Page 1 XS728T ProSAFE 28-Por t 10-Gigabit L2+ Sma r t Swi tch Sof tware A dm inistration Ma nua l July 2015 202-11492-01 350 East Plumeria Drive San Jose, CA 95134...
Page 2 Compliance For regulatory compliance information, visit http://www.netgear.com/about/regulatory. See the regulatory compliance document before connecting the power supply. Trademarks © NETGEAR, Inc. NETGEAR and the NETGEAR Logo are trademarks of NETGEAR, Inc. Any non-NETGEAR trademarks are used for reference purposes only.
Page 3: Table Of Contents
Contents Chapter 1 Getting Started Switch Management Interface ......... 4 Connect the Switch to the Network.
Page 4 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Chapter 6 Security Management Security Settings........114 Access .
Page 5: Chapter 1 Getting Started
Getting Started This manual describes how to configure and operate the XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch by using the web-based graphical user interface (GUI). This manual describes the software configuration procedures and explains the options available within those procedures.
Page 6: Switch Management Interface
You can configure all switch features, such as VLANs, QoS, and ACLs, by using the web-based management interface. NETGEAR provides the Smart Control Center utility with this product. This program runs under Windows XP, Windows 2003, Windows 2008 or Windows 7 (32 bit and 64 bit) and provides a front end that discovers the switches on your network segment (L2 broadcast domain).
Page 7: Discover A Switch In A Network With A Dhcp Server
Install the Smart Control Center on your computer. Start the Smart Control Center. Click Discover for the Smart Control Center to find your NETGEAR switch. The utility broadcasts Layer 2 discovery packets within the broadcast domain to discover the switch.
Page 8: Configure The Network Settings On The Administrative System
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The screen expands to display more fields at the bottom of the screen. Select the Disabled radio button to disable DHCP. Enter the static switch IP address, gateway IP address, and subnet mask for the switch and type your password.
Page 9  Use a straight-through Ethernet cable to connect the Ethernet port on the administrative system directly to any port on the NETGEAR switch. Open a web browser on your computer and connect to the management interface. For more information, see Access the Management Interface from the Web on page 8.
Page 10: Access The Management Interface From The Web
Open a web browser and enter the IP address of the switch in the address field. You must be able to ping the IP address of the NETGEAR switch management interface from your administrative system for web access to be available. If you used the Smart Control Center to set up the IP address and subnet mask, either with or without a DHCP server, use that IP address in the address field of your web browser.
Page 11 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Navigation tab Configuration menus Logout button Open Configuration status and options Screen menu Navigation Tabs, Configuration Menus, and Screen Menu The navigation tabs along the top of the web interface give you quick access to the various switch functions.
Page 12: Device View
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Table 1. Command Buttons Button Function Adds a new entry in a table. Apply Sends the updated configuration, entered by user, to the switch. Cancel Resets the data on the screen to the latest value of the switch.
Page 13 LED off indicates that all of the fans are operating normally. Port Access The following image shows the device view of the NETGEAR switch. Click the port you want to view or configure to see a menu that displays statistics and configuration options.
Page 14: Interface Naming Convention
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch User-Defined Fields User-defined fields can contain 1 to 159 characters, unless otherwise noted on the configuration web screen. All characters can be used except for the following (unless specifically noted in for that feature): <...
Page 15 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Table 2. Naming Convention for Switch Interfaces Interface Description Example Physical The physical ports are numbered sequentially starting from xg1 ... xg28 Link aggregation group (LAG) LAG interfaces are logical interfaces that are used only for LAG1 ...
Page 16 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Getting Started...
Page 17: Chapter 2 System
System Use the features in the System tab to define the switch’s relationship to its environment. The System tab contains links to screens described in the following sections: • Management • Device View • SNMP • LLDP • Services—DHCP Snooping...
Page 18: Management
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Management This section describes how to display the switch status and specify some basic switch information, such as the management interface IP address, CPU status, USB device information, system clock settings, DNS information and Green Ethernet. From the Management menu, you can access screens described in the following sections: •...
Page 19: System Cpu Status
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Field Description System Up Time Displays the number of days, hours, minutes and seconds since the last system restart. Base MAC Address Universally assigned network address. IC Temp (C) Integrated circuit temperature in Celsius values.
Page 20 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To view the USB directories and files:  Select System > Management > USB Device Information. The following fields are displayed: • Total Size. Size of the USB memory. • Bytes Used. Number of bytes used.
Page 21: Ipv6 Network Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • IP Address. The IP address of the network interface. The factory default value is 192.168.0.239. Each part of the IP address must start with a number other than 0. For example, IP addresses 001.100.192.6 and 192.001.10.3 are not valid.
Page 22 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch When in-band connectivity is established, IPv6 information can be changed using any of the following: • SNMP-based management • Web-based management The IPv6 network interface uses the same VLAN as the IPv4 network interface.
Page 23 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Neighbor State. Specifies the state of the neighbor cache entry. The following are the states for dynamic entries in the IPv6 neighbor discovery cache: • Reach. No more than ReachableTime milliseconds have elapsed since confirmation was received that the forward path to the neighbor was functioning properly.
Page 24 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The device can poll unicast server types for the server time. Polling for unicast information is used for polling a server for which the IP address is known. SNTP servers that have been configured on the device are the only ones that are polled for synchronization information.
Page 25: Sntp Server Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Configuration changes take effect immediately. The SNTP Global Status table on the SNTP Global Configuration screen displays information about the system’s SNTP client. The following table describes the SNTP Global Status fields. Field...
Page 26 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To change the settings for an existing SNTP server:  Select the check box next to the configured server. Enter new values in the available fields. Click Apply. Configuration changes take effect immediately.
