Page 1
8-Port Multi-Gigabit Smart Managed Pro Switch with Two 10G Ports MS 510T X and MS 5 10 T XP P Us e r Manual September 2017 202-11762-02 350 East Plumeria Drive San Jose, CA 95134...
Page 2
Support Thank you for purchasing this NETGEAR product. You can visit www.netgear.com/support to register your product, get help, access the latest downloads and user manuals, and join our community. We recommend that you use only official NETGEAR support resources. Conformity For the current EU Declaration of Conformity, visit http://kb.netgear.com/app/answers/detail/a_id/11621.
Get Started This manual describes how you can configure and monitor the following NETGEAR switches by using the local browser–based management interface: • MS510TX. 8-Port Multi-Gigabit Smart Managed Pro Switch with two 10G Ports, Model MS510TX • MS510TXPP. 8-Port Multi-Gigabit Smart Managed Pro Switch with PoE+ and two 10G...
CD. You can also download the SCC program from downloadcenter.netgear.com. If you do not use a Windows-based computer, get the IP address of the switch from the DHCP server in the network or use an IP scanner utility.
Smart Managed Pro Switches MS510TX and MS510TXPP • Local browser–based management interface. This manual describes how to use the local browser–based management interface, in this manual referred to as the local browser interface, to manage and monitor the switch. The local browser interface lets you configure basic and advanced features.
Smart Managed Pro Switches MS510TX and MS510TXPP Interface Naming Conventions The switch supports physical and logical interfaces. Interfaces are identified by their type and the interface number. The physical ports are Gigabit interfaces and are numbered on the front panel. You configure the logical interfaces by using the local browser interface.
The SCC program runs on a Windows-based computer and is included on the resource CD. You can also download the SCC program from downloadcenter.netgear.com. If you do not use a Windows-based computer, get the IP address of the switch from the DHCP server in the network or use an IP scanner utility, which are available free of charge on the Internet.
Page 14
Smart Managed Pro Switches MS510TX and MS510TXPP Write down the displayed IP address assigned by the DHCP server. You need this address later to access the switch directly from a web browser (without using the Smart Control Center). Select the switch by clicking the row for the switch.
DHCP server. The SCC program runs on a Windows-based computer and is included on the resource CD. You can also download the SCC program from downloadcenter.netgear.com. If you do not use a Windows-based computer, see Access the Switch Off-Network on page 16.
Smart Managed Pro Switches MS510TX and MS510TXPP Enter the static switch IP address, gateway IP address, and subnet mask for the switch. Enter the switch password to continue with the configuration change. The default password is password. You must enter the password each time that you use the Smart Control Center to update the switch settings.
We never sell or rent your email address and you can opt out of communications at any time. When you log in to the switch, you are prompted to register with NETGEAR. However, at any time you can visit the NETGEAR website for registration at https://my.netgear.com/register/register.aspx.
Page 18
Smart Managed Pro Switches MS510TX and MS510TXPP • All ports • A single LAG • Multiple LAGs • All LAGs • Multiple ports and LAGs • All ports and LAGs Many of the pages that allow you to configure or view interface settings include links to display all ports, all LAGs, or all ports and LAGs on the page.
The login window opens. Enter the switch’s password in the Password field. The default password is password. The Switch Information page displays. Select System > Device View. The previous figure shows the Device View page for model MS510TX. Get Started...
Page 20
Smart Managed Pro Switches MS510TX and MS510TXPP The system LEDs are located on the left side. Depending upon the status of the port, the port color in Device View is either yellow, green, or black (that is, off). The following table describes the LEDs on the Device View page.
Page 21
Smart Managed Pro Switches MS510TX and MS510TXPP Table 3. LEDs on the Device View page (continued) Description 2.5G Ports 5 and 6, Right LEDs The right LEDs for ports 5 and 6 (mg5 and mg6) indicate the following PoE status...
Page 22
Smart Managed Pro Switches MS510TX and MS510TXPP The previous figure shows the Device View page for model MS510TXPP. To display the main menu that contains the same options as the navigation menu at the top of the page, right-click the graphic without clicking a specific port.
Configure System Information This chapter covers the following topics: • View and Configure the Switch Management Settings • Use the Device View • Configure Power over Ethernet • Configure SNMP • Configure LLDP • Configure DHCP Snooping • Set Up PoE Timer Schedules...
Smart Managed Pro Switches MS510TX and MS510TXPP View and Configure the Switch Management Settings This section describes how to display the switch status and specify some basic switch information, such as the management interface IP address, system clock settings, and DNS information.
Page 25
Smart Managed Pro Switches MS510TX and MS510TXPP Define the following fields: • System Name. Enter the name to identify this switch. You can use up to 255 alphanumeric characters. The default is blank. • System Location. Enter the location of this switch. You can use up to 255 alphanumeric characters.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Boot Version The boot code version of the switch. Software Version The software version of the switch. View the System CPU Status Use the System CPU Status page to monitor the CPU, memory resources, and utilization patterns across various intervals to assess the performance of the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP View USB Device Information Use the USB Device Information page to display the USB device status, memory statistics, and directory details. The limitations for the USB device supported on the switch are as follows: •...
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the USB Directory Details information. Table 5. USB Directory Details information Field Description File Name The name of the file stored in the USB flash drive. Type The type of file, which can be one of the following: •...
Page 29
Smart Managed Pro Switches MS510TX and MS510TXPP Select a radio button to determine how to configure the network information for the switch management interface: • Static IP Address. Specifies that the IP address, subnet mask, and default gateway must be manually configured. Enter this information in the fields below this radio button.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure the IPv6 Address for the Network Interface You can configure the IPv6 address for the network interface, which is the logical interface used for in-band connectivity with the switch through any of the switch’s front-panel ports.
Smart Managed Pro Switches MS510TX and MS510TXPP In the IPv6 Gateway field, specify the default gateway for the IPv6 network interface. The gateway address is in IPv6 global or link-local address format. To configure one or more static IPv6 addresses for the management interface, do the following: a.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the information that the IPv6 Network Interface Neighbor Table displays about each IPv6 neighbor that the switch discovered. Table 6. IPv6 network interface neighbor table information Field Description IPv6 Address The IPv6 address of a neighbor switch visible to the network interface.
Page 33
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select System > Management > Time > SNTP Global Configuration. The Time Configuration page displays.
Page 34
Smart Managed Pro Switches MS510TX and MS510TXPP Polling for unicast information is used for polling a server for which the IP address is known. SNTP servers that were configured on the device are the only ones that are polled for synchronization information.
Page 35
Smart Managed Pro Switches MS510TX and MS510TXPP The SNTP server entry is added. Repeat the previous steps to add additional SNTP servers. You can configure up to eight SNTP servers. The SNTP Server Status table displays status information about the SNTP servers configured on your switch.
Page 36
Smart Managed Pro Switches MS510TX and MS510TXPP Remove an SNTP Server To remove an SNTP server: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 37
Smart Managed Pro Switches MS510TX and MS510TXPP The Time Configuration page displays. Select the Clock Source SNTP radio button. The Date and Time fields are disabled because the switch receives the date and time from the network. From the Time Zone Offset menu, select the number of hours that the time zone in which the switch is located differs from the Coordinated Universal Time (UTC).
Page 38
Smart Managed Pro Switches MS510TX and MS510TXPP The following table displays the nonconfigurable SNTP Global Status information. Table 8. SNTP Global Status information Field Description Version The SNTP version that the client supports. Supported mode The SNTP modes that the client supports. Multiple modes can be supported by a client.
Page 39
Smart Managed Pro Switches MS510TX and MS510TXPP Select a Daylight Saving (DST) radio button: • Disable. Disable daylight saving time. • Recurring. Daylight saving time occurs at the same time every year. The start and end times and dates for the time shift must be manually configured.
Page 40
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Ends At If you select the Recurring radio button, specify the end date and time of daylight saving in the following fields: Note: These fields do not apply if you select •...
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. Select System > Management > Time > DayLight Saving Configuration. The DayLight Saving (DST) Status page displays. To refresh the page, click the Refresh button.
Page 42
When the system is performing a lookup on an unqualified host name, this field is provides the domain name (for example, if default domain name is netgear.com and the user enters test, then test is changed to test.netgear.com to resolve the name). The name must not be longer than 158 characters.
Page 43
Smart Managed Pro Switches MS510TX and MS510TXPP The following table displays DNS Server Configuration information. Table 10. DNS Server Configuration information Field Description The identification of the DNS Server. Preference Shows the preference of the DNS server. The preferences are determined by the order in which they were entered.
Page 44
Smart Managed Pro Switches MS510TX and MS510TXPP Remove an Entry From the Dynamic Host Mapping Table To remove an entry from the dynamic host mapping table: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP Select the check box for the entry to update. Enter the new information in the appropriate field. Click the Apply button. Your settings are saved. To clear all the dynamic host name entries from the list, click the Clear button.
Page 46
Smart Managed Pro Switches MS510TX and MS510TXPP Short Cable mode is enabled globally, but you can disable it on a per-port basis for ports g1–g4 (see Manage and View the PoE Port Configuration on page 55). You cannot disable it for other ports. If Short Cable mode is enabled on a port, and the cable length is too short, the PHY enters low-power mode.
