Page 1 M4100 Series Managed Switch Us e r Manual Vers ion 10. 0.2 April 2015 202-10967-02 350 East Plumeria Drive San Jose, CA 95134...
Page 2 For regulatory compliance information, visit http://www.netgear.com/about/regulatory. See the regulatory compliance document before connecting the power supply. Trademarks © NETGEAR, Inc., NETGEAR and the NETGEAR logo are trademarks of NETGEAR, Inc. Any non-NETGEAR trademarks are used for reference purposes only. Revision History...
Page 3: Table Of Contents
Contents Chapter 1 Get Started Available Publications and Online Help ........12 Register Your Product.
Page 4 M4100 Series Managed Switch Configure the DHCP Server......... . . 58 Exclude an Address from the DHCP Server .
Page 5 M4100 Series Managed Switch Add a VLAN ........... . . 120 Reset VLAN Configuration.
Page 6 M4100 Series Managed Switch Configure MVR........... . . 182 Configure Advanced MVR Settings .
Page 7 M4100 Series Managed Switch Use the DiffServ Wizard ......... . 242 Configure DiffServ .
Page 8 M4100 Series Managed Switch View the Port Summary......... . . 306 View the Client Summary .
Page 9 M4100 Series Managed Switch View or Delete IP ACL Bindings........366 View or Delete VLAN ACL Bindings .
Page 10 M4100 Series Managed Switch Use the Ping IPv6 Utility..........422 Run Traceroute IPv4 .
Page 11: Chapter 1 Get Started
Get Started This chapter provides an overview of starting your NETGEAR Managed Switch and accessing the user interface. This chapter contains the following sections: • Available Publications and Online Help • Register Your Product • Understanding the User Interfaces •...
Page 12: Available Publications And Online Help
15. Register Your Product The first time you log in to the switch, you are given the option of registering with NETGEAR. Registration confirms that your email alerts work, lowers technical support resolution time, and ensures that your shipping address accuracy. NETGEARE would also like to incorporate your feedback into future product development.
Page 13: Web Management Interface Overview
M4100 Series Managed Switch Web Management Interface Overview Your managed switch contains an embedded web server and management software for managing and monitoring switch functions. The managed switch functions as a simple switches without the management software. However, you can use the management software to configure more advanced features that can improve switch efficiency and overall network performance.
Page 14: Web Interface Buttons And User-Defined Fields
M4100 Series Managed Switch The web management interface menu displays. Web Interface Buttons and User-Defined Fields The following table shows the command buttons that are used throughout the screens in the web interface: Table 1. Web interface command buttons Button Function Clicking the ADD button adds the new item configured in the heading row of a table.
Page 15: Online Help
For example, if the IP Addressing screen is open, the help topic for that screen displays if you click the Help button. You can connect to the online support site at netgear.com when you are logged in to the switch.
Page 16: Web Management Interface Device View
 Select Help Online Help > Support. To connect to the NETGEAR support site for managed switch, click the APPLY button. Web Management Interface Device View The Device View is a Java applet that displays the ports on the switch. This graphic provides ®...
Page 17: Using Snmp
M4100 Series Managed Switch Click a port to see a menu that displays statistics and configuration options. You can click a menu option to access the screen that contains the configuration or monitoring options. If you click the graphic, but do not click a specific port, the main menu displays. This menu contains the same options as the navigation tabs at the top of the screen.
Page 18 M4100 Series Managed Switch The managed switch use both standard public MIBs for standard functionality and private MIBs that support additional switch functionality. All private MIBs begin with a “-” prefix. The main object for interface configuration is in -SWITCHING-MIB, which is a private MIB. Some interface configurations also involve objects in the public MIB, IF-MIB.
Page 19: Chapter 2 Configure System Information
Configure System Information This chapter covers the following topics: • System Configuration • Configure Initial Management VLAN Settings • Define System Information • View the Switch Status • Manage Loopback Interfaces • View the IPv6 Network Neighbor Table • Configure an IPv4 Management VLAN •...
Page 20: System Configuration
M4100 Series Managed Switch System Configuration  To do the initial system configuration: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 21: Configure Initial Management Vlan Settings
M4100 Series Managed Switch You can use a location up to 255 characters in length. The factory default is blank. Enter the System Contact, the name of the contact person for this switch. You can use a contact name up to 255 characters in length. The factory default is blank.
Page 22: Define System Information
M4100 Series Managed Switch The web management interface menu displays.   Select System Management Initial Setup The Initial Setup screen displays. Scroll down to display the Management VLAN Configuration section. Specify the Management VLAN ID of the switch. The management VLAN is used for management of the switch. The VLAN ID can be any value from 1 to 4093.
Page 23 M4100 Series Managed Switch The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 24: View The Switch Status
M4100 Series Managed Switch • Service Port • Different . Some applications that can be selected in this screen require that the source interface be configured separately. In this case, the Different option is shown. By default VLAN 1 is used as the source interface.
Page 25: View The Temperature Status
M4100 Series Managed Switch  To view the fan status: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 26: View The Device Status
M4100 Series Managed Switch Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 27 M4100 Series Managed Switch Scroll down to Device Status. To refresh the switch information, click the REFRESH button. The following table describes the Device Status information. Table 4. Device status Field Description Firmware Version The release.version.maintenance number of the code currently running on the switch.
Page 28: View Switch Statistics
M4100 Series Managed Switch View Switch Statistics  To view the switch statistics: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 29 M4100 Series Managed Switch The following table describes Switch Statistics information. Table 5. Switch Statistics Field Description ifIndex The ifIndex of the interface table entry associated with the processor of this switch. Octets Received The total number of octets of data received by the processor excluding framing bits but including FCS octets.
Page 30: View The System Cpu Status
M4100 Series Managed Switch Table 5. Switch Statistics (continued) Field Description Most VLAN Entries Ever Used The largest number of VLANs that were active on this switch since the last reboot. Static VLAN Entries The number of presently active VLAN entries on this switch that were created statically.
Page 31: View Usb Device Information
M4100 Series Managed Switch Select System > Management > System CPU Status. The following information displays: • Total System Memory. The total memory of the switch in KBytes. • Available Memory. The available memory space for the switch in KBytes.
Page 32 M4100 Series Managed Switch Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 33: Manage Loopback Interfaces
M4100 Series Managed Switch Table 6. USB device Information (continued) Field Description Product ID The USB flash drive device product ID. USB Memory Statistics Total Size The USB flash device storage size. Bytes Used The size of memory used on the USB flash device.
Page 34: View The Ipv6 Network Neighbor Table
M4100 Series Managed Switch Use the Loopback ID field to select list of currently configured loopback interfaces. Use the Primary IP Address field to input the primary IPv4 address for this interface in dotted decimal notation. This option is visible only when IPv4 loopback is selected.
Page 35: Configure An Ipv4 Management Vlan
M4100 Series Managed Switch Select System > Management > Management Interfaces > IPv6 Network Neighbor Table. The following table displays IPv6 Network Interface Neighbor Table information. Table 7. IPv6 Network Interface Neighbor Table Field Description IPv6 address The Ipv6 address of a neighbor switch visible to the network interface.
Page 36 M4100 Series Managed Switch Once you establish in-band connectivity, you can change the IP information using any of the following: • Terminal interface through the EIA-232 port • Terminal interface through Telnet • SNMP-based management • Web-based management  To configure the IPv4 management VLAN: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for...
Page 37: View Or Set The System Time
M4100 Series Managed Switch The screen displays the MAC address assigned to the VLAN routing interface and the routing interface status (up or down). These fields display information but cannot be changed. From the VLAN ID list, select a VLAN.
Page 38: Configure Sntp Global Settings
M4100 Series Managed Switch • Stratum 2. The time source is distanced from the stratum 1 server over a network path. For example, a stratum 2 server receives the time over a network link, through NTP, from a stratum 1 server.
Page 39 M4100 Series Managed Switch Click the Login button. The web management interface menu displays.   Select System Management System Information. The System Information screen displays.   Select System Management > Time Time Configuration, and select SNTP as the Clock Source.
Page 40: View The Sntp Global Status
M4100 Series Managed Switch • Routing loopback interface By default, VLAN 1 is used as the source interface. Use Unicast Poll Interval to specify the number of seconds between unicast poll requests expressed as a power of two when configured in unicast mode.
Page 41 M4100 Series Managed Switch Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 42 M4100 Series Managed Switch Table 8. SNTP Global Status (continued) Field Description Last Attempt Status Specifies the status of the last SNTP request or unsolicited message for both unicast and broadcast modes. If no message was received from a server, a status of Other is displayed. These values are appropriate for all operational modes.
Page 43: Configure Sntp Servers
M4100 Series Managed Switch Configure SNTP Servers You can view and modify information for adding and modifying Simple Network Time Protocol SNTP servers.  To configure SNTP servers: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 44 M4100 Series Managed Switch This indicates the order in which to query the servers. A server entry with a precedence of 1 is queried before a server with a priority of 2, and so forth. If more than one server is assigned the same priority, then the requesting order follows the lexicographical ordering of the entries in this table.
Page 45: Configure Summer Time Settings
M4100 Series Managed Switch Table 9. SNTP server status (continued) Field Description Last Attempt Status The status of the last SNTP request to this server. If no packet was received from this server, a status of Other is displayed. •...
Page 46 M4100 Series Managed Switch    Select System Management Time Summer Time Configuration. Select a Summer Time radio button: • Disable. This option is used to disable Summer Time. • Recurring. This option is used to enable Recurring Summer Time.
Page 47: Configure Dns
M4100 Series Managed Switch The fields in the following table are visible only when Summer Time is Non Recurring. Table 11. Summer Time Nonrecurring Configuration Field Description Begins At The fields under this are used to configure the Start values for the date and time.
Page 48 (for example, if the default domain name is netgear.com and you enter test, then test is changed to test.netgear.com to resolve the name). The length of the name must not be longer than 255 characters.
Page 49: Configure Host Settings
M4100 Series Managed Switch By default, VLAN 1 is used as source interface. To specify the DNS server to which the switch sends DNS queries, enter an IP address in standard IPv4 dot notation in the DNS Server Address and click the ADD button.
Page 50: Configure Green Ethernet Settings
M4100 Series Managed Switch    Select System Management Host Configuration. Specify the static host name to add. Its length cannot exceed 255 characters and it is a mandatory field for the user. Specify the IP address in standard IPv4 dot notation to associate with the host name.
Page 51: Configure Green Ethernet Interface Settings
M4100 Series Managed Switch The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 52 M4100 Series Managed Switch Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password.
Page 53: Configure Port Green Mode Statistics
M4100 Series Managed Switch Configure Port Green Mode Statistics You can configure the Port Green Mode Statistics settings.  To configure port green mode statistics: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 54 M4100 Series Managed Switch performing autonegotiation and saving power consumption when no link partner is present. The The default value is Disabled. Use the Short Reach Admin Mode selection to enable or disable this option on the port. With short reach mode enabled, PHY is forced to operate in low power mode irrespective of the cable length.
Page 55: View The Green Mode Statistics Summary
M4100 Series Managed Switch Table 13. Port Green Mode Statistics (continued) Field Description Tw_sys_tx Echo (uSec) Integer that indicates the remote system's Transmit Tw_sys that was used by the local system to compute the Tw_sys that it wants to request from the remote system.
Page 56 M4100 Series Managed Switch The web management interface menu displays.    Select System Management Green Ethernet Green Ethernet Summary. Click the REFRESH button to refresh the screen with the most current data from the switch. The following table describes the Green Mode Statistics Summary nonconfigurable fields.
Page 57: View The Port Green Mode Eee History
M4100 Series Managed Switch Table 14. Green Mode Statistics Summary (continued) Field Description Energy Detect Admin Mode Enable or Disable Energy Detect Mode on the port. When this mode is enabled, when the port link is down, the PHY automatically goes down for short period of time, and then wakes up to check link pulses.
Page 58: Configure The Dhcp Server
M4100 Series Managed Switch This is the Interval at which EEE LPI data is collected. This is a global setting and is applied to all interfaces. The range is 30 to 36000.The default value is 3600. In the Max Samples to keep field, enter a value.
Page 59: Exclude An Address From The Dhcp Server
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays. Select System > Services > DHCP Server> DHCP Server Configuration.
Page 60: Configure The Dhcp Pool
M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 61 M4100 Series Managed Switch Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password.