Page 27: Dns Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Note: For both US and EU recurring time ranges, add the settings of offset and zone (just like for recurring time ranges). • Non Recurring. Summer time settings are in effect only between the start date and end date of the specified year.
Page 28: Host Configuration
For example, if the default domain name is netgear.com and the host name to resolve is test, test.netgear.com is used in DNS resolution queries.
Page 29: Green Ethernet Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Auto Power Down Mode. Auto Power Down mode is always enabled. When the port link is down, the physical layer (PHY) automatically shuts down for a short period and wakes up to check link pulses. This mode reduces power consumption on the port when no link partner is present.
Page 30 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Port. Selects the interface for which data is displayed or configured. • EEE Mode. Determines whether Energy Efficient Ethernet (EEE) mode is enabled for the port. Click Apply to apply the change to the system.
Page 31: Device View
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Remote Tw_sys_rx (uSec). Displays the amount of time the Remote Tw_sys_rx has been present on the port. • Remote Tw_sys_rx Echo (uSec). Displays the amount of time the Remote Tw_sys_rx Echo has been present on the port.
Page 32: Community Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Trap Flags • SNMP Supported MIBs • SNMP v3 User Configuration SNMP v1/v2 The screens you access from the SNMPv1/v2 link allow you to configure SNMP community information, traps, and trap flags.
Page 33: Trap Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch all valid Community Names or the set request is rejected. If you select Disable, the Community Name becomes invalid. Click Add. Configuration changes take effect immediately. Trap Configuration This screen displays an entry for every active Trap Receiver.
Page 34: Lldp
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The factory default is Enable. Click Apply. Configuration changes take effect immediately. SNMP Supported MIBs The screen allows you to view a list of the supported MIBs. To display the Supported MIBS screen: ...
Page 35: Lldp Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch From the LLDP menu, you can access the features described in the following sections: • LLDP Configuration • LLDP Port Settings • LLDP-MED Network Policy • LLDP-MED Port Settings • Local Information •...
Page 36: Lldp Port Settings
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Reinitializing Delay. Specify the delay before a reinitialization. The default is 2 seconds, and the range is 1–10 seconds. • Transmit Delay. Specify the interval for the transmission of notifications. The default is 5 seconds, and the range is 2–3600 seconds.
Page 37 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch LLDP-MED Network Policy This screen displays information about the LLPD-MED network policy TLV transmitted in the LLDP frames on the selected local interface. To view LLPD-MED information:  Select System > LLDP > Advanced > LLDP-MED Network Policy.
Page 38: Local Information
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Click Apply to apply the new settings to the system. Configuration changes take effect immediately. Local Information Use the LLDP Local Information screen to view the data that each port advertises through LLDP.
Page 39: Neighbors Information
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Field Description Interface SubType Displays the port subtype. Interface Number Displays the number that identifies the port. MAC/PHY Details Auto-Negotiation Supported Specifies whether the interface supports port-speed autonegotiation. Possible values are True and False.
Page 40 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The following table describes the information that displays for all LLDP neighbors that have been discovered: Field Description MSAP Entry Displays the Media Service Access Point (MSAP) entry number for the remote device.
Page 41 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Field Description Address SubType Specifies the type of the management address. Address Specifies the advertised management address of the remote system. Interface SubType Specifies the port subtype. Interface Number Identifies the port on the remote device that sent the information.
Page 42: Services-Dhcp Snooping
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Field Description Asset ID The asset ID advertised by the remote device. Location Information Civic The physical location, such as the street address, the remote device has advertised in the location TLV, for example, 123 45th St. E. The field value length range is 6–160 characters.
Page 43: Dhcp Snooping Global Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • DHCP Snooping Binding Configuration • DHCP Snooping Persistent Configuration DHCP Snooping Global Configuration To configure DHCP snooping global settings:  Select System> Services > DHCP Snooping > Global Configuration. Next to DHCP Snooping Mode, select Enable or Disable to turn the DHCP snooping feature on or off.
Page 44: Dhcp Snooping Binding Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch DHCP Snooping Binding Configuration To configure DHCP binding settings:  Select System> Services > DHCP Snooping > Binding Configuration. In the Static Binding Configuration section, in the Interface list, select the interface for which to add a binding to the DHCP snooping database.
Page 45: Chapter 3 Switching
Switching Use the features you access from the Switching tab to define Layer 2 features. The Switching tab contains links to features described in the following sections: • Ports • • VLAN • Voice VLAN • Auto-VoIP Configuration • Spanning Tree Protocol •...
Page 46: Ports
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Ports The screens you access from the Ports menu allow you to view and monitor the physical port information for the ports available on the switch. From the Ports menu, you can access the features described in the following sections: •...
Page 47: Lag
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Description. Enter the description string to be attached to a port. The string can be up to 64 characters in length. • Port Type. This field is blank for most ports. Otherwise, the possible values are: •...
Page 48: Lag Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch LAG Configuration Use the LAG Configuration screen to group one or more full-duplex Ethernet links to aggregate together to form a link aggregation group, which is also known as a port channel. The switch treats the LAG as if it were a single link.
Page 49: Lacp Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Click Current members to display the list of ports currently members of that LAG. These ports are also designated on the display of ports by a check mark. Click the box, representing each required port to include the port in the LAG.
Page 50: Vlan
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Short. Specifies a short time-out value. Click Apply to send the updated configuration to the switch. Configuration changes take effect immediately. VLAN Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing.
Page 51: Vlan Membership
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To add a VLAN, configure the VLAN ID and name and click Add. You have the following options: • VLAN ID. Specify the VLAN identifier for the new VLAN. You can enter data in this field only when you are creating a VLAN.
Page 52: Vlan Status
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The possible values are: • Tag All. All frames transmitted for this VLAN are tagged. All the ports are included in the VLAN. • Untag All. All frames transmitted from this VLAN are untagged. All the ports are included in the VLAN.
