No tif i ca ti on of C omp li ance E NET GEAR W ir ed Pr oduc ts Certificate of the Manufacturer/Importer It is hereby certified that the ProSafe™ XS712T Smart Switch has been suppressed in a ccordance with the conditions set out in the BMPT -AmtsblVfg 243/1991 and Vfg 46/1992 .
XS712T Smart Switch 308 Europe – EU Declaration of Conformity Marking by the above symbol indicates compliance with th e Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC).
XS712T Smart Switch 309 FCC Requirements for Op erat ion in the United States FCC Inform ation to User This product does not cont ain any user serviceable comp onents and is to be used w ith approved antennas only .
XS712T Smart Switch 310 • This device mu st accept any interference received , including interference that may cause undesired operation. FCC Radio Frequency Interference W arnings & Instructions This equipment has been tested and found to comply with th e limit s for a Class B digital device, pursuant to Part 15 of the FCC Rules.
デバイスNETGEAR XS712T-100NESの購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
NETGEAR XS712T-100NESをまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはNETGEAR XS712T-100NESの技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。NETGEAR XS712T-100NESの取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。NETGEAR XS712T-100NESで得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
NETGEAR XS712T-100NESを既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はNETGEAR XS712T-100NESの不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、NETGEAR XS712T-100NESに関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちNETGEAR XS712T-100NESデバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。