Page 62 M4100 Series Managed Switch The following table describes the DHCP Pool Configuration fields. Table 16. DHCP Pool configuration Field Description Pool Name* For a user with read/write permission, this field shows names of all the existing pools along with an additional option Create. When you select Create the Pool Name list displays.
Page 63: Configure The Dhcp Pool Options
M4100 Series Managed Switch Table 16. DHCP Pool configuration (continued) Field Description Lease Time Can be selected as Infinite to specify the lease time as Infinite, or as Specified Duration and enter a specific lease period. In the case of dynamic binding infinite implies a lease period of 60 days.
Page 64: View Dhcp Server Statistics
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 65 M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays. Select System > Services > DHCP Server > DHCP Server Statistics.
Page 66: View Dhcp Bindings Information
M4100 Series Managed Switch Table 17. DHCP server statistics (continued) Field Description DHCPACK Specifies the number of DHCPACK messages sent by the DHCP server. DHCPNAK Specifies the number of DHCPNAK messages sent by the DHCP server. View DHCP Bindings Information ...
Page 67: View Dhcp Conflicts Information
M4100 Series Managed Switch The following table describes the DHCP Bindings Information fields. Table 18. DHCP Bindings Information Field Description IP Address Specifies the Client's IP Address. Hardware Address Specifies the Client's Hardware Address. Lease Time Left Specifies the Lease time left in Days, Hours and Minutes (dd:hh:mm).
Page 68: Configure The Dhcp Relay
M4100 Series Managed Switch • Specific Address Conflict to specify a dynamic binding. The following table describes the DHCP Conflicts Information fields. Table 19. DHCP conflicts information Field Description IP Address Specifies the IP Address of the host as recorded on the DHCP server.
Page 69 M4100 Series Managed Switch Select System > Services > DHCP Relay. Use Maximum Hop Count to enter the maximum number of hops a client request can take before being discarded. The range is 1 to 16. The default value is 4.
Page 70: Configure A Dhcp L2 Relay Vlan
M4100 Series Managed Switch Configure a DHCP L2 Relay VLAN  To configure a DHCP L2 Relay VLAN: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 71: Configure The Dhcp L2 Relay Interface
M4100 Series Managed Switch Configure the DHCP L2 Relay Interface  To configure the DHCP L2 Relay Interface: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 72: View Dhcp L2 Relay Interface Statistics
M4100 Series Managed Switch View DHCP L2 Relay Interface Statistics  To view the DHCP L2 Relay Interface Statistics: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 73: Configure Udp Relay Global Settings
M4100 Series Managed Switch The following table describes the DHCP L2 Relay Interface Statistics fields. Table 21. DHCP L2 Relay Interface Statistics Field Description Interface The interface from which the DHCP messages are received. UntrustedServerMsgsWithOpt82 The number of DHCP messages with option82 received from an untrusted server.
Page 74 M4100 Series Managed Switch Select System > Services > UDP Relay> UDP Relay Global Configuration. Use Admin Mode to enable or disable the UDP Relay on the switch. The default value is Disable. Use Server Address to specify the UDP relay server address in x.x.x.x format.
Page 75: Configure The Udp Relay Interface
M4100 Series Managed Switch Configure the UDP Relay Interface  To configure the UDP Relay Interface: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 76: Configure The Basic Poe Settings
M4100 Series Managed Switch • rip. Relay RIP UDP port 520 packets. • tacacs. Relay TACACS UDP port 49 packet. • tftp. Relay TFTP UDP port 69 packets. • time. Relay time service UDP port 37 packets. • Other. If this option is selected, the UDP Port Other Value is enabled. This option permits you to enter your own UDP port in UDP Port Other Value.
Page 77 M4100 Series Managed Switch Select System > PoE > Basic > PoE Configuration. The Unit Selection list displays the current PoE unit. To change the PoE unit, select another unit from the menu. To set the System Usage Threshold, enter a number from 1 to 99.
Page 78: Configure Advanced Poe Settings
M4100 Series Managed Switch Table 22. PoE Configuration (continued) Field Description Power Status Indicates the power status. Total Power (Main AC) Displays the total power provided by the MAIN AC power source. Total Power (RPS) Displays the total power provided by the redundant power source.
Page 79 M4100 Series Managed Switch The Unit list displays the current PoE unit. To change the PoE unit, select another unit from the menu. In the System Usage Threshold field, enter a number from 1 to 99. This sets the threshold level at which a trap is sent if consumed power is greater than the threshold power.
Page 80: Configure A Poe Port
M4100 Series Managed Switch The following table describes the PoE Configuration nonconfigurable fields. Table 23. Advanced PoE Configuration Field Description Units Displays the Current PoE Unit. You can change the PoE Unit by selecting another unit ID listed here. Firmware Version Version of the PoE controller's FW image.
Page 81 M4100 Series Managed Switch Select System > PoE > Advanced > PoE Port Configuration. For Admin Mode, select Enable or Disable to determine the ability of the port to deliver power. Use Port Priority to determine which ports can deliver power when the total power delivered by the system crosses a specific threshold.
Page 82 M4100 Series Managed Switch Select the Power Limit to define the maximum power in watts that can be delivered by a port. The Detection Type describes a PD detection mechanism performed by the PSE port. • pre-ieee. Only legacy detection is done.
Page 83: Configure Snmp Community Settings
M4100 Series Managed Switch Table 24. PoE Port Configuration (continued) Field Description Status The status is the operational status of the port PD detection. • Disabled. No power being delivered. • DeliveringPower. Power is being drawn by the device. •...
Page 84: Configure An Snmp Trap
M4100 Series Managed Switch Click the Login button. The web management interface menu displays.    Select System SNMP SNMP V1/V2 Community Configuration. In the Community Name list, select an existing community name or select Create to create a new one.
Page 85 M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 86: Configure Trap Flags
M4100 Series Managed Switch • Status. Select the receiver's status from the menu: Enable. Send traps to the receiver. Disable. Do not send traps to the receiver. To modify information about an existing SNMP recipient, select the check box next to the recipient, change the desired fields, and then click the APPLY button.
Page 87: View All Mibs Supported By The Switch
M4100 Series Managed Switch Use Link Up/Down to enable or disable activation of link status traps by selecting the corresponding radio button. The factory default is enabled. Use Multiple Users to enable or disable activation of multiple user traps by selecting the corresponding radio button.
Page 88: Configure Snmp V3 Settings For A User
M4100 Series Managed Switch    Select System SNMP SNMP V1/V2 Supported MIBs. In the Name field, the screen displays the RFC number if applicable and the name of the MIB. Configure SNMP v3 Settings for a User ...
Page 89 M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 90: Lldp Overview
M4100 Series Managed Switch LLDP Overview The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN.
Page 91: Configure An Lldp Interface
M4100 Series Managed Switch   Select System LLDP Global Configuration. Use Transmit Interval to specify the interval in seconds to transmit LLDP frames. The range is from 5 to 32768 secs. The default value is 30 seconds. Use Transmit Hold Multiplier to specify the multiplier on Transmit Interval to assign TTL.
Page 92: View Lldp Statistics
M4100 Series Managed Switch   Select System LLDP Interface Configuration. Use Go To Port to enter the Port in unit/slot/port format and click the Go button. The entry corresponding to the specified port is selected. Use Port to specify the list of ports on which LLDP - 802.1AB can be configured.
Page 93 M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 94 M4100 Series Managed Switch Table 25. LLDP statistics (continued) Field Description Total Deletes Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point (MSAP) was deleted from tables associated with the remote systems.
Page 95: View Lldp Local Device Information
M4100 Series Managed Switch View LLDP Local Device Information  To view LLDP local device information: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 96: View Lldp Remote Device Information
M4100 Series Managed Switch Table 26. LLDP Local Device Information Field Description Port ID Subtype The string that describes the source of the port identifier. Port ID The string that describes the source of the port identifier. System Name The system name of the local system.
Page 97 M4100 Series Managed Switch   Select System LLDP Remote Device Information. Use Interface to select the local ports that can receive LLDP frames. The following table describes the LLDP Remote Device Information fields. Table 27. LLDP remote device information...
Page 98: View Lldp Remote Device Inventory
M4100 Series Managed Switch View LLDP Remote Device Inventory  To view LLDP remote device inventory: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 99: Configure Lldp-Med Global Settings
M4100 Series Managed Switch Configure LLDP-MED Global Settings You can specify LLDP-MED parameters that are applied to the switch.  To configure LLDP-MED global settings: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 100 M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 101: View Lldp-Med Local Device Information
M4100 Series Managed Switch The following values are available: • MED Capabilities. Transmit the capabilities TLV in LLDP frames. • Network Policy. Transmit the network policy TLV in LLDP frames. • Location Identification. Transmit the location TLV in LLDP frames.
Page 102 M4100 Series Managed Switch Use Interface to select the ports on which LLDP-MED frames can be transmitted. The following table describes the LLDP-MED Local Device Information fields. Table 29. LLDP-MED local device information Field Description Network Policy Information: Specifies if the network policy TLV is present in the LLDP frames.
Page 103: View Lldp-Med Remote Device Information
M4100 Series Managed Switch Table 29. LLDP-MED local device information (continued) Field Description Hardware Revision The hardware version. Firmware Revision The Firmware version. Software Revision The Software version. Serial Number The serial number. Manufacturer Name The manufacturers name. Model Name The model name.
Page 104 M4100 Series Managed Switch Use Interface to select the ports on which LLDP-MED is enabled. The following table describes the LLDP-MED Remote Device Information fields. Table 30. LLDP-MED remote device information Field Description Capability Information: Specifies the supported and enabled capabilities that were received in MED TLV on this port.
Page 105 M4100 Series Managed Switch Table 30. LLDP-MED remote device information (continued) Field Description Media Application Type The application type. Types of applications are unknown, voicesignaling, guestvoice, guestvoicesignalling, softphonevoice, videoconferencing, streammingvideo, and vidoesignalling. Each application type that is received has the VLAN ID, priority, DSCP, tagged bit status, and unknown bit status.
Page 106: View Lldp-Med Remote Device Inventory
M4100 Series Managed Switch Table 30. LLDP-MED remote device information (continued) Field Description Required The remote port's PD power requirement. Source The remote port's PD power source. Priority The remote port's PD power priority. View LLDP-MED Remote Device Inventory ...
Page 107: Isdp Settings Overview
M4100 Series Managed Switch Table 31. LLDP-MED remote device inventory Field Definition MAC Address The MAC address associated with the remote system. System Model The model name of the remote device. Software Revision The software version of the remote device.
Page 108: Configure Advanced Global Isdp Settings
M4100 Series Managed Switch Use Admin Mode to specify whether the ISDP service is to be Enabled or Disabled. The default value is Enabled. Use Timer to specify the period of time between sending new ISDP packets. The range is 5 to 254 seconds. The default value is 30 seconds.
Page 109 M4100 Series Managed Switch Click the Login button. The web management interface menu displays.    Select System ISDP Advanced Global Configuration. Select the Admin Mode Enable radio button. The default value is Enable. In the Timer field, specify the period of time between sending new ISDP packets.
Page 110: Configure The Isdp Interface
M4100 Series Managed Switch Configure the ISDP Interface  To configure the ISDP Interface: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 111: View Isdp Neighbors
M4100 Series Managed Switch View ISDP Neighbors  To view ISDP neighbors: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 112: View Isdp Statistics
M4100 Series Managed Switch Table 34. ISDP Neighbor Field Description Capability Displays the capability of the neighbor. These are supported: • Router • Trans Bridge • Source Route • Switch • Host • IGMP • Repeater Platform Display the model type of the neighbor. 0 to 32 Port ID Display the port ID of the neighbor.
Page 113 M4100 Series Managed Switch    Select System ISDP Advanced Statistics. The following table describes the ISDP Statistics fields. Table 35. ISDP statistics Field Description ISDP Packets Received Displays the ISDP packets received including ISDPv1 and ISDPv2 packets. ISDP Packets Transmitted Displays the ISDP packets transmitted including ISDPv1 and ISDPv2 packets.
Page 114: Configure Timers
M4100 Series Managed Switch Configure Timers You can configure global timer settings and set up timer schedules. Configure the Global Timer Settings  To configure the timer global settings: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 115: Configure The Timer Schedule
M4100 Series Managed Switch Configure the Timer Schedule  To configure the timer schedule: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 116 M4100 Series Managed Switch Use the Recurrence Pattern to show with what period the event repeats. If recurrence is not needed (a timer schedule should be triggered just once), then set Date Stop as equal to Date Start. The following recurrence values are available: •...
