Netgear Switch M4100 User's Manual
Contents
1. Netgear Switch Config exit Chapter 5 VLAN Routing 69 ProSafe M4100 and M7100 Managed Switches Web Interface Create Two VLANs 1 Create VLAN 10 and VLANZ2O a Select Switching gt VLAN gt Advanced gt VLAN Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index i STP Multicast Address Table Ports LAG VLAN Configuration Reset Configuration Reset Configuration VLAN Membership VLAN Status gt MAC Based VLAN LAN Configuration Configuration O Configuration 1 Default Default Protocol Based In the VLAN ID field enter 10 In the VLAN Name field enter VLAN10 In the VLAN Type list select Static Click Add Select Switching gt VLAN gt Advanced gt VLAN Configuration A screen similar to the following displays papos Switching Routing QoS Security Monitoring Maintenance Help Index i STP Multicast Address Table Ports LAG VLAN Configuration Reset Configuration Reset Configuration VLAN Membership VLAN Status 2 MAC Based VLAN LAN Configuration Configuration ma E Configuration Default Default Protocol Based gl VLAN Group VLANIO Static g In the VLAN ID field enter 20 h In the VLAN Name field enter VLAN20 i Inthe VLAN Type list select Static j Click Add 2 Add ports to the VLAN10 and VLAN20 a Select Switch2. Under Diffserv Class Configuration enter the following information e Inthe Source IP Address field enter 172 16 20 0 e Inthe Source Mask field enter 255 255 255 0 Click Apply 4 Create the class test_dept a Select QoS gt DiffServ gt Advanced gt Class Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help CoS Diffserv Wizard Class Configuration gt Basic Advanced Class Table Class aa test dept Configuration fl finance_dept Policy marketing_dept All Configuration Service Configuration Service Statistics b Enter the following information e Inthe Class Name field enter test_dept e Inthe Class Type list select All c Click Add to create a new class test_dept Chapter 12 DiffServ Index Index ProSafe M4100 and M7100 Managed Switches d Click test_dept to configure this class _ System Switching Routing QoS Security Monitoring Maintenance Help Index CoS 3 Class Information gt Diffserv Wizard gt Basic Class Name test_dept Advanced cass Type DiffServ Configuration Class Configuration Match Every E Poley Reference Class s S Na Class of Service H Configuration VLAN sd 4093 Service Statistics Ethernet Type i 0600 FFFF Source MAC Source MAC Mask Destination MAC es Destination MAC Mask a Protocol Type B a 0 255
3. 0005 304 DIG SOONG 44444 6545s hada ds ht ede esa woe een dese een 305 CLI Configure DHCP Snooping 0 000 cee ees 306 Web Interface Configure DHCP Snooping 005 307 Enter Static Binding into the Binding Database 309 CLI Enter Static Binding into the Binding Database 309 Web Interface Enter Static Binding into the Binding Database 310 Maximum Rate of DHCP Messages 0 00 e eee ee eee 310 CLI Configure the Maximum Rate of DHCP Messages 311 Web Interface Configure the Maximum Rate of DHCP Messages 311 IP Source GUIO 2reu 1 Gace ead E amp REN GS be pow hee ons 312 CLI Configure Dynamic ARP Inspection 00050 312 8 Contents ProSafe M4100 and M7100 Managed Switches Web Interface Configure Dynamic ARP Inspection 313 Chapter 16 SNTP Show SNTF VC LOA ocs sasss e caeneeab eaves E E E Bly SNOW SI 4oe 8 5 on oh ee Galas eee ee eo ee oe 4 ee 317 SHOW SMID CIONI 6 45 athe we oa ae ie ea een a 318 show sntp server ob sw haeddwe va heeded de ew bode ow ae 318 Congre SNP pace piste eht oe dendee es ens odeee ones ee geae ee ed 319 GLI Configure SNTP cance ecade ween 6 4405 0eee eeaee peeee 4548 319 Web Interface Configure SNTP 0 0 cee eee 320 Set the Time Zone CLI Only 2 0 0 0 0 ccc eee 321 Set the Named SNTP Server 0 00 0 ccc eee eee eee 321 CLI Set the Named S
4. Switch Switch Switch Interface 2 0 21 ipv6 nd other config flag Switch Interface 2 0 21 ipv6 dhcp server ipv6_server Switch Interface 2 0 21 exit Web Interface Configure Stateless DHCPv6 Server 1 Enable ipv6 routing a Select Routing gt IPv6 gt Basic gt Global Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP i Multicast IPv Multicast IPv6 Global Configuration IPv6 Global Configuration s Route Table IPv6 Unicast Routing C Disable Enable gt Advanced Hop Limit 0 0 to 255 ICMPv6 Rate Limit Error Interval 1000 Oto 2147483647 msecs ICMPv6 Rate Limit Burst Size 100 1 to 200 b For IPv6 Unicast Routing select the Enable radio button c Click Apply 2 Enable ipv6 routing on the interface 2 0 21 a Select Routing gt IPv6 gt Advanced gt Interface Configuration A screen similar to the following displays IPv6 Interface Configuration IPv6 Interface Configuration Global Configuration Interface Configuration t23 al Prefix Configuration Statistics DHCPv6 Stateless Address outin Neighbour Table bho Client Mode AutoConfig Mode gt Stotic Route Configuration Route Table gt Route Preference 2 0 1 i Disable Disable Disable Enable Disable Tunnel Configuration 2 0 2 i Disable
5. Netgear Interface 1 0 5 Netgear Netgear Interface 1 0 5 exit 7 Enable DHCP L2 relay on port 1 0 6 Netgear Switch Config interface 1 0 6 Netgear Switch Interface 1 0 6 dhcp 12relay 8 Trust packets with option 82 received on port 1 0 6 Netgear Interface dhcp 12relay trust Netgear Interface vlan pvid 200 Interface vlan participation include 200 Netgear Netgear Interface exit Web Interface Enable DHCP L2 Relay 1 Create VLAN 200 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance STP Multicast Address Toble Ports LAG Basic VLAN Configuration VLAN Configuration Reset gt Advanced Reset Configuration Internal LAN Configuration Internal VLAN Allocation Base 4093 Internal VLAN Allocation Policy Cc Ascending E Descending YLAN Configuration Help ake LAN ID YLAN Hame YLAN Type b In the VLAN ID field enter 200 c In the VLAN Type field select Static d Click Add 2 Add ports to VLAN 200 Chapter 29 DHCP L2 Relay and L3 Relay Index ProSafe M4100 and M7100 Managed Switches e Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays STP Multicast Address Table Ports LAG Routing QoS Security Monitoring Maintenance Help In
6. 80 VLAN Routing with RIP ccanandasewcdn amp een vers etkeaneded eaeas 82 CLI Configure VLAN Routing with RIP Support 82 Web Interface Configure VLAN Routing with RIP Support 84 Chapter 7 OSPF Inter area Router 0 cc eee eee 87 CLI Configure an Inter area Router 0 0 00 eee eee 87 Web Interface Configure an Inter area Router 89 OSPF on a Border Router 154416404564 200 e240 eee e NRE 92 CLI Configure OSPF on a Border Router 00005 92 Web Interface Configure OSPF on a Border Router 93 SIU Fae ne pa oe keds bead Ga ee 2 E ne ee a ep 98 CLI Configure Area 1 as a Stub AreaonAl 000085 98 Web Interface Configure Area 1 as a Stub AreaonA1 100 CLI Configure Area 1 as a Stub AreaonA2 0000 103 Web Interface Configure Area 1 as a Stub AreaonA2 104 NSSA ATGAS o ean beta eee a yaeeeee as dohee a bees Gaeeesoees Geen 107 CLI Configure Area 1 as annssa Area eee 107 Web Interface Configure Area 1 as an nssa AreaonA1 108 CLI Configure Area 1 as annssa Area on A2 000 ee 111 Web Interface Configure Area 1 as an nssa AreaonA2 113 VEAN Routing OSPF eresas 5 0es eda Sia Seed howe eee ERRANEN 116 CLI Configure VLAN Routing OSPF 0 00 eee ees 118 Web Interface Configure VLAN Routing OSPF 119 eoan EET EEE E A
7. Netgear Switch Config exit Chapter 12 DiffServ 219 ProSafe M4100 and M7100 Managed Switches Web Interface Diffserv for VoIP 1 Set queue 5 on all interfaces to use strict mode a Select QoS gt CoS gt Advanced gt CoS Interface Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index i DiffServ Interface Queue Configuration Interface Queue Configuration Configuration Go To Interface Go 802 1p Queue Mapping oe Minimum Scheduler queue Interface Management IP Precedence Bandwidth Type Queue Mapping eoat DE Mapping 170 1 weighted taildrop CoS Interface Configuartion Interface Queue Configuration B weighted taildrop C 170 2 weighted taildrop Under Interface Queue Configuration select all the interfaces In the Queue ID list select 5 In the Scheduler Type list select Strict e Click Apply to save the settings 2 Enable DiffServ a Select QoS gt DiffServ gt Basic gt DiffServ Configuration 29 5 A screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index Diffserv configuration DiffServ Config Configuration Diffserv Admin Mode Disable Enable gt Advanced b For Diffserv Admin Mode select the Enable radio button c Click Apply to save the settings 3 Create a class class voip a Select QoS gt DiffServ gt
8. RADIUS E b Select the defaultList check box C d Click Add In the 1 list select RADIUS 6 Configure the RADIUS authentication server a Select Security gt Management Security gt Radius gt Server Configuration Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches 29 5 e A screen similar to the following displays System Switching Routing 205 security Monitoring Maintenance Help Index Aconss Port Authentication Trafic Control Control ACL gt Local User Server Configuration RADIUS Radius Server Configuration Configuration Radius Server IP andes N E el pet Secret l adius Server Name urren a k Server Address Configured RN E a a OO kE Accounting Server 192 168 0 1 Configuration gt TACACS rthentication Malformed Authentication Radius ACCeSs ACCESS ACCESS ficcess Access OTTES List Access _ Login Statistics Server _ Requests Retransmissions Accepts Rejects Challenges Authenticators Reque Responses In the Radius Server IP Address field enter 192 168 0 1 In the Secret Configured field select Yes In the Secret field enter 12345 Click Add 7 Configure the guest VLAN a Select Security gt Port Authentication gt Advanced gt Port Authentication A screen similar to the following displays System Switching Routing I es Security Monitoring Maintenance Help ndex Monogement Security
9. 0te2s5 ICMPv6 Rate Limit Error Interval 1000 0 to 2147483647 msecs ICMPv6 Rate Limit Burst Size 1 to 200 b For IPv6 Unicast Routing select the Enable radio button c For IPv6 Forwarding select the Enable radio button d Click Apply Enable IPv6 routing on the VLAN a Select Routing gt IPv6 gt Advanced gt Interface Configuration Chapter 27 IPv6 Interface Configuration ProSafe M4100 and M7100 Managed Switches 29 5 e A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Inde Routing Table IP VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast IPv amp Multicast gt Basic IP v6 Interface Configuration Advanced gt Global IPv6 Interface Configuration Configuration gt Interface Configuration Duplicate 1 2 VLANS All gt Prefix Routin Admin Operational Address Life Configuration AVSrEACO eve POS Mode 7 Mode ane the Detection Wes gt Statistics Transmits der enable zi enable EE 1500 isoo Configuration iv gt Route Table gt Route Preference Interval 1 2 VLANS All gt Tunnel Configuration Click VLANS The logical VLAN interface 0 4 2 displays Select the 0 4 2 check box Under IPv6 Interface Configuration in the IPv6 Mode field select Enable Click Apply 6 Assign an IPv6 address to the routing VLAN a 92090 5 Select Routing gt IPv6 gt Advanced g
10. 424 Create an IPv6 Network Interface 0 0 ccc eee 425 CLI Configure the IPv6 Network Interface 05 426 Web Interface Configure the IPv6 Network Interface 426 Create an IPv6 Routing VLAN 0 0 cee ees 427 CLI Create an IPv6 Routing VLAN 000 eee eee 427 Web Interface Create an IPv6 VLAN Routing Interface 429 Configure DHCPv6 Mode on the Routing Interface 432 CLI Configure DHCPv6 mode on routing interface 432 Web Interface Configure DHCPv6 mode on routing interface 433 Chapter 28 PIM PMO tat tettek eee se goes oes bees se ores beets es eae enced 435 CLI Configure PIM DM 2455 hsecacaneehiwdeede res anneeaexks 437 Web Interface Configure PIM DM 0 000000 e eee 441 PINON g2capetaede ee epera bend ba Fag beads msg ee eh seba eee S 460 CLI Configure PIM SM 00 461 Web Interface Configure PIM SM 0000 e eee ees 465 12 Contents ProSafe M4100 and M7100 Managed Switches Chapter 29 DHCP L2 Relay and L3 Relay DACP L2 Rolay 2 isto onctene ite ae beneee iieii tiiri aiii 488 CLI Enable DHCP L2 Relay 0 0 0 ccc eee 489 Web Interface Enable DHCP L2 Relay 0055 490 Cr ESTE succes ec eat eteee deve tweae shoe hee ieee 494 Configure the DHCP Server Switch 0 0c cece 494 Configure a DHCP L3 Switch 0 0 0 es 499 Chapter
11. Disable Disable Admit All Admit All b Scroll down and select the interface 1 0 1 and 1 0 24 check boxes c In the PVID 1 to 4093 field enter 300 d Click Apply to save the settings 4 Enable MLD snooping on the switch a Select Routing gt Multicast gt MLD Snooping gt Configuration A screen similar to the following displays VLAN STP i Address Table Routing Qo5 i Security Monitoring Maintenance Help Ports LAG MFDB _ MLD Snooping Configuration gt IGMP Snooping MLD Snooping Configuration Interface Configuration 2 MLD LAN Configuration MLD Snooping Configuration _ MLD Snooping Admin Mode C Disable Enable Multicast Control Frame Count i Interfaces Enabled for MLD Snooping Data Frames Forwarded by the CPU i 2 Multicast Router YLAN IDs Enabled for MLD Snooping b For MLD Snooping Admin Mode select the Enable radio button c Click Apply 5 Enable MLD snooping on the VLAN 300 Index in dex a Select Routing gt Multicast gt MLD Snooping gt MLD VLAN Configuration A screen similar to the following displays VLAN STP i Address Table Routing QoS Security Monitoring Maintenance Help LAG Ports gt MFDB MLD VLAN Configuration gt IGHP Snooping MLD Snooping Configuration Interface Configuration Mode 2 MLD VLAN Configuration MLD LAN Configuration Fast Leave Group Membership Interval Admin Maximum Multicast Ro
12. DHCP Server ones DHCP Pool Configuration Sea ia Pool Name Create zi Configuration Pool Name dhcp_server 1 to 31 Alphanumeric Characters DHCP Pool Options Type of Binding Dynamic DHCP Server Network Address 10 200 1 1 Statistics Network Mask 255 255 255 0 DHCP Bindings y E Network Prefix Length 0 to 32 DHCP Conflicts anes EMM Information Hardware Address 00 00 00 00 00 00 gt DHCP Relay Hardware Address Type Ethernet gt DHCP L2 Relay Client ID SSS ee Le paoe b Under DHCP Pool Configuration enter the following information e Inthe Pool Name list select Create e Inthe Pool Name field enter dhcp_ server e Inthe Type of Binding list select Dynamic e Inthe Network Number field enter 10 200 1 0 e Inthe Network Mask field enter 255 255 255 0 As an alternate you can enter 24 in the Network Prefix Length field Note Do not fill in the Network Mask field and Network Prefix Length field at the same time c Click Add The pool_ dynamic name is now added to the Pool Name drop down list Create a DHCP pool named dhcp_server_second a Select System gt Services gt DHCP Server gt DHCP Pool Configuration Chapter 29 DHCP L2 Relay and L3 Relay ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View License services Stacking SNMP L
13. A screen similar to the following displays System Switching Routing Security i Multicast Address Table i Ports LAG Basic STP Configuration STP Configuration KA Advanced STP Configuration Spanning Tree Admin Mode Force Protocol Version Configuration Name Configuration Revision Level Forward BPDU while STP Disabled Configuration Digest Key STP Status MST ID CST b Enter the following information Monitoring Maintenance Help Index O Disable Enable IEEE 802 1d IEEE 802 1w IEEE 802 1s 00 14 6C 53 62 8E lo to 65535 Disable Enable Oxac36177f50283cd4b83821d8ab26de62 e For Spanning Tree Admin Mode select the Enable radio button e For Force Protocol Version select the IEEE 802 1d radio button c Click Apply 2 Configure the CST port a Select Switching gt STP gt CST Port Configuration A screen similar to the following displays CST Port Configuration CST Port Configuration LAGS au 2 B Gogo go gog Son oG onog eoeoeececsgsos L CANCER dl arrarss arrir b Under CST Port Configuration scroll down and select the Interface 1 0 3 check box Now 1 0 3 appears in the Interface field at the top c In the Port Mode field select Enable d Click Apply Chapter 25 Spanning Tree Protocol 409 ProSafe M4100 and M7100 Managed Switches Configure Rapid STP 802 1w 410 The example is shown as CLI commands
14. CLI Enable IGMP Querier Use the following CLI commands to set up the switch to generate an IGMP querier packet for a designated VLAN The IGMP packet will be transmitted to every port on the VLAN The following example enables the querier for VLAN 1 and uses 10 10 10 1 as the source IP Chapter 13 IGMP Snooping and Querier 251 252 ProSafe M4100 and M7100 Managed Switches address in querier packets See the Command Line Reference for more details about other IGMP querier command options Netgear vlan database Netgear vlan set igmp 1 Netgear vlan set igmp querier 1 Netgear vlan exit Netgear config Netgear config set igmp guerier Netgear config set igmp guerier address 10 10 10 1 Netgear config exit Web Interface Enable IGMP Querier 1 2 Select Switching gt Multicast gt IGMP VLAN Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance VLAN STP Multicas Address Table Pore LAG gt MEDB IGMP Snooping Configuration IGMP Snooping gt Configuration s Intetaca Admin Mode C Disable t Enable IGMP Snooping Configuration Configuration Unknown Multicast Filtering Disable O Enable IGMP VLAN Multicast Control Frame Count 0 Configuration Interfaces Enabled for IGMP Snooping gt Multicast Router Configuration Multicast Router Data Frames Forwarded by the CPU VLAN IDs Enabled f
15. Chapter 11 CoS Queuing 195 ProSafe M4100 and M7100 Managed Switches c Under Interface Queue Configuration scroll down and select the interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top d Enter the following information e Inthe Minimum Bandwidth field enter 15 e Inthe Scheduler Type list select Weighted e Click Apply to save the settings 2 For interface 1 0 2 set the minimum bandwidth 25 for queue 1 and set the scheduler type to strict a Select QoS gt CoS gt Advanced gt Interface Queue Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index DiffServ gt Basic Interface Queue Configuration Advanced CoS Interface Queue Configuration Configuration Go To Interface GO 602 1p Queue Mapping Tatarkare suede Minimum Scheduler ed ee IP Precedence Bandwidth Type 9 Type Queue Mapping Mapping a 1 Of1 weighted taildrop CoS Interface Configuartion Interface Queue Configuration 1 04 weighted taildrop M 1 fo 5 T 10 3 weighted taildrop In the Queue ID list select 1 c Under Interface Queue Configuration scroll down and select the interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top d Enter the following information e Inthe Minimum Bandwidth field enter 25 e Inthe Scheduler Type list select Strict e Click Apply to save the
16. IP Configuration Configuration Statistics Go To Interface k Pm J IP Interface QonnguranPn Sal Routi Administrati Secondary IP Interface Description IP Address Subnet Mask AT a cas Mode Mode 1 0 1 168 1 1 BB 255 255 255 0 Enable xi Under IP Interface Configuration scroll down and select the Interface 1 0 1 check box Now 1 0 1 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 1 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Assign IP address 10 100 5 33 24 to interface 1 0 19 a Select Routing gt Advanced gt IP Interface Configuration Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches C d A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP gt Basic IP Interface Configuration Advanced IP Configuration Configuration Statistics Go To Interface GO PP IP Interface Configuration VLAN are EEEL Secondary IP Interface Description IP Address Subnet Mask EE a AE Mode Mode Mee E es Mee e a 1 0 1 0 0 0 0 0 0 0 0 Disable Enable Scroll down and select the interface 1 0 19 check box Now 1 0 19 appears in the Interface field at the top Enter the foll
17. Interface 1 0 2 Interface 1 0 3 m PC d 7 GSM73xx9 Uplink interface 1 0 24 Sflow collector i IP address 192 168 10 2 wees sees sess i m m et AAAA AAAA FE ae Switch Router Figure 40 sFlow CLI Configure Statistical Packet Based Sampling of Packet Flows with sFlow 1 Configure the sFlow receiver sFlow collector IP address In this example sFlow samples will be sent to the destination address 192 168 10 2 Netgear Switch Config sflow receiver 1 ip 192 168 10 2 2 Configure the sFlow receiver timeout Here sFlow samples will be sent to this receiver for the duration of 31536000 seconds That is approximately 1 year Netgear Switch Config sflow receiver 1 owner NetMonitor timeout 31536000 374 Chapter 20 SNMP ProSafe M4100 and M7100 Managed Switches 3 Here the default maxiumum satagram size is 1400 It can be modified to a value between 200 and 9116 using the command sflow receiver 1 maxdatagram lt size gt GSM7328S show sflow receivers Receiver Owner Time out Max Datagram Port IP Address Index String N etMonit 31535988 1400 sl Ega LOZ 1400 1400 1400 1400 1400 1400 1400 o aT nD U A W N FF GSM7328S 4 Configure the sampling port sFlow receiver index sampling rate and sampling maximum header size You need to repeat these for all the ports to be sampled Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 s
18. Netgear Switch Config authorization network radius 5 Set the RADIUS server IP address Netgear Switch Config radius server host auth 192 168 0 1 6 Set the NAS IP address for the RADIUS server Netgear Switch Config radius server key auth 192 168 0 1 Enter secret 16 characters max 12345 Re enter secret 12345 Set the radius server key Netgear Switch Config radius server attribute 4 192 168 0 1 7 Force 1 0 6 to be authorized for it to connect to the RADIUS server Netgear Switch Config interface 1 0 6 Netgear Switch Interface 1 0 6 dotlx port control force authorized Netgear Switch Interface 1 0 6 exit Chapter 15 Security Management 293 294 8 Show the dot1x detail for 1 0 5 Netgear Switch show dotlx detail 1 0 5 Protocol Version PAE Capabilities Control Mode Authenticator PAE State Backend Authentication State Quiet Period secs Transmit Period secs Guest VLAN ID Guest VLAN Period secs Supplicant Timeout secs Server Timeout secs VLAN Assigned Reason Reauthentication Period Reauthentication Enabled Key Transmission Enabled Control Direction Maximum Users Unauthenticated VLAN ID Session Timeout Session Termination Action ProSafe M4100 and M7100 Managed Switches Web Interface Assign VLANS Using RADIUS 1 Assign the IP address for the Web Management Interface a Select System gt Management gt Network Interface gt IPv4
19. Protocol Based VLAN Group Configuration 2 Protocol Based VLAN Group Membership GARP Switch Conhiguraton GARP Port Configuration Routing Addrass Tabla Ports DYLAN Configuration All Security LAG l Port DVLAN Configuration Monitoring Go To Interface SB co co oo co eo ole ofa co Bao olse oa Maintenance lf GO Index Priority 0 Help an areca a EtherType Custom Value CEEL a jugu mgu jugum jugu ju isi 1 02 1 03 1 04 1 ors 1 0 6 Loft 1 o e ifors 1010 Disable Disable Disable Disable Disable Disable Disable Disable Disable Digable Chapter 24 02 19 Tag 0210 Tag 02 19 Tag 02 19 Tag 02 10 Tag 802 19 Tag 02 19 Tag 02 19 Tag 02 19 Tag 02 19 Tag Double VLANs and Private VLAN Groups Scroll down and select the Interface 1 0 24 check box Now 1 0 24 appears in the Interface field at the top In the PVID 1 to 4093 field enter 200 Click Apply to save the settings 401 ProSafe M4100 and M7100 Managed Switches b Scroll down and select the Interface 1 0 48 check box Now 1 0 48 appears in the Interface field at the top c In the Admin Mode field select Enable d Click Apply to save the settings Private VLAN Groups The private VLAN group allows you to create groups of users within a VLAN that cannot communicate with members in different groups but only within the same group There a
20. When DAI is enabled the switch drops ARP packet if the sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database However it can be overcome through static mappings Static mappings are useful when hosts configure static IP addresses DHCP snooping cannot be run or other switches in the network do not run dynamic ARP inspection A static mapping associates an IP address to a MAC address on a VLAN Static client IP address 192 168 10 1 HW address 00 11 85 EE 54 E9 4 Interface 1 0 2 E l hn F Ea M d d Interface P Interface 1 0 1 d 1 0 3 b i DHCP server DHCP client IP address 192 168 10 1 IP address 192 168 10 86 obtained HW address 00 16 76 A7 88 CC Figure 32 Dynamic ARP inspection CLI Configure Dynamic ARP Inspection 1 Enable DHCP snooping globally Netgear Switch Config ip dhcp snooping 2 Enable DHCP snooping in a VLAN Netgear Switch Config ip dhcp snooping vlan 1 298 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches 3 Configure the port through which the DHCP server is reached as trusted Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 ip dhcp snooping trust 4 View the DHCP Snooping Binding table GSM7328S show ip dhcp snooping binding Total number of bindings 1 MAC Address IP Address VLAN Interface Lease Secs 00 16 76 A7 88 CC 192 168 10
21. a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing Routing Table IPv VLAN ARP RIP OSPF Basic IF Configuration IP Configuration 2 Statistics gt Advanced IP Configuration Default Time to Live Routing Mode ICMP Echo Replies ICMP Redirects i ICMP Rate Limit Interval ICMP Rate Limit Burst Size Maximum Next Hops Security OSPFy3 Router Discovery Monitoring Maintenan ce Help dex VREP Multicast 64 Disable a Enable Disable Enable 1000 COto 2147483647 ms 100 i to 200 j 4 b For Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 11 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration Chapter31 DVMRP 537 538 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing i Security Monitoring Maintenance Help Index Routing Table IPwe s VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Mullticost Basic IP Interface Configuration Y Advanced gt IP Configuration IP Interface Configuration Statistics IP Interface Configuration JER ao AE EF M outin ministrative gt Secondary IP Description IP Address Subnet Mask u Mode Mode 192 168 3 1 J 255 255 255 0 255 255 255 0 Pi Enable 90
22. 0 00000 c eee ee 193 Web Interface Set classofservice Trust Mode 193 Show classofservice IP Precedence Mapping 005 194 CLI Show classofservice IP Precedence Mapping 194 Web Interface Show classofservice ip precedence Mapping 194 Configure Cos queue Min bandwidth and Strict Priority Scheduler Mode195 CLI Configure Cos queue Min bandwidth and Strict Priority Scheduler Mode195 Web Interface Configure CoS queue Min bandwidth and Strict Priority Scheduler OCs a4 dn PERET bbe dhh bee h ad ee ehbG Seba Dead sa EEEE ENET 195 Set CoS Trust Mode for an Interface 00 eee 196 CLI Set CoS Trust Mode for an Interface 00 197 Web Interface Set CoS Trust Mode for an Interface 197 6 Contents ProSafe M4100 and M7100 Managed Switches Configure Traffic Shaping cc vev0es dene na node ees eee embers 197 CLI Configure traffic shape 0 cee es 198 Web Interface Configure Traffic Shaping 0005 198 Chapter 12 DiffServ Seer a cece heed en be E ou ee eee dees eee dees ne hea ues 201 CLI Configure DiffServ 0 0 0 ene 202 Web Interface Configure DiffServ 0 0 0 eee 204 DiNGerv lor VOIP 32 a eceede aaeee oneness ceas Geen obese RRE 218 CLI Configure DiffServ for VolP a nn v24ss eedereedcd eds ow ds 218 Web Interface Diffserv for VOIP 2 0 ees 220 PUN VOW 4 as 6346 doen a eens
23. 12 7 210 170 b Under DHCP Pool Configuration enter the following information e Inthe Pool Name field select Create e Inthe Pool Name field enter pool a Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches C e Inthe Type of Binding field select Dynamic e Inthe Network Number field enter 192 168 1 0 e Inthe Network Mask field enter 255 255 255 0 e Inthe Days field enter 1 e Click Default Router Addresses The DNS server address fields display In the first Router Address field enter 192 168 1 254 e Click DNS Server Addresses The router address fields display In the first DNS Server Address field enter 12 7 210 170 Click Add 2 Configure a VLAN and include ports 1 0 23 and 1 0 24 in the VLAN a d Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Qos Security Monitoring Mointenance Help Routing Table IP ARP RIP OSPF Router Discovery WRRP VLAN Routing VLAN Routing Wizard Wizard b VLAN Routing VLAN Routing Wizard T Vian ID 132 LAG Enabled IP Address 192 168 1 254 Network Mask Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 16 19 20 21 22 23 24 u u 25 26 27 28 29 30 31 32 33 34 35 36 37 36 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Enter the following information e Inthe Vlan ID field enter 192 e Inthe IP Address field enter 192 168
24. 202 10515 02 Software release 8 0 2 new firmware with DHCP L3 Relay color conform policy DHCP server in dynamic mode and configuring a stacking port as an Ethernet port 202 10515 01 Original publication Table of Contents Chapter 1 Documentation Resources Chapter 2 VLANs Create Two VLANS o o2 5 444 agacee haw o eheae VES EARS e ROR Cae 17 CLI Create Two VLANS 0 0 00 cece eee eee 17 Web Interface Create Two VLANS onannannanna nnana anann 18 Assign Ports to VUANG s 3400 4vd ow nananana 19 CLI Assign Ports to VLAN tc cee ca ed ee ce eee eee ees eek a 19 Web Interface Assign Ports to VLAN2 0 000000 eee 19 Create Three VLANS 0 0 0c eee eee 20 CLI Create Three VLANS 0 0 ccc eee 20 Web Interface Create Three VLANS 0 0 0 0 0c e eee 20 Assign Ports to VLANS 0 cee eee eee 22 CLI Assign Ports to VUIANG 26cc25d0ckedse ees eigen suaeneeoneds 22 Web Interface Assign Ports to VLAN3 0 000 e eee 23 Assign VLAN3 as the Default VLAN for Port 1 0 2 24 CLI Assign VLANS as the Default VLAN for Port 1 0 2 24 Web Interface Assign VLAN3 as the Default VLAN for Port 1 0 2 24 Create a MAC Based VLAN 0 0 cc eee eee eee 25 CLI Create a MAC Based VLAN naana eee eee eee 25 Web Interface Assign a MAC Based VLAN 000055 26 Create a Protocol Based VLAN 0 0 e eee ee eee 28
25. Basic Daan aR PA INe x Advanced Fide Manne Policy Type emer Clade i l l Comigurahion Parji Configuration IFWE Chass Configuration Pipe C nerf E t Service interface Clarak VLAH Chapter 2 VLANs 41 42 ProSafe M4100 and M7100 Managed Switches b Click the Policy PolicyVoiceVLAN A screen similar to the following displays Synem Swie hing Routing Do5 Security Monitoring Miinlengnes Halp Indea gt Diffserv Wizard Policy Class Configuration Auta VoIP Class Information Basir 3 i i m Pode yy Hane Deters Policy Typo Configuration stember Class Nannie clag Conhguration Policy Attrileute Pr Class Configuration Policy Abribute Gg Assign Queene a pler Drop Canfutntion Hark IP COS Service Interface i Configurahon l Service Stansticn Sark TP DECP c In the field next to the Assign Queue radio button select 3 A screen similar to the following displays System Switching ee Security Monitoring Maintenance Help indox gt Diffeery Wizard Policy Class Confiquration Auto olP Basic Chfisery omiga iban a Class Oea Policy Attribute e Pa Clans i 7 Conmfigurateon Class Information Policy Abribute Assign joman Pelc Drup SAPERE Mark 1P COS d Click Apply 9 Assign it to interfaces 1 0 1 and 1 0 2 a Select QoS gt DiffServ gt Advanced gt Service Interface Configuration A screen similar to the following displays
26. CLI Configure OSPFv3 1 On A1 enable IPv6 unitcast routing on the switch Netgear Switch Config ipv6 unicast routing 122 Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches 2 Enable OSPFv3 and assign 1 1 1 1 to router ID Netgear Switch Config ipv6 router ospf Config rtr enable Netgear Switch Netgear Switch Config rtr router id 1 1 1 1 Netgear Switch Config rtr exit 3 Enable routing mode on the interface 1 0 1 and assign the IP address 2000 1 to IPv 6 Netgear Switch Config interface 1 0 1 Interface 1 0 1 routing Interface 1 0 1 ipv6 address 2000 1 64 Interface 1 0 1 ipv6 enable Netgear Switch Netgear Switch Netgear Switch 4 Enable OSPFvs on the interface 1 0 1 and set the OSPF network mode to broadcast Netgear Switch Interface 1 0 1 ipv6 ospf Netgear Switch Interface 1 0 1 ipv6 ospf network broadcast Netgear Switch show ipv6 ospf neighbor Router ID Priority Intf Interface 5 On Az2 enable IPv6 unitcast routing on the switch Netgear Switch Config ipv6 unicast routing 6 Enable OSPFv3 and assign 2 2 2 2 as the router ID Netgear Switch Config ipv6 router ospf Netgear Switch Config rtr enable y 4 Netgear Switch Config rtr router id 2 2 2 2 4 Netgear Switch Config rtr exit 7 Enable routing mode on interface 1 0 13 and assign the IP address 2000
27. External type 1 the route is external to the AS External Type 2 the route was learned from other protocols such as RIP Chapter7 OSPF 117 118 ProSafe M4100 and M7100 Managed Switches CLI Configure VLAN Routing OSPF This example adds support for OSPF to the configuration created in the base VLAN routing example in Figure 8 Layer 3 switch configured for port routing on page 69 1 Configure the M4100 and M7100 Managed Switch as an inter area router Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch vlan data 10 20 Vlan vlan Vlan vlan vlan routing 10 Vilan vlan routing 20 Vlan exit Config ip routing Config vlan port tagging all 10 Config vlan port tagging all 20 Config interface 1 0 2 Interface 1 0 2 vlan participation include 10 Interface 1 0 2 vlan pvid 10 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 vlan participation include 20 Interface 1 0 3 vlan pvid 20 Interface 1 0 3 exit Config interface vlan 10 Interface vlan 10 ip address 192 150 3 1 255 255 255 0 Interface vlan 10 exit Config interface vlan 20 Interface vlan 20 ip address 192 150 4 1 255 255 255 0 Interface vlan 20 exit 2 Specify the router ID and enable OSPF for the switch Netgear Netge
28. Maximum Next Hops 2 b Under IP Configuration make the following selections e For Routing Mode select the Enable radio button e For IP Forwarding Mode select the Enable radio button c Click Apply to enable IP routing 5 Add a static route with IP address 192 268 40 0 24 a Select Routing gt Routing Table gt Basic gt Route Configuration A screen similar to the following displays NETGEAR Connect with Innovation 48 Port Gigabit Lz Switch wi System Switching Routing Security Monitoring Maintenance Help Index i ARP Basic Route Configuration 2 Route Configuration Configure Routes ee eee eee ee a Learned Routes Route Network Next Hop Subnet mask Protocol Next Hop IP Address Preference Type Address Interface Dynamic 192 168 100 0 255 255 255 0 Local wlan 100 192 168 100 1 b Under Configure Routes make the following selection and enter the following information e Inthe Route Type list select Static e Inthe Network Address field enter 192 168 40 0 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Next Hop IP Address field enter 192 168 200 2 c Click Add 6 Create a static route with IP address 192 168 50 0 24 a Select Routing gt Routing Table gt Basic gt Route Configuration Chapter 10 ACLs 149 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System l Switching Routing QoS Security Monitoring j Maintena
29. Re enter password 12345678 4 Add the user to the group Netgear Switch Config CP user 2 group 2 Web Interface Create Users and Groups 1 Create a group a Select Security gt Control gt Captive Portal gt CP Group Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control gt DHCP Snooping CP Group Configuration gt IP Source Guard gt Dynamic ARP _ CP Group Configuration Inspection aai Group ID Group Name Captive Portal a Qa u Configuration Default CP Configuration CP Binding Configruation CP Binding Table CP Group b Enter the following information e Inthe Group ID field select 2 e Inthe Group Name field enter Group2 Chapter 32 Captive Portal 547 ProSafe M4100 and M7100 Managed Switches c Click Add 2 Create a user a Select Security gt Control gt Captive Portal gt CP User Configuration A screen similar to the following displays System Switching Routing Qo5 Security Monitoring Maintenance T Help Index Management Security Access Port Authentication Traffic Control ACL gt DHCP Snooping CP User Configuration gt IP Source Guard gt Dynamic ARP CP User Configuration Inspection f Contirm Session Captive Portal User ID User Name Password 5 d Ti CP Global ERSA neva Configuration CP Configu
30. Sessions gt Sessions Detailed 2 Click Refresh 1 Show iSCSI session details a Select Switching gt iSCSI gt Advanced gt Sessions detailed A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index STP Multicast MYR Address Table Basic iSCSI Sessions Detailed Advanced Global m Configuration Session Index L ole iSCSI Targets Target Name iqn 2012 08 com example storage lun1 Sessions Initiator Name iqn 1991 05 com microsoft netgear think Sessions Detailed Up Time 00 00 01 34 DD HH MM SS Time for aging out in Seconds 539 ISID Initiator Session ID 400001370000 192 168 10 107 57965 192 168 10 116 3260 2 Click Refresh 556 Chapter 33 iSCSI Index Numerics 6to4 tunnels 414 802 1x port security 280 A ACL mirroring 172 ACL redirect 178 ACLs 136 IP ACL configuration 137 IPv6 183 isolated VLANs on a Layer 3 switch 158 MAC ACLs 137 169 TCP flag 142 ARP 127 dynamic ARP inspection 297 298 299 ARP dynamic inspection 312 313 Auto VoIP 225 226 228 B banner pre login 329 C captive portal 542 551 configuration 543 552 classic STP 802 1d 408 code mismatch stacked switches 354 color conform policy DiffServ color conform policy 237 238 configuration scripting 326 CoS cos queue min bandwidth 195 per interface basis 192 set classofservice trust mode 193 setting Trust Mode 196
31. Switch Statistics DNS Configuration H eonneree DNS Status Disable Enable gt IP Configuration DNS Default Name 0 to 255 gt Slot Information characters gt Time SNTP Global Configuration DNS Server Configuration T A SerialNo NS Server Configuration i v DNS COE DNS Configuration Host Configuration b Enter the following information e For DNS Status select the Enable radio button e Inthe DNS Server field enter 192 168 1 1 c Click Add Chapter 16 SNTP 323 Tools This chapter provides the following examples Traceroute Configuration Scripting on page 326 Pre Login Banner on page 329 Port Mirroring on page 330 Dual Image on page 331 Outbound Telnet on page 334 Traceroute This section describes the traceroute feature Use traceroute to discover routes that packets take when traveling on a hop by hop basis to their destination through the network Tracerout maps network routes by sending packets with small time to live TTL values and watches the ICMP time out announcements The tracerout command displays all L3 devices lt can be used to detect issues on the network Tracerout tracks up to 20 hops The default UPD port is used 33343 unless you specify otherwise in the traceroute command The following shows an example of using the traceroute command to determine how many hops there are to the destination The command output shows each IP address the
32. gt DYMRP KARA x admin Quer Max mM i IGMP Interface Version Robustness RUSe ja Query Query ae are Mode Interval Response Query Global Interval Count Sie a i Time Interval Configuration Routing Interface Configuration b Under IGMP Routing Interface Configuration scroll down and select the Interface 1 0 24 check box c In the Admin Mode field select Enable d Click Apply to save the settings Chapter 28 PIM 487 DHCP L2 Relay and L3 Relay This chapter includes the following sections e DHCP L2 Relay e DHCP L3 Relay on page 494 e Configure a DHCP L3 Switch on page 499 DHCP L2 Relay DHCP relay agents eliminate the need to have a DHCP server on each physical network Relay agents populate the giaddr field and also append the Relay Agent Information option to the DHCP messages DHCP servers use this option for IP addresses and other parameter assignment policies These DHCP relay agents are typically IP routing aware devices and are referred to as Layer 3 relay agents In some network configurations there is a need for Layer 2 devices to append the relay agent Information option as they are closer to the end hosts griener diddy deceit thd DHCP Server 1 Se eeeeeeeee IE PP Pee m m a mer 1 0 4 Layer 2 Switch 1 Figure 47 DHCP L2 Relay Chapter 29 DHCP L2 Relay and L3 Relay 488 ProSafe M4100 and M7100 Managed Switches These Layer 2 devices typically operate only as bridges
33. 0 0 0 0 Disable Enable Scroll down and select the Port 1 0 11 check box Now 1 0 11 appears in the Port field at the top Enter the following information In the IP Address field enter 192 168 3 1 In the Subnet Mask field enter 255 255 255 0 In the Routing Mode field select Enable Click Apply to save the settings 3 Configure 1 0 3 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing Go Security Monitoring Maintenance Help Index Routing Table Pars VLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced IF Configuration IP Interfa ce Configuration 2 Statistics gt IP Interface Configuration Routin Administrative gt Secondary IP Description IP Address Subnet Mask Jag kak Mode Mode Disable Enable Disable Enable Scroll down and select the Port 1 0 3 check box Now 1 0 3 appears in the Port field at the top Enter the following information In the IP Address field enter 192 168 4 2 In the Subnet Mask field enter 255 255 255 0 In the Routing Mode field select Enable Chapter 31 DVMRP ProSafe M4100 and M7100 Managed Switches d Click Apply to save the settings 4 Configure 1 0 24 as a routing port and assign an IP address to it a d
34. 00 399 Private VLAN OUDS sidera we oes he oy ee eee oe EA 402 Contents 11 ProSafe M4100 and M7100 Managed Switches CLI Create a Private VLAN Group 0 000 cece eee 403 Web Interface Create a Private VLAN Group 404 Chapter 25 Spanning Tree Protocol Configure Classic STP 802 1d 0 ccc ees 408 CLI Configure Classic STP 802 1d 0 2 00 cee ee 408 Web Interface Configure Classic STP 802 1d 409 Configure Rapid STP 802 1W naana eee eee 410 CLI Configure Rapid STP 802 1W 0 ccc eee 410 Web Interface Configure Rapid STP 802 1w 410 Configure Multiple STP 802 15 0 0 cc ees 411 CLI Configure Multiple STP 802 1S 0 00000 eee aes 411 Web Interface Configure Multiple STP 802 15 412 Chapter 26 Tunnel CLI Create a Tunnel 0 00000 ee ee eee 415 Configure Switch GSM7328S_1 00 cece eee eee 415 Configure Switch GSM7328S 2 0 ccc ee 416 Web Interface Create a Tunnel 0 0 0 0 cee ee 417 Configure Switch GSM7328S_1 0 ccc eee eee eee 417 Configure Switch GSM7328S_2 anaana cece eee eee 419 Chapter 27 IPv6 Interface Configuration Create an IPv6 Routing Interface 20 0 0 ce ee 422 CLI Create an IPv6 Routing Interface 2 0 00 c eee 422 Web Interface Create an IPv6 Routing Interface
35. 192 168 77 2 Figure 16 IP ACL with rules for TCP rraffic and UDP rraffic CLI Set Up an IP ACL with Two Rules The following is an example of configuring ACL support on a 7000 Series Managed Switch Create ACL 101 Define the first rule The ACL will permit packets that match the specified source IP address after the mask has been applied that are carrying TCP traffic and that are sent to the specified destination IP address 1 Enter these commands Netgear Switch config Netgear Switch Config access list 101 permit tcp 192 168 77 0 0 0 0 255 192 178 77 0 0 0 0 255 138 Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches 2 Define the second rule for ACL 101 to set conditions for UDP traffic similar to those for TCP traffic Netgear Switch Config access list 101 permit udp 192 168 77 0 0 0 0 255 192178 L10 0 030255 3 Apply the rule to inbound traffic on port 1 0 2 Only traffic matching the criteria will be accepted Netgear Switch Config interface 1 0 2 L 4 Netgear Switch Interface 1 0 2 ip access group 101 in Netgear Switch Interface 1 0 2 exit 4 Netgear Switch Config exit Web Interface Set Up an IP ACL with Two Rules 1 Create IP ACL 101 on the switch a Select Security gt ACL gt IP ACL A screen similar to the following displays Syak Switching i Qo j ia Help gt MAC ACL IP ACL IP ATL IP Rules Current Number of ACL IP Ex
36. 248 The example is shown as CLI commands and as a Web interface procedure CLI Configure the Switch with an External Multicast Router This example configures the interface as the one the multicast router is attached to All IGMP packets snooped by the switch is forwarded to the multicast router reachable from this interface Netgear Switch Interface 1 0 3 set igmp mrouter interface Chapter 13 IGMP Snooping and Querier ProSafe M4100 and M7100 Managed Switches Web Interface Configure the Switch with an External Multicast Router 1 Select Switching gt Multicast gt Multicast Router Configuration A screen similar to the following displays Switching Routing Address Table Ports QoS LAG Security Monitoring Maintenance Help Index IGMP Snooping Interface Configuration IGMP Snooping Interface Configuration Configuration gt Interface Configuration 1 3 All IGMP VLAN Configuration Multicast Router Configuration Interface Multicast Router VLAN Configuration Querier Configuration Querier VLAN 10 1 Configuration T 1 0 2 MLD Snooping iv M 1 0 4 L 1 0 5 Admin Enable i Disable Disable Disable Disable Go To Interface Grou Present Fo p Max Response Leave Membership Expiration Interval secs Time secs Fine Gaeks Aamin Mode T E 0 Disable Disable Disable Disable 2 Under Multicast Router Configuration scroll down and select the Int
37. Basic IP Configuration IP Configuration Statistics IP Configuration gt Advanced Default Time to Live 30 Routing Mode Disable Enable IP Forwarding Mode Disable Enable Maximum Next Hops 2 b For Routing Mode select the Enable radio button c Click Apply to save the settings 2 Assign IP address 192 150 2 1 to port 1 0 2 a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table VLAN ARP RIP OSPF Router Discovery VRRP gt Basic IP Interface Configuration Advanced IP Configuration Configuration Statistics Go To Interface GO J IP Interface Configuration VLAN fati TENS Secondary IP Interface Description IP Address Subnet Mask Seti spa Drak Aee ee oe C 1fo i 0 0 Disable Enable q O 1 0 3 0 0 0 0 0 Disable Enable m b Scroll down and select the interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 150 2 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Administrative Mode field select Enable d Click Apply to save the settings 3 Assign IP address 192 150 3 1 to port 1 0 3 a Select Routing gt IP gt Advanced gt IP Interface Configuration Chapter 7 OSPF d ProSafe M4100 and M7100 Man
38. Config cos queue min bandwidth lt bw 0 gt Enter the minimum bandwidth percentage for Queue 0 Netgear Switch Config cos queue min bandwidth 15 Incorrect input Use cos queue min bandwidth lt bw 0 gt lt bw 7 gt Netgear Switch Config cos queue min bandwidth 15 25 10 5 5 20 10 10 Netgear Switch Config cos queue strict lt queue id gt Enter a Queue Id from 0 to 7 Netgear Switch Config cos queue strict 1 lt cr gt Press Enter to execute the command lt queue id gt Enter an additional Queue Id from 0 to 7 Netgear Switch Config cos queue strict 1 Web Interface Configure CoS queue Min bandwidth and Strict Priority Scheduler Mode 1 For Interface 1 0 2 set the minimum bandwidth to 15 for queue 0 a Select QoS gt CoS gt Advanced gt Interface Queue Configuration A screen amidi to the LUO displays Sen Switching Routing Security Monitoring Maintenance Help Index i DiffServ Basic Interface Queue Configuration Advanced Cos Interface Queue Configuration Configuration Go To Interface ke GO 802 1p Queue Mapping si Minimum Scheduler paari Interface Management IP Precedence Bandwidth Type Queue Mapping gt IP SCP Queue ee Ee CET weighted ea Mapping 1fofi weighted taildrop Configuartion Interface Queue Configuration 170 4 0 weighted taildrop 170 3 o weighted taildrop 1 o s5 o weighted taildrop b In the Queue ID list select 0
39. Figure 12 Area 1 is a stub area CLI Configure Area 1 as a Stub Area on Al 1 Netgear Switch Netgear Switch 98 Chapter 7 OSPF Enable routing on the switch config Config ip routing ProSafe M4100 and M7100 Managed Switches 2 set the router IDd to 1 1 1 1 Netgear Switch Config router ospf Netgear Switch Config router router id 1 1 1 1 3 Configure area 0 0 0 1 as a stub area Netgear Switch Config router area 0 0 0 1 stub 4 Switch A injects a default route only to area 0 0 0 1 Netgear Switch Config router no area 0 0 0 1 stub summarylsa Netgear Switch Config router exit 5 Enable OSPF area 0 on ports 2 0 11 Config interface 2 0 11 Netgear Switch Interface 2 0 11 routing Interface 2 0 11 ip address 192 168 10 1 255 255 255 0 Netgear Switch Interface 2 0 11 ip ospf Interface 2 0 11 Netgear Switch Netgear Switch Netgear Switch exit 6 Enable OSPF area 0 0 0 1 on 2 0 19 Netgear Switch Config interface 2 0 19 Interface 2 0 19 routing Interface 2 0 19 ip address 192 168 20 1 255 255 255 0 Netgear Switch Interface 2 0 19 ip ospf Netgear Switch Netgear Switch Interface 2 0 19 ip ospf areaid 0 0 0 1 Interface 2 0 19 exit Netgear Switch Netgear Switch Chapter 7 OSPF 99 ProSafe M4100 and M7100 Managed Switches
40. From the MVR mode list select dynamic Click Apply Chapter 14 MVR Multicast VLAN Registration ProSafe M4100 and M7100 Managed Switches 3 Add multicast group 224 1 2 3 to the MVR a Select Switching gt MVR gt Basic gt MVR Group Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicast Address Table Ports LAG Basic MVR Group Configuration MYR Configuration gt MVR Group Configuration MVR Interface E MYR Group IP Status Members Configuration C 224 1 2 3 DERS gt Advanced MYR Group Configuration b In the MVR Group IP field enter 224 1 2 3 c Click Add 4 Configure a receiver on interface 0 1 0 5 and 0 7 a Select Switching gt MVR gt Basic gt MVR Interface Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicast M Address Table Ports LAG Basic MYR Interface Configuration MVR Configuration MVR Group Configuration gt MVR Interface 1 all Go To Interface GO _ Configuration Advanced MYR Interface Configuration i receiver v Disable none Disable INACTIVE INVLAN Disable none Disable INACTIVE INVLAN Disable none Disable INACTIVE InVLAN Disable none Disable INACTIVE InVLAN Disable none Disable INACTIVE InVLAN Disable none Disable ACTIVE InNVLAN Disab
41. ICMPw6 Rate Limit Burst Size 100 1 to 200 b For IPv6 Unicast Routing select the Enable radio button c Click Apply to apply the setting 3 Enable IPv6 address on interface 1 0 9 a Select Routing gt IPv6 gt Advanced gt Interface Configuration 390 Chapter 23 DHCPv6 Server ProSafe M4100 and M7100 Managed Switches d A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicos IPvS Multicast gt Basic IPv6 Interface Configuration v Advanced Global Configuration Interface Configuration DHCPv6 Stateless Address Routing Admin Operational Prefix Interface IPv6 Mode Client Mode AutoConfig Mode Mode Mode Mode Configuration gt Statistics gt Neighbour Table gt Static Route Configuration Route Table gt Route Preference gt Tunnel Configuration IPv6 Interface Configuration 7 S ne a S Disable Disable Disable Disable Enable Disable Disable Disable Disable Disable Enable Disable Disable Disable Disable Disable Enable Disable Disable Disable Disable Disable Enable Disable Disable Disable Disable Disable Enable Disable Disable Disable Disable Disable Enable Disable Disable Disable Disable Disable Enable Disable Disable Disable Disable Disable Enable Disable Disable Disable Disable Disable Enable Disable Mueahina Pie shin Mar ahin
42. Java Mode Disable CLI show telnet Netgear Switch Routing show telnet Outbound Telnet Login Timeout minutes Maximum Number of Outbound Telnet Sessions Allow New Outbound Telnet Sessions Chapter 17 Tools 335 336 ProSafe M4100 and M7100 Managed Switches CLI transport output telnet Netgear Switch Routing Netgear Switch Routing Netgear Switch Routing input output Netgear telnet Netgear Switch Routing Switch Routing Switch Routing Switch Routing Config lineconfig Press Enter to execute the command Config lineconfig Line transport Displays the protocols to use to connect to a specific line of the router Displays the protocols to use for outgoing connections from a line Line transport output Allow or disallow new telnet sessions Line transport output telnet Press Enter to execute the command Line transport output telnet Line Web Interface Configure Telnet 1 Select Security gt Access gt Telnet Chapter 17 Tools ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Management Security i Port Authentication Traffic Control ACL TELNET Configuration Inbound Telnet Allow new telnet sessions Disable Enable Session Timeout C Maximum number of sessions S O O o Current number of sessions 0 gt Console Port Outbound Telnet Admin
43. LAG LAG Configuration Configuration gt LAG Membership LAG Configuration fee Link Trap Admin Mode STP Mode Static Mode Hashing b In the Lag Name field enter lag_10 c Click Add 2 Create LAG lag_20 a Select Switching gt LAG gt LAG Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicast Address Table Ports LAG LAG Configuration Configuration gt LAG Membership LAG Configuration L ae Link Trap Admin Mode STP Mode Static Mode Hashing kA E3 Enable Enable Enable Disable b In the Lag Name field enter lag_ 20 c Click Add Add Ports to LAGs The example is shown as CLI commands and as a Web interface procedure 56 Chapter3 LAGs ProSafe M4100 and M7100 Managed Switches CLI Add Ports to the LAGs Switch config Switch Config interface 0 2 Switch Interface 0 2 addport Switch Interface 0 2 exit Switch Config interface 0 3 Switch Interface 0 3 addport Switch Interface 0 3 exit Switch Config interface 0 8 Switch Interface 0 8 addport Switch Interface 0 8 exit Switch Config interface 0 9 Switch Interface 0 9 addport Switch Interface 0 9 exit Switch Config exit Chapter3 LAGs 57 ProSafe M4100 and M7100 Managed Switches Web Interface Add Ports to LAGs 1 Add ports to lag_10 a e Sel
44. Multicast Router VLAN Querier Expiry Interval secs 60 60 to 300 WYLAN Ids Enabled for IGMP Snooping Querier b Enter the following information e For Querier Admin Mode select the Enable radio button e Inthe Querier IP Address field enter 10 10 10 1 c Click Apply 4 Enable the IGMP snooping querier on VLAN 1 a Select Switching gt Multicast gt IGMP Snooping Querier VLAN Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP sast Address Table Ports LAG IGMP Snooping Querier VLAN Configuration IGMP Snooping Querier VLAN Configuration Configuration 7 ARE Querier Last Operational Confiauration VLAN ID Election Querier YLAN Operational Operational Duerier Haar Max uerie rier 9 Participate Address State Version Response IGMP VLAN Mode Address Yersion Time Configuration Multicast Router Configuration Multicast Router VLAN Configuration gt Querier Configuration gt Querier VLAN Configuration b In the VLAN ID field enter 1 5 Click Add Chapter 13 IGMP Snooping and Querier 253 ProSafe M4100 and M7100 Managed Switches Show IGMP Querier Status 254 The example is shown as CLI commands and as a Web interface procedure CLI Show IGMP Querier Status To see the IGMP querier status use the following command Netgear Switch show igmpsnooping querier vlan 1 VLA
