Grandstream Networks, Inc.

GWN780x Series
GWN780x(P) L2+ – User Manual
WELCOME
The GWN780x series are Layer 2+ managed network switches that allow small-to-medium enterprises to build scalable,
secure, high-performance, and smart business networks that are fully manageable. It supports advanced VLAN for flexible and
sophisticated traffic segmentation, advanced QoS for prioritization of network traffic, IGMP Snooping for network
performance optimization, and comprehensive security capabilities against potential attacks. The PoE models provide smart
dynamic PoE output to power IP phones, IP cameras, Wi-Fi access points, and other PoE endpoints. The GWN7800 series can
be managed in a number of ways, including the local web user interface of the GWN7800 series switch. The series is also
supported by GWN.Cloud, Grandstream’s cloud and on-premise Wi-Fi management platform. The enterprise-grade GWN780x
series are the ideal managed network switches for small-to-medium businesses.

PRODUCT OVERVIEW

Technical Specifications

GWN7801 GWN7801P GWN7802 GWN7802P GWN7803 GWN7803P

Network IPv4, IPv6, IEEE 802.3, IEEE 802.3i, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3z, IEEE 802.3x, IEEE 802.3af/at, IEEE
Protocol 802.1p, IEEE 802.1Q, IEEE 802.1w, IEEE 802.1d, IEEE 802.1s

Gigabit
8 16 24
Ethernet Ports

Gigabit SFP
2 4
Ports

Console 1

Number of PoE /
/ 8 16 / 24
Ports

Integrated
30W 150W 30W 270W 30W 400W
Power Supply

Max Output
Power per PoE / 30W / 30W / 30W
Port

Max Total PoE

/ 120W / 240W / 360W
Output Power

PoE Standards / IEEE 802.3af/at / IEEE 802.3af/at / IEEE 802.3af/at

Auxiliary Ports 1x Reset Pinhole

Forwarding
Store-and-forward
Mode

Total non-
blocking 10Gbps 20Gbps 28Gbps
throughput
Switching
20Gbps 40Gbps 56Gbps
Capability

Forwarding
14.88M packets per second 29.76M packets per second 41.66M packets per second
Rate

Packet Buffer 4.1MB

● 8K static, dynamic and filtering MAC addresses

● 4K VLANs, port-based VLAN, IEEE 802.1Q VLAN tagging, voice VLAN
Switching ● VLAN virtual interface
● 8 link aggregation groups
● Spanning tree, 16 instances for MSTP

Multicast IGMP Snooping, MLD Snooping

● Auto detection and prioritization of voice/video/RTP/SIP/other latency-sensitive packets

● Port priority
● Priority mapping
QoS/ACL ● Queue scheduling, including SP, WRR
● Traffic shaping
● Rate limit
● 1.5K ACL for Ethernet, IPv4 and IPv6

DHCP Option 82, 60,160 and 43

CPU and memory monitoring, SNMP, RMON, LLDP&LLDP-MED, backup and restore, syslog, alert, diagnostics
Maintenance
including Ping, Traceroute, port mirroring

● User hierarchical management and password protection, HTTPS, SSH, Telnet

● 802.1X authentication
● AAA authentication including RADIUS, TACACS+
● Storm control
Security ● Port isolation, port security, sticky MAC
● Filtering MAC address
● IP source guard, DoS attack prevention, ARP inspection
● DHCP Snooping
● Loop protection including BPDU proctection
● Kensington Security Slot (Kensington Lock) support

Mounting Desktop/ Wall-Mount Desktop, wall-mount, or rack-mount (rack-mount brackets included)

1x tri-color LED for device tracking and status indication

10x green LEDs

LEDs 20x green LEDs 28x green LEDs
10x green for data ports, 8x 20x green 28x green
for data ports, 16x for data ports, 24x
LEDs for yellow-color LEDs for LEDs for
yellow-color LEDs yellow-color LEDs
data ports LEDs data ports data ports
for PoE ports for PoE ports
for PoE ports

Fan / / / 1 / 2

Operation: 0°Cto 45°C, humidity 10-90% RH(Non-condensing)

Environmental
Storage: -10°C to 60°C, humidity: 5% to 95%(Non-condensing)

Dimensions 300mm(L)*175mm(W)*44(H) 440mm(L)*200mm(W)*44mm(H)

 Unit
1.8Kg 2Kg 2.6Kg 3Kg 2.7Kg 3.3Kg
Weight(TBD)

Switch, 1x 1.2m(10A) AC Cable,

Package Switch, 1x 1.2m(10A) AC Cable, Rack-mounting Standard Brackets, 1x
1x Ground Cable, 4x Rubber Feet,
Content Ground Cable, 4x Rubber Feet, 2x Lug Ear
2x Lug Ear

Compliance FCC, CE, RCM, IC, UKCA

GWN780x Technical Specifications

INSTALLATION
Before deploying and configuring the GWN780x switch, the device needs to be properly powered up and connected to the
network. This section describes detailed information on the installation, connection, and warranty policy of the GWN780x
switch.

Package Contents

GWN780x Package Contents

GWN780x Ports

GWN7801/GWN7801P

GWN7801/GWN7801P Ports

No. Port & LED Description

8x Ethernet RJ45 (10/100/1000Mbps), used for connecting terminals. Note: GWN7801P

1 Port 1-8
Ethernet ports support PoE and PoE+.

2 1-8 Ethernet ports’ LED indicators

3 Port SFP1/2 2x 1000Mbps SFP ports

4 SFP 1/2 SFP ports’ LED indicators

5 CONSOLE 1x Console port, used for connecting managing PC

6 RESET Factory Reset pinhole. Press for 5 seconds to reset factory default settings

7 SYS System LED indicator

8 100-240 VAC 50-60Hz Power socket

9 Lightning protection grounding post

GWN7801(P) Ports and LEDs

GWN7802/GWN7802P

GWN7802/GWN7802P Ports

No. Port & LED Description

16x Ethernet RJ45 (10/100/1000Mbps), used for connecting terminals. Note: GWN7802P
1 Port 1-16
Ethernet ports support PoE and PoE+.

2 1-16 Ethernet ports’ LED indicators

3 Port SFP1/2/3/4 4x 1000Mbps SFP ports

4 SFP 1/2/3/4 SFP ports’ LED indicators

5 RESET Factory Reset pinhole. Press for 5 seconds to reset factory default settings

6 SYS System LED indicator

7 CONSOLE 1x Console port, used for connecting managing PC

8 100-240 VAC 50-60Hz Power socket

9 Lightning protection grounding post

10 Fan 1x Fan

GWN7802(P) Ports and LEDs

 GWN7803/GWN7803P

GWN7803/GWN7803P Ports

No. Port & LED Description

24x Ethernet RJ45 (10/100/1000Mbps), used for connecting terminals. Note: GWN7803P
1 Port 1-24
Ethernet ports support PoE and PoE+.

2 1-24 Ethernet ports’ LED indicators

3 Port SFP1/2/3/4 4x 1000Mbps SFP ports

4 SFP 1/2/3/4 SFP ports’ LED indicators

5 RESET Factory Reset pinhole. Press for 5 seconds to reset factory default settings

6 SYS System LED indicator

7 CONSOLE 1x Console port, used for connecting managing PC

8 100-240 VAC 50-60Hz Power socket

9 Lightning protection grounding post

10 Fan 2x Fan

GWN7803(P) Ports and LEDs

Install on the Desktop

GWN780x(P) Desktop Installation

1. Place the bottom of switch on a sufficiently large and stable table.

2. Peel off the rubber protective paper of the four footpads one by one, and stick them in the corresponding circular
grooves at the four corners of the bottom of the case.

3. Flip the switch over and place it smoothly on the table.

Install on the Wall

GWN780x(P) Wall Installation

1. Use the matching screws (KM 3*6) to fix the two L-shaped rack-mounting kits (rotated 90°) on both sides of switch.

2. Stick the switch port up and horizontally on the selected wall, mark the position of the screw hole on the L-shaped rack-
mounting kits with a marker. Then, drill a hole at the marked position with an impact drill, and drill the expansion
screws(prepared by yourself) into the drilled hole in the wall.

3. Use a screwdriver to tighten the screws (prepared by yourself) that have passed through the L-shaped rack-mounting kits
to tighten the expansion solenoids to ensure that the switch is firmly installed on the wall.
Install on a 19″ Standard Rack

GWN780x(P) L-shaped rack-mounting Installation

1. Check the grounding and stability of the rack.

2. Install the two L-shaped rack-mounting in the accessories on both sides of switch, and fix them with the screws provided
(KM 3*6).

GWN780x(P) Standard Rack Installation

3. Place the switch in a proper position in the rack and support it by the bracket.

4. Fix the L-shaped rack-mounting to the guide grooves at both ends of the rack with screws(prepared by yourself) to
ensure that the switch is stably and horizontally installed on the rack.

Powering and Connecting GWN780x(P)

Grounding the Switch

Grounding the Switch

1. Remove the ground screw from the back of switch, and connect one end of the ground cable to the wiring terminal of
switch.
 2. Put the ground screw back into the screw hole, and tighten it with a screwdriver.

3. Connect the other end of the ground cable to other device that has been grounded or directly to the terminal of the
ground bar in the equipment room.

