|At a Glance|
|Product||NETGEAR PROSAFE 24 Port Gigabit Smart Switch with Static Routing (GS724TR)|
|Summary||24 port Gigabit Advanced Smart Switch with VLAN static routing|
|Pros||• 255 VLANs
• Inter-VLAN routing
• Gigabit ports with Jumbo Frame support
|Cons||• Loud fans
• Packet Capture lockout
• SNTP Hassle
I'm looking at the Netgear GS724TR Advanced Smart Switch in this review, a 24-port Gigabit switch from Netgear's Advanced Smart switch product line. Before going into features and performance, a little Netgear "101" will help understand the GS724TR.
Netgear has four switch product lines under the categories of Unmanaged, Smart, Advanced Smart, and Fully Managed, comprising dozens of different models. Switches in these product lines range from 5 - 48 ports, have port speeds of 10/100 Mbps or 10/100/1000 Mbps (Gigabit) and list prices from under $100 to over $3000.
Unmanaged switches are "dumb" switches that forward data without any configuration options. Netgear's JGS524 is a 24-port Gigabit switch from their Unmanaged switch line, with a list price of $269.99. This is a good choice for the network needing basic plug and play functionality. We covered several Unmanaged Gigabit switches in this roundup.
Moving up to the Smart switch line, Netgear's GS724T is a 24-port Gigabit switch that adds key functions such as support for jumbo frames and up to 128 VLANs for a list price of $299.99. At only $30 more than the JGS524, the GS724T is a good starting point if you're in the market for a 24-port Gigabit switch with room to advance the technology in your network. We covered Netgear's 16 port GS716T Smart switch in this review.
In the Advanced Smart switch line, Netgear's GS724AT and the switch I'm reviewing here, the GS724TR, are 24-port Gigabit switches that add many networking functions over the GS724T such as Voice VLAN capability and security features including 802.1x/RADIUS authentication and Access Control Lists (ACL). The GS724AT and GS724TR have list prices of $419.99 and $679.99.
Key differences between the GS724AT and GS724TR are the GS724TR's greater VLAN capacity (255 to 128) and the GS724TR's ability to route traffic between VLANs without connecting to a router through the use of internal static routes.
There are two other 24-port Gigabit switches in Netgear's Advanced Smart switch line that differ by adding Stacking and Power over Ethernet (PoE) functionality. Stacking allows for combining multiple switches into a single manageable device, and PoE allows for providing electrical power to VoIP or other network devices via the Ethernet cable.
Netgear devices in the Unmanaged, Smart, and Advanced Smart switch lines are designed to be Edge switches, meaning they are primarily connected to end devices such as PCs and VoIP devices. Core switches are typically connected to high traffic network devices such as servers, switches or routers on larger networks. Netgear's Fully Managed switches can serve as both Edge and Core switches.
If we look at Netgear's Fully Managed switch line and focus on similarly priced switches to the GS724TR, the GSM7224 and GSM7224R are 24-port Gigabit switches with list prices of $699.99 and $859.99. Note that the GSM7224 doubles the GS724TR's VLAN capacity to 512 VLANs, but doesn't support internal static routes. The GSM7224R is essentially the same as the GSM7224 plus provides internal static routing.
I put together the below chart to summarize my "101" on Netgear 24-port Gigabit switches. Please note that this chart itemizes some key differences and by no means fully lists all feature differences.
|Model||Type||VLANs||Voice VLAN||Routing||802.1x & ACLs||List Price|
Table 1: Switch Feature Summary
The GS724TR is packaged in a 1U rack format and comes with brackets to install in a standard 19" data center rack. There are two small, but loud cooling fans venting heat out the left side of the unit. You won't want to use this switch as a desktop switch with the amount of noise these fans generate!
The front of the GS724TR shown in Figure 1 has 24 Gigabit Ethernet ports, plus 2 SFP (small form-factor pluggable) GBIC (Gigabit Interface Converter) ports on the far right. The SFP ports can be used to connect standard multi mode or single mode fiber connectors. The SFP ports are shared and if used, will replace Gigabit Ethernet ports 23 and 24.
The case itself is a professional looking grey and blue metal, with all ports on the front of the device. Indicator lights show the status of each port, and there are small recessed buttons on the lower left to reset and restore factory defaults. Also, I like how Netgear prints the default password on the bottom of their devices.
Figure 1: Front view
A nice feature in the menu of the GS724TR is the System Device View option. An administrator can log into the switch remotely and see real time which ports are live with a graphical display that looks just like the device. Figure 2 below is from the Netgear menu, and it is an exact display of which ports were live on the system as I wrote this.