45. Netgear Switch Config ex Netgear Switch show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State 1O2 166 10 2 2 0711 C PE TO 192 109202 2 0719 Netgear Switch show ip route Total Number of Routes Network Subnet Next Hop Next Hop Address IP Address 259s 259s 2595 0 OSPF Inter 2 0 11 192 168 10 2 25572932950 OSPF Inter 2 0 11 192 1608 L0s2 192 168 10 0 2592 Ios 20a Local 2 0711 T9251684 10 1 192 168 20 0 2557259293 0 Local 2 07 19 192 168 20 1 Web Interface Configure Area 1 as a Stub Area on Al 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table VLAN ARP RIP OSPF Router Discovery VRRP Basic IP Configuration IP Configuration Statistics gt Advanced Default Time to Live 30 Routing Mode Disable Enable IP Forwarding Mode Disable Enable IP Configuration Maximum Next Hops 2 b For Routing Mode select the Enable radio button c Click Apply to save the settings 2 Assign IP address 192 168 10 1 to port 2 0 11 a Select Routing gt IP gt Advanced gt IP Interface Configuration 100 Chapter7 OSPF ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Ro
46. Netgear Switch Config interface range 1 0 1 1 0 2 Netgear Switch conf if range 1 0 1 1 0 2 service policy in PolicyVoiceVLAN Chapter 2 VLANs 35 ProSafe M4100 and M7100 Managed Switches Web Interface Configure Voice VLAN and Prioritize Voice Traffic 1 Create VLAN 10 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Security Manitoring Moininnance Halp Advanced Internal VLAN Configuration Titel WLAN Allocation Bose 403 intemal VLAN Allocation Policy Aceanding Dercendng VLAN Configuration YLAN ID VLAN Name VLAN Type Make Static Cicsbl b In the VLAN ID field enter 10 c In the VLAN Name field enter Voice VLAN d Click Add A screen similar to the following displays Securify Monitoring Moaintnnance 0 Advanced Interval VLAN Configuration Dates WLAN Allocation Hiis 4093 Intemnal VLAN Allocation Policy Accandng Dertendrng VLAN Configuration VLAN ID VLAN Mame WLAN Type Pake Static 2 Include the ports 1 0 1 and 1 0 2 in VLAN 10 a Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays Serre Ping Routing 305 Security Monitorng Maintenance Pras saz aa Addrota Taie Port LAG VLAN Membership VLAN Membership Confeguration FLAN ID z WLAN Hpminruhyg LAM Ham E VLAN Stats e Port PIG Coniguretion FLAN T p 36 Chapter 2 VLANs Help ProS
47. ProSate M4100 and M7100 Managed Switches Software Administration Manual 10 0 1 ebruary 2013 J AN F ARH 44404 A4 y UJ L on aa WV Ge paw a CF ProSafe M4100 and M7100 Managed Switches Support Thank you for selecting NETGEAR products After installing your device locate the serial number on the label of your product and use it to register your product at https my netgear com You must register your product before you can use NETGEAR telephone support NETGEAR recommends registering your product through the NETGEAR website For product updates and web support visit http support netgear com Phone US amp Canada only 1 888 NETGEAR Phone Other Countries Check the list of phone numbers at htto support netgear com general contact default aspx Trademarks NETGEAR the NETGEAR logo and Connect with Innovation are trademarks and or registered trademarks of NETGEAR Inc and or its subsidiaries in the United States and or other countries Information is subject to change without notice All rights reserved Revision History Publication Part Version Publish Date Comments Number 202 11161 01 Updated document 202 1xxxx 01 Added iSCSI features 202 11153 01 Added Private VLAN features 202 10515 05 Added MVR feature 202 10515 05 Added DHCPv6 and DHCPv6 mode features 202 10515 04 New document template 202 10515 03 June 2010 Move some content to the Software Setup Guide
48. S_T ER _dept marketing_dept test_dept development b Click the internet_access check mark for test_dept 212 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches C A screen similar to the following displays Switching Routing Security Monitoring Maintenance Policy Class Configuration Class Information DiffServ Policy Name Configuration Policy Type Ba Glass Member Class Name test_dept Configuration Policy Policy Attribute Configuration Service Assign Queue 3 El Configuration Policy Atribute Drop Service Statistics C mark cos o Mark IP Precedence 0 Mark IP DSCP afii Police Simple Color Mode ColorBlind Color Conform Class Y Color Conform Mode Committed Rate In the Assign Queue list select 3 d Click Apply 13 Assign queue 4 to development_dept a Select QoS gt DiffServ gt Advanced gt Policy Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance gt Diffserv Wizard Policy Configuration Policy Configuration DiffServ Policy s z Policy Selector Member Class Configuration mm Class Configuration Pa access re AE _dept iCo nfig uration internet_access S marketing_dept Service intemet_access test_dept Configuration intemet_access development Service Statistics o o b Click the internet_access check mark for development_dept
49. Wizard gt LAN Routing VLAN Routing Wizard vlan ID LAG Enabled B 192 150 3 1 ELEn 255 255 255 0 Port 1 2 rre 25 26 27 28 b Enter the following information e Inthe VLAN ID field enter 10 e Inthe IP Address field enter 192 150 3 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 2 until T displays The T specifies that the egress packet is tagged for the port e Click Apply to save the VLAN that includes ports 2 2 Configure a VLAN and include port 1 0 3 in the VLAN a Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP ARP RIP OSPF Router Discovery VRRP VLAN Routing _ VLAN Routing Wizard Wizard gt LAN Routing LAN Routing Wizard Vian ID LAG Enabled gi 192 150 4 1 ea 255 255 255 0 Pot 1 2 3 4 5 6 7 8 9 10 11 12 13 pa S S 25 26 27 28 14 15 16 17 18 19 20 21 22 23 24 l i b Enter the following information e Inthe Vian ID field enter 20 e Inthe IP Address field enter 192 150 4 1 84 Chapter 6 RIP ProSafe M4100 and M7100 Managed Switches e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 3 until T displays The T specifies that the egress packet is tagged for the port
50. exit Config vlan interface vlan 48 Interface vlan 48 routing Interface vlan 48 ip address 192 168 48 1 255 255 255 0 Interface vlan 48 exit Config exit Chapter 10 ACLs 159 160 ProSafe M4100 and M7100 Managed Switches 3 Create VLAN 38 add port 1 0 38 to it and assign IP address 10 100 5 34 to it Netgear Netgear Netgear Netgear vlan database Vlan vlan 38 Vlan vlan routing Vlan exit config Config interface 1 0 38 Interface 1 0 38 vlan participation include 38 Interface 1 0 38 vlan pvid 38 Interface 1 0 38 exit Config interface vlan 38 Interface vlan 38 routing Interface vlan 38 ip address 10 100 5 34 255 255 255 0 Interface vlan 38 exit 4 Enable IP routing on the switch Netgear Switch Config ip routing 5 Add a default route so that all the traffic without a destination is forwarded according to this Netgear Switch default route Config ip route default 10 100 5 252 6 Create ACL 101 to deny all traffic that has the destination IP address 192 168 24 0 24 Netgear Switch Config access list 101 deny ip any 192 168 24 0 0 0 0 255 7 Create ACL 102 to deny all traffic that has the destination IP address 192 168 48 0 24 Netgear Switch Config access list 102 deny ip any 192 168 48 0 0 0 0 255 8 Create ACL 103 to permit all other traffic Netgear Switch Config access list 10
51. polieriemgpv amp policriimpr ProSafe M4100 and M7100 Managed Switches Color Conform Policy This example shows how to create a policy to police the traffic to a committed rate The packets with IP precedence value of 7 are colored green to ensure that these packets are the last to be dropped when there is congestion The example is shown as CLI commands and as a Web interface procedure CLI Configure a Color Conform Policy 1 Create a VLAN 5 and configure ports 1 0 13 and 1 0 25 as its members Netgear Netgear Netgear Netgear vlan database Vlan vlan 5 Vlan exit config Config interface 1 0 13 Interface 1 0 13 vlan participation include 5 Interface 1 0 13 vlan tagging 5 Interface 1 0 13 exit Config interface 1 0 25 Interface 1 0 25 vlan participation include 5 Interface 1 0 25 vlan tagging 5 Interface 1 0 25 exit 2 Create classes class vlan and class_color Note DiffServ service is enabled by default Netgear Netgear Netgear Netgear Netgear Netgear Config class map match all class_vlan Config classmap match vlan 5 Config class map match all class_color Config classmap match ip precedence 7 Config classmap exit Config classmap exit 3 Create a policy to police the traffic to a rate of 1000 kbps with an allowed burst size of 64 KB Furthermore the packets with IP precedence value of 7 will be c
52. 179 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Monogement Security Acooss Port Authenticotion Traffic Control Control gt Basic IP ACL v Advanced _ gt 1P ACL oH RSE Leu ns 2 IP Rules Current Number of ACL 2 IP Extended Rules Maximum ACL gt IPW ACL 2 IP 6 Rules IP Binding Configuration gt Binding Table gt Vlan Binding Table In the IP ACL field enter redirectHTTP c Click Add to create the IP ACL redirectHT TP A screen similar to the following displays Switching Routing Security Manitering Maintenance illo rice proton Secor Ry Meee aa Port Aotesho a en Fok Central gt Basic IP ACL Advanced a PF ACL IP Configuration gt IP Rules Current Humber of ACL b pP Extended Rises epen AtL Pye ACL gt Pye Rules IP Binding Configuration LF ACL Rules Binding Table A IP ACL Table 2 Vien Beading Table SSS IA Vee RAL PLE Fl j Hamed IF ACL 2 Create a rule to redirect HTTP traffic a Select Security gt ACL gt Advanced gt IP Extended Rules A screen similar to the following displays Syriam ji Switching Rouling oS Moniloring Mainieronca Halp Port duthanticoton Froth Coning Control Daik Extended ACL Rules 7 ly IP Rules s IF ACL Sane IP Bulag ACL IGNA HI Extended ACL Rule Table s IPV Roles Gourre i Rube A 1gr Mirra Redi ct F
53. Access i i Traffic Control Control ACL gt Basic Port Authentication Advanced 602 1 Port Authentication Configuration IAI Port Sas uiet Transmit Guest YLAN Guest YLAHN Unauthenticated Port Summary Perio Perio ID Perio LAWN ID Client Summary E nC E e Scroll down and select the port 1 0 1 and 1 0 24 check boxes In the Guest VLAN ID field enter 2000 Click Apply to save your settings Assign VLANs Using RADIUS This feature allows the client to connect from any port and be assigned to the appropriate VLAN assigned by the RADIUS server This gives flexibility for the clients to move around the network without requiring the administrator to do static VLAN configuration When multiple hosts are connected to the switch on the same port only one host uses authentication If any VLAN information is applied on the port based on the authenticated host the VLAN applies that information to all the hosts that are connected to that port Chapter 15 Security Management 291 ProSafe M4100 and M7100 Managed Switches e After a port is in an authorized state if any client initiates dot1x authentication the port clears authenticated clients states and in the process clears the VLAN assigned to the port if any Then the port continues with the new client authentication and authorization process e When a client authenticates itself initially on the network the switch acts as the authenticator to the clien
54. CLI Create a Protocol Based VLAN 0 0000 cece eens 28 Web Interface Create a Protocol Based VLAN 29 Virtual VLANs Create an IP Subnet Based VLAN 31 CLI Create an IP Subnet Based VLAN 20000000 31 Web Interface Create an IP Subnet Based VLAN 32 Voice VLANS oaoananananaaa naaa 33 CLI Configure Voice VLAN and Prioritize Voice Traffic 34 Web Interface Configure Voice VLAN and Prioritize Voice Traffic 36 Pile VLANS w4 t404 4 6840 Ok ee a ee a a 44 Assign Private VLAN Types Primary Isolated Community 46 CLI Assign Private VLAN Type Primary Isolated Community 46 Web Interface Assign Private VLAN Type Primary Isolated Community 46 Configure Private VLAN Association anaana cee eee eee eee 48 CLI Configure Private VLAN Association 00000 eee 48 Web Interface Configure Private VLAN Association 48 Configure Private VLAN Port Mode Promiscuous Host 49 CLI Configure Private VLAN Port Mode Promiscuous Host 49 Web Interface Configure Private VLAN Port Mode Promiscuous Host 49 Configure Private VLAN Host PortS 0 00000 e eee eee 50 CLI Configure Private VLAN Host Ports 0000005 50 Web Interface Assign Private VLAN Port Host Ports 51 Contents 3 ProSafe M4100 and M7100 Managed Switches Map Private VLAN Prom
55. CoS Interface Configuration A screen similar to the following displays z E SS ee E e a C O System Switching Routing Security Monitoring Maintenance Help Index DiffServ CoS Interface Configuration CoS Interface Configuration Configuration Go To Interface GO B02 1p Queue i 1 All 3 Interface Trust Interface Shaping Rate 0 Mapping Interface ping Mode to 100 IP Precedence 6 o IP DSCP Queue Sa a a Bo Dotip 0 CoS Interface Confiquartion m Interface Queue Tafoya Dotip o Configuration O 1 05 Dotip o 1fof1 Dotip b Under CoS Interface Configuration scroll down and select the interface 1 0 3 check box Now 1 0 3 appears in the Interface field at the top c In the Interface Shaping Rate 0 to 100 field enter 70 Chapter 11 CoS Queuing ProSafe M4100 and M7100 Managed Switches d Click Apply to save the settings Chapter 11 CoS Queuing 199 DiffServ Differentiated Services This chapter provides the following examples e DiffServ on page 201 e DiffServ for VoIP on page 218 e Auto VoIP on page 225 e DiffServ for IPv6 on page 229 e Color Conform Policy on page 237 Differentiated services DiffServ is one technique for implementing Quality of Service QoS policies Using DiffServ in your network allows you to directly configure the relevant parameters on the switches and routers rather than using a resource reservatio
56. Configuration DHCP y6 Interface Configuration DHCPYV6 Bindings Information gt DHCPy6 Server Statistics Configure Stateless DHCPv6 Server This example uses the DHCPV6 server to configure the information about DNS server to those clients which get IPv6 in autoconfig mode or manual mode The configured DHCP pool doesn t contain a prefix pool but contains DNS server to be passed to clients The IPv6 interface must have the ipv6 nd other config flag command enabled CLI Configure Stateless DNS Server This example shows how to configure a DNS server to clients with stateless IPv6 address using DHCPV6 server 1 Enable ipv6 routing Netgear Switch Config ipv6 unicast routing 2 Create an IPv6 pool with DNS server and enable dhcpv 6 service Netgear Config ipv6 dhcp pool ipv6_server Netgear Config dhcp6s pool dns server 201119 18 lt 1 Netgear Config dhcp6s pool exit Netgear Config service dhcpv6 3 Enable IPv6 DHCP server on interface 2 0 21 394 Chapter 23 DHCPv6 Server ProSafe M4100 and M7100 Managed Switches Note In this case you have to configure the command ipv6 nd other config flag on the interface otherwise the host cannot update the DNS with it Config interface 2 0 21 Netgear Switch Interface 2 0 21 routing Interface 2 0 21 ipv6 address 2003 1000 1 64 Interface 2 0 21 ipv6 enable Netgear Switch
57. DHCP Snooping Interface Configuration Glotad DHCP Snooping Interface Configuration Coehiguraian n ee mece enn pa est niall ine ieee 2 Alji Go Te Inieriara Sotticur atinr Logging Binding Invalid Babe Limitippsj first Interval recs Configuration Packets E Perpeke nt Conhguratoan Les bere b Select the Interface 1 0 1check box c For Interface 1 01 in the Trust Mode field select Enable d Click Apply 308 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Syriam AL gga mei Cee Py DHCP Snnnning Global Cenhgur sien piesa Denhguretica Bimding Configuration Persittent Configurston Statistics Rowling Qos Security Manrhorcng Mainenance Help Az phii Pari Py Shara aaa has DHCP Snooping Interface Configuration DHCP Snooping Interface Configuration i Al Logging inier aca Trust Mode nara bel Babe Limiti pire Hiiret aberwal tecc Packels o IP Seurce Guard Dynamit ARP 4 Select Security gt Control gt DHCP Snooping Binding Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Management Security Accoss Port Authentication Traffic Control DHCP Snooping Global Configuration Interface Configuration Binding Configuraton Persistent Configuration Statistics DHCP Snoopi
58. Group compat mode Source Address 00 04 02 MLD on Switch A show ipv mld groups ff32 1 Web Interface Configure MLD 1 Enable IP routing on the switch Chapter 30 MLD ProSafe M4100 and M7100 Managed Switches a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Routing Table i Pv VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast Basic IP Configuration IP Configuration Statistics IP Configuration gt Advanced Default Time to Live 64 Routing Mode ICMP Echo Replies Disable Enable CMP Redirects Disable Enable Help ICMP Rate Limit Interval 1000 0 to 2147483647 mes ICMP Rate Limit Burst Size 100 2 to 200 b For Routing Mode select the Enable radio button c Click Apply 2 Enable IPv6 unicast routing on the switch a Select Routing gt IPv6 gt Basic gt Global Configuration A screen similar to the following displays System Switching Routing QoS Security jjj Monitoring Maintenance Routing Table IP i WLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP Multicast Basic IPv6 Global Configuration Global Configuration IP 6 Global Configuration Route Table IPv6 Unicast Routing gt Advanced IPv Forwarding Hop Limit O to 255 ICHPv Rate Limit Error Interval CO to 2147483647 meacs i ICMPv Rate Limit Bu
59. IP IPv VLAN ARP RIP OSPF OSPFY3 Router Discovery VRRP Maintenance Security Monitoring _ Global Configuration gt Mroute Table Global Configuration Global Configuration Interface Admin Mode Disable j Enable Configuration Protocol State Non Operational gt DYMRP Table Maxinuum Entry Count 256 IGMP PIM DM Protocol No Protocol Enabled gt PIM SM Table Entry Count g gt MLD gt Static Routes Configuration Admin Boundary Configuration For Admin Mode select the Enable radio button Click Apply 9 Enable PIM DM globally a Select Routing gt Multicast gt PIM gt Global Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Routing Tabla IF Pwd VLAN ARF RIP OSPF OSPF Router Discovery VRRP MAulleas Pees Mullicasi gt Mroute Table PIM Global Configuration Global PIM Global Configuration Configuration gt Interface PIM Protocol Type f PIM OM PIM SM Configuration Admin Mode C Disable fi Enable DYMRP IGMP w Pit Global Configuration 55M For PIM Protocol Type select the PIM SM radio button For Admin Mode select the Enable radio button Click Apply 10 Enable PIM DM on interfaces 1 0 21 1 0 22 and 1 0 24 a Select Routing gt Multicast gt PIM gt Interface Configuration Help Index Chapter 28 PIM 457 458 ProSafe M4100 and M7100
60. IP Interface Configuration Configuration gt S sac Go To Interface ae J Statistics a b Scroll down and select the interface 1 0 15 check box Now 1 0 15 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 20 2 e Inthe Network Mask field enter 255 255 255 0 e Inthe Admin Mode field select Enable d Click Apply to save the settings 3 Specify the router ID and enable OSPF for the switch a Select Routing gt OSPF gt Basic gt OSPF Configuration A screen similar to the following displays SE a s Security Monitoring Maintenance Help index Routing Table IP VLAN ARP RIP i Router Discovery VRRP Basic OSPF Configuration OSPF Configuration OSPF Configuration gt Advanced OSPF Admin Mode Disable Enable Router ID po ee b In the Router ID field enter 2 2 2 2 c Click Apply to save the settings 4 Enable OSPF on port 1 0 15 a Select Routing gt OSPF gt Advanced gt Interface Configuration Chapter 7 OSPF BA srtecece sa Routi Administrati Configuration Interface Description IP Address Subnet Mask EE sa ashes octal gt Secondary IP 105 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP Router Discovery VRRP Interface Configura
61. Interface 0 9 exit Netgear Switch Chapter 14 MVR Multicast VLAN Registration 263 264 5 Configure the receive ports Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch ProSafe M4100 and M7100 Managed Switches Config interface 0 1 Interface Interface Interface Interface Interface Interface 0 1 vlan participation 0 1 vlan pvid 1001 0 1 vlan participation 0 5 mvr 0 1 mvr type receiver 0 1 exit Config interface 0 5 Interface Interface Interface Interface Interface Interface 0 5 vlan participation 0 5 vlan pvid 1002 0 5 vlan participation 0 5 mvr 0 5 mvr stype receiver 0 5 exit Config interface 0 7 Interface Interface Interface Interface Interface Interface 0O 7 vlan participation 0 7 vlan pvid 1003 0 7 vlan participation 0 7 mvr O 7 mvr type receiver 0 7 exit Chapter 14 MVR Multicast VLAN Registration Note A receive port can participate in only one VLAN include exclude include exclude includel003 exclude 1 ProSafe M4100 and M7100 Managed Switches 6 Show the MVR status Netgear Switch show mvr MVR Running MVR multicast VLAN MVR Max Multicast Groups MVR Current multicast groups MVR Global query response time 5 tenths of sec comp
62. Interface 1 0 4 ip address 10 100 1 2 255 255 255 0 Netgear Switch Netgear Switch Interface 1 0 4 ip rip Interface 1 0 4 Netgear Switch exit Netgear Switch Chapter 29 DHCP L2 Relay and L3 Relay 499 ProSafe M4100 and M7100 Managed Switches 3 Create a routing interface connecting to the client Netgear Switch Config Config interface 1 0 16 Interface 1 0 16 routing Netgear Switch Switch Netgear Switch Interface 1 0 16 ip address 10 200 2 1 255 255 255 0 Switch Interface 1 0 16 exit 4 Configure the DHCP Server IP address and enable the DHCP L3 relay Netgear Switch Config ip helper address 10 100 1 1 dhcp Netgear Switch Config ip helper enable 5 Redistribute 10 200 1 0 24 and 10 200 2 0 24 to the RIP such that RIP adviertises this route to the DHCP server Netgear Switch Config Netgear Switch Config router rip Netgear Switch Config router redistribute connected 4 4 Netgear Switch Config router exit Web Interface Configure a DHCP L3 Relay 1 Enable routing mode on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing Routing Table i IPv WLAN ARP RIP i Qo5 Security Monitoring Maintenance Help Index OSPF OSPF Router D
63. MAC Filter Private Group Configuration gt Port Security Private Group Private Group Configuration VLAN croup name Gout Group mode Urag roup2 2 Configuration oes E Private Group groupi 1 community Membership gt Storm Control gt Protected Port In the Group Name field enter group2 In the Group ID field enter 2 In the Group Mode field select isolated e Click Add 7 Add ports 16 and 17 to group2 29 5 406 Chapter 24 Double VLANs and Private VLAN Groups ProSafe M4100 and M7100 Managed Switches a Select Security gt Traffic Control gt Private Group VLAN gt Private Group VLAN gt Private Group Membership A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication i ACL gt MAC Filter Private Group Membership gt Port Security Private Group Private Group Membership LAN Group ID Group Name group i Private Group Group Mode prvate crop e Private Group j Port 1 2 3 4 5 6 7 8 9 18 19 20 21 22 23 24 Membership viii gt Storm Control gt Protected Port 25 26 27 28 In the Group ID list select 2 Click Unit 2 The ports display Click the gray boxes under ports 16 and 17 and a check mark displays in each box Click Apply e205 Chapter 24 Double VLANs and Private VLAN Groups 407 Spanning Tree Protocol This chapter provides the follow
64. Mbps b Under Stack Port Configuration scroll down and select the 1 0 51 check box c In the Configured Stack Mode list select Ethernet d Click Apply to save the settings Reboot the switch a Maintenance gt Reset gt Device Reboot A screen similar to the following isplays System Switching Routing Qc5 zi Security Monitoring Maintenance Help Index Save Config i Upload Download Fila Management Troubleshooting v Device Reboot Device Reboot Factory Default Password Reset Device Reboot Reboot Unit No Save prior to reboot C Don t save prior to reboot In the Reboot Unit No list select 1 c Click Apply Chapter 19 Switch Stacks ProSafe M4100 and M7100 Managed Switches Stack Switches Using 10G Fiber This example shows how to stack two switches in different buildings at long distance using 10G fiber First insert AX741 to I O slot on Switch A and insert AX741 to I O slot on Switch B Then connect the two AX741 with fiber Switch A Switch B Figure 39 Using 10G fiber to stack switches in different buildings CLI Stack Switches Using 10G Fiber 1 On Switch A show the port information Netgear Switch show stack port Configured Running Stack Stack Link Unit Intf Slotid Type XFP Adapter Status Ethernet Ethernet Link Down Stack Stack Link Down In this case port 1 0 52 has been configured as stack so no action is needed 2 On Switch B show the stack
65. Multicast OSPF Neighbor Table OSPFv3 Neighbor Table Go To Interface aso Area Router Dead Interface ID D 0A CASE eee Help Index Retransmission Queue length To use the Web interface to configure OSPF on switch A2 repeat this process for switch A2 Chapter 7 OSPF ARP Proxy Address Resolution Protocol Proxy ARP allows a router to answer ARP requests when the target IP address is not that of the router itself but a destination that the router can reach If a host does not know the default gateway proxy ARP can learn the first hop Machines in one physical network appear to be part of another logical network Without proxy ARP a router responds to an ARP request only if the target IP address is an address configured on the interface where the ARP request arrived Proxy ARP Examples The following are examples of the commands used in the proxy ARP feature CLI show ip interface Netgear Switch show ip interface lt slot port gt Enter an interface in slot port format brief Display summary information about IP configuration settings for all ports Netgear Switch show ip interface 0 24 Routing Mode Disable Administrative Mode Enable Forward Net Directed Broadcasts Disable Proxy ARP Disable Active State Inactive Link Speed Data Rate Inactive MAC Address Ce 20st 7 205205202 Chapter8 ARP 127 ProSafe M4100 and M7100 Managed Switches CLI ip proxy arp Netgear
66. Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Enter secret 16 vlan database Vlan vlan 2000 Vlan exit Config interface 1 0 1 Interface 1 0 1 vlan participation include 2000 Interface 1 0 1 exit Config interface 1 0 24 Interface 1 0 24 vlan participation include 2000 Interface 1 0 24 exit Config aaa authentication dotlx default radius Config dotlx system auth control Config radius server host auth 192 168 0 1 Config radius server key auth 192 168 0 1 characters max 12345 Re enter secret 12345 Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Config interface 1 0 6 Interface 1 0 6 dotlx port control force authorized Interface 1 0 6 exit Config interface 1 0 12 Interface 1 0 12 dot1lx port control force authorized Interface 1 0 12 exit 3 Enable dot1x and RADIUS on the switch Switch Switch Switch Switch Switch Switch Config interface 1 0 1 Interface 1 0 1 dotlx guest vlan 2000 Interface 1 0 11 exit Config interface 1 0 24 Interface 1 0 24 dot1lx guest vlan 2000 Interface 1 0 24 exit Chapter 15 Security Management 287 ProSafe M4100 and M7100 Managed Switches 4 Enable the guest VLAN on ports 1 0 1 and 1 0 24 Netgear Switch show
67. Private Group Private Group Configuration z fgroupt si Configuration cammuniy ae Private Group Membership gt Storm Control gt Protected Port In the Group Name field enter group In the Group ID field enter 1 In the Group Mode list select community Chapter 24 Double VLANs and Private VLAN Groups 405 ProSafe M4100 and M7100 Managed Switches e Click Add 5 Add port 6 and 7 to group1 a Select Security gt Traffic Control gt Private Group VLAN gt Private Group Membership A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication i ACL gt MAC Filter Private Group Membership Port Security Private Group LAN Private Group Configuration Private Group Private Group Membership Group ID Group Name Group Mode Membership ele Joy Storm Control Protected Port In the Group ID list select 1 Click Unit 1 The ports display Click the gray boxes under ports 6 and 7 A check mark displays in each box Click Apply 6 Create a private group group2 a Select Security gt Traffic Control gt Private Group VLAN gt Private Group Configuration A screen similar to the following displays e205 Index Switching Maintenance Help System Routing Security Monitoring Management Security Access Port Authentication gt
68. Protocol TCP gt x Eran Jua FI ID Queue Every Keyword Flag address Mi Mointenaonca Halp index Destination Destination Destination 3 IP Address IP Mask Under IP Extended Rules in the ACL ID field select 102 c Click Add The Extended ACL Rule Configuration screen displays System Switching Routing Security Monitoring Acooss Port Authentication Traffic Control Manogement Security MAC ACL k IP ACL IF ACL IP Rules Extended ACL Rule Configuration Extended ACL Rule Configuration 100 199 ACL IG Maintenance Help ndex IP Extended Rules IF Binding Configuration Binding Table Rule ID i to 23 Ac tina Match Every Protocol Type 10 4 O Permit Deny False iP Egress Queue Oto 6 li to 255 TCP Flag FIN Ignore STN Ignore PSH Ignore ACK Ignore Source IP Address Source IP Mask B Source L4 Port Destinaton IP Address Destination IP Mask Destination L4 Port w 0 to 65535 192 168 48 0 r 0 to 65535 0 0 0 23255 RST Ignore URG Ignore d Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections e Inthe Rule ID field enter 1 e For Action mode select the Deny radio button e Inthe Match Every field select False e Inthe Destination IP Address field enter 192 168 48 0 e
69. Routing Routing Table IP IPv gt Basic Advanced OSPFY3 Configuration Index Help Maintenance Security Monitoring VLAN ARP RIP OSPF i Router Discovery VRRP Multicast OSPFv3 Interface Configuration OSPF 3 Interface Configuration i All Common Area Configuration Stub Ares Configuration IPv Admin Interface Area ID l Address Mode NSSA Area E Oi Enable Configuration Configuration a BE Interface D 1 0 3 Configuration zi Router Priority Area Range 0 0 0 0 Disable 0 0 0 0 Disable Retransmit Interval b Scroll down and select the Interface 1 0 1 and 1 0 13 check boxes c In the Admin Mode field select Enable d Click Apply to save the settings 8 Enable multicast globally a Select Routing gt Multicast gt Global Configuration A screen similar to the following displays System Switching RCO QoS Routing Table IP IPvG VLAN ARP RIP security Monitoring Maintenance OSPF OSPFy3 Router Discovery VRRP gt Mroute Table Global Configuration gt Interface Configuration gt D MRP gt IGMP gt PIM BM gt PIM SM gt MLD gt Static Routes Configuration gt Admin Boundary Configuration Global Configuration Global Configuration Admin Mode Protocol State Table Maximum Entry Count Protocol Table Entry Count Disable f Enable Won Operational 256 No Protocal Enabled o
70. Select Routing gt OSPFv3 gt Basic gt OSPFv3 Configuration A screen similar to the following displays System Switching Routing security Monitoring Maintenance Help Index Routing Table IP IPv6 VLAN ARP RIP OSPF i Router Discovery VRRP Multicast Basic OSPF Configuration OSPFy3 Configuration OSPFv3 Configuration gt Advanced Admin Mode C Enable Disable Router ID 1 2 1 4 b Under the OSPF Configuration enter the following information e Inthe Router ID field enter 1 1 1 1 e For Admin Mode select the Enable radio button c Click Apply to save the settings 3 Enable IPv6 on port 1 0 1 Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches a Select Routing gt IPv6 gt Advanced gt IP Interface Configuration d Routing Table IP gt Basic Advanced gt Global Configuration A screen similar to the following displays System Switching Routing z Security Monitoring Maintenance l Help Index VLAN ARP RIF OSPF OSPR Router Discovery VRRP Multicast IPv6 Interface Configuration IPv6 Interface Configuration gt Interface Configuration gt Prefix Interface IPve Mode Configuration gt Statistics Neighbour Table Static Route Configuration gt Route Table gt Route Preference Duplicate Routing Admin Operational Address Lifetime Mode Mode Mode ite Detection Interval Transmits Disable lt A E
71. Source IP Address Source Mask Source L4 Port flo 65535 Destination IP Address Diffserv Class Configuration e Under Diffserv Class Configuration enter the following information e Inthe Source IP Address field enter 172 16 30 0 e Inthe Source Mask field enter 255 255 255 0 f Click Apply 5 Create class develooment_dept a Select QoS gt DiffServ gt Advanced gt Class Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index CoS gt Diffserv Wizard Class Configuration Class Table i DiffServ Class Name Class Type Configuration Ae ee All Configuration finance_dept Policy marketing_dept All Configuration test_dept All Service Configuration Service Statistics b Enter the following information e Inthe Class Name field enter develooment_dept e Inthe Class Type list select All c Click the Add to create a new class development_dept Chapter 12 DiffServ 207 ProSafe M4100 and M7100 Managed Switches d Click development_dept to configure this class System Switching Routing Security Monitoring Maintenance Help Index DiffServ Configuration Class Configuration Policy Configuration Service Configuration Service Statistics Class Information Class Name development Class Type Diffserv Class Configuration Match Every E Reference Cla
72. Switch Switch Switch vlan da Vlan vlan 300 Vlan exit config Config interface 1 0 1 Interface 1 0 1 vlan participation include 300 Interface 1 0 1 vlan pvid 300 Interface 1 0 1 exit Config interface 1 0 24 Interface 1 0 24 vlan participation include 300 Interface 1 0 24 vlan pvid 300 Interface 1 0 24 exit Config exit Config set mld Config exit vlan database Vlan set mld 300 Vlan exit 2 Enable MLD snooping on VLAN 300 Netgear Switch show mldsnooping Admin Mode Multicast Control Frame Count Interfaces Enabled for MLD Snooping VLANs enabled for MLD snooping Netgear Switch Chapter 30 MLD ProSafe M4100 and M7100 Managed Switches Web Interface Configure MLD Snooping 1 Create VLAN 300 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays System Switching Routing Qos Security Monitoring Maintenance Help STP Multicast Address Table Ports LAG v Basic l VLAN Configuration VLAN Configuration Reset gt Advanced Reset Configuration Internal YLAN Configuration Internal LAW Allocation Base 4095 Internal VLAN Allocation Policy Ascending Descending VLAN Co nfiguration Sa YLAN ID LAN Name YLAN Type Default Default b In the VLAN ID field enter 300 c Click Add 2 Assign al
73. Sys Log Configuration a b C System Switching Routing QoS Security Monitoring Ports gt Buffered Logs gt Command Log Configuration gt Console Log Configuration Sys Log Configuration gt Trap Logs gt Event Logs Maintenance Help Index i Mirroring Syslog Configuration Syslog Configuration Admin Status Disable Enable Local UDP Port 514 Messages Relayed Messages Ignored 0 Host Configuration a Host Address eo eR SCNT RES Paar ADD DELETE CANCEL APPLY In the Syslog Configuration next to the Admin Status select the Enable radio button Click Apply 2 Configure the command log Chapter 18 Syslog ProSafe M4100 and M7100 Managed Switches b C Select Monitoring gt Logs gt Command Log System Switching Routing QoS Security Monitoring Maintenance Help Index Ports i i Mirroring Buffered Logs Command Log Configuration Command Log Configuration Command Log Configuration Console Log Admin Disable Enable Configuration gt Sys Log Configuration gt Trap Logs gt Event Logs CANCEL i apPLY i Under Command Log for Admin Status select the Disable radio button Click Apply 3 Configure the console log a Select Monitoring gt Logs gt Console Log System Switching Routing Security Monitoring Maintenance Help Index Ports i Mirroring gt Buffered Logs Console Log Configuration gt Co
74. System Switching Routing QoS Security Monitoring Maintenances Routing Table IP i IPv VLAN ARP i OSPF OSPFy3 Router Discovery VRRP Multicast gt Basic _ Interface Configuration Advanced Interface Interface 1 0 9 Configuration Send Version RIP 2 F 2 Route RIP 2 2 Redistribution Receive Version RIP Admin Mode Authentication Type In the Interface field select 1 0 9 For RIP Admin Mode select the Enable radio button Click Apply 7 Enable RIP on interface 1 0 13 a Select Routing gt RIP gt Advanced gt Interface Configuration Chapter 28 PIM 443 A screen similar to the following displays j System Switching Routing IP Routing Table gt Basic Advanced RIP Configurat Interface Configuration Route Redistribution b In the Inte QoS OSPF security IPvS i VLAN ARP Interface Configuration ion Interface Configuration Interface Send Version Receive Version RIP Admin Mode Authentication Typ rface list select 1 0 13 OSPFy3 ProSafe M4100 and M7100 Managed Switches l Monitoring Maintenance l Help Index h Router Discovery VRRP Multicast 1 0 13 RIP 2 f Disable f Enable c For RIP Admin Mode select the Enable radio button d Click Appl y 8 Enable multicast globally a Select Routing gt Multicast gt Global Configuration A screens System Routing Table Mroute Table Gl
75. The following example shows how to create a DHCP server with an IP address pool that is makes fixed IP to MAC address assignments The example is shown as CLI commands and as a Web interface procedure Chapter 22 DHCP Server ProSafe M4100 and M7100 Managed Switches CLI Configure a DHCP Reservation Switch config Switch Config service dhcp Switch Config ip dhcp pool pool_manual Config client name dhcpclient Switch Config hardware address 00 01 02 03 04 05 Config host 192 160 200 1 255 255 255 lt 0 Config client identifier 01 00 01 02 03 04 05 Switch Netgear Switch Netgear Switch Note The unique identifier is a concatenation of the media type and MAC addresses For example the Microsoft client identifier for Ethernet address c8 19 24 88 f1 77 is 01 c8 19 24 88 f1 77 where 01 represents the Ethernet media type For more information see the Address Resolution Protocol Parameters section of RFC 1700 Web Interface Configure a DHCP Reservation 1 Select System gt Services gt DHCP Server gt DHCP Server Configuration A screen similar to the following displays System Switching Routing el Security Monitoring Maintenance Management Device View i Stocking SNMP DHCP Server DHCP Server Configuration DHCP Server Configuration DHCP Pool Configuration fi Admin Mode O Disable Enable DHCP Pool Options isti Ping Packet Cou
76. Web Interface Configure an Inter area Router 1 Enable IP routing globally a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing security Monitoring Maintenance Help Routing Table IP Pv VLA ARP RIP OSPF OSPFya Router Discovery VREP Multicast IP Mulicasi Basic IP Configuration gt IP IP Configuration Configuration Statistics Default Time to Live 64 gt Advanced Routing Mode Enable Disable ICMP Echo Replies f Enable Disable ICMP Redirects Enable Disable ICMP Rate Limit Interval 1000 0 to 2147483647 ms ICMP Rate Limit Burst Sire 100 i to 200 Maximum Next Hops 4 Haximum Routes il Select to configure Global Default Gateway Li Global Default Gateway 0 0 0 0 b For Routing Mode select the Enable radio button c Click Apply to apply the settings 2 Enable IPv6 unicast globally a Select Routing gt IPv6 gt Basic gt Global Configuration A screen similar to the following displays system Switching Routing Security Monitoring Maintenance Help Routing Table IP VLAN ARP RIF OSPF OSPR Router Discovery VRRP Mulicosi Pet Mulicasi Basic IPv6 Global Configuration Global Configuration Route Table IPv Unicast Routing C Disable Enable IPv6 Global Configuration gt Advanced IPv Forwarding C Disable Enable i Hop Limit o 0 to 255 ICMP 6 Rate Limit Error Inberral 1000 O to 2147462647 mecs
77. YM JE 9 0 1 13 ice NetGear SM17224S5 b Scroll down and select the Interface 1 0 1 and 1 0 13 check boxes c In the Admin Mode field select Enable d Click Apply to save the settings MLD on Switch B 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration Chapter 30 MLD 513 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Ty Help esis ei Routing Table Pv i WLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast Basic IP Configuration IP Configuration Statistics IP Configuration Advanced Default Time to Live 64 Routing Mode ICMP Echo Replies Disable Enable ICMP Redirects Disable Enable ICMP Rate Limit Interval 1000 0 to 2147483647 ms ICMP Rate Limit Burst Size 100 1 to 200 b For Routing Mode select the Enable radio button c Click Apply 2 Enable IPv6 unicast routing on the switch a Select Routing gt IPv6 gt Basic gt Global Configuration A screen similar to the following displays f System Ep Switching j Routing Security Monitoring Maintenance Help Index Routing Table IP i WLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast Bake IPv6 Global Configuration Global Configuresar IP 6 Global Configuration Route Table IPv 6 Unicast Routing gt Advanced
78. a Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays Switching Routing Qos Security Monitoring Maintenance Help STP Multicast Address Table Ports LAG gt Basic VLAN Membership Advanced gt VLAN VLAN Membership Configuration VLAN ID Group Operation Untag All VLAN Membership VLAN Name vlanz00 UNTAGGED PORT MEMBERS A VLAN Type static TAGGED PORT MEMBERS MAC Based VLAN 2 Port PYID Configuration Port 1i 23 4 5 Ff 8 9 10 it 12 13 14 15 16 17 18 19 20 21 22 23 24 gt Port DYLAN Ui 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 4 43 44 45 46 47 48 Configuration Protocol Based VLAN Group Configuration gt Protocal Based VLAN Group Membership GARP Switch Configuration gt GARP Port Configuration 49 30 51 52 b Under VLAN Membership in the VLAN ID field select 200 c Click Unit 1 The ports display e Click the gray box under port 24 twice until U displays The U specifies that the egress packet is untagged for the port 400 Chapter 24 Double VLANs and Private VLAN Groups ProSafe M4100 and M7100 Managed Switches Click the gray box under port 48 once until T displays The T specifies that the egress packet is tagged for the port d Click Apply to save the settings 3 Change the port VLAN ID PVID of port 24 to 200 a Select Switching gt VLAN gt Advanced gt Port PVID Configuration A screen s
79. and 1 0 13 a Select Routing gt Multicast gt PIM gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index toGour Routing Table IP IPv amp ARP RIP OSPF OSPFv3 Routor Discovery VRRP Au IPvS Multicast Mroute Table PIM Interface Configuration gt Global Configuration Interface 1 All Go To Interface PIM Interface Configuration Roe Interface Asean Protocol ag Hello Interval secs Join Pruno ot gt DYMRP Mode State Address Interval secs Border La aah E 5 D DR Priority R gt IGMP PIM gt Global Configuration gt SSM Configuration Interface Configuration gt PIM Neighbor Candidate RP Configuration gt BSR Candidate SoD auon rT 1 0 10 Disable Non Operational 0 0 0 0 Disable Static RP Configuration F 10 11 Disable Non Operational 0 0 0 0 Disable gt Static Routes F 1 0 12 Disable Non Operational 0 0 0 0 Disable Configuration gt Admin Boundary F 1 0 14 Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable 170 8 Disable Non Operational 0 0 0 0 Disable Bie isis ie oe b Under PIM Interface Configuration scroll down and select the 1 0 1 1 0 9 and
80. b For Admin Mode select the Enable radio button c Click Apply 2 8 5 8 GO a Bo 2 Help Index Enable DSCP Value Chapter 2 VLANs 37 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System fl Switching Routing Jos Security Monitoring Moaintononce Help index Y a Fa i LAG SIF Malficonl Esait Voice VLAN Configuration 7 olce VLAN Global Admin VLAN Carnfiguration Anii Shoes Cites Enable WLAN Membership 2 VLAN Stabs Yolon VLAN Configuration Port P ID j i o Configuration i MAC Barod VLAN CoS Override Operational i All Interface Mode Value DSCP Value F Fiode State ee eS ee Disable Disable Disable Cusablg Cais atle Disabili Disabla Egabla z JP Subnet Based Dizabie H 7 isabis Configuration Protocol Bared WLAN Group Configuration Protocol Besed VLAN Group Mamberthip Parse YLA A Confiqurnsen E GABP Switch oa oc 6 oana o om off oo oo o o 4 Configure Voice VLAN mode in the interface 1 0 2 a Select Switching gt VLAN gt Advanced gt Voice VLAN Configuration b Select the 1 0 2 check box c In the Interface Mode list select VLAN ID d In the Value field enter 10 A screen similar to the following displays Sqrtloen ite ha et Security Monitering bbpinhananca Basic Voice VLAN Configuration Woice VLAN Global Admin Palmin Bodie Disable Enable VLAN Gonia atan VLAN Membersh
81. b For Admin Mode select the Enable radio button c Click Apply 9 Enable PIM DM globally Help TS Index a Select Routing gt IPv6 Multicast gt IPv6 PIM gt Global Configuration Chapter 30 MLD ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays NetGear xsm17224S M Ha Firefox PI i Eile Edit view History Bookmarks Tools Help Ss ar http f10 14 14 4fbase fnetgesr_login html TT Google 2 _2 Most Visited Getting Started Latest Headlines http sf127 0 0 1 2002 s XSM7224S NETGEAR Connect with Innovation System Switching Routing QoS Security Monitoring Routing Table OSPFv3 Router Discovery Risoiukte Tabie PIM Global Configuration IPpws PIM Global Configuration SSM Configuration Interface PIM Global Configuration PIM Protocol Type PIM DM PIM SM Admin Mode Disable 52 Enable Configuration PIM Neighbor Candidate RP Configuration BSR Candidate Configuration Static RP Configuration MLD Static Routes Configuration Maintenance Multicast 24 Port 10G SFP Ports Managed L2 Stackable Switch Help Index Done Svstart 2 mm amp gt S SuperP 1987 198 7 DJ win2K3 Automation vm 9 0 1 13 E NetGear xsm7z2245 lt eich 1 0 aM b For Admin Mode select the Enable radio button c Click Apply 10 Enable PIM DM on interfaces 1 0 1 and 1
82. gt Advanced gt IP Interface Configuration Chapter 9 VRRP 133 134 C ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table VLAN ARP RIP OSPF Router Discovery VRRP Basic GoTo Interface Go Advanced ox es Interface Description PENS IP Address Subnet Mask Routing Adminis aay gt Statistics p Mode Mode IP Interface Configuration ama y i 255 255 0 0 255 0 0 Enable il i Secondary IP 170 1 0 0 0 0 Disable Enable 1 0 2 0 0 0 0 0 0 Disable Enable 1 0 3 0 0 0 0 0 0 Disable Enable 170 5 0 0 0 0 0 0 Disable Enable lv O E 0 6 0 0 0 0 0 0 Disable Enable Scroll down and select the Interface 1 0 4 check box Now 1 0 4 appears in the Interface field at the top Enter the following information e Inthe IP Address field enter 192 150 4 1 e Inthe Network Mask field enter 255 255 0 0 e Inthe Administrative Mode field select Enable d Click Apply to save the settings 3 Enable VRRP on port 1 0 4 a Select Routing gt VRRP gt Basic gt VRRP Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP OSPF Router Discovery VRRP Configuration Global Configuration Configuration Statistics Admin Mode Disable
83. gt Advanced Default Time to Live 64 Routing Mode Disable i Enable ICMP Echo Replies Disable Enable ICMP Redirects Disable Enable ICMP Rate Limit Interval 1000 0 to 2147483647 ms ICMP Rate Limit Burst Size 100 4 to 200 i b For Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 21 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing ze Wh Security Monitoring Maintenance Help Index Routing Table i IPw VLAN ARP RIP OSPF OSPS Router Discovery VRRP Multicast Basic IP Interface Configuration Advanced i gt IP Configuration IP Interface Configuration gt IP Interface Configuration aS Poy WLAN IP Subnet Routing Administrative Secondary IP Port Description ID Address Mask Mode Made 0 0 0 0 0 0 0 0 Disable Enable b Scroll down and select the Port 1 0 21 check box Now 1 0 21 appears in the Port field at the top c Enter the following information in the IP Interface Configuration e Inthe IP Address field enter 192 168 2 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Configure 1 0 22 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuratio
84. lt interface id gt in global configuration mode 5 Enable IP Source Guard in interface 1 0 2 GSM7352Sv2 Interface 1 0 2 ip verify source port security With this configuration the device verifies both the source IP address and the source MAC address If the port security option is skipped the device verifies only the source IP address Web Interface Configure Dynamic ARP Inspection 1 Enable DHCP snooping globally a Select Security gt Control gt DHCP Snooping Global Configuration A screen similar to the following displays Monitoring Mainlenonce H alp Indox f Syaheen wik hing Routing Security fener naula DHCP Snooping Global Confiquration gt Gio hihipan al DHCP Snooping Global Configuration Interface DHCE Snenpirg Mada Citable Enable Qanhiguratian HA Adds Validation Disable Enable Banding Configuration VLAN Configuration b Pargrtnnt DHCP Snooping Piode Canhguratien Shabstics Chapter 15 Security Management 313 ProSafe M4100 and M7100 Managed Switches b For DHCP Snooping Mode select the Enable radio button c Click Apply 2 Enable DHCP snooping in a VLAN a Select Security gt Control gt DHCP Snooping Global Configuration A screen similar to the following displays Routing SHOUT be Mondory Maintenance Help Indo DHCP Snooping Global Configuration Config ated DHCP Snooping Global Configuration gt Interface DHCP Srsoping
85. packet passes through and how long it takes to get there In this example the packet takes 16 hops to reach its destination Chapter17 Tools 324 ProSafe M4100 and M7100 Managed Switches CLI Traceroute Netgear Switch lt ipaddr gt Netgear Switch lt cr gt lt port gt Netgear Switch racing 10 10 Dda Da 03 1 2 3 4 5 6 7 8 4 6 4 7 216 216 216 Web Interface Traceroute 1 Select Maintenance gt Troubleshooting gt Traceroute 205 205 209 205 209 209 Press Enter to execute the command Enter port no route over a maximum of 20 hops 254 24 1 2944253 1 Pe Jo Te 144 4 1 144 1 141 Le Led aso 171 8 154 171 8222 171 251 34 244 219 181 244 11 9 8 121 146 9 2282 ello 96 185 109 120 203 109 118 74 traceroute Enter IP address traceroute 216 109 118 744 traceroute 216 109 118 74 40 30 29 33 70 33 70 70 60 60 60 50 60 110 70 78 Chapter 17 Tools 325 2 3 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays a a Scat System Switching Routing QoS Security Monitoring Help ndex Save Config Reset Upload Download gt Ping TraceRoute x Traceroute Traceroute 9 IP Address 216 109 118 74 O url Results 1 2 3 4 5 6 7 8 wo o Use this screen to tell the switch to discover the routes that packets actually
86. select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays system Switching Routing i y security i Monitoring O Maintenance Help Index Routing Table Pv VLAN ARP RIP OSPF OSPF3 Router Discovery VWREP Multicast gt Basic _ IP Interface Configuration Advanced gt IP Configuration IP Interface Configuration gt Statistics i gt IP Interface Configuration coe Routin Administrative Secondary IP Description IP Address Subnet Mask x 9 z 7 Mode Mode Scroll down and select the Port 1 0 24 check box Now 1 0 24 appears in the Port field at the top Enter the following information e Inthe IP Address field enter 192 168 5 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable Click Apply to save the settings 5 Enable IP multicast on the switch a Select Routing gt Multicast gt Global Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP IPv VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP gt Mroute Table Global Configuration Global Configuration Global Configuration gt Interface Admin Mode Disable Enable Configuration Protocol State Non Operational gt D YMRP gt IGMP gt PIM DM gt PIM SM Table Entry Count 0 gt MLD gt Static Routes Configuration gt Admin B
87. switchport protected Interface 1 0 24 exit Chapter 15 Security Management 275 276 ProSafe M4100 and M7100 Managed Switches Web Interface Configure a Protected Port to Isolate Ports on the Switch 1 Create a DHCP pool Note This example assumes that the DHCP service is enabled For information about how to enable the DHCP service see the Web interface procedure in Configure a DHCP Server in Dynamic Mode on page 381 a Select System gt Services gt DHCP Server gt DHCP Server Configuration A screen similar to the following displays E q Switching System Routing Management Device View Stacking SNMP Security Monitoring Maintenance DHCP Server DHCP Server Configuration DHCP Pool Configuration DHCP Pool Options DHCP Server Statistics DHCP Bindings DHCP Pool Configuration Pool Name Pool Name Type of Binding Information Network Number DHP Conflicts Network Mask Information Network Prefix Length gt DHCP Relay Client N gt UDP Relay iene Hardware Address Hardware Address Type Chent ID Host Number Host Mask Host Prefix Length Lease Time Days Hours Mili hes DHCP Pool Configuration poole il Dynamic 00 3 i CO ethernet SS Cd 0 33 Specified Duration E t to 59 o ft 1439 ooo hf ta 88399 192 168 1 254 e Lo o E
88. 0 0 0 0 Disable Enable CF 2 0 3 0 0 0 0 0 0 0 0 Disable Enable Scroll down and select the interface 2 0 19 check box Now 2 0 19 appears in the Interface field at the top Enter the following information e Inthe IP Address field enter 192 168 20 1 Chapter 7 OSPF 109 ProSafe M4100 and M7100 Managed Switches e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Admin Mode field select Enable d Click Apply to save the settings 4 Specify the router ID and enable OSPF for the switch a Select Routing gt OSPF gt Basic gt OSPF Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP Router Discovery VRRP Basic OSPF Configuration OSPF Configuration OSPF Configuration gt Advanced OSPF Admin Mode Disable Enable Router ID pap ae b Under OSPF Configuration in the Router ID field enter 2 2 2 2 c Click Apply to save the settings 5 Enable OSPF on port 2 0 11 a Select Routing gt OSPF gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP Router Discovery VRRP eer Interface OSPF Area ID Admin Priority 0 to Interval 0 Interval 1 Mode 255 to 3600 to 65535 Advanced Configuration Common Area Configur
89. 0 13 a Select Routing gt IPv6 Multicast gt IPv6 PIM gt Interface Configuration A screen similar to the following displays gt G TS R S ar Google 2 2 Most visited 4 Getting Started gt Latest Headlines http sf127 0 0 1 2002 NETGEAR Connect with Innovation System Switching Routing Qos Security Monitoring Routing Table OSPFv3 Router Discovery Rinne ae PIM Interface Configuration IPvs PIM gt Global Configuration SSM Configuration Interface Configuration PIM Neighbor Candidate RP Configuration BSR Candidate Configuration Static RP Configuration MLD Static Routes Configuration PIM Interface Configuration 1 All MNHon Oper ral Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Mon Operational Mon Operational Mon Operational Mon Operationsal Mon Operational Mon Operational Mon Operationsal Mon Operational Mon Operational Mon Operational w fm m OG OG Oe faja K Non Operational Maintenance Help Index Multicast Go To Interface kee Admin Protocol IPY Join Prune BSR Inte Hell Int I gt DR i i ee Prefix Length Interval secs m 2 30 PSO l Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable 24 Port 10G SFP Ports Managed L2 Stackable Switch HHHHRHHRH EH Done fy start x eS oa ea SuperTP 198_7 198_7 in2K3 Automation