Page 53 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch You can select multiple interfaces to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. • To configure PVID settings for a physical port, click PORTS.
Page 54 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch When untagged or priority-tagged packets arrive on a certain port, the source MAC address of the packet is looked up. If a matching MAC-based VLAN Group ID to VLAN ID mapping entry is found, the packet is classified to the corresponding VLAN ID. If the packet is already priority tagged, it will maintain this value, otherwise the priority will be set to zero.
Page 55: Protocol Based Vlan Group Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Port Block. Add selected ports to this MAC Based VLAN Group and select VLAN ID, by clicking on the ports. LAG Block. Add selected LAGs to this MAC Based VLAN Group and selected VLAN ID, by clicking on the ports.
Page 56: Protocol Based Vlan Group Membership
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch In addition, you can manually enter a protocol ID, either in Hex or decimal format. Display of protocol ID is always in Hex format. Click Add. The group is created. Note: The per port association of Protocol Based VLAN Group to VLAN ID is...
Page 57: Garp Switch Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Note: If the associated VLAN is not configured on port, a classified packet will be dropped. If you make any changes to this page, click Apply to send the updated configuration to the switch. Configuration changes take place immediately.
Page 58: Voice Vlan
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Use Leave Timer to specify the time to wait after receiving an unregister request for a VLAN before deleting the associated entry, in centiseconds. This allows time for another station to assert registration for the same attribute in order to maintain uninterrupted service. Enter a number between 20 and 600 (0.2 to 6.0 seconds).
Page 59: Port Setting
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Select Switching> Voice VLAN > Basic > Properties. Next to Voice VLAN Status, enable or disable (default) voice VLAN on the switch. If the switch does not handle traffic from IP phones, the status should be disabled.
Page 60: Auto-Voip Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • 00:04:0D. AVAYA1 • 00:12:43. CISCO2 • 00:1B:4F. AVAYA2 • 00:60:B9. NITSUKO • 00:D0:1E. PINTEL • 00:E0:75. VERILINK • 00:E0:BB. 3COM You can select an existing OUI or add a new OUI and description to identify the IP phones on the network.
Page 61: Spanning Tree Protocol
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To configure the Auto-VoIP parameters, use the Auto-VoIP configuration screen. The Interface column specifies all the configurable Auto-VoIP interfaces. The Traffic Class displays the traffic class on which the received VoIP frames are marked.
Page 62: Stp Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • STP Configuration • CST Configuration • CST Port Configuration • CST Port Status • Rapid STP • MST Configuration • MST Port Configuration • STP Statistics STP Configuration The STP Switch Configuration screen contains fields for enabling STP on the switch.
Page 63: Cst Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The following table describes the STP Status information displayed on the screen. Field Description Bridge Identifier The bridge identifier for the CST. It is made up using the bridge priority and the base MAC address of the bridge.
Page 64: Cst Port Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Bridge Hello Time (Sec). Specifies the switch hello time for the Common and Internal Spanning Tree (CST), which indicates the amount of time in seconds a root bridge waits between configuration messages. The value is fixed at 2 seconds.
Page 65: Cst Port Status
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • BPDU Forwarding. Specifies whether spanning tree BPDUs should be forwarded while spanning-tree is disabled on the switch. Select Enable or Disable. • Port State. The forwarding state of this port. This field is read-only.
Page 66: Rapid Stp
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Field Description Point-to-point MAC Derived value of the point-to-point status. CST Regional Root Displays the bridge priority and base MAC address of the CST regional root. CST Path Cost Displays the path cost to the CST tree regional root.
Page 67: Mst Port Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Configuration changes take place immediately. To modify an MST instance:  Select the check box next to the instance to configure and update the values. You can select multiple check boxes to apply the same setting to all selected MTS instances.
Page 68 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Select the MST instance to be configured from the Select MST field. To view CST settings for an interface, click PORTS, LAGS, or All. Select the check box next to the port or LAG to configure.
Page 69: Multicast
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Field Description Designated Cost Displays cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops. Designated Bridge Bridge identifier of the bridge with the designated port. It is made up using the bridge priority and the base MAC address of the bridge.
Page 70 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch MFDB The switch uses the Layer 2 Multicast Forwarding Database (MFDB) to make forwarding decisions for packets that arrive with a multicast destination MAC address. By limiting multicast transmissions only to certain ports in the switch, traffic is prevented from going to unnecessary parts of the network.
Page 71: Igmp Snooping
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Forwarding Interfaces: The resulting forwarding list is derived from combining all the forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces. MFDB Statistics To access the MFDB Statistics screen, click Switching> Multicast > MFDB > MFDB Statistics.
Page 72 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch few nodes. Packets are flooded into network segments where no node has any interest in receiving the packet. While nodes rarely incur any processing overhead to filter packets addressed to unrequested group addresses, they are unable to transmit new packets onto the shared media for the period that the multicast packet is flooded.
Page 73 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch IGMP Snooping Table To view all of the entries in the Multicast Forwarding Database that were created for  IGMP snooping: • Select Switching> Multicast > IGMP Snooping > IGMP Snooping Table. The following table describes the fields in the IGMP Snooping Table..
Page 74: Igmp Snooping Querier
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch group in that interface. The valid range is 5–20 seconds. The default value is 10. This value must be less than the Host Timeout value. • MRouter Timeout. The amount of time that a switch waits to receive a query on the VLAN before removing it from the list of VLANs with multicast routers attached.
Page 75 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch This address is used when no address is configured on the VLAN on which the query is being sent. In the IGMP Version field, specify the IGMP protocol version used in periodic IGMP queries.
Page 76: Mld Snooping
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Querier VLAN Status To view the operational state and other information for IGMP snooping queriers for  VLANs on the network: Select Switching> Multicast > IGMP Snooping Querier > Querier VLAN Status. The following table describes the information available on the Querier VLAN Status screen.