Powering on the Switch

Connect the power cable and the switch first, then connect the power cable to the power supply system of the equipment
room

Powering on the Switch

Connecting Power Cord Anti-Trip (Optional)

In order to protect the power supply from accidental disconnection, it’s recommended to purchase a power cord anti-trip for
installation.

Connecting Power Cord Anti-Trip (Optional) – part 1

1. Place the smooth side of the fixing strap towards the power outlet and insert it into the hole on the side of it.

Connecting Power Cord Anti-Trip (Optional) – part 2

2. After plugging the power cord into the power outlet, slide the protector over the remaining strap until it slides over the
end of the power cord.
 3. Wrap the strap of the protective cord around the power cord and lock it tightly. Fasten the straps until the power cord is
securely fastened.

Connect to SFP Port

Connect to RJ45 Port

1. Connect one end of the network cable to the switch, and the other end to the peer device.

2. After powered on, check the status of the port indicator. If on, it means that the link is connected normally; if off, it means
the link is disconnected, please check the cable and the peer device whether is enabled.

Connect to Console Port

The installation process of the fiber module is as follows:

Connect to SFP Port

1. Grasp the fiber module from the side and insert it smoothly along the switch SFP port slot until the module is in close
contact with the switch.

2. When connecting, pay attention to confirm the Rx and Tx ports of SFP fiber module. Insert one end of the fiber into the Rx
and Tx ports correspondingly, and connect the other end to another device.

3. After powered on, check the status of the port indicator. If on, it means that the link is connected normally; if off, it means
the link is disconnected, please check the cable and the peer device whether is enabled.

Notes:

Please select the optical fiber cable according to the module type. The multi-mode module corresponds to the multi-mode
optical fiber, and the single-mode module corresponds to the single-mode optical fiber.

Please select the same wavelength optical fiber cable for connection.

Please select an appropriate optical module according to the actual networking situation to meet different transmission
distance requirements.

The laser of the first-class laser products is harmful to eyes. Do not look directly at the optical fiber connector.
 Connect to Console Port

Connect to Console Port

1. Connect the RJ45 end of the console cable to the console port of switch.

2. Connect the other end of the console cable to the DB9 male connector or USB port to the PC.

Safety Compliances

The GWN780x(P) L2+ Managed Network Switch complies with FCC/CE and various safety standards. The GWN780x(P) power
adapter is compliant with the UL standard. Use the universal power adapter provided with the GWN780x(P) package only. The
manufacturer’s warranty does not cover damages to the device caused by unsupported power adapters.

Warranty

If GWN780x(P) L2+ Managed Network Switch was purchased from a reseller, please contact the company where the device was
purchased for replacement, repair or refund. If the device was purchased directly from Grandstream, contact our Technical
Support Team for an RMA (Return Materials Authorization) number before the product is returned. Grandstream reserves the
right to remedy the warranty policy without prior notification.

GETTING STARTED

LED Indicators

The front panel of the GWN780x(P) has LED indicators for power and interface activities, the table below describes the LED
indicators’ status.

LED Indicator Status Description

Off Power off

Solid green Booting

Flashing green Upgrade

System Indicator Solid blue Normal use

Flashing blue Provisioning

Solid red Upgrade failed

Flashing red Factory reset

 Off ● For all ports: port off
● For SFP ports: port failure

Solid green Port connected and there is no activity

Flashing green Port connected and data is transferring

Port Indicator

Solid yellow Ethernet port connected, and there is no activity and PoE powered

Flashing yellow Ethernet port connected, data is transferring and PoE powered

Alternately flashing
Ethernet port failure
yellow and green

GWN7803(P) LED Indicators

Access & Configure

Note:

If no DHCP server is available, the GWN7800 default IP address is 192.168.0.254.

Login using the Console port

1. Use the console cable to connect the console port of switch and the serial port of PC.

2. Open the terminal emulation program of PC (e.g. SecureCRT), enter the default username and password to login. (The
default administrator username is “admin” and the default random password can be found at the sticker on the GWN7800
switch).

Note:

The baud rate needs to be set to 115200.

Login Remotely using SSH

1. Enter “cmd” in PC/Start.

2. Enter ssh <gwn7800_IP> in the cmd window.

3. Enter the default username and password to login. (The default administrator username is “admin” and the default
random password can be found at the sticker on the GWN7800 switch).

Configure using GWN.Cloud

Type https://www.gwn.cloud in the browser, and enter the account and password to login the cloud platform. If you don’t
have an account, please register first or ask the administrator to assign one for you.

Login using the Web UI

The GWN780x(P) embedded Web server responds to HTTPS GET/POST requests. Embedded HTML pages allow users to
configure the device through a Web browser such as Microsoft IE, Mozilla Firefox, or Google Chrome.
 GWN780x(P) WEB GUI Page

1. A PC uses a network cable to correctly connect any RJ45 port of the switch.

2. Set the Ethernet (or local connection) IP address of the PC to 192.168.0.x (“x” is any value between 1-253), and the subnet
mask to 255.255.255.0, so that it is in the same network segment with switch IP address. If DHCP is used, this step could
be skipped.

3. Type the switch’s default management IP address http://<gwn7800_IP> in the browser, and enter username and
password to login. (The default administrator username is “admin” and the default random password can be found at the
sticker on the GWN7800 switch).

WEB GUI Languages

Currently, the GWN7800 web GUI supports English and Simplified Chinese.

To change the default language, select the displayed language at the bottom of the web GUI either before or after logging in.

Web GUI Languages – Login Page

WEB GUI – Start page

WEB GUI Configuration

GWN7800 web GUI includes 8 main sections to configure and manage the switch and check the connection status.
 WEB GUI Configuration

Search

In case it’s hard to go through every single section, GWN780x(P) Switches have search functionality to help the user find the
right configuration, settings or parameters, etc.

On the top of the page, there is a search icon, the user can click on it and then enter the keyword relevant to his search, then
he will get all the possible locations of that keyword.

Search

Overview Page

Overview is the first section that displays System information in the first page “System Info” and Port status on the second
page “Port Info”. This section provides the user with a general and global view about the GWN780x(P) system and ports
status for easy monitoring.

System Info

System Info is the first page after a successful login to the GWN780x(P) Web Interface. It provides an overall view of the
GWN780x(P) Switch information presented in a Dashboard style for easy monitoring including basic info, Resources Status,
PoE Status and System Events.

To name the device please click on , then enter the desired name.
 System Info page

Displays Device and System general information that includes (Device name, MAC Address, Default
Basic Info
Gateway, System Time, System Version etc.)

Resource Status Displays in real time the usage of CPU and Memory.

PoE Status Shows the Total Power Consumption and the remaining Power in mA.

Diplays the total number of events for each category (Emergency, Alert, Warning etc).
System Events
Note: Clicking on any events category will redirect you to the Diagnostics page for further details.

System Info page

Port Info

This page displays the status for each port on the GWN780x(P) switches indicated by color code, in terms of connection (Up,
Linkdown or Shutdown), and also in terms of PoE (Up, Disabled, Current Power, priority etc).

Port Info page

The following table explained the color code and the symbols used:

Ethernet Port is Down, PoE is Disabled

SFP Port is Down

Ethernet Port is Up, PoE is Disabled

 Ethernet Port is Up, PoE is Enabled

Ethernet Port is Shutdown, PoE is Disabled

PoE Power is UP

1 Gbps speed

10 Gbps speed

Ports Labels and Color code

There are 3 main sections for each port:

Basic Info: displays info about the port name, speed, status etc.

Note: Click on to modify the port settings like Description, Speed, Duplex Mode and Flow Control or to enable or disable the
port.

PoE Power Supply: displays PoE Current Power and priority, Status etc.

Note: Click on to change PoE settings.

Statistics: displays Statistics about Octets, and different types of Packets (Broadcast, Multicast, etc).

Note: Click on to clear the statistics.

SWITCHING
Switching section is used to configure ports settings, link Aggregation, VLAN, Spanning Tree etc.

Port Basic Settings

On this page, you can configure the basic parameters for GWN780x(P) Switch ports, like disabling or enabling the port, adding
Description, specifying the speed by default is Auto, Duplex Mode, and Flow Control. There is also a filter on in case you wan
to edit only the Copper ports which are the Gigabit Ethernet ports or Fiber ports which are the SFP ports.

Port Basic Settings page

Port The selected Port to be configured, it can be either Gigabit Ethernet port or SFP port.
 It is used to configure the information description of this interface , which can be a description of usage, etc., with a
Description maximum of 128 characters, and the characters limited to input are numbers 0-9 , letters az / AZ and special
characters.

Set whether to enable the interface.

Port Enable
it is enabled by default.

Set the rate of the interface, the options are {Auto, 10Mbps, 100Mbps, 1000Mbps}.
The default is auto-negotiation.
Speed
Note: When set to Auto, the rate of the interface is automatically negotiated between the interface and the peer port
.

Set the duplex mode of the interface. The GE ports options are { auto-negotiation, full-duplex, half-duplex}.
The default is auto-negotiation.

Note: Optical ports only support full-duplex mode.

Duplex Mode
● Auto-negotiation: The duplex state of an interface is determined by the auto-negotiation between the interface
and the peer port.
● Duplex: the interface send and receive data packets.
● Half-duplex: interface can only send/ receive packets.