Page 47
Smart Managed Pro Switches MS510TX and MS510TXPP • Select the port. From the Auto Power Down Mode menu, select Enable or Disable. The default is Disable, which is the global setting (see Configure the Global PoE Settings on page 53). For ports g1–g4 only, you can disable the mode.
Page 48
Smart Managed Pro Switches MS510TX and MS510TXPP The Reason field shows the reason for the operational status. To disable the Short Reach Admin mode for port g1, g2, g3, or g4, from the Short Reach Admin mod, select Disable. The Energy Detect Admin Mode is enabled globally, but you can disable it for ports g1–g4 only.
Page 49
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 12. The login window opens. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP The Green Mode Statistics Summary page displays. The page shows the Green Ethernet Interface Summary section. To refresh the page, click the Refresh button. The following table describes the nonconfigurable fields. Table 14. Green Ethernet Statistics Summary information...
Smart Managed Pro Switches MS510TX and MS510TXPP • Device Class Power Requirements on page 51 • Power Allocation and Power Budget on page 52 • Configure the Global PoE Settings on page 53 • Manage and View the PoE Port Configuration...
Smart Managed Pro Switches MS510TX and MS510TXPP supports these standards. PoE and PoE+ let you power such devices without the need for a separate power supply. The switch supports a Plug-and-Play process by which it detects the type of device that is connected to one of its PoE+ ports and whether that device needs power and how much so that the switch can provide the correct power the device.
Smart Managed Pro Switches MS510TX and MS510TXPP However, the PDs consume less power than defined by their classes: The PD attached to Port 1 consumes 7.3W, the PD attached to Port 2 consumes 4.7W, and the PD attached to Port 3 consumes 8.9W. So even though the switch provides power to two Class 4 devices and one Class 3 device, the available power budget is 159.1W (180W–7.3–4.7–8.9W).
Page 54
Smart Managed Pro Switches MS510TX and MS510TXPP Enter the switch’s password in the password field. The default password is password. If you added the switch to a network on the Insight app before and you did not yet change the password through the local browser interface, enter your Insight network password.
Smart Managed Pro Switches MS510TX and MS510TXPP Manage and View the PoE Port Configuration Depending on the model, the switch includes eight PoE+ ports. To configure and view the PoE+ port settings: Connect your computer to the same network as the switch.
Page 56
Smart Managed Pro Switches MS510TX and MS510TXPP The settings that you configure apply to all selected PoE+ ports. Menu Item Description Port Power Select the administrative mode of the port: • Enable. The port’s capacity to deliver power is enabled. This is the default setting.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Status The operational status of the port. The possible values are as follows: • Disabled. No power is delivered. • Delivering Power. Power is being drawn by the PD. • Requesting Power. The port is requesting power.
Smart Managed Pro Switches MS510TX and MS510TXPP From the System > SNMP menu, you can access pages that are described in the following sections: • Configure the SNMPv1/v2 Community on page 58 • Configure SNMPv1/v2 Trap Settings on page 60 •...
Page 59
Smart Managed Pro Switches MS510TX and MS510TXPP 192.168.1.0 through 192.168.1.255 (inclusive) is allowed access. To allow access from only one station, use a management station IP mask value of 255.255.255.255, and use that machine’s IP address for client address. In the Community String field, specify a community name.
Smart Managed Pro Switches MS510TX and MS510TXPP Delete an SNMP Community To delete an SNMP community: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 61
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. Select System > SNMP > SNMPv1/v2 > Trap Configuration. The Trap Configuration page displays. In the Recipients IP field, enter the IPv4 address in the x.x.x.x format to receive SNMP traps from this device.
Smart Managed Pro Switches MS510TX and MS510TXPP Delete an SNMP Recipient To delete an SNMP trap recipient: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP Select System > SNMP > SNMPv1/v2 > Trap Flags. The Trap Flags page displays. Configure the following options: • All. Globally activate or disable all traps by selecting the corresponding radio button. By default, the Enable radio button is selected.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure SNMPv3 Users Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, the switch supports only one user (admin). Therefore, you can create or modify only one profile.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure LLDP The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN.
Page 66
Smart Managed Pro Switches MS510TX and MS510TXPP In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 12.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure LLDP Port Settings Use the LLDP Port Settings page to specify per-interface LLDP settings. To configure the LLDP interface: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP The default is Auto Advertise. • Notification. When notifications are enabled, LLDP interacts with the trap manager to notify subscribers of remote data change statistics. The default is Disable. • Optional TLV(s). Enable or disable the transmission of optional type-length value (TLV) information from the interface.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the LLDP-MED network policy information that displays on the page. Table 18. LLDP-MED network policy information Field Description Network Policy Number The policy number. Application The media application type that is associated with the policy. Only the voice application type is supported.
Smart Managed Pro Switches MS510TX and MS510TXPP Use the following menus to enable or disable the following LLDP-MED settings for the selected port: • LLDP-MED Status. The administrative status of LLDP-MED on the interface. When LLDP-MED is enabled, the transmit and receive function of LLDP is effectively enabled on the interface.
Page 71
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the LLDP device information and port summary information. Field Description Device Information Chassis ID Subtype The type of information used to identify the switch in the Chassis ID field.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Operational MAU Type The Medium Attachment Unit (MAU) type. The MAU performs physical layer functions, including digital data conversion from the Ethernet interface collision detection and bit injection into the network.
Page 73
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the information that displays for all LLDP neighbors that were discovered. Field Description MSAP Entry The Media Service Access Point (MSAP) entry number for the remote device. Local Port The interface on the local system that received LLDP information from a remote system.
Page 74
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Managed Addresses Address SubType The type of the management address. Address The advertised management address of the remote system. Interface SubType The port subtype. Interface Number The port on the remote device that sent the information.
Smart Managed Pro Switches MS510TX and MS510TXPP Field Description Manufacturer Name The manufacturer name advertised by the remote device. Model Name The model name advertised by the remote device. Asset ID The asset ID advertised by the remote device. Location Information...
Smart Managed Pro Switches MS510TX and MS510TXPP DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also provides way to differentiate between untrusted interfaces connected to the end user and trusted interfaces connected to the DHCP server or another switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Enable DHCP for All Interfaces in a VLAN To enable DHCP snooping for all interfaces that are members of a VLAN: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. Select System> Services > DHCP Snooping > Interface Configuration. The DHCP Snooping Interface Configuration page displays. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link.
Page 79
Smart Managed Pro Switches MS510TX and MS510TXPP In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 12.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure the DHCP Snooping Persistent Settings You can configure the persistent location of the DHCP snooping bindings database. The bindings database can be stored locally on the device. To configure DHCP snooping persistent settings: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP delivering power. That is, when a timer schedule is active, PoE is disabled on the port. When the timer schedule is inactive, PoE is enabled on the port. Note: Timer schedules can function only if the switch clock was set, either...
Smart Managed Pro Switches MS510TX and MS510TXPP Specify the Settings for a PoE Timer Schedule A PoE timer schedule can start either immediately or at a specific time on a specific date. Similarly, a PoE timer schedule can continue indefinitely (or until you change the settings) or end at a specific time on a specific date.
Smart Managed Pro Switches MS510TX and MS510TXPP If you select the Permanent radio button, the timer schedule continues indefinitely (or until you change the settings) after you complete the configuration for the timer schedule. You do not need to specify the date and time that the timer schedule ends.
Smart Managed Pro Switches MS510TX and MS510TXPP You can select only names of schedules that you created (see Create a PoE Timer Schedule on page 81). Select the check boxes for the days on which the PoE timer schedule must be active.
Smart Managed Pro Switches MS510TX and MS510TXPP Delete a PoE Timer Schedule You can delete a PoE timer schedule that you no longer need. All periodic schedules that are part of the PoE timer schedule are also deleted. To delete a PoE timer schedule: Connect your computer to the same network as the switch.
Configure Switching This chapter covers the following topics: • Configure Port Settings and Flow Control • Configure Link Aggregation Groups • Configure VLANs • Configure a Voice VLAN • Configure Auto-VoIP • Configure Spanning Tree Protocol • Configure Multicast • View, Search, and Manage the MAC Address Table...
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Port Settings and Flow Control You can configure global flow control for all ports and view, configure, and monitor the port information for individual ports. From the Switching > Ports menu, you can access pages that are described in the following sections: •...
Smart Managed Pro Switches MS510TX and MS510TXPP Click the Apply button. Your settings are saved. Configure the Port Settings You can view, configure, and monitor the physical port information for the ports (that is, the physical interfaces) on the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP • Ports mg5-mg6. Support the setting of 100 Mbps FD, 1 Gbps FD, and Auto. When set to Auto, the port advertises 100 Mbps FD, 1000 Mbps FD, and 2.5 Gbps FD. •...
Smart Managed Pro Switches MS510TX and MS510TXPP A LAG interface can be either static or dynamic, but not both. All members of a LAG must participate in the same protocols. A static port channel interface does not require a partner system to be able to aggregate its member ports.