Figure 2: Device view
The rear of the unit shown in Figure 3 is for connecting the power cord. The power supply is internal, so there is just an AC power cord to plug in. The GS724TR doesn't have an on/off switch, just plug it in and it turns on.
Figure 3: Rear view
Under the Covers
The mainboard has a pair of Nanya Technologies 256 Mb DDR400 SDRAM chips, giving the GS724TR 512 MB of RAM. An Altera MAX II CPLD (Complex Programmable Logic Device) is also on the main board for boot loader functionality.
Netgear has done a nice job covering the remaining components on the GS724TR's motherboard. The bulk of the components are underneath a large heat sink shown in Figure 4, which is sealed to the board. Although I could remove the screws holding the heat sink in place, there was no prying it off to see what was underneath.
Figure 4: GS724TR board
Netgear's specifications list the GS724TR with 750 KB of buffer memory and the capacity to hold 8,000 addresses in its MAC table. The device is rated as having a MTBF (Mean Time Between Failure) of 265,000 hours, or approximately 30 years. With a 30 year life expectancy and Netgear's lifetime warranty, I would expect the GS724TR to be a reliable device!
The GS724TR offers quite an array of configuration options. Netgear uses a clean menu interface with eight tabs for main menu choices across the top with multiple configuration options per tab. Figure 5 is a shot of the System Information screen, which is where you first land when logging in.
Figure 5: System information
To give you an idea of the numerous configuration options, I put together the chart in Table 2 showing each menu and it sub-items. All told there are 34 different configuration screens, each with multiple sub-screens for various options and configurations.
|Management||Ports||IP||CoS||Mgt Security||Ports||Save Config||Online Help|
|SNMP||VLAN||Router Discovery||Port Auth||Port Mirroring||Upload|
|LLDP||Voice VLAN||Routing Table||Traffic Control||Download|
Table 2: Admin menu summary
The GS724TR supports up to 255 VLANs. As observed in our review of the Netgear's FS728TS, though, the Netgear manual provides configuration descriptions but lacks in examples on how to set up VLANs or other key functions.
To set up VLANs on the GS724TR, you need to define the VLAN, define VLAN Membership with tagging options and assign incoming VLAN ID parameters. To create a VLAN, just give it a number and a name in the VLAN Configuration screen. For example, I created VLAN 2 and called it "WAN" on my GS724TR.
Once a VLAN is created, ports can be assigned to that VLAN as untagged or tagged. If a port is connected to a PC, setting it as untagged is easiest. I liked that the VLAN Membership screens on the GS724TR make it point and click to define which ports are members of which VLAN.
For a port to be a member of a VLAN, it has to have either a T or a U in its associated square. Clicking on the square for each port will change the port's assignment from not being a member of that VLAN to being a Tagged member of that VLAN to being an Untagged member of that VLAN. Group operations are also possible to assign all or no ports to be a member of a VLAN.
Notice the "U" under ports 22-24 in Figure 6. Here I've set up ports 22-24 to be untagged members of VLAN 2. I've also gone into VLAN 1 and removed ports 22-24. This means that only ports 1-21 are members of VLAN 1 and only ports 22-24 are members of VLAN 2.
Figure 6: VLAN membership
On the GS724TR, use the Port VLAN ID menu to assign a VLAN ID to untagged frames received on specific ports. In Figure 7, I've defined that untagged frames received on port 23 will be assigned VLAN ID 2. In addition to setting the VLAN ID on incoming frames, the PVID Configuration screen can be used to filter and set CoS priority values.
Figure 7: Port PVID Assignment
The GS724TR also has Auto Voice VLAN functionality. If you enabled the Voice VLAN feature, the GS724TR will automatically assign frames with a matching OUI to the Voice VLAN.
Typical Layer 2 switches examine the destination MAC address of incoming frames and forward or flood that frame based on whether the destination MAC is in the switch's MAC table. Routing functionality is normally provided by an external router connected to the switch.
An Advanced switch with IP routing capability such as the GS724TR has the ability to look inside the Layer 2 frame at the Layer 3 IP address and route the packet internally. Having a switch route traffic internally can improve network performance, as the switch can move traffic faster internally than externally. Further, by routing inter-VLAN traffic in the switch, resources are freed up on the external router allowing the router to improve its performance. The GS724TR supports up to 32 static routes to pass traffic between VLANs.
To test this functionality, I set up two ports on two different VLANs, statically addressed PCs on each port on different subnets, and ran a ping from one PC to the other. I found the GS724TR's routing to work as advertised, and indeed I could ping from a PC in one VLAN on one subnet to a PC in a different VLAN on a different subnet without a router.