Page 117: Chapter 3 Configure Switching Information
Configure Switching Information This chapter covers the following topics: • VLAN Overview • Auto-VoIP Overview • Spanning Tree Protocol Overview • Configure Multicast • Configure Multicast • Configure MLD Snooping • Configure MVR • Manage MAC Addresses • Configure Port Settings •...
Page 118: Vlan Overview
M4100 Series Managed Switch VLAN Overview Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security, and management of multicast traffic.
Page 119: Configure An Internal Vlan
M4100 Series Managed Switch    Select Switching VLAN Basic VLAN Configuration. Specify the Reset Configuration setting. If you select this check box and click the APPLY button, all VLAN configuration parameters are reset to their factory default values. Also, all VLANs except for the default VLAN are deleted.
Page 120: Add A Vlan
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.    Select Switching...
Page 121: Reset Vlan Configuration
M4100 Series Managed Switch The web management interface menu displays.    Select Switching VLAN Basic VLAN Configuration. Use VLAN ID to specify the VLAN Identifier for the new VLAN. The range of the VLAN ID is 1 to 4093.
Page 122: Configure Internal Vlan Settings
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 123: Configure Vlan Trunking
M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 124 M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 125: Configure Vlan Membership
M4100 Series Managed Switch This is the access VLAN for the port, and is valid only when the port switchport mode is Access. Select from the menu to configure the Native VLAN ID. This is the native VLAN for the port, and is valid only when the port switchport mode is Trunk.
Page 126 M4100 Series Managed Switch Click the Login button. The web management interface menu displays.    Select Switching VLAN Advanced VLAN Membership. Use VLAN ID to select the VLAN ID. Use Group Operation to select all the ports and configure them: •...
Page 127: View Vlan Status
M4100 Series Managed Switch Table 38. VLAN Membership Field Definition VLAN Name The name for the VLAN that you selected. It can be up to 32 alphanumeric characters long, including blanks. VLAN ID 1 always has a name of Default.
Page 128: Configure Port Pvid
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 39. Advanced VLAN Status Field Definition VLAN ID The VLAN Identifier (VID) of the VLAN. The range of the VLAN ID is 1 to 4093.
Page 129 M4100 Series Managed Switch The web management interface menu displays.    Select Switching VLAN Advanced Port PVID Configuration. Click ALL to display information for all physical ports and LAGs. Select the check box next to the interfaces to configure.
Page 130: Configure A Mac-Based Vlan Group
M4100 Series Managed Switch Configure a MAC-Based VLAN Group The MAC-based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classifies traffic based on the source MAC address of the packet. You define MAC to VLAN mapping by configuring an entry in the MAC to VLAN table. An entry is specified through a source MAC address and the desired VLAN ID.
Page 131: Configure A Protocol-Based Vlan Group
M4100 Series Managed Switch Use VLAN ID to specify a VLAN ID in the range of 1 to 4093. To add a MAC address to VLAN mapping, click the ADD button. To delete a MAC address to VLAN mapping, click the DELETE button.
Page 132: Configure Protocol-Based Vlan Group Membership
M4100 Series Managed Switch    Select Switching VLAN Advanced Protocol Based VLAN Group Configuration. Use Group Name to assign a name to a new group. You can enter up to 16 characters. Use Protocol(s) to select the protocols to be associated with the group.
Page 133 M4100 Series Managed Switch Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password.
Page 134: Configure An Ip Subnet-Based Vlan
M4100 Series Managed Switch Configure an IP Subnet–Based VLAN IP Subnet to VLAN mapping is defined by configuring an entry in the IP Subnet to VLAN table. An entry is specified through a source IP address, network mask, and the desired VLAN ID.
Page 135: Configure Port Dvlan
M4100 Series Managed Switch Configure Port DVLAN  To configure port DVLAN: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 136: Configure A Voice Vlan
M4100 Series Managed Switch Configure a Voice VLAN You can configure the parameters for a voice VLAN. Only a user with Read/Write access privileges can change the data on this screen.  To configure a voice VLAN: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 137: Configure Garp Switch Settings
M4100 Series Managed Switch • Disable. The default value. • None. Allow the IP phone to use its own configuration to send untagged voice traffic. • VLAN ID. Configure the phone to send tagged voice traffic. • dot1p. Configure voice VLAN 802.1p priority tagging for voice traffic. When this is selected, enter the dot1p value in the Value field.
Page 138: Configure Garp Port Settings
M4100 Series Managed Switch    Select Switching VLAN Advanced GARP Switch Configuration. Select the GVRP Mode Disable or Enable radio button. This sets the GARP VLAN Registration Protocol administrative mode for the switch. The factory default is Disable.
Page 139 M4100 Series Managed Switch    Select Switching VLAN Advanced GARP Port Configuration. Use the Interface check boxes to select the physical interface. In the Port GVRP Mode field, select Disable or Enable. This specifies the GARP VLAN Registration Protocol administrative mode for the port. If you select Disable, the protocol is not active and the join time, leave time, and leave all time have no effect.
Page 140: Auto-Voip Overview
M4100 Series Managed Switch factory default is 1000 centiseconds (10 seconds). An instance of this timer exists for each GARP participant for each port. Auto-VoIP Overview The Auto-VoIP feature enables manual and auto assignment of VoIP phone traffic to a special VLAN (such as, voice VLAN), allowing the assignment of special QoS parameters to that traffic, giving it high priority services.
Page 141: Configure Oui-Based Properties
M4100 Series Managed Switch Use Prioritization Type to specify the type of prioritization. It can be Traffic Class or Remark. Use Class Value to specify the CoS tag value to be reassigned for packets received on the voice VLAN when Remark CoS is enabled.
Page 142: Configure Oui-Based Port Settings
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.  Select Switching > Auto-VoIP > OUI-based Properties.
Page 143: Configure The Oui Table
M4100 Series Managed Switch Click the Login button. The web management interface menu displays.  Select Switching > Auto-VoIP > OUI-based Port Settings. The screen displays the current operational status of the interface. Use the Interface check boxes to select the interface.
Page 144 M4100 Series Managed Switch The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 145: View The Auto-Voip Status
M4100 Series Managed Switch Your settings are saved. View the Auto-VoIP Status  To display the Auto-VoIP status: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 146: Configure Spanning Tree Protocol
M4100 Series Managed Switch modifications in the working but not the end effect (chief among the effects is the rapid transitioning of the port to Forwarding). The difference between the RSTP and the traditional STP (IEEE 802.1D) is the ability to configure and recognize full-duplex connectivity and ports that are connected to end stations, resulting in rapid transitioning of the port to Forwarding state and the suppression of Topology Change Notification.
Page 147 M4100 Series Managed Switch  Select Switching > STP > Basic STP Configuration. Select the Spanning Tree Admin Mode Disable or Enable radio button. This specifies whether spanning tree operation is enabled on the switch. Use Force Protocol Version to specify the Force Protocol Version parameter for the switch.
Page 148: Configure Advanced Stp Settings
M4100 Series Managed Switch connected to hosts that typically drop BPDUs. If an operational edge port receives a BPDU, it immediately loses its operational status. In that case, if BPDU filtering is enabled on this port then the BPDUs received on this port are dropped.
Page 149 M4100 Series Managed Switch  Select Switching > STP > Advanced STP Configuration. Select the Spanning Tree Admin Mode Disable or Enable radio button. This specifies whether spanning tree operation is enabled on the switch. Select a Force Protocol Version radio button.
Page 150: Configure Common Spanning Tree
M4100 Series Managed Switch BPDU, it immediately loses its operational status. In that case, if BPDU filtering is enabled on this port, and the BPDUs received on this port are dropped. The following table describes the nonconfigurable information displayed on the screen.
Page 151 M4100 Series Managed Switch  Select Switching > STP > Advanced CST Configuration. Specify values for CST in the appropriate fields: • Bridge Priority. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge.
Page 152: Configure Cst Ports
M4100 Series Managed Switch • Spanning Tree Maximum Hops. Specifies the maximum number of bridge hops the information for a particular CST instance can travel before being discarded. The valid range is 1–127. • Spanning Tree Tx Hold Count. Configures the maximum number of BPDUs the bridge is allowed to send within the hello time window.
Page 153 M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 154: View Spanning Tree Cst Port Status
M4100 Series Managed Switch This setting configures the BPDU flood, which floods the BPDU traffic arriving on this port when STP is disabled on this port. In the Auto Edge field select Disable or Enable. This configures the auto edge mode of a port, which allows the port to become an edge port if it does not see BPDUs for some duration.
Page 155 M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 156: Configure An Mst Instance
M4100 Series Managed Switch Table 46. CST port status (continued) Field Description Designated Bridge Bridge identifier of the bridge with the designated port. It is made up using the bridge priority and the base MAC address of the bridge. Designated Port Port Identifier on the designated bridge that offers the lowest cost to the LAN.
Page 157 M4100 Series Managed Switch Click the Login button. The web management interface menu displays.  Select Switching > STP > Advanced MST Configuration. To add an MST instance, configure the MST values and click the ADD button: MST ID. Specify the ID of the MST to create. Valid values for this are between 1 and •...
Page 158: View Mst Port Status
M4100 Series Managed Switch Table 47. MST Configuration (continued) Field Description Topology Change The value of the topology change parameter for the switch, indicating if a topology change is in progress on any port assigned to the selected MST instance. It takes a value if True or False.
Page 159 M4100 Series Managed Switch    Select Switching Advanced MST Port Status. Note: If no MST instances were configured on the switch, the screen displays a No MSTs Available message and does not display the fields shown in the field description table that follows.
Page 160: View Spanning Tree Statistics
M4100 Series Managed Switch The following table describes the read-only MST port configuration information displayed on the Spanning Tree MST Configuration screen. Table 48. MST Port Status Field Description Auto Calculated Port Path Cost Displays whether the path cost is automatically calculated (Enabled) or not (Disabled).
Page 161 M4100 Series Managed Switch The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 162: Configure Multicast
M4100 Series Managed Switch Configure Multicast You can configure bridge multicast forwarding and manage MFBD and IGMP snooping. Configure Bridge Multicast Forwarding When you create a VLAN, a default multicast forwarding option is assigned. You can use the Global Multicast Mode setting to set all VLANs currently configured on the switch to a selected forwarding mode.
Page 163: View The Mfdb Table
M4100 Series Managed Switch • Forward Unregistered: If a packet is received from a VLAN with a multicast destination address and no ports in the VLAN are registered to receive multicast packets for that address, then the packet is flooded to all ports in the VLAN. The responsibility for accepting or dropping the packets belongs to the hosts.
Page 164: View Mfdb Statistics
M4100 Series Managed Switch  Select Switching > Multicast > MFDB MFDB Table. Use Search by MAC Address to enter a MAC address whose MFDB table entry you want displayed. Enter six two-digit hexadecimal numbers separated by colons, for example 00:01:23:43:45:67.
Page 165: Igmp Snooping Overview
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 166: Configure Igmp Snooping Interface Settings
M4100 Series Managed Switch Allowing switches to snoop IGMP packets is a creative effort to solve this problem. The switch uses the information in the IGMP packets as they are being forwarded throughout the network to determine which segments should receive packets directed to the group address.
Page 167: Configure Igmp Snooping Settings For Vlans
M4100 Series Managed Switch Use the Interface check boxes to select the interface. In the Admin Mode field, select Enable or Disable. This specifies interface mode for the selected interface for IGMP snooping for the switch. The default is Disable.
Page 168: Configure Igmp Snooping For A Multicast Router
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.    Select Switching...
Page 169: Configure Igmp Snooping For A Multicast Router Vlan
M4100 Series Managed Switch needed only when you want to make sure that the multicast router always receives IGMP packets from the switch in a complex network.  To configure IGMP snooping for a multicast router: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 170: Configure Igmp Snooping Querier
M4100 Series Managed Switch  To configure IGMP snooping for a multicast router VLAN: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 171 M4100 Series Managed Switch  To configure IGMP snooping querier: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 172: Igmp Snooping Querier Vlan Configuration
M4100 Series Managed Switch The querier expiry interval must be a value in the range of 60 and 300. The default value is 125. Table 51. IGMP Snooping Querier Configuration Field Description VLAN IDs Enabled For IGMP Snooping Querier Displays VLAN IDs enabled for IGMP snooping querier.
Page 173 M4100 Series Managed Switch • VLAN ID. Specifies the VLAN ID for which the IGMP snooping querier is to be enabled. • Querier Election Participate Mode. Enable or disable querier participate mode. • Disabled. Upon seeing another querier of the same version in the VLAN, the snooping querier moves to the non-querier state.