Page 77 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Configuration In IPv4, Layer 2 switches can use IGMP snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast address. In IPv6, MLD snooping performs a similar function.
Page 78 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Click Apply to send the updated configuration to the switch. Configuration changes take place immediately. Multicast Router VLAN Configuration The statically configured router attached (VLAN, interface) is added to the learned multicast router attached interface list if the interface is active and is a member of the VLAN. As is not...
Page 79 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch VLAN IDs enabled for MLD Snooping Querier are displayed. Click Apply to apply the new settings to the switch. Configuration changes take effect immediately. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 80 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Click Apply to apply the new settings to the switch. Configuration changes take effect immediately Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch.
Page 81 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • To configure the multicast group for a physical port, click PORTS. • To configure the multicast group for a link aggregation group (LAG), click LAGS. • To configure the multicast group for both physical ports and LAGs, click All.
Page 82: Address Table
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Select the interface in the Go To Interface field and click Go. The entry corresponding to the specified interface will be selected. Select the Interface Status of the interfaces. The possible values are: •...
Page 83: Dynamic Address
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The following table describes the information available for each entry in the address table.. Field Description VLAN ID Specifies the VLAN ID on which the MAC address has forwarding or filtering information. MAC Address A unicast MAC address for which the switch has forwarding or filtering information.
Page 84 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To modify the settings for a static MAC address, select the check box next to the entry, update the desired values, and click Apply. Click Update to reload the page and display the latest MAC address learned on a specific VLAN.
Page 85: Chapter 4 Routing
Routing The switch supports IP routing. Use the menus under the Routing tab to manage routing on the system. This chapter contains the following sections: • • VLAN • Routing Table • • IPv6...
Page 86 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch When a packet enters the switch, the destination MAC address is checked to see if it matches any of the configured routing interfaces. If it does, the switch searches the host table for a matching destination IP address. If an entry is found, the packet is routed to the host. If there is not a matching entry, the switch performs a longest prefix match on the destination IP address.
Page 87 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch IP Statistics The statistics reported on the IP Statistics page are as specified in RFC 1213. To display the page:  Click Routing > IP > Statistics. Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error.
Page 88 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Field Description IpOutNoRoutes The number of IP datagrams discarded because no route could be found to transmit them to their destination. Note that this counter includes any packets counted in ipForwDatagrams which meet this `no-route' criterion.
Page 89: Vlan
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Field Description IcmpInTimestampReps The number of ICMP Timestamp Reply messages received. IcmpInAddrMasks The number of ICMP Address Mask Request messages received. IcmpInAddrMaskReps The number of ICMP Address Mask Reply messages received. IcmpOutMsgs The total number of ICMP messages which this entity attempted to send.
Page 90: Vlan Routing Wizard
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • VLAN Routing Wizard • VLAN Routing VLAN Routing Wizard The VLAN Routing Wizard allows you to create a VLAN routing interface, configure the IP address and subnet mask for the interface, and add selected ports or LAGs to the VLAN.
Page 91: Vlan Routing
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch VLAN Routing Use the VLAN Routing Configuration screen to view information about the VLAN routing interfaces configured on the system or to assign an IP address and subnet mask to VLANs on the system.
Page 92: Arp
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database. By specifying the preference of a static route, the user controls whether a static route is more or less preferred. The preference is an integer value from 1 to 255.
Page 93: Arp Cache
ARP cache. Newer information always replaces existing content in the ARP cache. The NETGEAR switches support 1024 ARP entries. These entries include dynamic and static ARP entries. Devices can be moved in a network, which means the IP address that was at one time...
Page 94: Global Arp Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Click Update to update the page with the most current data. ARP Entry Configuration To add a static entry to the ARP table:  Select Routing > ARP > Advanced > ARP Create.
Page 95: Ipv6
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch In the Remove From Table field, select the ARP entries to remove. The following are ARP entries then can be removed: • All Dynamic Entries. Remove the dynamic entries from the ARP table.
Page 96: Route Table
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch ICMP Rate Limiting, set this field to 0.The valid Rate Interval must be in the range 0 to 2147483647 micro seconds. In the ICMPv6 Rate Limit Burst Size field, specify the number of ICMP error packets allowed per burst interval.
Page 97 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch VLAN Configuration To configure IPv6 settings on VLAN interfaces:  Click Routing> IPv6 > Advanced > VLAN Configuration. Select the check box next to the VLAN Interface for which data is to be displayed or configured.
Page 98: Ipv6 Addresses
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The following table describes the non-configurable data that is displayed. Field Description Operational Mode Specifies IPv6 operational state of an interface. The possible values are Enable or Disable. Link State Indicates the operational state of the specified VLAN interface. Possible values: Link up or Link down.
Page 99 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch In the IPv6 Prefix field, specify the IPv6 prefix for an interface. The IPv6 Prefix can include only Prefix and not Host ID information. For example 3000:3000:: In the Prefix Length field, specify the IPv6 prefix length for an interface.
Page 100: Neighbor Table
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Field Description Received Datagrams With Unknown The number of locally-addressed datagrams received successfully but Protocol discarded because of an unknown or unsupported protocol. This counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the datagrams.
Page 101 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To search by IPv6 address, select IPv6 Address from the Search list. Enter the 128-byte hexadecimal IPv6 address in four-digit groups separated by colons, for example 2001:231F:::1. Then click Go. If the address exists, that entry will be displayed. An exact match is required.
Page 102 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Routing...
Page 103: Chapter 5 Quality Of Service
Quality of Service Use the features you access from the QoS tab to configure Quality of Service (QoS) settings on the switch. In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