Here are the steps I followed:
Step 1: Enable Routing Mode in the IP Configuration screen. Simply click Enable on the Routing Mode radio button to turn on inter-VLAN routing.
Step 2: Create the VLANs and the virtual routing interfaces. There is a VLAN Routing Wizard which makes both tasks easy. The IP address assigned in the VLAN Routing Wizard automatically creates a virtual interface in the GS724TR that facilitates routing to that VLAN from other VLANs.
Figure 8 shows my inputs for creating VLAN 15 and its corresponding virtual interface with IP address 192.168.15.1. I repeated this step for VLAN 14.
Figure 8: VLAN Routing WizardStep 3: Configure ports to have a PVID according to their VLAN. For my test, port 14 was given a PVID of 14 and port 15 a PVID of 15.
That's all it took and I could ping from VLAN 14 to VLAN 15. To validate inter-VLAN routing, I ran a continuous ping between the PCs and enabled/disabled Routing Mode from step 1. Disabling Routing Mode killed the pings while enabling Routing Modes restored the route and pings succeeded.
The GS724TR Route Table shows the subnets and routes that are created when using the VLAN Routing Wizard. As you can see in Figure 9 under Route Status, a Next Hop IP address for each VLAN is created from the IP Address entered in the VLAN Routing Wizard in step 2. This Next Hop IP address is the gateway address I used in statically addressing each PC.
Figure 9: Route Table
VLAN support and inter-VLAN routing are some of the strengths of the GS724TR. But there are quite a few more advanced features in this switch. Port Mirroring is a powerful tool included in the GS724TR as well as the less expensive GS724T and GS724AT. I'm pointing out Port Mirroring because I ran into a surprise while testing it.
Port Mirroring allows for packet captures of traffic from a different switch port than the PC or device running the capture, a useful tool for network troubleshooting. I found when I enabled Port Mirroring to my laptop, shown below in Figure 10, Port Mirroring worked. But my PC was locked out of the switch and I could no longer access the switch to turn Port Mirroring off.
Figure 10: Port Mirroring
I notified Netgear's engineers thinking I had found a bug, but they informed it was working as intended. As stated by Netgear engineering, "this behavior is by design. The port mirroring feature on the GS724TR is to allow an administrator to monitor network traffic by attaching an external network analyzer to the destination port. The destination port no longer participates in any network protocol."
I like to use my laptop to capture and analyze packets, and the same laptop to control the switch while I'm running the capture. I suppose a dedicated device may be better for this feature in high traffic networks. But it was a bit of a nuisance to have to move the cable connected to my laptop to another switch port to turn the mirroring feature off.
Each port in the GS724TR can be individually configured with a description, speed, alarming (Link Trap), and for different frame sizes as circled in Figure 11. Jumbo frames are a favorite topic as they can improve network performance, especially in large file transfers. The GS724TR supports 1518 to 9216 byte frame sizes, configurable per port.
Figure 11: Port Configuration Options
Some features included on the GS724TR that you won't find on its less expensive siblings are support for 802.1w Rapid Spanning Tree Protocol (STP), Dual Image capability for file and configuration management, and Syslog, Ping and Traceroute tools for troubleshooting.
Standard STP (802.1d) is supported by the GS724T and GS724AT, as well as the GS724TR. The advantage of Rapid STP (802.1w) is faster convergence in the event of link failure. Spanning Tree Protocol is used to prevent switch loops when redundant inter-switch connections between switches exist. The downside with standard STP is it takes nearly a minute to recover in the event an inter-switch connection fails. With Rapid STP, recovery in the event an inter-switch connection fails is 10 seconds or less.
All Spanning Tree Protocol is off by default on the GS724TR. It has to be enabled and applied by clicking the appropriate radio buttons, displayed below in Figure 12.
Figure 12: Spanning Tree Protocol Configuration
Configuration and firmware maintenance is enhanced on the GS724TR via the dual image feature. A new firmware can be loaded to one image, keeping the old firmware on the other image as a fallback. I didn't use the dual image feature, but I did upgrade the switch to the latest firmware version available on Netgear's website, version 3.0.3, and had no problems.
Another interesting aspect of the GS724TR file management is that changes to the configuration have to be activated and saved to persist through a reboot, shown below in Figure 13. Changes to the configurations are immediately applied and active, but if you reboot without saving them, you lose them. (It's kind of like copy run start for Cisco users.)
I thought this was a hassle, but I realized the value while testing the routing functionality and accidentally disabling the management interface. Rebooting erased my unsaved configurations and restored the management interface, thankfully!