Page 174: Configure Mld Snooping
M4100 Series Managed Switch Configure MLD Snooping You can configure the parameters for MLD snooping, which is used to build forwarding lists for multicast traffic. Note that only a user with Read/Write access privileges can change the data on this screen.
Page 175: Configure Mld Snooping For An Interface
M4100 Series Managed Switch Table 53. MLD Snooping Configuration Field Definition Interfaces Enabled for MLD A list of all the interfaces currently enabled for MLD snooping. Snooping VLAN Ids Enabled For MLD Displays VLAN IDs enabled for MLD snooping. Snooping Configure MLD Snooping for an Interface ...
Page 176: Configure A Mld Vlan
M4100 Series Managed Switch The Interface field display all physical, VLAN, and LAG interfaces. Select an interface. In the Admin Mode list, select Disable or Enable. This is the interface mode for the selected interface for MLD snooping for the switch. The default is Disable.
Page 177: Configure A Multicast Router
M4100 Series Managed Switch Click the Login button. The web management interface menu displays.    Select Switching Multicast MLD Snooping MLD VLAN Configuration. Select VLAN ID check boxes for VLAN IDs for which MLD snooping is enabled. In the Admin Mode list, select Enable to enable MLD snooping for the specified VLAN ID.
Page 178: Configure A Multicast Router Vlan
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.    Select Switching...
Page 179: Configure The Mld Snooping Querier
M4100 Series Managed Switch    Select Switching Multicast MLD Snooping Multicast Router VLAN Configuration. Select the interface. In the VLAN ID list, select the VLAN ID. In the Multicast Router list, select Enable or Disable. This enables or disables the multicast router for the VLAN ID.
Page 180: Configure An Mld Snooping Querier Vlan
M4100 Series Managed Switch    Select Switching Multicast MLD Snooping Querier Configuration. Select the Querier Admin Mode Disable or Enable radio button. This specifies the administrative mode for MLD snooping for the switch. The default is Disable. In the Querier Address field, specify the snooping querier address to be used as source address in periodic MLD queries.
Page 181 M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 182: Configure Mvr
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 55. MLD Snooping Querier VLAN Configuration Field Description Operational State Specifies the operational state of the MLD snooping querier on a VLAN. It can be in any of the following states: •...
Page 183: Configure Advanced Mvr Settings
M4100 Series Managed Switch The web management interface menu displays. Select Switching > MVR > Basic > MVR Configuration. Select the MVR Running Enable or Disable radio button. The factory default is Disable. In the MVR multicast field, specify the VLAN on which MVR multicast data is received.
Page 184 M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 185: Configure Mvr Groups
M4100 Series Managed Switch Click the APPLY button. The updated configuration is sent to the switch. Configuration changes take effect immediately. The following table describes the nonconfigurable information displayed on the screen. Table 57. MVR Configuration Field Definition MVR Max Multicast Groups Displays the maximum number of multicast groups that MVR supports.
Page 186: Configure An Mvr Interface
M4100 Series Managed Switch It is a service option helping user to create multiple MVR groups through the single click of the ADD button. If the field is empty, then clicking the button creates only one new group. The field is displayed as empty for each particular group. The range is from 1 to 256.
Page 187: Configure Mvr Group Membership
M4100 Series Managed Switch Select Switching > MVR > Advanced > MVR Interface Configuration. The Status field displays the status for each port. Select Interface check boxes for the interface. In the Admin Mode list, select Enable or Disable. This enables or disables MVR on a port. The factory default is Disable.
Page 188: View Mvr Statistics
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 189: Manage Mac Addresses
M4100 Series Managed Switch Select Switching > MVR > Advanced > MVR Statistics. Click the REFRESH button to refresh the screen to show the latest MVR statistics. The following table describes the nonconfigurable information displayed on the screen. Table 59. MVR Statistics...
Page 190: View The Mac Address Table
M4100 Series Managed Switch View the MAC Address Table This table contains information about unicast entries for which the switch has forwarding or filtering information. This information is used by the transparent bridging function in determining how to propagate a received frame.
Page 191 M4100 Series Managed Switch  Select Switching > Address Table > Advanced Address Table. Use Search By to search by MAC address, VLAN ID, or port. • Searched by MAC Address. Select MAC address and enter the 6-byte hexadecimal MAC address in two-digit groups separated by colons, for example, 01:23:45:67:89:AB.
Page 192: Configure Dynamic Addresses Aging Interval
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 60. MAC Address Table Field Description Total MAC Address Displaying the number of total MAC addresses learned or configured. MAC Address A unicast MAC address for which the switch has forwarding or filtering information.
Page 193: Configure A Static Mac Address
M4100 Series Managed Switch  Select Switching > Address Table> Advanced Dynamic Addresses. Use Address Aging Timeout (seconds) to specify the time-out period in seconds for aging out dynamically learned forwarding information. 802.1D-1990 recommends a default of 300 seconds. The value can be specified as any number between 10 and 1000000 seconds.
Page 194: Configure Port Settings
M4100 Series Managed Switch Use Interface to select the physical interface or LAG. Use the Static MAC Address to input the MAC address. Select the VLAN ID associated with the MAC address. To add a new static MAC address to the switch, click the ADD button.
Page 195 M4100 Series Managed Switch Use STP Mode to select the Spanning Tree Protocol administrative mode for the port or LAG. The possible values are as follows: • Enable -Select this to enable the Spanning Tree Protocol for this port. •...
Page 196: Enter A Port Description
M4100 Series Managed Switch Enter a Port Description  To specify a port description: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 197: Link Aggregation Group Overview
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 62. Port Description Field Description Port Selects the interface. MAC Address Displays the physical address of the specified interface. PortList Bit Offset Displays the bit offset value that corresponds to the port when the MIB object type PortList is used to manage in SNMP.
Page 198 M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.   Select Switching LAG Configuration.
Page 199: Configure Lag Membership
M4100 Series Managed Switch Use STP Mode to enable or disable the Spanning Tree Protocol administrative mode associated with the LAG. The possible values are as follows: • Disable — Spanning tree is disabled for this LAG. • Enable — Spanning tree is enabled for this LAG.
Page 200 M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 201 M4100 Series Managed Switch When the LAG is enabled, it does not transmit or process received LACPDUs, for example, the member ports do not transmit LACPDUs and all the LACPDUs it can receive are dropped. The factory default is Disable.
Page 202: Chapter 4 Routing
Routing This chapter covers the following topics: • Manage the Routing Table • Configure IP Settings • Configure Advanced IP Settings • VLAN Overview • ARP Overview • Configure Router Discovery...
Page 203: Manage The Routing Table
M4100 Series Managed Switch Manage the Routing Table The Routing Table collects routes from multiple sources: static routes and local routes. The Routing Table can use multiple routes to the same destination from multiple sources. The Routing Table lists all routes.
Page 204 M4100 Series Managed Switch Next Hop IP Address displays the outgoing router IP address to use when forwarding traffic to the next router (if any) in the path toward the destination. The next router is always one of the adjacent neighbors or the IP address of the local interface for a directly attached network.
Page 205: Configure Advanced Routes
M4100 Series Managed Switch Configure Advanced Routes  To configure advanced routes: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 206 M4100 Series Managed Switch • Preference displays an integer value from (1 to 255). You can specify the preference value (sometimes called administrative distance) of an individual static route. Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database.
Page 207: Configure Route Preferences
M4100 Series Managed Switch Table 65. Route Configuration, Learned Routes Table Field Description Preference The preference is an integer value from 0 to 255. You can specify the preference value (sometimes called administrative distance) of an individual static route. Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database.
Page 208: Configure Ip Settings
M4100 Series Managed Switch    Select Routing Routing Table Advanced Route Preferences. Use Static to specify the static route preference value in the router. The default value is 1. The range is 1 to 255. Configure IP Settings You can configure routing parameters for the switch, as opposed to an interface.
Page 209 M4100 Series Managed Switch    Select Routing Basic IP Configuration. The screen displays the default time to live, the maximum next hops, and the maximum routes. Select the Routing Mode Enable or Disable radio button. You must enable routing for the switch before you can route through any of the interfaces.
Page 210: View Ip Statistics
M4100 Series Managed Switch Click the APPLY button. The settings are sent to the switch. Configuration changes take effect immediately. These changes are not retained across a power cycle unless you save the configuration. See Save Configuration on page 405.
Page 211 M4100 Series Managed Switch    click Routing Basic Statistics. The following table describes the nonconfigurable information displayed on the screen. Table 66. IP statistics Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error.
Page 212 M4100 Series Managed Switch Table 66. IP statistics (continued) Field Description IpForwDatagrams The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination.
Page 213 M4100 Series Managed Switch Table 66. IP statistics (continued) Field Description IpFragCreates The number of IP datagram fragments that were generated as a result of fragmentation at this entity. IpRoutingDiscards The number of routing entries that were discarded even though they are valid.
Page 214: Configure Advanced Ip Settings
M4100 Series Managed Switch Table 66. IP statistics (continued) Field Description IcmpOutEchoReps The number of ICMP Echo Reply messages sent. IcmpOutTimestamps The number of ICMP Timestamp (request) messages. IcmpOutTimestampReps The number of ICMP Timestamp Reply messages sent. IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent.
Page 215 M4100 Series Managed Switch Select the Routing Mode Enable or Disable radio button. You must enable routing for the switch before you can route through any of the interfaces. The default value is disabled. Select the ICMP Echo Replies Enable or Disable radio button.
Page 216: View Ip Statistics
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 67. IP Configuration Field Description Default Time to Live The default value inserted into the Time-To-Live field of the IP header of datagrams originated by the switch, if a TTL value is not supplied by the transport layer protocol.
Page 217 M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 68. IP statistics Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error. IpInHdrErrors The number of input datagrams discarded due to errors in their IP...
Page 218 M4100 Series Managed Switch Table 68. IP statistics (continued) Field Description IpInDiscards The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but that were discarded (such as for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting reassembly.
Page 219 M4100 Series Managed Switch Table 68. IP statistics (continued) Field Description IcmpInErrors The number of ICMP messages that the entity received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, and so on). IcmpInDestUnreachs The number of ICMP Destination Unreachable messages received.
Page 220: Configure An Ip Interface
M4100 Series Managed Switch Table 68. IP statistics (continued) Field Description IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent. IcmpOutAddrMaskReps The number of ICMP Address Mask Reply messages sent. Configure an IP Interface You can update IP interface data for this switch.
Page 221 M4100 Series Managed Switch The entry corresponding to the specified interface is selected. Use Port to select the interface. Use Description to enter the description for the interface. Use IP Address Configuration Method to enter the method by which an IP address is configured on the interface.
Page 222: Configure A Secondary Ip Address
M4100 Series Managed Switch Use IP MTU to specify the maximum size of IP packets sent on an interface. The valid range is 68 bytes to the link MTU. The default value is 0. A value of 0 indicates that the IP MTU is unconfigured. When the IP MTU is unconfigured, the router uses the link MTU as the IP MTU.
Page 223: Vlan Overview
VLAN spans multiple physical networks, or when additional segmentation or security is required. This section shows how to configure the NETGEAR switch to support VLAN routing. A port can be either a VLAN port or a router port, but not both. However, a VLAN port can be part of a VLAN that is itself a router port.
Page 224: Use The Vlan Static Routing Wizard
M4100 Series Managed Switch Use the VLAN Static Routing Wizard The VLAN Static Routing Wizard creates a VLAN, adds selected ports to the VLAN. The VLAN Wizard gives the user the option to add the selected ports as a link aggregation groups (LAGs).
Page 225: Configure Vlan Routing
M4100 Series Managed Switch The range of the VLAN ID is 1 to 4093. Use Ports to display selectable physical ports and LAGs (if any). Selected ports are added to the routing VLAN. Each port has three modes: • T (Tagged). Select the ports on which all frames transmitted for this VLAN are tagged.
Page 226: Arp Overview
M4100 Series Managed Switch   Select Routing VLAN VLAN Routing. The screen displays the port interface and MAC address assigned to the VLAN for routing. Use IP Address to enter the IP address to be configured for the VLAN routing interface.
Page 227: Display Arp Cache Entries
M4100 Series Managed Switch information seen on the network, periodically refreshed to determine if an address still exists, or removed from the cache if the entry has not been identified as a sender of an ARP packet during the course of an ageout interval, usually specified through configuration.