Set the flow control on the interface, the options are {Disabled, Enabled, Auto}. The default is Disabled.
After enabling it, if the local device is congested, it will send a message to the peer device to notify the peer device
Flow Control to temporarily stop sending packets, after receiving the message, the peer device will temporarily stop sending
packets to the local and vice versa. Thus, the occurrence of packet loss is avoided.
Note: The optical port does not support auto-negotiation mode.

Port Basic Settings

Jumbo Frame

The maximum Transmission Payload or MTU is typically 1500 bytes, in case the user requires even a bigger MTU length for a
specific scenario, there is an option on the GWN780x(P) Switch to enable Jumbo Frame, the maximum Ethernet frame size
ranges from 1518 up to 10000.

Jumbo Frame

Flow Statistics

For monitoring or even sometimes troubleshooting, the Flow Statistics displays in real time the flow of data with different
units like Octects, Packets, Transmission Rate and OurErrPackets. The option to clear all the statistics or a specific port is
supported as well.
 Flow Statistics

Port Auto Recovery

Port Auto Recovery helps recover a port after a specific delay that can be specified by the user. When the following functions
of the port trigger the port down, the port automatically returns to the up state after the delay time:

Examples:

ARP packet detection: If the ARP rate in DAI exceeds the set value, the current port will be shut down.

STP BPDU Guard: In spanning tree, the port enables BPDU Guard. When this function is triggered, the port will be shut
down.

Port Loop: When the port is self-looping and spanning tree is enabled, the port will be shut down.

ACL: When the ACL rule is matched and the action is shutdown, the port will be shut down.

Port Security: When the number of port MAC addresses exceeds the set number, the port will be shut down.

Note:

When the recovery time is up and the port is back up, if the condition that triggers the down occurs again, the port will be shut
down again.

Port Auto Recovery

Link Aggregation

LAG means Link Aggregation Group which groups some physical ports together to make a single high-bandwidth data path.
Thus it can implement traffic load sharing among the member ports in a group to enhance the connection reliability.

Link Aggregation Group

There are two load balance modes on the GWN780x(P) Switches, either based on the MAC Address or based on the IP – MAC
Address. And in terms of the type of LAG, there are either the static option or to use the LACP or Link Aggregation Control
Protocol both of them are supported.
 Link Aggregation Group

Select your Load balance mode.

MAC address - Aggregated group will balance the traffic based on different MAC addresses. Therefore, the
Load Balancing
packets from different MAC addresses will be sent to different links.
Mode
IP/Mac Address - Aggregated group will balance the traffic based on MAC addresses and IP addresses. Therefore,
the packets from same MAC addresses but different IP addresses will be sent to different links.

Name: Enter the name of the LA Group.

Type: Use the drop down menu to specify the type for LAG.

● Static- The static aggregated port sends packets over active member without detecting or negotiating with
Edit Group remote aggregated port.
● LACP- The LACP aggregated ports place member into active only after negotiated with remote aggregated port
for best reliability.

GE: Click on port to check / uncheck which ones will be part of this LAG.

Link Aggregation Port

LAG Port Settings

In this page, the user can Enable the Link Aggregation Group and add Description as well as specifying the speed and the flow
control for LAG.

Link Aggregation – Port Settings

Port The selected LAG to be configured.

It is used to configure the information description for this LAG , which can be a description of usage, etc., with a
Description maximum of 128 characters, and the characters limited to input are numbers 0-9 , letters az / AZ and special
characters.

Set whether to enable the interface.

Port Enable
it is enabled by default.
 Set the rate of the interface, the options are {Auto, 10Mbps, 100Mbps, 1000Mbps}.
The default is auto-negotiation.
Speed
Note: When set to Auto, the rate of the interface is automatically negotiated between the interface and the peer port
.

Set the flow control on the interface, the options are { Disabled, Enabled, Auto}. The default is Disabled
After enabling it, if the local device is congested, it will send a message to the peer device to notify the peer device
Flow Control
to temporarily stop sending packets, after receiving the message, the peer device will temporarily stop sending
packets to the local and vice versa. Thus, the occurrence of packet loss is avoided.

Link Aggregation Settings

LACP

LACP or Link Aggregation Control Protocol is based on the priority, and the user can enable a system priority or even specify
the the priority for each port individually.

Link Aggregation – LACP

System Priority Set the system priority of LACP, the value range is an integer from 1-65535, the default is 32768.

Port: Select the switch LAG interface to be configured

Port Priority:Set the LACP protocol priority of the port , the value range is an integer from 1 to 65535 , the default
is 1.
Note: The smaller the priority value of the port , the higher the LACP priority of the port.
Edit LACP
Timeout: Set the timeout time for receiving LACP packets, the options are { Short, Long} , the default is Short.

● Short mode: the default timeout period for receiving LACP protocol packets is 3 seconds.
● Long mode: the default timeout period for receiving LACP protocol packets is 90 seconds .

LACP

MAC Address Table

The MAC address table records the correspondence between the MAC addresses of other devices learned by the switch and
the interfaces, as well as information such as the VLANs to which the interfaces belong. When forwarding a packet, the device
queries the MAC address table according to the destination MAC address of the packet. If the MAC address table contains an
entry corresponding to the destination MAC address of the packet, it directly forwards the packet through the outbound
interface in the entry. If the MAC address table does not contain an entry corresponding to the destination MAC address of
the packet , the device will use broadcast mode to forward the packet on all interfaces in the VLAN to which it belongs except
the receiving interface.

The entries in the MAC address table are divided into Dynamic Address, Static MAC Address, Black hole Address and Port
Security Address.

Dynamic Address
the MAC address table is established based on the automatic learning of the source MAC address in the data frame received
by the device. If the MAC address entry does not exist in the MAC address table, the device adds the new MAC address and
the interface and VLAN corresponding to the MAC address as a new entry into the MAC address table. GWN780x(P) Switch
will update the entry by resetting the aging time.

Aging Time:

Dynamic MAC address entries are not always valid . Each entry has a lifetime. The entries that cannot be updated after
reaching the lifetime will be deleted. This lifetime is called the Aging Time. If the record is updated before reaching the
lifetime, the aging time of the entry will be recalculated.

Notes:

The value range is 0 or 60-1 000000, the default is 300. If it is set to 0, it means that dynamic MAC address entries will not
be aged

Dynamic table entries are lost after system restart.

MAC Address Table – Dynamic Address

Click on “Refresh” button to update the table, or click on “Add Static MAC Address” button to add the entry to the static
MAC address.

Static MAC Address

This section allows user to manually assign MAC address into MAC table. The configuration
result will be displayed on the table listed on the lower side of this web page.

Note:

The static MAC address must be unicast.

MAC Address Table – Static MAC Address

MAC Address Enter the MAC address that will be forwarded

VLAN This is the VLAN group to which the MAC address belongs.
 Select the port where received frame of matched destination
Port
MAC address will be forwarded to.

Static MAC Address

Black Hole Address

If a MAC address is not trusted or insecure, The user can block the traffic of certain MAC Address and discard them by adding
them to the Black Hole Address Table.

Click on “Add” button then enter the MAC Address and the VLAN.

MAC Address Table – Black Hole Address

Port Security Address

After enabling port security in Security → Port Security, the addresses will be displayed in the MAC Address Table → Port
Security Address synchronously.

The list shows interface name, VLAN, MAC address.

Note:

To edit, delete or add security addresses, please navigate to Security → Port Security.

MAC Address Table – Port Security Address

VLAN
A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as
if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a
physical local area network (LAN), but it allows for end stations to be grouped together even if they are not located on the
same network switch. VLAN membership can be configured through software instead of physically relocating devices or
connections.

A user can click on “Add” button to add a new VLAN, also it’s possible to create many VLANs at the same time by specifying a
range, for example (7-9) will create VLAN 7,8 and 9, or create different separated VLANs, for example (11,89) will create VLAN
11 and 89.
 Add a VLAN

If the VLAN is already created there is also the option to modify it by clicking on modify button for more options and
settings like Description, Tagged and Untagged ports and LAGs.

Edit VLAN

VLAN The specified VLAN ID

Description Enter a brief comment for the VLAN ID.

Select from the drop-down list:

Member Type ● Remove All: remove all ports GE/LAG from this VLAN
● Tagged All: Tag all ports GE/LAG to this VLAN
● Untagged All: Untag all ports GE/LAG from this VLAN

Select individually which ports are tagged, untagged or unselected.

Note:

GE ● Unselected ports will not be part of the VLAN

● Tagged ports expects tagged frames (Trunk port) like connecting a switch with another switch.
● Untagged ports expects non-tagged frames (Access port) like connecting a switch with end device.

LAG Select individually which LAGs are tagged, untagged or unselected.

Edit VLAN

Please refer to this Table below for more details about Tagged and Untagged Ports.

Receiving Packets Forwarding Packets

Port Type
Untagged Packets Tagged Packets Tagged Packets

When untagged packets are If the VID of packet is allowed by The packet will be forwarded after
Untagged
received, the port will add the the port, the packet will be received. removing its VLAN tag
 default VLAN tag, i.e. the PVID of If the VID of packet is forbidden by
the ingress port, to the packets. the port, the packet will be dropped. The packet will be forwarded with
Tagged
its current VLAN tag

VLAN Tagged and Untagged

VLAN Port Settings

Port Settings page allows for configuring VLAN on each port and LAG by specifying the Link Type (Trunk, Access and Hybrid)
as well as the default VLAN or PVID, the user can also enable Ingress Filtering for the selected port, also the accepted Frame
Type (All, Tag Only and Untag only).