90. 0 13 check box Now 1 0 13 appears in the Interface field at the top c Enter the following information Chapter 28 PIM 467 ProSafe M4100 and M7100 Managed Switches e Inthe IP Address field enter 192 168 1 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 5 Enable RIP on interface 1 0 1 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitering Maintenance Help Index Routing Table IP IPvVG WLAN ARP i i OSPF OSPFy3 Router Discovery VRRP Multicast gt Basic Interface Configuration Advanced RIP Configuration Interface Configuration Interface Interface Configuration Send Version 2 Route Redistribution Receive Version RIP Admin Mode Authentication Type b In the Interface field select 1 0 1 c For RIP Admin Mode select the Enable radio button d Click Apply 6 Enable RIP on interface 1 0 9 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing Qo5 Security Monitoring Maintenance Help Index Routing Table IP IPw VLAN ARP i OSPF OSPFy3 i Router Discovery VRRP Multicast gt Basic Interface Configuration Advanced RIP Configuration Interface Configuration Interface Interface Conf
91. 00 01 hardware type time link layer address e Hardware type 16 bit hardware type reserved by IANA 1 means an Ethernet device e Time 32 bit unsigned integer The time in seconds when this DUID was generated since 00 00 00 1 1 2000 e Link layer address The link layer address of a device generating the DUID b Vendor assigned unique ID based on Enterprise Number e 00 02 enterprise number identifier e Enterprise number 32 bit integer reserved by IANA e Identifier Variable length data for each vendor c Link layer address e 00 03 hardware type link layer address e Hardware type 16 bit hardware type reserved by IANA 1 means an Ethernet device e Link layer address The link layer address of a device generating the DUID Chapter 23 DHCPv6 Server 387 388 ProSafe M4100 and M7100 Managed Switches In the following case the CPE router requests prefix from the PE router The PE router chooses prefix 2001 1 64 for delegation and responds with the prefix to the requesting CPE router The CPE router subnets the prefix and assigns the longer prefixes to links in the user s network The CPE router is then responsible to assign the 2001 1 1 96 to one user s network and 2001 1 2 96 to another user s network XSM7224S PE Router 2 CPE Router User s network 2001 1 1 96 y k f val PE Router Provider edge router CPE Router Customer premise equipment router Figure 41 DHCPv 6
92. 1 Issue the member lt unit id gt lt switchindex gt command To view the supported unit types use the show supported switchtype command 2 Next configure the unit you just defined with configuration commands just as if the unit were physically present Ports for the preconfigured unit come up in a detached state 3 To see the ports use the show port all command Now you can configure the detached ports for VLAN membership and any other port specific configuration After you preconfigure a unit type for a specific unit number attaching a unit with different unit type for this unit number causes the switch to report an error The show switch command indicates config mismatch for the new unit and the ports on that unit don t come up To resolve this situation you can change the unit number of the mismatched unit or delete the preconfigured unit type using the no member lt unit id gt command When you add a preconfigured switch to the switch stack the stack applies either the preconfigured configuration or the default configuration The following table lists the events that occur when the switch stack compares the preconfigured configuration with the new switch Table 2 Preconfigured Switches Compared to Stack Configuration Switch Type Is the Stack Member Number Same Yes Is the same The switch stack applies configuration to the preconfigured new switch and adds it to the stack Yes Does not match e The switch stack appli
93. 1 0 13 check boxes c In the Admin Mode field select Enable d Click Apply to save the settings Chapter 28 PIM 445 ProSafe M4100 and M7100 Managed Switches PIM DM on Switch B 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays i System Switching SELEM QoS Security Monitoring Maintenance Help Routing Table i P WLAN ARP RIP OSPF OSPFyv3 Router Discovery VRRP Multicast v Basic IP Configuration IP Configuration Statistics IP Configuration gt Advanced Default Time to Live 64 Routing Mode ICMP Echo Replies Disable Enable ICMP Redirects Disable Enable ICMP Rate Limit Interval 1000 O to 2147483647 ms ICMP Rate Limit Burst Size 100 1 to 200 i b For Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 10 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System i Switching Routing QoS Security i Monitoring Maintenance j Help Index Routing Table Pad VLAN ARP RIP OSPF OSPR Router Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced gt IP Configuration IP Interface Configuration 2 IP Interface Configuration Secondary IF Description a i K Address Mask Mode Mode ndex IF Subnet
94. 1001 add port 0 5 to VLAN2 1002 and add port 0 7 to VLAN3 1003 3 Enable MVR and multicast VLAN a b C d Select Switching gt MVR gt Basic gt MVR Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicost IVR Address Table Ports LAG v Basic MVR Configuration gt MYR Configuration n MVR Group Configuration MYR Configuration MVR Interface M R Running Enable x Configuration MYR Multicast Vlan 999 1 to 4094 gt Advanced MYR Max Multicast Groups 256 MYR Current Multicast Groups 0 M R Global query response time 5 1 to 100 M R Mode compatible gt For MVR Running select Enable In the MVR Multicast VLAN field enter 999 Click Apply 4 Add multicast group 224 1 2 3 to MVR a b Select Switching gt MVR gt Basic gt MVR Group Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicast if Address Table Ports LAG Basic MVR Group Configuration MVR Configuration i gt MVR Group Configuration MYR Group Configuration MVR Interface il MYR Group IP Status Members Configuration cI 224 1 2 3 E gt Advanced In the the MVR Group IP field enter 224 1 2 3 Chapter 14 MVR Multicast VLAN Registration ProSafe M4100 and M7100 Managed Switches C Click Add 5
95. 10G Full 10G Full Enable Chapter 19 Switch Stacks CLI Configure a Stacking Port as an Ethernet Port 12 Actor Timeout ProSafe M4100 and M7100 Managed Switches 2 On Switch B Configure the stack port and reboot Netgear Switch Netgear Switch show stack port Configured Running Stack Stack Link Unit Intf SlotId Type XFP Adapter Mode Status stack Ethernet Ethernet Link Down Ethernet Ethernet Link Down Switch config Switch Config stack Switch Config stack stack port 1 0 51 ethernet Switch Config stack exit Switch Config exit Switch reload Are you sure you want to reload the stack y n y After Switch B reboots LZ Oy SL Netgear Switch show port 2 0 28 Admin Physical Physical Link Link LACP Actor Type Mode Mode Status Status Trap Mode Timeout Enable 10G Full 10G Full Web Interface Configure a Stacking Port as an Ethernet Port 1 a b C d On Switch A configure a stack port as an Ethernet port Select System gt Stacking gt Advanced gt Stack Port Configuration A screen similar to the following displays System Switching Routing Gos Security Monitoring Maintenange Help Index i LOGOUT fl Management Davies View Services oMAAP LLOP SDP Stack Port Configuration Basic 1 Sa Stack Port Configuration Stac Configuration Unit ID Port Pahkla bnlte Mode Running Stack Mode Link Status Link Speed Gbps
96. 14 15 16 17 18 19 20 21 22 23 24 Port DYLAN ENANA EE vad an a iis Find a E E a ike ii a ial 25 26 27 28 Configuration g In the VLAN ID list select 20 h Click Unit 1 The ports display i Click the gray box under port 3 until T displays The T specifies that the egress packet is tagged for the port j Click Apply 3 Assign PVID to VLAN10 and VLANZ2O a Select Switching gt VLAN gt Advanced gt Port PVID Configuraton Index Index Chapter 5 VLAN Routing 71 72 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays STP Multicast Basic Advanced VLAN Configuration VLAN Membership VLAN Status MAC Based VLAN Port PVID Configuration Port DYLAN Configuration Protocol Based VLAN Group Configuration Protocol Based VLAN Group e205 Routing QoS Security Address Table Ports LAG Port VLAN Id Configuration PVID Configuration Go To Interface Admit All Admit All Admit All Admit All Admit All A screen similar to the following displays STP Multicast Routing QoS Security Address Table Ports LAG Port VLAN Id Configuration P ID Configuration Configuration VLAN Membership VLAN Status MAC Based VLAN Port PVID Configuration Port DYLAN Configuration VLAN Group Configuration T r Protocol Based u r 7 r Protocol Based VLAN Group 1 0 4 Monito
97. 171 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control MAC ACL MAC Binding Configuration MAC ACL MAC Rules Binding Configuration MAC Binding ACLID acl_bpdu Direction Cankguretion Sequence Number 1 to 4294967295 Binding Table gt IP ACL Port Selection Table Interface Binding Status Interface Direction Sequence Number b Enter the following information in the MAC Binding Configuration e IN the ACL ID field select acl_bpdu e Inthe Sequence Number field enter 1 c Click the Unit 1 The ports display d Click the gray box under port 2 A check mark displays in the box e Click Apply to save the settings ACL Mirroring This feature extends the existing port mirroring functionality by allowing you to mirror a designated traffic stream in an interface using ACL rules Define an ACL rule matching the 172 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches desired traffic with the option mirror to an interface Any traffic matching this rule will be copied to the specified mirrored interface Other network GSM73xxS Probing station Packets from 10 0 0 1 workstation gt i i 5 l Packets from 10 0 0 1 10 0 0 2 10 0 0 2 workstation workstation workstation Figure 19 ACL mirroring
98. 2 to IPv6 Netgear Switch Config interface 1 0 13 Interface 1 0 13 routing Interface 1 0 13 ipv6 address 2000 2 64 Interface 1 0 13 ipv6 enable Netgear Switch Netgear Switch E Netgear Switch Chapter 7 OSPF 123 ProSafe M4100 and M7100 Managed Switches 8 Enable OSPFvs on interface 1 0 13 and set the OSPF network mode to broadcast Netgear Switch Interface 1 0 13 ipv6 ospf Netgear Switch Interface 1 0 13 ipv6 ospf network broadcast Netgear Switch show ipv6 ospf neighbor Router ID Priority IntfID Interface State DeadTime 1 0 13 Full DR 34 Web Interface Configure OSPFv3 1 Enable IPv6 unicast routing on the switch a Select Routing gt IPv6 gt Basic gt IPv6 Global Configuration A screen similar to the following displays Routing Qo5 Security Monitoring Maintenance Help Routing Table IP VLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP Multicast Basic IPv6 Global Configuration Global Configuration IPv6 Global Configuration Route Table IPv6 Unicast Routing C Disable Enable eae IPv6 Forwarding Disable Enable Hop Limit D 0 to 255 ICMPy6 Rate Limit Error Interval 1000 0 to 2147483647 msecs ICMPv6 Rate Limit Burst Size 100 1 to 200 i b For IPv6 Unicast Routing Mode select the Enable radio button c Click Apply to save the settings 2 Specify the router ID and enable OSPFv3 for the switch a
99. 24 to VLAN 200 add pvid 200 to port Netgear Switch config Config interface 1 0 24 Netgear Interface 1 0 24 vlan pvid 200 Switch Switch Switch Netgear Interface 1 0 24 vlan participation include 200 Switch Netgear Netgear Interface 1 0 24 exit Add interface 1 0 48 to the VLAN 200 in a tagging mode Netgear Switch Netgear Switch Netgear Switch Netgear Switch Select interface Netgear Switch Netgear Switch Netgear Switch Netgear Switch Config interface 1 0 48 Interface 1 0 48 vlan participation include 200 Interface 1 0 48 vlan tagging 200 Interface 1 0 48 exit 1 0 48 as the provider port Web Interface Enable a Double VLAN 1 Create static VLAN 200 Chapter 24 Double VLANs and Private VLAN Groups 399 ProSafe M4100 and M7100 Managed Switches a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Routing security Monitoring Maintenance STP Multicost Address Table Ports LAG Basic VLAN Configuration VLAN Configuration Reset gt Advanced Reset Configuration LAN Configuration co Es Default Default Static b Under VLAN Configuration enter the following information e Inthe VLAN ID field enter 200 e Inthe VLAN Name field enter vian200 e Inthe VLAN Type field select Static c Click Add 2 Add ports 24 and 48 to VLAN 200
100. 30 MLD Conigure MLD seisi ohh eoreee dates os vou nnas Eain ieaees 506 CLI Configure MLD ccc nc koe heg new eeeun shee ebwed ew va bees 506 Web Interface Configure MLD nnana nananana cee eee 508 MED ONOODINO rsrsr ee er ee ee ee ee ee ee ee 519 CLI Configure MLD Snooping o an nanana aaaea 520 Web Interface Configure MLD Snooping nananana aana aaan 521 Chapter 31 DVMRP CLI Contig re DVMRP s 204040020e0d64sboe4 nd eet weeees ee eheeds 525 Web Interface Configure DVMRP 0 0000 cece eee 931 Chapter 32 Captive Portal Captive Portal Configuration anaa aaaea eae 543 Enable Captive Portal 44 i 25 404000 a4 ane eee eve ast eee ed Oe ee 543 CLI Enable Captive Portal 0 0 0 0 ccc cee 543 Web Interface Enable Captive Portal 00005 544 Client Access Authentication and Control 000 545 Block a Captive Portal Instance 0 000 cee eee 546 CLI Block a Captive Portal Instance 0000 eee 546 Web Interface Block a Captive Portal Instance 546 Local Authorization Create Users and Groups 05 546 CLI Create Users and GroupS 2 0 ee ee 547 Web Interface Create Users and Groups 0000005 547 Remote Authorization RADIUS User Configuration 548 CLI Configure RADIUS as the Verification Mode 549 Web Interface Configure RADIUS as the Verification Mode 54
101. 48 a Select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays System Switching Routing Security Monitoring Mamnhenance Help Monogement Security Accoss Port Authentication Traftic Control gt MAC ACL IP Binding Configuration v IP ACL gt IP ACL Binding Configuration 7 IP Rules ACL IB ia IP Extended Rules Sequence Number 1 to 4294967295 gt IF Binding Bort TL Configuration gt Binding Table Part 2 2 3 4 5 G FF B 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 wf 25 26 27 28 29 30 31 32 33 34 35 36 37 36 39 40 41 42 43 44 45 46 47 48 af 49 50 51 52 Interface Binding Status Interface Direction es Sequence Number L oysz4 Inbound IP acl 1 o 48 Inbound IF ACL 101 i Under Binding Configuration make the following selection and enter the following information e Inthe ACL ID field select 103 e Inthe Sequence Number field enter 2 Click Unit 1 The ports display Configure the following ports e Click the gray box under port 24 A check mark displays in the box e Click the gray box under port 48 A check mark displays in the box d Click Apply to save the settings Set up a MAC ACL with Two Rules The example is shown as CLI commands and as a Web interface procedure Chapter10 ACLs 169 170 ProSafe M4100 and M7100 Managed Switches CLI Set up a MAC ACL with Two Rules 1 Create anew MAC ACL acl
102. 56 58 creating 55 enabling 59 logs show logging hosts 344 MAC ACLs 137 169 MLD 505 506 508 MLD Snooping 519 MLD snooping 519 520 521 multicast listener discovery MLD 505 N NVT 334 O OSPF 61 86 116 border router configuration 92 inter area router 87 nssa area 107 558 Index ProSafe M4100 and M7100 Managed Switches stub area configuration 98 VLAN routing 116 OSPFv3 122 outbound Telnet 334 P PIM 435 PIM DM 435 437 441 PIM SM 460 461 465 port mirroring 330 activate backup image 332 dual image 331 port routing adding a default route 65 adding a static route 66 67 configuration 61 enabling routing for ports 62 63 enabling routing for the switch 62 port security 802 1x 280 281 convert dynamic to static address 271 static MAC address 272 private edge VLANs 17 private VLAN groups 402 protected ports 273 274 276 Protocol independent multicast sparse mode 460 Protocol Independent Multicast 435 Proxy Address Resolution Protocol 127 Q QoS class 201 policy 201 service 201 R RADIUS assigning VLANs 291 292 294 rapid STP 802 1w 410 RIP 61 75 82 VLAN routing 82 84 Routing Information Protocol RIP 75 S script 327 script delete 327 script list 327 scripting configuration 326 security ProSafe M4100 and M7100 Managed Switches 802 1x port security 280 281 DHCP messages maxiumum rate 310 311 DHCP snooping 306 307 IP source guard 312
103. 86 1 0 2 DYNAMIC 5 Enable ARP inspection in VLAN 1 Netgear Switch Config ip arp inspection vlan 1 Now all ARP packets received on ports that are members of the VLAN are copied to the CPU for ARP inspection If there are trusted ports you can configure them as trusted in the next step ARP packets received on trusted ports are not copied to the CPU 6 Configure port 1 0 1 as trusted Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 ip arp inspection trust Now ARP packets from the DHCP client go through because there is a DHCP snooping entry however ARP packets from the static client are dropped It can be overcome by static configuration as described in Static Mapping on page 303 Web Interface Configure Dynamic ARP Inspection 1 Enable DHCP snooping globally a Select Security gt Control gt DHCP Snooping Global Configuration Chapter 15 Security Management 299 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays BNCP Snouphng e Giota Qehraman Interface Qanhguriatan Birding Configuration Pargivtent Canhguraten Security Monitoring Maintenance Help Indox AC DHCP Snooping Global Conhiquration DHCP Snooping Global Configuration DHCP Srsepig Mode Dissble Enable HAC Adisa Validation Disabbe Enable VLAN Canliquration DHCP Snooping ode s Statistics 2 Y E y y b For DHCP Snooping Mode select the Enable radio b
104. A ie atic 5 i Port PVID E EL ELI A Configuration Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Port DVLAN Titi Configuration In the VLAN ID list select 2 Click Unit 1 The ports display Click the gray boxes under ports 1 and 2 until T displays The T specifies that the egress packet is tagged for the ports Click Apply to save the settings 2 Specify that only tagged frames will be accepted on ports 1 0 1 and 1 0 2 a Select Switching gt VLAN gt Advanced gt Port PVID Configuration Index Chapter 2 VLANs 19 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays ia ma SS Le SS gt N Switching Routing Security Monitoring Maintenance Help Index Multicast Address Table Ports LAG Port VLAN Id Configuration PV ID Configuration Configuration VLAN Membership Go To Interface GO Port VLAN Status P ID 1 to Acceptable Frame Ingress wan Interface Priority 0 MAC Based VLAN 4093 Types Filtering to 7 Port P ID Configuration Port DYLAN Configuration Protocol Based VLAN Group b Under PVID Configuration scroll down and select the check box for Interface 1 0 1 Then scroll down and select the Interface 1 0 2 check box c Enter the following information e Inthe Acceptable Frame Type polyhedron list select VLAN Only e Inthe PVID 1 to 4093 field enter 2 d Click Apply to s
105. Add a Static Route coc isetewr ap eeedie vhen pba oben koe en aan 66 Web Interface Add a Static Route 0 cc eee 67 Chapter 5 VLAN Routing Create Two VLANS cp o5cdaae ctcedeodud ba eA Hew EW Oe REESE ER 68 CLI Create Two VIANG cc c2aguc ne gwedaned RES Pde ew eens ewaw lt 69 Web Interface Create Two VLANS 0000 e eee eee 70 Set Up VLAN Routing for the VLANs and the Switch res CLI Set Up VLAN Routing for the VLANs and the Switch 73 Web Interface Set Up VLAN Routing for the VLANs and the Switch 73 Chapter 6 RIP Routing tor the OWIICH i s 4 edie to8 56 Orda Oe red ke eee eee 76 CLI Enable Routing for the Switch 0 00 00 0 eee eee 76 Web Interface Enable Routing for the Switch 76 ROUNO Toe PONS esd aicea a ces oe bak Ree ee eee aoe cee cr CLI Enable Routing and Assigning IP Addresses for Ports 1 0 2 and 1 0 377 Web Interface Enable Routing for the Ports 77 RIP for the Switch 4060 ba etek one ee eke ors been waa RATA 78 4 Contents ProSafe M4100 and M7100 Managed Switches CLI Enable RIP on the SWIHGCR sicg4 oid duced eu danes oa ddmea eters 79 Web Interface Enable RIP on the Switch 6 79 RIP ior Ports 170 2 and WO e 4 56 stan e a4 6 4e n 15 65 ghee e OED a 79 CLI Enable RIP for Ports 1 0 2 and 1 0 3 0 000 000 80 Web Interface Enable RIP for Ports 1 0 2 and 1 0 3
106. Admitall Disable Scroll down and select the Interface 1 0 4 1 0 5 and 1 0 6 check boxes In the PVID 1 to 4093 field enter 200 Click Apply to save the settings 4 Enable DHCP L2 relay on VLAN 200 a Select System gt Services gt DHCP L2 Relay gt DHCP L2 Relay Configuration Chapter 29 DHCP L2 Relay and L3 Relay 491 e ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View i Stacking SNMP LLDP ISDP gt DHCP Server DHCP L2 Relay Configuration DHCP Relay DHCP L2 Relay DHCP L2 Relay Global Configuration DHCP L2 Relay Admin Mode C Disable Enable Global Configuration DHCP L2 Relay VLAN Configuration ae mc aamnness foratonte eens Interface 200 e Cs Co Configuration DHCP L2 Relay Interface Statistics UDP Relay gt DHCPv6 Server gt DHCPv6 Relay For Admin Mode select the Enable radio button Scroll down and select the VLAN ID 200 check box Enter the following information e Inthe Admin Mode field select Enable e Inthe Circuit ID Mode field select Enable e Inthe Remote ID String field enter rmt_id Click Apply to save the settings 5 Enable DHCP L2 Relay on interfaces 1 0 4 1 0 5 and 1 0 6 492 a b C d Select System gt Services gt DHCP L2 Relay gt DHCP L2 Relay Interface Configurat
107. Advanced Global IPv6 Interface Selection Configuration Interface 1 0 13 Interface Configuration gt Prefix Configuration Ipv Prefix Prefix Length Hams Like creares gt Statistics Time Life Time gt Neighbour Table Ef zo01 2 1 EE eee A aac eae 7 FE80 222 3FFF FE9E 955D 128 Configuration Route Table Route Preference Tunnel Configuration IPv6 Interface Configuration b Select Interface 1 0 13 c Enter the following information e Inthe IPv6 Prefix field enter 2001 2 1 e Inthe Prefix Length field enter 64 e Inthe EUI64 field select Disable d Click Add to save the settings 6 Configure the router ID of OSPFvs a Select Routing gt OSPFv3 gt Basic gt OSPFv3 Configuration A screen similar to the following displays Routing i security Monitoring Maintenance Help index Routing Table IP IPvS VLAN ARP RIP OSPF Router Discovery VRRP Multicast Basic _ OSPF v3 Configuration OSPFvS Configuration OSPF 3 Configuration gt Advanced Admin Mode C Disable Enable Router ID 4 1 1 1 b In the Router ID field enter 1 1 1 1 c For Admin Mode select the Enable radio button d Click Apply 7 Enable OSPFv3 on interfaces 1 0 1 and 1 0 13 a Select Routing gt OSPFv3 gt Advanced gt Interface Configuration Chapter 30 MLD 511 512 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching
108. Advanced RIP Configuration Interface Configuration Interface Interface Configuration Send a Route Redistribution Receive Version RIP Admin Mode Authentication Typ b In the Interface field select 1 0 10 Monitoring Maintenance Help Index 1 Router Discovery VRRP Multicast 1 0 10 RIP 2 RIP 2 C Disable f Enable c For RIP Admin Mode select the Enable radio button d Click Apply Enable RIP on interface 1 0 11 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing Security Routing Table IP IPvS WLAN ARP i OSPF i OSPR gt Basic Interface Configuration Advanced RIF Configuration Interface Configuration Interface Interface Configuration Route Redistribution Send Version Receive Version RIP Admin bode Authentication Type b In the Interface list select 1 0 11 Monitoring Maintenance Help index Router Discovery VRRP Multicast Disable Enable c For RIP Admin Mode select the Enable radio button d Click Apply Enable multicast globally a Select Routing gt Multicast gt Global Configuration Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Routing Table IP IPv amp VLAN ARP RIP OSPF Mroute Table Global Configuration Interf
109. Apply 3 Check to make sure that the binding database shows the entry in the Static Binding Configuration table Monitoring Maintenance Help DHCP Snooping Binding Configuration Global endiguraben Static Minding Configuration Ti Intarfaca Interface HAC Address VLAN It if Address Conigaratean f 1 f i Tenths EHO L z E Cerig F LADA OO ININE i 192 168 10 1 Peraichent z A ponani Dynamic Binding Configuration i E Ststistics m ai ODF Source Duard HAC Adirata VLA ID IP Aiiirers ynamic ABP Pyle OO 2868 54 FOe35 i 192 2668 10 94 B im nipectian Maximum Rate of DHCP Messages To prevent DHCP packets being used as DoS attachments when DHCP snooping is enabled the snooping application enforces a rate limit for DHCP packets received on untrusted interfaces DHCP snooping monitors the receive rate on each interface separately If the receive rate exceeds the configured limit DHCP snooping brings down the interface The user must specify no shutdown on this interface to further work with that port 310 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches CLI Configure the Maximum Rate of DHCP Messages 1 Control the maximum rate of DHCP messages Netgear Switch Interface 1 0 2 ip dhcp snooping limit rate 5 2 View the rate configured GSM7328S show ip dhcp snooping interfaces 1 0 2 Interface Trust State Rate Limit Burst
110. C Disable fi Enable For PIM Protocol Type select the PIM DM radio button For Admin Mode select the Enable radio button Click Apply 8 Enable PIM SM on interfaces 1 0 10 and 1 0 11 a Select Routing gt Multicast gt PIM gt Interface Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Routing Table IP IPv VLAN ARP RIP OSPF OSPFv3 Routor Discovery IPv Multicas s Mroute Table Disable Non Operational Disable gt Global Disable Non Operational Disable Configuration Disable Non Operational Disable Interface Disable Configuration Disable gt DYMRP gt IGMP Y PIM gt Global Configuration gt SSM Configuration Interface Configuration gt PIM Neighbor gt Candidate RP Non Operational Disable Non Operational Disable 1 0 12 Disable 1 0 13 Disable 1 0 14 Disable 1 0 15 Disable 1 0 16 Disable 1 0 17 Disable 1 0 18 Disable Non Operational Disable Non Operational Disable Non Operational Disable Non Operational Disable Non Operational Disable Non Operational Disable mie jaja ile Non Operational Disable b Scroll down and select the Interface 1 0 10 and 1 0 11 check box C d In the Admin Mode field select Enable Click Apply to save the settings PIM DM on Switch C 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration Chapter 28 PIM 44
111. CLI Configure ACL Mirroring The script in this section shows how to mirror the traffic stream received from a host in an interface These examples mirror the traffic from the host 10 0 0 1 connected to the interface 1 0 1 1 Create an IP access control list with the name monitorHost Netgear Switch Config ip access list monitorHost 2 Define the rules to match host 10 0 0 1 and to permit all others Netgear Switch Config ipv4 acl permit ip 10 0 0 1 0 0 0 0 any mirror 1 0 19 Netgear Switch Config ipv4 acl permit every Chapter 10 ACLs 173 ProSafe M4100 and M7100 Managed Switches 3 Bind the ACL with interface 1 0 1 Netgear Switch Interface 1 0 1 ip access group monitorHost in 1 4 View the configuration Netgear Switch show ip access lists Current number of ACLs 1 Maximum number of ACLs 100 ACL ID Name Rules Direction Interface s monitorHost Netgear Switch show ip access lists monitorHost ACL Name monitorHost Inbound Interface s 1 0 1 Rule Number Match All Protocol Source IP Address Source IP Mask Mirror Interface Rule Number permit Web Interface Configure ACL Mirroring 1 Create an IP access control list with the name monitorHost on the switch a Select Security gt ACL gt Advanced gt IP ACL 174 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Maintenance Help Index System S
112. Chapter 12 DiffServ Help Help Index Index 213 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Policy Class Configuration Class Information DiffServ Policy Name Configuration Policy Type Bi x Glass l Member Class Name development Configuration gt Policy Policy Attribute Configuration Siearcice Assign Queue Configuration Policy Atribute Drop Service Statistics O markcos Mark IP Precedence Mark IP DSCP i Police Simple Color Mode Color Conform Class Color Conform Mode O Committed Rate c In the Assign Queue list select 4 d Click Apply 14 Attach the defined policy to interfaces 1 0 1 through 1 0 4 in the inbound direction a Select QoS gt DiffServ gt Advanced gt Service Configuration A screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index gt Diffserv Wizard DiffServ Service Configuration Policy Service Config DiffServ Go To Interface C gou GO Policy internet_accesi w accesi w Configuration Operational Class Interface Policy In Direction P Status a es Configuration Service Configuration Service Statistics b Scroll down and select the check boxes for interfaces 1 0 1 1 0 2 1 0 3 and 1 0 4 c In the Policy In list select internet_access d Cl
113. Configuration 2 Statistics gt IP Interface Configuration Secondary IP IP Interface Configuration IP Interface configuration FLAN k r gaia ag E 16 2 2 E 255 255 0 0 0 0 0 0 0 0 0 Scroll down and select the Port 1 0 13 check box Now 1 0 13 appears in the Port field at the top e Inthe IP Address field enter 192 168 2 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Configure 1 0 20 as a routing port and assign an IP address to it Help Index Administrative Pode Routing Mode Enable Enable Disable Enable Enter the following information in the IP Interface Configuration a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System l Switching Routing Pv VLAN ARP Security Monitoring Maintenance RIP OSPF OSPFva Router Discovery VRRP Multicast IP Address Routing Table gt Basic Advanced gt IP Configuration IP Interface Configuration AP Interface Configuration Statistics gt IP Interface Configuration Secondary IP Subnet Mask 255 255 255 0 Scroll and select the Port 1 0 20 check box Now 1 0 20 appears in the Interface field at the top Enter the following information e Inthe IP Address field enter 192 168 4 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode fi
114. DB8 COAB AC11 In the Source Prefix Length field enter 64 In the Destination L4 Port list select http A screen similar to the following displays oyshom a P Extended Rules e Pri ACL Py uiet F Banding Configurstian Bending Tobie Click Apply Switching IPv6 ACL Rule Configuration IPv6 ACL Rule Configuration ACL Kame ipeb aecl Rube i E Arribon Perma Genny Logging Disable Mirror Interface Redirect laterface Match Every Dable Protocol Type TCP fou Prefix Prefislength TOM DSS SCOAB ACI Ls Rource La Port Pahi Destination Prefin Pre linlength Bestinateon Li Port Fise a bee IF OSC Senos 5 Apply the rules to inbound traffic on port 1 0 1 Fouling Gos Securilhy Monitoring ProSafe M4100 and M7100 Managed Switches Maintenance Help Index Maintenance Help Index Only traffic matching the criteria will be accepted a Select Security gt ACL gt Advanced gt IP Binding Configuration 188 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches In the ACL ID list select ipv6 acl In the Sequence Number list select 1 Click Unit 1 Select Port 1 A screen similar to the following displays e205 Mainhanonce Monitoring i Secu y Acca Pon Ay tertic gon Monogaman Sancunity gt Basic Advanced JP AOL lF Rude JF Extended Rules Eve ACL 1PvG Rules IP Binding Comfiguraben Binding Table fee ee Vian
115. DMCP Snooping Dynamic ARP Inspection Interface Configuration gt IF Saurce Guard Dinine ABP DAL Interface Configuration T Hiepection z Dit Conhiguraton DAT VLAN Canfigiratben i AN Ga Te fahertiecm Got Trust Mode Rabe Limit pps Burst Interval secs Now ARP packets from the DHCP client will go through however ARP packets from the Static client are dropped since it does have a DHCP snooping entry It can be overcome by static configuration as described in the following section Static Mapping on page 303 Static Mapping The example is shown as CLI commands and as a Web interface procedure CLI Configure Static Mapping 1 Create an ARP ACL Netgear Switch Config arp access list ArpFilter 2 Configure the rule to allow the static client Netgear Switch Config arp access list permit ip host 192 168 10 2 mac host 00 11 85 ee 54 e9 Chapter 15 Security Management 303 ProSafe M4100 and M7100 Managed Switches 3 Configure ARP ACL used for VLAN 1 Netgear Switch Config ip arp inspection filter ArpFilter vlan 1 4 Now the ARP packets from the static client will go through since it has an entry in the ARP ACL ARP packets from the DHCP client is also through since it has a DHCP snooping entry This command can include the optional static keyword If the static keyword is given packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings In th
116. Description en ID Address Mode Mode AL scence ic 255 255 255 0 Disable Enable Scroll down and select the 1 0 22 check box Now 1 0 22 appears in the Interface field at the top Enter the following information e Inthe IP Address field enter 192 168 6 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable Click Apply to save the settings 4 Enable RIP on the interface 1 0 21 Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing lied Routing Table IP i gt Basic Advanced RIP Configuration Interface Configuration Route Redistribution Qo05 i OSPF i Security VLAN ARP OSPRy3 Interface Configuration Interface Configuration Interface Send Version Receive Version RIP Admin Mode Authentication b In the Interface field select 1 0 21 c For RIP Admin Mode select the Enable radio button d Click Apply 5 Enable RIP on interface 1 0 22 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing Routing Table IP i gt Basic e Advanced RIP Configuration Interface Configuration Route Redistribution Qo05 i OSPF Security Pwd VLAN ARP Interfa
117. Disable Disable Enable Disable a 2 0 3 Disable Disable Disable Disable Enable Disable b Under IPv6 Interface Configuration scroll down and select the Interface 2 0 21 check box Now 2 0 21 appears in the Interface field at the top Chapter 23 DHCPv6 Server 395 ProSafe M4100 and M7100 Managed Switches In the IPv6 Mode field select Enable In the Routing Mode field select Enable In the Adv Other Config Flag field select Enable f Click Apply to save the settings 3 Configure IPv6 address on the interface 2 0 21 a Select Routing gt IPv6 gt Advanced gt Prefix Configuration 7209 A screen similar to the following displays VLAN ARP RIP OSPF OSPFv3 Router Discovery QoS Security Monitoring Maintenance Help Index Routing Toble IP VRRP Multicos IPv6 Multicast 2 Basic IPv6 Prefix Configuration i IPv6 Interface Selection Global Configuration Interface Configuration Prefix Configuration gt Statistics Neighbour Table Static Route Configuration Route Table gt Route Preference gt Tunnel Configuration Interface 2 0 21 IPv6 Interface Configuration Ipv6 Prefix BE 2003 1000 1 M FE80 E291 F5FF FEC6 490A 128 Disable In the Interface list select 1 0 21 In the IPv6 Prefix field enter 2003 1000 1 In the Length field enter 64 In the EUI64 field select Disable f Click Add 4 Enable DHCPV6 service a Select System gt Services gt DHC
118. Domain Name System DNS feature The DNS protocol maps a host name to an IP address allowing you to replace the IP address with the host name for IP commands such as a ping and a traceroute and for features such as RADIUS DHCP relay SNTP SNMP TFTP SYSLOG and UDP relay You can obtain the DNS server IP address from your ISP or public DNS server list DNS is used to resolve the host s IP address It enables a static host name entry to be used to resolve the IP address The following are examples of how the DNS feature is used Specify Two DNS Servers The following example shows how to specify two DNS servers that is two IP addresses for DNS servers and to resolve an IP address using the DNS server The example is shown as CLI commands and as a Web interface procedure CLI Specify Two DNS Servers Netgear Switch config Netgear Switch Config ip name server 12 7 210 170 219 141 140 10 Netgear Switch Config exit Netgear Switch Config ip domain lookup Netgear Switch ping www netgear com Send count 3 Receive count 3 from 206 82 202 46 Web Interface Specify Two DNS Servers 1 Select System gt Management gt DNS gt DNS Configuration Chapter 21 DNS 378 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Help Index LOGOUT gt Syatem Dorica Wine Servicod SNMP DNS Configuration Informati
119. Help biffeery Wizard Class Name Class Name Configuration gt Chati a IFVe Class b Click the class ClassVoiceVLAN Chapter 2 VLANs 39 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Switching Routing we Security Manitering Mainhinanes Help gt Diffserv Wizard Class Name i Auto VarP Class Name gt Basie 7 Configueratesn s Clad Pet Class Configurawan c In the DiffServ Class Configuration table select VLAN d In the VLAN ID field enter 10 A screen similar to the following displays System Seniching Routing BEE Security Monitoring Maintenance t Diflaery Wizard Class Configuration Auto YalP Basic Athwaren eel a DiftSery Clits Typa Coniguratean a Chess DiffServ Class Configuration Class Information fir a Py Clase Match Evary ing Configuration Beferernce Class Policy C Class Of barrie Configuratan i Gere Interface sis e Click Apply A screen similar to the following displays System Switching Fouling God SePOLAr i Py Monitoring Moinienronce Cos Diere Wizard Class Confiquration Auto VolP Basic advanced Class Hama amp DA Sery Class Type Ponfiguration Class Information DiffServ Class Configuration dhiii ahfl Pg Clase Configuratesn Reference lass Policy Chase OF barvice Configuration i Serve Interface Configuration Ethernet Type Hatch Every any B VLAN 7
120. Inno System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP i i Router Discovery VRRP SiMeoute Takie MLD Routing Interface Configuration gt IPv6 PIM MLD gt Global 1 All Go To Interface gt Routing Interface Pem H Configuration Routing Interface Not In Service 10000 Statistics MLD Groups MLD Traffic Proxy Interface Configuration Proxy Interface Statistics x Proxy Membership gt Static Routes Configuration MLD Routing Interface Configuration Not In Service 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 Y2 Y2 Not In Service v2 Not In Service v2 Not In Service v2 Not In Service v2 Not In Service v2 Not In Service v2 Not In Service v2 V2 Y2 Y2 Y2 Not In Service Not In Service Not In Service m m m m a a of fa a fa a fa H NNNNNNNNNNN NWN Not In Service CANCEL l APPLY i Done start jam gt Se Superte 198_7 198_7 win2k3 Automation vm 9 0 1 13 cS NetGear XSM7224S lt wick 1 30am b Under MLD Routing Interface Configuration scroll down and select the 1 0 24 check box Now 1 0 24 appears in the Interface field at the top c In the Admin Mode field select Enable d Click Apply MLD Snooping In IPv4 Layer 2 switches can use IGMP snooping to limit the flooding of multicast traffic by dynamically configuri
121. Interface Switch Config ip dhcp pool dhcp_server Switch Config dhcp pool network 10 200 1 0 255 255 255 0 Switch Config dhcp pool exit Switch Config ip dhcp pool dhcp_server_second Switch Config dhep pool network 10 200 2 0 255 255 255 0 Switch Config dhcp pool exit Switch Config service dhcp Switch Config exit 4 Exclude the IP address 10 200 1 1 and 10 200 2 1 from the DHCP pool because it has been used on the DHCP L3 relay Netgear Switch Config ip dhcp excluded address 10 200 1 1 Config ip dhcp excluded address 10 200 2 1 Netgear Switch Web Interface Configure a DHCP Server 1 Enable routing mode on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing Qo5 Security Monitoring Maintenance Help Index Routing Table IPvG VLAN ARP RIP OSPF i OSPFy3 Router Discovery VRRP gt Multicast IPv4 Multicast ene IP Configuration is eC lets IP Contiguration 2 Statistics Advanced Default Time to Live 64 Routing Mode itj Enable Disable ICMP Echo Replies f Enable Disable ICMP Redirects f Enable Disable ICMP Rate Limit Interval 1000 0 te 2147483647 me ICMP Rate Limit Burst Size 100 1 to 2003 Maximum Next Hops 4 b For Routing Mode select the Enable radio button c Click Apply Chapter 29 DHCP L2 Relay and L3
122. Interface Configuration scroll down and select the Interface 0 9 check box c Enter the following information e Inthe Admin Mode list select Enable e Inthe Type list select source d Click Apply to save the settings 6 After port 1 receives an IGMP report for multicast group 224 1 2 3 it is added into MVR group 224 1 2 3 a Select Switching gt MVR gt Advanced gt MVR Group Membership A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicast MYR Address Table Ports LAG MVR Group Membership MYR Group Membership Membership Group IP 224 1 2 3 7 MVR Statistics 268 Chapter 14 MVR Multicast VLAN Registration Security Management In this chapter examples are provided for the following topics e Port Security e Set the Dynamic and Static Limit on Port 1 0 1 on page 270 e Convert the Dynamic Address Learned from 1 0 1 to a Static Address on page 271 e Create a Static Address on page 272 e Protected Ports on page 273 e 802 1x Port Security on page 280 e Create a Guest VLAN on page 286 e Assign VLANs Using RADIUS on page 291 e Dynamic ARP Inspection on page 297 e Static Mapping on page 303 e DHCP Snooping on page 305 e Enter Static Binding into the Binding Database on page 309 e Maximum Rate of DHCP Messages on page 310 e IP Source Guard on page 312 Port Security Port Security helps secure the network
123. Inthe Destination IP Mask field enter 0 0 0 255 e Click Apply to save the settings 10 Add and configure an IP extended rule that is associated with ACL 103 a Select Security gt ACL gt Advanced gt IP Extended Rules Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Gps Security Monitoring Marntenance Help Index Maonogement Security Acces Port Authentication Traffic Control MAC ACL IP Extended Rules V IP ACL se IP ACL IP Extended Rules IP Rules ACL IE 103 gt IF Extended Rules IP Binding Configuration Binding Table Extended ACL Rule Table 5 Rule aon anan Match Protocol TEP CUrcCe j 3OUFEE Destination Destination Destination ID ueue Every keyword Flag zA IP Address IP Hask Li Port b Under IP Extended Rules in the ACL ID field select 103 c Click Add The Extended ACL Rule Configuration screen displays System Switching Routing QoS Security Monitoring Maintenance Help Index Fort Authontication Trafic Conirol MALALE Extended ACL Rule Configuration IP ACL IF ACL Extended ACL Rule Configuration 100 199 IF Rules gt IF Extended Rules AGL Ie 103 2 IF Binding Configuration Rule ID 1 to 23 Fl 2 _ Binding Table i pi Action Permit Egress Queue 0 te 6 O Deny Match Ewery False ow Protocol Type IP al 0 to 255 TCP Flag F
124. Inthe Next Hop IP Address field enter 192 168 200 1 Click Add 5 Create a static route with IP address 192 168 30 0 24 a Select Routing gt Routing Table gt Basic gt Route Configuration A screen similar to the following displays System Switching Routing oS Security Monitoring Maintenance Help Index IP VLAN ARF RIF OSPF Rouler Discovery VREF Route Configuration Configure Routes Route Type Aetvrork Addresa Subnet mask Hawt Hop IP Address static 192 163 30 0 255 255 255 0 192 168 200 1 E Aati 132 168 100 0 235 055 255 0 172 160 200 1 Learned Routes Route H Next Ho Subnet mask E Hawt Hop IP Address Typ Interfice Dynamic 192 168 40 0 TSh SS ia Local wlan 40 192 168 4001 Opn armie 192 163 30 0 253 255 255 0 Leal Vian 0 192 168 50 1 Cynamic 192 169 200 0 233 255 2 Local Vian 200 192 168 200 2 Under Configure Routes make the following selection and enter the following information e Inthe Route Type field select Static e Inthe Network Address field enter 192 168 30 0 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Next Hop IP Address field enter 192 168 200 1 Chapter10 ACLs 157 ProSafe M4100 and M7100 Managed Switches c Click Add Use ACLs to Configure Isolated VLANs on a Layer 3 Switch This example shows how to isolate VLANs on a Layer 3 switch by using ACLs In this example PC 1 is in VLAN 24 PC 2 is in VLAN 48 and the server is in VLAN 38 PC 1
125. Inthe Priority field enter 255 e Inthe Metric Cost field enter 64 c Click Apply to save the settings OSPF on a Border Router 92 The example is shown as CLI commands and as a Web interface procedure For an OSPF sample network see Figure 17 on page 87 CLI Configure OSPF on a Border Router 1 Enable routing for the switch Netgear Switch config Netgear Switch Config ip routing 2 Enable routing and assign IPs for ports 1 0 2 1 0 38 and 1 0 4 Netgear Switch Config interface 1 0 2 Interface 1 0 2 routing Interface 1 0 2 ip address 192 150 2 2 255 255 255 0 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 routing Interface 1 0 3 ip address 192 130 3 1 255 255 255 0 Interface 1 0 3 exit Config interface 1 0 4 Interface 1 0 4 routing Interface 1 0 4 ip address 192 64 4 1 255 255 255 0 Interface 1 0 4 exit Netgear Switch Switch Switch Switch Switch Switch Switch Netgear Switch Netgear Switch 3 Specify the router ID and enable OSPF for the switch Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches Set disable 1583compatibility to prevent a routing loop Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Config router ospf enable router id 192 130 1 1 router router router no 1583comp
126. L707 12 170 13 1 0 14 170713 170716 170 17 1 0712 1 0 19 1 0 20 More or Interface 1 07 21 17 0722 1707 23 1 0 24 170725 170 26 1 0 27 1 0 28 Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled quit Auto VoIP Mode Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 Traffic Class OY O O O O AD AD A Auto VolP classifies and prioritizes the packets and places only the packets in the higher priority queue In the previous example ithey are placed in queue 6 You can override the egress queue setting using the commands cos queue strict or cos queue min bandwidth if you want Chapter 12 DiffServ 227 ProSafe M4100 and M7100 Managed Switches Web Interface Configure Auto VolP 1 Enable auto VoIP for all the interfaces in the device a Select QoS gt DiffServ gt Auto VoIP A screen similar to the following displays Salem Switching Routing GhoS curity Monitoring Mointanonca Help Diffserv Wizard Auto VoIP Configuration Auta Vell Basic Auto VolP Configuration Advanced all Ge To fivberd ace b Select the check box in the first row to select all the interfaces C In the Auto VolP Mode field select Enable A screen similar to the following displays Syatem
127. LAN Routing LAN Routing Wizard vlan ID LAG Enabled Ej IP Address 192 150 3 1 B Network Mask 255 255 255 0 Port 1 2 3 4 5 6 7 8 9 10 111213 14 15 16 17 18 19 20 21 22 23 24 iT 25 26 27 28 b Enter the following information e Inthe Vlan ID field enter 10 e Inthe IP Address field enter 192 150 3 1 e Inthe Network Mask field enter 255 255 255 0 Chapter 7 OSPF 119 ProSafe M4100 and M7100 Managed Switches c Click Unit 1 The ports display Click the gray box under port 2 until T displays The T specifies that the egress packet is tagged for the port d Click Apply to save the VLAN that includes ports 2 2 Configure a VLAN and include port 1 0 3 in the VLAN a Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP i ARP RIP OSPF Router Discovery VRRP QoS Security Monitoring Maintenance Help Inc v WLAN Routing VLAN Routing Wizard Wizard gt LAN Routing VLAN Routing Wizard vlan ID LAG Enabled gi 19 Network Mask 255 255 255 0 Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 pr 25 26 27 28 b Enter the following information e Inthe Vlan ID field enter 20 e Inthe IP Address field enter 192 150 4 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display Click the gray box under port 3 until T displays The
128. Layer 3 Each ACL is a set of up to 10 rules applied to inbound traffic Each rule specifies whether the contents of a given field should be used to permit or deny access to the network and can apply to one or more of the following fields within a packet Source IP address Destination IP address Source Layer 4 port Destination Layer 4 port ToS byte Protocol number Note that the order of the rules is important When a packet matches multiple rules the first rule takes precedence Also once you define an ACL for a given port all traffic not specifically permitted by the ACL is denied access ACL Configuration To configure ACLs 1 Create an ACL by specifying a name MAC ACL or a number IP ACL 2 Add new rules to the ACL 3 Configure the match criteria for the rules Chapter10 ACLs 137 ProSafe M4100 and M7100 Managed Switches 4 Apply the ACL to one or more interfaces Set Up an IP ACL with Two Rules This section shows you how to set up an IP ACL with two rules one applicable to TCP traffic and one to UDP traffic The content of the two rules is the same TCP and UDP packets will be accepted by the M4100 and M7100 Managed Switch only if the source and destination stations have IP addresses within the defined sets Layer 3 switch TCP packet to TCP packet to 192 178 88 3 rejected 192 178 77 3 accepted Dest IP not in range Dest IP in range Port 1 0 2 A Layer 2 switch 192 168 77 1 a
129. Mie ahklia Crahin Mie akin slim x m faja fala fala fa a Go To Interface Duplicate Address Detection Transmits h rh Re YP eB SY ee Scroll down and select the interface 1 0 9 check box Now 1 0 9 appears in the Interface field at the top Enter the following information e Inthe IPv6 Mode field select Enable e Inthe Routing Mode field select Enable Click Apply to apply the settings 4 Configure prefix on interface 1 0 9 a Select Routing gt IPv6 gt Advanced gt Prefix Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP OSPF OSPFyv3 Router Discovery VRRP Multicost IPv Multicast Pease _ IPv6 Prefix Configuration Ravenced IPv6 Interface Selection Global Configuration Interface 1 0 9 gt Interface Configuration IPv6 Interface Configuration sia ration Ipv6 Prefix Prefix Length EUI64 Valid Life Preferred z i Time Life Time anes mt ESEE E A gt Neighbour Table _ Static Route FESO E291 FSFF FEO6 2BF6 128 Disable Configuration b Scroll down and select interface 1 0 9 C Enter the following information e Inthe IPv6 Prefix field enter 2001 1 1 e Inthe Prefix Length field select 64 d Click Add to create IPv6 prefix to interface 1 0 9 5 Enable DHCPv6 Server Configuration a Select System gt Services gt DHCPv6 Server gt DH
130. Mode i Disable Enable refi guar athe sinh asthe a SAC Address Walid alien Diteble Enabis Banding Configi ater Persistent VLAN Configuration Configurathan VLAN ID DHCP Snooping Mode 4 4 La e E i MA Captive Fortal In the VLAN Configuration table in the VLAN ID list select 1 c In the DHCP Snooping Mode field select Enable A screen similar to the following displays System Switching Routing Qo Security Monitoring Maintenance Help Index Migreaga reac Saecuriby LETS TT Port Agfhanticaton Erotic Canine HLP tia pani DHCP Snooping Global Configuration Gia ppen DHCP Snooping Global Configuration Interface DHEP Siipi Mbia Disable amp Enable So nigiat ater fending Qonfigur atoon Persistent VLAN Configuration Conhguratuan VLAN ID DHCP Snooping Hade Saisie j OP Source Guard E z Dynamic ARP Ej Enable HAC Addres Valid ation Disable Enable d Click Apply A screen similar to the following displays Manitoring Mointananes Halp lingam CHOP Seep DHCP Snooping Global Configuration Bebe i DHCP Snooping Global Configuration Coupure name ons UE e a m m s ode on J r Merrie Coniguration HAC Addresa Validation Daablo amp Enable Bindang Cosfiqurasion VLAN Configuration t Perdogtent Conhgurahon DHP Snooping Mode Daable Ensble DHCP Snooping Hode Statistics Clo 3 Configure the port through which the DHCP server is reache
131. Monitoring Maintenance Help Index Routing Table IP IPvG i VLAN ARP OSPF OSPFy3 Router Discovery VRRP Multicast gt Basic Interface Configuration Advanced RIP Configuration Interface Configuration gt Interface Interface 1 0 22 Configuration Send Version RIP z Receive Version RIP 2 Redistribution l RIP Admin Mode C Disable i Enable Authentication Type b In the Interface list select 1 0 22 c For RIP Admin Mode select the Enable radio button d Click Apply 7 Enable RIP on interface 1 0 24 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays Routing Security Monitoring Maintenance Routing Table IP IP VLAN ARP i OSPF OSPR3 Router Discovery VRRP Multicast gt Basic Interface Configuration Advanced RIP Configuration Interface Configuration l Interface Interface Configuration Send Version z outs Receive Version Redistribution RIP Admin Mode Disable Enable Authenticaton Type 456 Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches b C d In the Interface list select 1 0 24 For RIP Admin Mode select the Enable radio button Click Apply 8 Enable multicast globally a b C Select Routing gt Multicast gt Global Configuration A screen similar to the following displays System Switching Routing i QoS Routing Tabla
132. Monitoring Maintenance Help Routing Table Pa VLAM ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced l gt IP Configuration IP Interface Configuration gt Statistics 1 Al ID Address Mask Mode Mode 132 168 6 2 255 255 255 0 0 0 0 0 0 0 0 0 Disable Enable 3 IP Interface Configuration Eon ky ee WLAN IP Subnet Routing Administrative 2 Secondary IP Port Description Scroll down and select the Port 1 0 22 check box Now 1 0 22 appears in the Port field at the top Enter the following information e Inthe IP Address field enter 192 168 6 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable Click Apply to save the settings Chapter 28 PIM 481 ProSafe M4100 and M7100 Managed Switches 4 Configure 1 0 24 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing a l Security i Monitoring i Maintenance Help Routing Table Pwd VLAN ARP RIP OSPF OSPI Router Discovery WRRP Multicast Basic _ IP Interface Configuration Advanced IP Configuration IP Interface Configuration 2 Statistics i All ID Address WEIS Mode l In dex Mode gt IP Interface Configuration mh dministrati 2 Secondary IP Port Description LAM IP