Page 228: Configure The Static Arp Cache
M4100 Series Managed Switch Configure the Static ARP Cache  To configure the static ARP cache: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 229: View Or Configure The Arp Table
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 70. ARP Cache Field Description Port The associated Unit/Slot/Port of the connection IP Address Displays the IP address. It must be the IP address of a device on a subnet attached to one of the switch's existing routing interfaces.
Page 230 M4100 Series Managed Switch    Select Routing Advanced ARP Table Configuration. To configure the ARP Table, do the following: • Use Age Time to enter the value for the switch to use for the ARP entry ageout time.
Page 231: Configure Router Discovery
M4100 Series Managed Switch This appears only if the user selects Specific Dynamic/Gateway Entry or Specific Static Entry in the Remove from Table list. The following table describes the nonconfigurable information displayed on the screen. Table 71. ARP Table Configuration...
Page 232 M4100 Series Managed Switch  Select Routing Router Discovery. Select the Interface check box for the router interface. Use Advertise Mode to select Enable or Disable. If you select Enable, router advertisements are transmitted from the selected interface. Use Advertise Address to select Enable or Disable.
Page 233: Chapter 5 Configure Quality Of Service
Configure Quality of Service This chapter covers the following topics: • QoS Overview • Class of Service • Differentiated Services...
Page 234: Qos Overview
M4100 Series Managed Switch QoS Overview You can configure Quality of Service (QoS) settings on the switch. In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
Page 235: Configure Cos
M4100 Series Managed Switch Configure CoS  To configure CoS: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 236: Map 802.1P Priorities To Queues
M4100 Series Managed Switch The default value is untrusted. Click the APPLY button. The updated configuration is sent to the switch. Map 802.1p Priorities to Queues  To map 802.1p priorities to queues: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 237: Map Ip Dscp Values To Queues
M4100 Series Managed Switch The values in each list represent the traffic class. The traffic class is the hardware queue for a port. Higher traffic class values indicate a higher queue position. Before traffic in a lower queue is sent, it must wait for traffic in higher queues to be sent.
Page 238: Configure Cos Settings For An Interface
M4100 Series Managed Switch    Select QoS Advanced IP DSCP to Queue Mapping. The IP DSCP field displays an IP DSCP value from 0 to 63. For each DSCP value, specify which internal traffic class to map to the corresponding IP DSCP value.
Page 239: Configure An Interface Queue
M4100 Series Managed Switch Click the Login button. The web management interface menu displays.  Select QoS CoS > Advanced > CoS Interface Configuration. Use Interface to specify all CoS configurable interfaces. Use Interface Trust Mode to specify whether to trust a particular packet marking at ingress.
Page 240 M4100 Series Managed Switch The configuration process is simplified by allowing each CoS queue parameter to be configured globally or per port. A global configuration change is automatically applied to all ports in the system.  To configure an interface queue: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for...
Page 241: Differentiated Services
M4100 Series Managed Switch valid range is 0 to 100 in increments of 1. The value 0 means no guaranteed minimum. The sum of individual Minimum Bandwidth values for all queues in the selected interface cannot exceed the defined maximum (100).
Page 242: Diffserv Wizard Overview
M4100 Series Managed Switch DiffServ Wizard Overview You can use the DiffServ Wizard to enable DiffServ on the switch by creating a traffic class, adding the traffic class to a policy, and then adding the policy to the ports selected on DiffServ Wizard screen.
Page 243: Configure Diffserv
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.   Select QoS DiffServ DiffServ Wizard.
Page 244 M4100 Series Managed Switch Packet processing begins by testing the match criteria for a packet. The all class type option defines that each match criteria within a class must evaluate to true for a packet to match that class. The any class type option specifies that at least one match criteria must evaluate to true for a packet to match that class.
Page 245: Configure The Global Diffserv Mode
M4100 Series Managed Switch Table 72. DiffServ Configuration Field Description DiffServ Admin Mode The options mode for DiffServ. The default value is Enable. While disabled, the DiffServ configuration is retained when saved and can be changed, but it is not activated. When enabled, Diffserv services are activated.
Page 246 M4100 Series Managed Switch The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 247: Configure A Diffserv Class
M4100 Series Managed Switch Table 73. Diffserv Configuration Field Description Policy Attributes table Displays the number of configured policy attributes (attached to the policy class instances) out of the total allowed on the switch. Service table Displays the number of configured services (attached to the policies on specified interfaces) out of the total allowed on the switch.
Page 248: Configure The Class Match Criteria
M4100 Series Managed Switch The switch supports only the Class Type value All, which means all the various match criteria defined for the class should be satisfied for a packet match. All signifies the logical AND of all the match criteria. You can select a class type only when you are creating a new class.
Page 249 M4100 Series Managed Switch    Select QoS DiffServ Advanced Class Configuration. Click the class name for an existing class. The class configuration fields display. Class Name. Displays the name for the configured DiffServ class. Class Type. Displays the DiffServ class type.
Page 250: Configure A Diffserv Ipv6 Class
M4100 Series Managed Switch • Destination MAC Address. This is the destination MAC address specified as six 2-digit hexadecimal numbers separated by colons. • Destination MAC Mask. This is a bit mask in the same format as MAC address indicating which parts of the destination MAC address to use for matching against packet content.
Page 251 M4100 Series Managed Switch  To configure a DiffServ class: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 252: Configure The Diffserv Class Match Criteria
M4100 Series Managed Switch Configure the DiffServ Class Match Criteria Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 253 M4100 Series Managed Switch Click the class name for an existing class to go to the IPv6 DiffServ Class Configuration section of the screen. Specify the Class Name. Displays the name for the configured DiffServ class. The Class Type field displays the DiffServ class type. You can only select the class type when you are creating a new class.
Page 254: Configure Diffserv Policy
M4100 Series Managed Switch • Destination L4 Port. This lists the keywords for the known destination Layer 4 ports from which one can be selected. The list includes other as an option for the unnamed ports. • Flow Label. This is a 20-bit number that is unique to an IPv6 packet, used by end stations to signify Quality of Service handling in routers.
Page 255: Configure Diffserv Policy Attributes
M4100 Series Managed Switch    Select QoS DiffServ Advanced Policy Configuration. Use Policy Name to uniquely identify a policy using a case-sensitive alphanumeric string from 1 to 31 characters. Select a Member Class. The Member Class list includes all DiffServ classes currently defined as members of the specified policy.
Page 256 M4100 Series Managed Switch Select the queue to which packets of this policy class are assigned. This is an integer value in the range 0 to 7. Configure the policy attributes: • Drop. Select the Drop radio button. This flag indicates that the policy attribute is defined to drop every inbound packet.
Page 257: Configure Diffserv Policy Settings On An Interface
M4100 Series Managed Switch • Committed Rate. This value is specified in the range 1 to 4294967295 kilobits per second (Kbps). • Committed Burst Size. This value is specified in the range 1 to 128 KBytes. The committed burst size is used to determine the amount of conforming traffic allowed.
Page 258: View Service Statistics
M4100 Series Managed Switch Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password.
Page 259 M4100 Series Managed Switch interface and direction and hence the attached policy (if any). Highlighting a member class name displays the statistical information for the policy class instance for the specified interface and direction.  To view service statistics: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 260 M4100 Series Managed Switch The following table describes the information available on the Service Statistics screen. Table 76. Service Statistics Field Description Interface List of all valid slot number and port number combinations in the system with a DiffServ policy currently attached in In direction.
Page 261: Chapter 6 Manage Device Security
Manage Device Security This chapter covers the following topics: • Management Security Settings • Configure RADIUS Settings • TACACS • Set Up a Login Authentication List • Configure Management Access • Manage Certificates • Manage Telnet • Download a Certificate •...
Page 262: Management Security Settings
M4100 Series Managed Switch Management Security Settings You can configure the login password, Remote Authorization Dial-In User Service (RADIUS) settings, Terminal Access Controller Access Control System (TACACS) settings, and authentication lists. Configure Users By default, two user accounts exist: •...
Page 263: Set The Password For A User
M4100 Series Managed Switch    Select Security Management Security Local User User Management. The screen displays the users and their lockout status. If you are creating a new user, in the User Name field, type the name for a new user.
Page 264: Enable Password Configuration
M4100 Series Managed Switch Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 265: Configure A Line Password
M4100 Series Managed Switch Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 266: Configure Radius Settings
M4100 Series Managed Switch   Select Security Management Security Line Password. Use Console Password to enter the console password. Passwords are a maximum of 64 alphanumeric characters. Use Confirm Console Password to enter the password again to confirm that you entered it correctly.
Page 267 M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 268: Configure A Radius Server
M4100 Series Managed Switch The valid range is 1 – 30. The default value is 5. Give consideration to maximum delay time when configuring RADIUS maximum retransmits and RADIUS time-outs. If multiple RADIUS servers are configured, the maximum retransmit value on each is exhausted before the next server is attempted. A retransmit does not occur until the configured time-out value on that server has passed without a response from the RADIUS server.
Page 269 M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 270 M4100 Series Managed Switch To remove the selected server from the configuration, click the DELETE button. This button is only available to users with Read/Write permission. Click the APPLY button. Your settings are saved. To reset the authentication server and RADIUS statistics to their default values, click the Clear Counters button.
Page 271: Configure A Radius Accounting Server
M4100 Series Managed Switch Configure a RADIUS Accounting Server You can view and configure various settings for one or more RADIUS accounting servers on the network.  To configure a RADIUS accounting server:, Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 272: Tacacs
M4100 Series Managed Switch From the Accounting Mode list, enable or disable the RADIUS accounting mode. To delete a configured RADIUS accounting server, click the DELETE button. To clear the accounting server statistics, click the CLEAR COUNTERS button. The following table describes RADIUS accounting server statistics available on the screen.
Page 273: Configure Global Tacacs Settings
M4100 Series Managed Switch The TACACS protocol ensures network security through encrypted protocol exchanges between the device and TACACS server. Configure Global TACACS Settings You can view or change the TACACS settings for communication between the switch and the TACACS server you configure through the inband management port.
Page 274: Configure Tacacs Server Settings
M4100 Series Managed Switch Configure TACACS Server Settings You can configure up to five TACACS servers with which the switch can communicate.  To configure a TACACS server: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 275: Set Up A Login Authentication List
M4100 Series Managed Switch To add a new server to the switch, click the ADD button. This button is available only to users with read/write permission. To delete the selected server from the configuration, click the DELETE button. Click the APPLY button.
Page 276: Enable An Authentication List
M4100 Series Managed Switch If you are creating a new login list, complete the List Name field. The list name can be up to 15 alphanumeric characters long and is not case-sensitive. For each of the lists, select the methods in the order they will appear in the authentication login list.
Page 277 M4100 Series Managed Switch The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 278: Configure A Dot1X Authentication List
M4100 Series Managed Switch Configure a Dot1x Authentication List You can configure a dot1x list. A dot1x list specifies the authentication method(s) used to validate port access for the users associated with the list. Only one dot1x method can be supported.
Page 279: Configure An Http Authentication List
M4100 Series Managed Switch Configure an HTTP Authentication List You can configure an HTTP list. An HTTP list specifies the authentication method(s) used to validate the switch or port access through HTTP.  To configure an HTTP authentication list: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 280: Https Authentication List
M4100 Series Managed Switch HTTPS Authentication List You can configure an HTTPS list. A login list specifies the authentication method(s) used to validate the switch or port access through HTTPS for the users associated with the list. The default list is: httpsList.
Page 281: View Login Sessions
M4100 Series Managed Switch View Login Sessions  To view login sessions: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 282: Configure Management Access
M4100 Series Managed Switch Configure Management Access You can configure HTTP and Secure HTTP access to the managed switch’s management interface. Configure HTTP Server Settings To access the switch over a web page, you must first configure it with IP information (IP address, subnet mask, and default gateway).
Page 283: Configure Https Settings
M4100 Series Managed Switch The Authentication List field displays the authentication list that HTTP is using. Select the HTTP Access Disable or Enable radio button. This specifies whether the switch can be accessed from a web browser. If you choose to enable web mode, you can manage the switch from a web browser.
Page 284 M4100 Series Managed Switch The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 285: Manage Certificates
M4100 Series Managed Switch Use Maximum Number of HTTPS Sessions to set the maximum allowable number of HTTPS sessions. The value must be in the range of 0 to 16. The default value is 16. The currently configured value is shown when the screen is displayed.