VLAN Port Settings

Port Shows the selected Port.

Select the Link Type:

● Hyprid: Used for connection between switches, or switch and computer.

Link Type ● Access: used to connect the switch and the user terminal.
● Trunk: used for interconnecting switches or connecting switches and routers, and can carry data frames of
multiple different VLANs.

PVID Enter the default VLAN ID.

Accept Frame
Select the Frame type (Tag Only, Untag Only or All).
Type

Set whether to enable the inbound filtering function of the interface.

Ingress Filtering is only available for Hybrid port, and it's enabled by default.
Ingress Filtering
Note: Ingress filtering is a method used by enterprises and internet service providers (ISPs) to prevent suspicious
traffic from entering a network.

VLAN Port Settings

VLAN Port Members

In this page, the user can define both Tagged and Untagged VLANs (members) for each port individually.

Note

Example: Enter “5-8, 11” to associate 5 VLANs of “5, 6, 7, 8 and 11”.

 VLAN Port Members

Voice VLAN

Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and adding the ports with voice
devices attached to voice VLANs, you can perform QoS-related configuration for voice data, ensuring the transmission priority
of voice data stream and voice quality.

Voice VLAN

Set whether to enable the voice VLAN function.

Voice VLAN
it is disabled by default

Select a VLAN as the voice VLAN from the VLAN list.

Voice VLAN ID
Note: The default VLAN 1 cannot be used as a voice VLAN.

CoS Remarking Set whether to enable CoS Remarking.

Specify the CoS priority, an integer ranging from 0 to 7.

CoS
The default is 6. The higher the value, the higher the priority.

Set the aging time of the voice VLAN.

Aging Time
The value range is an integer from 30 to 65536 , and the default is 1440 minutes .

Port: Displays the selected port.

Status: Set whether to enable the voice VLAN function of the port.
it is disabled by default.
Mode: Set the working mode of the voice VLAN on the port, the options are { manual, auto}. The default is
Edit Port Settings
manual.
Note: When set to " Manual ", the port must be added to the voice VLAN manually, and the LLDP function
needs to be used; when set to " Auto ", the port whose source MAC address matches the OUI in the packet will
be automatically added to the voice VLAN.

Voice VLAN
OUI

An OUI address is a unique identifier assigned by IEEE (Institute of Electrical and Electronics Engineers) to a device vendor. It
comprises the first 24 bits of a MAC address. You can recognize which vendor a device belongs to according to the OUI
address. The following table shows the OUI addresses of several manufacturers. There is also the option to add a custom one
based on user needs.

VLAN – OUI

Spanning Tree
STP (Spanning Tree Protocol), Devices running STP discover loops in the network and block ports by exchanging information,
in that way, a ring network can be disbranched to form a tree-topological ring-free network to prevent packets from being
duplicated and forwarded endlessly in the network.

BPDU (Bridge Protocol Data Unit) is the protocol data that STP, RSTP and MSTP use. Enough information is carried in BPDU to
ensure the spanning tree generation. STP is to determine the topology of the network via transferring BPDUs between
devices.

This page allows a user to configure and display Spanning Tree Protocol (STP) property configuration including the STP Mode
(STP, RSTP or MSTP), Path Cost, Bridge Priority, Max Hops, Hello and Max Aging time and Forward Delay Time.

Spanning Tree – Global Settings

Spanning Tree Set whether to enable Spanning Tree.

Set the operating mode of Spanning Tree (STP).

● STP: Enable the Spanning Tree (STP) operation.

Mode ● RSTP: Enable the Rapid Spanning Tree (RSTP) operation.
● MSTP: Enable the Multiple Spanning Tree Protocol (MSTP)
operation.

Path Cost Specify the path cost method (Short, Long). Default is Short.
 Select the Bridge Priority, In an STP network, the device with the smallest bridge ID is elected as the
root bridge.
Bridge Priority
Default is 32768.
Note: The valid range is 0~61440, which must be a multiple of 4096

Max Hops Select the Max Hops (the range is 1 - 40). Default is 20

Specify the Hello Time in seconds (the range is 1 -10). Default is 2.

Hello Time (s) Note: The time interval at which the device running the STP protocol sends the configuration message
BPDU , which is used by the device to detect whether the link is faulty.

Max Aging Time (s) Select The aging time of BPDU packets of the port (the range is 6 - 40). Default is 20.

Forward Delay Time (s) Specify the Forward Delay Time in seconds (the range is 4 -30). Default is 15.

STP Global Settings

STP Port Settings

To configure STP on each port and LAG then navigate to WEB UI → Spanning Tree → Port Settings, then click on “Edit”
button.

Spanning Tree – Port Settings

For each port or LAG, the user can enable STP and specify the priority, Path Cost, Edge port, BPDU Guard and Filter and Point-
To-Point.

Spanning Tree – Edit Port Settings

Port Displays the selected GE/LAG Port.

Enable STP Set whether to enable STP on this port.

Priority is an important basis for determining whether the port will be selected as the root port. The port with
higher priority under the same conditions will be selected as the root port . The smaller the value , the higher the
Priority
priority . An integer in the range of 0-240, with a step size of 16, and a default of 128 .
Note: The valid range is 0~240, which must be a multiple of 16

Path Cost Set the path cost of the port on the specified spanning tree. The default value is 0, which means that path cost
calculation is performed automatically.
 Note: The valid range is 0~200000000. 0 is equal to auto

Set whether to enable Edge Port or disable it, by default it's on auto.
Notes:

● A port is considered as an edge port when it is directly connected to the user terminal or server, instead of any
Edge Port other switches or shared network segments. The edge port will not cause a loop upon network topology
changes.
● In the edge mode, the interface would be put into the Forwarding state immediately upon link up. While in
auto mode it will detect if the port is an edge or not.

Set whether to enable BPDU Guard.

BPDU Guard Note: BPDU Guard further protects your switch by turning this port into error state and shutdown if any BPDU
received from this port.

Set whether to enable BPDU Filter.

BPDU Filter
Note: Drop all BPDU packets and no BPDU will be sent.

Select Point-to-Point option (Auto, Enabled or Disabled). Default is Auto.

Point-to-Point
Note: determines the STP of link type for this port automatically if set to Auto.

STP Port Settings

Multiple Spanning Tree Instance

MST or Multiple Spanning Tree Instance allows traffic of different VLAN to be mapped into different MST Instances.
GWN780x(P) Switch supports up to 16 independent MST instances (0~15) where each instance can be associated with many
VLANs.

MST Instance

MST Port Settings is used to configure the GE port / LAG group settings for each MST instance.
The table displays the MST parameters for each port.

MST Port Settings

Click on “Edit” button to edit the MST Port Settings for each Port/LAG individually and also the user can even specify the
Path Cost and Priority per Port/LAG as well.
 Edit MST Port Settings

IP

DNS

Domain Name System DNS provides translation services between domain names and IP addresses. GWN7800 Switches act as
a DNS client. When users perform certain applications on the device (such as Telnet to a device or host), they can directly use
a memorable and meaningful domain name, and resolve the domain name to the correct address through the domain name
system.

DNS domain name resolution is divided into static domain name resolution and dynamic domain name resolution which can
be used together when parsing domain names. If the static domain name resolution is unsuccessful, then dynamic domain
name resolution will be used, since dynamic domain name resolution may take a certain amount of time and requires the
cooperation of the domain name server, some commonly used domain names can be put into the static domain name
resolution table, which can greatly improve the effect of domain name resolution.

Global Settings

On this page, the user can designate the switch as a DNS client to resolve DNS names to IP addresses through one or more
configured DNS servers. It’s enabled by default.

To configure DNS on GWN7800 switches, navigate to Web UI → IP → DNS, then click on the Global Settings tab.

DNS – Global Settings

Up to 8 Domain Suffixes and 8 DNS Servers can be added. To add a Domain Suffex or DNS Server click on “+” icon and to
delete click on “–” icon.

Note:

DNS servers are sorted from far to near according to the adding time, and the earliest added servers have the highest priority.

Domain Mapping Table

To add a static DNS or to view the Dynamic ones, click on the Domain Mapping Table tab.
 DNS – Domain Mapping Table

Click on “Add” button to add a new static DNS entry.

Add Static Domain

Note:

Up to 32 static domain names can be added.

The user can also select the dynamic domains and then click on “Add as a static domain” button or icon to make them
as static ones.

MULTICAST
IP multicast is a technique for one-to-many communication over an IP infrastructure in a network. To avoid the incoming data
broadcasting to all GE/LAG ports, multicast is useful to transfer the data/message to specified GE/LAG ports for IGMP
snooping or MLD Snooping. When the Switch receives a message “subscribed” by the client, it must decide to transfer the
data to specified GE/LAG ports according to the location of the client (subscribed member).

IGMP Snooping

As an IPv4 Layer 2 multicast protocol, IGMP snooping is the process of listening to Internet Group Management Protocol
(IGMP) network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers.
By listening to these conversations the switch maintains a map of which links need which IP multicast streams. Multicasts may
be filtered from the links which do not need them and thus controls which ports receive specific multicast traffic.

