Introduction
At a Glance | |
---|---|
Summary | Stackable, nicely-priced, Web-administered 10/100 managed switch |
Pros | • Four gigabit ports • No fans (quiet) • Can accept two fiber modules • Good managed feature set |
Cons | • Web GUI is IE only with no HTTPS support • Unhelpful documentation for users not familiar with managed switches • Documentation errors |
Switches are a product category that I’ve historically declined to review, primarily because they long ago reached commodity status – they differ mainly in terms of warranty details, pricing and physical port arrangement. I also can’t do performance benchmarking on switches, since meaningful testing requires equipment that is beyond the meager budget of the SmallNetBuilder labs.
That said, the recent slew of more affordable “smart” switches has made me rethink this stance (though I still won’t be doing any performance testing.) The main reason is that these products aren’t yet commodities, and have varying feature sets that you, the consumer, need to know about to make an informed buying decision.
The other reason why I felt it was worth looking at these units is that the marketeers are up to their usual tricks, starting with the creation of the term “smart switch”. This phrase is an attempt to once again confuse consumers into thinking that a product is different, when it really isn’t. The goal is primarily to protect manufacturers’ margins on their existing catalog (and inventory) of higher-priced products. The more expensive products in this case are “managed switches”, which have been used for many years to build large business-class networks.
The easy way to keep clear of vendor hype is to understand that there are two main types of switches. The first is the unmanaged switch, which has no user interface, and therefore provides no way for the user to change its functions. The second is the managed, smart or intelligent switch, which has a user interface and features that can be modified. “Smart” switches are usually managed switches with more limited feature sets; they are “dumbed down”, as it were (though that wouldn’t be a very attractive moniker, would it?) Still, even with fewer bells and whistles, these products can still be mighty useful, even for modestly-sized networks.
This review will take a look at Netgear’s FS728TS ProSafe 24 Port 10/100 Stackable Smart Switch + 4 Gigabit Ports, which is representative of what’s available in low-end managed switches today.
Construction Details
As with most networking gear, the key to understanding the feature set of this unit is to know what chipset is lurking inside. Netgear has chosen to base the FS728TS around Marvell’s Link Street SOHO switch line.
Figure 1: FS728TS inside look
(click image to enlarge)
Figure 1 shows an inside view of the blue metal enclosure of the 728TS, which is thankfully devoid of fans – a plus for home and small office use. Instead, heatsinks are used to keep the switch chips cool. These include three 88E6092 8-Port FE + 3-Port GE Smart/Unmanaged Switches for the 24 10/100 ports, and four 88E1112 Alaska Single Port Gigabit Ethernet Transceivers, which handle the two gigabit Ethernet uplink and two gigabit uplink / stacking ports. Note that the gigabit ports do not support Jumbo Frames, due to the mixture of 10/100 and gigabit ports, according to Netgear.
The main controller is a Link Street 88E6218 SOHO Gateway Router, equipped with an ARM9E and 6-port QoS Switch. The 728TS does not provide any routing capabilities, so the 88E6218 is used only as a switch controller.
The remainder of the chips include RAM, flash memory, a Lattice ispMACH LC4128V CPLD, and a mystery chip tying the three 88E6092’s together – most likely another switch chip. The integrated power supply is a 100-240VAC/50-60 Hz universal input design, with no power switch.
Front Panel
Since the 728TS is designed for tabletop or rack mounting – rack-mount ears are included – everything you need is on the front panel, except for the power cord receptacle. Figure 2 illustrates the layout of the front panel.
Figure 2: Front Panel
(click image to enlarge)
Each of the 24 10/100 ports has a link/activity LED, but the lights for the bottom row of ports are mixed in with the LEDs for the top row ports. There are four 10/100/1000 ports, two of which can be switched from copper to fiber connection by plugging in optional Small Form-factor Pluggable (SFP) GBIC modules that handle 1000BASE-SX, LX or ZX.