Page 286: Download A Certificate
M4100 Series Managed Switch • Delete Certificates. Delete the corresponding certificate files, if present. Download a Certificate You can transfer a certificate file to the switch. For the web server on the switch to accept HTTPS connections from a management station, the web server needs a public key certificate.
Page 287: Configure Ssh
M4100 Series Managed Switch • SSL Server Certificate PEM File. SSL Server Certificate file (PEM Encoded) • SSL DH Weak Encryption Parameter PEM File. SSL Diffie-Hellman Weak Encryption Parameter file (PEM Encoded) • SSL DH Strong Encryption Parameter PEM File. SSL Diffie-Hellman Strong...
Page 288 M4100 Series Managed Switch   Select Security Access > SSH SSH Configuration. Select the SSH Admin Mode Disable or Enable radio button. The currently configured value is displayed. The default value is Disable. Select the SSH Version 1 Disable or Enable radio button.
Page 289: Manage Host Keys
M4100 Series Managed Switch Manage Host Keys You can generate or delete RSA and DSA keys.  To manage Host Keys: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 290: Download Host Keys
M4100 Series Managed Switch • Delete RSA Keys. Select this option to delete the corresponding RSA key file, if it is present. Select a DSA Keys Management radio button: • None. This is the default selection. • Generate DSA Keys. Select this option to begin generating the DSA host keys. To generate SSH key files, SSH must be administratively disabled and there can be no active SSH sessions.
Page 291 M4100 Series Managed Switch   Select Security Access > SSH Host Keys Download. In the File Type menu, specify the type of file to transfer: • SSH-1 RSA Key File. SSH-1 Rivest-Shamir-Adleman (RSA) Key file • SSH-2 RSA Key PEM File. SSH-2 Rivest-Shamir-Adleman (RSA) Key file (PEM Encoded) •...
Page 292: Manage Telnet
M4100 Series Managed Switch Manage Telnet You can configure a Telnet authentication list and manage outbound and inbound Telnet. Configure a Telnet Authentication List You can select the login and make the authentication list available. The login list specifies the authentication method(s) used to validate switch or port access for the users associated with the list.
Page 293: Configure Inbound Telnet
M4100 Series Managed Switch In the Login Authentication List menu, specify which authentication list to use login through Telnet. The default value is networkList. In the Enable Authentication List menu, specify which authentication list you are using when going into the privileged EXEC mode.
Page 294: Configure Outbound Telnet
M4100 Series Managed Switch The Current Number of Sessions field displays the number of current sessions. In the Inbound Telnet section, select the Allow New Telnet Sessions Disable or Enable radio button. The default value is Enable. In the Session Timeout field, specify how many minutes of inactivity can occur on a Telnet session before the session is logged off.
Page 295: Configure The Console Port
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 296 M4100 Series Managed Switch Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
Page 297: Configure Denial Of Service Settings
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 82. Console Port Field Description Character Size (bits) The number of bits in a character. This is always 8. Flow Control Whether hardware flow control is enabled or disabled. It is always disabled.
Page 298 M4100 Series Managed Switch In the Denial of Service Min TCP Header Size field, specify the Min TCP Hdr Size allowed. If DoS TCP fragment is enabled, the switch drops these packets: • First TCP fragments with a TCP payload: IP_Payload_Length - IP_Header_Size <...
Page 299 M4100 Series Managed Switch Use Denial of Service First Fragment to enable first fragment DoS prevention. First fragment DoS prevention causes the switch to check DoS options on first fragment IP packets when switch are receiving fragmented IP packets. Otherwise, the switch ignores the first fragment IP packages.The factory default is disabled.
Page 300: Port Authentication Overview
M4100 Series Managed Switch Use Denial of Service UDP Port to enable UDP Port DoS prevention. This causes the switch to drop packets with UDP source port equal to UDP destination port. The factory default is disabled. Port Authentication Overview In port-based authentication, when 802.1X is enabled globally and on the port, successful...
Page 301 M4100 Series Managed Switch    Select Security Port Authentication Basic 802.1X Configuration. The Authentication List field displays the authentication list that is used by 802.1X. Select the Administrative Mode Disable or Enable radio button. This enables or disables e 802.1X administrative mode on the switch.
Page 302: Configure 802.1X Settings
M4100 Series Managed Switch Configure 802.1X Settings You can enable or disable port access control on the system.  To configure 801.1X settings: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 303: Configure 802.1X Settings For Port Authentication
M4100 Series Managed Switch The default value is Disable. The feature monitors the dot1x authentication process and helps in diagnosis of the authentication failure cases. In the Users list, select the user name that uses the selected login list for 802.1x port security.
Page 304 M4100 Series Managed Switch You can select multiple check boxes to apply the same settings to the selected ports, or select the check box in the heading row to apply the same settings to all ports. For the selected port(s), specify the following settings: •...
Page 305 M4100 Series Managed Switch value is 0. Changing the value does not change the configuration until the Submit button is clicked. Enter 0 to clear the unauthenticated VLAN ID on the interface. • Supplicant Timeout. This input field allows the user to enter the supplicant time-out for the selected port.
Page 306: View The Port Summary
M4100 Series Managed Switch This button is only clickable if the control mode is auto. Otherwise, it is grayed out. When this button is clicked, the action is immediate. Clicking the APPLY button is not required for the action to occur.
Page 307 M4100 Series Managed Switch The following table describes the fields on the Port Summary screen. Table 83. Port summary Field Description Port Specifies the port whose settings are displayed in the current table row. Control Mode This field indicates the configured control mode for the port. Possible values are as follows: •...
Page 308 M4100 Series Managed Switch Table 83. Port summary Field Description Authenticator PAE State This field displays the current state of the authenticator PAE state machine. Possible values are as follows: • Initialize • Disconnected • Connecting • Authenticating • Authenticated •...
Page 309: View The Client Summary
M4100 Series Managed Switch Table 83. Port summary Field Description Session Termination Action This field displays termination action set by the RADIUS server for the selected port. This field is displayed only when the port control mode of the selected port is not MAC-based. Possible values are as follows: •...
Page 310: Traffic Control
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 84. Client summary Field Description Port The port to be displayed. User Name This field displays the user name representing the identity of the supplicant device.
Page 311 M4100 Series Managed Switch Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 312: View The Mac Filter Summary
M4100 Series Managed Switch Use Destination Port Members to list the ports to be included in the outbound filter. Packets with the MAC address and VLAN ID you selected is transmitted only out of ports that are in the list. Destination ports can be included only in the multicast filter.
Page 313: Configure The Global Port Security Mode
M4100 Series Managed Switch Table 85. MAC Filter Summary User Manual (continued) Field Description Source Port Members A list of ports to be used for filtering inbound packets. Destination Port Members A list of ports to be used for filtering outbound packets.
Page 314: Configure Port Security Settings
M4100 Series Managed Switch The Port Security Violations table shows information about violations that occurred on ports that are enabled for port security. The following table describes the fields in the Port Security violations table. Table 86. Port Security Configuration...
Page 315: Convert A Dynamic Mac Address To A Static Address
M4100 Series Managed Switch   Select Security Traffic Control > Port Security Interface Configuration. Port. Selects the interface to be configured. Select the check box next to the port or LAG to configure. Select multiple check boxes to apply the same setting to all selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces.
Page 316: Configure Static Mac Addresses
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.   Select Security Traffic Control > Port Security Dynamic MAC Address.
Page 317: Configure A Private Group
M4100 Series Managed Switch Click the Login button. The web management interface menu displays.   Select Security Traffic Control> Port Security Static MAC Address. In the Interface list, select the physical interface. To add MAC addresses, enter them in the Static MAC Address field.
Page 318: Configure Private Group Membership
M4100 Series Managed Switch   Select Security Traffic Control > Private Group Private Group Configuration. In the Group Name field, enter the private group name. The name can be up to 24 bytes of non-blank characters. In the optional Group ID field, specify the private group identifier.
Page 319: Configure Protected Ports
M4100 Series Managed Switch   Select Security Traffic Control > Private Group Private Group Membership. In the Group ID menu, select the group. In the Port List menu, select the ports for this private group. The port list displays when at least one group is configured.
Page 320 M4100 Series Managed Switch The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 321: Private Vlan Overview
M4100 Series Managed Switch Private VLAN Overview A private VLAN contains switch ports that cannot communicate with each other, but can access another network. These ports are called private ports. Each private VLAN contains one or more private ports and a single uplink port or uplink aggregation group. Note that all traffic between private ports is blocked at all layers, not just Layer 2 traffic, but also traffic such as FTP, HTTP, and Telnet.
Page 322: Configure The Private Vlan Association
M4100 Series Managed Switch Configure the Private VLAN Association  To configure the private VLAN association: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 323: Configure The Private Vlan Port Mode
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 88. Private VLAN Association Configuration Field Description Isolated VLAN Displays the isolated VLAN associated with the selected primary VLAN. Community VLAN(s) Displays the list of community VLAN(s) associated with the selected primary VLAN.
Page 324: Configure Private Vlan Host Interface
M4100 Series Managed Switch  Select Security Traffic Control > Private VLAN> Private VLAN Port Mode Configuration. Use the Interface check boxes to select the physical or LAG interface. Use Switch Port Mode to select the switch port mode. The factory default is 'General'.
Page 325: Configure Private Vlan Promiscuous Interface Settings
M4100 Series Managed Switch Click the Login button. The web management interface menu displays.  Select Security Traffic Control > Private VLAN > Private VLAN Host Interface Configuration. The Interface field displays the selected physical or LAG interface. The Operational VLANs fields display the operational VLANs.
Page 326 M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 327: Storm Control Overview
M4100 Series Managed Switch The changes are applied to the system. Configuration changes take effect immediately. Storm Control Overview A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses can overload network resources and/or cause the network to time out.
Page 328: View Storm Control Settings For An Interface
M4100 Series Managed Switch The following four controls provide an easy way to enable or disable each type of packets to be rate-limited on every port in a global fashion. The effective storm control state of each port can be viewed by going to the port configuration screen.
Page 329 M4100 Series Managed Switch Select Security >Traffic Control > Storm Control > Storm Control Interface Configuration. The following table describes the nonconfigurable information displayed on the screen. Table 89. Storm control interface configuration Field Description Flow Control Enable or disable IEEE 802.3x flow control by selecting the corresponding line on the menu.
Page 330: Control Dhcp Snooping Settings
M4100 Series Managed Switch Table 89. Storm control interface configuration Field Description Unicast Storm Recovery Level Type Specify the unicast storm recovery level as a percentage of link speed or as packets per second. Unicast Storm Recovery Level Specify the threshold at which storm control activates. The factory default is 5 percent of port speed for pps type.
Page 331: Configure The Dhcp Snooping Interface
M4100 Series Managed Switch Use MAC Address Validation to enable or disable the validation of sender MAC address for DHCP snooping. The factory default is enabled. For DHCP snooping VLAN configuration, use VLAN ID to enter the VLAN for which the DHCP snooping mode is to be enabled.
Page 332: Configure Dhcp Snooping Static Binding
M4100 Series Managed Switch Select the interface for which data is to be configured. In the Trust Mode menu, select Enable or Disable. If trust mode is enabled, the DHCP snooping application considers the port as trusted. The factory default is disabled.
Page 333: Configure Dhcp Snooping Dynamic Binding
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.   Select Security Control > DHCP Snooping Binding Configuration.
Page 334: Configure Persistent Dhcp Snooping
M4100 Series Managed Switch The web management interface menu displays.   Select Security Control > DHCP Snooping Binding Configuration. The Interface field displays the interface to which a binding entry is associated in the DHCP snooping database. Use MAC Address to display the MAC address for the binding in the binding database.
Page 335: View Dhcp Snooping Statistics
M4100 Series Managed Switch   Select Security Control > DHCP Snooping Persistent Configuration. Use Store to select the local store or remote store. Selecting Local disables the remote fields like Remote File Name and Remote IP address. Use Remote IP Address to configure the remote IP address on which the snooping database is stored when Remote is selected.
Page 336: Configure An Ip Source Guard Interface
M4100 Series Managed Switch   click Security Control > DHCP Snooping Statistics. Click CLEAR to clear all interfaces statistics. Click the REFRESH button to refresh the data on the screen with the latest statistics. The following table describes the nonconfigurable information displayed on the screen.