IGMP Snooping Global Settings

This page allows the user to enable/disable IGMP Snooping function, select snooping version, and enable/disable snooping
report suppression also select the Multicast Forward Mode and what to do with Unknown Multicast Packet.

Note:

Unknown Multicast Packet: This option is associated with the same one MLD Snooping. Whatever option selected here will be
the same as MLD Snooping and vice versa.
 IGMP Snooping Global Settings

Select an action for switch to handle with unknown multicast

packet.

Unknown Multicast Packet ● Drop: Drop the unknown multicast data.

● Flood: Flood the unknown multicast data.
● Forward to Router port: Forward the unknown multicast data to router port.

IGMP Snooping Enable or disable GlobaI IGMP Snooping

Set the Multicast Forward Mode.

Multicast Forward Mode ● MAC-Based: Forward using MAC address.

● IP-Based: Forward using IP address

IGMP Version Select the IGMP Version.

Enable or disable the switch to handle IGMP reports

Report Suppression between router and host, suppressing bandwidth used by
IGMP.

IGMP Snooping Global Settings

The user can also Enable/Disable IGMP Snooping and IGMP Snooping Querier per VLAN and much more.

IGMP Snooping Edit VLAN

VLAN Displays the selected VLAN

IGMP Snooping Click on the toggle button to enable IGMP Snooping for the selected VLAN.

IGMP Snooping Querier Click the toggle button to enable the IGMP Snooping Querier.
 IGMP Snooping Querier Version Select from the drop-down list the IGMP Snooping Querier Version.

Router Port Auto-Learning Click on the toggle button to learn router port by IGMP query.

Select Enable/Disable Fast Leave feature for the desired port.

Port Fast Leave Note: If Fast Leave is enabled for a port, the switch will immediately remove this port from the
multicast group upon receiving IGMP leave messages.

Set a number which allows tuning for the expected packet loss on a subnet.
Query Robustness
The valid range is 1-7

Query Interval (s) Set the interval of querier send general query.

It specifies the maximum allowed time before sending a responding report.

Query Max Response Interval (s)
Note: The valid range is 5-20 in seconds.

After quering for specified times and still not receiving any response from the subscribed
Last Member Query Count member, GWN7800 series switches will stop transmitting data to the related GE port(s).
Note: The valid range is 1-7

The maximum time interval between counting each member query message with no responses
Last Member Query Interval (s) from any subscribed member.
Note: The valid range is 1-25 in seconds

IGMP Snooping Edit VLAN

IGMP Snooping Router Port

This page shows the IGMP querier router known to this switch. Click on “Add” to add another one or Click on “Edit” icon to
modify already created one.

IGMP Snooping Router Port

IGMP Snooping Multicast Address

Dynamic multicast addresses will be listed here and the user can also add static multicast address entries based on VLAN by
clicking on “Add” button or click “Edit” icon to edit.
 IGMP Snooping Multicast Address

IGMP Snooping Multicast Policy

In this page, the user can add a Multicast Policy up to 128 Policy ID to Allow or Reject a range of Multicast Addresses.

IGMP Snooping Multicast Policy

IGMP Snooping Multicast Port

Once the Multicast Policy is created, the user is able to apply this policy on a port.

IGMP Snooping Multicast Port

MLD Snooping

MLD Snooping Global Settings

As an IPv6 Layer 2 multicast protocol, MLD Snooping maintains the outgoing port information of multicast packets by
listening to the multicast protocol packets sent between Layer 3 multicast devices and user hosts, so as to manage and
control multicast data . Forwarding of packets at the data link layer. When an MLD protocol packet transmitted between a
host and an upstream Layer 3 device passes through a Layer 2 device, MLD Snooping analyzes the information carried in the
packet, establishes and maintains a Layer 2 multicast forwarding table based on the information, and guides multicast data in
the data stream.

Global Settings page give the user the ability to enable MLD Snooping as well as selecting Multicast Forward Mode etc.
 MLD Snooping Global Settings

Select an action for switch to handle with unknown multicast

packet.

Unknown Multicast Packet ● Drop: Drop the unknown multicast data.

● Flood: Flood the unknown multicast data.
● Forward to Router port: Forward the unknown multicast data to router port.

Note: This option is associated with the same one IGMP Snooping.

MLD Snooping Enable or disable GlobaI MLD Snooping

Set the Multicast Forward Mode.

Multicast Forward Mode ● MAC-Based: Forward using MAC address.

● IP-Based: Forward using IP address

MLD Version Select the MLD Version.

Enable or disable the switch to handle MLD reports

Report Suppression between router and host, suppressing bandwidth used by
MLD.

MLD Snooping Global Settings

Once Global MLD Snooping is enabled, then the user can enable more settings per VLAN.

MLD Snooping – Edit VLAN

VLAN Displays the selected VLAN

MLD Snooping Click on the toggle button to enable MLD Snooping for the selected VLAN.

MLD Snooping Querier Click the toggle button to enable the MLD Snooping Querier.
 MLD Snooping Querier Version Select from the drop-down list the MLD Snooping Querier Version.

Router Port Auto-Learning Click on the toggle button to learn router port by MLD query.

Select Enable/Disable Fast Leave feature for the desired port.

Port Fast Leave Note: If Fast Leave is enabled for a port, the switch will immediately remove this port from the
multicast group upon receiving MLD leave messages.

Set a number which allows tuning for the expected packet loss on a subnet.
Query Robustness
The valid range is 1-7

Query Interval (s) Set the interval of querier send general query.

It specifies the maximum allowed time before sending a responding report.

Query Max Response Interval (s)
Note: The valid range is 5-20 in seconds.

After quering for specified times and still not receiving any response from the subscribed
Last Member Query Count member, GWN7800 series switches will stop transmitting data to the related GE port(s).
Note: The valid range is 1-7

Set The maximum time interval between counting each member query message with no
Last Member Query Interval (s) responses from any subscribed member.
Note: The valid range is 1-25 in seconds

MLD Snooping – Edit VLAN

MLD Snooping Router Port

If the router port is statically configured, the Layer 2 device will also forward the MLD report and leave message to the static
router port. If a static member port is configured, the interface will be added as the outgoing interface in the forwarding table.
After a Layer 2 multicast forwarding table entry is established on a Layer 2 device, when the Layer 2 device receives a multicast
data packet, it searches for the forwarding table according to the VLAN to which the packet belongs and the destination
address of the packet (that is, the IPv6 multicast group address). Whether the item has the corresponding “outbound interface
information”. If it exists, the packet is sent to all multicast group member ports; if it does not exist, the packet is discarded or
broadcast in the VLAN.

MLD Snooping Router Port

MLD Snooping Multicast Address

GWN780x(P) Switches do also support adding static multicast addresses by specifying the VLAN and member port.
 MLD Snooping Multicast Address

MLD Snooping Multicast Policy

Multicast Policy can be created in this page to allow or reject a range of IPv6 Multicast Addresses. Up to 128 Policy can be
created.

MLD Snooping Multicast Policy

MLD Snooping Multicast Port

The multicast policy can be applied to Gigabit Ethernet/LAG port, the user can also set the maximum number of multicast
groups that the port is allowed to join and set the action when the port multicast exceeds the limit, the default is rejected .

MLD Snooping Multicast Port

PoE
Over Ethernet (PoE) refers to supplying power over an Ethernet network , also known as a local area network-based power
supply system PoL or Active Ethernet.

Usually , the terminal devices of the access point need to use DC power supply , but due to insufficient wiring , these devices
need unified power management . At this time , the switch interface provides the power supply function, which can solve the
above problems and realize the precise control of the port PoE power supply.
Global

This page Displays the Power Supply Info like number of PoE, Total and Remaining PoE Power etc and even the Supply
Voltage.

PoE Global

Click on button to soft restart the PoE module function.

PoE Remaining power

PoE Remaining power(W) : specify the total reserved power of PoE power supply, the default is 20 W.

PoE – Global – Settings

Application scenarios:

The device will dynamically allocate power to each interface according to the power actually consumed by each interface.
During the running process of each PD device, its power consumption will continue to change, and the system will periodically
calculate the total power required by all currently connected PDs. Whether the upper limit of the available PoE power is
exceeded, if it exceeds, the system will automatically power off the PD device on the interface with lower priority to ensure the
normal operation of other devices. However, sometimes there will be a sudden surge in power consumption, the remaining
available power of the system cannot support this surge in demand, and the system has not yet had time to calculate the total
power consumption exceeding the limit, so as to disconnect the power supply of the interface with lower priority. When the
PoE power supply is overloaded, the overload protection will be powered off, and all PD devices will be powered off. Use the
PoE power-reserved command to reasonably set the reserved power of the system. In the event of a sudden surge in power
demand, the reserved power of the system can support the sudden demand and ensure that the system has time to power off
the devices on the interfaces with low priority. method to ensure the stable operation of other equipment.

Interface PoE configuration

Select the switch interface that supports PoE power supply to be configured . Multiple choices are possible.