By default, two additional 10/100/1000 copper Ethernet ports come set as ports for stacking up to eight 728TS units. However, they can be changed over to function the same way as the other two gigabit Ethernet ports. Note that all ports default to supporting auto MDI / MDI-X detection – as well as auto speed and mode negotiation – so you can connect anything you want without worrying about scrounging up crossover cables. The gigabit ports also all have separate link and activity lights built into the port connectors.
I was pleased to see separate reset and reset-to-defaults buttons, each clearly labeled and on opposite ends of the front panel. This arrangement eliminates the need to remember a special reset-to-defaults button combination. It also eliminates mistakes caused by accidentally “remembering” that combination when you didn’t mean to!
Setup And Admin Access
If you’ve ever set up a SOHO router, you’ll be familiar with the drill involved in getting the 728TS up and running. It comes set to grab an IP address from your LAN’s DHCP server, or you can use the Windows-only Smart Wizard Discovery Utility to initially find the switch and assign it a static IP. Unfortunately, the utility is also used to upgrade firmware, which could be a problem for those running other operating systems.
Instead of running the utility, I just played the old “guess-the-IP-address” game, and was rewarded with the login screen (password only, no user name) within a few tries. After entering the default password, I found my first bug?the inability to properly display the GUI in Firefox, as illustrated in Figures 3 and 4.
Figure 3 : GUI with Firefox 1.5
Figure 4 : GUI with IE 6
(click image to enlarge)
This Zoom view is the first thing you see when you log into the switch; it provides a quick overview of port status. Moving the mouse cursor over a port brings up a tooltip that shows only the port and switch number, but clicking on a port sends you to its Modify Port Configuration screen (see Figure 5)
Figure 5: Modify Port Configuration screen
Setup And Admin Access – More
This screen lets you modify each port’s basic settings. Most of these are self-explanatory, but some, such as Reactivate Suspended Port, are not. The other way to get to this screen is by clicking on a port number link in the Port Configuration view (see Figure 6).
Figure 6: Port Configuration screen
(click image to enlarge)
There are a couple of issues here that have to go in the negative column. First is the Zoom view, which doesn’t fit on a 1024-pixel wide screen; this could be an annoyance for admins using older notebooks. The second is that admin access is by HTTP only. The lack of secure HTTPS access to the admin server is a serious oversight for those on corporate networks, and I hope Netgear corrects this in a firmware update. (There is no Telnet access either, but that’s an understandable tradeoff in a lower-end managed device.)
The other oddity that I encountered was that it’s hard to tell when the switch is fully up, since there is no front panel indicator dedicated to this function, and port LEDs being lit isn’t a reliable indicator. I clocked about 45 seconds from plugging in power until an uplink was established to my LAN’s main switch (and DHCP server). It took about 5 to 10 seconds more for an XP client to complete its DHCP lease.
There are two other admin “features” to note. First, you can’t change the idle time logout – this seems to be a recurring theme with Netgear products. Second, multiple simultaneous logins are allowed without any warnings given.
Key Features – VLANs
I’m not going to plow through the details of every feature of the 728TS; rather, I will concentrate on the more interesting ones – and buggy ones too – while mentioning others only in passing. If you really want to look into all the settings details before buying, click over to the 728TS support page and download the Installation, HW Installation and Software Admin Guides.
One reason for small network builders to consider stepping up to a managed switch is the ability to shut off a user’s network access without physically unplugging his or her cable. Another two important features are VLANs (Virtual LANs) and QoS (Quality of Service) / Bandwidth Control.
Let’s look at VLANs first. VLANs are a software mechanism that allows a network’s logical structure to be independent of its physical structure. The switch accomplishes this by controlling the propagation of broadcast traffic, and using tags (specific bits) added to data packets. For example, the Address Resolution Protocol (ARP) depends on broadcasts to match up MAC addresses (which are associated with specific physical devices) and IP addresses (which are used by higher layer protocols such as TCP/IP). By controlling where those broadcasts go, devices on different VLANs are, for all intents and purposes, invisible to each other – even if they are physically located on the same desk.
While VLANs have many uses, in small networks the most frequent use is to separate traffic for security reasons. This could, for example, allow two small businesses to share a common Internet connection, but keep data from flowing between them.