Page 337: Configure Ip Source Guard Binding
M4100 Series Managed Switch Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 338 M4100 Series Managed Switch Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 339: Configure Dynamic Arp Inspection
M4100 Series Managed Switch Configure Dynamic ARP Inspection  To configure dynamic ARP inspection: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 340: Configure Dynamic Arc Inspection
M4100 Series Managed Switch Configure Dynamic ARC Inspection  To configure dynamic ARC inspection: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 341: Configure A Dynamic Arc Inspection Interface
M4100 Series Managed Switch Use Static Flag to determine whether the ARP packet needs validation using the DHCP snooping database in case ARP ACL rules don't match. If the flag is enabled, then the ARP packet is validated by the ARP ACL rules only. If the flag is disabled, then the ARP packet needs further validation using the DHCP snooping entries.
Page 342: Configure A Dai Acl
M4100 Series Managed Switch checking. The factory default is Disable. Use Rate Limit (pps) to specify rate limit value for dynamic ARP Inspection purpose. If the rate of incoming ARP packets exceeds this value for consecutive burst interval seconds, ARP packets are dropped. If this value is N/A there is no limit. The value can set to –1, which means N/A.
Page 343: Configure A Dynamic Arp Inspection Acl Rule
M4100 Series Managed Switch Configure a Dynamic ARP Inspection ACL Rule  To configure a dynamic ARP Inspection ACL rule: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 344 M4100 Series Managed Switch Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 345: Access Control List Overview
M4100 Series Managed Switch Table 92. Dynamic ARP inspection statistics Field Description Bad Source MAC Number of ARP packets that were dropped by DAI because the sender MAC address in ARP packet didn't match the source MAC in Ethernet header.
Page 346 M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 347: Create A Mac Acl
M4100 Series Managed Switch • ACL Based on Destination IPv6 L4 Port. To create an ACL based on the destination IPv6 Layer 4 port number. • ACL Based on Source IPv6 L4 Port. To create an ACL based on the source IPv6 Layer 4 port number.
Page 348 M4100 Series Managed Switch  To create a MAC ACL: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 349: Configure Mac Rules
M4100 Series Managed Switch To change the name of a MAC ACL, select the check box next to the Name field, update the name, then click the APPLY button. To add a new MAC ACL to the switch configuration, click the ADD button.
Page 350 M4100 Series Managed Switch This field cannot be set if a redirect interface is already configured for the ACL rule. This field is visible for a Permit action. Use Redirect Interface to specify the specific egress interface where the matching traffic stream is forced, bypassing any forwarding decision normally performed by the device.
Page 351: Configure Acl Mac Binding
M4100 Series Managed Switch The valid range of values is 0x0600 to 0xFFFF. Use Source MAC to specify the wource MAC address to compare against an Ethernet frame. The valid format is xx:xx:xx:xx:xx:xx. Use Source MAC Mask to specify the wource MAC address mask specifying which bits in the source MAC to compare against an Ethernet frame.
Page 352 M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 353: View Or Delete Mac Bindings
M4100 Series Managed Switch Click the APPLY button. The settings are sent to the switch. Configuration changes take effect immediately. These changes are not retained across a power cycle unless you save the configuration. See Save Configuration on page 405.
Page 354: Configure An Ip Acl
M4100 Series Managed Switch   Select Security ACL > Basic Binding Table. To delete a MAC ACL-to-interface binding, select the check box next to the interface and click the DELETE button. The following table describes the information displayed in the MAC Binding Table.
Page 355: Configure Rules For An Ip Acl
M4100 Series Managed Switch Click the Login button. The web management interface menu displays.   Select Security ACL > Advanced IP ACL. The screen displays the current size of the ACL table and the maximum size of the ACL table.
Page 356 M4100 Series Managed Switch Note: There is an implicit deny all rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit “deny all” rule applies and the packet is dropped.
Page 357 M4100 Series Managed Switch • Logging. When set to Enable, logging is enabled for this ACL rule (subject to resource availability in the device). If the Access List Trap flag is also enabled, this causes periodic traps to be generated indicating the number of times this rule was 'hit' during the current report interval.
Page 358: Configure Ip Extended Rules
M4100 Series Managed Switch Note: To modify an existing IP extended ACL rule, click the Rule ID. The number is a hyperlink to the Extended ACL Rule Configuration screen. Configure IP Extended Rules You can configure the rules for the IP access control lists that you created. There is an implicit deny all rule at the end of an ACL list.
Page 359 M4100 Series Managed Switch • Action. Specify the action to take if a packet matches the rule's criteria. The choices are permit or deny. • Logging. When set to Enable, logging is enabled for this ACL rule (subject to resource availability in the device). If the Access List Trap flag is also enabled, this causes periodic traps to be generated indicating the number of times this rule was hit during the current report interval.
Page 360 M4100 Series Managed Switch • Destination IP Address. Enter an IP address using dotted-decimal notation to be compared to a packet's destination IP address as a match criteria for the selected extended IP ACL rule. • Destination IP Mask. Specify the IP mask in dotted-decimal notation to be used with the destination IP address value.
Page 361: Configure An Ipv6 Acl
M4100 Series Managed Switch Configure an IPv6 ACL An IPv6 ACL consists of a set of rules that are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match.
Page 362: Configure Ipv6 Rules
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 95. IPv6 ACL Configuration Field Description Current Number of ACL The current number of IP ACLs configured on the switch. Maximum ACL The maximum number of IP ACLs that can be configured on the switch, depending on the hardware.
Page 363 M4100 Series Managed Switch The choices are permit or deny. Use Logging to enable logging for this ACL rule (subject to resource availability in the device). If the Access List Trap flag is also enabled, this causes periodic traps to be generated indicating the number of times this rule was 'hit' during the current report interval.
Page 364 M4100 Series Managed Switch • Select one of the keywords from the list: DOMAIN, ECHO, FTP, FTPDATA, WWW-HTTP, SMTP, SNMP, TELNET, and TFTP. Each of these values translates into its equivalent port number, which is used as both the start and end of the port range.
Page 365: Configure Acl Interface Bindings
M4100 Series Managed Switch Configure ACL Interface Bindings When an ACL is bound to an interface, all the rules that were defined are applied to the selected interface. You can to assign ACL lists to ACL priorities and interfaces. ...
Page 366: View Or Delete Ip Acl Bindings
M4100 Series Managed Switch user, a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used. The valid range is 1–4294967295. Click the appropriate orange bar to expose the available ports or LAGs. The Port Selection Table specifies list of all available valid interfaces for ACL mapping.
Page 367: View Or Delete Vlan Acl Bindings
M4100 Series Managed Switch Click the Login button. The web management interface menu displays.   Select Security ACL> Advanced Binding Table. To delete an IP ACL-to-interface binding, select the check box next to the interface and click the DELETE button.
Page 368 M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.   Select Security ACL > Advanced VLAN Binding Table.
Page 369 Monitoring the System This chapter covers the following topics: • View Port Statistics • View EAP Statistics • Logs Overview • Port Mirroring Overview • sFlow Overview...
Page 370: Chapter 7 Monitoring The System
M4100 Series Managed Switch View Port Statistics You can view a summary of per-port traffic statistics on the switch.  To view port statistics: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 371: View Detailed Port Statistics
M4100 Series Managed Switch • To refresh the screen and display the current statistics, click the REFRESH button. The following table describes the port statistics fields. Table 99. Port statistics Field Description Interface The interface of the interface table entry associated with this port on an adapter.
Page 372 M4100 Series Managed Switch  Select Monitoring Ports> Port Detailed Statistics. You can use the buttons at the bottom of the screen to perform the following actions: • To clear all counters, click the CLEAR button. This resets all statistics for this port to the default values.
Page 373 M4100 Series Managed Switch Table 100. Port Detailed Statistics screen fields (continued) Field Description Port Channel ID If the port is a member of a port channel, the port channel's interface ID and name are shown. Otherwise Disable is shown.
Page 374 M4100 Series Managed Switch Table 100. Port Detailed Statistics screen fields (continued) Field Description Packets RX and TX 256-511 The total number of packets (including bad packets) received or transmitted Octets that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
Page 375 M4100 Series Managed Switch Table 100. Port Detailed Statistics screen fields (continued) Field Description Packets Received > 1518 The total number of packets received that were longer than 1518 octets Octets (excluding framing bits, but including FCS octets) and were otherwise well formed.
Page 376 M4100 Series Managed Switch Table 100. Port Detailed Statistics screen fields (continued) Field Description Total Packets Transmitted The total number of octets of data (including those in bad packets) (Octets) transmitted on the network (excluding framing bits but including FCS octets).
Page 377 M4100 Series Managed Switch Table 100. Port Detailed Statistics screen fields (continued) Field Description Total Transmit Packets The sum of single collision frames discarded, multiple collision frames Discarded discarded, and excessive frames discarded. Single Collision Frames A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
Page 378: View Eap Statistics
M4100 Series Managed Switch View EAP Statistics You can view information about EAP packets received on a specific port.  To view EAP statistics: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 379: Perform A Cable Test
M4100 Series Managed Switch The following table describes EAP statistics. Table 101. EAP statistics Field Description Port Selects the port to be displayed. When the selection is changed, a screen refresh occurs causing all fields to be updated for the newly selected port.
Page 380 M4100 Series Managed Switch Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 381: Logs Overview
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the Cable Test screen. Table 102. Cable test Field Description Cable Status This displays the cable status:. • Normal. The cable is working correctly. • Open. The cable is disconnected or there is a faulty connector.
Page 382: Message Format In Logs
M4100 Series Managed Switch Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 383: Enable The Command Log
M4100 Series Managed Switch If the system is stacked • <15>Aug 24 05:34:05 0.0.0.0-1 MSTP[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on message age timer expiry. This example indicates a message with severity 7 (15 mod 8) (debug) on a system that is stacked and generated by component MSTP running in thread ID 2110 on Aug 24 05:34:05 by line 318 of file mstp_api.c.
Page 384: Configure The Console Log
M4100 Series Managed Switch Select the Admin Mode Enable radio button. CLI command logging is enabled. Configure the Console Log This allows logging to any serial device attached to the host.  To configure the console log: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 385: Configure The Syslog
M4100 Series Managed Switch • Notice (5). Normal but significant conditions • Informational (6). Informational messages • Debug (7). Debug-level messages Configure the Syslog  To configure the syslog: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 386: View Trap Logs
M4100 Series Managed Switch The default port is 514. In the IP Address Type list, select one of the following: • IPv4 • IPv6 • In the Host Address field, type the address of the host configured for syslog. In the Port field, type the port number on the host to which syslog messages are sent.
Page 387 M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.  Select Monitoring Logs > Trap Logs.
Page 388: Event Logs
M4100 Series Managed Switch Table 103. Trap Logs (continued) Field Description System Up Time The time at which this trap occurred, expressed in days, hours, minutes and seconds, since the last reboot of the switch. Trap Information identifying the trap.
Page 389: Configure Persistent Logs
M4100 Series Managed Switch You can use the buttons at the bottom of the screen to perform the following actions: • To clear the messages out of the event log, click the CLEAR button. • To refresh the screen and display the current statistics, click the REFRESH button.
Page 390 M4100 Series Managed Switch operation log. The system operation log stores the last N messages received during system operation.  To configure persistent logs: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 391: Port Mirroring Overview
M4100 Series Managed Switch • Notice (5). Normal but significant conditions • Informational (6). Informational messages • Debug (7). Debug-level messages To refresh the screen, click the REFRESH button. Persistent Log Message Format The total number of messages is the number of persistent log messages displayed on the switch.
Page 392 M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.  Select Monitoring Mirroring > Multiple Port Mirroring.
Page 393: Configure An Rspan Vlan
M4100 Series Managed Switch In the Direction menu, specify the direction of the traffic to be mirrored from the configured mirrored port(s). If the value is not configured, it is shown as None. The default value is None. The following values are available: •...
Page 394: Configure An Rspan Source Switch
M4100 Series Managed Switch Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 395: Configure An Rspan Source Interface
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays. Select Monitoring > Mirroring > RSPAN Source Switch Configuration.
Page 396 M4100 Series Managed Switch Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 397: Configure The Rspan Destination Switch
M4100 Series Managed Switch • Tx and Rx — Specify VLAN as the source VLAN. • None — Remove the specified source VLAN. If the VLAN is configured as the source VLAN, its direction is displayed as a blank field.
Page 398: Sflow Overview
M4100 Series Managed Switch The settings are sent to the switch. Configuration changes take effect immediately. These changes are not retained across a power cycle unless you save the configuration. See Save Configuration on page 405. sFlow Overview You can configure sFlow agent information, sFlow agents, sFlow receivers, and sFlow interfaces.