Page 91
Smart Managed Pro Switches MS510TX and MS510TXPP Select one or more LAGs by taking one of the following actions: • To configure a single LAG, select the check box associated with the LAG. • To configure multiple LAGs with the same settings, select the check box associated with each LAG.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 21. LAG Configuration information Field Description LAG ID Identification of the LAG. Active Ports Indicates the ports that are actively participating in the port channel.
Smart Managed Pro Switches MS510TX and MS510TXPP A selected port is displayed by a check mark. Click the Apply button. Your settings are saved. Set the LACP System Priority The LACP configuration page is used to set the LACP system priority.
Smart Managed Pro Switches MS510TX and MS510TXPP In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 12.
Smart Managed Pro Switches MS510TX and MS510TXPP can either reject it or insert a tag using its default VLAN ID. A given port can handle traffic for more than one VLAN, but it can support only one default VLAN ID.
Page 96
Smart Managed Pro Switches MS510TX and MS510TXPP Select Switching> VLAN > Basic > VLAN Configuration. The VLAN Configuration page displays. The page also shows the Reset section. In the VLAN ID field, specify the VLAN identifier for the new VLAN.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: You cannot delete VLAN 1, which is the default VLAN. Click the Delete button. The VLAN is removed. Reset All VLANs to the Default Settings To reset all VLANs to the default settings: Connect your computer to the same network as the switch.
Page 98
Smart Managed Pro Switches MS510TX and MS510TXPP In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 12.
Smart Managed Pro Switches MS510TX and MS510TXPP • U (Untagged). Select the LAGs on which all frames transmitted for this VLAN are untagged. The LAGs that are selected are included in the VLAN. By default, the selection is blank, which means that the LAG is excluded from the VLAN but can be dynamically registered (autodetected) in the VLAN through GVRP.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 23. VLAN status Field Definition VLAN ID The VLAN identifier (VID) of the VLAN. The range of the VLAN ID is 1 to 4093.
Page 101
Smart Managed Pro Switches MS510TX and MS510TXPP The Port PVID Configuration page displays. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. •...
Smart Managed Pro Switches MS510TX and MS510TXPP You can enter a number from 0 to 7. Click the Apply button. Your settings are saved. Configure MAC-Based VLAN Groups The MAC-Based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet.
Page 103
Smart Managed Pro Switches MS510TX and MS510TXPP In the Prefix Mask field, enter a value from 9 to 48. In the Group ID field, specify a group ID that allows you to identify the group. Click the Add button. The MAC address is added to the MAC-based VLAN group.
Smart Managed Pro Switches MS510TX and MS510TXPP Manually Add Members to or Remove Them From a MAC-Based VLAN Group To add members to or remove them from a MAC-based VLAN group: Connect your computer to the same network as the switch.
Page 105
Smart Managed Pro Switches MS510TX and MS510TXPP If you assign a port to a protocol-based VLAN for a specific protocol, untagged frames received on that port for that protocol are assigned the protocol-based VLAN ID. Untagged frames received on the port for other protocols are assigned the port VLAN ID, either the default PVID (1) or a PVID you specifically assigned to the port using the Port VLAN Configuration page.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 25. Protocol Based VLAN Mapping Field Definition Group ID The ID of the group. VLAN ID The VLAN ID that is associated with the group.
Smart Managed Pro Switches MS510TX and MS510TXPP In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 12.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: It can take up to 10 seconds for GARP configuration changes to take effect. To configure GARP switch settings: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 109
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 12. The login window opens. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP centiseconds (10 seconds). An instance of this timer exists for each GARP participant for each port. Click the Apply button. Your settings are saved. Configure a Voice VLAN You can configure the global settings for a voice VLAN and enable or disable the voice VLAN for specific ports and LAGs that carry traffic from IP phones.
Smart Managed Pro Switches MS510TX and MS510TXPP Select Switching> Voice VLAN > Properties. The Properties page displays. Select the Voice VLAN Status Enable radio button. This enables the administrative mode for the voice VLAN for the switch. The default is Disable.
Smart Managed Pro Switches MS510TX and MS510TXPP Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. • To display both physical ports and LAGs, click the All link.
Page 113
Smart Managed Pro Switches MS510TX and MS510TXPP Add VoIP OUI Prefixes To add VoIP OUI prefixes to the OUI table: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP The OUI page displays. Select the check box for each OUI prefix to be removed. Click the Delete button. The telephony OUI entries are removed. Configure Auto-VoIP Voice over Internet Protocol (VoIP) enables telephone calls over a data network. Because...
Smart Managed Pro Switches MS510TX and MS510TXPP Select Switching> Auto-VoIP. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link. • To display LAGs only, click the LAGS link. • To display both physical ports and LAGs, click the All link.
Smart Managed Pro Switches MS510TX and MS510TXPP Note: For two bridges to be in the same region, the force version must be 802.1s and their configuration names, digest keys, and revision levels must match. For additional information about regions and their effect on network topology, refer to the IEEE 802.1Q standard.
Page 117
Smart Managed Pro Switches MS510TX and MS510TXPP Configure the following settings: • Spanning Tree State. Enable or disable the spanning tree operation on the switch. • STP Operation Mode. Specify the STP version for the switch. The options are STP, RSTP, and MSTP.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable STP Status fields displayed on the page. Table 26. STP Status Field Description Bridge Identifier The bridge identifier for the CST. It is made up using the bridge priority and the base MAC address of the bridge.
Page 119
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. Select Switching > STP > Advanced > CST Configuration. The CST Configuration page displays. The page also shows the MSTP Status section. Specify the CST options: •...
Smart Managed Pro Switches MS510TX and MS510TXPP Configure CST Port Settings Use the CST Port Configuration page to configure Common Spanning Tree (CST) and Internal Spanning Tree on a specific port on the switch. To configure CST port settings: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The possible values are Enable and Disable. The default value is Disable. When BPDU forwarding is enabled, the switch forwards the BPDU traffic arriving on this port when STP is disabled on this port.
Page 122
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. Select Switching > STP > Advanced > CST Port Status. The CST Port Status page displays. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link.
Smart Managed Pro Switches MS510TX and MS510TXPP View Rapid STP Information Use the Rapid STP page to view information about Rapid Spanning Tree (RSTP) port status. To view information about RSTP: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Manage MST Settings Use the Spanning Tree MST Configuration page to configure Multiple Spanning Tree (MST) on the switch. Configure an MST Instance To configure an MST instance: Connect your computer to the same network as the switch.
Page 125
Smart Managed Pro Switches MS510TX and MS510TXPP For each configured instance, the information described in the following table displays on the page. Table 31. MST configuration Field Description Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority and the base MAC address of the bridge.
Smart Managed Pro Switches MS510TX and MS510TXPP Your settings are saved. Delete an MST Instance To delete an MST instance: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 127
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. Select Switching > STP > Advanced > MST Port Configuration. In the MST Select menu, select the MST instance. Select which type of interfaces display onscreen: • To display physical ports only, click the PORTS link.
Page 128
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the read-only MST port configuration information displayed on the Spanning Tree CST Configuration page. Table 32. MST port status information Field Description Auto Calculated Port Path Displays whether the path cost is automatically calculated (Enabled) or not Cost (Disabled).
Smart Managed Pro Switches MS510TX and MS510TXPP View STP Statistics You can view information about the number and type of bridge protocol data units (BPDUs) transmitted and received on each port. To view Spanning Tree statistics: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP When you limit multicast transmissions to only certain ports on the switch, traffic is not forwarded to parts of the network where it is not needed. From the Switching > Multicast menu, you can access pages that are described in the following sections: •...
Page 131
Smart Managed Pro Switches MS510TX and MS510TXPP To view the MFDB Table: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP View the MFDB Statistics To view the MFDB statistics: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Switching> Multicast > Auto-Video. The Auto-Video Configuration page displays. Select one of the following radio buttons: •...
Smart Managed Pro Switches MS510TX and MS510TXPP Configure the Global IGMP Snooping Settings Before IGMP snooping can be enabled on specific VLANs (see Configure IGMP Snooping for VLANs on page 136), you must configure the global settings. To configure the global IGMP snooping settings: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table displays information about the global IGMP snooping status. Table 36. IGMP snooping and IGMP snooping querier VLAN information Field Description VLAN IDs Enabled For IGMP The VLANs on which IGMP snooping is enabled. For more information, see...
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the information in the IGMP snooping table. Table 37. IGMP Snooping Table information Field Description MAC Address The multicast MAC address for which the switch holds forwarding information, filtering information, or both. The format is six 2-digit hexadecimal numbers that are separated by colons, for example, 01:00:5e:45:67:89.
Smart Managed Pro Switches MS510TX and MS510TXPP Enabling Fast Leave mode lets the switch immediately remove the Layer 2 LAN interfaces from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending MAC-based general queries to the interface.
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. Select Switching> Multicast > IGMP Snooping > IGMP Snooping VLAN Configuration. The IGMP Snooping VLAN Configuration page displays. Select the check box for the VLAN ID. Update the values.