I managed to configure VLANs to implement the example above, but had to figure it all out on my own. None of the documentation shipped with the switch includes setup examples, nor is there much help to be found in Netgear’s knowledge base. The key is understanding how to set up overlapping VLANs, and the real trick is in getting the Interface PVID (Port VLAN ID) Settings values right. This is probably worth a separate article, which I hope to be able to write soon.
Figure 7: VLAN Properties
Setting up VLANs involves bouncing around among three (or more) screens: VLAN Properties (Figure 7), VLAN Membership (Figure 8) and PVID Settings (Figure 9). It’s easy to get lost if you don’t first diagram out on paper what you’re trying to implement.
Figure 8: VLAN Membership
(click image to enlarge)
Note that there is a Membership screen for each VLAN that’s defined in the VLAN Properties screen, and it can get tedious (and confusing) to click all the boxes. VLANs can be assigned numbers from 1 to 4096, but the 728TS supports only 128 VLANs. I suggest you take advantage of the VLAN Name feature to help prevent getting lost during setup.
Figure 9: PVID settings
Another lesson learned from my VLAN wrestling match was that the internal admin server is fixed to VLAN 1 (the default VLAN that cannot be altered or deleted). So if you want to limit admin access to specific clients, you’ll need to move all other clients to a new VLAN, not vice-versa.
Priority Based QoS
There’s another itch that small networkers have, and that a managed switch can scratch: bandwidth control. Want to keep your teens from bogging down the family Internet connection with their BitTorrent activity? A little dab of QoS should do the trick.
Unfortunately, once again, Netgear’s documentation tells you the knobs and switches that are available to tweak, but leaves you on your own to figure out how to use them. This is too bad, because the 728TS provides both priority-based and rate limiting QoS features, and options within those features.
Figure 10: CoS settings
Priority-based QoS – also called CoS or Class of Service – works just as you’d imagine it would from the name. It lets you assign each physical port on the switch a priority value from 0 to 7, where 7 represents the highest priority (see Figure 10). Data from ports with higher priority values gets put ahead of data from lower-valued ports, into one of four egress (outgoing) queues. This means that higher-priority data gets a larger chunk of your upstream bandwidth, which is typically more limited than the downstream.
Note that the priority-based QoS works on egress data only; that is, data flowing out of the switch. It also does not discriminate based on the type of traffic, i.e. you can’t assign priorities to applications, only physical switch ports.
Also note that the Software Admin guide erroneously says that there are eight queues, when there are in fact four.
The 728TS supports use of both VLAN Priority Tag (VPT) and DiffServ Code Point (DSCP) tags. You can separately map CoS values – which I’m assuming uses VPT tagging – and DSCP values (which run from 0 to 63) to the four egress queues (see Figure 11). But again, since no explanation is given of why you would do this, I’d leave the defaults alone.
Figure 11: QoS to Queue
Priority Based QoS – More
To see how CoS worked, I performed a couple of IxChariot runs. I plugged two notebooks and a desktop (all running Win XP SP2) into the 728TS, initially setting the CoS for both notebook ports to 0. I then set IxChariot to use the IxChariot throughput.scr script, to send TCP/IP data simultaneously from both notebooks to the desktop for about a minute. During the run, I incremented the priority level of one of the ports (designated “CoS Variable” in the plots) by one every 10 seconds (give or take).
Figure 12: CoS throughput vs. modes – Strict Priority
(click image to enlarge)
Figure 12 shows the results with the QoS Queue control at its default Strict Priority (SP) setting. I didn’t expect to see a succession of widening throughput differences, since that’s not how priority-based QoS works. But what’s interesting is that the two ports actually swap highest throughput honors depending on the CoS value of the “CoS Variable” test pair.
The “CoS 0” pair gets maximum bandwidth in Figure 12 when the “CoS Variable” pair has CoS=1 and 2, then drops down to where it’s supposed to be for CoS = 4 – 7. And when CoS=0 and 3, the two traffic streams get an equal shot at bandwidth. The changes seem to correspond with the default CoS to Queue settings (Figure 11), so this behavior appears to be by design?but it’s certainly not obvious!