Page 104: Cos
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This provides the desired QoS behavior for various types of network traffic when the complexities of Differentiated Services (DiffServ) are not required. The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table.
Page 105: Cos Interface Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • 802.1p. The eight priority tags that are specified in IEEE 802.1p are p0 to p7. The QoS setting lets you map each of the eight priority levels to one of four internal hardware priority queues.This is the default setting.
Page 106: P To Queue Mapping
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch You can configure eight queues as strict priority or weighted round robin (WRR) priority, or combination of both. If a specific queue is configured as WRR, all the queues with a lower number are also WRR queues. The configuration is global and not per port.
Page 107: Dscp To Queue Mapping
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch DSCP to Queue Mapping Use the DSCP to Queue Mapping screen to specify which internal traffic class to map to the corresponding DSCP value. Do this for each of the following groups, as required: •...
Page 108: Diffserv Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Packet processing begins by checking the class match criteria for a packet. A policy is applied to a packet when a class match within that policy is found. From the DiffServ menu under the QoS tab, you can access the following: •...
Page 109: Class Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To configure the DSCP violate action mapping:  Select QoS > DiffServ > Basic > DSCP Violate Action Mapping. For each DSCP In value, select a DSCP Out value (if necessary). Do this for each of the following groups, as required: •...
Page 110: Ipv6 Class Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch When you click a class name, the configuration part of the Class Configuration screen is displayed. In this part of the screen, you define against which values traffic is checked when this class is applied.
Page 111 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The destination and source IPv6 addresses use a prefix length value instead of an individual mask to qualify it as a subnet address or a host address. The flow label is a 20-bit number that is unique to an IPv6 packet, used by end stations to signify some form of Quality of Service (QoS) handling in routers.
Page 112: Policy Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch a prefix is FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF. The valid range for a prefix length is 0–128. • Destination L4 Port. Select a known destination Layer 4 ports. If you select Other, enter a protocol number in the field that appears.
Page 113: Service Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Color Mode. Color aware mode requires the existence of one or more color classes that are valid for use with this policy instance; otherwise, the color mode is color blind, which is the default.
Page 114: Service Statistics
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Select the check box next to the port or LAG to configure. You can select multiple ports and LAGs to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces.
Page 115: Chapter 6 Security
Security Use the features available from the Security tab to configure management security settings for port, user, and server security. The Security tab contains menus that provide links to screens described in the following sections: • Management Security Settings • Access •...
Page 116: Management Security Settings
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Management Security Settings From the Management Security menu, you can configure the login password, Remote Authorization Dial-In User Service (RADIUS) settings, Terminal Access Controller Access Control System (TACACS+) settings, and authentication lists. To display the screen, click the Security > Management Security tab. The Management Security tab provides links to features described in the following sections: •...
Page 117 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch RADIUS RADIUS servers provide authentication, authorization, and accounting services for networks. The RADIUS server maintains a user database, which contains per-user authentication information. The switch passes information to the configured RADIUS server, which can authenticate a user name and password before authorizing use of the network.
Page 118: Server Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Server Configuration Use the RADIUS Server Configuration screen to view and configure various settings for the current RADIUS server configured on the system. To configure a RADIUS server for authentication and authorization: ...
Page 119 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch You must select Yes before you can configure the RADIUS secret. After you add the RADIUS accounting server, this field indicates whether the shared secret for this server has been configured. In the Secret field, type the shared secret to use with the specified RADIUS accounting server.
Page 120: Authentication List
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch TACACS+ Server Configuration Use the TACACS+ Server Configuration screen to configure up to eight TACACS+ servers with which the switch can communicate. To configure TACACS+ server settings:  Select Security > Management Security > TACACS+ > TACACS+ Server Configuration link.
Page 121 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • HTTPS Authentication List HTTP Authentication List Use the HTTP Authentication List screen to configure the default HTTP login list. To change the HTTP authentication method for the default list:  Select Security > Management Security > Authentication List > HTTP Authentication List.
Page 122 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch HTTPS Authentication List Use the HTTPS Authentication List to configure the default HTTPS login list. To change the HTTPS authentication method for the default list:  Select Security > Management Security > Authentication List > HTTPS Authentication List.
Page 123: Access
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Access From the Access tab, you can configure HTTP and Secure HTTP access to the switch management interface. You can also configure access control profiles and access rules. The Access tab contains links features described in the following sections: •...
Page 124: Certificate Management
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The default value is Disable. You can download SSL certificates only when the HTTPS Admin mode is disabled. In the HTTPS Port field, specify the TCP port to use for HTTPS data. The value must be in the range of 1–65535. Port 443 is the default value. The currently configured value is shown when the web screen is displayed.
Page 125: Access Control
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Access Control Access control is composed of access profiles and access rules. Access Profile Configuration To set up a security access profile:  Select Security > Access > Access Control > Access Profile Configuration.
Page 126: Port Authentication
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Click Apply to update the switch with the new settings. Port Authentication In port-based authentication mode, when 802.1x is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions (unless Dynamic VLAN Assignment is enabled on port, in which case is the user is authenticated individually).