Smart Managed Pro Switches MS510TX and MS510TXPP You can configure and display information about IGMP snooping queriers on the network and, separately, on VLANs. Configure IGMP Snooping Querier You can configure the parameters for IGMP snooping querier. Only a user with read/write access privileges can change the data on this page.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table displays nonconfigurable information about the IGMP snooping querier. Table 39. IGMP snooping querier information Field Description IGMP Version The IGMP protocol version used in periodic IGMP queries. Only ICMPv2 is supported.
Smart Managed Pro Switches MS510TX and MS510TXPP • Snooping Querier VLAN Address. Specify the snooping querier IP address to be used as the source address in periodic IGMP queries sent on the specified VLAN. Click the Apply button. Your settings are saved.
Smart Managed Pro Switches MS510TX and MS510TXPP MLD Snooping Overview Multicast Listener Discovery (MLD) is a protocol that is used by IPv6 multicast routers to discover the presence of multicast listeners (nodes that want to receive IPv6 multicast packets) on its directly attached links and to discover which multicast packets are of interest to neighboring nodes.
Smart Managed Pro Switches MS510TX and MS510TXPP Select the MLD Snooping Admin Mode Enable radio button. By default, the Disable radio button is selected. Click the Apply button. Your settings are saved. The VLAN IDs Enabled For MLD Snooping section displays the VLAN IDs, if any, for which MLD snooping is enabled.
Smart Managed Pro Switches MS510TX and MS510TXPP In the Group Membership Interval field, set the value for the group membership interval of MLD snooping. The valid range is 4 to 3620 seconds. The default value is 260 seconds. In the Maximum Response Time field, set the value for the maximum response time of MLD snooping.
Smart Managed Pro Switches MS510TX and MS510TXPP This is the interface to which an external multicast router is connected. From the VLAN ID menu, select the VLAN ID of which the interface must be a member. From the Multicast Router menu, select Enable to enable the multicast router mode for the VLAN (and therefore, for the multicast router interface).
Smart Managed Pro Switches MS510TX and MS510TXPP • Querier Expiry Interval (secs). This is a field with a calculated value that shows the interval in seconds after which the last querier information is removed. The interval is calculated as 2 * Query Interval + 5. The default value is 255.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 41. MLD Snooping Querier VLAN Configuration information Field Description Operational State The operational state of the MLD snooping querier on a VLAN. It can be in any of the following states: •...
Smart Managed Pro Switches MS510TX and MS510TXPP From the VLAN ID menu, select the VLAN ID. In the Multicast Address field, enter the multicast MAC address that must become the group identifier. Click the Add button. The multicast group is added.
Smart Managed Pro Switches MS510TX and MS510TXPP You cannot select a check box for a dynamically added multicast address. Click the Delete button. The multicast groups are removed. Configure Multicast Group Membership By default, an interface is excluded from multicast groups but could be dynamically added to any multicast group.
Smart Managed Pro Switches MS510TX and MS510TXPP • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface.
Smart Managed Pro Switches MS510TX and MS510TXPP The Multicast Forward All page displays. From the VLAN ID menu, select the VLAN ID for the VLAN in which the multicast group is located. If a name is associated with the VLAN, the name displays in the VLAN Name field.
Smart Managed Pro Switches MS510TX and MS510TXPP From the Switching > Address Table > Advanced menu, you can access pages that are described in the following sections: • View and Search the MAC Address Table on page 152 • Change the Aging-Out Period of Dynamic MAC Addresses on page 153 •...
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the information in the MAC Address Table. Table 43. MAC Address Table information Field Description VLAN ID The VLAN that is associated with the MAC address. MAC Address The MAC address. The format is six 2-digit hexadecimal numbers that are separated by colons, for example, 01:00:5e:45:67:89.
Smart Managed Pro Switches MS510TX and MS510TXPP Add a Static MAC Address To add a static MAC address: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 155
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. Select Switching > Address Table > Address Table > Advanced > Static MAC Address. The Static MAC Address page displays. In the Static MAC Address table, select the check box for the MAC address.
Smart Managed Pro Switches MS510TX and MS510TXPP IP Routing Overview The switch supports IP routing. When a packet enters the switch, the destination MAC address is checked to see if it matches any of the configured routing interfaces. If it does, the switch searches the host table for a matching destination IP address.
Smart Managed Pro Switches MS510TX and MS510TXPP You must enable the routing mode before the switch can route through any of its interfaces. If you enable the routing mode, routing becomes also possible for VLAN interfaces. The default value is Enable.
Page 159
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 45. IP Statistics information Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error.
Page 160
Smart Managed Pro Switches MS510TX and MS510TXPP Table 45. IP Statistics information (continued) Field Description IpReasmOKs The number of IP datagrams successfully reassembled. IpReasmFails The number of failures detected by the IP reassembly algorithm (for whatever reason: timed out, errors, and so on). This is not necessarily a count of discarded IP fragments since some algorithms can lose track of the number of fragments by combining them as they are received.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 45. IP Statistics information (continued) Field Description IcmpOutDestUnreachs The number of ICMP destination unreachable messages sent. IcmpOutTimeExcds The number of ICMP time exceeded messages sent. IcmpOutParmProbs The number of ICMP parameter problem messages sent.
Smart Managed Pro Switches MS510TX and MS510TXPP Use the VLAN Static Routing Wizard The VLAN Routing Wizard lets you create a VLAN routing interface, configure the IP address and subnet mask for the interface, and add ports or LAGs to the VLAN. With this wizard, you can do the following: •...
Smart Managed Pro Switches MS510TX and MS510TXPP • U (Untagged). Select the ports on which all frames transmitted for this VLAN are untagged. The ports that are selected are included in the VLAN. By default, the selection is blank, which means that the port is excluded from the VLAN but can be dynamically registered (autodetected) in the VLAN through GVRP.
Smart Managed Pro Switches MS510TX and MS510TXPP The VLAN routing interface is added for the selected VLAN. The MAC Address field displays the MAC address that is associated with the VLAN routing interface. Manage IPv4 Routes The routing table collects routes from multiple sources: static routes and local routes. The routing table can learn multiple routes to the same destination from multiple sources.
Page 165
Smart Managed Pro Switches MS510TX and MS510TXPP Depending on the type of route that you are creating, specify the following information: a. In the Network Address field, specify the IP address for the destination. b. In the Subnet Mask field, specify the subnet mask for the attached network.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Address Resolution Protocol The Address Resolution Protocol (ARP) associates a Layer 2 MAC address with a Layer 3 IPv4 address. The switch supports both dynamic and manual ARP configurations. With manual ARP configuration, you can statically add entries into the ARP table.
Smart Managed Pro Switches MS510TX and MS510TXPP Display the ARP Cache You can display ARP entries in the ARP cache based on the remote connections most recently detected switch. To display ARP entries in the ARP cache: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Add an Entry to the ARP Table You can add an entry to the Address Resolution Protocol (ARP) table. To add an entry to the ARP table: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 48. Routing VLANs ARP Cache information (continued) Field Description MAC Address The unicast MAC address of the attached device. The address is six two-digit hexadecimal numbers separated by colons, for example, 00:06:29:32:81:40.
Smart Managed Pro Switches MS510TX and MS510TXPP Remove an ARP Entry From the ARP Cache You can remove all or specific entries from the ARP table. To remove entries from the ARP table: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure IPv6 IPv6 is supported only on VLAN interfaces, not on physical ports. From the Routing > IPv6 > Advanced menu, you can access pages that are described in the following sections: •...
Smart Managed Pro Switches MS510TX and MS510TXPP The value is also included in router advertisements. The valid values for hops are 1 to 255, inclusive. The default is 64. In the ICMPv6 Rate Limit Error Interval field, specify the number of ICMP error packets allowed per burst interval.
Smart Managed Pro Switches MS510TX and MS510TXPP In the IPv6 Prefix field, specify the IPv6 network prefix for the destination. In the Prefix Length field, specify the IPv6 prefix length for the destination. In the Next Hop IPv6 Address Type menu, select one of the following types of IPv6 address for the next hop router: •...
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 12. The login window opens. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP View the IPv6 Route Table The IPv6 Route Table contains IPv6 routes that were statically added, IPv6 routes that were discovered through the Neighbor Discovery (ND) protocol, and IPv6 routes that were derived from manually added IPV6 addresses.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable data that is displayed. Table 49. IPv6 Route Table information Field Description Number of Routes The total number of active routes in the route table. IPv6 Prefix The network prefix for the active route.
Page 177
Smart Managed Pro Switches MS510TX and MS510TXPP The page is very wide and is therefore shown in the following two figures. To view more columns, move the gray bar below the table to the right. Select one or more VLANs by taking one of the following actions: •...
Smart Managed Pro Switches MS510TX and MS510TXPP In the Adv NS Interval field, specify the retransmission time of router advertisements that are sent from the VLAN. A value of 0 means the interval is not specified for the router. The range of the neighbor solicit interval is 1000 to 4294967295.