Tip! This documentation for the Dell PowerConnect 27XX series managed switches does a little better job of explaining CoS setup than the Netgear documentation.
Tip! This excerpt from “Practical Service Level Management: Delivering High-Quality Web-Based Services” can help you wrap your head around these QoS technologies.
Figure 13 shows the results of the same experiment, but this time with the QoS Queue control set to WRR (Weighted Round Robin). This technique is supposed to ensure that no priority level dominates the available bandwidth, which seems to be what Figure 13 confirms. The two streams still swap the top bandwidth position depending on the CoS value, but bandwidth sharing appears to be more equitable.
Figure 13: CoS throughput vs. modes – Weighted Round Robin (WRR)
(click image to enlarge)
Rate Limiting QoS
Now that CoS is crystal clear (ahem…) let’s push on to the Bandwidth control feature of the 728TS, which has a much simpler interface. Figure 14 shows the Bandwidth summary page, which contains a link for each port. Clicking a link brings up the settings screen for that port (see Figure 15).
Figure 14: QoS Bandwidth controls
(click image to enlarge)
Unlike CoS, there are Bandwidth controls for both Egress and Ingress traffic. (Note that both “egress” and “ingress” from the point of view of the switch, not the device plugged into a switch port, so you may need to reverse your thinking when setting the controls.) I was glad to see both controls, which gives you the flexibility needed to control either heavy inbound or outbound bandwidth hogging.
Figure 15: QoS Bandwidth controls
You can enter the limits in either kbps or Mbps, and the browser will automatically fill in the other field with the appropriate value. (As a side note, the SW Administration manual contains a few errors in its Bandwidth feature documentation: it refers to kBytes/sec and describes non-existent “committed burst size” controls.)
Note that unless you go over to the Security > Traffic > Storm Control screen and disable Broadcast Control before trying to enable Ingress Bandwidth control, you’ll get an error. Fortunately, the error is something like “PORT 1/e1: Storm control is enabled..”, since this information isn’t provided in the SW Administration guide.
I used the IxChariot setup to check out how well Bandwidth control worked. This time I used one pair of computers and ran two throughput.scr scripts simultaneously, one transmitting traffic (to test Ingress limiting), the other receiving (to test Egress limiting).
I set 50 Mbps Ingress and Egress limits (51200 kbps was the actual value) and then enabled and disabled them during the run in this order:
- Both disabled
- Egress only enabled
- Ingress only enabled
- Both enabled
- Both disabled
Figure 16: Bandwidth control test
(click image to enlarge)
The results, as shown in Figure 16, are quite interesting – and certainly not what I expected. The upshot is that egress bandwidth limiting seems to give you throughput somewhat near what you program, while ingress limiting performance is so inaccurate as to appear broken.
I should also note that I’d occasionally get the following when trying to change ingress or egress bandwidth values:
“e=”cosparams_shaper_max_burst”
||rlHostParamName=”cosparams_shaper_min_burst”
||rlHostParamName=”cosparams_ingress_rate_limit_max”
||rlHostParamName=”cosparams_ingress_rate_limit_min””>location. Please update your documents to reflect the new location.”
These results – which indicate that ingress bandwidth limiting appears to be broken – are very similar to what I found when I tested the Linksys WET54GS5, which has similar QoS features. It’s possible that something is wrong with my test methodology, but until I hear an explanation as to why this might be, that’s my conclusion for now.
Key Features – Stacking
I would be remiss if I didn’t mention the stacking feature of the 728TS, which Netgear believes sets it apart from the competition in its price range. Stacking is primarily an administration convenience, since it allows up to six switches to be accessed at one IP address. Figure 17 shows how the Zoom view changes to reflect two stacked 728TS units.
Figure 17: Zoom view with two stacked switches
(click image to enlarge)
Setting up stacking is a breeze, since each switch comes with the two right-most gigabit ports set to stacking mode. All you need to do is connect a patch cable between the switches’ stacking ports, as illustrated in Figure 18, and the switches talk among themselves and sort out the whole Master / Slave thing. Of course, if you want to override any of their decisions, you can access the controls you need via the Stack Management admin feature.
