Key Features - VLANs
I'm not going to plow through the details of every feature of the 728TS; rather, I will concentrate on the more interesting ones - and buggy ones too - while mentioning others only in passing. If you really want to look into all the settings details before buying, click over to the 728TS support page and download the Installation, HW Installation and Software Admin Guides.
One reason for small network builders to consider stepping up to a managed switch is the ability to shut off a user's network access without physically unplugging his or her cable. Another two important features are VLANs (Virtual LANs) and QoS (Quality of Service) / Bandwidth Control.
Let's look at VLANs first. VLANs are a software mechanism that allows a network's logical structure to be independent of its physical structure. The switch accomplishes this by controlling the propagation of broadcast traffic, and using tags (specific bits) added to data packets. For example, the Address Resolution Protocol (ARP) depends on broadcasts to match up MAC addresses (which are associated with specific physical devices) and IP addresses (which are used by higher layer protocols such as TCP/IP). By controlling where those broadcasts go, devices on different VLANs are, for all intents and purposes, invisible to each other - even if they are physically located on the same desk.
While VLANs have many uses, in small networks the most frequent use is to separate traffic for security reasons. This could, for example, allow two small businesses to share a common Internet connection, but keep data from flowing between them.
I managed to configure VLANs to implement the example above, but had to figure it all out on my own. None of the documentation shipped with the switch includes setup examples, nor is there much help to be found in Netgear's knowledge base. The key is understanding how to set up overlapping VLANs, and the real trick is in getting the Interface PVID (Port VLAN ID) Settings values right. This is probably worth a separate article, which I hope to be able to write soon.
Figure 7: VLAN Properties
Setting up VLANs involves bouncing around among three (or more) screens: VLAN Properties (Figure 7), VLAN Membership (Figure 8) and PVID Settings (Figure 9). It's easy to get lost if you don't first diagram out on paper what you're trying to implement.
Figure 8: VLAN Membership
(click image to enlarge)
Note that there is a Membership screen for each VLAN that's defined in the VLAN Properties screen, and it can get tedious (and confusing) to click all the boxes. VLANs can be assigned numbers from 1 to 4096, but the 728TS supports only 128 VLANs. I suggest you take advantage of the VLAN Name feature to help prevent getting lost during setup.
Figure 9: PVID settings
Another lesson learned from my VLAN wrestling match was that the internal admin server is fixed to VLAN 1 (the default VLAN that cannot be altered or deleted). So if you want to limit admin access to specific clients, you'll need to move all other clients to a new VLAN, not vice-versa.