Page 179
Smart Managed Pro Switches MS510TX and MS510TXPP To add an IPv6 global address to an IPv6 VLAN: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP The Current State field is a nonconfigurable field that shows the state of the IPv6 address. The state can be one of the following: • Tent. Routing is disabled or the address does not work because of a duplicate address detection (DAD) condition.
Smart Managed Pro Switches MS510TX and MS510TXPP Remove an IPv6 Global Address From an IPv6 VLAN IPv6 link-local addresses are created automatically when you enable the IPv6 admin mode on an VLAN interface, and they cannot be removed or edited. However, you can manually remove one or more IPv6 global addresses from a VLAN.
Page 182
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Routing> IPv6 > Advanced > Prefix Configuration. From the Interface menu, select the VLAN.
Smart Managed Pro Switches MS510TX and MS510TXPP Change the Settings for an IPv6 Prefix for Advertisement on an IPv6 VLAN You can change the settings for a prefix for advertisement on an IPv6 VLAN. To change the settings for an IPv6 prefix for advertisement on an IPv6 VLAN: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 12. The login window opens. Enter the switch’s password in the Password field. The default password is password.
Page 185
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable IPv6 statistics that are displayed. Table 51. IPv6 Statistics information Field Description Total Datagrams Received The total number of input datagrams received by the interface, including those received in error.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 51. IPv6 Statistics information (continued) Field Description Datagrams Failed To Reassemble The number of failures detected by the IPv6 reassembly algorithm (for whatever reason: timed out, errors, and so on). This is not necessarily a...
Page 187
Smart Managed Pro Switches MS510TX and MS510TXPP If the address exists, the entry is displayed. To clear the IPv6 neighbors for all interfaces, click the Clear button. To refresh the page with the latest information about the switch, click the Refresh button.
Configure Quality of Service In a switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria. When a packet is queued for transmission in a port, the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port.
Smart Managed Pro Switches MS510TX and MS510TXPP Manage Class of Service The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required. The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Global CoS Settings To configure CoS trust mode settings on all interfaces: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 191
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 12. The login window opens. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure the Global CoS Queue Settings Use the Queue Configuration page to define what a particular queue does by configuring switch egress queues. You can control the amount of bandwidth that is used by the queue and the scheduling of packet transmission from the set of all queues on a port.
Smart Managed Pro Switches MS510TX and MS510TXPP In the Minimum Bandwidth field, specify the minimum guaranteed bandwidth allotted to the queue. Enter a value in the range of 1 to 100 that reflects the relative bandwidth of this queue. The bandwidth allocation per queue is the configured weight divided by the sum of all the configured weights.
Smart Managed Pro Switches MS510TX and MS510TXPP Select QoS > CoS > Advanced > 802.1p to Queue Mapping. In the 802.1p to Queue Mapping table, map each of the eight 802.1p priorities to a queue (internal traffic class). The 802.1p Priority row contains traffic class selectors for each of the eight 802.1p priorities to be mapped.
Smart Managed Pro Switches MS510TX and MS510TXPP Launch a web browser. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 12.
Smart Managed Pro Switches MS510TX and MS510TXPP acceptable and in many cases unnoticeable. Conversely, any degradation of service can negatively affect applications with strict timing requirements, such as voice or multimedia. From the QoS > Diffserv > Advanced menu, you can access pages that are described in the following sections: •...
Smart Managed Pro Switches MS510TX and MS510TXPP View the Global DiffServ Resources By default, the DiffServ administrative mode is enabled. (You cannot manually disable it.) You can view the used DiffServ resources. To view the global DiffServ resources: Connect your computer to the same network as the switch.
Page 198
Smart Managed Pro Switches MS510TX and MS510TXPP another service provider that provides the same three levels of service, but uses DSCP values 16, 24, and 48, the DSCP violate action mapping changes the incoming values as they are mapped to the outgoing values.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure IPv4 DiffServ Classes You can add a DiffServ class and define the criteria that are associated with a DiffServ class. As packets are received, these DiffServ classes are used to prioritize packets. You can set up multiple match criteria in a class.
Page 200
Smart Managed Pro Switches MS510TX and MS510TXPP The class name is a hyperlink to the page on which you can define the class configuration. The class name and class type are stated in the Class Configuration section at the top of the page.
Page 201
Smart Managed Pro Switches MS510TX and MS510TXPP • VLAN. Select this check box to require a packet’s VLAN ID to match a VLAN ID or a VLAN ID within a continuous range. If you configure a range, a match occurs if a packet’s VLAN ID is the same as any VLAN ID within the range.
Page 202
Smart Managed Pro Switches MS510TX and MS510TXPP • Destination IP. Select this check box to require a packet’s destination IP address to match the specified IP address. After you select the check box, use the following fields to configure the destination IP address match criteria: Address.
Smart Managed Pro Switches MS510TX and MS510TXPP Click the class name, which is a hyperlink. The page on which you can change the class configuration displays. Change the class configuration as needed. Click the Apply button. Your settings are saved.
Page 204
Smart Managed Pro Switches MS510TX and MS510TXPP IPv6 ACL/DiffServ assignment is appropriate for LAG interfaces. The procedures described by an ACL or DiffServ policy are equally applicable on a LAG interface. Add and Configure an IPv6 DiffServ Class To add and configure an IPv6 DiffServ class: Connect your computer to the same network as the switch.
Page 205
Smart Managed Pro Switches MS510TX and MS510TXPP The class name is a hyperlink to the page on which you can define the class configuration. The class name and class type are stated in the IPv6 Class Configuration section at the top of the page.
Page 206
Smart Managed Pro Switches MS510TX and MS510TXPP • Source L4 Port. Select this check box to require a packet’s TCP/UDP source port to match the specified protocol, which you must select from the menu. If you select Other from the menu, you can enter a source port number.
Smart Managed Pro Switches MS510TX and MS510TXPP Your settings are saved. Delete an IPv6 DiffServ Class To delete an IPv6 DiffServ class: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 208
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. Select QoS > DiffServ > Advanced > Policy Configuration. The Policy Configuration page displays. Enter a policy name in the Policy Name field.
Page 209
Smart Managed Pro Switches MS510TX and MS510TXPP The policy name, policy type, and member class name are stated in the Class Information section at the top of the page. These fields are nonconfigurable on this page. From the Assign Queue menu, select the queue to which packets of this policy class must be assigned.
Page 210
Smart Managed Pro Switches MS510TX and MS510TXPP • Mark CoS. Packets are marked by DiffServ with the specified CoS value before being forwarded. This selection requires that the Mark CoS field is set. You must select a CoS value from 0 to 7 from the menu.
Page 211
Smart Managed Pro Switches MS510TX and MS510TXPP Assign Another Class to an Existing DiffServ Policy To assign another class to an existing DiffServ policy: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP Select the check box for the policy name. Click the Delete button. The policy is removed. Configure DiffServ Service Interfaces You can assign a policy to one or more interfaces. Attach a DiffServ Policy to an Interface ...
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 53. Service Interface Configuration information Field Description Direction Shows that the traffic direction of this service interface is In. Operational Status Shows the operational status of this service interface, which is always Up.
Page 214
Smart Managed Pro Switches MS510TX and MS510TXPP In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 12.
Manage Device Security This chapter covers the following topics: • Management Security Settings • Configure Management Access • Configure Port Authentication • Set Up Traffic Control • Configure Access Control Lists...
Smart Managed Pro Switches MS510TX and MS510TXPP Management Security Settings From the Management Security menu, you can access the pages that are described in the following sections: • Change the Password on page 216 • Reset the Password to the Factory Default Value on page 217 •...
Smart Managed Pro Switches MS510TX and MS510TXPP Click the Apply button. Your settings are saved. Reset the Password to the Factory Default Value You can reset the login password that is required for access to the switch to the factory default value.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure RADIUS Servers Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information. The switch passes information to the configured RADIUS server, which can authenticate a user name and password before authorizing use of the network.
Page 219
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Security > Management Security > RADIUS > Global Configuration. The RADIUS Configuration page displays.
Page 220
Smart Managed Pro Switches MS510TX and MS510TXPP Configure a RADIUS Authentication Server on the Switch Use the RADIUS Server Configuration page to view and configure various settings for a RADIUS server configured on the switch. Add a Primary or Secondary RADIUS Authentication Server to the Switch ...
Page 221
Smart Managed Pro Switches MS510TX and MS510TXPP Modify the Settings for a RADIUS Authentication Server on the Switch To modify the settings for a RADIUS authentication server on the switch: Connect your computer to the same network as the switch.
Page 222
Smart Managed Pro Switches MS510TX and MS510TXPP Select the check box for the server. Click the Delete button. The RADIUS server is removed. Click the Apply button. Your settings are saved. Configure a RADIUS Accounting Server You can configure various settings for a single RADIUS accounting server on the network.
Page 223
Smart Managed Pro Switches MS510TX and MS510TXPP Click the Add button. The server is added to the switch. Modify the Settings for a RADIUS Accounting Server on the Switch To modify the settings for a RADIUS accounting server on the switch: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The Accounting Server Configuration page displays. Click the Delete button. All fields are set to their defaults. Configure TACACS+ Servers TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services: •...