133. Multicast gt PIM gt Interface Configuration Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches d A screen similar to the following displays System Switching Routing Routing Table IP IPv ARP QoS Security Monitoring Maintenance Help Index RIP OSPF OSPFv3 VRRP IPv6 Multicast Router Discovery roata Takle PIM Interface Configuration gt Global Configuration gt Interface Configuration gt DYMRP gt IGMP v PIM gt Global Configuration gt SSM Configuration gt Interface Configuration PIM Neighbor gt Candidate RP Configuration PIM Interface Configuration 1 all Go To Interface Protocol IP State Address Admin Interface Mode Disable Disable Disable Disable Disable Disable Disable Disable BSR Interval secs Border el a Disable Disable Disable Disable Disable Disable Disable Disable Join Prune DR Priority Hello Interval secs el s Non Operational Non Operational Non Operational Non Operational Non Operational Non Operational Non Operational rc r r Non Operational Scroll down and select the Interface 1 0 21 1 0 22 and 1 0 24 check boxes In the Admin Mode field select Enable Click Apply to save the settings 11 Set up Candidate RP configuration a 29 5 e Select Routing gt Multicast gt PIM gt Candidate RP Configuration A screen similar to the following displays System Switc
134. PIMSM 1 0 10 C show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List 225l Lad PIMSM 1 0 22 192 168 1 225 1 1 1 PIMSM 1 0 21 D show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Protocol Interface Interface List D2 ead ook PIMSM 1 0 22 1 0 24 192 168 1 1 225 1 1 1 PIMSM 1 0 21 1 0 24 Web Interface Configure PIM SM PIM SM on Switch A 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration Chapter 28 PIM 465 466 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Qo5 RIP System Switching Routing Routing Table IPyG VLAN ARP OSPF Basic IP Configuration IP Configuration Statistics gt Advanced IP Configuration Default Time to Live Routing Mode ICMP Echo Replies ICMP Redirects ICMP Rate Limit Interval ICMP Rate Lint Burst Size security OSPFy3 Monitoring Maintenance Help Index Router Discovery VRRP Multicast 64 Disable Enable Disable Enable 1000 O to 2147483647 ms 100 4 te 200 b For Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 1 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following disp
135. Ports LAG Switching Routing security Monitoring Basic VLAN Membership Advanced VLAN VLAN Membership Configuration Group Operation Untag All VLAN Membership LAN UNTAGGED PORT MEMBERS VLAN Status 2 Port PYID Configuration MAC Based VLAN Port 1 Z 3 4 5 6 7 9 10 11 12 13 l4 15 16 1 18 19 20 271 22 23 24 _ TAGGED PORT MEMBERS IP Subnet Based Vel Ban St a Se Sh S ul Cen 5 26 27 a Port DVlan y ae b In the VLAN ID list select 2000 c Click Unit 1 The ports display d Click the gray boxes under ports 1 and 24 until U displays The U specifies that the egress packet is untagged for the port e Click Apply 3 Set force authorized mode on ports 1 0 6 and 1 0 12 a Select Security gt Port Authentication gt Advanced gt Port Authentication A screen similar to the following displays Maintenance index Switching Routing Security if Monitoring Help System Management Security Access i i Traffic Control Control ACL gt Basic Port Authentication Advanced 602 1 Port Authentication Configuration IAN Client Summary Port i gt Port Summary Period Perio ID Perio YLAN ID r ro r r W b Scroll down and select the Interface 1 0 6 and 1 0 12 check boxes c In the Control Mode list select Force Authorized d Click Apply to save settings 4 Enable dot1x on the switch Chapter 15 Security Mana
136. Relay 495 496 ProSafe M4100 and M7100 Managed Switches 2 Create a routing interface and assign 10 100 1 1 24 to it a e295 f Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing Qos Security Monitoring Maintenance Help indas locoug Routing Ta bla Pei VLAM ARP RIP OSPF CSP Ped Router Discovery YRRP Multicast Pvt MMuoliceest Baki IP Interface Configuration M Advanced IP Interface Configuration IP Configuration Statistics 1 All GoTo Interface 2 IP Interface a Forward Configuration Routing Administrative H Admi 3 Mode Mode mn Directed Broadcasts L 00 2 2 255 255 255 0 Description Secondary IF Enable i NM Enable Pe Disable 0 0 0 0 0 0 0 0 Disable Enable Disable Disable 0 0 0 0 0 0 0 0 Disable Enable Disable Disable Scroll down and select the 1 0 3 check box In the IP Address field enter 10 100 1 1 In the Subnet Mask field enter 255 255 255 0 In the Routing Mode field select Enable Click Apply to save the settings 3 Enable RIP on interface 1 0 38 a d Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Routing Table IP IPvG VLAN ARP OSPF OSPFv3 Router Discover
137. STP Multicast Addross Toble Ports LAG Protocol Based VLAN Group Configuration E Protocol Based LAN Group Config uration Configuration VLAN Membership VLAN Status Port PVID Configuration Chapter 2 VLANs 29 30 b C ProSafe M4100 and M7100 Managed Switches Enter the following information e Inthe Group Name field enter vlan_ip e Inthe Protocol list select IP and ARP while holding down the Ctrl key e Inthe VLAN field enter 5 Click Add 3 Add port 11 to the group vian_ipx a b Cc d Select Switching gt VLAN gt Advanced gt Protocol Based VLAN Group Membership A screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index STP Multicast Address Table Ports LAG Basic Protocol Based VLAN Group Membership F Advanced VLAN Protocol Based VLAN a Membership Configuration Group ID gt VLAN Membership Fi _CURRENT MEMBERS VLAN Status MAC Based VLAN Port PYID Configuration Port DYLAN 2 od 24 Se 6 Fe BS 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 In the Group ID list select 1 Click the gray box under port 11 A check mark displays in the box Click the Apply button 4 Add port 11 to the group vian_ip a p Select Switching gt VLAN gt Advanced gt Protocol Based VLAN Group Membership A screen similar to the following displays Switching
138. Statistics IP Configuration gt Advanced Default Time to Live 30 Routing Mode Disable Enable IP Forwarding Mode Disable Enable Maximum Next Hops 2 2 For Routing Mode select the Enable radio button 76 Chapter6 RIP ProSafe M4100 and M7100 Managed Switches 3 Click Apply to save the settings Routing for Ports The example is shown as CLI commands and as a Web interface procedure CLI Enable Routing and Assigning IP Addresses for Ports 1 0 2 and 1 0 3 Netgear Switch config Switch Config interface 1 0 2 Switch Interface 1 0 2 routing Switch Interface 1 0 2 ip address 192 150 2 1 255 255 255 0 Switch Interface 1 0 2 exit Switch Switch Interface 1 0 3 routing Interface 1 0 3 ip address 192 150 3 1 255 255 255 0 Interface 1 0 3 exit Switch Switch Config interface 1 0 3 Switch Config exit Web Interface Enable Routing for the Ports 1 Assign IP address 192 150 2 1 24 to interface 1 0 2 a Select Routing gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table VLAN ARP RIP OSPF Router Discovery VRRP IP Interface Configuration IP Configuration Configuration ices Go To Interface GO J IP Interface Configuration GIAN i Rinnat Secondary IP Interface Description I
139. Switch 158 CLI Configure One Way Access Using a TCP Flag in ACL Commands159 Web Interface Configure One Way Access Using a TCP Flag in an ACL161 Set up a MAC ACL with Two Rules 0 0000 169 CLI Set up a MAC ACL with Two Rules 200005 170 Web Interface Set up a MAC ACL with Two Rules 170 AGE NOW sa eee eos eee ee eee eek eee ee bee eee nee 172 CLI Configure ACL Mirroring n ooann naana eee eee 173 Web Interface Configure ACL Mirroring 0 000000 174 ACL Redirect n a naa pb badeee 4 Saeed dobro Forehead 178 CLI Redirect a Traffic Stream 2 2 2 ee eee eee 178 Web Interface Redirect a Traffic Stream 000 eee 179 Conmgute IPVG ACLS 2422244484 cunw ededac ees ia a 183 CLI Configure an IPV6 ACL 1 ees 184 Web Interface Configure an IPV6 ACL 0 0 0 0 c eee 186 Chapter 11 CoS Queuing CoS Queue Mapping 2 lt 2oc2cngiscsncsace isecbes puetecucunand 191 Tse FONS easaresissdrisriiidrwiikr e been Phd ao been eke 191 Untrusted PortS a an bi 48k oe 9 Ode oe eh e ede ERA 191 CoS Queue Configuration n a naana aaaea ee es 192 Show classofservice Trust 0 0 0 000 cece eee ee 192 CLI Show classofservice Trust 0 00000 eee eee eae 192 Web Interface Show classofservice Trust 000 193 Set classofservice Trust Mode 0 000 eee 193 CLI Set classofservice Trust Mode
140. Switches Enable iSCSI Awareness with VLAN Priority Tag The example is shown as CLI commands and as Web interface procedure CLI Enable iSCSI Awareness with VLAN Priority Tag Use the following commands to enable iSCSI awareness select VPT and set VLAN number and aging time Netgear Netgear Netgear Netgear Netgear config Config iscsi enable Config iscsi cos vpt 5 Config iscsi aging time 10 Config exit Web Interface Enable iSCSI Awareness with VLAN Priority Tag 1 1 Enable iSCSI awareness select VPT and set VLAN number and aging time a Select Switching gt iSCSI gt Basic A screen similar to the following displays System VLAN Ay Switching Rouling QoS Security Monitoring Maintenance Help Index ulo olP isis STP Multicast MYR Address Table Ports Basic iSCSI Global Configuration gt Global iF Configuration Sessions iSCSI Status Disable Enable Advanced Qos Profile VLAN Priority Tag DSCP VLAN Priority Tag sl DSCP 46 Remark 5 Disable Enable CSI Aging Time 10 i to 43200 minutes b b Enter the following information In the iSCSI Status select Enable In the QoS Profile select VLAN Priority Tag In the VLAN Priority Tag select 5 default value In the remark select Enable default value In the iSCSI Aging Time enter 10 default value c Click Apply 552 Chapter 33 iSCSI ProS
141. Switches You can enable captive portal on all the physical ports on the switch It is not supported for VLAN interfaces loopback interfaces or logical interfaces The captive portal feature uses MAC aaddress based authentication and not port based authentication This means that all the clients connected to the captive portal interface must be authenticated before they can get access to the network Clients connecting to the captive portal interface have three states unknown unauthenticated and authenticated e Unknown In the unknown state the captive portal does not redirect HT TP S traffic to the switch but instead asks the switch whether the client is authenticated or unauthenticated e Unathenticated The captive portal directs the HT TP S traffic to the switch so that the client can authenticate with the switch e Authenticated After successful authentication the client is placed in authenticated state In this state all the traffic emerging from the client is forwarded through the switch Captive Portal Configuration This section introduces the objects that make up the captive portal and describes the interaction between the captive portal and the network administrator It explains what configurations are visible to the network administrator and enumerates the events All the configurations included in this section are managed using the CLI the Web Interface and SNMP with one exception to customize the captive portal Web
142. This command is found in global contig mode e If the newunit id has been preconfigured you might need to remove the newunit id from the configuration before renumbering the unit e If you need to reassign multiple existing stack unit numbers the configuration could become mismatched To avoid this situation NETGEAR recommends that you power down all switches except the master and then add them back one at a time using the procedure in Section Add Switches to an Operating Stack on page 361 Web Interface Renumber Stack Members 1 Renumber the stacking member s ID from 3 to 2 a select System gt Management gt Basic gt Stack Configuration A screen similar to the following displays Maintenance Help Index l System Switching Routing Security Monitoring Management Device View i Services Basic Stack Configuration Stack Configuration Management Unit Selection gt Advanced Management Unit Selected 1 Md Stack Configuration Hardware Unit AR Admin Management Management PER Switch Type Management Switch Status ID Preference Status Preference EF a GSM 7328S Unassigned Unassigned Management Unit OK Under Stack Configuration scroll down and select the Unit ID 3 check box In the Unit ID list select 2 Click Apply 366 Chapter 19 Switch Stacks ProSafe M4100 and M7100 Managed Switches e Now the unit ID of the stacking member is 2 System Switching Security Monitor
143. This feature extends the existing IPv4 ACL by providing support for IPv6 packet classification Each ACL is a set of up to 12 rules applied to inbound traffic Each rule specifies whether the contents of a given field should be used to permit or deny access to the network and can apply to one or more of the following fields within a packet e Source IPv6 prefix e Destination IPv6 prefix e Protocol number e Source Layer 4 port e Destination Layer 4 port e DSCP value e Flow label Chapter10 ACLs 183 ProSafe M4100 and M7100 Managed Switches Note that the order of the rules is important When a packet matches multiple rules the first rule takes precedence Also once you define an ACL for a given port all traffic not specifically permitted by the ACL is denied access Interface 1 0 1 GSM73xxS jooosnonnnna m m m a e 2001 0DB8 c0ab ac11 J 2001 0DB8 cO0ab ac1 cad gt ISP Onna eee p gt ational gt rpm area 2001 0DB8 c0ab ac1 9 2001 0DB8 c0ab ac1 F IPv6 HTTP traffic 2 gt IPv6 Telnet traffic gt IPv6 Any other traffic Figure 21 IPv6 ACLs The script in this section shows you how to set up an IPv6 ACL with the following three rules e Rule 1 Permits every traffic to the destination network 2001 DB8 COAB AC14 64 e Rule 2 Permits IPv6 TELNET traffic to the destination network 2001 DB8 COAB AC13 64 e Rule 3 Permits IPv6 HTTP traffic to any destination CLI C
144. address to the network interface a Select System gt Management gt Network Interface gt IPv6 Network Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index Device View Services Stacking SNMP LLP ISDP gt System IPv6 Network Interface Configuration Information lt Switch Statistics Global Configuration E Sipe etd bn Admin Mode C Disable Enable gt Slot Information IPv Address Auto Configuration Mode ie Disable C Enable gt Loopback Interface Network Interface IPva Network Configuration Oo IPv Prefix j Prefix Length IP 6 Network Be 2001 1 1 64 Configuration FE80 216 24FF FED9 2499 64 Current Network Configuration Protocol ol None Cc DHCPY6 IPv6 Gateway IPv6 Network Interface Configuration ee aa For Admin Mode select the Enable radio button In the IPv6 Prefix Prefix Length field enter 2001 1 1 64 In the EUI64 field select False Click Add e205 426 Chapter 27 IPv6 Interface Configuration ProSafe M4100 and M7100 Managed Switches 2 Add an IPv6 gateway to the network interface a Select System gt Management gt Network Interface gt IPv6 Network Configuration A screen similar to the following displays System gt System Information Switching Routing Qo5 Security Monitoring Maintenance Help Index Davice View Services Stacking SNMP LLOP ISDP IPv6 Network In
145. and M7100 Managed Switches In the Global Trust Mode list select trust dotip Click Apply to save the settings Show classofservice IP Precedence Mapping The example is shown as CLI commands and as a Web interface procedure CLI Show classofservice IP Precedence Mapping Netgear Switch IP Precedence Traffic Class AID Oo A W N F OD WO WwW NHN NON FPF DOD O FF show classofservice ip precedence mapping Web Interface Show classofservice ip precedence Mapping 1 194 Select QoS gt CoS gt Advanced gt IP Precedence Queue Mapping A screen similar to the following displays System Switching Routing Security IP Precedence to Queue Mapping Interface Selection Configuration Interface 602 1p Queue Mapping IP Precedence to Queue Mapping IP Mapping CoS Interface Configuartion Interface Queue Configuration Queue In the Interface list select All Monitoring Maintenance Help Index The global IP precedence to queue mapping is displayed In the Interface list select the specific interface such as 1 0 1 Chapter 11 CoS Queuing ProSafe M4100 and M7100 Managed Switches The IP precedence to queue mapping of the interface is displayed Configure Cos queve Min bandwidth and Strict Priority Scheduler Mode The example is shown as CLI commands and as a Web interface procedure CLI Configure Cos queue Min bandwidth and Strict Priority Scheduler Mode Netgear Switch
146. and M7100 Managed Switches i 2 3 Power off the newly created switch stacks Reconnect them to the original switch stack through their stacking ports Power on the switches Replace a Stack Member 1 Make sure the redundant stack connection is in place and functional All stack members should be connected in a logical ring Power down the switch to be removed and disconnect its stack cables Remove the switch from the rack If you will be installing a different model switch remove the unit from the configuration by issuing the command no member lt unit id gt Install the new switch in the rack e Ifyou are installing the same model switch put it in the same position in the stack as the one that you just removed e If you are installing a different model switch you can either put it in the same position as the previous switch or at the bottom of the stack Cable the new switch following the established order of stacking cables Power up the new switch Verify by monitoring the master switch console port that the new switch successfully joins the stack by issuing the show switch command The new switch should join as a member never as master the existing master of the stack should not change lf the code version of the newly added member is not the same as the existing stack update the code as described in Upgrade the Firmware on page 354 Switch Stack Configuration Files The configuration files record s
147. and as a Web interface procedure CLI Configure Rapid STP 802 1w Netgear switch Config spanning tree Netgear switch Config spanning tree forceversion 802 1w Netgear switch Interface 1 0 3 spanning tree port mode Web Interface Configure Rapid STP 802 1w 1 Enable 802 1w on the switch a Select Switching gt STP gt STP Configuration A screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index i Multicast Address Table Ports STP Configuration STP Configuration gt Ad d z aios STP Configuration Spanning Tree Admin Mode O Disable Enable Force Protocol Version IEEE 802 1d IEEE 802 1w IEEE 802 1s Configuration Name 00 14 6C 53 62 8E Configuration Revision Level o Oto 65535 Forward BPDU while STP Disabled O Disable Enable Configuration Digest Key Oxac36177f50283cd4b83821d8ab26de62 STP Status MST ID VID FID CST 123410 20 30 40 50 100 111 12341020 30 40 50 100 111 b Enter the following information e For Spanning Tree Admin Mode select the Enable radio button e For Force Protocol Version select the IEEE 802 1w radio button c Click Apply 2 Configure the CST port a Select Switching gt STP gt CST Port Configuration Chapter 25 Spanning Tree Protocol ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Syriam Switching Rowing Qed Security Man
148. b For Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 1 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing oS Security Monitoring Maintenance Help Index Routing Table Pe VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic _ IP Interface Configuration Advanced IP Configuration IP Interface Configuration Statistics 1 all IP Interface Configuration eet VLAN IP Subnet Routing Administrative Secondary IF Description ID Address Mask Mode Mode Pe 192 168 2 2 255 255 2550 b Under IP Interface Configuration scroll down and select the Port 1 0 1 check box Now 1 0 1 appears in the Port field at the top c Enter the following information e Inthe IP Address field enter 192 168 2 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Configure 1 0 9 as a routing port and assign an IP address to tt a Select Routing gt IP gt Advanced gt IP Interface Configuration Chapter 28 PIM 441 442 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IPv VLAN ARP RIP OSPF OSPFv3 Router Discover
149. been created you must use the show ip vlan command to determine the VLAN s interface ID so that you can use it in the router configuration commands The diagram in this section shows a Layer 3 switch configured for port routing It connects two VLANs with two ports participating in one VLAN and one port in the other The script Chapter 5 VLAN Routing 68 ProSafe M4100 and M7100 Managed Switches shows the commands that you would use to configure a M4100 and M7100 Managed Switch to provide the VLAN routing support shown in the diagram Layer 3 switch Port 1 0 2 VLAN Router port 1 3 1 192 150 3 1 Port 1 0 3 VLAN Router port 1 3 2 192 150 4 1 Port 1 0 1 Layer 2 p Switch sea iieaa ieee VLAN 20 VLAN 10 Figure 8 Layer 3 switch configured for port routing CLI Create Two VLANs The following code sequence shows an example of creating two VLANs with egress frame tagging enabled vlan data Vlan vlan 10 Vlan vlan 20 Vlan exit Netgear Switch Netgear Switch Switch Switch conf Config interface range 1 0 1 1 0 2 Switch Switch Switch conf if range 1 0 1 1 0 2 vlan participation include 10 conf if range 1 0 1 1 0 2 vlan pvid 10 conf if range 1 0 1 1 0 2 exit Switch Config interface 1 0 3 Switch Switch Switch Interface 1 0 3 vlan participation include 20 Switch Interface 1 0 3 vlan pvid 20 Netgear Switch Interface 1 0 3 exit
150. by preventing unknown devices from forwarding packets When a link goes down all dynamically locked addresses are freed The port security feature offers the following benefits e You can limit the number of MAC addresses on a given port Packets that have a matching MAC address secure packets are forwarded all other packets unsecure packets are restricted e You can enable port security on a per port basis Port security implements two traffic filtering methods dynamic locking and static locking These methods can be used concurrently e Dynamic locking You can specify the maximum number of MAC addresses that can be learned on a port The maximum number of MAC addresses is platform dependent and is Chapter 15 Security Management 269 ProSafe M4100 and M7100 Managed Switches given in the software Release Notes After the limit is reached additional MAC addresses are not learned Only frames with an allowable source MAC addresses are forwarded Note If you want to set a specific MAC address for a port set the dynamic entries to 0 then allow only packets with a MAC address matching the MAC address in the static list Dynamically locked addresses can be converted to statically locked addresses Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the age out time You can set the time out value Dynamically locked MAC addresses are eligible to be learned by another port Stati
151. command Netgear Switch Routing Config logging host 192 168 21 253 4 1 Netgear Switch Routing show logging hosts Severity Port Status 192 168 21 253 alert Active Web Interface Configure Logging for the Port 1 Select Monitoring gt Logs gt Sys Log Configuration A screen similar to the following displays System Ports gt Buffered Logs gt Command Log Configuration gt Console Log Configuration x Sys Log Configuration gt Trap Logs gt Event Logs Switching Routing Security Monitoring Maintenance Help Index i Mirroring Syslog Configuration Syslog Configuration Admin Status Disable Enable Local UDP Port 1 to 65535 Messages Relayed Messages Ignored Host Configuration EN Host Address Port 1 to 65535 Severity Filter 192 168 21 253 Alert ADD DELETE CANCEL apPLY Enter the following information e Inthe Host Address field enter your host address 192 168 21 253 e Inthe Port field enter 4 e Inthe Severity Filter list select Alert Click Add Chapter 18 Syslog ProSafe M4100 and M7100 Managed Switches Email Alerting Email Alerting is an extension of the logging system The logging system allows you to configure a set of destinations for log messages This feature adds the email configuration through which the log message are sent to a configured SMTP server such that an administrator may receive the log in an email account
152. creates a 6in4 tunnel between GSM7328S_1 and GSM7328S_2 The tunnel carries IPv6 packets over IPv4 packets oe 1 0 13 1 0 1 f K ee ee GSM7328S_1 GSM7328S_2 Figure 44 6in4 tuennel between two switches Chapter 26 Tunnel 414 ProSafe M4100 and M7100 Managed Switches CLI Create a Tunnel Configure Switch GSM7328S 1 Netgear Switch config Netgear Switch Config ip routing Switch Config ipv6 forwarding Switch Config ipv6 unicast routing Switch Config interface 1 0 1 Switch Interface 1 0 1 routing Interface 1 0 1 ip address 192 168 1 1 255 255 255 0 Interface 1 0 1 exit Switch Switch Switch Interface tunnel Switch ipv6 enable Switch Interface tunnel ipv address 2000 1 64 Switch Interface tunnel tunnel mode ipv 6 ip tunnel source 192 168 1 1 tunnel destination 192 1 168 1 2 Switch Interface tunnel 0 0 0 0 Switch Interface tunnel 0 0 exit Interface tunnel Netgear Switch Config interface tunnel 0 Netgear Switch Config exit This example is using 6in4 mode If you want to use 6to4 mode configure each unit as below and be sure the IPv6 prefix s constructed in the format of 2002 V4ADDR 48 V4ADDR is the IPv4 address of the tunnel source port In this case IPv4 and the address is 192 168 1 1 and IPv6 prefix is 2002 c0a8 0101 Netge
153. displays System Switching Routing QoS Security Monitoring Maintenance Help Index CoS Diffserv Wizard Class Configuration Basic Advanced Class Table 5 DiffServ Class Name Class Type orh Le l Configuration BD class_voip All Policy Configuration Service Configuration Service Statistics In the Class Name field enter class_ef In the Class Type list select All Click Add to create a new class Click class_ ef Another screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Diffserv Class Configuration Match Every DiffServ Reference Class Configuration Class of Service Class Configuration Eem a SPOLES Ethemet Type O 060 FFF Configuration Source MAC Fe Service Source MAC Mask Tl Configuration Destination MAC O Service Statistics Destnakon MAL Male T Protocol Type so BE co 255 Source IP Address L Source Mask i Source L4 Port Eo 6s535 Destination IP Address E Destination Mask Destination L4 Port o e 0 65535 IP DSCP o 0 63 In the IP DSCP list select ef g Click Apply to create a new class 5 Create a policy pol_voip and add class_voip to this policy a Select QoS gt DiffServ gt Advanced gt Policy Configuration Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Ma
154. eke 55s eee cee ek ged oe Seek ees 225 GLE Configure Auto VOIP 4 ce on cieew ew ken ee es eb bedobbae owes 226 Web Interface Configure Auto VoIP anaana ce eee 228 Dinter WON PWG 2 ces teed obese oad ee tees ous 4 eae ee Bo ee 229 CLI Configure DiffServ for IPV6 0 0 cee 230 Web Interface Configure DiffServ for IPv6 085 23l Color Conform Policy 2 00604 0440088405445 04 54400 4506 ea dw dd 237 CLI Configure a Color Conform Policy nnana aaan aaaea 237 Web Interface Configure a Color Conform Policy 238 Chapter 13 IGMP Snooping and Querier IGMP Snooping lt dicis anaana dbo eee aha e wk bode eee ne eb ee eee 246 CLI Enable IGMP Snooping 3600544 40604086540 eesds Peaw ewes 246 Web Interface Enable IGMP Snooping 000000 246 SNOW IOMPSNOOPING so i aea siapa aa Aa a d a a a a a a detour ewds 246 CLI Show igmpsnooping n n oaaae 247 Web Interface Show igmMmpsSnooping a oa nananana aaea 247 Show mac address table igmpsnooping aaaea a 247 CLI Show mac address table igmpsnooping 05 248 Web Interface Show mac address table igmpsnooping 248 External Multicast Router 0 0 0 00 cc ee eee 248 CLI Configure the Switch with an External Multicast Router 248 Web Interface Configure the Switch with an External Multicast Router249 Multicast Router Using VLAN 0 0 2 eee 249 CLI Co
155. examples e Configure MVR in Compatible Mode e Configure MVR in Dynamic Mode The IGMP Layer 3 protocol is widely used for IPv4 network multicasting In Layer 2 networks the IGMP protocol uses resources inefficiently For example a Layer 2 switch multicasts traffic to all ports even if there are receivers connected to only a few ports To fix this problem the IGMP Snooping protocol was developed But the problem reappears when receivers are in different VLANs Multicast VLAN Registration MVR is intended to solve the problem of receivers in different VLANs It uses a dedicated manually configured VLAN called the multicast VLAN to forward multicast traffic over Layer 2 network in conjunction with IGMP snooping MVR like the IGMP Snooping protocol allows a Layer 2 switch to snoop on the IGMP control protocol Both protocols operate independently of each other Both protocols can be enabled on the switch interfaces at the same time In such a case MVR listens to the join and report messages only for groups configured statically All other groups are managed by IGMP snooping There are two types of MVR ports source and receiver e The source port is the port to which the multicast traffic flows using the multicast VLAN e The receiver port is the port where a listening host is connected to the switch It can utilize any or no VLAN except the multicast VLAN This implies that the MVR switch performs VLAN tag substitution from the mult
156. field at the top c In the Port Mode field select Enable d Click Apply Configure Multiple STP 802 1s The example is shown as CLI commands and as a Web interface procedure CLI Configure Multiple STP 802 1s Netgear switch Config Netgear switch Config Netgear switch Config Create a mst instance 1 Netgear switch Config Netgear switch Config Netgear switch Config Associate the mst instance Netgear switch Config Create a mst instance 2 Netgear switch Config Netgear switch Config Netgear switch Config spanning tree Spanning tree forceversion Spanning tree mst instance Sspanning tree mst Spanning tree mst Spanning tree mst 1 with the VLAN 2 Spanning tree mst Spanning tree mst Sspanning tree mst Spanning tree mst priority vlan vlan LZ lL 3 and 3 instance priority 2 4096 vlan vlan Associate the mst instance 2 with the VLAN 11 and Netgear switch Interface 1 0 3 spanning tree Netgear switch Interface 1 0 3 spanning tree 2 11 2 12 12 mst 1 port priority 128 mst 1 cost 0 Chapter 25 Spanning Tree Protocol 411 ProSafe M4100 and M7100 Managed Switches Web Interface Configure Multiple STP 802 1s 1 Enable 802 1s on the switch a Select Switching gt STP gt STP Configuration A screen similar to the following displays Switching i Multicast STP Configuration CST
157. following selection and enter the following information e Inthe ACL ID list select 102 e Inthe Sequence Number field enter 2 Click Unit 1 The ports display Click the gray box under port 44 A check mark displays in the box Click Apply to save the settings Configuring the GSM7342S Switch 1 Create VLAN 40 with IP address 192 168 40 1 24 a Select Routing gt VLAN gt VLAN Routing Wizard 154 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Routing Table IP ARP RIP OSPF Router Discovery VRRP Security Monitoring Maintenance Help VLAN Routing VLAN Routing Wizard Wizard gt VLAN Routing VLAN Routing Wizard D Port 1 Z 3 4 5 6 7 E 9 10 11 12 13 14 15 16 17 18 19 20 Z1 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 b Enter the following information e Inthe Vian ID field enter 40 e Inthe IP Address field enter 192 168 40 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 24 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 40 2 Create VLAN 50 with IP address 192 168 50 1 24 a Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routin
158. for the network and might not have an IPv4 address on the network Lacking a valid IPv4 source address they cannot relay packets directly to a DHCP server located on another network These Layer 2 devices append the Relay agent information option and broadcast the DHCP message This section provides information about where a Layer 2 relay agent fits in and how it is used CLI Enable DHCP L2 Relay 1 Enter the following commands Netgear Switch vlan database Netgear Switch Vlan vlan 200 Netgear Switch Vlan exit 2 Enable the DHCP L2 relay on the switch Netgear Switch Config dhcp 12relay Netgear Switch Config dhcp 12relay vlan 200 3 Enable the Option 82 Circuit ID field Netgear Switch Config dhcp 12relay circuit id vlan 200 4 Enable the Option 82 Remote ID field Netgear Switch Config dhcp 12relay remote id rem_id vlan 200 5 Enable DHCP L2 relay on port 1 0 4 Netgear Switch Config interface 1 0 4 Netgear Switch Interface 1 0 4 dhcp 12relay Netgear Switch Interface 1 0 4 vlan pvid 200 Netgear Switch Interface 1 0 4 vlan participation include 200 Netgear Switch Interface 1 0 4 exit Chapter 29 DHCP L2 Relay and L3 Relay 489 490 ProSafe M4100 and M7100 Managed Switches 6 Enable DHCP L2 relay on port 1 0 5 Config interface 1 0 5 Netgear Netgear Interface 1 0 5 dhcp 12relay vlan pvid 200 Interface 1 0 5 vlan participation include 200
159. group Switch Interface 0 71 fexit Switch Config interface 0 5 Switch Interface 0 5 vlan participation include Switch Interface 0 5 vlan pvid 1002 Switch Interface 0 5 vlan participation exclude Switch Interface 0 5 mvr Switch Interface 0 5 mvr stype receiver Switch Interface 0 5 mvr vlan 999 group 224 1 2 3 Switch Interface 0 5 exit Switch Config interface 0 7 Switch Interface 0 7 vlan participation includel1003 Switch Interface 0 7 vlan pvid 1003 Switch Interface 0 7 vlan participation exclude 1 Switch Interface 0 7 mvr Switch Interface 0 7 mvr type receiver Switch Interface 0 7 mvr vlan 999 group 224 1 2 3 Switch Interface 0 7 exit 258 Chapter 14 MVR Multicast VLAN Registration ProSafe M4100 and M7100 Managed Switches 5 Show mvr status Netgear Switch show mvr MVR Running MVR multicast VLAN MVR Max Multicast Groups MVR Current multicast groups MVR Global query response time 5 tenths of sec compatible Netgear Switch show mvr interface Status Immediate Leave RECEIVER ACTIVE InVLAN DISABLED RECEIVER ACTIVE InVLAN DISABLED RECEIVER ACTIVE InVLAN DISABLED SOURCE ACTIVE InVLAN DISABLED Web Interface Configure MVR in Compatible Mode 1 Create MVLAN 999 VLAN1 1001 VLAN2 1002 and VLANS3 1003 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays System Switching Routing QoS
160. have the same stack member number Every stack member including a standalone switch retains its member number until you manually change the number or unless the number is already being used by another member in the stack See Renumber Stack Members on page 365 Stack Member Priority Values You can change a stack member priority This is useful if you want to change the master of the stack Use the following command in the global config mode switch unit priority value Install and Power up a Stack Note Many switch models such as the GSM7200PS and GSM7300S series have a Hardware Installation Guide that includes additional information about rack mounting and stack cabling Compatible Switch Models NETGEAR stackable managed switches include the following models e FSM7226RS e FSM7250RS e FSM7328S e FSM7328PS e FSM7352S e FSM7352PS e GSM7328S e GSM7352S e GSM7328FS e GSM7228PS e GSM7252PS The FSM family GSM family and XSM722245S cannot be stacked together at this point 352 Chapter 19 Switch Stacks ProSafe M4100 and M7100 Managed Switches Install a Switch Stack Note Many models of switches have a Hardware Installation Guide that includes additional information about rack mounting and switch stack cabling 1 Install the switches in a rack 2 Install all stacking cables including the redundant stack link It is highly recommended that a redundant link be installed 3 Identify the switch to be t
161. in the Maintenance Help Index 125 126 a Select Routing gt OSPFv3 gt Advanced gt Interface Configuration C Routing Table Basic Advanced Global Configuration Interface Configuration gt Prefix Configuration Statistics Neighbour Table Static Route ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help VLAN ARP RIP OSPF OSPFrd VRRP Router Discovery Multicast IPv6 Prefix Configuration IPv6 Interface Selection Interface IPv6 Interface Configuration A Ipv Prefix Feg0 216 2AFF FED9 249B 128 Index Under IP Interface Configuration scroll down and select the interface 1 0 1 check box Now 1 0 1 appears in the Interface field at the top e Inthe OSPF Area ID field enter 0 0 0 0 e Inthe Admin Mode field select Enable Click Apply to save the settings 6 Display the OSPFv3 Neighbor Table a Select Routing gt OSPFv3 gt Advanced gt Neighbor Table A screen similar to the following displays System Switching Routing i IPw VLAN ARP RIP Routing Table Basic Advanced OSPF S Configuration Common Area Configuration Stub Area Configuration NSSA area Configuration Ares Range Configuration Interface Configuration rene Statistics QoS Security Monitoring Maintenance OSPF Router Discovery VRRP
162. interface 1 0 1 Netgear Switch Interface 1 0 1 ip dhcp snooping trust Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches 4 View the DHCP Snooping Binding table GSM7328S show ip dhcp snooping binding Total number of bindings 1 MAC Address IP Address VLAN Interface Type 00 16 76 A7 88 CC 192 168 10 89 1 072 Lease Secs DYNAMIC Web Interface Configure DHCP Snooping 1 Enable DHCP snooping globally a Select Security gt Control gt DHCP Snooping Global Configuration A screen similar to the following displays Syaheen Switching Routing Security Monitoring Pomipi Prema Sar arity lar cam DHCP Snoaging DHCP Snooping Global Configuration lose Keihan Interface Qanhgquristian Binding Configuration t Pargrtnnt Canhguraten DHCP Snooping Global Configuration CCE Srovpiiy mide HAL Address Validation amp Cissbte Enable Disable Enadle VLAN Configuration DHCP Snooping Mode ac E b For DHCP Snooping Mode select Enable c Click Apply A screen similar to the following displays Security Monitoring Haoinienonce DHCP Snooping Global Conhiquration DHCP Sapeptes slate Conisaretion DHCE Sisspag Hoda MAT Adisa Volida tion Disable Enable Disables Enable lntertace Qanhguriatan Binding Configuration VLAN Configuration Pargateet DHCP Snooping Mode Canhguratien iatis 2 Enable DHCP snooping in a VLAN Mioini
163. list the stack members and firmware versions See the following section Code Mismatch You can upgrade a switch that has an incompatible firmware image by using the command copy xmodem ymodem zmodem tftp ip filepath filename This command copies the firmware image from a stack member to the one with incompatible firmware That switch automatically reloads and joins the stack as a fully functioning member Chapter 19 Switch Stacks 353 ProSafe M4100 and M7100 Managed Switches Code Mismatch If a switch is added to a stack and it does not have the same version of code as that of the master the following occurs The new unit boots up and becomes a member of the stack Ports on the added unit remain in the detached state A message displays on the CLI indicating a code mismatch with the newly added unit To have the newly added unit to merge normally with the stack use the copy command to load the correct code from the master to the newly added unit Then reset the newly added member It should reboot normally and join the stack Upgrade the Firmware All stack members must run the same firmware version Ports on stack members that don t match the master switch firmware version don t come up and the show switch command shows a code mismatch error 1 2 NETGEAR recommends that you schedule the firmware upgrade when there is no excessive network traffic such as a broadcast event Download new firmware using TFTP or
164. m Binding Table Action O Permit Egress Queue 0 to 6 Deny Marboh Every False w Protocol Type 1P E 0 te 255 TCP Flag FIN Ignore SYN Ignore RST Ignore PSH Ignore ACK Ignore URG Ignore Source IP Address Source IP Mask l Source L4 Port o te e553 Destination IP Address 192 166 24 0 Destination IP Mask 0 0 0 255 Destination L4 Port O to 65535 d Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections e Inthe Rule ID field enter 1 e For Action select the Deny radio button e Inthe Match Every field select False e Inthe Destination IP Address field enter 192 168 24 0 e Inthe Destination IP Mask field enter 0 0 0 255 e Click Apply to save the settings 9 Add and configure an IP extended rule that is associated with ACL 102 a Select Security gt ACL gt Advanced gt IP Extended Rules Chapter 10 ACLs 165 166 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Qo5 Security Rowling System switching Monitoring Managemen Security Acona Port Authenticatien Trafic Control IP Extended Rules IP Extended Rules ACLIO z P ACL 2 IP Rules gt IP Extended Rules IP Binding Configuration Bonding Table 102 Extended ACL Rule Table Source So Rule Action Assign Match
165. of sessions field enter 5 3 Click Apply Chapter 17 Tools Syslog This chapter provides the following examples e Show Logging on page 340 e Show Logging Buffered on page 342 e Show Logging Traplogs on page 343 e Show Logging Hosts on page 344 e Configure Logging for a Port on page 345 e Email Alerting on page 347 The syslog feature e Allows you to store system messages and errors e Can store to local files on the switch or a remote server running a syslog daemon e Provides a method of collecting message logs from many systems The following illustration explains how to interpret log files lt 130 gt JAN 01 00 00 06 0 0 0 0 1 UNKN 0x800023 bootos c 386 4 Event O0xaaaaaaaa Priority Timestamp Stack Component Thread File Line Message ID name ID name number Sequence number Figure 35 Log Files Chapter 18 Syslog 339 ProSafe M4100 and M7100 Managed Switches Show Logging 340 The example is shown as CLI commands and as a Web interface procedure CLI Show Logging Netgear Switch Routing Logging Client Local Port CLI Command Logging Console Logging Console Logging Severity Filter Buffered Logging Syslog Logging Show logging 514 disabled disabled alert enabled Log Messages Received Log Messages Dropped Log Messages Relayed Log Messages Ignored Web Interface Show Logging 1 Configure the syslog From the main menu select Monitoring gt Logs gt
166. of their choice This feature is enabled globally When email alerting is enabled selected log messages are sent to an SMTP server Log messages are divided into three groups by severity level urgent non urgent and never emergency 0 email immediately FOR POSITION ONLY FPO Urgent severity level ies ee critical 2 error 3 pi email in batch Non urgent severity level gt warning 4 notice 5 1 info 6 never email debug 7 Figure 36 Log message severity levels The network administrator can adjust the urgent and non urgent severity levels These levels are global and apply to all destination email addresses Log messages in the urgent group are sent immediately to the SMTP server with each log message in a separate mail Log messages in the non urgent group are batched into a single email message and after a configurable delay Email alerting also provides a configuration option that allows the network administrator to specify the severity level at which SNMP traps are logged Using this option the administrator can put traps in the urgent group the non urgent group or the never group for emailing Traps are not emailed by default For traps to be emailed the network administrator has to either increase the severity at which traps are logged or lower the severity level of log messages that are emailed The network administrator can configure multiple destination email addresses and fo
167. page you must use the Web Interface The captive portal configuration provides the network administrator control over verification and authentication assignment to interfaces client sessions and Web page customization You can create multiple captive portal configuration instances Each captive portal configuration contains various flags and definitions used to control client access and content to customize the user verification Web page A captive portal configuration can be applied to one or more interfaces An interface can only be a physical port on the switch Software release 8 0 and newer versions can contain up to 10 captive portal configurations Enable Captive Portal CLI Enable Captive Portal 1 Enable captive portal on the switch Netgear Switch config captive portal Netgear Switch Config CP enable Chapter 32 Captive Portal 543 544 2 Netgear Switch 3 Enable captive portal instance 1 on port 1 0 14 Netgear Switch Netgear Switch Enable captive portal instance 1 Config CP configuration 1 Config CP 1 enable Config CP 1 interface 1 0 1 ProSafe M4100 and M7100 Managed Switches Web Interface Enable Captive Portal 1 2 Enable captive portal instance 1 on the switch Enable captive portal on the switch a Select Security gt Control gt Captive Portal gt CP Global Configuration A screen similar to the following displays oystem Management Secu
168. port e Click Apply 3 Specify the PVID on port 1 0 1 a Select Switching gt VLAN gt Advanced gt Port PVID Configuration Chapter 27 IPv6 Interface Configuration 429 430 4 5 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index STP Multicost Address Table Ports LAG gt Basic Advanced VLAN Configuration gt VLAN Membership 1 All Go To Interface P GO J VLAN Status P ID 1 to Acceptable Frame Ingress Port Priority 0 Port PVID Interface 4093 Types Filtering to 7 Configuration MAC Based VLAN ha IP Subnet Based Port PVID Configuration PVID Configuration b Under PVID Configuration scroll down and select the Interface 1 0 1 check box c In the PVID 1 to 4093 field enter 500 d Click Apply to save the settings Enable IPv6 forwarding and unicast routing on the switch a Select Routing gt IPv6 gt Basic gt Global Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast IPv6 Multicast Basic IPv6 Global Configuration Global Configuration IPv6 Global Configuration Route Table IPv6 Unicast Routing C Disable Ki Enable gt Advanced IPv6 Forwarding C Disable Enable Hop Limit o
169. port information Netgear Switch show stack port Configured Running Stack Stack Link Unit Intf Slot Id Type XFP Adapter Mode Status Link Down Ethernet Ethernet Link Down Chapter 19 Switch Stacks 359 ProSafe M4100 and M7100 Managed Switches 3 Since 2 0 28 is in Ethernet mode it must be changed to stack mode Netgear Switch Config stack Netgear Switch Config stack stack port 2 0 28 stack Netgear Switch Config stack exit k B Netgear Switch Config 4 Reboot Switch B Netgear Switch reload Management switch has unsaved changes Would you like to save them now y n n Configuration Not Saved Are you sure you want to reload the stack y n y Reloading all switches On Switch A you see the following Netgear Switch show switch Management Standby Preconfig Plugged in Switch Code Switch Status Model ID Model ID Status Version GSM7352Sv2 GSM7352Sv2 Stack Mbr Oper Stby GSM7328Sv2 GSM7328Sv2 Web Interface Stack Switches Using 10G Fiber 1 On Switch A show the Port Information a Select System gt Stacking gt Advanced gt Stack Port Configuration A screen similar to the following displays System Switching Routing Ges Security Monitoring Maintenance Help Index Management Devico Wiew Sorvicad MMP LLOP ISDF rR Stack Port Configuration Advanced Stack P ort confi guration 2 Stack Sonhgurenon m Unit ID
170. protected ports 273 276 static binding 309 310 static mapping 303 304 SFlow 373 374 375 SFlow time based sampling of counters 377 show logging 340 show logging buffered 342 show logging hosts 344 show logging traplogs 343 show network 335 show SNTP CLI only 317 show switch 353 show telnet 335 SNMP 369 SNMP trap 370 SNTP 317 configure 319 SNTP server 321 Spanning Tree protocol 408 stack members renumbering 366 stacking moving a master to a different stack 368 stacking ports Ethernet configuration 355 stacks adding switches to 361 code mismatch 354 compatible switch models 352 firmware 353 installation 353 removing switches from 362 upgrading firmware 354 355 stacks 10G fiber 359 360 static binding 309 310 static host name 378 static mapping 303 304 STP multiple STP 802 1s 411 STPs 408 switch FSM family of switches 352 GSM family of switches 352 switch priority 352 switch stack configuration files 363 member numbers 351 member priority values 352 membership 351 software compatibility 363 upgrading firmware 354 Syslog show logging 340 show logging buffered 342 syslog 339 7 technical support 2 Telnet configure 336 session limit 337 session timeout 337 Telnet outbound 334 time set the time zone CLI only 321 traceroute 324 325 transport output telnet 336 tunnel 414 415 417 V video streaming 250 VLAN guest VLAN 286 IPv6 routing VLAN 427 private VLAN groups 402 VLAN ro
171. protected ports on the switch Some situations might require that traffic is prevented from being forwarded between any ports at Layer 2 so that one user cannot see the traffic of another user on the same switch Protected ports can e Prevent traffic from being forwarded between protected ports e Allow traffic to be forwarded between a protected port and a non protected port Chapter 15 SecurityManagement 273 274 ProSafe M4100 and M7100 Managed Switches In following example PC 1 and PC 2 can access the Internet as usual but PC 1 cannot see the traffic that is generated by PC 2 that is no traffic is forwarded between PC 1 and PC 2 192 160 1 SEALER 192 168 1 Figure 28 Protected ports CLI Configure a Protected Port to Isolate Ports on the Switch 1 Netgear Netgear Netgear Netgear Netgear Create one VLAN 192 including PC 1 and PC 2 vlan database vlan 192 vlan routing 192 exit configure Config interface 1 0 23 Interface 1 0 23 vlan pvid 192 Interface 1 0 23 vlan participation include 192 Interface 1 0 23 exit Config interface 1 0 24 Interface 1 0 24 vlan participation include 192 Interface 1 0 24 Fexit Interface vlan 192 interface vlan 192 Interface vlan 192 routing Interface vlan 192 ip address 192 168 1 254 255 255 255 0 Interface 1 0 24 vlan pvid 192 Interface vlan 192 exit Chapter 15 Security Management
172. resource to the host along the path built by DVMRP Multicast resource 192 168 1 0 24 192 168 4 0 24 Switch A 41 0 13 Won 1 0 21 mnnn T Switch B 192 168 3 0 24 1 0 24 1 0 11 Switch C 192 168 5 0 24 192 168 4 0 24 Figure 50 DVMRP CLI Configure DVMRP DVRMP on Switch A 1 Create routing interfaces 1 0 1 1 0 13 and 1 0 21 Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch config Config ip routing Config interface 1 0 1 Interface 1 0 1 routing Interface 1 0 1 ip address 192 168 1 1 255 255 255 0 Interface 1 0 1 exit Config interface 1 0 13 Interface 1 0 13 ip address 192 168 2 1 255 255 255 0 Interface 1 0 13 exit Config interface 1 0 21 Interface 1 0 21 routing Interface 1 0 13 routing Interface 1 0 21 ip address 192 168 3 2 255 255 255 0 I Interface 1 0 21 exit 2 Enable IP multicast forwarding on the switch Netgear Switch Config ip multicast Chapter31 DVMRP 525 ProSafe M4100 and M7100 Managed Switches 3 Enable DVMRP protocol on the switch Netgear Switch Config ip dvmrp 4 Enable DVMRP mode on the interfaces 1 0 1 1 0 13 and 1 0 21 Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 ip dvmrp Netgear Switch Interface 1 0 1 exit Netgear
173. rp candidate interface 1 0 22 225 1 1 1 255 255 255 0 Switch Config ip pim bsr candidate interface 1 0 22 30 3 Switch Config interface 1 0 21 Switch Interface 1 0 21 routing Switch Interface 1 0 21 ip address 192 168 2 1 255 255 255 0 Switch Interface 1 0 21 ip rip Switch Interface 1 0 21 ip pim sparse Switch Interface 1 0 21 exit Switch Config interface 1 0 22 Switch Interface 1 0 22 routing Switch Interface 1 0 22 ip address 192 168 6 2 255 255 255 0 Switch Interface 1 0 22 ip rip Switch Interface 1 0 22 ip pim sparse Switch Interface 1 0 22 exit Switch Config interface 1 0 24 Switch Interface 1 0 24 routing Switch Interface 1 0 24 ip address 192 168 4 1 255 255 255 0 Switch Interface 1 0 24 ip rip Switch Interface 1 0 24 ip igmp Switch Interface 1 0 24 ip pim sparse Switch Interface 1 0 24 exit 464 Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches PIM SM builds the multicast route table on each switch The following tables show the routes that are built after PIM SM switches to the source specific tree from the shared tree A show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List 192 168 1 ZZ Oy da Ly PIMSM B show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Protocol Interface Interface List 192 168 1 225 1 1 1
174. scr Are you sure you want to start y n y File transfer operation completed successfully 328 Chapter 17 Tools ProSafe M4100 and M7100 Managed Switches Pre Login Banner Pre login banner e Allows you to create message screens that display when a user logs in to the CLI e By default no banner file exists e You can upload or download e File size cannot be larger than 2 K The Pre Login Banner feature is only for the CLI interface Create a Pre Login Banner CLI Only 1 On your PC using Notepad create a banner ixt file that contains the banner to be displayed Login Banner Unauthorized access is punishable by law 2 Transfer the file from the PC to the switch using TFTP Netgear Switch Routing copy tftp 192 168 77 52 banner txt nvram clibanner Set TFTP Server IP TFTP Path TFTP Filename Data Type Are you sure you want to start y n y CLI Banner file transfer operation completed successfully Netgear Switch Routing exit Netgear Switch Routing gt logout Login Banner Unauthorized access is punishable by law User Note The no clibanner Command removes the banner from the switch Chapter17 Tools 329 ProSafe M4100 and M7100 Managed Switches Port Mirroring The port irroring feature e Allows you to monitor network traffic with an external network analyzer e Forwards a copy of each incoming and outgoing packet to a specific port e Is used as a diagnostic
175. select 2 c Click Apply Add Remove or Replace a Stack Member Add Switches to an Operating Stack 1 Make sure the redundant stack connection is in place and functional All stack members should be connected in a logical ring 2 Preconfigure the new switches if desired 3 Power off all new switches that will be joining the stack AN CAUTION If you cable one or more powered on switches to the stack the existing stack and the new switches assume two stacks are merging They elect a single new stack master and you cannot specify which switch becomes the new master All stack members assume configuration based on the new stack master Stack members change their stack member numbers to the lowest available numbers Chapter 19 Switch Stacks 361 ProSafe M4100 and M7100 Managed Switches 4 Install the new switches in the rack This procedure assumes installation below the bottom most switch or above the top most switch 5 Disconnect the redundant stack cable that connects the last switch in the stack back up to the first switch in the stack at the position in the ring where the new switch is to be inserted Note If you want to merge an operational stack into the this stack add the switches as a group by unplugging one stacking cable in the operational stack and physically connecting all unoowered units at that point 6 Connect this cable to the new switch following the established order of stack up to stack down con