Figure 13: Save Configuration
One minor issue I ran into, even after I learned about applying changes, was that the SNTP feature for using a network time source would not persist through a reboot, even if I saved the configurations. This meant I had to keep reconfiguring the device to use SNTP instead of its local clock source every time I rebooted it.
Useful network troubleshooting tools, especially on a switch that has routing capability, are basic ping and traceroute. Note that to use the traceroute tool to a URL, you need to manually enter the IP address of a DNS server, as the GS724TR doesn't populate that field from a DHCP offering.
To control access to the switch, GS724TR Management Access can be secured via either a RADIUS or TACACS+ server. The GS724TR also supports standard 802.1x authentication for port-based access control.
To control traffic through the switch, basic rules can be created to filter traffic based on source or destination MAC address using the Traffic Control menu for constructing MAC filters. More advanced Access Control Lists (ACLs) can be constructed to filter traffic based on source or destination MAC addresses or IP, as well as Layer 4 ports for sophisticated traffic control.
QoS can be applied in the GS724TR based on Layer 2 802.1q headers or Layer 3 IP headers using CoS or DSCP values. The default setting on the GS724TR is to trust CoS values received on all ports, which means frames received with 802.1q headers will be prioritized and/or queued based on the CoS values. Individual ports can also be set to untrusted. If you select untrusted, all frames received on that port will be given the priority assigned to that port in the PVID menu.
Figure 14 shows the shaping configuration menu on the GS724TR. Here you can adjust the interface trust mode, as well as apply traffic shaping per port. A value of 16 to 16384 is assigned, which allocates a multiple of 64 kb of bandwidth to each port. A value of 16 would allocate 1 Mb of bandwidth (16x64=1,024). A value of 16384 would allocate 1000 Mb of bandwidth (16384x16=1,048,576). A value of 0 (=default) turns shaping off on that port.
Figure 14: QoS Cos Configuration
Queuing can also be configured. Figure 15 shows the queue-bandwidth configuration screen. There are eight egress queues per port, and CoS values 0-7 can be mapped to each of these eight queues for allocating bandwidth and controlling priority.
In the Interface Queue Configuration screen shown, selecting a Queue ID and assigning a value of 0-100 will allocate 0-100% of that port's bandwidth to a specific traffic type.
Figure 15: QoS Queue Configuration
As you can also see in Figure 15, each queue can be configured for strict or weighted queuing. Strict queuing means frames in the highest priority queue get transmitted until the queue is emptied. Weighted means weighted round robin (WRR) queuing where each queue gets assigned a relative weight defining its priority for transmission. WRR allows for prioritization of latency sensitive traffic without "starving" lower priority traffic. The GS724TR has default mappings of CoS values to each egress queue which can be modified in the 802.1p to Queue Mapping configuration menu.
I ran some simple TCP throughput tests with three different PCs and Jperf. My three machines all have PCI gigabit NICs, so can't come close to achieving gigabit "wirespeed" performance. Any testing gigabit switches with anything less than a Spirent SmartBits or similar multi-port tester is pretty meaningless anyway. But since Tim asked me to run the tests, I ran 'em.
Since I couldn't perform a meaningful test of maximum throughput, I instead tried to measure the difference between throughput using a straight CAT5e cable (you don't need a crossover cable for gigabit NICS) to connect the two test machines and plugging them into two switch ports.
The short story is that I measured between around 1 - 3% lower throughput when connected to the GS724TR than when connected via the cable. It's possible that the switch store-and-forward latency of 5 uS is a factor here. But the test is probably reflecting measurement error more than anything else.
Each switch vendor has their own naming convention for makes and models which makes direct comparisons between manufacturers difficult. A relatively similar switch to the Netgear GS724TR is the Linksys SGE2000, which is also a 24 port Gigabit switch with extensive VLAN support and inter-VLAN routing capability, plus stacking functionality.
Pricegrabber shows the Linksys SGE2000 can be found on line for $643.00, while the Netgear GS724TR is available for $552.37. Both are feature-rich switches and their prices are reflective of it.
The interesting thing about switches in general, even an advanced switch like the GS724TR, is you can take it out of the box, power it up, plug in the PCs, and the switch will pass traffic without ever applying a configuration. If you want that kind of plug and play simplicity, though, the GS724TR is overkill. This is a switch for a high traffic network requiring extensive network management.
At the end of the day, it comes down to doing thorough needs analysis on your network and itemizing the features you need in a high throughput edge switch. If inter-VLAN routing capability is one of those needs, then I think the GS724TR, backed by Netgear's lifetime warranty, is a pretty safe bet.