Click on “Edit” button or icon to change the configuration per port including Power Supply Standard, Power Mode, Power
Limit Mode and Power Supply Priority.
 PoE – Interface

QoS
Popularity of the network and the diversification of services have led to a surge in Internet traffic, resulting in network
congestion, increased forwarding delay, and even packet loss in severe cases, resulting in reduced service quality or even
unavailability. Therefore , in order to carry out these real-time services on the network, it is necessary to solve the problem of
network congestion . The best way is to increase the bandwidth of the network, but considering the cost of operation and
maintenance, this is not realistic . The most effective solution is to apply a ” Guaranteed ” policies govern network traffic. QoS
technology is developed under this background . QoS is quality of service , and its purpose is to provide end-to-end service
quality assurance for various business needs . QoS is a tool for effectively utilizing network resources. It allows different traffic
flows to compete for network resources unequally. Voice, video and important data applications can be prioritized in network
equipment.

Port Priority

This page enables the user to enable the global settings for Port Priority by Enabling/Disabling the feature, the Trust Mode
used by the switch for the received packets, the options are (CoS, DSCP, CoS-DSCP or IP-Precedence).

Once Port Priority is enabled then the user can click on “Edit” button for further configuration per Port/LAG.

QoS – Port Priority

Port Priority Select whether to enable Port Priotiy. (Default is disabled)

Select the QoS operation mode:

● CoS: Traffic is mapped to queues based on the CoS Queue Mapping, it can configured in QoS →
Priority Mapping → CoS Mappging page.
● DSCP: All IP traffic is mapped to queues based on the DSCP field in the IP header. If the traffic is not
Trust Mode IP traffic, it is mapped to the lowest priority queue.
● CoS-DSCP: All IP traffic is mapped to queues based on the DSCP field in the IP header. If the traffic
is not IP traffic but has VLAN tag, mapped to queues based on the CoS value in the VLAN tag. it can
configured in QoS → Priority Mapping → DSCP Mapping page.
● IP-Precedence: The IP precedence is a 3-bit field in TOS that threats high priority packets as more
important than other packets. it can configured in QoS → Priority Mapping → IP Mapping page.
 Edit Port Priority

Port Displays the selected port GE/LAG.

Set the CoS value of the interface, the value range is an integer from 0 to 7 (7 is the highest priority ), the
CoS
default is 0.

Trust Select whether to enable Trust.

Re-marking CoS Set whether to enable Re-marking CoS function of outgoing packets, which is disabled by default.

Re-marking DSCP Set whether to enable Re-marking DSCP function of outgoing packets, and it is disabled by default.

Set whether to enable Re-marking IP Precedence function of outgoing packets, and it is disabled by
Re-marking IP Precedence default.
Note : Only one of DSCP and IP Precedence re-marking can be enabled.

QoS Port Priority

Priority Mapping

Priority mapping is used to realize the conversion between the QoS priority carried in the packet and the internal priority of
the device ( also known as the local priority, which is the priority used by the device to differentiate the service level of the
packet ) so that the device provides the Differentiated QoS service quality. Users can use different QoS priority fields in
different networks according to network planning.

CoS Mapping

Shows the mapping relationship between queues and CoS remarking priorities.

CoS Mapping

DSCP Mapping

Shows the mapping relationship between DSCP values and queue priorities.

DSCP Mapping
 IP Mapping

Shows the mapping relationship between IP priority and queue.

IP Mapping

Queue Scheduling

When congestion occurs in the network, the device will determine the processing order of forwarding packets according to
the specified scheduling policy, so that high-priority packets are preferentially scheduled.

Queue scheduling algorithm : queue scheduling according to the switch interface.

Strict priority ( SP, Strict Priority) scheduling: The flow with the highest priority is served first, and the flow with the
second highest priority is served until there is no flow at that priority. Each interface of the switch supports 8 queues (
queues 0-7 ), queue 7 is the highest priority queue, and queue 0 is the lowest priority queue. Disadvantage : When
congestion occurs, if there are packets in the high-priority queue for a long time, the packets in the low-priority queue
cannot be scheduled, and data cannot be transmitted.

Weighted Round Robin ( WRR, Weighted Round Robin) scheduling: each priority queue is allocated a certain
bandwidth, and provides services for each priority queue according to the priority from high to low. When the high-
priority queue has used up all the allocated bandwidth, it is automatically switched to the next priority queue to serve it.

Queue Scheduling

Queue Shaping

When the packet sending rate is higher than the receiving rate, or the interface rate of the downstream device is lower than
the interface rate of the upstream device, network congestion may occur. If the size of the service traffic sent by users is not
limited , the continuous burst of service data from a large number of users will make the network more congested. In order to
make the limited network resources serve users more effectively, it is necessary to restrict the service flow of users.
 Queue Shaping

Rate Limit

Interface rate limit can limit the total rate of all packets sent or received on an interface . The interface rate limit also uses the
token bucket to control the flow. If an interface rate limit is configured on an interface of the device, all packets sent through
this interface must first be processed through the token bucket of the interface rate limiter . If there are enough tokens in the
token bucket , the packet can be sent; otherwise, the packet will be discarded or cached.

Rate Limit

SECURITY
GWN780x(P) Switches series support many tools and features to enhance the security of the device against misconfiguration
or attacks.

Storm Control

Traffic suppression can limit the rate of broadcast, unknown multicast , unknown unicast, known multicast, and known unicast
packets by configuring thresholds , preventing broadcast, unknown multicast packets, and unknown unicast packets from
generating broadcast storms. Large traffic impact of known multicast packets and known unicast packets.

Storm control can block the traffic of broadcast, unknown multicast and unknown unicast packets by blocking packets or
shutting down ports . The device supports storm control for the above three types of packets on the interface according to
the packet rate, byte rate, and percentage . During a detection interval, the device monitors the average rate of three types of
packets received on the interface and compares it with the configured maximum threshold. When the packet rate is greater
than the configured maximum threshold , the device performs storm control on the interface and executes the Configured
storm control actions. Storm control actions include blocking packets and shutting down / shutdown interfaces.

If packets are blocked, when the average rate of receiving packets on the interface is less than the specified minimum
threshold, storm control will release the blocking of the packets on the interface.

If the action is to shut down / shutdown the interface, you need to manually run the command to bring up the interface,
or enable the interface state to automatically return to UP, it’s also possible to use the Auto Recovery function to bring
up the interface automatically.
 Storm Control

Select Unit:

Unit ● kbps: Storm control rate will be calculated by octet-based.

● pps: Storm control rate will be calculated by packet-based.

Select IFG ( Inter Frame Gap ):

IFG ● Excluded: Exclude IFG when count ingress storm control rate.
● Included: Include IFG when count ingress storm control rate.

Storm Control → Edit

Port Displays the selected port.

Storm Control Select whether to enable Storm Control on the selected port or not.

Set whether to enable the storm threshold setting for broadcast packets. If Enabled Please enter a
Broadcast Treshhold (Kbps).
Note: The valid range is 16~1000000, which must be a multiple of 16. Default is 10000.

Set whether to enable the storm threshold setting for the Unknown Multicast packets If Enabled Please
Unknown Multicast enter a Treshhold (Kbps).
Note: The valid range is 16~1000000, which must be a multiple of 16. Default is 10000.

Set whether to enable the storm threshold setting for the Unknown Unicast packets. If Enabled Please
Unknown Unicast enter a Treshhold (Kbps).
Note: The valid range is 16~1000000, which must be a multiple of 16. Default is 10000.

Select the state of setting

Action ● Drop: Packets exceed storm control rate will be dropped.

● Shutdown: Port exceeds storm control rate will be shutdown.

Storm Control

Port Security

By converting the MAC address learned by the interface into secure MAC addresses ( including secure dynamic MAC address,
secure static MAC address and Sticky MAC) , port security prevents illegal users from communicating with the switch through
this interface, thereby enhancing the security of the device.

Security MAC addresses are divided into: Secure Dynamic MAC, Secure Static MAC and Sticky MAC.
 If enabled but the Sticky MAC function is If the device is restarted, the entries will be
Secure Dynamic MAC Address
not enabled. lost and need to be relearned.

Static MAC address manually configured The entries will not be aged, and will not
Secure Static MAC Address
when port security is enabled. be lost after a reboot.

The MAC address converted after the port The entries will not be aged , and the
Sticky MAC Address security is enabled and the Sticky MAC addresses will not be lost after restarting
function is enabled at the same time the device.

Secure MAC Address Types

Port Security

Port Security Click Allow to set the port security function to be enabled globally , by default is disabled.

Set the rate at which the port MAC address is learned. The value is an integer from 1 to 600, the default
Rate Limit (packet/s)
is 100.

Edit Port Security

Port Displays the selected ports.

Port Security Address Click to enable Port Security Address, by default is disabled.

Set the maximum number of MAC addresses to be learned by the interface , the value range is an
integer from 1 to 256 , and the default is 1 . After the maximum number is reached , if the switch
Maximum MAC Number receives a packet whose source MAC address does not exist, regardless of whether the destination MAC
address exists, the switch considers that there is an attack by an illegal user, and will protect the
interface according to the port protection configuration (Protect, Restrict or Shutdown).

When the port security is enabled, the Sticky MAC function can be enabled, by default it's disabled .
When enabled, the interface will convert the learned secure dynamic MAC address into a Sticky MAC.
Sticky MAC If the maximum number of MAC addresses has been reached, the MAC address in the non-sticky MAC
entry learned by the interface will be discarded , and a trap alarm will be reported according to the
interface protection mode configuration.

Port Protection Set the protection action when the number of MAC addresses learned by the interface reaches the
maximum number or static MAC address flapping occurs .
There are three modes (Protect, Restrict or Shutdown), the default is Protect.