176. show classofservice ip precedence mapping 194 show classofservice trust 192 traffic shaping 197 CoS queue configuration 192 CoS queue configuratoin 192 CoS queue mapping 191 CoS queueing 190 D default VLAN 24 DHCP L2 relay 488 489 490 DHCP L3 relay 494 495 DHCP messages maximum rate 310 311 DHCP reservation configuring 384 DHCP server dynamic mode 381 DHCP snooping 305 306 307 DiffServ 200 Auto VolP 225 226 228 edge device 200 interior node 200 IPv6 229 231 VoIP 218 Diffserv VoIP 220 distance vector multicast routing protocol DVMRP 524 DNS 378 host name and IP address 379 documentation 15 dual image 331 DVMRP 524 525 531 E Ethernet configuration for stacking ports 355 e firmware upgrading stacked switches 354 355 firmware for stacked switches 353 G gaming 250 guest VLAN 286 287 288 Index 557 IGMP querier 250 251 enable 251 252 status 254 IGMP snooping 246 251 247 external multicast router 248 249 multicast router using VLAN 249 show igmpsnooping 246 show ignpsnooping 247 show mac address table 247 show mac address table igmpsnooping 248 IGMPv3 246 interpreting log files 339 IP ACLs 137 138 IP routing port routing 60 61 VLAN routing OSPF configuration 116 VLAN routing RIP configuration 82 84 IP source guard 312 313 IPTV 250 IPv6 422 network interface 425 routing interface 422 routing VLAN 427 L LAGS creating 55 LAGs 54 60 adding ports
177. the ID column and are comma delimited vendor ID attribute ID Table 3 RADIUS Attributes for Configuring Captive Portal Users Session Timeout Logout once session timeout is Integer Optional reached seconds If the attribute is Seconds 0 or not present then use the value configured for the captive portal Idle Timeout 28 Log out once idle timeout is reached Integer Optional seconds If the attribute is O or not Seconds present then use the value configured for the captive portal WISPr Max Band 14122 7 Maximum client transmit rate b s Integer Optional width Up Limits the bandwidth at which the client can send data into the network If the attribute is O or not present then use the value configured for the captive portal WISPr Max Band 14122 8 Maximum client receive rate b s Integer Optional width Down Limits the bandwidth at which the client can receive data from the network If the attribute is O or not present then use the value configured for the captive portal CLI Configure RADIUS as the Verification Mode Netgear Switch Config CP 1 radius auth server Default RADIUS Server Netgear Switch Config CP 1 verification radius Web Interface Configure RADIUS as the Verification Mode 1 Select Security gt Control gt Captive Portal gt CP Configuration Chapter 32 Captive Portal 549 ProSafe M4100 and M7100 Managed Switches A screen similar to the following
178. the settings Create the class finance_dept a Select QoS gt DiffServ gt Advanced gt Class Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index gt Diffserv Wizard Class Configuration Basic Advanced Class Table pita ECH Configuration z oo p er Configuration Policy Configuration Service Configuration Service Statistics b Enter the following information e Inthe Class Name field enter finance_dept e Inthe Class Type list select All c Click Add to create a new class finance_dept Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches d Click the finance_dept to configure this class System Switching Routing Security Monitoring Maintenance Help Index Class Information Class Name finance_dept Class Type DiffServ Configuration Class Configuration Match Every j gol 3 Reference Class z Configuration eu Class of Service 1 Diffserv Class Configuration Configuration VLAN sd 1 4093 gt Service Statistics Ethernet Type M 0600 FFFF Source MAC Mask e Destination MAC nf Destination MAC Mask O Protocol Type 0 E o E 0 255 Source IP Address Source Mask Source L4 Port fo o sss35 Destination IP Address e Under Diffserv Class Configuration enter the following information e Inthe Source IP Address field enter 172 16 10
179. the switch The port remains in the unauthorized state and the client is not granted access to the network If the guest VLAN is configured for that port then the port is placed in the configured guest VLAN and the port is moved to the authorized state allowing access to the client after a certain amount of time determined by the guest VLAN period If the client attached is 802 1x aware then this allows the client to respond to 802 1X requests from the switch For a port in MAC based mode if traffic from a unauthenticated client is noticed on a port then if guest VLAN has been configured on the port the guest VLAN timer is started for that client If the client is 802 1x unaware and does not respond to any 802 1x requests when the guest VLAN timer expires the client is authenticated and associated with the guest VLAN This ensures that traffic from the client is accepted and switched through the guest VLAN In this example dot1x is enabled on all the ports so that all the hosts that are authorized are assigned to VLAN 1 On ports 1 0 1 and 1 0 24 guest VLAN is enabled If guests connect to the port they are assigned to VLAN 2000 so that guests cannot access the internal VLAN but can access each other in the guest VLAN 286 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches CLI Create a Guest VLAN 1 Enter the following commands 2 Create VLAN 2000 and have 1 0 1 and 1 0 24 as members of VLAN 2000
180. tices Timeout Datagram SiE Address Version Seira aih E o ee Confaguecstion a l EC 21535799 192 168 10 2 i F i PE o i 2 Configure the sampling ports sFlow receiver index sampling rate and sampling maximum header size a Select Monitoring gt sFlow gt Advanced gt sFlow Interface Configuration A screen similar to the following displays Syam Fwilching Rewhing Do5 Security Monitoring i Mainlengees Help Index Basic sFlow Interface Configuration kvad slow Apent sFlow Interface Configuration a sFlow Recerver Configuration ls intertece 3 Jampi r 1 Al Renee BEET Sampling Maximurn Dntertace Index Inteorwall de Rate Header Sire Select thelnterface 1 0 1 check box In the Sampling Rate field enter 1024 In the Maximum Header Size field enter 64 Click Apply A screen similar to the following displays e205 Syre wiiching f Routing Security Moniloring ii Maintenance Help Basit sFlow Interface Configuration Advanced sFlow Agar sFlow Interface Configuration aFlow Becener Confeguratican a OSes ite Peo Poller Sampler ae a LE La j i All Receiver Poller Receiver Sampling Maximum ladem nberwal Del eee Rate Header Sine a ee Interlace 376 Chapter 20 SNMP ProSafe M4100 and M7100 Managed Switches Time Based Sampling of Counters with sFlow CLI Configure Time Based Sampling of Counters with sFlow 1 Configure the sampling p
181. to provide acceptable service a guaranteed transmission rate is vital This example shows one way to provide the necessary quality of service how to set up a class for UDP traffic have that traffic marked on the inbound side and then expedite the traffic on the outbound side The configuration script is for Router 1 in the accompanying diagram A similar script should be applied to Router 2 Layer 3 switch operating as Router 1 Port 1 0 3 Internet Layer 3 switch operating as Router 2 Figure 23 Diffserv for VoIP in Router 1 The example is shown as CLI commands and as a Web interface procedure CLI Configure DiffServ for VoIP 1 Enter Global configuration mode Set queue 5 on all ports to use strict priority mode This queue will be used for all VoIP packets Activate DiffServ for the switch Netgear Switch config Netgear Switch Config cos queue strict 5 Netgear Switch Config diffserv 218 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches 2 Create a DiffServ classifier named class_voip and define a single match criterion to detect UDP packets The class type match a11 indicates that all match criteria defined for the class must be satisfied in order for a packet to be considered a match Netgear Switch Config class map match all class_voip Netgear Switch Config class map match protocol udp Netgear Switch Config class map exit 3 Create a second DiffServ cl
182. to the following displays Interface MAC Address FLAN ID DP Address Maintenonce Help Select Security gt Control gt IP Source Guard gt Binding Configuration In the MAC Address field enter 00 05 05 05 05 05 Maintenance Filter Type amp Filter Type SNTP Simple Network Time Protocol This chapter provides the following examples e Show SNTP CLI Only e Configure SNTP on page 319 e Set the Time Zone CLI Only on page 321 e Set the Named SNTP Server on page 321 The SNTP feature offers these benefits e It can be used to synchronize network resources and for adaptation of NTP e SNTP provides synchronized network timestamp e It can be used in broadcast or unicast mode e It supports SNTP client implemented over UDP which listens on port 123 Show SNTP CLI Only The following are examples of the commands used in the SNTP feature show sntp Netgear Switch Routing show sntp lt cr gt Press Enter to execute the command client Display SNTP Client Information server Display SNTP Server Information Chapter 16 SNTP 317 ProSafe M4100 and M7100 Managed Switches show sntp client show sntp client Netgear Switch Routing Client Supported Modes SNTP Version Port Client Mode Unicast Poll Interval Poll Timeout seconds Poll Retry show sntp server Netgear Switch Routing Server IP Address Server Type Server Stratum Server Reference Id S
183. type of the OSPF route The order for choosing a route if more than one type of route exists is as follows e Intra area e Inter area e External type 1 The route is external to the AS e External type 2 The route was learned from other protocols such as RIP Chapter 7 OSPF 86 ProSafe M4100 and M7100 Managed Switches Inter area Router The examples in this section show you how to configure a M4100 and M7100 Managed Switch first as an inter area router and then as a border router They show two areas each with its own border router connected to one inter area router The following figure shows a network segment with an inter area router connecting areas 0 0 0 2 and 0 0 0 3 The sample script shows the commands used to configure a M4100 and M7100 Managed Switch as the inter area router in the diagram by enabling OSPF on port 1 0 2 in area 0 0 0 2 and port 1 0 3 in area 0 0 0 3 Layer 3 switch acting as an inter area router Port 1 0 2 Port 1 0 3 192 150 2 1 192 150 3 1 Border Router Border Router Figure 11 Network segment with an inter area router connecting areas 0 0 0 2 and 0 0 0 3 CLI Configure an Inter area Router 1 Enable routing for the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit Chapter 7 OSPF 87 88 ProSafe M4100 and M7100 Managed Switches 2 Assign IP addresses to ports Netgear Netgear config Config inter
184. up the candidate RP configuration a 29 5 e Select Routing gt Multicast gt PIM gt Candidate RP Configuration A screen similar to the following displays system Switching GEET security Monitoring Maintenance Help Routing Tabla IF Pv VLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP Miuliioasi Ph Multicast s Mroute Table PIM Candidate RP Configuration gt Global PIM Interface Selection Configuration gt Interface Interface 1 0 11 Configuration gt DYMRP PIM Candidate RP Configuration gt IGMP A Group Address Group Mask SEN E 255 255 255 gt Global Sas e Of Configuration SSM Configuration Interface Configuration gt PIM Neighbor Candidate RP Configuration BSR Candidate Configuration In the Interface list select 1 0 11 In the Group IP field enter 225 1 1 1 In the Group Mask field enter 255 255 255 0 Click Add 10 Set up the BSR candidate configuration 474 Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches a Select Routing gt Multicast gt PIM gt BSR Candidate Configuration A screen similar to the following displays System Routing Table gt Mroute Table Global Configuration gt Interface Configuration gt DYMRP gt IGMP PIM Global Switching Routing Security Monitoring Maintenance Help IP Pwd ARF RIF OSPF OSPF3 Routar Discowary VREP Ped Wulicasi PIM BSR Candidate Configuration PIM BSR Candidate Configur
185. with large quantities of multicast packets The next major development was routing where packets were examined and redirected at Layer 3 End stations needed to know how to reach their nearest router and the routers had to interpret the network topology so that they could forward traffic Although bridges tended to be faster than routers using routers allowed the network to be partitioned into logical subnetworks which restricted multicast traffic and also facilitated the development of security mechanisms An end station specifies the destination station s Layer 3 address in the packet s IP header but sends the packet to the MAC address of a router When the Layer 3 router receives the packet it will minimally e Look up the Layer 3 address in its address table to determine the outbound port e Update the Layer 3 header e Re create the Layer 2 header The router s IP address is often statically configured in the end station although the M4100 and M7100 Managed Switch supports protocols such as DHCP that allow the address to be assigned dynamically Likewise you can assign some of the entries in the routing tables used by the router statically but protocols such as RIP and OSPF allow the tables to be created and updated dynamically as the network configuration changes Chapter 4 Port Routing 60 ProSafe M4100 and M7100 Managed Switches Port Routing Configuration The M4100 and M7100 Managed Switch always supports Layer 2 bridgi
186. xmodem to the master switch using the copy command Once the firmware is successfully loaded on the master switch it automatically propagates to the other units in the stack CAUTION To avoid errors during code propagation do not move stack cables or reconfigure units lf an error occurs during code propagation first check to make sure the master switch is running the correct firmware Then issue the copy command in stack configuration mode to make another attempt to copy the firmware to the units that did not get updated Once code is loaded to all members of the stack reset all the switches so that the new firmware starts running Migrate Configuration with a Firmware Upgrade In some cases a configuration might not be carried forward in a code update For updates where this issue is to be expected the following procedure should be followed 1 2 3 354 Save the current configuration by uploading it from the stack using the copy command from the CLI Load new code into the stack manager Reboot the stack Upon reboot go into the boot menu and erase the configuration restore to factory defaults Chapter 19 Switch Stacks ProSafe M4100 and M7100 Managed Switches 4 Continue with the boot of operational code 5 Once the stack is up download the saved configuration back to the master This configuration should then be automatically propagated to all members of the stack Copy Master Firmware to a Sta
187. 0 e Inthe Source Mask field enter 255 255 255 0 f Click Apply 3 Create the class marketing_dept a Select QoS gt DiffServ gt Advanced gt Class Configuration A screen similar to the following displays System Switching Routing Q Security Monitoring Maintenance Help Index CoS Diffserv Wizard Class Configuration gt Basic Advanced Class Table si classname Class Type Configuration Class m marketing dept i Configuration finance _dept Policy Configuration Service Configuration Service Statistics b Enter the following information e Inthe Class Name field enter marketing_dept e Inthe Class Type list select All c Click Add to create a new class marketing dept Chapter 12 DiffServ 205 206 ProSafe M4100 and M7100 Managed Switches Click marketing_dept to configure this class System Switching Routing Security Monitoring Maintenance Help CoS class Information gt Diffserv Wizard gt Basic Class Name marketing dept v Advanced Class Type DiffServ Configuration Class Configuration Match Every i ee TARE M Sarea i Class of Service El Configuration VLAN E Service Statistics Ethernet Type 0600 FFFF Source MAC Mask __ Destination MAC Destination MAC Mask endl Protocol Type A 0 255 Source IP Address Source Mask 2557255 295 0 Source L4 Port Ejo 65535 Destination IP Address Diffserv Class Configuration
188. 0 ip address 192 168 40 1 255 255 255 0 Netgear Switch Interface vlan 40 exit 3 Create VLAN 50 with port 1 0 25 and assign IP address 192 168 50 1 24 Netgear Switch Config exit Netgear Switch vlan database Netgear Switch Vlan vlan 50 Netgear Switch Vlan vlan routing 50 Netgear Switch Vlan exit Netgear Switch configure Netgear Switch Config interface 1 0 25 Netgear Switch Interface 1 0 25 vlan pvid 50 Netgear Switch Interface 1 0 25 vlan participation include 50 Netgear Switch Interface 1 0 25 exit Netgear Switch Config interface vlan 50 Netgear Switch Interface vlan 50 routing Netgear Switch Interface vlan 50 ip address 192 168 50 1 255 255 255 0 Netgear Switch Interface vlan 50 exit Netgear Switch Config exit Chapter10 ACLs 145 146 ProSafe M4100 and M7100 Managed Switches 4 Create VLAN 200 with port 1 0 48 and assign IP address 192 168 200 1 24 Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Switch vlan database Vlan vlan 200 Vlan vlan routing 200 Config interface 1 0 48 Interface Interface Interface interface Interface Interface Interface 1 0 48 vlan pvid 200 1 0 48 vlan participation include 200 1 0 48 exit vlan 200 vlan 200 routing vlan 200 ip address 192 168 200 2 255 255 255 0 vlan 200 exit 5 Add two sta
189. 0 9 routing 1 0 9 ip address 1 0 9 ip rip 1 0 9 ip pim dense 1 0 9 exit 192 1608431 Config interface 1 0 13 Interface Interface Interface Interface Interface PIM DM on Switch B Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch configure 1 0 13 routing 1 0 13 ip address 1 0 13 tie rip 1 0 13 ip pim dense 1 0 13 exit 192 168 1 2 Config ip routing Config ip pim dense Config ip multicast Config interface 1 0 10 Interface Interface Interface Interface Interface 1 0 10 routing 1 0 10 fip address 192 168 3 2 1 0 10 ip rip 1 0 10 ip pim dense 1 0 10 exit Config interface 1 0 11 1 0 11 routing 1 0 11 ip address 192 168 5 1 1 0 11 ip rip 1 0 11 ip pim dense 1 0 11 exit Interface Interface Interface Interface Interface Chapter 28 PIM 290 62595029020 ZOD ew 2506428 290 eZ 55229050 299s 2352950 ProSafe M4100 and M7100 Managed Switches PIM DM on Switch C Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch configure Config ip routing Config ip pim dense Config ip multicast Config interface 1 0 21 Interface 1 0 21 routing Interface 1 0 21 ip address 192 168 5 2 Interface 1 0 21 ip rip Interfa
190. 0 Managed Switches A screen similar to the following displays System Routing Table Mroute Table Global Configuration Interface Configuration DYMRP IGMP PIM Global gt gt Switching Routing Security Monitoring Maintenance Help IF Pav YLAN ARP RIP OSPF OSPR Router Discovery VREP Piet Miulicasi PIM BSR Candidate Configuration PIM BSR Candidate Configuration Interface Hash Mask Length BSR Expiry Time hhimmiss Priority IP Address 1 0 21 30 5 Next bootstrap Message hhin ss Next Candidate RP Advertisementihh imm ss Configuration 55M Configuration gt Interface Configuration gt PIM Neighbor Candidate RP Configuration BSA Candidate Configuration gt Static RP Configuration b In the Interface list select the 1 0 21 c In the Hash Mask Length field enter 30 d In the Priority field enter 5 e Click Apply PIM SM on Switch D 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing security Monitoring Maintenance Routing Table i Py WLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast Basic IP Configuration IP Configuration Statistics gt Advanced IP Configuration Default Time to Live 64 Routing Mode ICMP Echo Replies Disable Enable Disable Enable 1000 ICMP Redirects Oto 214748 1
191. 00 1 to 200 ICMP Rate Limit Interval ICMP Rate Lint Burst Sire b For Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 21 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration 480 Chapter 28 PIM Help Index 2647 me ProSafe M4100 and M7100 Managed Switches d A screen similar to the following displays System Switching Routing Qo5 Security _ Monitoring Maintenance Help Index Routing Table i IPwe VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast Basic IP Interface Configuration Advanced gt IP Configuration IP Interface Configuration Statistics 1 All Port Description p Address Mask Mode Made DAO Be ee eee eea C ioi 0 0 0 0 0 0 0 0 Disable Enable gt IP Interface Configuration IP Subnet Routing Administrative Scroll down and select the Interface 1 0 21 check box Now 1 0 21 appears in the Interface field at the top Enter the following information e Inthe IP Address field enter 192 168 2 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable Click Apply to save the settings 3 Configure 1 0 22 as a routing port and assign an IP address to it a select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing Qo5 Security
192. 1 0 11 routing 1 0 11 ip address 192 168 5 1 1 0 11 ip rip 1 0 11 ip pim sparse 1 0 11 exit Interface Interface Interface Interface Interface PIM SM on Switch C Netgear Switch configure Netgear Switch Netgear Switch Netgear Switch Netgear Switch 299259425540 Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Config ip Config ip Config ip Config ip Config ip Config interface 1 0 21 Interface 1 0 21 routing 1 0 21 ip address 1 0 21 ip rip 1 0 21 ip pim sparse 1 0 21 exit Config interface 1 0 22 Interface Interface Interface Interface Interface 1 0 22 routing 1 0 22 ip address 1 0 22 ip rip 1 0 22 ip pim sparse 1 0 22 exit Interface Interface Interface Interface routing pim sparse multicast 23I s 2I s2990 LID 2 IJss pim sparse rp candidate interface 1 0 22 225 1 1 1 pim sparse bsr candidate interface 1 0 21 30 5 192 168 5 2 192 168 6 1 LID 22 Ow U ZO 0g2 0082 oo 60 Chapter 28 PIM 463 ProSafe M4100 and M7100 Managed Switches PIM SM on Switch D Switch configure Switch Config ip multicast Switch Config ip routing Switch Config ip igmp Switch Config ip pim sparse Switch Config ip pim
193. 1 0 9 In 1 0 10 In 10 4 In 1 0 12 In F i b Under Service Interface Configuration scroll down and select the Interface 1 0 13 check box c In the Policy Name list select policy_vlan d Click Apply to save the settings 244 Chapter 12 DiffServ IGMP Snooping and Querier This chapter provides the following examples IGMP Snooping Show igmpsnooping on page 246 Show mac address table igmpsnooping on page 247 External Multicast Router on page 248 Multicast Router Using VLAN on page 249 IGMP Querier on page 250 Enable IGMP Querier on page 251 Show IGMP Querier Status on page 254 Uses version 3 of IGMP Includes snooping Snooping can be enabled per VLAN Chapter 13 IGMP Snooping and Querier 245 ProSafe M4100 and M7100 Managed Switches IGMP Snooping The following are examples of the commands used in the IGMP snooping feature CLI Enable IGMP Snooping The following example shows how to enable IGMP snooping Netgear Switch config Netgear Switch Config set igmp Netgear Switch Config set igmp unknown multicast filter Netgear Switch Config exit Web Interface Enable IGMP Snooping 1 Configure IGMP snooping a Select Switching gt Multicast gt IGMP Snooping Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multico Address Toble Ports LAG MEDB IGMP Snoopi
194. 1 254 e Inthe Network Mask field enter 255 255 255 0 Click Unit 1 The ports display e Click the gray box under port 23 twice until U displays e Click the gray box under port 24 twice until U displays The U specifies that the egress packet is untagged for the port Click Apply to save the VLAN that includes ports 23 and 24 3 Configure a VLAN and include port 1 0 48 in the VLAN a Select Routing gt VLAN gt VLAN Routing Wizard Chapter 15 Security Management 277 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing ARP RIP Security Monitoring Routing Table IP OSPF Router Discovery VRRP bk VLAN Routing VLAN Routing Wizard Wizard gt VLAN Routing VLAN Routing Wizard wlan 10 LAG Enabled Hebvork Mask 10 100 5 34 IP Address Port i 23 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 49 50 51 52 b Enter the following information e Inthe Vlan ID field enter 202 e Inthe IP Address field enter 10 100 5 34 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display Maintenance Help D d Click the gray box under port 48 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save the VLAN that includes port 48 4 Enable IP routing a Select Routing gt IP gt Basic gt IP Configuration A screen similar to
195. 200 1 1 Click Add 5 Exclude 10 200 2 1 from the DHCP pool select System gt Services gt DHCP Server gt DHCP Server Configuration a d A screen similar to the following displays System Management DHCP Pool Configuration DHCP Pool Options DHCP Server Statistics DHCP Bindings Information DHCP Conflicts Information DHCP Relay DHCP L2 Relay UDP Relay DHCPv6 Server DHCP v6 Relay Switching Device View License Admin Mode Ping Packet Count Ci 10 200 1 1 Routing QoS Stacking Conflict Logging Mode Bootp Automatic Mode Excluded Address Security Monitoring Maintenance Help Index SNMP LLDP ISDP DHCP Server Configuration DHCP Server Configuration Disable C Enable 2 0 2 to 10 C Disable Enable Disable C Enable _ 1P Range From 1P Rangero S E 10 200 2 1 10 200 2 1 110 200 1 1 In the IP Range From field enter 10 200 2 1 In the IP Range To field enter 10 200 2 1 Click Add 6 Create a DHCP pool named dhcp_server a Select System gt Services gt DHCP Server gt DHCP Pool Configuration Chapter 29 DHCP L2 Relay and L3 Relay 497 498 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching QoS Routing Security Monitoring Maintenance _ Help Index Management Device View et SNMP LLDP ISDP z DHCP Server DHCP Fool Configuration
196. 3 permit ip any any Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches 9 Deny all traffic with the destination IP address 192 168 48 0 24 and permit all other traffic Config interface 1 0 24 Netgear Netgear Interface 1 0 24 ip access group 102 in 1 Interface 1 0 24 ip access group 103 in 2 Interface 1 0 24 exit Netgear Netgear 10 Deny all traffic with the destination IP address 192 168 24 0 24 and permit all other traffic Netgear Config interface 1 0 48 Interface 1 0 48 ip access group 103 in 2 Netgear Netgear Interface 1 0 48 ip access group 101 in 1 Netgear Interface 1 0 48 exit Web Interface Configure One Way Access Using a TCP Flag in an ACL 1 Create VLAN 24 with IP address 192 168 24 1 a Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Qos Security Monitoring Maintenance Help Routing Table IP ARP OSPF Router Discovery VRRP VLAN Routing VLAN Routing Wizard Wizard gt VLAN Routing VLAN Routing Wizard vlan ID 192 168 24 1 EOL 255 255 255 0 Port 1 2 3 4 5 6 7 B 9 10 11 12 13 14 15 16 17 16 19 20 21 22 23 24 U 25 26 27 26 29 30 31 32 33 34 35 36 37 368 39 40 41 42 43 44 45 46 47 4B 49 50 51 52 b Enter the following information e Inthe Vlan ID field enter 24 e Inthe IP Address field enter 192 168 24 1 e Inthe N
197. 5 255 255 0 Interface 1 0 20 exit Switch Switch Switch Switch Config exit 2 Enable IP multicast forwarding on the switch Netgear Switch Config ip multicast 3 Enable DVMRP protocol on the switch Netgear Switch Config ip dvmrp 4 Enable DVMRP mode on interfaceS 1 0 13 and 1 0 20 Netgear Switch Config interface 1 0 13 Interface 1 0 13 ip dvmrp Interface 1 0 13 ex Netgear Switch Config interface 1 0 20 Netgear Switch Netgear Switch Interface 1 0 20 ip dvmrp Netgear Switch Interface 1 0 20 exit Netgear Switch Netgear Switch Config exit Chapter31 DVMRP 527 528 ProSafe M4100 and M7100 Managed Switches Netgear Switch show ip dvmrp neighbor Interface 170 13 Neighbor IP Address 192 168 2 1 Active Up Time hh mm ss 00 02 26 Expiry Time hh mm ss 00 00 20 Generation ID Major Version Minor Version Capabilities Received Routes Received Bad Packets Received Bad Routes Interface 1 0 20 Neighbor IP Address 192 168 4 2 Active Up Time hh mm ss 00 01 44 Expiry Time hh mm ss 00 00 29 Generation ID 1116395033 Major Version Minor Version Capabilities Received Routes Received Bad Packets Received Bad Routes Netgear Switch show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface
198. 6 enable Switch Interface 0 4 1 ipv6 address 2000 1 64 Switch Interface 0 4 1 exit 428 4 Enable IPV6 forwarding and unicast routing on the switch Netgear Switch Config ipv6 forwarding Netgear Switch Config ipv6 unicast routing Netgear Switch ping ipv6 2000 2 Send count 3 Receive count 3 from 2000 2 Average round trip time 1 00 ms Netgear Switch show ipv6 brief IPv6 Forwarding Mode Enable IPv6 Unicast Routing Mode Enable IPv6 Hop Limit ICMPv6 Rate Limit Error Interval 1000 msec ICMPv6 Rate Limit Burst Size 100 messages Maximum Routes Netgear Switch show ipv6 interface 0 4 1 IPv6 is enabled IPv6 Prefix is FE80 21E 2AFF FED9 249B 128 2000 1 64 Routing Mode Enabled Administrative Mode Enabled IPv6 Routing Operational Mode Enabled Bandwidth 10000 kbps Interface Maximum Transmit Unit Router Duplicate Address Detection Transmits Router Advertisement NS Interval Router Advertisement Lifetime Router Advertisement Reachable Time Router Advertisement Interval Router Advertisement Managed Config Flag Disabled Router Advertisement Other Config Flag Disabled Router Advertisement Suppress Flag Disabled IPv6 Destination Unreachables Enabled Prefix 2000 1 64 Preferred Lifetime 604800 Valid Lifetime 2592000 Onlink Flag Enabled Autonomous Flag Enabled Chapter 27 IPv6 Interface Configuration ProSafe M4100 and M7100 Managed Switches Web Interface Create an IPv6
199. 7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table VLAN ARP RIP OSPF Router Discovery VRRP IP Interface Configuration Configuration Configuration Go To Interface SO P Statistics IP Interface a i Configuration Interface Description ta IP Address Subnet Mask rede nog oe Secondary IP rire l m E m 1 0 1 0 0 Disable Enable Under Configuration scroll down and select the interface 1 0 15 check box Now 1 0 15 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 20 2 e Inthe Network Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 4 Specify the router ID and enable OSPF for the switch a Select Routing gt OSPF gt Basic gt OSPF Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP i Router Discovery VRRP Basic OSPF Configuration OSPF Configuration OSPF Configuration gt Advanced OSPF Admin Mode Disable Enable Router ID Ze ei b Under OSPF Configuration in the Router ID field enter 2 2 2 2 c Click Apply to save the settings 5 Enable RIP on port 1 0 11 a Select Routing gt RIP gt Advanced
200. 802 1x port security The following example shows how to authenticate the dot1x users by a RADIUS server The management IP address is 10 100 5 33 24 The example is shown as CLI commands and as a Web interface procedure CLI Authenticating dot1x Users by a RADIUS Server 1 Assign an IP address to 1 0 19 and set force authorized mode to this port and create a user name list dot1xList Netgear config Netgear Config ip routing Config interface 1 0 1 Interface 1 0 1 routing Interface 1 0 1 ip address 192 168 1 1 255 255 255 0 Config interface 1 0 19 Interface 1 0 19 routing Netgear Interface 1 0 19 ip address 10 100 5 33 255 255 255 0 Config dotlx system auth control Netgear Interface 1 0 19 dotlx port control force authorized Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches 2 Use RADIUS to authenticate the dot1x users Netgear Switch Config aaa authentication dotlx default radius 3 Configure a RADIUS authentication server Netgear Switch Config radius server host auth 10 100 5 17 4 Configure the shared secret between the RADIUS client and the server Netgear Switch Config radius server key auth 10 100 5 17 Enter secret 16 characters max 123456 Re enter secret 123456 5 Set the RADIUS server as a primary server Netgear Switch Config radius server msgauth 10 100 5 17 Netgear Switch Config radius server pr
201. 9 450 A screen similar to the following displays Secu rity DE Switching g Routing Routing Table iP i WLAN ARP RIP OSPF Basic IP Configuration gt IP Configuration Statistics gt Advanced IP Configuration Default Time to Live Routing Mode ICMP Echo Replies ICMP Redirects ICMP Rate Limit Interval ICMP Rate Lindt Burst Size OSPFy3 ProSafe M4100 and M7100 Managed Switches i Monitoring Maintenance Help Bi Index Router Discovery VRRP Multicast 64 Disable i Enable Disable Enable Disable Enable 1000 Ote 2147482647 ms o0 oO a b For Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 21 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing Security Routing Table VLAN ARP RIP OSPF OSPR Basic _ IP Interface Configuration Advanced IP Configuration Statistics IP Interface Configuration gt Secondary IP IP Interface Configuration TLAM IP Description Monitoring Router Discovery ID Address Maintenance Help VRRP Multicast Administrative Mode Subnet Mask Routing Mode a 2 ee 192 168 5 2 255 255 255 0 0 0 0 0 0 0 0 0 Disable Enable b Scroll down select the Port 1 0 21 check box Now 1 0 21 appears in
202. 9 SoL CENCE S e essaat iiaa Aa beds vassoneeeeueus cues 550 Chapter 33 iSCSI Enable iSCSI Awareness with VLAN Priority Tag 552 CLI Enable iSCSI Awareness with VLAN Priority Tag 552 Web Interface Enable iSCSI Awareness with VLAN Priority Tag 552 Enable iSCSI Awareness with DSCP 0 0 0 0 0c eee ees 553 CLI Enable iSCSI Awareness with DSCP 05 553 Web Interface Enable iSCSI Awareness with DSCP 553 Set the iSCSI Target Port n nannan annaa oe See ked 554 Contents 13 ProSafe M4100 and M7100 Managed Switches CLI Set iSCSI Target Pon 4 66 05 csscriwewnseead dee eae wb aes 554 Web Interface Set iSCSI Target Port 0000s 554 SHOW ISOC co SSSSIONS ecset 4 05 0 34 kw de Bald HE A ewe OE waa eA 555 CLI Show iSCSI SeSSIONS 2 6 cee cece ee eee ee ee eee 555 Web Interface Show iSCSI Sessions 0 000000 cae 555 eee eee ee ae eee ee ee ee ee ee eee ee ee 556 Index 14 Contents Documentation Resources Before installation read the Release Notes for this switch product The Release Notes detail the platform specific functionality of the switching routing SNMP configuration management and other packages In addition see the following publications e The NETGEAR installation guide for your switch e Managed Switch Hardware Installation Guide e Managed Switch Software Setup Manual e ProSafe Managed Switch Co
203. A screen similar to the following displays Syalem Switching hes Security Meriter ing Maintanance i Diffserv Wizard Policy Confiquration Auto Valk Basic bdvaneed i Pinmbear Clana DiffServ E OOOO ial Pality Configuration Canfiqueateon E Chad Configurar amp Prd Class Confiquraton e Pais z Servece Interface Configiraien In the Policy Name field enter policyicmpv 6 In the Policy Type list select In d In the Member Class list select classicmpv6 4 A screen similar to the following displays Switching Routing Dos Soecuriby Monitering Adainhenanes gt Diffserv Wizard Policy Configuration gt Auto VoIP Policy Configuration Policy Mame Policy Type ember Class l EEAS a TE b Class Configuratien Pri Class Configuration Policy Configuration z Serves ntertace e Click Add 4 Set the attribute as assign queue 6 Chapter 12 DiffServ 233 ProSafe M4100 and M7100 Managed Switches a Select QoS gt DiffServ gt Advanced gt Policy Configuration A screen similar to the following displays Switching Routing Go Security Monitoring Maintenance gt Diffserv Wizard Policy Configuration gt Auto olP gt Basic Policy Configuration Advanced Diger j Configuration Class ember Class Configuration Ph Class Configiratean Policy gt Service Interface ON a arabeeen b Click the policy policyicmpv 6 A scre
204. AN 5 Netgear Switch Vlan protocol group 2 5 28 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches 5 Enable protocol VLAN group 1 and 2 on the interface Netgear Switch Vlan exit config Config interface 1 0 11 Netgear Switch Netgear Switch Interface 1 0 11 protocol vlan group 1 Netgear Switch Interface 1 0 11 protocol vlan group 2 Interface 1 0 11 exit Netgear Switch Netgear Switch Web Interface Create a Protocol Based VLAN 1 Create the protocol based VLAN group vlan_ipx a Select Switching gt VLAN gt Advanced gt Protocol Based VLAN Group Configuration A screen similar to the following displays System Switching Routing Go l Security Monitoring Maintenance Help Index i STP Multicast Address Table Ports LAG Protocol Based VLAN Group Configuration Protocol Based VLAN Group Configuration i He G Configuration m e Group ID Protocol YLAN ID VLAN Membership r WLAN Status Port P ID m 5 Enter the following information e Inthe Group Name field enter vlan_ipx e Inthe Protocol list select IPX e Inthe VLAN ID field enter 4 b Click Add 2 Create the protocol based VLAN group vlan_ip a Select Switching gt VLAN gt Advanced gt Protocol Based VLAN Group Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index
205. AN Configuration b In the ARP ACL Name field enter ArpFilter c Click Apply A screen similar to the following displays Syuiem Seiiching Routing Security Monitoring Mointenones Help ACL DHCP Snooping Dynamic ARP Inspection Configuration IP Source Guard Ehyreaitiee alge VLAN Configuration e DAI Cooigerabor 1 ARP ACL Hame s DAT VLA DAT riaria C Configuration l Enable Eriable ArpFeter Citable DAL ACL DHCP Snooping DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server to filter harmful DHCP message and to build a bindings database of MAC address IP address VLAN ID port tuples that are considered authorized The network administrator enables DHCP snooping globally and on specific VLANs and configures ports Chapter 15 Security Management 305 306 ProSafe M4100 and M7100 Managed Switches within the VLAN to be trusted or untrusted DHCP servers must be reached through trusted ports Interface 1 0 1 GSM73xxS Interface 1 0 1 DHCP server DHCP client Figure 33 DHCP Snooping The example is shown as CLI commands and as a Web interface procedure CLI Configure DHCP Snooping 1 Enable DHCP snooping globally Netgear Switch Config ip dhcp snooping 2 Enable DHCP snooping in a VLAN Netgear Switch Config ip dhcp snooping vlan 1 3 Configure the port through which the DHCP server is reached as trusted Netgear Switch Config
206. ANs assign ports to the VLANs and assign a VLAN as the default VLAN to a port Create Two VLANs The example is shown as CLI commands and as a Web interface procedure CLI Create Two VLANS Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank Netgear vlan database Netgear Vlan vlan 2 Netgear Vian vlan 3 Netgear Vlan exit Chapter 2 VLANs 17 ProSafe M4100 and M7100 Managed Switches Web Interface Create Two VLANS 1 Create VLANZ2 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index i STP Multicast Address Table Basic VLAN Configuration VLAN Configuration Reset gt Advanced Reset Configuration LAN Configuration Sn 2 E O E Datani perau b Enter the following information e Inthe VLAN ID field enter 2 e Inthe VLAN Name field enter VLAN2 e Inthe VLAN Type list select Static c Click Add 2 Create VLAN3 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index i STP Multicast Address Table Ports LAG Basic VLAN Configuration VLAN Configuration Reset gt Advanced Reset Configuration LAN Configuration D WANS fea Default Defau
207. Address Table Ports LAG v Basic MVR Interface Configuration MVR Configuration MYR Group Configuration gt MVR Interface 1 All Go To Interface laso Beta Se SEC S a naren Ee TT orean 0 1 Enable receiver Disable ACTIVE INVLAN 0 2 Disable none Disable INACTIVE InVLAN 0 3 Disable none Disable INACTIVE INVLAN 0 4 Disable none Disable INACTIVE InVLAN Enable receiver Disable ACTIVE INVLAN Disable none Disable INACTIVE INVLAN Enable receiver Disable ACTIVE INVLAN Disable none Disable INACTIVE INVLAN MYR Interface Configuration Disable none Disable INACTIVE INVLAN Disable none Disable INACTIVE InVLAN Disable none Disable ACTIVE INVLAN a iv 5 1 Go To Interface GO Chapter 14 MVR Multicast VLAN Registration 261 ProSafe M4100 and M7100 Managed Switches b Under MVR Interface Configuration scroll down and select the Interface 0 9 check box c Enter the following information e Inthe Admin Mode list select Enable e Inthe Type list select source d Click Apply to save the settings 7 Configure MVR Group Membership a Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays MWR Group Membership Advanced MN Grown MYR Group Membership Me fibershay z VEL Ststehice In the Group IP list select 224 1 2 3 c Click Unit 1 The ports display d Click the gray boxes under ports 1 5 and 7 Port 9 is alrea
208. Advanced gt DiffServ Configuration 220 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches e205 f A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help CoS Diffserv Wizard Class Configuration Pasa Lante SA gt DiffServ EC es ke Configuration Policy Configuration Service Configuration Service Statistics In the Class Name field enter class_voip In the Class Type list select All Click Add to create a new class Click class_voip A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help CoS gt Diffserv Wizard Class Information gt Basic Class Name v Advanced DiffServ Configuration Class Configuration class_voip Class Type Match Every Policy Configuration een Service Configuration VLAN 1 4093 cos00 FFFF Class of Service Service Statistics Ethernet Type Source MAC Source MAC Mask Destination MAC Destination MAC Mask Protocol Type o E 0 255 In the Protocol Type list select UDP g Click Apply to create a new class 4 Create a class class _ ef a Select QoS gt DiffServ gt Advanced gt DiffServ Configuration Chapter 12 DiffServ Index Index 221 222 o20 5 f ProSafe M4100 and M7100 Managed Switches A screen similar to the following
209. Bales cece IF Binding ars Action Lagging EEE m dest anatase i z haja TCP Flag IP i T be Configuration Cee ULETE LE nie ace Ferry ey eord Address Sik Banding Table Ala Ferma Disable PETE Falte wagi 0 0 0 0 Vien Banding Table 176 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches b Click Add and a screen similar to the following displays Routing Gi Monitoring Maintenance Port Authentication Trae Centred Extended ACL Rule Conhiguratian Extended ACL Rule Configuration 100 199 IP Rules ACL ID Hame miontirhast P Extended Aubes Rule 1 2 k Pri ACL PPri Rolas EP Bending Deny Configuration Leam Disable Binding Table a Action Perret 7 True In the Rule ID field enter 2 Select the Permit radio button In the Match Every field select True Click Apply At the end of this configuration a screen similar to the following displays o 209 System Switching Routing o Security Monitoring Moinhenonce Help index gt Basic Extended ACL Rules Advanced t EP ACL IP Roles gt IP Rules ACL ID NAME monitorHest gt IP Bxtanded Rules are ne Extended ACL Rule Table t Pw Rules m r rrr r Redirect Hatch Protacal IP Bon direg mula Assi Era Har Action Lagging Configuratan To Queue I0 Interface Interface Every Keyword Binding Table x Vian Binding Table FI 1 Permit Disable la O 2 Permit Dibe
210. Binding Table n a aT Se 2a 1 to 430487 oR BED PRU Se ZEER EE en Seb BID A Ba Se a J0 J1 32 J3 JA 35 36 J7 J0 J 40 41 42 43 TEE enn n a mr eens EN o Ee e ed f Click Apply A screen similar to the following displays Syriam Switching Routing Maric Seer iby Aca Pert Anfani Troit Comtel gt Bask IP Binding Configuration A vanced iPAL IFP Rules z 1P eel Rubee Sequens e Humber Pye AOL ki IPv6 Rules P Binding E C ACL 10 I te 4264987 795 oi ee bee 45 45 47 E Pea ee ea Cenhguraticn Binding Table ACL ID Name T i Interface Direction ACL Type nI Eno end leva ACL 6 View the binding table Select Security gt ACL gt Advanced gt Binding Table A screen similar to the following displays Switching Routing Syslem l Monitorning Basic IP ACL Binding Table v Advanced IP ACL IP Rules IP Extended Rules oP ACL Pv Rulga IP ACL Binding Table Sequence ACL Tyee Number TG ACL a Vian Binding Tabla F mS Sequence Humber f Maintenance Help Port i 7 34 5 amp 7 9 10 17 12 13 14 15 16 I7 18 19 20 m a2 B 24 Eai ri jiasi 1 ont 0 Gell at eet Sl jog ag Chapter 10 ACLs 189 CoS Queuing Class of Service Queuing This chapter describes Class of Service CoS queue mapping CoS Configuration and traffic shaping features This chapter provides the following examples e Show classofservice T
211. Buffered The example is shown as CLI commands and as a Web interface procedure CLI Show Logging Buffered Netgear Switch Routing show logging buffered Press Enter to execute the command Netgear Switch Routing show logging buffered Buffered In Memory Logging enabled Buffered Logging Wrapping Behavior On Buffered Log Count 66 lt 1 gt JAN 01 00 00 02 0 0 0 UNKN 268434944 usmdb_sim c 1205 lt 2 gt JAN 01 00 00 09 0 0 0 UNKN 268434944 bootos c 487 2 Event Oxaaaaaaaa lt 6 gt JAN 01 00 00 09 0 0 0 UNKN 268434944 bootos c 531 3 Starting code lt o gt JAN 01 00 00 16 0 0 0 UNKN 251627904 cda_cnfgr c 383 4 CDA Creating new STK file lt 6 gt JAN 01 00 00 39 0 0 0 UNKN 233025712 edb c 360 5 EDB Callback Unit Join oP lt 6 gt JAN 01 00 00 40 0 0 0 0 3 UNKN 251627904 sysapi c 1864 6 File user_mgr_cfg same version 6 but the sizes 2312 gt 7988 differ 342 Chapter 18 Syslog ProSafe M4100 and M7100 Managed Switches Web Interface Show Logging Buffered Select Monitoring gt Logs gt Buffer Logs A screen similar to the following displays _ System Switching Routing QoS Security Monitoring Maintenance Help Index Ports Mirroring v Buffered Logs Buffered Logs gt Command Log Configuration Buffered Logs Console Log Admin Status O Disable Enable Configuration Behavior Wrap v gt Sys Log Configuration gt Trap Logs gt Eve
212. C Address YLAN ID IP Address Configuration l Saige Co 8t ae Configuration Persistent _ Dynamic Binding Configuration Seas Interface MAC Address LAN ID IP Address Lease Time Statistics gt IP Source Guard 00 18 88 56 F0 35 192 168 10 94 6794 5 Enable IP source guard in the interface 1 0 2 a Select Security gt Control gt IP Source Guard gt Interface Configuration b Select the Interface 1 0 2 check box c For the IPSG mode select Enable Chapter 15 Security Management 316 ProSafe M4100 and M7100 Managed Switches d Click Apply A screen similar to the following displays Sertcheng T Rouvhng o 0 Security Montering Maragan Hew ity Ascii Pori Awthanticutios Irae Sentral DHCP Snooping IP Source Guard Interface Configuration YIP Sauria Guard binis IP Source Guard Interface Configuration can a e Bardireg Donia ain ynamic ARP Inspection Captive Portal i All Set up IP source guard static binding Select the Interface 1 0 2 check box In the VLAN ID field enter 1 929 5 B Moniionng IP Source Guard Binding Configuration Static Binding Configuration Canhguration 1 Gmi Canta ahor Dynamic ARP O Laz BO 05 05 05 05 05 192 165 1080 Inspection Captive Portal Dynamic Binding Configuration 00 10 06 5605 85556 12 1650 Chapter 15 Security Management In the IP Address field enter 192 168 10 80 Click Add A screen similar
213. CPv6 Server Configuration Onlink Flag Chapter 23 DHCPv6 Server 391 392 6 7 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays F System Switching Routing Security Monitoring Maintenance Help Manragamani Dovico View Liconsa Sarvicas Stocking SAMMP LLOP SDP gt DHCP Server DHCPv6 Server Configuration gt DHCP Relay DHCP L2 Relay UDP Relay Admin Mode Disable Enable DHCPve Server DHCPv6 Server DUID O0 01 00 06 46 3d 40 02 560 91 51 06 26 4 DHEPy Server Configuration DHCP y 6 Pool Configuration DHCPv6 Server Configuration b For Admin Mode Select the Enable radio button c Click Apply to apply the setting Create a DHCPv6 pool named pool1 a Select System gt Services gt DHCP Server gt DHCPv6 Pool Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Managomant Devices View licenso Sorvicas Stocking SNMP LLOP SDP gt DHCP Server DHCP v6 Pool Configuration gt DHCP Relay gt DHCP L2 Relay DHCP v6 Pool Configuration i eee Pool Name Create DHCPv6 Server Pool Name poolt Configuration DHCP V6 Pool Configuration gt DHCP v6 Prefix Delegation Configuration b From the Pool Name drop down list select Create c In the Pool Name field enter poolt d Click Apply to apply the setting Configure prefix in the pool1 a Select System gt Servi
214. CoS Queue Configuration CoS queue configuration involves port egress queue configuration and drop precedence configuration per queue The design of these on a per queue pe drop precedence basis allows you to create the service characteristics that you want for different types of traffic Port egress queue configuration e Scheduler type strict vs weighted e Minimum guaranteed bandwidth e Maximum allowed bandwidth per queue shaping e Queue management type tail drop vs WRED Drop precedence configuration per queue e WRED parameters Minimum threshold Maximum threshold Drop probability Scale factor e Tail drop parameters threshold Per interface basis e Queue management type rail Drop vs WRED Only if per queue configuration is not supported e WRED decay exponent e Traffic shaping for an entire interface Show classofservice Trust The example is shown as CLI commands and as a Web interface procedure CLI Show classofservice Trust To use the CLI to show CoS trust mode use these commands Netgear Switch show classofservice trust lt cr gt Press Enter to execute the command Netgear Switch show classofservice trust Class of Service Trust Mode Dot1P 192 Chapter 11 CoS Queuing ProSafe M4100 and M7100 Managed Switches Web Interface Show classofservice Trust Select QoS gt CoS gt Basic gt CoS Configuration A screen similar to the following displays System Switching Ro
215. Config ip igmp Chapter31 DVMRP 529 ProSafe M4100 and M7100 Managed Switches 6 Enable IGMP mode on the interface 1 0 24 Netgear Switch Config interface 1 0 24 Netgear Switch Interface 1 0 24 ip igmp Netgear Switch Interface 1 0 24 exit Netgear Switch show ip dvmrp neighbor Interface Neighbor IP Address 192e LOS eZ Active Up Time hh mm ss 00 01 03 Expiry Time hh mm ss 00 00 24 Generation ID Major Version Minor Version Capabilities Received Routes Received Bad Packets Received Bad Routes Interface Neighbor IP Address 192 168 4 1 Active Up Time hh mm ss 00 01 17 Expiry Time hh mm ss 00 00 23 Generation ID 1116347728 Major Version Minor Version More Entries or quit q Capabilities Received Routes Received Bad Packets Received Bad Routes Netgear Switch show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List 192 168 1 2 225 06061 530 Chapter 31 DVMRP ProSafe M4100 and M7100 Managed Switches Web Interface Configure DVMRP DVMRP on Switch A 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i IP WLAN ARP i OSPF OSPFv3 Router Discovery VRRP Multicast Basic IP Configu
216. Configuration CST Port Configuration CST Port Status MST Configuration MST Port Status STP Statistics Routing Address Table Ports LAG STP Configuration STP Configuration Spanning Tree Admin Mode Force Protocol Version Configuration Name Configuration Revision Level Forward BPDU while STP Disabled Configuration Digest Key _ STP Status MST ID Security Monitoring Maintenance Help Index tosour O Disable Enable IEEE 802 1d IEEE 802 1w IEEE 802 1s 00 14 6C 53 62 8E 0 0 to 65535 Disable Enable 0xe9ab4722864c0c015adf6a12df3494ca b Enter the following information e For Spanning Tree Admin Mode select the Enable radio button e For Force Protocol Version select the IEEE 802 1s radio button c Click Apply 2 Configure MST a Select Switching gt STP gt MST Configuration A screen similar to the following displays i Multicast Address Table Ports LAG STP Configuration CST Configuration CST Port Configuration CST Port Status MST Configuration gt MST Port Status STP Statistics m o O Routing QoS MST Configuration MST Configuration 1 2 _ 11 12 b Configure MST ID 1 e Inthe MST ID field enter 1 412 Chapter 25 Spanning Tree Protocol Security Monitoring Maintenance Help Index Time T l opolo MST Vlan Since potosy Topology F Priority Bridge Identifier Change De
217. Configuration gt Slot Information Time SNTP Global Configuration SNTP Server Configuration gt DNS DNS Configuration Host Configuration SNTP Server Configuration SNTP Server Configuration Server a al Type Do ibe re We Gd DNS time d netgear com 123 SNTP Server Status Last TS Last Failed aile Address Update Attempt Attempt Requests Requests Time Time Status JAN 01 Request time d netgear com 00 00 00 Timed 0 1970 Out b Enter the following information 320 Chapter 16 SNTP ProSafe M4100 and M7100 Managed Switches e lin the Server Type field select IPV4 e Inthe Address field enter 208 14 208 19 e Inthe Port field enter 123 e Inthe Priority field enter 1 e Inthe Version field enter 4 c Click Add 2 Configure SNTP globally a Select System gt Management gt Time gt SNTP Global Configuration A screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index i Device View Services Stacking SNMP System SNTP Global Configuration Information Switch Statistics SNTP Global Configuration gt System Resource Client Mode Disable Unicast Broadcast gt IP Configuration Port 123 1 to 65535 lot Information ge tormano Unicast Poll Interval e 6to 10 and 16 to 16284 Time N Broadcast Poll Interval 6 6 to 10 and 16 to 16284 Configuration Unicast Poll Timeout 5 1 to 30 SNTP Server Unic
218. Configure Voice VLAN and Prioritize Voice Traffic 1 Create VLAN 10 Netgear Switch vlan database Netgear Switch Vlan vlan 10 Netgear Switch Vlan exit 34 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches 2 Include the ports 1 0 1 and 1 0 2 in VLAN 10 Netgear Switch Config interface range 1 0 1 1 0 2 Netgear Switch conf if range 1 0 1 1 0 2 vlan participation include 10 conf if range 1 0 1 1 0 2 vlan tagging 10 conf if range 1 0 1 1 0 2 exit Netgear Switch yg Netgear Switch 3 Configure Voice VLAN globally Netgear Switch Config voice vlan 4 Configure Voice VLAN mode in the interface 1 0 2 Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 voice vlan 10 Netgear Switch Interface 1 0 2 exit 5 Create the DiffServ class ClassVoiceVLAN Netgear Switch Config class map match all ClassVoiceVLAN 6 Configure VLAN 10 as the matching criteria for the class Netgear Switch Config classmap match vlan 10 7 Create the DiffServ policy PolicyVoiceVLAN Netgear Switch Config policy map PolicyVoiceVLAN in 8 Map the policy and class and assign them to the higher priority queue Netgear Switch Config policy map class ClassVoiceVLAN Netgear Switch Config policy classmap assign queue 3 Netgear Switch Config policy classmap exit 9 Assign it to interfaces 1 0 1 and 1 0 2