Page 225
Smart Managed Pro Switches MS510TX and MS510TXPP Select Security > Management Security > TACACS+ > TACACS+ Configuration. The ACACS+ Configuration page displays. In the Key String field, specify the authentication and encryption key for TACACS+ communications between the switch and the TACACS+ server.
Page 226
Smart Managed Pro Switches MS510TX and MS510TXPP In the Port field, specify the authentication port value for TACAS+ server sessions. It must be within the range 0–65535. If you do not specify a value, the switch uses the standard TCP port 49 for sessions with the server.
Smart Managed Pro Switches MS510TX and MS510TXPP Remove a TACACS+ Server From the Switch To a remove a TACACS+ server from the switch: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 228
Smart Managed Pro Switches MS510TX and MS510TXPP Configure an HTTP Authentication List Use the HTTP Authentication List page to configure the default HTTP login list. To change the HTTP authentication method for the default list: Connect your computer to the same network as the switch.
Page 229
Smart Managed Pro Switches MS510TX and MS510TXPP This is the method that is used if the first method times out. If you select a method that does not time out as the second method, the third method is not tried.
Smart Managed Pro Switches MS510TX and MS510TXPP option as the first method, no other method is tried, even if you specified more than one method. • RADIUS. The user’s ID and password are authenticated using the RADIUS server. If you select Radius or Tacacs as the first method and an error occurs during the authentication, the switch uses method 2 to authenticate the user.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure HTTP Settings Use the HTTP Configuration page to configure the HTTP settings on the system. To configure the HTTP server settings: Connect your computer to the same network as the switch.
Page 232
Smart Managed Pro Switches MS510TX and MS510TXPP To configure HTTPS settings: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP Manage the Certificate Use the Certificate Management page to manage the certificate. The switch can contain a single certificate (or set of certificates.) Generate a Certificate To generate a certificate: Connect your computer to the same network as the switch.
Page 234
Smart Managed Pro Switches MS510TX and MS510TXPP The default password is password. The System Information page displays. Select Security > Access > HTTPS > Certificate Management. The Certificate Management page displays. Select the Import Certificates radio button. Additional fields display.
Smart Managed Pro Switches MS510TX and MS510TXPP The certificate request is generated. You can send this request to your certificate authority for signing. The Certificate Generation Status field shows progress information. Delete the Certificate The switch can contain only one certificate (or set of certificates). You can delete this certificate.
Page 236
Smart Managed Pro Switches MS510TX and MS510TXPP Create an Access Profile Use the Access Profile Configuration page to set up a security access profile. To configure an access profile: Connect your computer to the same network as the switch.
Page 237
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Security > Access > Access Control > Access Rule Configuration.
Page 238
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Security > Access > Access Control > Access Rule Configuration.
Page 239
Smart Managed Pro Switches MS510TX and MS510TXPP Activate or Deactivate an Access Control Profile and View the Profile Summary After you set up an access profile and add access rules to the profile, you must activate the profile to be able to use it. (You do not need to activate the profile, but if you do not, you cannot use it.)
Page 240
Smart Managed Pro Switches MS510TX and MS510TXPP Table 56. Access profile configuration profile summary (continued) Field Description Mask The subnet mask of the IP address. Priority The priority of the rule. Remove an Access Control Profile If you do not want to use an access control profile, you can deactivate it. However, if you no longer need a profile, you can remove it entirely.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Port Authentication With port-based authentication, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions (unless dynamic VLAN assignment is enabled on port, in which case user authentication occurs individually).
Page 242
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. Select Security > Port Authentication > Basic > 802.1X Configuration. The 802.1X Configuration page displays. To enable the 802.1X administrative mode on the switch, select the Port Based Authentication State Enable radio button.
Smart Managed Pro Switches MS510TX and MS510TXPP Manage Port Authentication Use the Port Authentication page to enable and configure port access control on one or more ports. Configure 802.1X Settings for a Port To configure 802.1X settings for a port: Connect your computer to the same network as the switch.
Page 244
Smart Managed Pro Switches MS510TX and MS510TXPP • Dynamic VLAN Assignment. From the menu, select Enable to enable dynamic VLAN assignment on the port. By default, dynamic VLAN assignment is disabled on all ports. This feature is also known as RADIUS Assigned VLAN Attribute (RAVA). If this feature is enabled, RADIUS servers can assign a VLAN ID to a port based on 802.1 authentication.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable port authentication status information available on the page. Table 57. Port authentication status information Field Description Control Direction The control direction for the specified port, which is always Both. The control direction dictates the degree to which protocol exchanges take place between supplicant and authenticator.The unauthorized controlled port exerts control over...
Page 246
Smart Managed Pro Switches MS510TX and MS510TXPP In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 12.
Smart Managed Pro Switches MS510TX and MS510TXPP View the Client Summary This page displays information about supplicant devices that are connected to the local authenticator ports. If no active 802.1X sessions exist, the table is empty. To view the client summary: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Set Up Traffic Control You can configure storm control, port security, protected port, and private VLAN settings. From the Security > Management Security > Traffic Control menu, you can access the pages that are described in the following sections: •...
Smart Managed Pro Switches MS510TX and MS510TXPP • To configure multiple ports with the same settings, select the check box associated with each port. • To configure all ports with the same settings, select the check box in the heading row.
Page 250
Smart Managed Pro Switches MS510TX and MS510TXPP Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Security > Traffic Control > Port Security > Interface Configuration. The Interface Configuration page displays.
Page 251
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 12. The login window opens. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Protected Ports If a port is configured as protected, it does not forward traffic to any other protected port on the switch, but it does forward traffic to unprotected ports. Use the Protected Ports Membership page to configure the ports as protected or unprotected.
Page 253
Smart Managed Pro Switches MS510TX and MS510TXPP • Configure a Private VLAN Host Interface on page 256 • Configure a Private VLAN Promiscuous Interface on page 257 Configure the Private VLAN Type To configure a private VLAN type: Connect your computer to the same network as the switch.
Page 254
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Private VLAN Association Settings To configure private VLAN association: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 255
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 60. Private Vlan Association Configuration information Field Description Isolated VLAN The isolated VLAN that is associated with the selected primary VLAN.
Page 256
Smart Managed Pro Switches MS510TX and MS510TXPP Click the Apply button. Your settings are saved. Configure a Private VLAN Host Interface To configure a private VLAN host interface: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 257
Smart Managed Pro Switches MS510TX and MS510TXPP Click the Apply button. Your settings are saved. The Operational VLAN(s) field displays the operational VLANs. Configure a Private VLAN Promiscuous Interface To configure a private VLAN promiscuous interface: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP This field can accept single a VLAN ID, a range of VLAN IDs, or a combination of both in sequence separated by a comma. You can specify an individual VLAN ID, such as 10.
Smart Managed Pro Switches MS510TX and MS510TXPP • Configure IP ACL Interface Bindings on page 286 • View or Delete IP ACL Bindings in the IP ACL Binding Table on page 288 Use the ACL Wizard to Create a Simple ACL The ACL Wizard helps you create a simple ACL and apply it to the selected ports easily and quickly.
Page 260
Smart Managed Pro Switches MS510TX and MS510TXPP From the ACL Type menu, select the type of ACL. You can select from the following ACL types: • ACL Based on Destination MAC. Creates an ACL based on the destination MAC address, destination MAC mask, and VLAN.
Page 261
Smart Managed Pro Switches MS510TX and MS510TXPP In the Rule ID field, enter a whole number in the range of 1 to 50 that is used to identify the rule. From the Action menu, select Permit or Deny to specify the action that must be taken if a packet matches the rule’s criteria.
Page 262
Smart Managed Pro Switches MS510TX and MS510TXPP ACL Based On Fields Destination IPv6 L4 Port • Destination L4 port (protocol). Specify the destination IPv6 L4 port protocol. • Destination L4 port (value). Specify the destination IPv6 L4 port value. Source IPv6 L4 Port •...
Page 263
Smart Managed Pro Switches MS510TX and MS510TXPP Delete an ACL Rule To delete an ACL rule: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP For information about the ACL Wizard, see Use the ACL Wizard to Create a Simple ACL page 259. Configure a Basic MAC ACL A MAC ACL consists of a set of rules that are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit or Deny) is taken, and the additional rules are not checked for a match.
Page 265
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Security > ACL > Basic > MAC ACL. The MAC ACL Table page displays.
Smart Managed Pro Switches MS510TX and MS510TXPP Delete a MAC ACL To delete a MAC ACL: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 267
Smart Managed Pro Switches MS510TX and MS510TXPP The System Information page displays. Select Security > ACL > Basic > MAC Rules. The previous figure does not show all columns. From the ACL Name menu, select the MAC ACL. For information about adding MAC ACLs, see Configure a Basic MAC ACL on page 264.
Page 268
Smart Managed Pro Switches MS510TX and MS510TXPP • • MPLS multicast • MPLS unicast • Netbios • Novell • PPPoE • Reverse ARP • User Value If you select User Value from the EtherType Key menu, specify a customized EtherType value in the EtherType User Value field.