● Protect: Only discard the packets whose source MAC address does not exist, and does not report an
alarm.
● Restrict: Discard packets with nonexistent source MAC addresses and report an alarm.
● Shutdown: The interface state is set to error-down and an alarm is reported.
Note: By default, an interface will not automatically recover after being shut down, and the
interface can only be enabled by the network administrator under the interface. If you want the shut
 down interface to be restored automatically , you can enable Port Auto Recovery function to
automatically restore the interface status to Up.

Port Security

Port Isolation

With the port isolation function, the isolation between ports in the same VLAN can be realized. As long as the user adds the
port to the isolation group, the Layer 2 data isolation between the ports in the isolation group can be realized. The port
isolation function provides users with a safer and more flexible networking solution.

Note:

Due to software limitations, only one isolation group is currently supported, and the port isolation function is disabled by
default, that is, the port is added to the default isolation group . After joining , two-way isolation is performed between ports .

Port Isolation

ACL

Access control list (ACL) is a collection of one or more rules. A rule is a judgment statement that describes the matching
conditions of a packet. These conditions can be the source address, destination address, port number, etc. of the packet. ACL
is essentially a packet filter, and the rule is the filter element of the filter. The device matches packets based on these rules,
filters out specific packets , and allows or organizes the packets to pass through according to the processing policy of the
service module that applies the ACL.

Notes:

One ACL supports setting multiple rules . When the rule settings (except the rule number ) are identical, it will prompt ” This
rule already exists”

If there is no match after all the rules are traversed , the Deny message will be sent directly .

IPv4 ACL

This page displays the list of IPv4 ACL and the number of rules.
 ACL – IPv4

IPv6 ACL

The same as the IPv4 ACL, there is also a list for IPv6 ACL, and the same applies here.

ACL – IPv6

MAC ACL

A MAC access control list (ACL) lets you permit or deny WiFi access to individual devices based on their MAC addresses.
For example, if you notice a guest device that is using too much bandwidth, you can deny WiFi access to it without affecting
other guest devices.

MAC ACL

ACL Binding

ACL Binding lets the user bind MAC ACL or IP ACL to a certain ports GE/LAG.
 ACL Binding

IP Source Guard

IP source guard attack is a source IP address filtering technology based on Layer 2 interface. It can prevent malicious hosts
from forging IP addresses of legitimate hosts to impersonate legitimate hosts, and also ensure that unauthorized hosts cannot
access by specifying their own IP addresses. network or attack the network. IPSG uses the binding table (source IP address,
source MAC address, VLAN to which it belongs, and the binding of the inbound interface ) to match and check the IP packets
received on the Layer 2 interface. Only the packets matching the binding table are allowed to pass through.

IP Source Guard

In this page the user can specify the IP and MAC addresses as well as the VLAN for a port LAN/LAG.

Quaternary Binding Table

Anti Attack

In the network , there are a large number of malicious attack packets targeting the CPU and various types of packets that
need to be normally sent to the CPU. Malicious attack packets targeting the CPU will cause the CPU to be busy processing
attack packets for a long time, thereby causing interruption of other services or even system interruption ; a large number of
normal packets will also lead to high CPU usage and performance degradation, thus affecting the normal business.

In order to protect the CPU and ensure that the CPU can process and respond to normal services , the switch provides a local
attack defense function , which is aimed at the packets sent to the CPU. It operates normally to avoid the mutual influence of
various services when the device is attacked.
Attack defense is an important network security feature. It analyzes the content and behavior of the packets sent to the CPU
for processing, determines whether the packets have attack characteristics, and configures certain preventive measures
against the packets with attack characteristics. Defense attacks are mainly divided into malformed packet attack defense,
fragmented packet attack defense, and flood attack defense.

Anti Attack

Dynamic ARP Inspection (DAI)

To defend against man-in-the-middle attacks and prevent data of legitimate users from being stolen by the man-in-the-
middle, you can enable dynamic ARP inspection. The device compares the source IP, source MAC, interface, and VLAN
information corresponding to the ARP packet with the information in the binding table. If the information matches, it means
that the user who sent the ARP packet is a legitimate user, and the user is allowed. If the ARP packet passes, otherwise it is
considered an attack and the ARP packet is discarded.

Dynamic ARP inspection can be enabled in the interface view , or VLAN view. When enabled in the interface view , the binding
table matching check is performed on all ARP packets received by the interface ; when enabled in the VLAN view . Then, the
binding table matching check is performed on the ARP packets belonging to the VLAN received by the interface that joins the
VLAN.

When the device discards a large number of ARP packets that do not match the binding table, if you want the device to alert
the network administrator in the form of an alarm , you can enable the dynamic ARP inspection discarded packet alarm
function. When the number of discarded ARP packets exceeds the alarm threshold , the device generates an alarm.

DAI

The statistics about DAI activities will be listed here for each port GE/LAG with the options of refreshing the statistics or
clearing specified port data.
 DAI Statistics

RADIUS

RADIUS is a distributed, client /server information exchange protocol that can protect the network from unauthorized access.
It is often used in various network environments that require high security and allow remote users to access. This protocol
defines the UDP-based RADIUS packet format and its transmission mechanism, and specifies destination UDP ports 1812 and
1813 as the default authentication and accounting port numbers, respectively.

Radius provides access services through authentication and authorization, and collects and records the use of network
resources by users through accounting . The main features of RADIUS protocol are: client/server mode, secure message
exchange mechanism and good expansibility.

RADIUS

TACACS+

TACACS+ (Terminal Access Controller Control System Protocol) is a security protocol with enhanced functions based on the
TACACS protocol. This protocol is similar in function to the RADIUS protocol, and uses the client/server mode to implement
the communication between the NAS and the TACACS+ server.

TACACS+ is a centralized, client /server structure information exchange protocol, which uses TCP protocol for transmission,
and the TCP port number is 49. The authentication , authorization and accounting servers provided by TACACS+ are
independent of each other and can be implemented on different servers. It is mainly used for authentication, authorization
and accounting of access users who access the Internet by means of point-to-point protocol PPP or virtual private dial-up
network VPDN and management users who perform operations.

TACACS+ is similar to RADIUS protocol : ( 1 ) both adopt client /server mode in structure; (2) both use shared key to encrypt
the transmitted user information ; ( 3 ) both have better flexibility and expansibility. TACACS+ has more reliable transmission
and encryption characteristics, and is more suitable for security control.
 TACACS+

AAA

Access control is used to control which users can access the network and which network resources can be accessed. AAA is
short for Authentication , Authorization , and Accounting , and provides a management framework for configuring access
control on NAS ( Network Access Server) devices .

As a management mechanism of network security , AAA provides services in a modular manner:

Authentication , confirming the identity of users accessing the network , and judging whether the visitor is a legitimate
network user;

Authorization , giving different users Different permissions limit the services that the user can use;

Billing , record all operations during the user’s use of network services, including the type of service used, start time, data
flow, etc., to collect and record the user’s The usage of network resources, and can realize the charging requirements for
events and traffic, and also monitor the network.

AAA adopts a client /server structure. The AAA client runs on the access device, usually referred to as a NAS device, and is
responsible for verifying user identity and managing user access; AAA server is a collective name for authentication server,
authorization server and accounting server. Responsible for centralized management of user information. AAA can be
implemented through a variety of protocols. Currently, devices support AAA based on RADIUS or TACACS + protocol. In
practical applications, RADIUS protocol is most commonly used.

AAA

802.1X

802.1X protocol is a port – based network control protocol . Port – based network access control refers to verifying user
identities and controlling their access rights at the port level of LAN access devices. The 802.1X protocol is a Layer 2 protocol
and does not need to reach Layer 3. It does not require high overall performance of the access device , which can effectively
reduce network construction costs. Authentication packets and data packets are separated through logical interfaces to
improve security.

802.1X Port Mode

802.1X Port
 802.1X Port

DHCP Snooping

DHCP snooping ensures that DHCP clients obtain IP addresses from legitimate DHCP servers, and records the correspondence
between IP addresses and MAC addresses of DHCP clients to prevent DHCP attacks on the network.

In order to ensure the security of network communication services, the DHCP Snooping technology is introduced, and a
firewall is established between the DHCP Client and the DHCP Server to defend against various attacks against DHCP in the
network.

DHCP Snooping

DHCP Option 82

Option 82 is called the relay agent information option and is inserted by the DHCP relay agent when forwarding client-
originated DHCP packets to a DHCP server.

To identify the device accessed by the client, the user can enter his MAC address in the remote ID.

Circuit id is used to identify the VLAN, interface and other information where the client is located.

DHCP Option 82

DHCP Port Settings

This page allows a user to configure detailed settings of DHCP Snooping for each port (GE/LAG).

Any device that is not in the service provider network will be regarded as an entrusted source (such as a customer switch).

DHCP Port Settings

DHCP Statistics

This page displays all statistics recorded by DHCP snooping function.