219. Configure a receiver on interface 0 1 0 5 and 0 7 Select Switching gt MVR gt Basic gt MVR Interface Configuration A screen similar a d to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicast MYR Address Table Ports LAG Basic MVR Interface Configuration MVR Configuration MVR Group Configuration gt MVR Interface 1 All Go To Interface GO Configuration es E Interface Admin Mode Immediate Leave Status gt Advanced m OR Enable I receiver z receiver MYR Interface Configuration Disable none Disable INACTIVE INVLAN Disable none Disable INACTIVE INVLAN Disable none Disable INACTIVE INVLAN Disable none Disable INACTIVE InVLAN Disable none Disable INACTIVE INVLAN Disable none Disable ACTIVE InVLAN Disable none Disable INACTIVE InVLAN Disable none Disable INACTIVE InVLAN Disable none Disable ACTIVE INVLAN Go To Interface GO Under MVR Interface Configuration scroll down and select the Interface 0 1 0 5 and 0 7 check boxes Enter the following information e Inthe Admin Mode list select Enable e Inthe Type list select Receiver Click Apply to save the settings 6 Configure source interface Select Switching gt MVR gt Basic gt MVR Interface Configuration A screen similar a to the following displays System f Switching Routing QoS Security Monitoring Maintenance Help Index System VLAN STP Multicast AVI
220. Create the DiffServ policy PolicyVoiceVLAN a Select QoS gt DiffServ gt Advanced gt Policy Configuration 40 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches L e A screen similar to the following displays System Seite hing Routing Security Maintengnce Manitoring Cos o Diffserv Wirard Policy Configuration ik sata tule Policy Configuration D ia aera Policy Same Comiguratiar oo Clas Configuration Pvt Clas Comfiguratian e Fairy Curainn Senne miers In the Policy Name field enter PolicyVoiceVLAN In the Policy Type list select In In the Member Class list select ClassVoice VLAN A screen similar to the following displays Synem Switching Routing Got Security Moncloring Meinhenanes Halp Diffserv Wizard Policy Configuration A olP reai Policy Configuration Policy Hame Policy Type u Policy viosce VLAN Hin Configuration Class Coachguration a Pye Class Configuration a Paden e Service Interface Click Add The Policy Configuration screen displays as shown in the next step in this procedure 8 Map the policy and class and assign them to the higher priority queue a Select QoS gt DiffServ gt Advanced gt Policy Configuration A screen similar to the following displays Sy vers Switching Routing ECE Security Momihering Maintenance Halp ik a IE nee Policy Configuration A IF ig o Auta Yol Policy Configuration
221. D OSPF Admin Mode ABR Status Disabled Exit Overflow Interval secs o O O 0 to 2147483647 Ce External LSA Count ASBR Mode RFC 1583 Compatibility b Under OSPF Configuration enter the following information e Inthe Router ID field enter 192 130 1 1 e Inthe OSPF Admin Mode field select Enable e Inthe RFC 1583 Compatibility field select Disable c Click Apply to save the settings 6 Enable OSPF on the port 1 0 2 a Select Routing gt OSPF gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Routing Table IP VLAN ARP RIP Router Discovery VRRP Monitoring Maintenance Help Index Basic Interface Configuration Advanced OSPF Interface Configuration Configuration Go To Inte NSSA Area Configuration rea Range Configuration Interface eI E E ak 5 10 40 Disable 0 0 0 0 Disable 1 10 40 1 All Common rea x Dead Configuration OSPF Router Retransmit Hello Interval 1 Stub 4rea Interface OSPF Area ID Admin Priority 0 to Interval 0 Interval 1 to Mode 255 to 3600 to 65535 Configuration one D PAC wr KIT Fa O lv O f 0 0 0 0 Disable sh 10 40 b Under Interface Configuration scroll down and select the interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches C e Inthe O
222. Disable Index Index Interval 1 to a Cc Scroll down and select the interface 1 0 15 check box Now 1 0 15 appears in the Interface field at the top Enter the following information e Inthe OSPF Area ID field enter 0 0 0 1 e Inthe OSPF Admin Mode field select Enable Click Apply to save the settings 7 Configure area 0 0 0 1 as an nssa area a Select Routing gt OSPF gt Advanced gt NSSA Area Configuration Chapter 7 OSPF 115 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP i Router Discovery VRRP NSSA Area Configuration NSSA Area Configuration Configuration Common Area Metric 3 A alue 1 to Configuration i Count LSA s 16777215 Stub 4rea Configuration 0 0 b In the Area ID field enter 0 0 0 1 c Click Add to save the settings 8 Redistribute the RIP routes into the OSPF area a Select Routing gt OSPF gt Advanced gt Route Redistribution A screen similar to the following displays Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP i Router Discovery VRRP Route Redistribution Route Redistribution Configuration tric 0 Distribute 3 Configured Available eon Tag 0 to AE Common rea Metric Type Subnets List 1 to 4 Source So
223. ELE Switching Routing Qo5 Management Device View Stacking DHCP Pool Configuration v DHCP Server DHCP Server Configuration DHCP Pool Configuration DHCP Pool Options DHCP Server DHCP Pool Configuration Pool Name Pool Name Type of Binding Network Address Sects Network Mask DHCP Bindings 1 Network Prefix Length Information DHCP Conflicts Client Name Information Hardware Address gt DHCP Relay gt DHCP L2 Relay gt UDP Relay gt DHCP v6 Server gt DHCP v6 Relay Hardware Address Type Client ID Host Number Host Mask _ Host Prefix Length Security SNMP Maintenance Help Index Monitoring LLDP ISDP D Create pool_dynamic Dynamic yl EEA Es 00 00 00 00 00 00 Ethernet 0 0 00 8 to 32 1 to 31 Alphanumeric Characters e Under DHCP Pool Configuration enter the following information e Inthe Pool Name list select Create e Inthe Pool Name field enter pool_ dynamic e Inthe Type of Binding list select Dynamic e Inthe Network Number field enter 192 168 100 0 e Inthe Network Mask field enter 255 255 255 0 As an alternate you can enter 24 in the Network Prefix Length field Do not fill in both the Network Mask field and Network Prefix Length fields e Inthe Days field enter 1 f Click Add The pool_ dynamic name is now added to the Pool Name drop down list Configure a DHCP Reservation 384
224. EOE E EE E E E E E E 122 CLI Configure OSPFVS 2 560264 cn 060480 oh bee ee eee ea eA 122 Web Interface Configure OSPFV3 0 000 c eee eee eee 124 Chapter 8 ARP Proxy ARP BANS awh bain oo 4a ie OY RAEN ee hae ES 127 CLI show ip interface 0 0 eens 127 CLE Il DOYA ep aetey oeers sewn 54 bese E Hear ee es 128 Web Interface Configure Proxy ARP ona Port 128 Chapter9 VRRP VRRP ona Master Router 0 eee 130 CLI Configure VRRP on a Master Router 204 130 Web Interface Configure VRRP on a Master Router 131 VRRP on a Backup Router sicncbudeesteedeohecticetieaniaesnas 132 CLI Configure VRRP on a Backup Router 005 132 Web Interface Configure VRRP on a Backup Router 133 Contents 5 ProSafe M4100 and M7100 Managed Switches Chapter 10 ACLs VU G2 6 te a ee ee ee eee ee ee ee ee eee 137 Ge osonro eh eee ee he dS oe ee od baw ae oe 137 AOL COnNOUTANON s rairai egg ow eee Cae eee ede eae cease 137 Set Up an IP ACL with Two Rules 0 0000 138 CLI Set Up an IP ACL with Two Rules 2 00 138 Web Interface Set Up an IP ACL with Two Rules 139 One Way Access Using a TCP Flag in an ACL 142 CLI Configure One Way Access Using a TCP FlaginanACL 142 Web Interface Configure One Way Access Using a TCP Flag in an ACL146 Use ACLs to Configure Isolated VLANs on a Layer 3
225. Enable Virtual Router Configuration mdverisament ada RID 1 to 255 Interface Pre empt Mode Priority 1 to 255 Interval secs Owner to 255 aan se Ge Under Global Configuration for Admin Mode select the Enable radio button Enter the following information e Inthe VRID 1 to 255 field enter 20 e Inthe Interface field select 1 0 4 e Inthe Priority 1 to 255 enter 254 e Inthe Primary IP Address field enter 192 150 2 1 e Inthe Status list select Active Chapter 9 VRRP ProSafe M4100 and M7100 Managed Switches d Click Add to save the settings Chapter9 VRRP 135 ACLs Access Control Lists This chapter describes the Access Control Lists ACLs feature The following examples are provided e MAC ACLs on page 137 e Set Up an IP ACL with Two Rules on page 138 e One Way Access Using a TCP Flag in an ACL on page 142 e Use ACLs to Configure Isolated VLANs on a Layer 3 Switch on page 158 e Setup a MAC ACL with Two Rules on page 169 e ACL Mirroring on page 172 e ACL Redirect on page 178 e Configure Pv6 ACLs on page 183 Access control lists ACLs can control the traffic entering a network Normally ACLs reside in a firewall router or in a router connecting two internal networks When you configure ACLs you can selectively admit or reject inbound traffic thereby controlling access to your network or to specific resources on your network You can set up ACLs to control traffi
226. Enable a 0 271 d 1 Status OSPF Area ID SPF Runs Area Border Router Count AS Border Router C Chapter 7 OSPF 121 ProSafe M4100 and M7100 Managed Switches b Under Interface Configuration click VLANS to show all the VLAN interfaces c Scroll down and select the interface 0 2 2 check box Now 0 2 2 appears in the Interface field at the top d Enter the following information e Inthe OSPF Area ID field enter 0 0 0 3 e Inthe OSPF Admin Mode field select the Enable e Inthe Priority field enter 255 e Inthe Metric Cost field enter 64 e Click Apply to save the settings OSPFv3 OSPFv3 is the Open Shortest Path First routing protocol for IPv6 It is similar to OSPF v2 in its concept of a link state database intra and inter area and AS external routes and virtual links It differs from its IPv4 counterpoint in a number of respects including the following Peering is done through link local addresses the protocol is link based rather than network based and addressing semantics have been moved to leaf LSAs which eventually allow its use for both IPv4 and IPv6 Point to point links are also supported in order to enable operation over tunnels It is possible to enable OSPF and OSPF vs at the same time OSPF works with IPv4 and OSPFv3 works with IPv6 The following example shows how to configure OSPF v3 on a IPv6 network Switch A1 Switch A2 J g XY P hN hae _ Area 0 Pg Figure 14 OSPFv3 Protocol for IPv6
227. Flag FIN Ignore 7 SYN Ignore z RST Ignore v PSH Ignore ACK Ignore URG Ignore zI Source IP Address Source IP Mask 0 0 0 255 Source L4 Port E 0 to 65535 Destination IP Address Destination IP Mask b Under Extended ACL Rule Configuration enter the following information e Inthe Rule ID 1 to 23 field enter 22 e For Action select the Permit radio button e Inthe Protocol Type list select UDP e Inthe Source IP Address field enter 192 168 77 0 e Inthe Source IP Mask field enter 0 0 0 255 e Inthe Destination IP Address field enter 192 178 77 0 e Inthe Destination IP Mask field enter 0 0 0 255 c Click Apply to save the settings 5 Apply ACL 101 to port 2 a Select Security gt ACL gt IP ACL gt IP Binding Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control gt MAC ACL IP Binding Configuration IP ACL IP ACL Binding Configuration me ned Rules Sequence Number 1 to 4294967295 IP Binding Port Selection Table Configuration gt Binding Tabe Ls Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 0 P vp N PROE E EE 25 26 27 28 Interface Binding Status b Under IP Binding Configuration enter the following information Chapter10 ACLs 141 ProSafe M4100 and M7100 Managed Switches
228. GO nie Routi Administrative Interface Description IP Address Subnet Mask leash a ean EE Mode Mode Di Lo o 0 0 0 o 0 0 0 Disable Enable P 192 150 2 2 255 255 255 0 Enable Enable C 1 0 3 192 130 3 1 255 255 255 0 Enable Enable Statistics IP Interface Configuration Secondary IP 0 0 0 0 0 0 0 0 Disable Enable b Scroll down and select the interface 1 0 4 check box Now 1 0 4 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 64 4 1 e Inthe Network Mask field enter 255 255 255 0 e Inthe Admin Mode field select Enable Chapter 7 OSPF 95 ProSafe M4100 and M7100 Managed Switches d Click Apply to save the settings 5 Specify the router ID and enable OSPF for the switch a Select Routing gt OSPF gt Advanced gt OSPF Configuration A screen similar to the following displays System Switching Routing QoS Security Routing Table IP VLAN ARP i RIP i Router Discovery _ VRRP Monitoring Maintenance Help Index OSPF Configuration Default Route Advertise Configuration Default Information Originate Always Metric sf to 16777215 Configuration Common rea Configuration Stub rea Configuration NSS4 Area Configuration Metic Type rea Range Configuration Interface Configuration Neighbor Table Link State Database Virtual Link Configuration OSPF Configuration Router I
229. IGMP 5 PIM DM Protocol No Protocol Enabled Table Entry Count o Protocol State Non Operational Table Maximum Entry Count 256 gt Static Routes Configuration gt Admin Boundary Configuration b For Admin Mode select the Enable radio button c Click Apply 9 Enable PIM DM globally Help a Select Routing gt IPv6 Multicast gt IPV6PIM gt Global Configuration Chapter 30 MLD 517 518 b C ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Eile Edit view History Bookmarks Tools Help http 7710 14 14 4fbasefnetgear_login html Most Visite d Gettin g Starte d i Latest Headlines http s 127 0 0 1 2002 PIM Global Configuration PIM Global Configuration PIM Protocol Type PIM DM PIM SM Admin Mode Done 2 start zi e gt gt Se SuperTP 198_7 198_7 DJ Winzk3 Automation YM _ 9 0 1 13 NetGear xsm72245 _ lt eich 1 04am For Admin Mode select the Enable radio button Click Apply 10 Enable PIM DM on interfaces 1 0 21 and 1 0 24 a C d Select Routing gt IPv6 Multicast gt IPv6 PIM gt Interface Configuration A screen similar to the following displays System Switching a Routing Qos Security Monitoring Mainienarce T Help index Routing Table IP IP VLAN ARP i OSPF OSPRV3 Router Discovery VRRP gt Mroute Table PIM DM Interface C
230. IN Ignore ZYN l Ignore RST ignore PSH Ignore ACK Ignore URG Ignore Source IP Address Source IP Mask Source L4 Port Ej 0 to 63535 Destination IP Address Destination IP Mask Destination L4 Port l 0 te 65535 d Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections e Inthe Rule ID field enter 1 e For Action mode select the Permit radio button e Inthe Match Every field select False e Inthe Protocol Type field select IP e Click Apply to save the settings 11 Apply ACL 102 to port 24 a Select Security gt ACL gt Advanced gt IP Binding Configuration Chapter10 ACLs 167 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Gos security Monitoring Maintenance Help Management Security Accoss Port Authentication Traffic Control gt MAC ACL IP Binding Configuration IP ACL gt IP ACL Binding Configuration IP Rules ACLID j102 Direction Inbound 2 IP Extended Rules Sequence Number 1 to 4294967295 gt IP eisng Port Sel Table Configuration Binding Table Port i 2 3 4 5 6 7 B amp B 9 10 11 12 13 14 15 16 17 186 19 20 21 22 23 24 1 me The lei 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Interface Binding Status b Under Binding Configuration make the following selection a
231. IP IPv6 VLAN ARP RIP OSPF OSPFv3 Router Discovery i Multicast IPv Multicast Trea VRRP Configuration VRRP Configuration gt Advanced Global Configuration Admin Mode Disable Enable Table Configuration ee Primary IP VRID Interface Arpe ee Cite Noe VE 2250 2 ae o Under Global Configuration next to the Admin Mode select Enable radio button c Enter the following information in the VRRP Configuration e Inthe VRID 1 to 255 field enter 20 e Inthe Interface field select 1 0 2 e Inthe Primary IP Address field enter 192 150 2 1 e Inthe Mode field select Active d Click Apply to save the settings VRRP on a Backup Router The example is shown as CLI commands and as a Web interface procedure CLI Configure VRRP on a Backup Router 1 Enable routing for the switch IP forwarding will then be enabled by default Netgear Switch config Netgear Switch Config ip routing 2 Configure the IP addresses and subnet masks for the port that will participate in the protocol Netgear Switch Config interface 1 0 4 Netgear Switch Interface 1 0 4 ip address 192 150 4 1 255 255 0 0 Interface 1 0 4 exit Netgear Switch Interface 1 0 4 routing 4 Netgear Switch 3 Enable VRRP for the switch Netgear Switch Config ip vrrp 132 Chapter9 VRRP ProSafe M4100 and M71 00 Managed Switches 4 Assign virtual router IDs to port that will p
232. IP 192 168 1 1 EA onm CE Port 1 0 13 Port 1 0 10 Switch A Emag 20 a Emme Switch B 1 0 1 Subnet 192 168 1 0 24 i Subnet 192 168 2 0 24 Port 1 0 21 Port 1 0 22 Port 1 0 22 Switch D Enas mmm Switch C 1 0 24 Subnet 192 168 5 0 24 Subnet 192 168 4 0 24 Host IP 192 168 4 2 Figure 46 PIM SM PIM SM uses shared trees by default and implements source based trees for efficiency it assumes that no hosts want the multicast traffic unless they specifically ask for it It creates a shared distribution tree centered on a defined rendezvous point RP Traffic from this source is relayed to the receivers Senders first send the multicast data to the RP which in turn sends the data down the shared tree to the receivers Shared trees centered on an RP do not necessarily provide the shortest most optimal path In such cases PIM SM provides a means to switch to more efficient source specific trees A data threshold rate is defined for toggling 460 Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches between trees PIM SM uses a bootstrap router BSR which advertises information to other multicast routers about the RP In a given network a set of routers can be administratively enabled as candidate bootstrap routers If it is not apparent which router should be the BSR the candidates flood the domain with advertisements The router with the high
233. IPv6 Forwarding Hap Limit 0 ta 255 ICMPy6 Rate Limit Error Interval Oto 2147483647 meecs i ICMHPy6 Rate Limit Burst Size i to 200 b For IPv6 Unicast Routing select the Enable radio button c Click Apply 3 Configure 1 0 21 and 1 0 24 as IPv6 routing ports a Select Routing gt IPv6 gt Advanced gt Interface Configuration 514 Chapter 30 MLD ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenances Help Index Routing Table IP VLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP i Multicast Basic IPv6 Interface Configuration Advanced l gt Global IPv6 Interface Configuration Configuration 1 All Go To Interface gt Interface Configuration sie iri a Duplicate Rete outin min Dperationa p Prefix Interface IPv Mode hihi i p ani E T Address Time Mode Mode Mode Detection Interval Configuration Interval Statistics neorcouctaie CURD eso SD exon ID BAET gt Static Route Disable Disable Enable Disable Transmits 1 1800 Configuration at 7 ET gt Route Table E Disable Disable Enable Disable 1 1200 2 Route Preference D Disable Disable Enable Disable 1 1600 E 1 i 2 Tunnel Disable Disable Enable Disable 1800 Disable Disabl Enable Disable 1600 Configuration b Scroll down and select the Interface 1 0 21 and 1 0 24 check boxes c Enter the following info
234. IPv6 Prefix field enter 2000 2 In the Length field enter 64 In the EUI64 field select Disable Click Add Create an IPv6 Network Interface The IPv6 network interface is the logical interface used for in band connectivity with the switch using any of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed To access the switch over an IPv6 network you must first configure it with IPv6 information IPv6 prefix prefix length and default gateway Chapter 27 IPv6 Interface Configuration 425 ProSafe M4100 and M7100 Managed Switches CLI Configure the IPv6 Network Interface network ipv6 enable network ipv6 address 2001 1 1 64 Netgear Switch Netgear Switch network ipv6 gateway 2001 1 2 Netgear Switch Netgear Switch show network Interface Status Always Up IP Address Subnet Mask Default Gateway IPv6 Administrative Mode Enabled IPv6 Prefix is FEBO 2FF F9FF FE70 485 64 IPv6 Prefix is 2001S Lei 7 64 IPv6 Default Router 2001 1 2 Burned In MAC Address 00 FF F9 70 04 85 Locally Administered MAC address 00 00 00 00 00 00 MAC Address Type Burned In Configured IPv4 Protocol Configured IPv6 Protocol IPv6 AutoConfig Mode Management VLAN ID Web Interface Configure the IPv6 Network Interface 1 Add an IPv6
235. Interface field at the top Enter the following information e Inthe IPv6 Mode field select Enable e Inthe Routing Mode field select Enable Click Apply to save the settings 4 Assign the IP address 2001 1 to port 1 0 1 a d Select Routing gt IPv6 gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing i Secu rity Routing Table IP VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast Monitoring IPv6 Prefix Configuration Global IPv6 Interface Selection Configuration Interface Interface Configuration IPv6 Interface Configuration Prefix Configuration Ipv6 Prefix Length Statistics 2001 1 M Feso 216 2AFF FED9 2498 Neighbour Table Static Route Under IPv6 Prefix Selection in the Interface list select 1 0 1 Under IPv6 Interface Configuration enter the following information e Inthe IPv6 Prefix field enter 2001 1 e Inthe Length field enter 64 e Inthe EUI64 field select Disable e Inthe the Onlink Flag field select Disable e Inthe Autonomous Flag field select Disable Click Add to save the settings 5 Enable OSPFv3 on port 1 0 1 Chapter 7 OSPF 1 all GoTo Interface GO Adv HS Interval Disable Disable Enable Disable i500 1800 1 073 Disable Disable Enable Disable 1500 1800 Scroll down and select the interface 1 0 1 check box Now 1 0 1 appears
236. Interval seconds Web Interface Configure the Maximum Rate of DHCP Messages 1 Select Security gt Control gt DHCP Snooping gt Interface Configuration A screen similar to the following displays System T Switching Routing T Q Monitoring Uclanio Help Monoagemeant Security Acca Port Authenicatton Traic Coste DHCP Snooping DHCP Snooping Interface Configuration E Global Ceadigquranar DHCP Snooping Interface Configuration Iectace Configuration D Binding Logging Toniguranan Interface Trust Mode Invalid Rate Limitt pps Burst Interval secs Parpistani Parkets Configuration f Statistics AE a gt IF Source Guard i Disable gt Dynamic ARP Inspection All Go To interface 2 Select the interface fill in the Rate Limit pps field and then click Apply The screen shows the new rate limit for the interface Syshemn Switching Rowling Manitoring Maintenance Halp DHEF banopi g DHCP Snooping Interlace Configuration Global Cenhgyraten DHCP Snooping Interface Configuration e i i 1 Al Go To brier a Php stt k Banding Configi alian Parsiehent Logging Intenace Trust Made Lea ale Configuration e Suabigtics TP feurce Guard i Dynamit ARP Chapter 15 Security Management 311 ProSafe M4100 and M7100 Managed Switches IP Source Guard IP Source Guard uses the DHCP snooping bindings database When IP Source Guard is enabled the switch drops incoming pac
237. L Pb Rules JF Binding Cenhguration Binding Table wlan Binding Table 186 Chapter 10 ACLs A screen similar to the following displays Switching Mot ibe nomics Help Ace IPv Rules IPv6 Rules ACL Hima IPV6 ACL Rule Table Source Rule Assign Mirror Redirect Protocol 3 Pateh lal Action Logging qa Queue 10 InteAlace Interlace Every ipeliE No riaa tone been configared for this ACL ProSafe M4100 and M7100 Managed Switches In the ACL Name list select ipv6 acl Click Add In the Rule ID field enter 1 For Action select the Permit radio button In the Source Prefix field enter 2001 DB8 COAB AC11 In the Source Prefix Length field enter 64 In the Destination Prefix field enter 2001 DB8 COAB AC14 I In the Destination Prefix Length field enter 64 seo 20 5 A screen similar to the following displays thas Secu ruby Montering Mombenongca Help Indos Synom Seitching Routing Manageeanl Sasu Aude Part Auer oban Irok Cental Carel Basic IPv6 ACL Rule Configuration Advanced IP ACL IPv ACL Rule Configuration ne IF Rubs ACL Hame Poio gt IF Extended Rules Ralls ED i TPwe ACL Pt Rul Action E Penit Egress Goo 0 6 J Bindeng Deny Configuration eggeeg Disable Enable Binding Table Hireor laterface a lan Binding Table SS Redwect nterlace Hatch Ewery hib Enable Protered Typa Cther Lt Toar
238. L Rule Configuration 100 199 IP Rules 5 IP Extended Rules IP Binding Rule 10 i to 24 i Configuration Binding Table ACL ID 101 Action Permit Egress Queue O to 7 Deny Tor I 255 FIN ignore syn Set AST Ignore PSH ignore ack Clear ure Ignore sd a 0 to 65535 d Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections e Inthe Rule ID field enter 1 e For Action mode select the Deny radio button e Inthe Match Every field select False e Inthe Protocol Type list select TCP e For TCP Flag in the SYN field select Set and in the ACK field select Clear e Click Apply to save the settings 10 Add and configure an IP extended rule that is associated with ACL 102 a Select Security gt ACL gt Advanced gt IP Extended Rules A screen similar to the following displays System switching Routing Sih hioniloring Maintenance Help Managemen Secwrity Accar Port Authentication Trafic Control Basic IP Extended Rules M Advanced TP ACL IP Extended Rules IP Rules ACL IG 1oz IP Extended Rules gt JP Binding Configuration Extended ACL Rule Table Binding Table El eam a i ee E Action 99 Match Protocol TCP COCE Destination Destination Destination chia I Queue Every Keyword Flag Address Mask _ IF Address IP Mask b Under IP Extended Rules in t
239. LDP ISDP DHCP Server DHCP Pool Configuration DHCP Server DHCP Pool Configuration Configuration DHCP Pool Configuration Pool Name Create DHCP Pool Options Beal Nanna dhcp_server_second 1 to 31 alphanumeric characters DHCP Server Statistics Type of Binding Dynamic z DHCP Bindings Network Address 10 200 2 0 Information ketno Naak 255 255 255 0 DHCP Conflicts Information Network Prefix Length o DHCP Relay Client Name DHCP L2 Relay Hardware Address 00 00 00 00 00 00 UDP Relay Hardware Address Type Ethernet x DHCPv6 Server DHCPv6 Relay Client ID Host Number 0 0 0 0 Host Mask 0 0 0 0 Host Prefix Length b Under DHCP Pool Configuration enter the following information e Inthe Pool Name list select Create e Inthe Pool Name field enter dhcp_server_second e Inthe Type of Binding list select Dynamic e Inthe Network Number field enter 10 200 2 0 e Inthe Network Mask field enter 255 255 255 0 As an alternate you can enter 24 in the Network Prefix Length field c Click Add The dhcp_server_second name is now added to the Pool Name drop down list Configure a DHCP L3 Switch CLI Configure a DHCP L3 Relay 1 Enable routing on the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config 2 Create a routing interface and enable RIP on tt Config Config interface 1 0 4 Netgear Switch Netgear Switch Interface 1 0 4 routing
240. List 192168 1 2 22 reel wt DVMRP 1 0 13 Chapter 31 DVMRP ProSafe M4100 and M7100 Managed Switches DVRMP on Switch C 1 Create routing interfaceS 1 0 11 1 0 38 and 1 0 24 Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch config Config ip routing Config ip interface 1 0 11 Interface 1 0 11 ip routing Interface 1 0 11 ip address 192 168 3 1 255 255 255 0 Interface 1 0 11 exit Config interface 1 0 3 Interface 1 0 3 ip address 192 168 4 2 255 255 255 0 Interface 1 0 3 exit Config interface 1 0 24 Interface 1 0 24 routing Interface 1 0 24 ip address 192 168 5 1 255 255 255 0 Interface 1 0 3 routing Interface 1 0 24 exit 2 Enable IP multicast forwarding on the switch Netgear Switch Config ip multicast 3 Enable IP DVMRP protocol on the switch Netgear Switch Config ip dvmrp 4 Enable DVMRP mode on interfaces 1 0 3 1 0 11 and 1 0 24 Switch Switch Switch Switch Switch Switch Switch Switch Switch Config interface 1 0 3 Interface 1 0 3 ip dvmrp Interface 1 0 3 exit Config interface 1 0 11 Interface 1 0 11 ip dvmrp Interface 1 0 11 exit Config interface 1 0 24 Interface 1 0 24 ip dvrmp Interface 1 0 24 exit 5 Enable IGMP protocol on the switch Netgear Switch
241. Maintenance Help Index Management Device View i Services v Basic Stack Configuration Stack Configuration Management Unit Selection gt Advanced Management Unit Selected 2 2 9 Moving stack management will unconfigure entire stack including all interfaces Are you sure you want to move stack management OK Cancel Status Cancel ES GSM 7328S Unassigned Unassigned Management Unit OK GSM 7328S Unassigned Unassigned Stacking Member OK 2 Inthe Management Unit Selected list select 2 A warning window displays 3 Click the OK button 4 Click Apply Note If you move a master to a different unit you might lose the connection to the switch because the IP address could change if the switch gets its IP address using DHCP 368 Chapter 19 Switch Stacks SNMP This chapter provides the following examples Add a New Community Enable SNMP Trap on page 370 SNMP V3 on page 371 sFlow on page 373 Time Based Sampling of Counters with sFlow on page 377 Add a New Community The example is shown as CLI commands and as a Web interface procedure CLI Add a New Community Netgear switch config Netgear switch Config snmp server community rw public 4 Chapter 20 SNMP 369 ProSafe M4100 and M7100 Managed Switches Web Interface Add a New Community 1 Select System gt SNMP gt SNMP V1 V2 gt Community Configuration A screen similar to the following displays System Switch
242. Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP IPv VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP IPv Multicast a Mreute Tabie PIM Interface Configuration gt Global Configuration gt Interface 1 all Configuration gt D YMRP gt IGMP PIM gt Global Configuration gt SSM Configuration s Interface Configuration PIM Neighbor Candidate RP PIM Interface Configuration Admin Protocol IP Join Prune BSR Hello Interval secs Mode State Address Interval secs Border Enable i 7 __J mS Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable DR Priority Interface 7257577 70 b Scroll down and select the Interface 1 0 21 1 0 22 and 1 0 24 check boxes c In the Admin Mode field select Enable d Click Apply to save the settings 11 Enable IGMP globally a Select Routing gt Multicast gt IGMP gt Global Configuration A screen similar to the following displays System i Switching Routing QoS Security Monitoring Maintenance Help Index IP IPv VLAN ARP OSPF OSPFv3 Router Discovery VRRP gt Mroute Table IGMP Global Configuration gt Global Configuration IGMP Global Conf
243. Match Every Protocol Type __ 0 to 255 TCP Flag FIN SYN RST Ignore PSH Ignore ACK URG Ignore I Source IP Address 192 168 77 0 Source IP Mask Source L4 Port OJ to 65535 Destination IP Address 192 178 77 0 Destination IP Mask Destination L4 Port E to 65535 Service Type C IP DSCP C BCs to to 63 a Inthe Extended ACL Rule Configuration enter the following information e Inthe Rule ID 1 to 23 field enter 1 e For Action select the Permit radio button e Inthe Protocol Type list select TCP e Inthe Source IP Address field enter 192 168 77 0 e Inthe Source IP Mask field enter 0 0 0 255 e Inthe Destination IP Address field enter 192 178 77 0 e In the Destination IP Mask field enter 0 0 0 255 b Click Apply to save the settings 4 Create another ACL rule and add it to the ACL 101 140 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches a After you click the Add button in step 3 a screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control MAC ACL Extended ACL Rule Configuration IP ACL IP ACL IP Rules ACLID IP Extended Rules IP Binding Configuration Action Permit Egress Queue 0 to 6 Binding Table Extended ACL Rule Configuration 100 199 Rule ID 1 to 23 Deny Match Every Protocol Type 0 to 255 TCP
244. Mode Disable Enable Session Timeout 5 minutes Maximum number of sessions 5 Current number of sessions pp _ REFRESH CANCEL APPLY 2 Under Outbound Telnet for Admin Mode select the Enable radio button 3 Click Apply CLI Configure the session limit and session timeout Netgear Switch Routing Line session limit lt 0 5 gt Configure the maximum number of outbound telnet sessions allowed Netgear Switch Routing Line session limit 5 Netgear Switch Routing Line session timeout lt 1 160 gt Enter time in minutes Netgear Switch Routing Line session timeout 15 Web Interface Configure the Session Timeout 1 Select Security gt Access gt Telnet Chapter 17 Tools 337 338 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security i Port Authentication Traffic Control ACL TELNET Configuration Inbound Telnet Allow new telnet sessions Disable Enable Session Timeout 5 minutes Maximum number of sessions 5 Current number of sessions E Outbound Telnet Admin Mode Disable Enable Session Timeout minutes Maximum number of sessions 5 is Current number of sessions is RES CANCEL 2 Enter the following information e Inthe Session Timeout field enter 15 e In the Maximum number
245. N Oji Default Default Disable b In the VLAN ID field enter 5 c Click Add 2 Add ports 1 0 13 and 1 0 25 to VLAN 5 a Select Switching gt VLAN gt Advanced gt VLAN Membership Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches e A screen similar to the following displays i STP Multicast Routing Qo5 Security Monitering Maintenance Help Addrass Table Pors LAG gt Basic VLAN Membership Advanced VLAN LAN Membership 2 Configuration LAN ID Group Operation Untag all gt VLAN Membershe EEFT UNTAGGED PORT MEMBERS e TAGGED PORT MEMBERS Port PVID SEE Es cali RT MEMBERS Configuration MAC Based VLAN IP Subnet Based Port 1 2 3 4 5 6 7 amp 9 10 11 12 13 14 15 16 17 16 AES E Ea 19 20 21 22 23 24 EEUE PIES eS et ee Sess mii un VLAN 26 27 28 279 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 a 46 47 48 5 i Port DVLAN nara eae Saas isaS Si SSesi bie 49 50 51 52 Configuration In the VLAN ID list select 5 Click Unit 1 The ports display Click the gray boxes under ports 13 and 25 until T displays The T specifies that the egress packet is tagged for the port Click Apply 3 Create a class class vlan a Select QoS gt DiffServ gt Advanced gt Class Configuration A screen similar to the vow displays j System Switching Routing Security Monitoring Maintenance He
246. N 1 IGMP Snooping querier status IGMP Snooping Querier VLAN Mode Enable Querier Election Participate Mode Disable Querier VLAN Address Operational State Operational version The command shows that the IGMP admin mode is Active The mode is controlled by the set igmp command If the mode is inactive no query packet is sent Web Interface Show IGMP Querier Status 1 Select Switching gt Multicast gt IGMP Snooping Configuration A screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index Address Table Ports LAG IGMP Snooping IGMP Snooping Configuration Configuration gt IGMP Snooping IGMP Snooping Configuration Interface Configuration Admin Mode O Disable Enable gt IGMP Snooping Unknown Multicast Filtering Disable Enable Table gt MFDB Table Querier IP Address 10 10 10 1 gt GMRP Table Multicast Control Frame Count 0 gt MFDB Statistics Interfaces Enabled for IGMP Snooping 1 0 10 gt IGMP VLAN Data Frames Forwarded by the CPU o Configuration gt Multicast Router Configuration VLAN Ids Enabled for IGMP Snooping gt Multicast Router VLAN Configuration 1 VLAN Ids Enabled for IGMP Snooping Querier REFRESH CANCEL Click Refresh Chapter 13 IGMP Snooping and Querier APPLY MVR Multicast VLAN Registration 14 This chapter provides the following
247. N 200 a Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays System Switching i Routing mi o5 Security Monitoring yii Maintenance g i Help l ident i Multicast i Address Tabla Ports LAG VLAN Membership LAN Membership Group Operation Untag All f Configuration VLAN ID VLAN Membership VLAN Name UNTAGGED PORT MEMBERS VEAN Status Stati TAGGED PORT MEMBERS N maint 3 Port PWID VLAN Type atic Ne beter eet LA T Configuration MACBased VLAN Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 upp ae SD SW WE A LY _ 25 26 27 26 29 30 31 32 33 34 35 36 37 36 39 40 41 42 43 44 45 46 47 46 De A Sa a Sissy IP Subnet Based VLAN Port DYLAN Configuration b In the VLAN ID field select 200 c Click Unit 1 The ports display 382 Chapter 22 DHCP Server ProSafe M4100 and M7100 Managed Switches d Click the gray boxes under ports 1 and 24 until U displays The U specifies that the egress packet is untagged for the port e Click Apply 3 Assign PVID to the VLAN 200 a Select Switching gt VLAN gt Advanced gt Port PVID Configuration A screen similar to the following displays Switching Routing Qo5 Security Monitoring Maintenance Help Index STP Multicast Address Tabla Ports LAG Port PVID Configuration PVID Configuration Configuration Go To Interface VLAN Membership A
248. NTP Server 0 0 00 cee eee 322 Web Interface Set the Named SNTP Server 205 322 Chapter 17 Tools NACCVOWlS fou edie dca de ees eavddtanededeadene ein ductdes ed A 324 CLI Traceroute 6 po bho 046 ae FORGE DG RH ROGET REED DS OTS S 325 Web Interface Traceroute nananana aaa eee 320 Configuration Serpin secs tss sas saarka ade i ae ea bee Sealed 326 SE poera wh isda a erer phase eere a a bees thee wes 327 script list and script delete nananana naaa 327 script apply running config scr a n aaaea cee eee 328 Create a Configuration Script 0 0 0 cee ee ee 328 Upload a Configuration Script 0 0 0 0 0 ce eee 328 Pro Lodin Bann s van ctaoan Rade eree eaaa 329 Create a Pre Login Banner CLI Only nannan anaa naana annaa 329 POMMIN 2564 edn rrere rtir enora eea E a E 330 CLI Specify the Source Mirrored Ports and Destination Probe 330 Web Interface Specify the Source Mirrored Ports and Destination Probe 330 Aas eat i465 dd oh 4d bk PAD bed G4 OEE Ow AOE 331 CLI Download a Backup Image and Make It Active 332 Web Interface Download a Backup Image and Make It Active 333 QUIDGUNCG Telele ers pac ose kind pa eR Adee REE a a 334 CLE SOW CIO 4 a9 teaver ee cians ie ea eve a hae eS 335 CLI show telnet 0 0 0 ccc ee ee ees 335 CLI transport output telnet nnana anaa 336 Web Interface Configure Telnet 0 0 0 0 cee ee
249. Name VLAN Type Configuration Protocol Based VLAN Group Configuration Internal VLAN Allocation Base 4093 Internal VLAN Allocation Policy Cc Ascending G Descending b Enter the following information e Inthe VLAN ID field enter 2000 e Inthe VLAN Type list select Static c Click Add 2 Assign all the ports to VLAN 2000 a Select Switching gt VLAN gt Advanced gt VLAN Membership Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index STP Multicast Address Table Ports LAG gt Basic VLAN Membership Advanced gt VLAN VLAN Membership Configuration VLAN ID 2000 arati Untag All X VLAN Membership VLANName UNTAGGED PORT MEMBERS eS VLAN Status VLANT Static TAGGED PORT MEMBERS Port PVID Latte ED PORT MEM Configuration MAC Based VLAN Port 1 IP Subnet Based U VLAN 25 Fa Ae 2 3 45 6 7 8 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Ul Ul Ul Ul uu uju uf uf Uy u u Uy Uy Ul Us Uy Uy uf u 26 27 28 In the VLAN ID list select 2000 Click Unit 1 The ports display Click the gray box before Unit 1 until U displays e Click Apply 3 Associate the IP subnet with VLAN 2000 a Select Switching gt VLAN gt Advanced gt IP Subnet Based VLAN A screen similar to the following displays 29 5 Switching Routing QoS Security Monitoring Ma
250. Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 ipv6 enable Netgear Switch Interface 1 0 1 ipv6 address 2000 2 64 Netgear Switch Interface 1 0 1 routing Netgear Switch Interface 1 0 1 exit Netgear Switch ping ipv6 2000 2 Send count 3 Receive count 3 from 2000 2 Average round trip time 1 00 ms Netgear Switch show ipv6 brief IPv6 Forwarding Mode Enable IPv6 Unicast Routing Mode Enable IPv6 Hop Limit ICMPv6 Rate Limit Error Interval 1000 msec ICMPv6 Rate Limit Burst Size 100 messages Maximum Routes Netgear Switch show ipv6 interface 1 0 1 IPv6 is enabled IPv6 Prefix is FE80 21E 2AFF FED9 249B 128 2000 2 64 TENT Routing Mode Enabled Administrative Mode Enabled IPv6 Routing Operational Mode Enabled Bandwidth 1000000 kbps Interface Maximum Transmit Unit 1500 Router Duplicate Address Detection Transmits 1 Router Advertisement NS Interval 0 Router Advertisement Lifetime 1800 Router Advertisement Reachable Time 0 Router Advertisement Interval 600 Router Advertisement Managed Config Flag Disabled Router Advertisement Other Config Flag Disabled Router Advertisement Suppress Flag Disabled IPv6 Destination Unreachables Enabled Prefix 2000 2 64 Preferred Lifetime 604800 Valid Lifetime 2592000 Onlink Flag Enabled Autonomous Flag Enabled Chapter 27 IPv6 Interface Configuration 423 ProSafe M4100 and M7100 Managed Switches Web Interface Creat
251. Network Configuration Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches app e A screen similar to the following displays r Switching Routing Qos Security l Monitoring Maintenance Device View Services Stacking SNMP LLDP ISDP gt System IPv4 Network Interface Configuration Information Switch Statistics IPv4 Network Inte rface Configuration gt System Resource tp Address 192 168 05 gt Slot Information E tnd kaak 255 255 255 0 gt Loopback Default Gateway Interface Network Interface Locally Administered HAC Address Bumed In MAC Address IPV4 Network MAC Address Type Burned In Configuration Locally Administered IPV6 Network Current Network Configuration Protocol None Bootp DHCP SEITEN DHCP Vendor Class Identifier Disable Enable IPy6 Network i RAE evinces Me inet DHCP Vendor Class Identifier String Neighbor EEE Management VLAN ID For Current Network Configuration Protocol select the None radio button In the IP Address field enter 192 168 0 5 In the Subnet Mask field enter 255 255 255 0 Click Apply 2 Create VLAN 2000 a d Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays System E Switching Routing iO STP Multicast Address Tabla Ports LAG Basic VLAN Configuration VLAN Configuration Reset gt Advanced Reset Configuration C Interna
252. P Address Subnet Mask EN S Mode Mode b Scroll down and select the Interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 150 2 1 e Inthe Subnet Mask field enter 255 255 255 0 Chapter6 RIP 77 ProSafe M4100 and M7100 Managed Switches e Inthe Routing Mode field select Enable d Click Apply to save the settings 2 Assign IP address 192 150 3 1 24 to interface 1 0 3 a Select Routing gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help VLAN ARP RIP OSPF Router Discovery VRRP gt Basic IP Interface Configuration Advanced IP Configuration Configuration Statistics IP Interface Go To Interface GO Index Administrative Mode 1 255 255 255 0 Enable xi a 0 0 0 0 Disable 192 150 2 1 255 255 255 0 Enable 0 0 0 0 0 0 0 0 Disable 0 0 0 0 0 0 0 0 Disable b Scroll down and select the interface 1 0 3 check box Now 1 0 3 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 150 3 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings RIP for the Switch Note Unless you have previously disabled RIP you can skip this step since RIP is enab
253. P Parl Saeco MYE Acdroaa Table Porti LAES v Basic VLAN Configuration VLAN Reset Configuration Advanced Reset Configuration Internal VLAN Configuration Internal VLAN Allocation Base 409 Internal VLAN Allocation Pobcy Ascending OGesccending VLAN Configuration VLAN ID VLAN Hame VLAN ype Make Static Dicable WAND Wan name VIAN Type Maketatic O E m Seana Help Index b Enter the following information e Inthe VLAN ID field enter 101 e Inthe VLAN Name field enter VLAN101 c Click Add Chapter 2 VLANs 21 ProSafe M4100 and M7100 Managed Switches 3 Create VLAN102 a C Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Routing Qos Security Monitoring Maintenance Help Index i a Auto Volf IFCH SIP Milao AIYE Addon Table Porti LAES Basie VLAN Configuration VLAN Reset gt Advanced Reset Configuration Internal VLAN Configuration Internal VLAN Allocation Base 4093 Internal VLAN Allocation Pobcy Ascending Descending VLAN Configuration VLAN ID VLAN fame iii defauh Cefau Disable if Auto VolP AUTO VoIP Disable Enter the following information e Inthe VLAN ID field enter 102 e Inthe VLAN Name field enter VLAN102 Click Add Assign Ports to VLAN3 This example shows how to assign the ports that will belong to VLAN 3 and to specify that untagged frames will be accepted on port 1 0 4 Note tha
254. P i RIP security i WLAN OSPF DVMRP Global Configuration DVMRP Global Configuration Admin Mode Version Total Number of Routes Reachable Routes Router Discovery OSPF Monitoring f Maintenance Help VRRP Disable Enable 3 0 0 b For Admin Mode select the Enable radio button c Click Apply 6 Enable DVMRP on the interface a Select Routing gt Multicast gt DVMRP gt Interface Configuration Chapter 31 DVMRP Index Index ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Routing Table IP IPw VLAN ARP RIP Security OSPF OSPFy3 DVMRP Interface Configuration Configuration DY MRP Interface Configuration gt Interface Configuration DYMRP Global Configuration Interface Configuration DVMRP Neighbor DVMRP Next Hop 1 All Interface Interface Mode ol oa Nat In Disable Service Monitoring Router Discovery Maintenance Index Help VRRP Go To Interface GO P Interface Parameters Received Received Protocol Local Interface Generation 3 a Bai a a State Address Metric ID Packets Routes _e A Interface Statistics Sent Routes Scroll down and select the Interface 1 0 13 and 1 0 20 check boxes c In the Interface Mode field select Enable d Click Apply to save the settings DVMRP on Switch C 1 Enable IP routing on the switch
255. PF Admin Mode field select Enable Click Apply to save the settings 7 Configure area 0 0 0 1 as a stub area a CLI Select Routing gt OSPF gt Advanced gt Stub Area Configuration A screen similar to the following displays Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP i Router Discovery VRRP Stub Area Configuration OSPF Stub Area Configuration Configuration Area I rt Metri Common 4rea Aging External SPF Border Area LSA TES ST 2 Area ID Se Yalue 1 to Configuration Interval Routing Runs Router Checksum 16777215 Stub Area Count Configuration Enter the following information e Inthe Area ID field enter 0 0 0 1 e Inthe Import Summary LSAs field select Disable Click Add to save the settings Configure Area 1 as a Stub Area on A2 1 Enable routing on the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config router ospf Chapter 7 OSPF 103 104 ProSafe M4100 and M7100 Managed Switches 2 Set the router ID to 2 2 2 2 Netgear Switch Config router router id 2 2 2 2 3 Configure area 0 0 0 1 as a stub area Netgear Switch Config router area 0 0 0 1 stub 4 Enable OSPF area 0 0 0 1 on the 1 0 15 Netgear Switch Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Config router exit Config router
256. Port Port Security Mode Disable Enable Administration Interface Configuration Port Security Violations Address Static MAC Address gt Protected Port b Under Port Security Configuration next to Port Security Mode select the Enable radio button c Click Apply to save the settings Set the dynamic and static limit on the port 1 0 1 a Select Security gt Traffic Control gt Port Security gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Management Security Access Port Authentication i ACL MAC Filter Port Security Interface Configuration Storm Control Port Security Interface Configuration Port Go To Interface _ GO J Address Static MAC Address a gt Protected Port 1 All dministration INNES Port Port S it s ats ne Enable iolati T o ort Security ynamically Statically nable iolation Traps Connguranan Learned MAC Locked MAC Dynamic MAC ea 3 lv 1 o 2 Disable b Scroll down and select the Interface 1 0 1 check box Now 1 0 1 appears in the Interface field at the top c Enter the following information e Inthe Port Security field select Enable e Inthe Max Allowed Dynamically Learned MAC field enter 10 e Inthe Max Allowed Statically Locked MAC field enter 3 d Click Apply to save the settings The example is shown as CLI commands and as a Web interface pro
257. ProSafe M4100 and M7100 Managed Switches 2 Create one VLAN 202 connected to the Internet Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch vlan database Vlan vlan 202 Vlan vlan routing 202 Vlan exit configure Config interface 1 0 48 Interface 1 0 48 vlan pvid 202 Interface 1 0 48 vlan participation include 202 Interface 1 0 48 exit Config interface vlan 202 Interface vlan 202 routing Interface vlan 202 ip address 10 100 5 34 255 255 255 0 Interface vlan 202 exit 3 Create a DHCP pool to allocated IP addresses to PCs Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch config service dhcp config ip dhcp pool pool a Config dhcp pool dns server 12 7 210 170 Config dhcp pool default router 192 168 1 254 Config dhcp pool network 192 168 1 0 255 255 255 0 Config dhcp pool exit 4 Enable IP routing and configure a default route Netgear Switch config ip routing Netgear Switch config ip route 0 0 0 0 0 0 0 0 10 100 5 252 5 Enable a protected port on 1 0 23 and 1 0 24 Switch Switch Switch Switch Switch Switch Config interface 1 0 23 Interface 1 0 23 switchport protected Interface 1 0 23 exit Config interface 1 0 24 Interface 1 0 24
258. Pv6 Server gt DHCPv6 Server Configuration e205 A screen similar to the following displays QoS Maintenance Help Index System Switching Routing Security Monitoring Management Device View License Stacking SNMP LLDP ISDP v DHCP Server DHCP Relay DHCP L2 Relay UDP Relay DHCP v6 Server gt DHCPY6 Server Configuration DHCP 6 Pool Configuration DHCPv6 Prefix Delegation Configuration DHCPy6 Interface Configuration DHCPv6 Bindings Information DHCPy6 Server Statistics DHCPv6 Relay DHCPv6 Server Configuration DHCPv6 Server Configuration Admin Mode C Disable Enable DHCPv6 Server DUID b For Admin Mode Select the Enable radio button c Click Apply 5 Create DHCPV6 pool a Select System gt Services gt DHCP Server gt DHCPv6 Pool Configuration 396 Chapter 23 DHCPv6 Server ProSafe M4100 and M7100 Managed Switches e A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View License Stacking SNMP LLDP ISDP DHCP Server DHCP v6 Pool Configuration DHCP Relay DHCP L2 Relay DHCP v6 Pool Configuration UDP Relay DHCP v6 Server DHCPv6 Server Pool Name ipv6_server Pool Name Create x Configuration DHCPv6 Pool 2011 9 18 1 Configuration i DHCPv6 Prefix Delegation Configuration DHCPy6 Interface Configuration DHCPv6 Bindings Information DHCPy 6 Server Stati
259. RIP 2 x RIP 2 x C Disable Enable c For RIP Admin Mode select the Enable radio button d Click Apply Enable multicast globally a Select Routing gt Multicast gt Global Configuration A screen similar to the following displays QoS ARP RIP Switching l Routing Security i IP P i VLAN OSPF Global Configuration Configuration Global Configuration Interface Admin Mode Configuration gt DYMRP IGMP gt PIM DM gt PIM SM MLD gt Static Routes Configuration Protocol State Table Maximum Entry Count Protocol Table Enty Count gt Admin Boundary Configuration Router Discovery OSPR Monitoring T Maintenance i Help ndex VRRP Disable Enable Non Operational 256 No Protocol Enabled 0 b For Admin Mode select the Enable radio button c Click Apply Enable PIM DM globally a Select Routing gt Multicast gt PIM gt Global Configuration Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches d A screen similar to the following displays System Switching BAS ITETs Security Monitoring Maintenance Help Routing Table IP Pwd VLAN ARP RIF OSPF OSPFy3 Router Discovery VRRP Ped Multicast Mroute Table PIM Global Configuration Global Configuration gt Interface Configuration gt DYMRP gt IGMP PIM Global Configuration 55M PIM Global Configuration PIM Protocol Type Admin Mode PIM DM C PIM SM
260. Routing Administrative 192 168 3 2 255 255 255 0 f Enable Disable Enable b Scroll down and select the Port 1 0 10 check box Now 1 0 10 appears in the Port field at the top c Enter the following information e Inthe IP Address field enter 192 168 3 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Configure 1 0 11 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration 446 Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Routing Table IPv VLAN ARP RIP QoS Security Monitoring Maintenance Help Index OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced IP Configuration Statistics IP Interface Configuration Secondary IP IP Interface Configuration 1 all Administrative Mode Subnet Mask VLAN IP Address Routing Port Mode Description ID a S oS Disable Enable b Under IP Interface Configuration scroll down and select the Port 1 0 11 check box Now 1 0 11 appears in the Port field at the top c Enter the following information e Inthe IP Address field enter 192 168 5 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to
261. Routing QoS Security Monitoring Maintenance Help Index STP i Multicast Address Table Ports LAG Protocol Based VLAN Group Membership Protocol Based VLAN o Membership Anaea gt VLAN Membership 7 a _ip _ CURRENT MEMBERS oe ae uun RENEE A ESE MAC Based VLAN Port PVID Configuration Port DYLAN 1 2 3 4 5 6 7 a E AA I SE 25 26 27 28 In the Group ID list select 2 Click the gray box under port 11 A check mark displays in the box Click Apply Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches Virtual VLANs Create an IP Subnet Based VLAN In an IP subnet based VLAN all the end workstations in an IP subnet are assigned to the same VLAN In this VLAN users can move their workstations without reconfiguring their network addresses IP subnet VLANs are based on Layer 3 information from packet headers The switch makes use of the network layer address for example the subnet address for TCP IP networks in determining VLAN membership If a packet is untagged or priority tagged the switch associates the packet with any matching IP subnet classification If no IP subnet classification can be made the packet is subjected to the normal VLAN classification rules of the switch This IP subnet capability does not imply a routing function or that the VLAN is routed The IP subnet classification feature affects only the VLAN assignment of a packet Appropriate 802 1Q VLAN configuration must exist in order for the
262. SPF Area ID field enter 0 0 0 2 e Inthe OSPF Admin Mode field select Enable e Inthe Router Priority 0 to 255 field enter 128 e Inthe Metric Cost field enter 32 Click Apply to save the settings 7 Enable OSPF on port 1 0 3 a C Select Routing gt OSPF gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP Router Discovery VRRP gt Basic Interface Configuration Advanced OSPF Interface Configuration Configuration All Go To Inte NSSA Area Configuration Common Area l Dead Configuration OSPF Router Retransmit Hello Interval t Stub Area Interface OSPF Area ID Admin Priority 0 to Interval 0 Interval 1 ta i i i M 55 to 3600 t 553 Configuration tode 255 zi i 5 2147483647 40 rea Range 0 0 Disable Configuration 0 0 Enabla Interface Configuration Neighbor Table sheets Disable Link State M 10 5 0 0 Disable Under Interface Configuration scroll down and select the interface 1 0 3 check box Now 1 0 38 appears in the Interface field at the top e Inthe OSPF Area ID field enter 0 0 0 3 e Inthe OSPF Admin Mode field select Enable e Inthe Priority field enter 255 e Inthe Metric Cost field enter 64 Click Apply to save the settings 8 Enable OSPF on port 1 0 4 a Select Routing gt OSPF gt Adv
