The SG500-28P supports class Spanning Tree Protocol (STP), Rapid STP (RSTP), and Multiple STP (MSTP). Rapid STP is enabled on the SG500 by default.
STP prevents network loops from being formed by automatically taking down one or more interfaces suspected to be part of a loop. RSTP is a faster version of STP. MSTP allows for running multiple instances of RSTP to enable to loop prevention in a network running multiple VLANs.
To test RSTP, I connected two trunks on ports 1 and 5 between the SG500 and my NETGEAR GS108T with RSTP enabled on both switches. Without RSTP, both trunks would come up on both sides, resulting in a switching loop. With RSTP enabled, one interface on one switch should go into an Alternate (= blocking) state, preventing a switching loop.
The default settings of both switches led to the GS108T becoming the Root bridge and the Alternate port being established on port 5 the SG500 as shown in Figure 9, validating proper RSTP functionality.
Figure 9: RSTP settings
The SG500-28P supports up to 10k byte jumbo frames. Enabling jumbo frames on the switch is a check box and reboot, as shown in Figure 10. Once enabled, I was able to pass up to 4k jumbo frames over the SG500, which is my end device limit.
Figure 10: Jumbo frame enable
Link Aggregation Groups allow for grouping multiple interfaces to form a single “pipe” between the switch and another LAG capable device. LAG trunking increases bandwidth between devices and improves redundancy as the LAG connection will stay up and carry traffic as long as one of its interfaces is up.
The SG500 supports static LAG trunks and dynamic LAG trunks using Link Aggregation Control Protocol (LACP). I configured two ports on the SG500 and GS108T to form a static LAG trunk. As shown in Figure 11, my LAG trunk came up without issue.
Figure 11: LAG settings
Quality of Service (QoS) is quite advanced on the SG500-28P. The switch can recognize Class of Service (CoS) values or Differentiated Service Code Point (DSCP) values for applying traffic prioritization. There are four queues and two different methods for queue management, as well as options for bandwidth limiting via ingress and egress rate controls.
In basic QoS mode on the SG500, QoS values can either be trusted or overridden per interface. In advanced QoS mode, QoS rules can be configured using Access Control Lists (ACLs) as part of a Class Map to match different traffic types, using the Class Map in a Policy Map to define how to prioritize that specific traffic type and finally applying the Policy Map to an interface via Policy Binding.
Traffic prioritization is handled via four queues, with traffic assigned to each queue based on QoS value. If there is congestion on the switch, traffic will get delivered based on queue priority. The SG500 can operate using either strict priority or Weighted Round Robin (WRR) method. Strict priority will ensure that traffic in the high priority queue gets through first, but can result in dropping too much traffic in the low priority queue. WRR provides a middle ground, allowing prioritization of delay sensitive traffic, yet permitting all traffic access to network resources.
Basic bandwidth utilization can be managed by port with Ingress and Egress rate limits. I ran a simple test by configuring a port on the SG500 with Ingress and Egress rate limits of 500Kbps. See port GE13 in Figure 12.
Figure 12: Bandwidth control
I connected my PC to port 13 with the above bandwidth limits and connected another PC to an unlimited port on the SG500. I then tested the SG500's bandwidth limiting capability with iperf using default TCP settings. Using iperf, I measured 540 Kbps in each direction with the bandwidth limit applied, closely matching the 500 Kbps limit set.
The SG500-28P has extensive security controls. Access to the switch can be controlled via a local database of user names or via external TACACS+ or RADIUS servers. To protect against various network threats, the SG500 has options for Storm Control, Port Security, 802.1x end device authentication, DoS Prevention, DHCP Snooping, IP Source Guard, and ARP Inspection.
To control traffic flows, the SG500 supports filtering traffic based on source and destination MAC, IPv4 or IPv6 addresses, QoS values, Layer 4 ports, and protocols. Traffic filters on the SG500 are applied to physical interfaces with Access Control Lists (ACLs). ACLs are lists of Access Control Entries (ACE). A total of 2000 different ACEs can be created on the SG500.
As a test, I created a basic MAC based ACL with a single ACE to shutdown the port if it saw traffic from a specific MAC and applied it to port 7. I then plugged the device with the specified MAC to port 7 on the SG500, which resulted in the switch disabling port 7 as expected.