Page 127 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Enter the Guest VLAN Period. Next to the EAPOL Flood Mode field, select whether to enable or disable radio button forwarding of EAPOL frames when 802.1x is disabled on the device. Click Apply to update the switch with the new settings.
Page 128 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Periodic Reauthentication. Enable or disable reauthentication of the supplicant for the specified port. The default value is Disable. Changing the selection does not change the configuration until you click Apply. • Reauthentication Period. Enter the time span in which the selected port is reauthenticated.
Page 129: Port Summary
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • ForceAuthorized • ForceUnauthorized • Backend State. Displays the current state of the backend authentication state machine. Possible values are as follows: • Request • Response • Success • Fail • Timeout •...
Page 130: Client Summary
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The following table describes the fields on the Port Summary screen. Field Description Port The port whose settings are displayed in the current table row. Control Mode Defines the port authorization state. The control mode is set only if the link status of the port is link up.
Page 131: Traffic Control
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Field Description Session Time This field displays the time since the supplicant has logged in seconds. VLAN ID This field displays VLAN ID assigned by the authenticator to the supplicant device. Traffic Control From the Traffic Control menu, you can configure MAC filters, storm control, port security, and protected port settings.
Page 132: Port Security
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Broadcast. If the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. From the Status drop-down menu (for each packet type), select Enable or Disable to specify the administrative status of the mode.
Page 133: Protected Ports
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Security MAC Address Use the Security MAC Address screen to convert a dynamically learned MAC address to a statically locked address. To convert learned MAC addresses to static addresses:  Select Security > Traffic Control > Port Security > Security MAC Address.
Page 134 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The Private VLAN link contains links to the following pages: • Private VLAN Type Configuration • Private VLAN Association Configuration • Private VLAN Port Mode Configuration • Private VLAN Host Interface Configuration •...
Page 135 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch If you make changes to the page, click Apply to apply the changes to the system. Configuration changes take effect immediately. The following fields are displayed: Field Description Isolated VLAN Displays the isolated VLAN associated with the selected primary VLAN.
Page 136: Acl
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The following fields are displayed:. Field Description Interface Select the physical or LAG interface for which you want to display or configure data. Operational VLAN(s) Displays the operational VLAN(s). Private VLAN Promiscuous Interface Configuration Use this page to apply Private VLAN Promiscuous interface settings on selected device interfaces.
Page 137: Acl Wizard
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch traffic are forwarded or blocked, and above all provide security for the network. The switch software supports IPv4, IPv6 and MAC ACLs. To configure an ACL, first create an IPv4-based, IPv6-based or MAC-based ACL ID. Then, create a rule and assign it to a unique ACL ID.
Page 138 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • ACL Based on Destination IPv6. Creates an ACL based on the destination IPv6 prefix and IPv6 prefix length. • ACL Based on Source IPv6. Creates an ACL based on the source IPv6 prefix and IPv6 prefix length.
Page 139 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The following table describes the fields on this page: . ACL Based on Fields Destination MAC • Destination MAC. Specify the destination MAC address to compare against an ethernet frame. The valid format is (xx:xx:xx:xx:xx:xx). The BPDU keyword might be specified using a destination MAC address of 01:80:C2:xx:xx:xx.
Page 140: Mac Acl
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To apply the ACL to additional interfaces, selected the required ACL and add ports by clicking the box under the interface number. Click Apply to update the switch with the new settings. Configuration changes take effect immediately.
Page 141 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch In the ID field, enter an ID for the rule. The valid range is 1-50. Configure the following settings: • Action. Specify what action must be taken if a packet matches the rule's criteria.
Page 142: Mac Binding Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch MAC Binding Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the MAC Binding Configuration screen to assign MAC ACL lists to ACL priorities and interfaces.
Page 143 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The following table describes the information displayed in the MAC Binding Table screen. Field Description Interface The interface to which the MAC ACL is bound. Direction The packet filtering direction for the ACL. The only valid direction is Inbound, which means the MAC ACL rules are applied to traffic entering the port.
Page 144 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To change the name of an IP ACL, select the check box next to the IP ACL ID field, update the name, then click Apply. IP Rules Use the IP Rules screen to define rules for IP-based standard ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded.
Page 145: Ip Extended Rules
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch mask. For example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, enter 0.0.0.255 in the Source IP Mask field. This field is required when you configure a source IP address.
Page 146 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Source IP Address. Requires a packet’s source IP address to match the address listed here. Enter an IP address using dotted-decimal notation. The address you enter is compared to a packet's source IP address.
Page 147: Ipv6 Acl
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To modify an existing IP Extended ACL rule, click in the Rule ID field. The number is a hyperlink to the Extended ACL Rule Configuration screen. If you modify the rule, click Apply to submit the changes to the switch.
Page 148: Ip Binding Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch packets match the rule, the option of configuring other match criteria is not offered. To configure specific match criteria for the rule, remove the rule and recreate it, or for Match Every select Disable for the other match criteria to be visible.
Page 149: Ip Binding Table
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To configure IP ACL interface bindings:  Select Security > ACL > Advanced > IP Binding Configuration. Select an existing IP ACL from the ACL ID menu. The packet filtering Direction for ACL is Inbound, which means the IP ACL rules are applied to traffic entering the port.
Page 150 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Security...
Page 151: Chapter 7 Monitoring
Monitoring Use the features available from the Monitoring tab to view various information about the switch and its ports and to configure how the switch monitors events. The Monitoring tab contains menus that provide access to the following features: • Ports •...
Page 152: Ports
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Ports The screens available from the Ports menu contain various information about the number and type of traffic transmitted from and received on the switch. From the Ports menu, you can access the following sections: •...