Page 399: Configure An Sflow Agent
M4100 Series Managed Switch • Agent Version. Uniquely identifies the version and implementation of this MIB. The version string must use the following structure: MIB Version;Organization;Software Revision where: MIB Version: '1.3', the version of this MIB. Organization: NETGEAR Inc. Revision: 1.0 •...
Page 400: Configure The Sflow Receiver
M4100 Series Managed Switch    Select Monitoring sFlow Advanced sFlow Agent. The screen displays the agent version and agent address. • Agent Version. Uniquely identifies the version and implementation of this MIB. The version string must use the following structure: MIB Version;Organization;Software Revision where: MIB Version: '1.3', the version of this MIB...
Page 401 M4100 Series Managed Switch Launch a web browser. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password.
Page 402: Configure Sflow Interface Settings
M4100 Series Managed Switch Receiver Address. The IP address of the sFlow collector. If set to 0.0.0.0 no sFlow datagrams are sent. Receiver Port. The destination port for sFlow datagrams. The allowed range is (1 to 65535). Click the APPLY button.
Page 403 M4100 Series Managed Switch    Select Monitoring sFlow Advanced sFlow Interface Configuration. The Interface field displays the interface for this flow poller and sampler. This agent supports physical ports only. In the Poller Receiver Index field, specify the allowed range for the sFlow receiver associated with this counter poller.
Page 404 Maintenance This chapter covers the following topics: • Save Configuration • Configure Auto Install • Reboot a Switch • Upload Files • Download Files • File Management Overview • Use the Ping IPv4 Utility • Use the Ping IPv6 Utility •...
Page 405: Chapter 8 Maintenance
M4100 Series Managed Switch Save Configuration  To save the configuration: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
Page 406: Reboot A Switch
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password.
Page 407: Reset The Switch To Factory Default Settings
M4100 Series Managed Switch Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 408: Reset All User Passwords To Factory Defaults
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.   Select Maintenance Reset Factory Default.
Page 409: Upload Files
M4100 Series Managed Switch Select the check box. Click the APPLY button. All user passwords reset to their factory default values. All changes you made are lost, even if you saved the configuration. Upload Files You can upload files from the switch.
Page 410 M4100 Series Managed Switch • image1. Select image1 to upload image1. • image2. Select image2 to upload image2 • CLI Banner. CLI Banner when you want retrieve the CLI banner file. • Text Configuration. Specify configuration in text mode to retrieve the stored configuration.
Page 411: Upload An Http File
M4100 Series Managed Switch The last row of the table is used to display information about the progress of the file transfer. Upload an HTTP File  To upload an HTTP file: Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201.
Page 412: Upload A Usb File
M4100 Series Managed Switch • Tech Support. Specify Tech Support to retrieve the switch information needed for troubleshooting. The factory default is Archive. Use Local File Name to specify the local script file name to upload when the file type is Script File.
Page 413: Download Files
M4100 Series Managed Switch In the USB File name field, specify the file name and path for the file. You can enter up to 32 characters. The factory default is blank. Click the APPLY button. The updated configuration is sent to the switch. Configuration changes take effect immediately.
Page 414 M4100 Series Managed Switch • Archive. Specify archive (STK) code to upgrade the operational flash: • Image1. Specify the code image1 to download. • Image2. Specify the code image2 to download. • CLI Banner. Specify CLI Banner when you want a banner to be displayed before the login prompt.
Page 415: Download Http Files
M4100 Series Managed Switch The factory default is IPv4. Use Server Address to enter the IP address of the server in accordance with the format indicated by the server address type. The factory default is the IPv4 address 0.0.0.0. Use Remote File Path to enter the path of the file to download.
Page 416 M4100 Series Managed Switch   Select Maintenance Download HTTP File Download. Note: To download SSH key files, SSH must be administratively disabled and there can be no active SSH sessions. Note: To download SSL PEM files, SSL must be administratively disabled and there can be no active SSH sessions.
Page 417: Download A File To A Usb Device
If you are downloading an image (Archive), select the image on the switch to overwrite. This field is visible only when Archive is selected as the File Type. Note: NETGEAR recommends that you not overwrite the active image. The system displays a warning that you are trying to overwrite the active image.
Page 418: File Management Overview
M4100 Series Managed Switch   Select Maintenance Download USB File Upload. Use File Type to specify what type of file to upload: • Archive. Specify archive (STK) code to retrieve from the operational flash: • Text Configuration to specify configuration in text mode to retrieve the stored configuration.
Page 419: Configure Dual Image Settings
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.   Select Maintenance File Management Copy.
Page 420: Use The Ping Ipv4 Utility
M4100 Series Managed Switch   Select Maintenance File Management Dual Image Configuration. Use Unit to select the unit. Use Next Active Image to make the selected image the next active image for subsequent reboots. Use Image Description to specify the description for the image that you selected.
Page 421 M4100 Series Managed Switch • Tx = Count, Rx = 0 Min/Max/Avg RTT = 0/0/0 msec If a reply to the ping is received, the following messages display: • Received response for Seq Num 0 Rtt xyz usec • Received response for Seq Num 1 Rtt abc usec •...
Page 422: Use The Ping Ipv6 Utility
M4100 Series Managed Switch • Interval (secs). Enter the interval between ping packets in seconds. The interval you enter is not retained across a power cycle. • Datagram Size. Enter the Size of ping packet. The size you enter is not retained across a power cycle.
Page 423: Run Traceroute Ipv4
M4100 Series Managed Switch Use Ping to select either global IPv6 address, host name, or link local address to ping. Use IPv6 Address/Hostname to enter the IPv6 address or host name of the station you want the switch to ping. T he initial value is blank.
Page 424 M4100 Series Managed Switch The Login screen displays. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. Click the Login button. The web management interface menu displays.
Page 425: Configure Traceroute Ipv6 Settings
M4100 Series Managed Switch • Port. Enter the UDP Dest port in probe packets. The initial value is default value. The port you enter is not retained across a power cycle. • Size. Enter the size of probe packets. The initial value is default value. The size you enter is not retained across a power cycle.
Page 426 M4100 Series Managed Switch   Select Maintenance Troubleshooting Traceroute IPv6. Use IPv6 Address/Hostname to enter the IPv6 address or host name of the station you want the switch to discover path. The initial value is blank. The IPv6 address or host name you enter is not retained across a power cycle.
Page 427: Appendix A Default Settings
Default Settings This appendix describes the default settings for many of the NETGEAR M4100 Managed Switch software features. Factory Default Settings The following table describes the factory default settings for the switch. Table 106. Factory default settings Feature Default IP address 169.254.100.100...
Page 428 M4100 Series Managed Switch Table 106. Factory default settings (continued) Feature Default Auto Install Enabled Auto Save Disabled sFlow Enabled ISDP Enabled (Versions 1 and 2) RMON Enabled TACACS Not configured RADIUS Not configured SSH/SSL Disabled Telnet Enabled Denial of Service Protection...
Page 429 M4100 Series Managed Switch Table 106. Factory default settings (continued) Feature Default MAC Table Address Aging 300 seconds (Dynamic Addresses) DHCP Layer 2 Relay Disabled Default VLAN ID Default VLAN Name Default GVRP Disabled GARP Timers Leave: 60 centiseconds Leave All: 1000 centiseconds...
Page 430 Configuration Examples This appendix contains information about how to configure the following features: • Virtual Local Area Networks • Access Control Lists • Differentiated Services (DiffServ) • 802.1X • MSTP...
Page 431: Appendix B Configuration Examples
M4100 Series Managed Switch Virtual Local Area Networks A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs together, routing the traffic to the appropriate port.
Page 432: Vlan Example Configuration
M4100 Series Managed Switch • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged. Inversely, a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port.
Page 433: Access Control Lists
M4100 Series Managed Switch • If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet has access to port 5 and port 6. The outgoing packet is stripped of its tag to become an untagged packet as it leaves port 6.
Page 434: Standard Ip Acl Example Configuration
M4100 Series Managed Switch • Action: Permit • Assign Queue ID: 0 • Match Every: False • CoS: 0 • Destination MAC: 01:02:1A:BC:DE:EF • Destination MAC Mask: 00:00:00:00:FF:FF • EtherType User Value: • Source MAC: 02:02:1A:BC:DE:EF • Source MAC Mask: 00:00:00:00:FF:FF •...
Page 435: Differentiated Services (Diffserv)
M4100 Series Managed Switch • Match Every: False • Source IP address: 192.168.187.0 • Source IP Mask: 255.255.255.0 For additional information about IP ACL rules, see Configure Rules for an IP ACL page 355. Click the ADD button. From the IP Rules screen, create a second rule for IP ACL 1 with the following settings: •...
Page 436: Class
M4100 Series Managed Switch • Integrated Services: Network resources are apportioned based on request and are reserved (resource reservation) according to network management policy (RSVP, for example). • Differentiated Services: Network resources are apportioned based on traffic classification and priority, giving preferential treatment to data with strict timing requirements.
Page 437: Creating Policies
M4100 Series Managed Switch • Protocol-based • Address-based You can combine these classifiers with logical AND or OR operations to build complex MF classifiers (by specifying a class type of all or any, respectively). That is, within a single class, multiple match criteria are grouped together as an AND expression or a sequential OR expression, depending on the defined class type.
Page 438: Diffserv Example Configuration
M4100 Series Managed Switch packets that are either in excess of the conformance specification or are nonconformant. The DiffServ feature supports the following types of traffic policing treatments (actions): • drop. The packet is dropped. • mark cos. The 802.1p user priority bits are (re)marked and forwarded.
Page 439 M4100 Series Managed Switch • Destination Mask: 255.255.255.0 • Destination L4 Port: Other, and enter 4568 as the destination port value For more information, see Configure a DiffServ Class on page 247. Click the APPLY button. From the Policy Configuration screen, create a new policy with the following settings: •...
Page 440: 440
M4100 Series Managed Switch 802.1X Local area networks (LANs) are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure, or permit unauthorized users to attempt to access the LAN through equipment already attached. In such environments, it might be desirable to restrict access to the services offered by the LAN to those users and devices that are permitted to use those services.
Page 441: 802.1X Sample Configuration
M4100 Series Managed Switch Authenticator: A port that enforces authentication before allowing access to services available through that port. Supplicant: A port that attempts to access services offered by the authenticator. Additionally, there exists a third role: Authentication server: Performs the authentication function necessary to check the credentials of the supplicant on behalf of the authenticator.
Page 442: Mstp
M4100 Series Managed Switch You can configure additional settings to control access to the network through the ports. Port Security Interface Configuration on page 287 for information about the settings. Click the APPLY button. From the 802.1X Configuration screen, set the Port Based Authentication State and Guest VLAN Mode to Enable, and then click the APPLY button.
Page 443 M4100 Series Managed Switch A MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge. So, an IEEE 802.1s bridge inherently also supports IEEE 802.1w and IEEE 802.1D. The MSTP algorithm and protocol provide simple and full connectivity for frames assigned to any given VLAN throughout a bridged LAN comprising arbitrarily interconnected networking devices, each operating MSTP, STP, or RSTP.
Page 444: Mstp Sample Configuration
M4100 Series Managed Switch The combination of VID to FID and then FID to MSTI allocation defines a mapping of VIDs to spanning tree instances, represented by the MST Configuration Table. With this allocation we ensure that every VLAN is assigned to one and only one MSTI. The CIST is also an instance of spanning tree with a MSTID of 0.
Page 445 M4100 Series Managed Switch From the STP Configuration screen, enable the Spanning Tree State option. Spanning Tree Protocol Overview on page 145. Use the default values for the rest of the STP configuration settings. By default, the STP Operation Mode is MSTP and the configuration name is the switch MAC address.
Page 446 M4100 Series Managed Switch Click the ADD button. In this example, assume that Switch 1 has become the root bridge for MST instance 1, and Switch 2 has become the root bridge for MST instance 2. Switch 3 has hosts in the Sales department (ports 1/0/1, 1/0/2, and 1/0/3) and in the HR department (ports 1/0/4 and 1/0/5).

NETGEAR M4100 Series User Manual

Chapter 1 Get Started

Chapter 2 Configure System Information

Chapter 3 Configure Switching Information

Chapter 4 Routing

Chapter 5 Configure Quality of Service

Chapter 6 Manage Device Security

Chapter 7 Monitoring the System

Quick Links

Related Manuals for NETGEAR M4100 Series

Summary of Contents for NETGEAR M4100 Series