Page 269
Smart Managed Pro Switches MS510TX and MS510TXPP Change the Match Criteria for a MAC Rule To change the match criteria for a MAC rule: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP Select the check box for the rule. Click the Delete button. The rule is removed. Configure MAC Bindings When an ACL is bound to an interface, all the rules that are defined are applied to the selected interface.
Smart Managed Pro Switches MS510TX and MS510TXPP The fixed selection from the Direction menu is Inbound, which means that MAC ACL rules are applied to traffic entering the interface. In the Sequence Number field, optionally specify a number to indicate the order of the access list relative to other access lists already assigned to the interface and direction.
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Security > ACL > Basic > MAC Binding Table. The MAC Binding Table page displays.
Page 273
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 12. The login window opens. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP The IP ACL Configuration page displays. Select the check box for the IP ACL. Click the Delete button. The IP ACL is removed. Configure Rules for a Basic IP ACL Use the IP Rules page to define rules for IP-based standard ACLs (basic ACLs). The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded.
Page 275
Smart Managed Pro Switches MS510TX and MS510TXPP Specify the following match criteria for the rule: • Rule ID. Enter an ACL sequence number in the range of 1 to 50 that is used to identify the rule. An IP ACL can contain up to 50 rules.
Page 276
Smart Managed Pro Switches MS510TX and MS510TXPP Modify the Match Criteria for a Basic IP ACL Rule To modify the match criteria for a basic IP ACL rule: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP Select Security > ACL > Advanced > IP Rules. The IP Rules page displays. From the ACL ID menu, select the ACL that includes the rule that you want to modify. In the Basic ACL Rule Table, select the check box for the rule.
Page 278
Smart Managed Pro Switches MS510TX and MS510TXPP If one or more rules exist for the ACL, the rules display in the Extended ACL Rule Table. From the ACL ID/Name menu, select the IP ACL for which you want to add a rule.
Page 279
Smart Managed Pro Switches MS510TX and MS510TXPP report interval is used for the switch. A trap is not issued if the ACL rule hit count is zero for the current interval. • Match Every. From the Match Every menu, select whether all packets must match the selected IP ACL rule: False.
Page 280
Smart Managed Pro Switches MS510TX and MS510TXPP • Destination L4 port. The options are available only when the protocol is set to TCP or UDP. Use the destination L4 port option to specify relevant matching conditions for L4 port numbers in the extended ACL rule.
Smart Managed Pro Switches MS510TX and MS510TXPP Delete an Extended IP ACL Rule To delete an extended IP ACL rule: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Page 282
Smart Managed Pro Switches MS510TX and MS510TXPP Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Security > ACL > Advanced > IPv6 ACL. The IPv6 ACL Table page displays.
Smart Managed Pro Switches MS510TX and MS510TXPP The IPv6 ACL is removed. Configure IPv6 Rules Use these pages to display the rules for the IPv6 access control lists, which are created using the IPv6 Access Control List Configuration page. By default, no specific value is in effect for any of the IPv6 ACL rules.
Page 284
Smart Managed Pro Switches MS510TX and MS510TXPP Configure the following match criteria for the rule: • Action. Select the ACL forwarding action by selecting one of the following radio buttons: Permit. Forward packets that meet the ACL criteria. Deny. Drop packets that meet the ACL criteria.
Page 285
Smart Managed Pro Switches MS510TX and MS510TXPP The source port protocols are domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, and www. Each of these values translates into its equivalent port number. Select Other from the menu to enter a port number from 0 to 65535.
Smart Managed Pro Switches MS510TX and MS510TXPP In the IPv6 ACL Rules Table, click the rule. The rule is a hyperlink. The IPv6 ACL Rule Configuration page displays. Modify the IPv6 ACL rule criteria. Click the Apply button. Your settings are saved.
Page 287
Smart Managed Pro Switches MS510TX and MS510TXPP To bind an IP ACL to one or more interfaces: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP To add the selected ACL to a port or LAG, in the Ports table or LAG table, click the port or LAG so that a check mark displays. You can add the ACL to several ports and LAGs.
Page 289
Smart Managed Pro Switches MS510TX and MS510TXPP To delete an IP ACL-to-interface binding, do the following: a. Select the check box for the interface. b. Click the Delete button. The binding is removed. The following table describes the information displayed in the IP Binding Status table.
Monitor the System This chapter covers the following topics: • Monitor the Switch and the Ports • Configure and View Logs • Configure Port Mirroring • View the System Resource Utilization...
Smart Managed Pro Switches MS510TX and MS510TXPP Monitor the Switch and the Ports The pages available from the Monitoring > Ports menu contain a variety of information about the number and type of traffic transmitted from and received on the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the switch statistics displayed on the page. Table 66. Switch statistics information Field Description ifIndex The interface index of the interface table entry associated with the processor of this switch.
Page 293
Smart Managed Pro Switches MS510TX and MS510TXPP Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Monitoring > Ports > Port Statistics. Select which type of interfaces display onscreen: •...
Page 294
Smart Managed Pro Switches MS510TX and MS510TXPP Table 67. Port Status information (continued) Field Description Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors. Collision Frames The best estimate of the total number of collisions on this Ethernet segment.
Smart Managed Pro Switches MS510TX and MS510TXPP View Detailed Port Statistics The Port Detailed Statistics page displays a variety of per-port traffic statistics. To view detailed port statistics for an interface: Connect your computer to the same network as the switch.
Page 296
Smart Managed Pro Switches MS510TX and MS510TXPP Table 68. Detailed port statistics (continued) Field Description STP Mode The Spanning Tree Protocol administrative mode associated with the port or port channel. The possible values are as follows: • Enabled. Spanning Tree Protocol is enabled for this port.
Page 297
Smart Managed Pro Switches MS510TX and MS510TXPP Table 68. Detailed port statistics (continued) Field Description Packets received > 1024 The total number of packets received that were in excess of 1024 octets Octets (excluding framing bits but including FCS octets) and were otherwise well formed.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 68. Detailed port statistics (continued) Field Description Unicast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent.
Page 299
Smart Managed Pro Switches MS510TX and MS510TXPP Launch a web browser. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 12.
Smart Managed Pro Switches MS510TX and MS510TXPP Table 69. EAP Statistics information (continued) Field Description EAP Response Frames This displays the number of valid EAP response frames (other than resp/ID Received frames) that were received by this authenticator. EAP Request/ID Frames...
Smart Managed Pro Switches MS510TX and MS510TXPP The following table describes the nonconfigurable information displayed on the page. Table 70. Cable Test information Field Description Cable Status Displays the cable status: • Normal. The cable is working correctly. • Open Cable. The cable is disconnected or a faulty connector exists. A cable is connected to the port, but it is not connected to the other side (no link).
Smart Managed Pro Switches MS510TX and MS510TXPP Manage the Buffered Logs The buffered log stores messages in RAM memory based on the settings for message component and severity. You can set the administrative status and behavior of logs in the system buffer.
Smart Managed Pro Switches MS510TX and MS510TXPP The syslog message includes the following fields: • Date • Time • Module (AAA in the previous examples). • Severity (I in the previous examples). • Action (DISSCONNECT and CONNECT in the previous examples).
Page 304
Smart Managed Pro Switches MS510TX and MS510TXPP Critical, Alert, and Emergency. The default severity level is Alert. The severity can be one of the following levels: • Emergency. The highest warning level. If the device is down, or not functioning properly, an emergency log message is saved to the device.
Smart Managed Pro Switches MS510TX and MS510TXPP Manage the Server Log You can allow the switch to send log messages to remote logging hosts configured on the switch. Add a Remote Syslog Host A remote syslog host is the same as a remote log server.
Page 306
Smart Managed Pro Switches MS510TX and MS510TXPP Error. A device error occurred, such as a port being offline. Warning. The lowest level of a device warning. Notice. Provides the network administrators with device information. Informational. Provides device information. Debug. Provides detailed information about the log.
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 12. The login window opens. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP Configure Port Mirroring Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch. As such, many switch ports are configured as source ports and one switch port is configured as a destination port.
Smart Managed Pro Switches MS510TX and MS510TXPP From the Direction menu, specify the direction of the traffic that must be mirrored from the selected source ports: • Rx only. The switch monitors received (ingress) packets only. • Tx only. The switch monitors transmitted (egress) packets only.
Page 310
Smart Managed Pro Switches MS510TX and MS510TXPP The System Resource Utilization page displays. The page also shows the Used Resources section. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the nonconfigurable information displayed on the page.
Maintain the Switch and Perform Troubleshooting This chapter covers the following topics: • Reboot the Switch • Reset the Switch to Its Factory Default Settings • Export a File From the Switch • Download a File to the Switch • Manage Files •...
Smart Managed Pro Switches MS510TX and MS510TXPP Reboot the Switch Use the Device Reboot page to reboot the switch. To reboot the switch: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP Launch a web browser. In the address field of your web browser, enter the IP address of the switch. If you do not know the IP address of the switch, see Access the Switch on page 12.
Page 314
Smart Managed Pro Switches MS510TX and MS510TXPP If you do not know the IP address of the switch, see Access the Switch on page 12. The login window opens. Enter the switch’s password in the Password field. The default password is password.