Page 153: Port Statistics
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Address Entries in Use. The number of Learned and static entries in the Forwarding Database Address Table for this switch. • Maximum VLAN Entries. The maximum number of virtual LANs (VLANs) allowed on this switch.
Page 154 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To display a summary of per-port traffic statistics and clear or refresh the counters:  Select Monitoring > Ports > Port Detailed Statistics. Select the Interface for which data is to be displayed.
Page 155 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Enable. The port is allowed to participate in a port channel (LAG), which is the default mode. • Disable. The port cannot participate in a port channel (LAG). • Physical Mode. The port speed and duplex mode. In autonegotiation mode, the duplex mode and speed are set from the autonegotiation process.
Page 156 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Total Packets Received with MAC Errors. The total number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. • Jabbers Received. The total number of packets received that were longer than 1518...
Page 157: Eap Statistics
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Tx Oversized. The total number of frames that exceeded the maximum permitted frame size. This counter has a maximum increment rate of 815 counts per second at 10 Mb/s. • Total Transmit Packets Discarded. The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded.
Page 158: Cable Test
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Last Frame Source. The source MAC Address attached to the most recently received EAPOL frame. • Invalid Frames Received. The number of unrecognized EAPOL frames received on this port. • Length Error Frames Received. The number of EAPOL frames with an invalid packet body length received on this port.
Page 159: Logs
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Untested. The test has not been performed. • Cable Length. The estimated length of the cable in meters. The length is displayed as a range between the shortest estimated length and the longest estimated length.
Page 160: Flash Logs
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The Total Number of Messages field is displayed. This contains the number of messages the system has logged in memory. Only the 128 most recent entries are displayed. The rest of the screen displays the buffered logs messages. Messages logged to a...
Page 161: Server Log
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch 214483270 10 Oct 2012 13:52:00%AAA-I-CONNECT: New http connection for user admin, source 10.5.70.19 destination 10.5.234.201 ACCEPTED The syslog message includes the following fields: • Log index (214483269 in the example above) • Log Time (13 Feb 2015 14:17:43 in the example above) •...
Page 162: Trap Logs
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To modify the settings for an existing host, select the check box next to the host, change the desired information, and click Apply. Trap Logs Use the Trap Logs screen to view information about the SNMP traps generated on the switch.
Page 163: System Resources Utilization
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Enable. Multiple-port mirroring is active on the selected port (that is, on all the configured source ports). • Disable. Port mirroring is not active on the selected port, but the mirroring information is retained.
Page 164 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Monitoring...
Page 165: Chapter 8 Maintenance
Maintenance Use the features available from the Maintenance tab to help you manage the switch. The Maintenance tab contains menus that provide access to the following features: • Reset • Upload • Download • File Management • Troubleshooting...
Page 166: Reset
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Reset The Reset menu contains links that provide access to the features described in the following sections: • Device Reboot • Factory Default Device Reboot Use the Device Reboot screen to reboot the switch.
Page 167: Tftp File Upload
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Upload File Types The following types of files can be uploaded from the switch: • Archive The archive is the system software image, which is saved in one of two flash sectors called images (image1 and image2). The active image stores the active copy and the other image stores a second copy.
Page 168: Http File Upload
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch In the Transfer File Path field, specify the path on the TFTP server where you want to put the file. You can enter up to 32 characters. Include the slash or backslash at the end of the path.
Page 169: Download
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch You can enter up to 32 characters. Include the slash or backslash at the end of the path. A path name with a space is not accepted. Leave this field blank to save the file to the root USB directory.
Page 170 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • The file to download from the TFTP server is on the server in the appropriate directory. • The file is in the correct format. • The switch has a path to the TFTP server.
Page 171: Http File Download
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch until the file transfer completes or fails. Upon completion or failure of file transfer a message is displayed. To activate a software image that you downloaded to the switch, see File Management page 170.
Page 172: File Management
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To display the USB File Download page  click Maintenance > Download > USB File Download. Use File Type to specify what type of file you want to download: • Archive. Software image file.
Page 173: Dual Image Status
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch software version is discovered by the system running an older version of the software, the system displays an appropriate warning to the user. Use the Dual Image Configuration screen to set the boot image, or configure an image description.
Page 174: Ping Ipv4
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Ping IPv6 • Traceroute IPv4 • Traceroute IPv6 • Tech Support Info Ping IPv4 Use the Ping IPv4 screen to instruct the switch to send a ping request to a specified IPv4 address.
Page 175: Traceroute Ipv4
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To configure the settings and ping a host on the network:  Select Maintenance > Troubleshooting > Ping IPv6. In the Ping field, select either Global or Link Local to select either the global IPv6 Address or host name or link local address to ping.
Page 176: Traceroute Ipv6
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • MaxFail. Specify the maximum number of failures allowed in the session. The default value is 5. The range is 0 to 255. The MaxFail you enter is not retained across a power cycle.
Page 177 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Size. Specify the size of probe packets. The default value is 0. The range is 64 to 1472. The Size you enter is not retained across a power cycle. The results of the trace after the switch sends a traceroute request to the specified IPv6 address or hostname is displayed in the Results field.
Page 178 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Maintenance...
Page 179: Chapter 9 Help
Help Use the features available from the Help tab to connect to online resources for assistance, and to register your device.
Page 180: Online Help
Select Help > Online Help > Support. Click Apply to connect to the NETGEAR support site for the switch. User Guide Use the User Guide screen to access this guide, which is available on the NETGEAR website. To access the user guide: ...