DHCP Statistics

SNMP
Network Management Protocol (SNMP) is an “Internet-standard protocol for managing devices on IP networks”. Devices that
typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. SNMP is used mostly
in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a
set of standards for network management, including an application layer protocol, a database schema, and a set of data
objects. An SNMP-managed network consists of three key components:

Managed device

Agent – software which runs on managed devices

Network management station (NMS) – software which runs on the manager

A managed device is a network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional
(read and write) access to node-specific information. Managed devices exchange node-specific information with the NMSs.
Sometimes called network elements, the managed devices can be any type of device, including, but not limited to, routers,
access servers, switches, bridges, hubs, IP telephones, IP video cameras, computer hosts, and printers. An agent is a network-
management software module that resides on a managed device. An agent has local knowledge of management information
and translates that information to or from an SNMP-specific form. A network management station (NMS) executes
applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources
required for network management. One or more NMSs may exist on any managed network.

Global settings page allows the user to enable the SNMP function with the Local Engine ID or add a Remote Engine ID.
 SNMP -Global Settings

SNMP Select whether to enable SNMP.

Set the engine ID of the local SNMP entity or click "Reset" to restore to the initial value.
Note: The default is 8000 A59Dxxxxxxxx, where xxxxxxxx is the device MAC address by default, which
Local Engine ID
can be modified by the user . It is expressed in hexadecimal , and the length is limited between 2 and 56
characters. The number of characters must be an even number .

Edit Remote Engine ID

Set the engine ID of the SNMP management side , and the remote user is established under the remote
Remote Engine ID engine. The input length is limited to 10-64 characters, expressed in hexadecimal , and the number of
characters must be an even number.

Set the address of the network management station server, support input of Hostname and IP address
Server Address (including IPv4 and IPv6), and need to meet the requirements of various types of address formats,
otherwise an error message is required.

SNMP Global Settings

View Management

This page allows the network administrator to create MIB views (Management information
base) and then include or exclude OID (Object Identifier) in a view.

SNMP – View Management

Group Management

This page allows the network administrator to group SNMP users and assign different
authorization and access privileges.
 SNMP – Group Management

Community Management

This page allows a user to add/remove multiple communities of SNMP.

SNMP – Community Management

SNMP User Management

This page allows a user to configure SNMPv3 user profile.

SNMP – User Management

Notification Management

This page allows a user to configure a host to receive SNMPv1/v2/v3 notification.

 SNMP – Notification Management

Trap Event

This page allows a user to add or delete SNMP trap receiver IP address and community name.

SNMP – Trap Event

MAINTENANCE AND TROUBLESHOOTING

Diagnostics

GWN780x(P) Switches support many diagnostics tools that can help the user troubleshoot the issue and resolve it. These tools
include Logs, Ping, Traceroute, Mirroring and Fiber Module.

Logs

This page lists all the generated Logs with details and level and generated time, also an option to export the list is available.

Diagnostics – Logs

Adding a Log Server Address to the logs to be sent to is also supported on the GWN780x(P) Switches.
 Log Server Address

Ping

The user in this page can enter the IP Address or Hostname then click “Start”, the results of the ping command will be shown
below.

Ping

Traceroute

Another tool is Traceroute that shows the number of hops, and GWN780x(P) Switches enables the user to run Traceroute
commands right from the Switches WEB UI.

Traceroute

Port Mirroring

Mirroring refers to copying the packets from the specified source to the destination port. The specified source is called the
mirroring source, the destination port is called the observing port , and the copied packet is called the mirroring packet.

Mirroring can make a copy of the original packet without affecting the normal processing of the original packet by the device,
and send it to the monitoring device through the observation port to determine whether the service running on the network
is normal.
 Port Mirroring

Fiber Module

This pages provides the user with the information about the fiber module for each Port that supports it. Select the port from
the drop-down list and click refresh icon.

Note: The information displayed on the optical module of each manufacturer is different.

Fiber Module

RMON

RMON (Remote Monitoring) based on SNMP (Simple Network Management Protocol) architecture, functions to monitor the
network. RMON is currently a commonly used network management standard defined by Internet Engineering Task Force
(IETF), which is mainly used to monitor the data traffic across a network segment or even the entire network so as to enable
the network administrator to take the protection measures in time to avoid any network malfunction. In addition, RMON MIB
records network statistics information of network performance and malfunction periodically, based on which the management
station can monitor network at any time effectively. RMON is helpful for network administrator to manage the large-scale
network since it reduces the communication traffic between management station and managed agent.

Note:

RMON Statistics

Ethernet statistics function ( corresponding to the statistics group in the RMON MIB) : The system collects basic statistics of
each network being monitored. The system will continuously count the traffic of a certain network segment and the
distribution of various types of packets, or the number of error frames of various types , the number of collisions , etc. The
number of data packets , the number of broadcast and multicast packets, the number of received bytes, the number of
received packets, etc.
 RMON – Statistics

RMON History

The system will periodically collect statistics on various traffic information , including bandwidth utilization, number of error
packets and total number of packets based on the History ID.

Click on “Add” button to create a History ID specifying the Port as well.

RMON – History

RMON Event

The event group controls the events and prompts from the device, and provides all events generated by the RMON Agent.
When an event occurs, it can record logs or send Trap to the network management station.

RMON Event

RMON Alarm

The system monitors the specified alarm variable. After pre-defining a set of thresholds and sampling time for the specified
alarm, the system will obtain the value of the specified alarm variable according to the defined time period. When the value of
the alarm variable is greater than or equal to the upper threshold, an upper alarm event will be triggered. When the value of
the alarm variable is less than or equal to the lower threshold, a lower alarm event is triggered.
 RMON – Alarm

LLDP/LLDP MED

LLDP/LLDP MED is a one-way protocol, there are no request/response sequences. Information is

advertised by stations implementing the transmit function, and is received and processed by
stations implementing the receive function.

LLDP MED is an enhancement to LLDP that provides additional functionality to support media devices. LLDP MED features
include: enabling network policy advertisement and discovery for real-time applications (such as voice and/or video);

LLDP Global Settings

This page allows a user to set general settings for LLDP including enabling LLDP and other parameters .

LLDP Global Settings

More configuration can adjusted per port (GE1 to GE10).

LLDP Port Settings

LLDP MED Network Policy

This page allows the network administrator to set MED (Media Endpoint Discovery) network
policy. Click on “Add” button to add a Network Policy.

LLDP MED Network Policy

LLDP MED Port Settings

The user can configure LLDP MED Settings for each port in this page.

LLDP MED Port Settings

LLDP Device Info

This page displays information for LLDP Local Device connected to each port. Click on the port to view related LLDP
information about that port.

LLDP Device Info

Neighbor Info

This page lists the neighbors obtained on the switch ports. Click on “Refresh” button to update the list.
 LLDP Neighbor Info

LLDP Statistics

View the LLDP statistics of the local device through this feature. Click on “Refresh” to update the list.

LLDP Statistics

UPGRADE AND PROVISIONING

Upgrade

GWN780x(P) Switches support manual upload firmware upgrade via a BIN file that can downloaded from Grandstream
Firmware page: https://www.grandstream.com/support/firmware

Upgrade Via Network is also supported by specifying the Firmware Server Path (For example: firmware.grandstream.com).

Upgrade

Backup and Restore

Click on “Factory Reset” button to reset the GWN780x(P) Switch back to default settings, or restore to previously saved backup
by uploading a configuration file, these configuration files can be used as a way to back up the device running configuration
or saved configuration.
 Backup and Restore

Time Settings

Related Time Settings can be found on this page, the time can be either set manually or by using a NTP Server .

Time Settings

Login Service

GWN780x(P) Switches support setting the management IP address as the device Web access address, either Static or using
DHCP.

Note:

If no DHCP server is available, the GWN780x(P) default IP address is 192.168.0.254.

Type the switch’s default management IP address http://<gwn780x(P)> in the browser, and enter username and password to
login. (The default administrator username is “admin” and the default random password can be found at the sticker on the
GWN7800 switch).

Login Service

On the second page (Access Control), the user can specify the Web Idle Timeout before the web page auto lock, and also
enabling Telnet or SSH.
User Management

There are three levels of users, namely administrator, operator and monitor. The administrator authenticates and authorizes
users who log in to the switch according to management need where each user has different permissions and passwords.

1. Administrator

Each device has one and only one administrator.

The highest privileges, can execute any command.

The username admin cannot be changed, only the password can be changed.

Support adding, deleting operator and monitor.

2. Operator

Added by administrator, there can be multiple accounts as Operators.

The second highest authority, can execute all commands except the administrator’s key operations and important
mandatory commands

Can’t change the username, only password.

Support adding, deleting Monitor users.

Note:

All features of admin are allowed except setting management IP address and factory reset.

3. Monitor

Multiple Monitors are possible with the permission of an Administrator or Operator.

The lowest authority, can only view switch status and statistics without any execution and configuration authority.

Can’t change the username, only password.

Note:

Can only view information.

Click on “Add” button to add new user then specify the password the user level (Operator or Monitor).

User Management

CHANGE LOG
This section documents significant changes from previous versions of the GWN780x(P) switches user manuals. Only major new
features or major document updates are listed here. Minor updates for corrections or editing are not documented here.

Firmware Version 1.0.1.36

Product Name: GWN7801(P) / GWN7802(P) / GWN7803(P)

 Added DNS configurations for switch IP service. [DNS]

Firmware Version 1.0.1.30

Product Name: GWN7801(P) / GWN7802(P) / GWN7803(P)

No major changes

Firmware Version 1.0.1.20

Product Name: GWN7801(P) / GWN7802(P) / GWN7803(P)

This is the initial version.