Figure 18: Stacking cabling methods
This illustration, taken from the 728TS Hardware Installation guide, doesn’t correctly reflect the actual stacking port placement. However, it does show that you can connect a stack with a “ring” topology, which provides redundancy should a stacking connection (or more likely, a switch) fail.
Other Features
I know I said I wouldn’t be getting into the details of each feature, and I won’t. But there are a few other features that are worth a special mention:
Port Authentication – It would be nice if the 728TS allowed you to authenticate users – i.e. make them log in before they are allowed network access – but it doesn’t, at least not by itself. Its Port Authentication features are limited to passing along authentication requests to a RADIUS server, which does the actual authentication. If you are able to use Port Authentication, you’ll probably like the fact that ports that fail authentication can be switched to a “Guest” VLAN of your choice, to keep them away from authenticated traffic.
Link Aggregation – Also known as “port trunking”, the LAG (Link Aggregation Group) feature allows you to group ports together for redundancy or higher bandwidth. The LAG feature supports the IEEE 802.3ad Link Aggregation Control Protocol (LACP) standard.
Logging and Monitoring – The 728TS supports numerous methods to let you see what it’s up to. Information is logged to both internal volatile memory (Memory Logs) and non-volatile memory (Flash Logs). You can also control the level of what’s logged, including messages labeled Emergency, Alert, Critical, Error, Warning, Notice, Informational and Debug. Figure 19 shows some sample log output.
Figure 19: Memory Log
(click image to enlarge)
You can also log to multiple syslog servers and set IP address, severity level logged and logical port (UDP 514 is default).
If traffic statistics are your thing, you can get per-port stats via the admin interface, or via the RMON features, which support definable history, events and alarms. Since RMON works in concert with SNMP, you’ll be pleased to know that SNMP v1, v2c and v3 are supported, and that the management information base (MIB) files are included on the Resource CD that comes with the 728TS.
Spanning Tree – High uptime is always important in larger networks, and redundancy is one of the methods used to achieve it. The IEEE 802.1D Spanning Tree Protocol (STP) lets you connect switches redundantly without creating loops that result in broadcast storms. Of course, the 728TS supports STP, with individual controls on all ports.
Closing Thoughts
A browse through your favorite shopping search engine will reveal a surprising number of 24-port 10/100 smart/intelligent/managed switches in the $150 to $200 price range. Netgear thinks that what makes the FS728TS unique is its stacking ability, and at least from the look that I had, I think I agree. (By the way, you can find a comparison matrix of Netgear’s entire business switch line here.)
It’s also nice that four 10/100/1000 ports are provided, along with the 24 10/100 ports. You still have two gigabit ports left even if you choose to take advantage of the stacking feature.
For businesses, the FS728TS is compelling. It deserves to be on your short list if you’re in the market for a stackable 24 port 10/100 switch at a nice price that has most, if not all, of the features you need – with a couple of gigabit ports thrown in for good measure.
That said, is this “the” managed switch that the SOHO networking crowd will be lining up in droves to buy? At this point, I’d have to say no, for three main reasons. First, the user interface and documentation aren’t designed with the Best Buy / CompUSA crowd in mind. There are too many documentation errors, not enough applications examples (none, in fact), and the GUI itself requires too much hunting around. Not to mention that the IE-only approach to GUI design should have been retired long ago, and HTTPS admin should be standard.
The second point, price, will probably be the first consideration for most potential SOHO buyers. While $200 is reasonable for a business switch, it is two times the magic $100 price point under which consumers are more likely to give something unfamiliar a shot. Four port routers with similar network processors sell for much less, and I’ll bet that even eight 10/100 ports (or maybe even gigabit ones) could be included and still stay under $100.
Finally, while the VLAN features work fine, they need better documentation. Even worse, the bandwidth and QoS features don’t appear to work correctly. They also have controls that are reminiscent of first-generation routers, which required a professional networking engineer to set up correctly.