Page 181 • REGISTER NOW. The NETGEAR registration server is contacted to initiate the registration process. Note: NETGEAR will never sell or rent your email address, and you can opt out of communications at any time. To register the switch:  Select Help > Registration.Click REGISTER to register the switch.
Page 182 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Help...
Page 183: Appendix A Hardware Specifications And Default Values
Hardware Specifications and Default Values The XS728T switches conform to the TCP/IP, UDP, HTTP, ICMP, TFTP, DHCP, IEEE 802.1D, IEEE 802.1 p, and IEEE 802.1Q standards. They also conform to the IEEE802.3 1000Base-T and 10GBase-T and IEEE802.3az (EEE) standards. Feature Value Interfaces 28 1000/10000 Mbps switching ports:...
Page 184: Switch Features And Defaults
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Switch Features and Defaults Feature Sets Supported Default Auto negotiation/static All ports Auto-negotiation speed/duplex Auto MDI/MDIX Enabled 802.3x flow control/back pressure 1 (per system) Disabled Port mirroring 1 destination port and 8 source...
Page 185 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Feature Sets Supported Default Password control access Idle time-out = 10 minutes Password = password Management security 1 profile with 20 rules for All IP addresses allowed HTTP/HTTPS/SNMP access to allow/deny an IP address/subnet...
Page 186 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Feature Sets Supported Default Number of routed VLANs 32 for IPv4 and IPv6, respectively Number of ARP cache entries 1024 Number of DHCP snooping 1024 bindings Number of DHCP static entries 1024 MLD snooping v1/v2...
Page 187: Appendix B Configuration Examples
Configuration Examples This chapter contains information about how to configure the following features: • Virtual Local Area Networks (VLANs) • Access Control Lists (ACLs) • Differentiated Services (DiffServ) • 802.1x • MSTP • Configure VLAN Routing with Static Route...
Page 188: Virtual Local Area Networks (Vlans)
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Virtual Local Area Networks (VLANs) A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router.
Page 189: Sample Vlan Configuration
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged. Inversely, a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port.
Page 190: Access Control Lists (Acls)
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Access Control Lists (ACLs) ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and provide security for the network.
Page 191 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Destination MAC Mask. 00:00:00:00:FF:FF • Source MAC. 02:02:1A:BC:DE:EF • Source MAC Mask. 00:00:00:00:FF:FF • VLAN ID. 2 For more information about MAC ACL rules, see MAC Rules on page 150. In the MAC Binding Configuration screen, assign the Sales_ACL to Ethernet ports 6, 7, and 8 and click Apply.
Page 192: Differentiated Services (Diffserv)
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Action. Permit • Match Every. True Click Add. In the IP Binding Configuration screen, assign ACL ID 1 to the Ethernet ports 2, 3, and 4, and assign a sequence number of 1.
Page 193: Diffserv Traffic Classes
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch The DiffServ feature contains a number of conceptual QoS building blocks you can use to construct a differentiated service network. Use these same blocks in various ways to build other types of QoS architectures.
Page 194 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch To configure DiffServ, you must define service levels, namely the forwarding classes, or PHBs identified by a given DSCP value, on the egress interface. You define the service levels by configuring BA classes for each.
Page 195 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch to be used as the conforming color. The color of exceeding traffic might be optionally specified as well. • Counting. Updates octet and packet statistics to keep track of data handling along traffic paths within DiffServ.
Page 196: 194
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Committed Rate. 10,000 Kbps • Committed Burst Size. 128 KB • Confirm Action. Send • Violate Action. Drop For more information about this screen, see Policy Configuration on page 119. In the Service Configuration screen, select the check box next to interfaces xg7 and xg8 to attach the policy to these interfaces, and click Apply.
Page 197 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Note: You can use QoS features to provide rate limiting on the guest VLAN to limit the network resources the guest VLAN provides. Another 802.1x feature is the ability to configure a port to enable or disable EAPoL packet forwarding support.
Page 198 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Authenticator Supplicant switch Authentication server (RADIUS) 192.168.10.23 Supplicant Sample 802.1x Configuration This example shows how to configure the switch so that 802.1x-based authentication is required on the ports in a corporate conference room (xg1–xg8). These ports are available to visitors and need to be authenticated before they are granted access to the network.
Page 199: Mstp
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch • Active. Primary For more information, see RADIUS on page 125. Click Add. In the Authentication List screen, configure the default list to use RADIUS as the first authentication method. For more information, see Authentication List on page 128.
Page 200 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch all LANs and networking devices throughout the network, though frames belonging to different VLANs can take different paths within any region, per IEEE DRAFT P802.1s/D13. All bridges, whether they use STP, RSTP or MSTP, send information in configuration messages through bridge protocol data units (BPDUs) to assign port roles that determine each port’s participation in a fully and simply connected active topology based on one or...
Page 201 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Sample MSTP Configuration This example shows how to create an MSTP instance from the switch. The sample network has three different switches that serve different locations in the network. In this example, ports xg1–xg5 are connected to host stations, so those links are not subject to network loops.
Page 202 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Note: Bridge priority values are multiples of 4096. If you do not specify a root bridge and all switches have the same Bridge Priority value, the switch with the lowest MAC address is elected as the root bridge.
Page 203: Configure Vlan Routing With Static Route
VLANs divide broadcast domains in a LAN environment. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic must be routed between them. This is known as inter-VLAN routing. On NETGEAR switches it is accomplished by creating Layer 3 interfaces (switch virtual interfaces [SVI]).
Page 204 XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch Note: You can use the VLAN Routing Wizard for creating VLANs, adding ports, and enabling them for routing by assigning the IP address and mask. Configuration Examples...

NETGEAR XS728T ProSAFE Software Administration Manual

Chapter 1 Getting Started

Chapter 2 System

Chapter 3 Switching

Chapter 4 Routing

Chapter 5 Quality of Service

Chapter 6 Security

Chapter 7 Monitoring

Chapter 8 Maintenance

Chapter 9 Help

Appendix A Hardware Specifications and Default Values

Appendix B Configuration Examples

Quick Links

Related Manuals for NETGEAR XS728T ProSAFE

Summary of Contents for NETGEAR XS728T ProSAFE

Table of Contents