Smart Managed Pro Switches MS510TX and MS510TXPP HTTP File Export Use the HTTP File Export page to export files of various types from the switch to the management system through an HTTP session by using your web browser. To export a file from the switch to another system by using HTTP: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Export a File From the Switch to a USB Device Use the USB File Export page to export configuration text files from the switch to a USB device. To export a file from the switch to a USB device: Connect your computer to the same network as the switch.
Smart Managed Pro Switches MS510TX and MS510TXPP Download a File to the Switch The switch supports system file downloads from a remote system to the switch by using either TFTP, HTTP or USB. The Maintenance > Download menu contains links to the features described in the following sections.
Page 318
Smart Managed Pro Switches MS510TX and MS510TXPP from the nonactive image. This is a safety feature for faults occurring during the boot upgrade process. The default setting is Software. With this selection, the switch downloads the new software image and overwrites the nonactive image.
Smart Managed Pro Switches MS510TX and MS510TXPP Download a File to the Switch Using HTTP Use the HTTP File Download page to download files of various types to the switch through an HTTP session by using your web browser. ...
Smart Managed Pro Switches MS510TX and MS510TXPP Note: After a file transfer is started, wait until the page refreshes. When the page refreshes, the option to select a file option is no longer available, indicating that the file transfer is complete.
Smart Managed Pro Switches MS510TX and MS510TXPP You can enter up to 32 characters. Include the slash or backslash at the end of the path. A path name with a space is not accepted. Leave this field blank to copy the file from the root USB directory.
Smart Managed Pro Switches MS510TX and MS510TXPP The login window opens. Enter the switch’s password in the Password field. The default password is password. The System Information page displays. Select Maintenance > File Management > Dual Image Configuration. The Dual Image Configuration page displays.
Smart Managed Pro Switches MS510TX and MS510TXPP Select Maintenance > File Management > Dual Image > Dual Image Status. The Dual Image Status page displays. The page also shows the Dual Image Description section. To refresh the page with the latest information about the switch, click the Refresh button.
Page 324
Smart Managed Pro Switches MS510TX and MS510TXPP To configure the ping settings and ping an IPv4 address on the network: Connect your computer to the same network as the switch. You can use a WiFi or wired connection to connect your computer to the network, or connect directly to a switch that is off-network using an Ethernet cable.
Smart Managed Pro Switches MS510TX and MS510TXPP Ping an IPv6 Address This page is used to send a ping request to a specified host name or IPv6 address. You can use this to check whether the switch can communicate with a particular IPv6 station. When you click the Apply button, the switch sends a specified number of ping requests and the results are displayed below the configurable data.
Smart Managed Pro Switches MS510TX and MS510TXPP Send an IPv4 Traceroute Use this page to tell the switch to send a traceroute request to a specified IP address or host name. You can use this to discover the paths that packets take to a remote destination. Once you click the Apply button, the switch sends a traceroute and the results are displayed below the configurable data.
Smart Managed Pro Switches MS510TX and MS510TXPP In the Size field, enter the size of the probe packets. The range is 64 to 1472. The default value is 64. Click the Apply button. A traceroute request is sent to the specified IPv4 address or host name. The results are displayed below the configurable data in the Results field.
Smart Managed Pro Switches MS510TX and MS510TXPP In the InitTTL field, enter the initial TTL to be used. The range is 1 to 255. The default value is 1. In the MaxFail field, enter the maximum number of failures allowed in the session.
Smart Managed Pro Switches MS510TX and MS510TXPP Select Maintenance > Troubleshooting > Tech Support Info. The Tech Support Info page displays. Click the Generate Request button. Technical support information is exported from the switch and displayed in the text window on the page. You can then select, copy, and paste the information into a text file on your computer.
Smart Managed Pro Switches MS510TX and MS510TXPP Virtual Local Area Networks (VLANs) A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router.
Smart Managed Pro Switches MS510TX and MS510TXPP • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged. Inversely, a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port.
Smart Managed Pro Switches MS510TX and MS510TXPP untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a tagged packet with VLAN ID 20. Access Control Lists (ACLs) ACLs ensure that only authorized users can access specific resources while blocking off any unwarranted attempts to reach network resources.
Smart Managed Pro Switches MS510TX and MS510TXPP • CoS. 0 • Destination MAC. 01:02:1A:BC:DE:EF • Destination MAC Mask. 00:00:00:00:FF:FF • Source MAC. 02:02:1A:BC:DE:EF • Source MAC Mask. 00:00:00:00:FF:FF • VLAN ID. 2 For more information about MAC ACL rules, see Configure MAC ACL Rules on page 266.
Smart Managed Pro Switches MS510TX and MS510TXPP • Rule ID. 2 • Action. Permit • Match Every. True Click the Add button. On the IP Binding Configuration page, assign ACL ID 1 to ports 2, 3, and 4, and assign a sequence number of 1.
Smart Managed Pro Switches MS510TX and MS510TXPP You must configure three key QoS building blocks for DiffServ: • Class • Policy • Service (the assignment of a policy to a directional interface) Class You can classify incoming packets at Layers 2, 3, and 4 by inspecting the following information for a packet: •...
Smart Managed Pro Switches MS510TX and MS510TXPP Creating Policies Use DiffServ policies to associate a collection of classes that you configure with one or more QoS policy statements. The result of this association is referred to as a policy. From a DiffServ perspective, two types of policies exist: •...
Smart Managed Pro Switches MS510TX and MS510TXPP user, but are designed into the system based on the DiffServ policy being created. For more information, see Monitor the Switch and the Ports on page 291. • Assigning QoS Queue. Directs a traffic stream to the specified QoS queue. This allows a traffic classifier to specify which one of the supported hardware queues are used for handling packets belonging to the class.
Smart Managed Pro Switches MS510TX and MS510TXPP • Committed Burst Size. 128 KB • Confirm Action. Send • Violate Action. Drop For more information about this page, see Configure a DiffServ Policy on page 207. On the Service Configuration page, select the check box next to interfaces 7 and 8 to attach the policy to these interfaces, and then click the Apply button.
Page 340
Smart Managed Pro Switches MS510TX and MS510TXPP Note: You can use QoS features to provide rate limiting on the guest VLAN to limit the network resources that the guest VLAN provides. Another 802.1X feature is the ability to configure a port to enable or disable EAPoL packet forwarding support.
Smart Managed Pro Switches MS510TX and MS510TXPP Supplicant Authenticator switch Radius authentication server (192.100.10.23) Supplicant Figure 1. 802.1X authentication roles 802.1X Example Configuration This example shows how to configure the switch so that 802.1X-based authentication is required on the ports in a corporate conference room (mg7–mg8). These ports are available to visitors and must be authenticated before access is granted to the network.
Smart Managed Pro Switches MS510TX and MS510TXPP This example uses the default values for the port authentication settings, but you can configure several additional settings. For example, the EAPOL Flood Mode field allows you to enable the forwarding of EAPoL frames when 802.1X is disabled on the device.
Page 343
Smart Managed Pro Switches MS510TX and MS510TXPP MSTP connects all bridges and LANs with a single Common and Internal Spanning Tree (CIST). The CIST supports the automatic determination of each MST region, choosing its maximum possible extent. The connectivity calculated for the CIST provides the CST for interconnecting these regions, and an Internal Spanning Tree (IST) within each region.
Smart Managed Pro Switches MS510TX and MS510TXPP The portion of the active topology of the network that connects any two bridges in the same MST region traverses only MST bridges and LANs in that region, and never bridges of any kind outside the region.
Page 345
Smart Managed Pro Switches MS510TX and MS510TXPP On the CST Configuration page, set the bridge priority value for each of the three switches to force Switch 1 to be the root bridge: • Switch 1. 4096 • Switch 2. 12288 •...
Smart Managed Pro Switches MS510TX and MS510TXPP VLAN Routing Interface Configuration Example VLANs divide broadcast domains in a LAN environment. When hosts in one VLAN must communicate with hosts in another VLAN, the traffic must be routed between them. This is known as inter-VLAN routing.
Smart Managed Pro Switches MS510TX and MS510TXPP Switch Default Settings Table 75. Switch default settings Feature Sets Supported Default Setting Auto negotiation/static All ports Auto-negotiation speed/duplex Auto MDI/MDIX Enabled 802.3x flow control/back pressure 1 (per system) Disabled Port mirroring 1 destination port and 8 source ports...
Page 350
Smart Managed Pro Switches MS510TX and MS510TXPP Table 75. Switch default settings (continued) Feature Sets Supported Default Setting Port MAC lock down All ports Disabled Boot code update Boot code is automatically updated together with firmware upgrade. DHCP/static IP DHCP enabled/192.168.0.239 Default gateway 192.168.0.254...
Page 351
Smart Managed Pro Switches MS510TX and MS510TXPP Table 75. Switch default settings (continued) Feature Sets Supported Default Setting Number of DHCP snooping 1024 bindings Number of DHCP static entries 1024 MLD snooping v1/v2 All VLANs Disabled MLD Snooping Querier All VLANs...