263. Security Monitoring Maintenance Help Index STP Multicast MYR Address Table r LAG Basic VLAN Configuration gt VLAN Configuration Reset gt Advanced Reset Configuration VLAN Configuration pa LAN ID LAN Name LAN Type Make Static C 3B BRE default Default Disable b In the VLAN ID field enter 999 and in the VLAN Name field enter mVlan c Click Add d Repeat step b and c to create VLAN1 1001 VLAN2 1002 and VLANS3 1003 2 Add port 9 into MVLAN 999 with tagged mode a Select Switching gt VLAN gt Advanced gt VLAN Membership Chapter 14 MVR Multicast VLAN Registration 259 260 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VU STP Multicast MVR Address Table Ports LAG VLAN Membership VLAN Configuration LAN Membership gt VLAN Membership VLAN ID 999 x Group Operation Untag All zi VLAN Status UNTAGGED PORT MEMBERS Port PVID Configuration EEEE VLAN Type TAGGED PORT MEMBERS gt Protocol Based VLAN Group Configuration Protocol Based VLAN Group Membership gt IP Subnet Based VLAN In the VLAN ID list select 999 Click Unit 1 The ports display Click the gray box under port 9 until T displays The T specifies that the egress packet is tagged for the ports Click Apply to save the settings Repeat steps from b to e add port 0 1 to VLAN1
264. Stack Port wo Configuration Gli 05i Ethernet Ethernet Down 10 a ile alt Ei 0 52 Stack Stack Down 10 0 I Diagnoses b Since the port 1 0 52 is stack mode already nothing needs to be done 2 On Switch B configure port 2 0 28 as stacking port a Select System gt Stacking gt Advanced gt Stack Port Configuration 360 Chapter 19 Switch Stacks ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Qos l Security Monitoring Maintenance Help Index LOGOUT f Management Devico View Services SNMP LLOP ISOP hi Raete Stack Port Configuration Advanced Stack Port Configuration Stack enguan Unito Port Configured Stack Made gt Stack Part 26 joy Configuration 0 2 O 27 Stack Stack Dian r m Stack Port g Diagnostics b Scroll down and select the 2 0 28 check box c In the Configured Stack Mode list select Stack d Click Apply to save the settings 3 Reboot the switch a Select Maintenance gt Reset gt Device Reboot A screen similar to the following displays System Switching Routing Qos Security Monitoring Maintenance Help ndex Save Config Upload Download Fila Management Troubleshooting Device Reboot Device Reboot Factory Default Device Reboot gt Password Reset Reboot Unit No 2 kl Save prior to reboot C Don t save prior to reboot b In the Reboot Unit No list
265. Subnet Routing Administrative ri 1 0 24 as 192 168 41 255 255 255 0 AB Enable Enable ir 0 0 0 0 0 0 0 0 Disable Enable b Scroll down and select the Interface 1 0 24 check box Now 1 0 24 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 4 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 5 Enable RIP on interface 1 0 21 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays i System Switching Routing Qos Bi Security Monitoring Maintenance l Routing Table IP Pv VLAN ARP i OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic Interface Configuration Advanced RIP Configuration Interface Configuration Interface Interface Configuration Send Version RIP 2 iene Receive Version Redistribution RIP Admin Mode Authentication Typ b In the Interface list select 1 0 21 c For RIP Admin Mode select the Enable radio button d Click Apply 6 Enable RIP on interface 1 0 22 a Select Routing gt RIP gt Advanced gt Interface Configuration 482 Chapter 28 PIM Help Index ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Routing Table IP gt Basic Advanced RIP Configuration Interface Con
266. Sw itching Rowling Auto VoIP Configuration d Click Apply 228 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Help FF Diffserv Wizard Auto VoIP Configuration Auto VoIP Configuration Advanced a reata hien io Al Traic Class DiffServ for IPv6 This feature extends the existing QoS ACL and DiffServ functionality by providing support for IPv6 packet classification Internet Interface 1 0 3 Interface 1 0 2 IPv6 Workstation IPv6 Workstation Other traffic IPv6 Workstation Figure 25 DiffServ for IPv6 The example is shown as CLI commands and as a web interface procedure Chapter 12 DiffServ 229 ProSafe M4100 and M7100 Managed Switches CLI Configure DiffServ for IPv The script in this section shows how to prioritize ICMPv 6 traffic over other IPv6 traffic 1 Create the IPv6 class classicmpv 6 Netgear Switch Config class map match all classicmpv6 ipv6 2 Define matching criteria as protocol ICMPv6 Netgear Switch Config classmap match protocol 58 Netgear Switch Config classmap exit 3 Create the policy policyicmpv Netgear Switch Config policy map policyicmpv6 in 4 Associate the previously created class classicmpv6 Netgear Switch Config policy map class classicmpv6 5 Set the attribute as assign queue 6 Netgear Switch Config policy classmap ass
267. Switch Config interface 1 0 13 Netgear Switch Interface 1 0 13 ip dvmrp Netgear Switch Interface 1 0 13 exit Netgear Switch Config interface 1 0 21 Netgear Switch Interface 1 0 21 ip dvmrp Netgear Switch Interface 1 0 21 exit Netgear Switch show ip dvmrp neighbor Interface Neighbor IP Address T92 10822 Active Up Time hh mm ss 00 02 40 Expiry Time hh mm ss 00 00 25 Generation ID 1116347719 Major Version Minor Version Capabilities Received Routes Received Bad Packets Received Bad Routes Interface Neighbor IP Address ilo PARE oc anes el Active Up Time hh mm ss 00 01 44 Expiry Time hh mm ss 00 00 28 Generation ID 1116595047 Major Version Minor Version More Entries or quit q Capabilities Received Routes Received Bad Packets Received Bad Routes 526 Chapter 31 DVMRP ProSafe M4100 and M7100 Managed Switches Netgear Switch show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Protocol Interface Interface List 1924168 1 2 223s 00L 1 0 21 DVRMP on Switch B 1 Create routing ports 1 0 13 and 1 0 20 Switch config Switch Config ip routing Switch Config interface 1 0 13 Switch Interface 1 0 13 routing Switch Interface 1 0 13 ip address 192 168 2 2 255 255 255 0 Interface 1 0 13 exit Switch Config interface 1 0 20 Switch Interface 1 0 20 routing Interface 1 0 20 ip address 192 1 168 4 1 25
268. Switch Interface 0 24 ip proxy arp Press Enter to execute the command Netgear Switch Interface 0 24 ip proxy arp 128 Web Interface Configure Proxy ARP on a Port 1 Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP IP Interface Configuration IP Configuration Configuration gt Statistics Go To Interface 82 J ei Routi Administrative CC O O O a 1 0 1 0 0 0 0 0 0 0 0 C Enable mo 0 0 0 0 0 0 0 0 Disable Enable O 17073 0 0 0 0 0 0 0 0 Disable Enable 2 Under Configuration scroll down and select the Interface 1 0 3 check box Now 1 0 3 appears in the Interface field at the top 3 In the Proxy Arp field select Enable 4 Click Apply to save the settings Chapter 8 ARP VRRP Virtual Router Redundancy Protocol This chapter provides the following examples e VRHP on a Master Router on page 130 e VRRP on a Backup Router on page 132 When an end station is statically configured with the address of the router that will handle its routed traffic a single point of failure is introduced into the network If the router goes down the end station is unable to communicate Since static configuration is a convenient way to assign router addresses Virtual Router Redundancy Protocol VRRP w
269. Switching Routing security Monitoring Maintenance Help Index Aconss Port Authentication Traffic Control Control ACL gt Local User Server Configuration RADIUS Radius Server Configuration Configuration Radius Server IP andur i El pane Secret i tadius Server Name Curren a ecre Server Address Configured accountng sever sco MU 7 192 a Yi Accounting Server peeo gi Configuration gt TACACS Authentication List Login Statistics Malformed Radius Access ACCESS ficcess Access pS ee Server Requests Retransmissions Accepts Rejects Challenges Sone Authenticators Reque Responses In the Radius Server IP Address field enter 192 168 0 1 In the Secret Configured field select Yes In the Secret field enter 12345 Click Add e205 Dynamic ARP Inspection Dynamic ARP inspection DAI is a security feature that rejects invalid and malicious ARP packets The feature prevents a class of man in the middle attacks where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors The miscreant sends ARP requests or responses mapping another station s IP address to its own MAC address Chapter 15 Security Management 297 ProSafe M4100 and M7100 Managed Switches DAI relies on DHCP snooping DHCP snooping listens to DHCP message exchanges and builds a bindings database of valid tuples MAC address IP address VLAN interface
270. Switching Routing 7 7 Security Monitoring Maintenance Help Index Routing Table IF VLAN ARP RIP OSPF OSPFy3 Router Discovery VREP Multicast gt Basic IPv6 Prefix Configuration Advanced gt Global IPv6 Interface Selection Configuration Interface gt Interface Configuration IPv6 Interface eS Prefix Configuration A Ipv6 Prefix Length Yalid Life Time Preferred Life Time gt Statistics gt Neighbour Table E ELE C C Static Route l FE amp O COA8 101 126 In the Interface list select 0 7 1 In the IPv6 Prefix field enter 2000 1 In the Length field enter 64 In the EUI64 field select Disable Click Add Configure Switch GSM7328S 2 1 Enable IP routing on the switch a b Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System i Switching Routing QoS Security Monitoring Maintenance Help kider Routing Table i PvS WLAN ARP RIP OSPF OSPFyv3 i VRRP Multicast Basic IP Configuration gt IP Configuration Statistics ERIE Configuration gt Advanced Default Time to Live 64 Routing Mode Enable Disable ICMP Echo Replies Enable Disable ICMP Redirects Enable Disable ICMP Rate Limit Interval 1000 0 to 2147483647 ms ICMP Rate Limit Burst Size 1 te 200 Maximum Next Hops 4 For Routing Mode select the Enable radio button c Click Apply 2 Enable IPv6 forwarding and unica
271. Syiam Switching Routing ER Security Momioring Maintenance Help f Diller Wirard Service Interface Confiquration Auto olP Basic Avanti T r Drifa ae ohiey Mam bree ion Hperstinnal Status 1 Service Interface Configuration onigaraian Clase iConfiguraton Pvt Class Comiguaratean Policy Configuration b Select the check boxes for Interfaces 1 0 1 and 1 0 2 c Set the Policy Name field as PolicyVoiceVLAN Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Eouting Sacuriby Monitoring Moinerance System Switching L gi Diffsery Wizard Service Interlace Contiquration Auto VolP Basic Advanced 4 All Go To Interfata S Service Interface Configuration i y wousinete Interface Policy Kame Direction Operational Status Configuration N i eines LEE Policy Voice Configuration EJ e 1Pv6 Chagg Conhguraion Mowe tn Policy a pan Configuration Jarrian litertace siii U ete bet z Service Statistics al brn in AR d Click Apply A screen similar to the following displays System Switching Routing Das Security Monitoring Mambenonee Help Las i Diffserv Wizard Service Interface Configuration Aho Fel Basic gt Adware edd i Al Go To interfaco gt DTSery Service Interface Configuration later ace Polit Hane ire ction Operations Status antigieratsanh Class OT Gori
272. System Switching Routing Security Monitoring Maintenance Help Index Dass Name Class_ Corr gt Diffserv Wizard Class Type all gt Auto oIP aes DiffServ Class Configuration DiffServ Match Every Configuration Reference Class class_vlan z Class Class Of Service zi Configuration VLAN __ 0 te 4095 IPv6 Class Ethernet Type Appletalk EJ 600 to ff hex Configuration Source MAC Addrace Mask Policy O OE Coectmatonnac adresse E a Configuration Service Interface C3 Protocol Type ICMP E a to 255 Configuration Source IP Address Mask Service Statistics C Source L4 Port domain 0 to 65535 Cvestnwtont aiim EE eee EE Destination L4 Port domain 0 to 65535 C IP DSCP afta Ef cotoe3 Precedence Value Fiel 0 to F C IP ToS Bit Value Bit Mask E e Under Diffserv Class Configuration in the Precedence Value list select 7 f Click Apply 5 Create a policy policy_vlan a Select QoS gt DiffServ gt Advanced gt Policy Configuration A screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index Policy Configuration Policy Configuration m Policy Name Policy Type Member Class DiffServ Aico 1 Configuration Class i Configuration IPv6 Class Configuration Policy Configuration Service Interface Configuration Service S
273. T specifies that the egress packet is tagged for the port d Click Apply to save the VLAN that includes port 3 3 Enable OSPF on the switch a Select Routing gt OSPF gt Basic gt OSPF Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP Router Discovery VRRP Basic OSPF Configuration OSPF Configuration OSPF Configuration gt Advanced OSPF Admin Mode Disable Enable Router ID 192 150 9 9 b For OSPF Admin Mode select the Enable radio button c In the Router ID field enter 192 150 9 9 d Click Apply to save the setting 4 Enable OSPF on VLAN 10 120 Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches e Select Routing gt OSPF gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Routing Table IP VLAN ARP RIP i Router Discovery VRRP VLANS All OSPF Router Retransmit Hello Interface OSPF Area ID Admin Priority 0 to Interval 0 Interval 1 Mode 255 to 3600 to 65535 ES Sed E 0 2 71 Were Aie Sd rs CC NSSA4 Area Configuration x rea Range L Security Index Maintenance Help Monitoring gt Basic F Advanced OSPF Configuration Interface Configuration Go To In Dead Common Area Interval 1 Configuration Stub Area Configurati
274. TCF Flag 10 0 01 0 0 0 0 4 Bind the ACL with interface 1 0 1 a Select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays Menilioring Maintenance Help gt Fasit IP Binding Configuration Adbwonced IP ACL Binding Configuration IP Rules Dirt tie Abowd EF Extended Ruled Reece erica hii 1 a7Pe4a0e7243 Pri AL ahi Port talection Table s Pye Rules Poti 7 3 4 5 6 7 amp 9 IO 08 12 13 M4 15 16 17 18 19 20 21 22 23 24 w l l 25 26 27 20 79 30 Ji 32 33 J4 35 36 37 38 39 40 41 42 49 44 45 4G 47 al Bending Table Ch ATT ppa ali In the Sequence Number field enter 1 In the Port Selection Table click Unit 1 to display all the ports for the device Select the Port 1 check box Click Apply e205 Chapter10 ACLs 177 A screen similar to the following displays Monitoring Sy atom Swilching Routing Goad Basic IP Binding Configuration Advanced EP ACL IP Rules IP Extended Rules r Pi ACL amp Pw Rules LP Banding Configueaton Binding Table Yilan Bindcieg Table Binding Configuration Cire ton Interface Direction ACL Type ACL Redirect i is d2h4o6b ProSafe M4100 and M7100 Managed Switches Maintenance Halp 7245 This feature redirects a specified traffic stream to a specified interface Other network danaa J HTTP packets Other packets Figure 20 ACL Redirec
275. Transmit Data Rate Mbps gt Stack Port 2 MEAE Ethernet Stack Down 2 Configuration 0 27 Stack Stack Port Diagnostics Under Stack Port Configuration scroll down and select the 2 0 28 check box In the Configured Stack Mode list select Ethernet Click Apply to save the settings 2 Reboot the switch Chapter 19 Switch Stacks 357 358 3 4 ProSafe M4100 and M7100 Managed Switches a Select Maintenance gt Reset gt Device Reboot A screen similar to the following displays System Switching i Routing Qo5 Security Monitoring Maintenance Save Config Upload Downlood Fila Management Troubleshooting v Device Reboot Device Reboot Factory Default Device Reboot gt Password Reset Reboot Unit No Save prior to reboot C Don t save prior to reboot b In the Reboot Unit No list select 2 c Click Apply On Switch B configure a stack port as an Ethernet port a Select System gt Stacking gt Advanced gt Stack Port Configuration A screen similar to the following displays Systems Switching Routing Qos Security Monitoring Maintenance Help j Index Management Bevies View Services SNMP LLDP s0P Stack Port Configuration gt Basic Advanced Stack Configuration Stack Port OvSL Configuration Stack Port Diagnostics Stack Port Configuration Umit ID Port Stack Mode Running Stack Mode Link Status Link Speed Gbps Transmit Data Rate
276. VLAN gt VLAN Routing Wizard A screen similar to the following displays NETGEAR Connect with Innovation System Switching Routing Security Monitoring Maintenance Help Routing Tabla IP i ARP v LAN Routing LAN Routing Wizard Wizard i gt LAN Routing VLAN Routing Wizard Vlan ID ZOO LAG Enabled 192 168 200 1 Network Mask 255 255 255 0 Pot 1 2 3 4 5 6 F7 6 9 10 11 12 13 14 15 16 17 16 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 1 sa nl I ni en el el el em el ce we Pain tele b Enter the following information e Inthe Vlan ID field enter 200 e Inthe IP Address field enter 192 168 200 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 44 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 200 4 Enable IP routing a Select Routing gt IP gt Basic gt IP Configuration 148 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP Basic IP Configuration IP Configuration IP Configuration Statistics Default Time to Live 30 Advanced Routing Mode Disable Enable IP Forwarding Mode Disable Enable
277. VLAN Routing Interface 1 Create VLAN 500 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Routing Qos Security Monitoring Maintenance Help Index STP Multicast Address Table Ports LAG Basic VLAN Configuration VLAN Configuration Reset gt Advanced Reset Configuration E Internal LAN Configuration Internal LAN Allocation Base 4093 Internal VLAN Allocation Policy C Ascending i Descending YLAN Configuration Default b In the VLAN ID field enter 500 c In the VLAN Type field select Static d Click Add 2 Add ports to VLAN 500 a Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index f STP Multicast Address Table Ports LAG gt Basic Advanced VLAN Membership shin YLAN Membership s Viak Merstershio CERIO ENa Group Operation gt VLAN Status VLANName UNTAGGED PORT MEMBERS ane Port PVID VLAN Type i _ TAGGED PORT MEMBERS Configuration MAC Based VLAN Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 IP Subnet Based U i j i l VLAN 25 26 27 28 Port Dylan In the VLAN ID list select 500 Click Unit 1 The ports display d Click the gray box under port 1 until U displays indicating that the egress packet is untagged for the
278. VLAN were a router port When a port is enabled for bridging the default rather than routing all normal bridge processing is performed for an inbound packet which is then associated with a VLAN Its MAC destination address DA and VLAN ID are used to search the MAC address table If routing is enabled for the VLAN and the MAC DA of an inbound unicast packet is that of the internal bridge router interface the packet is routed An inbound multicast packet is forwarded to all ports in the VLAN and also to the internal bridge router interface if it was received on a routed VLAN Since a port can be configured to belong to more than one VLAN VLAN routing might be enabled for all of the VLANs on the port or for a subset VLAN routing can be used to allow more than one physical port to reside on the same subnet It could also be used when a VLAN spans multiple physical networks or when more segmentation or security is required The next section shows you how to configure the M4100 and M7100 Managed Switch to support VLAN routing and how to use RIP and OSPF A port can be either a VLAN port or a router port but not both However a VLAN port can be part of a VLAN that is itself a router port Create Two VLANs This section provides an example of how to configure the M4100 and M7100 Managed Switch to support VLAN routing The configuration of the VLAN router port is similar to that of a physical port The main difference is that after the VLAN has
279. You define a MAC to VLAN mapping by configuring an entry in the MAC to VLAN table An entry is specified using a source MAC address and the appropriate VLAN ID The MAC to VLAN configurations are shared across all ports of the device i e there is a system wide table that has MAC address to VLAN ID mappings When untagged or priority tagged packets arrive at the switch and entries exist in the MAC to VLAN table the source MAC address of the packet is looked up If an entry is found the corresponding VLAN ID is assigned to the packet If the packet is already priority tagged it will maintain this value otherwise the priority will be set to O zero The assigned VLAN ID is verified against the VLAN table If the VLAN is valid ingress processing on the packet continues otherwise the packet is dropped This implies that you can configure a MAC address mapping to a VLAN that has not been created on the system CLI Create a MAC Based VLAN 1 Create VLANS Netgear Switch vlan database Netgear Switch Vlan vlan 3 Netgear Switch Vlan exit 2 Add port 1 0 23 to VLANS Netgear Switch config Netgear Switch Config interface 1 0 23 Interface 1 0 23 vlan participation include 3 Netgear Switch Interface 1 0 23 vlan pvid 3 Interface 1 0 23 exit Switch Netgear Switch Chapter 2 VLANs 25 ProSafe M4100 and M7100 Managed Switches 3 Map MAC 00 00 0A 00 00 02 to VLANS N
280. _ Preference Disable Disable Disable Disable Disable Disable Disable Disable DHCP v6 Prefix Delegation Configuration DHEP 6 Interface Configuration DHCP ys Bindings Information gt DHCP 6 Server Statistics gt BDHCPv6 Relay PO Oe OO 1 0 10 Disable t if 101 Disable Scroll down and select the interface 1 0 9 check box Now 1 0 9 appears in the Interface field at the top Enter the following information e Inthe Admin mode field select Enable e Inthe Pool Name field enter poolt e Inthe Administrative Mode field select Enable Click Apply to apply the settings 9 Show DHCPv 6 binding a Select System gt Services gt DHCPv6 Server gt DHCPV6 Binding Information Chapter 23 DHCPv6 Server 393 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View License Stocking SNMP LLOP ISDP gt DHCP Server DHCPv6 Bindings Information gt DHCP Relay gt DHCP L2 Relay gt UDP Relay Search By Binding IP Panan Client Address Client Client DUID Prefix Prefix Prefix Expiry Valid gt DHCPv6 Server Interface Length Type Time Lifetime Configuration FEGO 200 FF FE4D AADO 1 0 9 00 01 00 01 15 40 14 4f 00 00 00 4d aa d0 2001 1 IA_PD 4294908066 4294967295 DHCP v6 Bindings Information DHCP v6 Pool Configuration gt DHCPY6 Prefix Delegation
281. _bpdu Netgear Switch Netgear Switch config Netgear Switch Config mac access list extended acl_bpdu 2 Deny all the traffic that has destination MAC 01 80 c2 xx xx xx Netgear Switch Config mac access list deny any 01 80 c2 00 00 00 00 00 00 ff ff ff 3 Permit all the other traffic Netgear Switch Config mac access list permit any Netgear Switch Config mac access list exit 4 Apply the MAC ACL acl_bpdu to port 1 0 2 Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 mac access group acl_bpdu in Web Interface Set up a MAC ACL with Two Rules 1 Create MAC ACL 101 on the switch a Select Security gt ACL gt MAC ACL A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Management Security Access Port Authentication Traffic Control MAC ACL MAC ACL 2 MAC ACL MAC Rules MAC ACL MAC Binding Current Number of ACL Configuration Binding Table gt IP ACL Maximum ACL MAC ACL Table PEE acl boa O b In the Name field enter acl_bpdu c Click Add to create ACL acl_bpdu 2 Create a new rule associated with the ACL acl_bpdu a Select Security gt ACL gt MAC ACL gt MAC Rules Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches d A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Ma
282. able IPV6 unicast routing on the switch Netgear Switch Config ipv6 unicast routing 3 Enable IPV6 MLD on the switch Netgear Switch Config ipv6 mld router 4 Enable IPV6 PIM DM on the switch Netgear Switch Config ipv6 pim dense Chapter 30 MLD 507 508 Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch ProSafe M4100 and M7100 Managed Switches 5 Enable IP multicast forwarding on the switch Config ip routing Config ip multicast 6 Enable MLD on interface 1 0 24 Config interface 1 0 21 Interface Interface Interface Interface Interface Interface 1 0 21 routing 1 0 21 ipv6 address 2001 1 2 64 1 0 21 ipv6 1 0 21 ipv6 1 0 21 ipv6 1 0 21 exit enable pim dense ospf Config interface 1 0 24 Interface Interface Interface Interface Interface Interface 1 0 24 routing 1 0 24 ipv6 address 2001 3 1 64 1 0 24 ipv6 enable 1 0 24 ipv6 mld router 1 0 24 ipv6 pim dense 1 0 24 exit The MLD group information on switch B B Interface Group Address Last Reporter Up Time Expiry Time Filter Mode hh mm ss hh mm ss Versionl Host Timer
283. able OSPFvs on interfaces 1 0 21 and 1 0 24 a Select Routing gt OSPFv3 gt Advanced gt Interface Configuration Chapter 30 MLD ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Routing Table IP VLAN ARP RIP OSPF i Router Discovery VRRP Multicast Basic OSPFv3 Interface Configuration Advanced OSPFy3 OSPFv3 Interface Configuration Configuration 1 all Common Area r 7 j Configuration j Admin Router i Interface AEEY Stub Area TI Priority Configuration 2 NSSA rea w o a Configuration 0 0 Disable rea Range Configuration Disable Interface 0 0 Disable Configuration Help Index Retrans mit Interval b Under OSPFv3 Interface Configuration scroll down and select the Interface 1 0 21 and 1 0 24 check boxes c In the OSPFv3 Interface Configuration in the Admin Mode field select Enable d Click Apply to save the settings 8 Enable multicast globally a Select Routing gt Multicast gt Global Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Routing Table IP IPvG VLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP Mroute Table Global Configuration Global Configuration Global Configuration gt Interface Admin Mode Disable f Enable Configuration gt DYMRP gt
284. ace Configuration DYMRP IGMP PIM DM PIM SM MLD Static Routes Configuration Admin Boundary Configuration _ security _ Global Configuration Global Configuration Admin Mode Protocol State Table Maxinuum Entry Count Protocol Table Entry Count OSP Maintenance Help Monitoring Router Discovery VRRP Disable j Enable Non Operational 256 No Protocol Enabled 0 b For Admin Mode select the Enable radio button c Click Apply 7 Enable PIM SM globally a d Select Routing gt Multicast gt PIM gt Global Configuration A screen similar to the following displays System Switching Semut Routing Table IP Pv ILAJ ARP SPF security Monitoring Maintenance Help a ea Router Discovery VREP Pet Muylhicasi gt Mroute Table PIM Global Configuration gt Global Configuration gt Interface Configuration gt D YMRP gt IGMP PIM gt Global Configuration SSM Configuration PIM Global Configuration PIM Protocol Type C PIM DM PIM SM Admin Mode C Disable f Enable Data Threshold Rate Kbps o Register Threshold Rate Kbps 0 to 2000 0 to 2000 For PIM Protocol Type select the PIM SM radio button For Admin Mode select the Enable radio button Click Apply 8 Enable PIM SM on interfaces 1 0 10 and 1 0 11 a Select Routing gt Multicast gt PIM gt Interface Configuration Chapter 28 PIM 473 d ProSafe M4100 and M7100 Manag
285. ace 1 0 13 1 0 13 routing 1 0 13 ip address 1 0 13 ip rip Interface Interface Interface Interface Interface PIM SM on Switch B 1 bootstrap router BSR Switch configure Switch Switch Switch Switch Config interface 1 0 9 170 9 routing ProSafe M4100 and M7100 Managed Switches 1 0 9 ip address 192 168 3 1 1 0 9 ip pim sparse 170 9 1 0 9 1 0713 17 071 ip rip exit exit Config ip routing Config ip pim sparse Config ip multicast Config ip pim sparse rp candidate interface 1 0 11 225 1 1 1 Chapter 28 PIM ip pim sparse 192a 168a L2 293s 2 IIs 2I 2296209 25540 Enable the switch to advertise itself as a PIM candidate rendezvous point RP to the ProSafe M4100 and M7100 Managed Switches 2 Enable the switch to announce its candidacy as a bootstrap router BSR Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Config ip pim sparse bsr candidate interface 1 0 10 30 7 Config interface 1 0 10 1 0 10 routing 1 0 10 ip address 192 168 3 2 1 0 10 ip rip 1 0 10 ip pim sparse 1 0 10 exit Interface Interface Interface Interface Interface Config interface 1 0 11
286. afe M4100 and M7100 Managed Switches Enable iSCSI Awareness with DSCP The example is shown as CLI commands and as Web interface procedure CLI Enable iSCSI Awareness with DSCP Use the following commands to enable iSCSI awareness select DSCP and set DSCP queue number and aging time config Config iscsi enable iscsi cos dscp 46 iscsi aging time 10 exit Web Interface Enable iSCSI Awareness with DSCP 1 Enable iSCSI awareness select DSCP and set the DSCP queue number and aging time a Select Switching gt iSCSI gt Basic A screen similar to the following displays index QoS Help Switching Routing Security Monitoring Maintenance Auto VolP iscsi STP Multicast MVR Address Table Ports LAG ease iSCSI Global Configuration nee ie Sessions iSCSI Status Disable Enable gt Advanced QoS Profile F VLAN Priority Tag DSCP hd VLAN Priority Tag 5 pscp 46 e Remark Disable Enable iSCSI Aging Time 10 1 to 43200 minutes b Enter the following information e Inthe iSCSI Status select Enable e Inthe QoS Profile select DSCP e Inthe DSCP select 46 default value e Inthe remark select Enable default value e Inthe iSCSI Aging Time enter 10 default value 2 Click Apply to save the settings Chapter 33 iSCSI 553 ProSafe M4100 and M7100 Managed Switches Set the iSCSI Target Port When working with iSCSI that does not use the standard IANA a
287. afe M4100 and M7100 Managed Switches b c Select Port 1 and Port 2 as tagged A screen similar to the following displays Security Basic VLAN Membership Mabe nnd wil VLAN Configuratbon VLAN Mombership Monhoreng Maintenance In the VLAN Membership table in the VLAN ID list select 10 Hap LOR Ace PAT sal Em Configur sten r HAC Boned VLAR i PP Subst Bared WLAN Port OVLAN Confiquestean Protoce Based 49 50 51 52 d Click Apply 3 Configure Voice VLAN globally LACED FCAT MBS Fort i 2 3 4 F F amp 9 j0 ii 12 13 14 05 i iF 10 19 70 Zi 22 23 24 UT Dee jn way ja pae mia oa SBD Mees sles Ces oer eg a pori 75 26 27 28 29 30 31 32 33 34 35 36 J7 38 39 40 4i 42 43 44 45 46 47 48 a Select Switching gt VLAN gt Advanced gt Voice VLAN Configuration A screen similar to the following displays Security Basic Voice VLAN Confiquration Valce WLAN Global Admin Padria Hiedi r VLAH Configuration VLAN Mambarihip VLAM iaiu Port PED Configuration HAC Bered VLAN P Subrnt parad WLAN gt Port DALAH Configuration Preicce Bosad VLAH Grman Conhgur aten Protoce Based VLAN Group Memberihip Vales AAN Voice VLAN Configuration 1 all Interface Interface Mode Valus o g a g 0 g o g Maniiorimng Mointanance hla CoS Owerride lode Ly Dirable Disable Disable Disable Disable Disable Disable Citable
288. aged Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP gt Basic IP Interface Configuration Advanced IP Configuration Configuration All Go To Interface GO LAN Routin Administrative Interface Description IP Address Subnet Mask 9 ID Mode Mode Statistics 1 IP Interface Configuration Secondary IP io 1 0 21 0 0 0 0 0 0 0 0 Disable Enable B lv f 1 0 2 192 150 2 1 255 255 255 0 Enable Enable 1 0 4 0 0 0 0 0 0 0 0 Disable Enable Scroll down and select the interface 1 0 3 check box Now 1 0 3 appears in the Interface field at the top Enter the following information e Inthe IP Address field enter 192 150 3 1 e Inthe Network Mask field enter 255 255 255 0 e Inthe Administrative Mode field select Enable Click Apply to save the settings 4 Specify the router ID and enable OSPF for the switch a Select Routing gt OSPF gt Advanced gt OSPF Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP Router Discovery VRRP Basic OSPF Configuration Advanced OSPF Default Route Advertise Configuration Configuration Default Information Originate Common 4rea Always False X Configuration Stub Area son
289. an be used for any other applications that require a public IP address for example a RADIUS server Web Interface Set the Named SNTP Server 1 Configure the SNTP server a Select System gt Management gt Time gt SNTP Server Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index i Device View Services Stacking SNMP gt System SNTP Server Configuration Information Switch Statistics SNTP Server Configuration gt System Resource Server Dae a 7 IP Configuration aA Bahk riority gt Slot Information fous r Time SNTP Global cil DNS time d netgear com 123 Configuration Bo 208 14 208 19 123 SNTP Server Configuration gt DNS SNTP Server Status DNS Configuration Host Configuration Update Attempt Attempt Requests b Enter the following information e Inthe Server Type list select DNS e Inthe Address field enter time f netgear com e Inthe Port field enter 123 e Inthe Priority field enter 1 e Inthe Version field enter 4 c Click Add 2 Configure the DNS server Chapter 16 SNTP ProSafe M4100 and M7100 Managed Switches a Select System gt Management gt DNS gt DNS Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Device View Services Stacking SNMP gt System DNS Configuration Information
290. anced gt Interface Configuration Chapter 7 OSPF 97 A screens System Switching Routing IP Routing Table gt Basic Advanced OSPF Configuration Common Area Configuration Stub Area Configuration NSSA Area Configuration Area Range Configuration Interface Configuration Neighbor Table Link State Now 1 0 4 C Stub Areas ProSafe M4100 and M7100 Managed Switches imilar to the following displays QoS Security Monitoring Maintenance Help Index VLAN ARP RIP VRRP Router Discovery Interface Configuration Interface Configuration Go To Inte Dead Hello Interval 1 OSPF Router Retransmit Admin Priority 0 to Interval 0 255 to 3600 E Mode Interval 1 to 65535 z 2147483647 n ioa mo Disable 1 0 2 r 0 0 0 0 0 0 0 2 Enable 17073 0 0 0 3 Enable 170 5 Disable Under Interface Configuration scroll down and select the interface 1 0 4 check box appears in the Interface field at the top In the OSPF Area ID field enter 0 0 0 2 In the OSPF Admin Mode field select the Enable In the Priority field enter 255 In the Metric Cost field enter 64 Click Apply to save the settings The example is shown as CLI commands and as a Web interface procedure Port 2 0 11 Layer 3 switch Layer 3 switch w OC C CO a Fa ee ee ee ee Port 2 0 191 Port 1 0 151 i a fotevewe Ifa pa ee i
291. and PC 2 are isolated by an ACL but can both access the server The example is shown as CLI commands and as a Web interface procedure Port 11 0 38 Server 10 100 5 34 Sa Sau fa fa aM ota E J a Je Je Je Je i Port 1 0 24 Port 1 0 48 192 148 24 1 192 148 48 1 192 148 24 2 192 148 48 2 Figure 18 Using ACLs to isolate VLANs on a Layer 3 switch 158 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches CLI Configure One Way Access Using a TCP Flag in ACL Commands 1 Enter the following CLI commands Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch vlan database Vlan vlan 24 Vlan vlan routing 24 Vlan exit config Config interface 1 0 24 Interface 1 0 24 vlan participation include 24 Interface 1 0 24 vlan pvid 24 Interface 1 0 24 exit Config interface vlan 24 Interface vlan 24 routing Interface vlan 24 ip address 192 168 24 1 255 255 255 0 Interface vlan 24 exit Config exit 2 Create VLAN 48 add port 1 0 48 to it and assign IP address 192 168 48 1 to it vlan database Vlan vlan 48 Vlan vlan routing 48 Vlan exit config Config interface 1 0 48 Interface 1 0 48 vlan participation include 48 Interface 1 0 48 vlan pvid 48 Interface 1 0 48
292. and enter 58 A screen similar to the following displays System Switching Routing o Security Monitoring Maintenance Halp Index gt Diffserv Wizard Class Configuration gt Auto VolP Class Information Diass Hanri Clasa Typa Configuration Class l Configuration DiffServ Class Configuration D Matth Evar Any I Boference Class Gamnnirs Policy Protocol Type gihar G to 333 Configuration b Serice Intertace D Source Prefix iLeng is Configuaratian i Source L4 Port damain to 69595 Germa Diyir C Deartinatien Prefi Length l Darian Lod Port oman G te 5235 C Flow Label 0 to 1640575 TP DACP afii 7 i Ota 63 d Click Apply 232 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Fouling Go Secu ity Monitoring Moinhononce IPvG Class Canfiquration Pw Class Information Class Hame Claas Type origi abe Clete Pwo DiffServ Class Configuration Configurateon teva Clase Hatch Every r Trijara Referance Class gt Policy Protocol Type Configuration b Derste Interface Tonfigeralsn C Source L4 Port feource Pralik Lemgih p Eere States echnathon Marha Lareg ih thos Gnation L4 Port Flow Label IFDEF 3 Create the policy policyicmpv6 and associate the previously created class classicmpv6 a Select QoS gt DiffServ gt Advanced gt Policy Configuration
293. andidate RP Advertisement hhimmiss Configuration 2 Interface Configuration gt PIM Neighbor Candidate RP Configuration BSA Candidate Configuration 3 Static AP Configuration In the Interface list select 1 0 22 In the Hash Mask Length field enter 30 In the Priority field enter 3 Click Apply 13 Enable IGMP globally a b Cc gt Mroute Table gt Global Configuration gt Interface Configuration gt DYMRP IGMP Global Select Routing gt Multicast gt IGMP gt Global Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance 1 Help Index IP IPv VLAN ARP RIP OSPF OSPF3 Router Discovery VRRP IGMP Global Configuration IGMP Global Configuration Admin Mode O Disable f Enable For Admin Mode select the Enable radio button Click Apply 14 Enable IGMP on interface 1 0 24 a Select Routing gt Multicast gt IGMP gt Interface Configuration Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security j Monitoring Maintenance Help index Routing Tabla IP IPvS VLAN ARP i OSPF OSPFy3 ee VRRP gt Mroute Table IGMP Routing Interface Configuration gt Global Configuration IGMP Routing Interface Configuration gt Interface Configuration Query Last Startup Startup
294. ar Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch 2 Set the router ID to 2 2 2 2 ProSafe M4100 and M7100 Managed Switches Config router router id 2 2 2 2 3 Configure the area 0 0 0 1 as an nssa area Config router area 0 0 0 1 nssa 4 Redistribute the RIP routes into the OSPF Config router redistribute rip Config router redistribute rip subnets 5 Enable OSPF area 0 0 0 1 on port 1 0 15 Config router exit Config interface 1 0 11 Interface 1 0 11 routing Interface 1 0 11 ip address 192 168 30 1 255 255 255 0 Interface 1 0 11 ip rip Interface 1 0 11 exit Config interface 1 0 15 Interface 1 0 15 routing Interface 1 0 15 ip address 192 168 20 2 Interface 1 0 15 ip ospf Interface 1 0 15 ip ospf areaid 0 0 0 1 Interface 1 0 15 exit Config exit show ip route Total Number of Routes Network Address Subnet OSPF Inter Local Local RIP RIP RIP Chapter 7 OSPF 1 0 15 1 0 15 1 0 11 1 0 11 17 0 11 1 0 11 299 e200 20020 Next Hop IP Address ProSafe M4100 and M7100 Managed Switches Web Interface Configure Area 1 as an nssa Area on A2 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing QoS Security Mo
295. ar Netgear Netgear Switch Switch Switch Switch Config router ospf Config router router id 192 150 9 9 Config router enable Config router exit Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches 3 Enable OSPF for the VLAN and physical router ports Netgear Switch Netgear Switch Netgear Switch Netgear Switch Config interface vlan 10 Interface vlan 10 ip ospf areaid 0 0 0 2 Switch Interface vlan 10 ip ospf Switch Config interface vlan 20 Switch Interface vlan 20 ip ospf areaid 0 0 0 3 Interface vlan 20 ip ospf kA t Switch Interface vlan 10 exit Interface vlan 20 exit Switch Config interface vlan 10 Switch Interface vlan 10 ip ospf priority 128 Switch Interface vlan 10 ip ospf cost 32 Switch interface vlan 10 exit Switch Switch Interface vlan 20 ip ospf priority 255 Switch Interface vlan 20 ip ospf cost 64 Switch Config interface vlan 20 Interface vlan 20 exit Switch Config exit Web Interface Configure VLAN Routing OSPF 1 Configure a VLAN and include ports 1 0 2 in the VLAN a Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Routing Table IP ARP RIP OSPF Router Discovery VRRP v VLAN Routing VLAN Routing Wizard Wizard gt
296. ar Switch Interface tunnel ipv6 enable Netgear Switch Interface tunnel tunnel mode ipv6oip 6to4 Netgear Switch Netgear Switch Interface tunnel Interface tunnel tunnel source 192 168 1 1 ipv6 address 2002 c0a8 0101 1 128 Netgear Switch Interface tunnel exit r P E k Netgear Switch Config ipv6 route 2002 16 interface tunnel 0 Chapter 26 Tunnel 415 416 ProSafe M4100 and M7100 Managed Switches Configure Switch GSM7328S 2 Netgear Switch show interfacet tunnel 0 Interface Link Status IPv6 is enabled IPv6 Prefix is MTU size sCOASS 101 128 2000 1 64 1280 bytes show interface tunnel TunnelltId Netgear Send count 3 Average round trip time Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Switch Netgear Netgear Netgear TunnellId O tunnel Interface tunnel 0 Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Interface TunnelMode SourceAddress DestinationAddress 6 in 4 Configured 192 168 1 1 192 OC ka 2 ping ipv6 2000 2 Receive count 3 from 2000 1 00 ms config Config ip routing Config ipv6 forwarding Config ipv6 unicast routing Config interface 1 0 13 Interface 1 0 13 rout
297. ar to the following displays Maintenance System Switching Routing Routing Table gt Basic Advanced 2 Global Configuration gt Interface Configuration gt Prefix Configuration Security Monitoring VLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP Multicast IPv6 Prefix Configuration IP v6 Interface Selection Interface IPv6 Interface Configuration Help Index a Ipv Prefix Length EWUI64 Yalid Life Time 2 Statistics In the Interface list select 0 7 1 In the IPv6 Prefix field enter 2000 2 In the Length field enter 64 In the EUI64 field select Disable Click Add 920 5 Chapter 26 Tunnel Preferred Life Time 421 IPv6 Interface Configuration This chapter provides the following examples e Create an IPv6 Routing Interface e Create an IPv6 Network Interface on page 425 e Create an IPv6 Routing VLAN on page 427 e Configure DHCPv6 Mode on the Routing Interface on page 432 Create an IPv6 Routing Interface The example is shown as CLI commands and as a Web interface procedure CLI Create an IPv6 Routing Interface 1 Enable IPV6 forwarding and unicast routing on the switch Netgear Switch Config ipv6 forwarding Netgear Switch Config ipv6 unicast routing Chapter 27 IPv6 Interface Configuration 422 ProSafe M4100 and M7100 Managed Switches 2 Assign an IPv6 address to interface 1 0 1
298. arding Hop Linit ICMP v6 Rate Limit Eror Interval ICMPy6 Rate Limit Burst Size security OSPFva Monitoring Maintenance Help VRRP Multicast Peed MAulisecst Router Discovery C Disable I Enable C Disable Enable 0 to 255 0 to 2147483647 msecs 100 1 to 200 b For IPv6 Unicast Routing select the Enable radio button c Click Apply to apply the setting 2 Enable DHCPv6 on the interface 1 0 23 a Select Routing gt IPv6 gt Advanced gt Interface Configuration Chapter 27 IPv6 Interface Configuration 433 434 3 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Routing Table IP VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast IPv Multicast eie IPv6 Interface Configuration v Advanced gt Global Configuration 1 all Go To Interface IPv6 Interface Configuration Duplicate DHCP v6 Stateless Address Routing Admin Operational Address Client Mode AutoConfig Mode Mode Mode Mode Detection Configuration Transmits gt Statistics 70 23 F Enoe EAT gt Neighbour Table z 7 gt R j Disable Disable Disable Disable Enable Disable gt Static Route Configuration Disable Disable Disable Disable Enable Disable gt Route Table Disable Disable Disable Disable Enable Disable Route Preference Disable Disable Disable Disable Enable Disabl
299. articipate in the protocol Netgear Switch Netgear Switch 5 Specify the IP address that the virtual router function will recognize Since the virtual IP Config interface 1 0 4 Interface 1 0 4 ip vrrp 20 address on port 1 0 4 is the same as Router 1 s port 1 0 2 actual IP address this router will always be the VRRP backup when Router 1 is active Netgear Switch 6 Set the priority Netgear Switch 7 Enable VRRP Netgear Switch Netgear Switch Netgear Switch Interface 1 0 4 ip vrrp 20 ip 192 150 2 1 for the port The default priority is 100 Interface 1 0 4 ip vrrp 20 priority 254 on the port Interface 1 0 4 ip vrrp 20 mode Interface 1 0 4 exit Config exit Web Interface Configure VRRP on a Backup Router 1 Enable IP routing on the switch a Select Routing gt IP gt IP Configuration A screen similar to the following displays System Switching Routing Security Monitoring Routing Table ARP RIP OSPF Router Discovery VRRP Basic IP Configuration IP Configuration Statistics gt Advanced IP Configuration Default Time to Live 30 Disable Enable Disable Enable Maximum Next Hops 2 Routing Mode IP Forwarding Mode b For Routing Mode select the Enable radio button c Click Apply to save the settings 2 Assign IP address 192 150 4 1 to port 1 0 4 Maintenance Index Help a Select Routing gt IP
300. articular interface The switch software does not support DiffServ in the outbound direction Rules are defined in terms of classes policies and services Chapter 12 DiffServ 200 ProSafe M4100 and M7100 Managed Switches e Class A class consists of a set of rules that identify which packets belong to the class Inbound traffic is separated into traffic classes based on Layer 3 and Layer 4 header data and the VLAN ID and marked with a corresponding DSCP value One type of class is supported All which specifies that every match criterion defined for the class must be true for a match to occur e Policy Defines the QoS attributes for one or more traffic classes An example of an attribute is the ability to mark a packet at ingress The 7000 Series Managed Switch supports a traffic conditions policy This type of policy is associated with an inbound traffic class and specifies the actions to be performed on packets meeting the class rules Marking the packet with a given DSCP code point IP precedence or CoS Policing packets by dropping or re marking those that exceed the class s assigned data rate Counting the traffic within the class e Service Assigns a policy to an interface for inbound traffic DiffServ This example shows how a network administrator can provide equal access to the Internet or other external network to different departments within a company Each of four departments has its own Class B subnet that i
301. as developed to provide a backup mechanism Layer 3 switch _ Layer 3 switch i acting as router 1 t acting as router 2 Port 1 0 2 Port 1 0 4 VLAN 192 150 2 1 192 150 4 1 Virtual router ID 20 Virtual router ID 20 Virtual addr 192 150 2 1 Virtual addr 192 150 2 1 Hosts Figure 15 VRRP VRRP eliminates the single point of failure associated with static default routes by enabling a backup router to take over from a master router without affecting the end stations using the route The end stations use a virtual IP address that is recognized by the backup router if the master router fails Participating routers use an election protocol to determine which router is the master router at any given time A given port could appear as more than one virtual router to the network Also more than one port on a M4100 and M7100 Managed Switch can be configured as a virtual router Either a physical port or a routed VLAN can participate Chapter9 VRRP 129 ProSafe M4100 and M7100 Managed Switches VRRP on a Master Router This example shows how to configure the M4100 and M7100 Managed Switch to support VRRP Router 1 is the default master router for the virtual route and Router 2 is the backup router CLI Configure VRRP on a Master Router 1 Enable routing for the switch IP forwarding will then be enabled by default Netgear Switch config Netgear Switch Config ip routing 2 Configure the IP addresses and subnet ma
302. assifier named class_ef and define a single match criterion to detect a DiffServ code point DSCP of EF expedited forwarding This handles incoming traffic that was previously marked as expedited somewhere in the network Netgear Switch Config class map match all class_ef Netgear Switch Config class map match ip dscp ef Netgear Switch Config class map exit 4 Create a DiffServ policy for inbound traffic named pol_voip then add the previously created classes class_ef and class_voip as instances within this policy This policy handles incoming packets already marked with a DSCP value of EF according to the class_ef definition or marks UDP packets according to the class_voip definition with a DSCP value of EF In each case the matching packets are assigned internally to use queue 5 of the egress port to which they are forwarded Switch Config policy map pol_voip in Switch policy map class class_ef Switch policy class map assign queue 5 Switch policy class map exit Switch policy class map mark ip dscp ef Switch policy class map assign queue 5 Switch Switch ig policy map class class_voip policy class map exit Switch policy map exit 5 Attach the defined policy to an inbound service interface Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 service policy in pol_voip Interface 1 0 2 exit Netgear Switch
303. assigned the ID 3 1 and VLAN 20 is assigned the ID 3 2 2 Enable routing for the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit 3 The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports Netgear Config interface vlan 10 Netgear Interface vlan 10 ip address 192 150 3 1 255 255 255 0 Interface vlan 10 exit Interface vlan 20 ip address 192 150 4 1 255 255 255 0 Interface vlan 20 exit Config interface vlan 20 Config exit Web Interface Set Up VLAN Routing for the VLANs and the Switch 1 Select Routing gt VLAN gt VLAN Routing Chapter 5 VLAN Routing 73 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP ARP RIP OSPF Router Discovery VRRP LAN Routing VLAN Routing Configuration Wizard LAN Routing VLAN Routing LAN ID 1 MAC IP Address Subnet Mask to Address 4093 Ot 2 Enter the following information e Inthe VLAN ID 1 to 4093 list select 10 e Inthe IP Address field enter 192 150 3 1 e Inthe Subnet Mask field enter 255 255 255 0 3 Click Add to save the settings Select Routing gt VLAN gt VLAN Routing A screen similar to the following displays System Switching Routing QoS Securit
304. associated to VLAN 202 to the Learned Routes table 6 Configure port 23 and port 24 as protected ports a Select Security gt Traffic Control gt Protected Port A screen similar to the following displays System Switching Routing security Monitoring Maintenance Help Manogement Security Aeon Port Authentication gt MAC Filter _ Protected Ports Membership gt Storm Control gt Port Security Protected Port Membership Port 1 23 4 5 7 amp 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 y E E E l v 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 EIEEE E E S S e 49 50 S1 32 b Under Protected Ports Configuration click Unit 1 The ports display e Click the gray box under port 23 A check mark displays in the box e Click the gray box under port 24 A check mark displays in the box c Click Apply to activate ports 23 and 24 as protected ports Chapter 15 Security Management 279 ProSafe M4100 and M7100 Managed Switches 802 1x Port Security 280 This section describes how to configure the 802 1x port security feature on a switch port IEEE 802 1x authentication prevents unauthorized clients from connecting to a VLAN unless these clients are authorized by the server 802 1x port security prevent unauthorized clients from connecting to a VLAN It can be configured on a per port basis server Layer 2 im switch EEEN ANY SSIES WANN Figure 29 Using
305. ast Poll Retry 1 0 to 10 Configuration Time Zone Name gt DNS Offset Hours DNS Configuration Offeet Minutes Host Configuration b Enter the following information e For Client Mode Select the Unicast radio button e Inthe Time Zone Name field enter PST e Inthe Offset Hours field enter 8 c Click Apply Set the Time Zone CLI Only The SNTP NTP server is set to Coordinated Universal Time UTC by default The following example shows how to set the time zone to Pacific Standard Time PST which is 8 hours behind GMT UTC Netgear switch config clock timezone PST 8 Set the Named SNTP Server The example is shown as CLI commands and as a Web interface procedure Chapter16 SNTP 321 ProSafe M4100 and M7100 Managed Switches CLI Set the Named SNTP Server NETGEAR provides SNTP servers accessible by NETGEAR devices Because NETGEAR might change IP addresses assigned to its time servers it is best to access an SNTP server by DNS name instead of using a hard coded IP address The public time servers available are time a time b and time c Enable a DNS name server and access a time server with the following commands Netgear switch config ip domain lookup Netgear switch config ip name server 192 168 1 1 322 Netgear switch config sntp server time a netgear com where 192 168 1 1 is the public network gateway IP address for your device This method of setting DNS name look up c
306. ate VLAN Types Primary Isolated Community The example is shown as CLI commands and as a Web interface procedure CLI Assign Private VLAN Type Primary Isolated Community Use the following commands to assign VLAN 100 to primary VLAN VLAN 101 to isolated VLAN and VLAN 102 to community VLAN Netgear config Netgear vlan 100 Vlan private vlan primary Vlan exit Vlan private vlan isolated Vlan exit Vlan private vlan community Vlan end Web Interface Assign Private VLAN Type Primary Isolated Community 1 Create VLAN 10 a Select Security gt Traffic Control gt Private VLAN gt Private VLAN Type Configuration A screen similar to the following displays System Swale hing Routing Security Maintenance Help Indax MAonogement Security Acoma Port Autorticoton gt HAC Filter Private VLAN Type Configuration gt Port Security gt Private Group Private VLAN Type Configuration gt Protected Port VLA Do Private VLAN Type Primary lt l Configuration Private Vian Port Mode Configuration b Under Private VLAN Type Configuration select the VLAN ID 100 check box Now 100 appears in the interface field at the top c In the Private VLAN Type field select Primary from the pull down menu d Click Apply to save the settings 46 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches 2 Assign VLAN 101 as an isolated VLAN a Select Security gt Traffic Con
307. atibility router exit 4 Enable OSPF for the ports and set the OSPF priority and cost for the ports Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch config Config interface 1 0 2 Interface 1 0 2 ip ospf Interface 1 0 2 ip ospf areaid 0 Interface 1 0 2 ip ospf cost 32 Interface 1 0 72 Interface 1 0 2 ip ospf priority exit Config interface 1 0 3 Interface 1 0 3 ip ospf Interface 1 0 3 ip ospf areaid 0 Interface 1 0 3 ip ospf cost 64 Interface 1 0 3 ip ospf priority Interface 1 0 3 exit Config interface 1 0 4 Interface Interface Interface Interface Interface 1 0 4 ip 1 0 4 ip 1 0 4 ip 1 0 4 ip 1 0 4 Config exit ospf ospf ospf ospf exit areaid 0 priority cost 64 Web Interface Configure OSPF on a Border Router 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration Chapter 7 OSPF 93 94 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitorin
308. atible Netgear Switch show mvr interface Status Immediate Leave RECEIVER ACTIVE InVLAN DISABLED RECEIVER ACTIVE InVLAN DISABLED RECEIVER ACTIVE InVLAN DISABLED SOURCE ACTIVE InVLAN DISABLED 7 After port 0 1 receive IGMP report for Multicast Group 224 1 2 3 it will be added to the MVR Group 224 1 2 3 Netgear Switch show mvr members MVR Group IP Status Members 224 1 2 3 ACTIVE Web Interface Configure MVR in Dynamic Mode 1 Create MVLAN 999 VLAN1 1001 VLAN2 1002 and VLAN3 1003 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index l S LAG TP Multicast MYR Address Table Ports Basic VLAN Configuration gt VLAN Configuration Reset gt Advanced Reset Configuration VLAN Configuration Ei YLAN ID LAN Name LAN Type Make Static Cii A E ii x default Default Disable In the VLAN ID field enter 999 and in the VLAN Name field enter mVlan Click Add Repeat step b and c to create VLAN1 1001 VLAN2 1002 and VLANS 1003 Add port 9 into MVLAN 999 with tagged mode e205 Chapter 14 MVR Multicast VLAN Registration 265 ProSafe M4100 and M7100 Managed Switches Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLA STP M
309. ation Interface 4 0 10 Hash Mask Length 30 0 32 BSR Expiry Time hhommiss Priority E IP Address Next bootstrap Message hhimmiss Ote 255 Configuration 3 SSM Configuration Interface Configuration PIM Neighbor Candidate RP Configuration gt BSR Candidate Configuration Static RP Configuration ext Candidate RP Advertisement hhimmiss In the Interface list select the 1 0 10 In the Hash Mask Length field enter 30 In the Priority field enter 7 Click Apply e205 PIM SM on Switch C 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing QoS security Monitoring Routing Table i Pv WLAN ARP RIP OSPF OSPI Router Discovery Basic IP Configuration gt IP Configuration Statistics gt Advanced IP Configuration Default Time to Live 64 Routing Mode ICMP Echo Replies Disable Enable Disable Enable 1000 100 ICMP Redirects ICMP Rate Limit Interval ICMP Rate Lint Burst Sime b For Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 21 as a routing port and assign an IP address to it Maintenance VRRP Help Index Multicast O to 2147483647 me G to 200 a Select Routing gt IP gt Advanced gt IP Interface Configuration Chapter 28 PIM 475 476 d ProSafe M4100 and M7100 Ma
310. ation 2 0 2 Disable Stub Area 2 0 3 Disable Configuration NSSA Area 2 0 21 Disable 1 10 1 10 2 0 4 Disable 1 Configuration GLE Disable 1 rea Range 2 0 6 Disable 1 Configuration 2 Of7 Disable 1 1 I 1 Interface 2 0 8 Disable Configuration Neighbor Table Link State Database 270 9 Disable 5 5 5 5 5 5 5 5 5 5 2 0 10 Disable b Scroll down and select the interface 2 0 11 check box Now 2 0 11 appears in the Interface field at the top e Inthe OSPF Area ID field enter 0 0 0 0 e Inthe OSPF Admin Mode field select Enable c Click Apply to save the settings 6 Enable OSPF on port 2 0 19 a Select Routing gt OSPF gt Advanced gt Interface Configuration 110 Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP i Router Discovery VRRP Interface Configuration Interface Configuration Configuration Go To Interface A Common rea A Dead Ift it Configuration OSPF Router Retransmit Hello re Seance s Se ii 1 Delay Stub Area Interface OSPF Area ID Admin Priority 0 to Interval 0 Interval 1 inteceal Gt i i Mod to 3600 to 65535 Configuration os z z ATERAT to 3600 NSSA Area Configuration a oso ER S e e A CS Ce Area Range D 20 1 0 0 0 0 Disable Configuration 0 0 0 0 Disable Interfac
311. ation script to the switch delete Deletes a configuration script file from the switch list Lists all configuration script files present on the switch show Displays the contents of configuration script validate Validate the commands of configuration script script list and script delete Netgear Switch script list Configuration Script Name Size Bytes basic scr running config scr 2 configuration script s found 1020706 bytes free Netgear Switch script delete basic scr Are you sure you want to delete the configuration script s y n y 1 configuration script s deleted Chapter 17 Tools 327 ProSafe M4100 and M7100 Managed Switches script apply running config scr Netgear Switch script apply running config scr Are you sure you want to apply the configuration script y n y The system has unsaved changes Would you like to save them now y n y Configuration Saved Create a Configuration Script Netgear Switch show running config running config scr Config script created successfully Netgear Switch Sscript list Configuration Script Name Size Bytes running config scr 1 configuration script s 1020799 bytes free Netgear Switch copy nvram script running config scr CEtps 7192 168 77 527 running config scxr TE TP Set TFTP Server IP 192 168 77 52 TFTP Path af TFTP Filename running config scr Data Type Config Script Source Filename running config
312. ave the settings e P pP Configure Traffic Shaping Traffic shaping controls the amount and volume of traffic transmitted through a network This has the effect of smoothing temporary traffic bursts over time Use the traffic shape Chapter 11 CoS Queuing 197 198 ProSafe M4100 and M7100 Managed Switches command to enable traffic shaping by specifying the maximum transmission bandwidth limit for all interfaces Global Config or for a single interface Interface Config The lt bw gt value is a percentage that ranges from 0 to 100 in increments of 5 The default bandwidth value is 0 meaning no upper limit is enforced which allows the interface to transmit up to its maximum line rate The bw value is independent of any per queue maximum bandwidth values in effect for the interface and should be considered as a second level transmission rate control mechanism that regulates the output of the entire interface regardless of which queues originate the outbound traffic CLI Configure traffic shape Netgear Switch Config traffic shape lt bw gt Enter the shaping bandwidth percentage from 0 to 100 in increments of 5 Netgear Switch Config traffic shape 70 lt cr gt Press Enter to execute the command Netgear Switch Config traffic shape 70 Netgear Switch Config Web Interface Configure Traffic Shaping 1 Set the shaping bandwidth percentage to 70 percent a Select QoS gt CoS gt Advanced gt
313. ave the settings Create Three VLANs 20 The example is shown as CLI commands and as a Web interface procedure CLI Create Three VLANS Use the following commands to create three VLANs and to assign the VLAN IDs while leaving the names blank vlan database Vlan vlan 100 Vlan vlan 101 Vlan vlan 102 Vlan exit Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Web Interface Create Three VLANS 1 Create VLAN100 a Select Switching gt VLAN gt Basic gt VLAN Configuration Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Switching Routing Gos security Monitoring Maintenance Help Index VLAN Aute VolIP iSCSI STP Multicast MVR Address Table Forts LAG x Basic VLAN Configuration VLAN P Reset T Advanced i Reset Configuration ia Internal VLAN Configuration F Internal VLAN Allocation Base 4093 i Internal VLAN Allocation Policy Ascending Descending __ VLAN Configuration _ i default Default Disable 2 Auto VolP AUTO VoIP Disable b Enter the following information e Inthe VLAN ID field enter 100 e Inthe VLAN Name field enter VLAN100 c Click Add 2 Create VLAN101 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Routing Qa05 Security Monitoring Maintenance Auto eW olP ISEH ST
314. ay Disable Disable Disable Disable Interface Disable Disable Statistics gt UDP Relay DHCPv6 Server Enable Disable gt DHCP v6 Relay Enable Disable b Under DHCP L2 Relay Configuration scroll down and select the Interface 1 0 6 check box c In the 82 Option Trust Mode field select Enable d Click Apply to save the settings Chapter 29 DHCP L2 Relay and L3 Relay 493 ProSafe M4100 and M7100 Managed Switches DHCP L3 Relay This case has two steps DHCP server configuration and DHCP L3 relay configuration This example shows how to configure a DHCP L3 relay on a NETGEAR switch and how to configure DHCP pool to assign IP addresses to DHCP clients using DHCP L3 relay DHCP server DHCP L3 relay ni 4 0 4 _ Will 1 0 16 1 0 15 PC Figure 48 DHCP L3 relay Configure the DHCP Server Switch CLI Configure a DHCP Server 1 Enable routing on the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config 494 Chapter 29 DHCP L2 Relay and L3 Relay ProSafe M4100 and M7100 Managed Switches 2 Create a routing interface and enable RIP on it so that the DHCP server learns the route 10 200 1 0 24 from the DHCP L3 relay Switch Config interface 1 0 3 1 0 3 routing Switch 1 0 3 tip address 10 100 11 255 255 25540 Interface Switch Interface Switch 1 0 3 ip rip 1 0 3 exit Interface Switch
315. ay in the boxes e Click Apply to save the settings Enable Both LAGs The example is shown as CLI commands and as a Web interface procedure CLI Enable Both LAGs By default the system enables link trap notification Console config Console Config port channel adminmode all Console Config exit At this point the LAGs could be added to VLANs Web Interface Enable Both LAGs a Select Switching gt LAG gt LAG Configuration A screen similar to the following displays r a a T a S EEE iii aA System Switching Routing Security Monitoring Maintenance Help Index Multicast Address Table Ports LAG LAG Configuration Configuration gt LAG Membership LAG Configuration a Link Trap Admin Mode STP Mode Static Mode Hashing b Select the top check box and the check boxes for lag_10 and lag_20 are selected In the Admin Mode field select Enable d Click Apply to save the settings Chapter3 LAGs 59 Port Routing This chapter provides the following sections e Port Routing Configuration on page 61 e Enable Routing for the Switch on page 62 e Enable Routing for Ports on the Switch on page 62 e Add a Default Route on page 65 e Add a Static Route on page 66 The first networks were small enough for the end stations to communicate directly As networks grew Layer 2 bridging was used to segregate traffic a technology that worked well for unicast traffic but had problems coping
316. ble IGMP Snooping Configuration Admin Mode Disable Enable Multicast Router Multicast Control Frame Count 11 Configuration Interfaces Enabled for IGMP Snooping 0 1 Multicast Router VLAN Data Frames Forwarded by the CPU 0 Configuration Querier Configuration Querier VLAN VLAN IDs Enabled for IGMP Snooping Configuration MLD Snooping Show mac address table igmpsnooping The example is shown as CLI commands and as a Web interface procedure Chapter 13 IGMP Snooping and Querier 247 ProSafe M4100 and M7100 Managed Switches CLI Show mac address table igmpsnooping Netgear Switch show mac address table igmpsnooping Press Enter to execute the command Switch show mac address table igmpsnooping Interfaces Dynamic Network Assist 1 0 47 Dynamic Network Assist gt 1 0 47 Dynamic Network Assist gt 1 0 47 Dynamic Network Assist 1 0 47 Dynamic Network Assist 1 0 47 Web Interface Show mac address table igmpsnooping Select Switching gt Multicast gt IGMP Snooping Table A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index Multico Address Table Ports LAG MFDB Table MFDB Table Statistics Search By MAC Address gt IGMP Snooping AC Add A D oti Forwarding gt MLD Snooping ress omponen escription Pat ae tea 01 00 5 01 02 03 999 IGMP DYNAMIC Network Assist 0 1 External Multicast Router
317. bled Disabled Disabled 80 01 1 0 7 128 Enable 32775 0 day 0 hr 3 min 14 sec Enabled Forvarding Designated 10 01 1 0 8 o Enable 32776 0 day 0 hr 3 min i5 sec Enabled Disabled Disabled 80 01 1 0 9 Enable 32777 0day 0hr3 min 15sec Enabled l 4 Under MST Port Configuration scroll down and select the Interface 1 0 3 check box Now 1 0 3 appears in the Interface field at the top 5 Enter the following information e Inthe Port Priority field enter 128 e Inthe Port Path Cost field enter 0 6 Click Apply Chapter 25 Spanning Tree Protocol 413 Tunnel There are two methods for Pv6 sites to communicate with each other over the IPv4 network 6in4 tunnel and 6to4 tunnel The 6in4 tunnel encapsulates IPv6 traffic over an explicitly configured IPv4 destination or end port of the tunnel with the IP protocol number set to 41 The 6to4 tunnel IPv6 prefix is constructed by prepending 2002 hex to the global IPv4 address For example if the IPv4 address is 4 4 4 1 the tunnel IPv6 prefix would be 2002 404 401 16 The 6to4 tunnels are automatically formed IPv4 tunnels carrying IPv6 traffic The automatic tunnel s IPv4 destination address is derived from the 6to4 IPv6 address of the tunnel s nexthop It supports the functionality of a 6to4 border router that connects a 6to4 site to a 6to4 domain It sends receives tunneled traffic from routers in a 6to4 domain that includes other 6to4 border routers and 6to4 relay routers The example
318. c MAC addresses are not eligible for aging e Static locking You can manually specify a list of static MAC addresses for a port Dynamically locked addresses can be converted to statically locked addresses Set the Dynamic and Static Limit on Port 1 0 1 The example is shown as CLI commands and as a Web interface procedure CLI Set the Dynamic and Static Limit on Port 1 0 1 Netgear Switch Config port security Enable port security globally Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 port security Enable port security on port 1 0 1 Netgear Switch Interface 1 0 1 port security max dynamic 10 Set the dynamic limit to 10 Netgear Switch Interface 1 0 1 port security max static 3 Set the static limit to 3 Netgear Switch Interface 1 0 1 ex Netgear Switch Config ex Netgear Switch show port security 1 0 1 Admin Dynamic Static Violation Trap Mode Disabled Web Interface Set the Dynamic and Static Limit on Port 1 0 1 1 Select Security gt Traffic Control gt Port Security gt Port Administrator 270 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication i ACL gt MAC Filter Port Security Configuration gt Storm Control Port Security Port Security Settings
319. c at Layer 2 or Layer 3 MAC ACLs are used for Layer 2 IP ACLs are used for Layer 3 Each ACL contains a set of rules that apply to inbound traffic Each rule specifies whether the contents of a given field should be used to permit or deny access to the network and may apply to one or more of the fields within a packet The following limitations apply to ACLs These limitations are platform dependent e The maximum of number of ACLs is 100 e The maximum number of rules per ACL is 8 10 e Stacking systems do not support redirection e The system does not support MAC ACLs and IP ACLs on the same interface e The system supports ACLs set up for inbound traffic only Chapter10 ACLs 136 ProSafe M4100 and M7100 Managed Switches MAC ACLs MAC ACLs are Layer 2 ACLs You can configure the rules to inspect the following fields of a packet limited by platform Source MAC address with mask Destination MAC address with mask VLAN ID or range of IDs Class of Service CoS 802 1p EtherType Secondary CoS 802 1p Secondary VLAN or range of IDs L2 ACLs can apply to one or more interfaces Multiple access lists can be applied to a single interface the sequence number determines the order of execution You cannot configure a MAC ACL and an IP ACL on the same interface You can assign packets to queues using the assign queue option You can redirect packets using the redirect option IP ACLs IP ACLs classify for
320. cceptable Frame Ingress VLAN Status ante eae ENED Fence ee Port PVID Configuration MOC Based VLAN IP Subnet Based Admit All Disable VLAN Admit All Dis able Port DYLAN Admit All Disable Admit All Disable b Under Port PVID Configuration scroll down and select the 1 0 1 check box C In the PVID 1 to 4093 field enter 200 d Click Apply to save the settings 4 Create a new DHCP pool a 9 select System gt Services gt DHCP Server gt DHCP Server Configuration A screen similar to the following displays System Switching Routing Qos Security Monitoring Maintenance Help Index Management Device View gt Stacking SNMP LLDP ISDP le DHCP Server DHCP Server Configuration DHCP Server Configuration DHCP Pool DHCP Server Configuration Admin Mode C Disable Enable Configuration Ping Packet Count 2 i 0 2 to 10 DHCP Pool Options Conflict Logging Mode Disable Enable DHCP Server Bootp Automatic Mode Disable Enable Statistics DHCP Bindings Excluded Address Information i l DHCP Conflicts SI IP Range From IF Range To Information For Admin Mode select the Enable radio button Click Apply to enable the DHCP service Select System gt Services gt DHCP Server gt DHCP Pool Configuration Chapter 22 DHCP Server 383 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays F T
321. ce System Switching Routing QoS Security Monitoring Help Index Management Security Access i i Traffic Control Control ACL Basic 802 1X Configuration 602 1 Configuration 02 1X Configuration Advanced Administrative Mode Disable Enable VLAN Assignment Mode C Disable i Enable Users admin l Login Authentication List defaultList For Administrative Mode select the Enable radio button For VLAN Assignment Mode select the Enable radio button Click Apply to save settings 5 Configure the dot1x authentication list a Select Security gt Management Security gt Authentication List gt Dot1x Authentication List Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching i i Routing QoS Security Monitoring Maintenance Help Index i Weccass Port Authentication Trattic Control Control ACL Local User Dot1lx Authentication List Dotix Authentication List Authentication SS CS Ce List m defaultList RADIUS LOCAL gt Loca gt Login Authentication List Enable Authentication List Dotix Authentication b Select the defaultList check box c Inthe 1 list select RADIUS d Click Add 6 Configure the RADIUS authentication server a Select Security gt Management Security gt Radius gt Server Configuration A screen similar to the following displays System
322. ce 1 0 21 ip pim dense Interface 1 0 21 exit Config interface 1 0 22 Interface 1 0 22 routing Interface 1 0 22 ip address 192 168 6 1 Interface 1 0 22 ip rip Interface 1 0 22 ip pim dense Interface 1 0 22 exit PIM DM on Switch D 1 Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Enable IGMP on the switch configure Config ip routing Config ip pim dense Config ip igmp Config ip multicast Config interface 1 0 21 Interface 1 0 21 routing Interface 1 0 21 ip address 192 168 2 1 Interface 1 0 21 ip rip Interface 1 0 21 ip pimd mense Interface 1 0 21 exit Config interface 1 0 22 Interface 1 0 22 routing Interface 1 0 22 ip address 192 168 6 2 Interface 1 0 22 ip rip Interface 1 0 22 ip pim dense Interface 1 0 22 exit 255 255 255 0 Lo 062054200080 ZIG ZO oe ADIs ZO R oes Os 0 Chapter 28 PIM 439 2 Enable IGMP on 1 0 24 Switch Config interface 1 0 24 Switch Interface 1 0 24 routing Switch Interface 1 0 24 ip pim dense Switch Interface 1 0 24 ip igmp Switch Interface 1 0 24 ip rip ProSafe M4100 and M7100 Managed Switches Switch Interface 1 0 24 ip address 192 168 4 1 255 255 255 0 Switch Interface 1 0 24 Fexit 3 PIM DM builds the multicast routes table on each switch A show ip mcast mroute su
323. ce 1 0 7 vlan pvid 200 Interface 1 0 7 exit Config interface 1 0 16 Interface 1 0 16 vlan participation include 200 Interface 1 0 16 vlan participation pvid 200 Interface 1 0 16 exit Config interface 1 0 17 Interface 1 0 17 vlan pvid 200 Interface 1 0 17 vlan participation include 200 Interface 1 0 17 exit 2 Create a VLAN 200 and include 1 0 6 1 0 7 1 0 16 and 1 0 17 Netgear Switch Config Netgear Switch Config private group name groupl 1 mode community 3 Create a private group in community mode Netgear Switch Config private group name group2 2 mode isolated 4 Create a private group in isolated mode Netgear Switch Config interface range 1 0 6 1 0 7 Netgear Switch conf if range 1 0 6 1 0 7 switchport private group 1 Netgear Switch conf if range 1 0 6 1 0 7 exit Chapter 24 Double VLANs and Private VLAN Groups 403 404 ProSafe M4100 and M7100 Managed Switches 5 Add 1 0 16 and 1 0 7 to the private group 1 Netgear Switch Config interface range 1 0 16 1 0 17 Netgear Switch conf if range 1 0 16 1 0 17 switchport private group 2 6 Add 1 0 16 and 1 0 7 to the private group 2 Netgear Switch conf if range 1 0 16 1 0 17 exit Web Interface Create a Private VLAN Group 1 Create VLAN 200 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays System Switc
324. ce Configuration Interface Configuration Interface end Version Receive Version RIP Admin Mode Authentication Type b In the Interface list select 1 0 22 c For RIP Admin Mode select the Enable radio button d Click Apply 6 Enable multicast globally a Select Routing gt Multicast gt Global Configuration Ospa Maintenance Help Index Monitoring VRRP Multicast Router Discovery Monitoring Maintenance f Help VRRP Multicast Router Discovery Chapter 28 PIM index 477 478 b C A screen similar to the following displays System Switching Routing QoS Security Routing Table IP IPvS VLAN ARP RIP OSPF OSPFv3 gt Mroute Table Global Configuration Global Configuration Global Configuration gt Interface Admin Mode Configuration Protocol State gt D MRP Table Maximum Entry Count IGMP gt PIM DM Protocol gt PIM SM Table Entry Count gt MLD gt Static Routes Configuration Admin Boundary Configuration ProSafe M4100 and M7100 Managed Switches Monitoring Maintenance Help Index Router Discovery VRRP Disable Enable Non Operational 256 No Protocol Enabled 0 For Admin Mode select the Enable radio button Click Apply 7 Enable PIM SM globally Select Routing gt Multicast gt PIM gt Global Configuration a d A screen similar to the following displays j System le Switching Routing z S
325. ce Interface Configuration Auto olP Matic Advani ed DiffServ Configi atin Service Interlace Configuration fiperational Stats e Class Contigurathen Pt Clais Configuration a Policy Configursian a ierra Interac Ai gra airn Service St tsbes In the Policy Name list select policyicmpv6 c Select the Interface 1 0 1 1 0 2 and 1 0 3 check boxes Chapter 12 DiffServ 235 236 Swite hing gt Diffserv Wizard Auto YolP Baig Advanced Diery Configuration Class Cochiguraian Pye Class Configuration p Pole Corhgurahan gt Serving bnterface Comfguration t Servios Statistics Click Apply Syrom Switching gt Diffgery Wizard gt Auto TolP Basic Y Advanced OiffSery Configwrston a Ciyss Configuarsthan Pri clasg Configuration gt Policy Configwratian parea interface Configurar Gerace Stabstos Chapter 12 DiffServ Routing ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Security Monitoring Maintenances Service Interface Configuration Service Interface Configuration All Interface Go To interface Policy Mame Direction Operational Status esiicricmevs Routing A screen similar to the following displays Spor Py Monitoring Anh Service Interface Configuration Service Interface Configuration All interface Coe To Imienia Policy ame Operational Status p litritmpr
326. cedence DE Mark IP DSCP ai E Simple Policy Color Conform Class l class_color Maintenance Help Member Class Maintenance Help Index policy_vlan In class_vlan a a Color Mode Color Aware Comitted Rate 1000 Comitted Burst Size 64 Conform Acton i Send Drop C Mark CoS C Mark IP Precedence Select the Simple Policy radio button In the Color Mode list select Color Aware In the Color Conform Class list select class_color In the Committed Rates field enter 1000 In the Committed Burst Size field enter 64 For Conform Action select the Send radio button Chapter 12 DiffServ 243 ProSafe M4100 and M7100 Managed Switches h For Violate Action select the Drop radio button i Click Apply 8 Apply policy_vlan to interface 1 0 13 a Select QoS gt DiffServ gt Advanced gt Service Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help ndex CoS Diffserv Wizard Service Interface Configuration SSR KOLE Service Interface Configuration gt Basic v Advanced 1 All Go To Interface lea Configuration SS a TT i oa Lies policy vlan E Configuration E y In IP Class T 10 2 In Configuration i i o 3 In a Poley M a oy4 In Configuration C 1 0 5 is Service Interface wi laws Ponfiouration aa EKITS Service Statistics r 1 08 In C
327. cedure Chapter 15 Security Management Convert the Dynamic Address Learned from 1 0 1 to a Static Address 271 ProSafe M4100 and M7100 Managed Switches CLI Convert the Dynamic Address Learned from 1 0 1 to the Static Address Netgear Switch Interface 1 0 1 port security mac address move Convert the dynamic address learned from 1 0 1 to the static address Netgear Switch Interface 1 0 1 exit Netgear Switch Config exit Netgear Switch show port security static 1 0 1 Number of static MAC addresses configured 3 Statically configured MAC Address VLAN ID 00 0E 45 30 15 F3 00 13 46 EC 2F102 00 14 6CiE84 8123 Web Interface Convert the Dynamic Address Learned from 1 0 1 to the Static Address 1 Select Security gt Traffic Control gt Port Security gt Dynamic MAC Address A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication i ACL gt MAC Filter Dynamic MAC Address Table gt Storm Control Port Security Settings Port Security Port iv Convert Dynamic Address to Static Administration Number of Dynamic MAC Addresses Learned Interface Configuration Dynamic MAC Address Table Dynamic MAC Port List 170 1 Address Address 1 00 0e6 45 30 15 f3 gt Protected Port 00 13 46 ec 2f 62 00 19 5b e9 51 20 00 19 5b e9 51 45 00 1b 2f b3 15 89 i 1 k 1 2 U
328. certain priority designations for arriving packets e Trust applies only to packets that have that trust information e There can be only one trust field at a time per port 802 1p user priority This is the default trust mode and is managed through switching configuration IP precedence IP DiffServ Code Point DSCP The system can assign the service level based upon the 802 1 priority field of the L2 header You configure this by mapping the 802 1p priorities to one of three traffic class queues These queues are e Queue 2 Minimum of 50 percent of available bandwidth e Queue 1 Minimum of 33 percent of available bandwidth e Queue 0 Lowest priority minimum of 17 percent of available bandwidth For untagged traffic you can specify the default 802 1p priority on a per port basis Untrusted Ports e No incoming packet priority designation is trusted therefore the default priority value for the port is used e All ingress packets from untrusted ports where the packet is classified by an ACL ora DiffServ policy are directed to specific CoS queues on the appropriate egress port That specific CoS queue is determined by either the default priority of the port or a DiffServ or ACL assigned queue attribute e Used when trusted port mapping is unable to be honored for instance when a non P DSCP packet arrives at a port configured to trust IP DSCP Chapter 11 CoS Queuing 191 ProSafe M4100 and M7100 Managed Switches
329. ces gt DHCPv6 Server gt DHCPv6 Pool Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Management Devices View licens SOrviCas Stocking SAME LLOP SDP S DHCP Server DHCPv6 Prefix Delegation Configuration gt DHCP Relay DHCPv6 Prefix Delegation Configuration DHCP L2 Relay gt UDP Relay c Pool Name Prefix Prefix Length Client Name SOs e Kc CE COON DHCP 6 Server Configuration DHEPv Pool Configuration DHCPy6 Prefix Delegation Configuration DHCP v6 Interface Configuration Chapter 23 DHCPv6 Server ProSafe M4100 and M7100 Managed Switches e205 f From the Pool Name drop down list select Pool Enter 2001 1 in the Prefix field in the Prefix Length field enter 64 In the Prefix field enter 00 01 00 01 15 40 14 4f 00 00 00 4d aa d0 Click Apply to apply the setting 8 Configure DHCPV6 on interface 1 0 9 a d Select System gt Services gt DHCPv6 Server gt DHCPv6 Interface Configuration A screen similar to the following displays Switching Routing security Monitoring Maintenance Help Stocking SNMP LLDP ISDP DHCP Server DHCPv6 Interface Configuration gt DHCP Relay gt DHCP LZ Relay gt UDP Relay Go To Interface DHCPv6 Interface Configuration DHCP v6 Server DHCPy6 Server Configuration DHCP Fool Configuration Interface Admin mode Pool Name Rapid Commit
330. ck Member Web Interface 1 Select System gt Management gt Basic gt Stack Configuration A screen similar to the following displays m TA mee O O System Switching Routing Security Monitoring Maintenance Index Save Config Reset Upload Download i Troubleshooting Archive Copy Copy Copy Master Firmware to Unit 2 2 In the Copy Master Firmware to Unit list select 2 3 Click Apply Configure a Stacking Port as an Ethernet Port Figure 38 Configuring a stacking port as an Ethernet port Follow these steps to set up the topology 1 Insert the AX742 into the I O module on the switch 2 Configure the switch A and B as described in the following instructions 3 Connect the AX 742 with stack cable 4 Reboot Switch A and Switch B Chapter 19 Switch Stacks 355 356 ProSafe M4100 and M7100 Managed Switches 1 On Switch A Configure the Stack Port and Reboot show stack port Netgear Switch Configured Running Stack Stack Link Unit Intf SlotId Type XFP Adapter Status Link Down AX742 stack Stack Link Down Switch Switch config Config stack Switch Config stack stack port 2 0 28 ethernet Switch Config stack exit Switch Switch Config exit reload y n y Are you sure you want to reload the stack After Switch A reboots Show port 2 0 28 Admin Netgear Switch Physical Physical Link Link Mode Mode Status Status Trap Enable
331. col Independent Multicast This chapter provides the following examples e PIM DM e PIM SM on page 460 Note The PIM protocol can be configured to operate on IPv4 and IPv6 networks Separate CLI commands are provided for IPv4 and IPv6 operation however most configuration options are common to both protocols Therefore this section describes only IPv4 configuration IPv6 configuration is similar to IPv4 Multicast protocols are used to deliver multicast packets from one source to multiple receivers They facilitate better bandwidth utilization and use less host and router processing making them ideal for usage in applications such as video and audio conferencing whiteboard tools stock distribution tickers and so on PIM is a widely used multicast routing protocol Protocol Independent Multicast PIM is a standard multicast routing protocol that provides scalable inter domain multicast routing across the Internet independent of the mechanisms provided by any particular unicast routing protocol There are two types of PIM e PlIM Dense Mode PIM DM e PIM Sparse Mode PIM SM PIM DM PIM DM is appropriate for e Densely distributed receivers e A ratio of few senders to many receivers due to frequent flooding e High volume of multicast traffic e Constant stream of traffic Chapter 28 PIM 435 ProSafe M4100 and M7100 Managed Switches Port 1 0 9 Port 1 0 10 Switch A Switch B Subnet 192 168 3 0 24 l
332. cted master and then runs from that saved configuration All stack members are eligible stack masters If the stack master becomes unavailable the remaining stack members participate in electing a new stack master A set of factors determine which switch is elected the stack master The stack master is elected or re elected based on one of these factors and in the order listed 350 Chapter 19 Switch Stacks ProSafe M4100 and M7100 Managed Switches 1 The switch that is currently the stack master 2 The switch with the highest stack member priority value Note NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack master This ensures that the switch is re elected as stack master if a re election occurs 3 The switch with the higher MAC address A stack master retains its role unless one of these events occurs e The stack master is removed from the switch stack e The stack master is reset or powered off e The stack master has failed e The switch stack membership is increased by adding powered on standalone switches or switch stacks In the case of a master re election the new stack master becomes available after a few seconds In the meantime the switch stack uses the forwarding tables in memory to minimize network disruption The physical interfaces on the other available stack members are not affected while a new stack master is elected If a new stack master is elected and the p
333. curity gt Management Security gt RADIUS gt Radius Accounting Server Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index i Access Port Authentication Traffic Control ACL gt User Accounting Server Configuration Configuration Accounting Server Configuration Accounting Server Address 10 100 5 17 Port 1813 Secret Configured Configuration Server z es X oe EE EE EK a Configuration Accounting Server Configuration Secret Accounting Mode In the Accounting Server Address field enter 10 100 5 17 In the Accounting Mode field select Enable Click Apply Chapter 15 SecurityManagement 285 ProSafe M4100 and M7100 Managed Switches Create a Guest VLAN The guest VLAN feature allows a switch to provide a distinguished service to dot1x unaware clients not rogue users who fail authentication This feature provides a mechanism to allow visitors and contractors to have network access to reach an external network with no ability to surf the internal LAN Guest 1 RADIUS server NETGEAR puccessenee sesso Ahhh bbb bbb i ceeseeesee MD IPINI naza PIPPP a ee oe 1 0 24 Switch Figure 30 Guest VLAN If a port is in port based mode and a client that does not support 802 1X is connected to an unauthorized port that has 802 1X enabled the client does not respond to the 802 1X requests from
334. curity Monitoring Maintenance Help RIP OSPF OSPFv3 Router Discovery VRRP DVMRP Interface Configuration DYMRP Interface Configuration Go To Interface Interface Parameters Index Index Sent Routes b Scroll down and select the Interface 1 0 3 1 0 11 and 1 0 24 check boxes c Select Enable in the Interface Mode field d Click Apply to save the settings 8 Enable IGMP on the switch a Select Routing gt Multicast gt IGMP gt Global Configuration ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP IPv VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP gt Mroute Table gt Global Configuration gt Interface IGMP Global Configuration Configuration gt DYMRP IGMP Global Configuration IGMP Admin Mode C Disable Enable Global b For Admin Mode select the Enable radio button c Click Apply 9 Enable IGMP on the interface a Select Routing gt Multicast gt IGMP gt Routing Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP IPv VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP gt Mroute Table gt Global Configuration gt Interface IGMP Routing Interface Configuration Configuration IGMP Routing Interface Configuration 1 all Go To Int
335. d ProSafe M4100 and M7100 Managed Switches Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays system Switching Routing Security Monitoring Maintenance Help Index Routing Tabla Pei VLAN ARP RIP OSPF OSPF3 Router Discovery VRRP Multicast Basic IP Interface Configuration v Advanced gt IP Configuration IP Interface Configuration gt Statistics gt IP Interface Configuration w Routin Administrative Secondary IP T Description IP Address Subnet Mask T Mode Mode ID i 3 192 168 2 1 255 255 255 0 enable D 1 0 1 192 168 1 1 255 255 255 0 Enable Enable Scroll down and select the Port 1 0 13 check box Now 1 0 13 appears in the Port field at the top Enter the following information e Inthe IP Address field enter 192 168 2 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable Click Apply to save the settings 4 Configure 1 0 21 as a routing port and assign an IP address to it a select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays system Switching Routing QoS security Monitoring Maintenance elp Routing Table Pv VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast Basic IP Interface Configuration t Advanced gt IP Configuration IP interface Configuration 2 Statis
336. d enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Assign IP address 192 150 5 1 24 to interface 1 0 5 a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching CCM l aos Security Monitoring Maintenance Help index Routing Table IP VLAN ARP RIP OSPF Router Discovery VRRP gt Basic IP Interface Configuration Advanced IP Configuration Configuration Statistics Go To Interface GO J IP Interface Sanndareron LAN Routi Ad trati OBET outin ministrative Secondary IP Interface Description IP Address Subnet Mask 9 Admin Mode Mode E 0 0 0 0 0 0 0 0 Disable Enable Disable 192 150 2 1 255 255 255 0 Enable Enable Disable 192 150 3 1 255 255 255 0 Enable Enable Disable 0 0 0 0 0 0 0 0 Disable Enable Disable b Scroll down and select the interface 1 0 5 check box 64 Chapter 4 Port Routing ProSafe M4100 and M7100 Managed Switches Now 1 0 5 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 150 5 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings Add a Default Route When IP routing takes place on a switch a routing table is needed for the switch to forward the packet based on the destination IP address The rou
337. d 1 0 3 interface check box In the Host Primary VLAN field enter 100 In the Host Secondary VLAN field enter 101 Click Apply to save the settings 2 Associate isolated ports 1 0 4 1 0 5 to a private VLAN primary 100 secondary 102 a Select Security gt Traffic Control gt Private VLAN gt Private VLAN Host Interface Configuration A screen similar to the following displays System Switching Routing Gos Security Monitoring Maintenance Help Adlcoricegaa read Seii He eke Peri Aumanhicghon ft Cian ral ACL t MAC Filter Private VLAN Host Interface Configuration gt Port Security pago gt Private Group Private VLAN Host Interface Configuration gt Protected Port 1 LAGS All Go To Interface Y Private Wien Host Primary VLAN Host Secondary WLAN Interlace Operational VLAM s Private Vien Typa 2 to 4095 2 to 4093 parimi ant s Configurator Povete Vian Association Configuraban a 10 100 101 e Private Vlan Part 10 100 101 Mode Configuration rvan len Heit reer ace Gonhjuratron Chapter 2 VLANs 51 ProSafe M4100 and M7100 Managed Switches b Under Private VLAN Host Interface Configuration select the 1 0 4 and 1 0 5 interface check box c In the Host Primary VLAN field enter 100 In the Host Secondary VLAN field enter 102 Click Apply to save the settings Map Private VLAN Promiscuous Port The example is shown as CLI commands and as a Web interface procedure CLI Map Priva
338. d as trusted Here interface 1 0 1 is trusted 314 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches a Select Security gt Control gt DHCP Snooping Interface Configuration A screen similar to the following displays Help indax DHCP Snooping Interface Configuration Global Configuration a haas iz all Go To Interface aub atten Logging Binding Invalid Rate Lint pps Durst Interval secs Configuration Packets t Renpgke nt Cochgurathoan DHCP Snooping Interface Configuration Kis Ws ee Select Interface 1 0 1 check box For interface 1 0 1 in the Trust Mode field select Enable d Click Apply A screen similar to the following displays 9 Switching Security Monitoring Maintenance Pirate tT DHE P Snnoging DHCP Snooping Interface Configuration Global DHCP Snooping Interface Configuration Logging Trust Mode Tindal bid Bate Limiti pps iret aterval pece Persian Packets Configuration e Statisties IP Source Guard Dynamit ARP 4 View the DHCP Snooping Binding table Select Security gt Control gt DHCP Snooping Binding Configuration A screen similar to the following displays system Switching Routing security Monitoring Maintenance Help Management Security Accass Port Authentication Traffic Control DHCP Snooping DHCP Snooping Binding Configuration Global Configuration __ Static Binding Configuration Interface Ea Interface MA
339. d is typically used in small to medium sized networks Layer 3 switch Lk ek ofa ie Router port 1 0 5 192 150 4 1 Port 1 0 2 VLAN Router port 1 3 1 192 150 3 1 Port 1 0 3 VLAN A Router port 1 3 2 192 150 4 1 Layer 25 switch switch VLAN 10 Figure 10 VLAN routing RIP configuration example This example adds support for RIPv2 to the configuration created in the base VLAN routing example A second router using port routing rather than VLAN routing has been added to the network CLI Configure VLAN Routing with RIP Support 1 Configure VLAN routing with RIP support on a M4100 and M7100 Managed Switch vlan data vlan routing 10 routing 20 Chapter 6 RIP Netgear Netgear Switch Switch ProSafe M4100 and M7100 Managed Switches Config ip routing Config vlan port tagging all 10 Switch Config vlan port tagging all 20 Switch Config interface 1 0 2 Switch Interface 1 0 2 vlan participation include 10 Interface 1 0 2 vlan pvid 10 Switch Switch Interface 1 0 2 exit Switch Config interface 1 0 3 Switch Interface 1 0 3 vlan participation include 20 Switch Interface 1 0 3 vlan pvid 20 Switch interface 1 0 3 exit Switch config Switch Config interface vlan 10 Switch Interface vlan 10 10 address 192 150 3 1 255 255 255 0 Switch Switch Config interface vlan 20 Netg
340. d select the CP 1 check box Now CP 1 appears in the CP ID field at the top 3 Inthe Block field select Enable 4 Click Apply to save the settings Local Authorization Create Users and Groups When using local authentication the administrator provides user identities for captive portal by adding unique user names and passwords to the local user database This configuration is global to the captive portal component and can contain up to 128 user entries a RADIUS server should be used if more users are required A local user can belong to one or more groups There is one group created by default with the group name Default to which all new users are assigned All new captive portal instances are also assigned to the Default group You can create new groups and modify the user group association to allow only a subset of users access to a specific captive portal instance Network access is granted upon successful user name password and group verification 546 Chapter 32 Captive Portal ProSafe M4100 and M7100 Managed Switches CLI Create Users and Groups 1 Create a group whose group ID Is 2 Netgear Switch config Netgear Switch config captive portal Netgear Switch Config CP user group 2 2 Create a user whose name is user1 Netgear Switch Config CP user 2 name userl 3 Configure the user s password Netgear Switch Config CP user 2 password Enter password 8 to 64 characters 12345678
341. database Vlan vlan 200 Vlan vlan routing 200 Vian exit Config interface 1 0 1 Interface 1 0 1 vlan participation include 200 Interface 1 0 1 vlan pvid 200 Interface 1 0 1 exit Config interface vlan 200 Interface vlan 200 routing Interface vlan 200 ip address 192 168 100 1 255 255 255 0 config Config service dhcp Config ip dhcp pool pool_dynamic Config network 192 168 100 0 255 255 255 0 Chapter 22 DHCP Server 381 ProSafe M4100 and M7100 Managed Switches Note If there is no DHCP L3 relay between client PC and DHCP server there must be an active route whose subnet is the same as the DHCP dynamic pool s subnet Web Interface Configure a DHCP Server in Dynamic Mode 1 Create VLAN 200 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index i STP Multicast Address Table Ports LAG VLAN Configuration v Basic VLAN Configuration gt Advanced Reset Reset Configuration Internal LAN Configuration Internal LAN Allocation Base 4093 Internal LAN Allocation Policy C Ascending Descending esi LAN ID LAN Name LAN Type Make Static Of i Si LJ 1 Default Default Disable LAN Configuration b Under VLAN Configuration in the VLAN ID field enter 200 c Click Add 2 Add port 1 0 1 to VLA
342. ddress Mask Mode Mode 255 255 255 0 Venable ES Enable E 192 168 2 2 255 255 255 0 Enable Enable 0 0 0 0 0 0 0 0 Disable Enable Disable Enable Disable Enable Under IP Interface Configuration scroll down and select the Port 1 0 13 check box Now 1 0 13 appears in the Port field at the top c Enter the following information Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches d e Inthe IP Address field enter 192 168 1 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable Click Apply to save the settings 5 Enable RIP on the interface 1 0 1 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Routing Table IP IPvVG WLAN ARP i i OSPF OSPFy3 Router Discovery VRRP Multicast gt Basic Interface Configuration v Advanced RIP Configuration Interface Configuration Interface Interface iroi Configuration Send Version RIP 2 inn han Receive Version RIP 2 Redistribution RIP Admin Mode Disable j Enable Authenticaton Type In the Interface list select 1 0 1 For RIP Admin Mode select the Enable radio button Click Apply 6 Enable RIP on interface 1 0 9 a d Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays
343. dept d Click Apply to add the class test_dept to the policy internet_access 9 Add the class development_dept into the policy internet_access a Select QoS gt DiffServ gt Advanced gt Policy Configuration Chapter 12 DiffServ 209 210 CoS gt Diffserv Wizard DiffServ Configuration Class Configuration Policy Configuration Service Configuration Service Statistics ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing e rN Security Monitoring Maintenance Help Index Policy Configuration Polic T Policy Selector Member Class Type Ej internet_access m development O intemet_access In finance_dept Policy Configuration ite internet_access In marketing_dept Under Policy Configuration scroll down and select the internet_access check box Now internet_access appears in the Policy Selector field at the top In the Member Class list select development_dept Click Apply to add the class development_dept to the policy internet_access 10 Assign queue 1 to finance_dept gt Diffserv Wizard DiffServ Configuration Class Configuration Configuration Service Configuration Service Statistics a Select QoS gt DiffServ gt Advanced gt Policy Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index CoS Po
344. dex gt Basic VLAN Membership Advanced gt VLAN VLAN Membership Configuration VLAN ID 200 Group Operation VLAN Membership VLANName UNTAGGED PORT MEMBERS poo P VLAN Status LANT Static TAGGED PORT MEMBERS VLA atic Port PVID nse a Configuration MAC Based VLAN Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 IP Subnet Based U uru VLAN 25 26 27 28 Porto an In the VLAN ID field select 200 Click Unit 1 The ports display Click the gray boxes under ports 4 5 and 6 until U displays The U specifies that the egress packet is untagged for the port Click Apply 3 Specify the PVID on ports 1 0 4 1 0 5 and 1 0 6 a b C d Select Switching gt VLAN gt Advanced gt Port PVID Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help index f STP Multicast Address Table Ports LAG gt Basic Port PVID Configuration Advanced VLAN PVID Configuration Configuration 1 All Go To Interface GO VLAN Membership gt VLAN Status interf P ID 1 to Acceptable Frame Ingress Port Priority 0 n ace Port PVID 4093 Types Filtering to 7 Configuration EA _ MAC Based VLAN 1 IP Subnet Based VLAN Port Dylan Configuration Protocol Based VLAN Group Configuration Admitall Disable Admitall 1 Disable O TOI 1
345. dirnrct Dapa D Interface Interface Every Enymori Ho plei have bean comfiganed for tho ACL Match Proli I Shirin TCP Flag IP Chapter 10 ACLs 175 ProSafe M4100 and M7100 Managed Switches b Click Add and the Extended ACL Rule Configuration screen displays Monitoring Maintenance Help laden Extended ACL Rule Configuration Extended ACL Rule Confiquration 100 199 IP Rules ACL 1D Heme moraortios fF Extended Rules Rule 1D i k PW ACL Arhan Perret z Pn Rules EP Binding Deny Configuration Logging E Dusble Binding Table Loa Wian Binding Table fodkrect Interface Match Ewer False Protocol Type Other URE EST 10 0 0 1 0 0 0 0 Other Other iP OSCe IP Precedence IP TOS In the Rule ID field enter 1 For Action select the Permit radio button In the Mirror Interface list select 1 0 19 In the Src IP Address field enter 10 0 0 1 In the Src IP Mask field enter 0 0 0 0 h Click Apply 3 Create a rule to match every other traffic a Select Security gt ACL gt Advanced gt IP Extended Rules moao A screen similar to the following displays Syihom Switching Routing Monitoring Maintenance Help indax Marsga mee socu lty Ae Peat Arestation Tretie Cesto Cen bred Extended ACL Rules Bathe Adv aiii IP Rules rf P WEL r IP Rules AGL ID HAME moniterdost s LP Fripiind Wd Pe ACL Extended ACL Rube Table Poi
346. displays QoS Security Monitoring Maintenance Help Index i System Switching Routing Management Security Accoss Port Authentication Traffic Control i ACL gt DHCP Snooping Captive Portal Configuration gt IP Source Guard gt Dynamic ARP Captive Portal Configuration Inspection X Admin P Captive Portal CP ID CP Name F Protocol Verification Block Group CF Global Mone Configuration gt CP Configuration _ 2 CP Binding _ ae ee EEE ferut enable QIN ht QE raous 9 E 2 Scroll down and select the CP 1 check box Now CP 1 appears in the CP ID field at the top 3 Enter the following information e Inthe Verification field select RADIUS e Inthe Radius Auth Server field enter the RADIUS server name Default RADIUS Server 4 Click Apply SSL Certificates A captive portal instance can be configured to use the HTTPS protocol during its user verification process The connection method for HTTPS uses the Secure Sockets Layer SSL protocol which requires a certificate to provide encryption The certificate is presented to the user at connection time In software release 8 0 or newer the captive portal uses the same certificate that is used for secure HI TP connections You can generate this certificate using a CLI command If a captive portal instance is configured for the HTTPS protocol and there is not a valid certificate present on the system the captive portal instance status w
347. dotlx detail 1 0 1 Protocol Version PAE Capabilities Control Mode Authenticator PAE State Backend Authentication State Quiet Period secs Transmit Period secs Guest VLAN ID Guest VLAN Period secs Supplicant Timeout secs Server Timeout secs VLAN Assigned Reason Reauthentication Period Reauthentication Enabled Key Transmission Enabled Control Direction Maximum Users Unauthenticated VLAN ID Session Timeout Session Termination Action Web Interface Create a Guest VLAN 1 Create VLAN 2000 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Routing Qo05 Security Monitoring Maintenance Help Index STP Multicast Address Toble Ports LAG Basic VLAN Configuration VLAN Configuration Reset gt Advanced Reset Configuration Internal LAN Configuration Internal LAM Allocation Base 4093 Internal VLAN Allocation Policy Oo Ascending E Descending YLAN Configuration FLAN ID LAN Name YLAN Type i BE 2000 U O y Pt Defaut Defaut b In the VLAN ID field enter 2000 288 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches c In the VLAN Type field select Static d Click Add 2 Add ports to VLAN 2000 a Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays Qos Maintenance Help Index STP Multicast Address Table
348. dy in MVR group 224 1 2 3 because it is configured as the source port e Click Apply to save the settings 262 Chapter 14 MVR Multicast VLAN Registration ProSafe M4100 and M7100 Managed Switches Configure MVR in Dynamic Mode CLI Configure MVR in Dynamic Mode In dynamic mode the MVR switch learns existing multicast groups by snooping the IGMP queries from router on source ports and forwarding the IGMP reports from the hosts to the IGMP router on the Multicast VLAN with appropriate translation of the VLAN ID 1 Create MVLAN VLAN1 VLAN2 and VLANS Netgear vlan database Netgear Vlan vlan 999 1001 1002 1003 vlan name 999 mVlan vlan name 1001 Vlanl Vlan Vlan vlan name 1002 Vlan2 vlan name 1003 Vlan3 Vlan Vlan 2 Enable MVR configure VLAN 999 as a multicast VLAN and add group 224 1 2 3 to MVR Netgear Switch config Netgear Switch Config mvr Netgear Switch Config mvr vlan 999 Netgear Switch Config mvr group 224 1 2 3 3 Configure MVR in dynamic mode Netgear Switch Config mvr mode dynamic 4 Configure multicast VLAN on the source port Netgear Switch Config interface 0 9 Netgear Switch Interface 0 9 vlan participation include 999 Netgear Switch Interface 0 9 vlan tagging 999 Netgear Switch Netgear Switch Interface 0 9 mvr type source Po Interface 0 9 mvr
349. e 0 fi92 168 1 2 9 255 255 255 0 2b b Under IP Interface Configuration scroll down and select the Port 1 0 13 check box Now 1 0 1 appears in the Port field at the top e Inthe IP Address field enter 192 168 1 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable c Click Apply 4 Create a 6 in 4 tunnel interface Chapter 26 Tunnel Index ProSafe M4100 and M7100 Managed Switches a Select Routing gt IPv6 gt Advanced gt Tunnel Configuration A screen similar to the following displays System Switching Routing Routing Tabla IP VLAN ARP RIP OSPF OSPR Monitoring Security Router Discovery VRRP Multicast gt Basic Tunnel Configuration Advanced Global Configuration Tu nnel onfiguration Interface Configuration Prefix Configuration Statistics Neighbour Table Static Route Configuration Route Table Route Preference Tunnel Configuration In the Tunnel Id list select 0 In the Mode list select 6 in 4 configured In the Source Address field enter 192 168 1 2 In the Destination Address field enter 192 168 1 1 Click Apply 5 Assign an IPv6 address to the tunnel 205 Maintenance Help Index Tunnel IPve IPve Mode IPv Mode i EWI64 Source Address Id Unreachables Address IT ECT a Select Routing gt IPv6 gt Advanced gt Prefix Configuration A screen simil
350. e Click Apply to save the VLAN that includes port 3 3 Enable RIP on the switch you can skip this step since the RIP is enabled by default a Select Routing gt RIP gt Basic gt RIP Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP OSPF Router Discovery VRRP Basic RIP Configuration RIPI Configuration RIP Configuration gt Ad d cance RIP Admin Mode Disable Enable b For RIP Admin Mode select the Enable radio button c Click Apply to save the setting 4 Enable RIP on VLANs 10 and 20 a Select Routing gt RIP gt Advanced gt RIP Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP ARP OSPF Router Discovery VRRP Interface Configuration RIP Configuration Interface 0 2 1 X Interface Send Version RIP 2 Configuration Receive Version Both m Route RIP Admin Mode Disable Enable Redistribution Authentication Type None M Status Bad Bad IP Send Receive Admin Link S z Updates Interface a A y Packets Routes Address Yersion Yersion Mode State p Sent Received Received 0 0 0 o 2 1 0 0 0 0 RIP 2 Both Enable Lo Down 0 2 2 0 0 0 0 RIP 2 Both Enables Co G o o Down b Enter the following information e I
351. e x Tonne Disable Disable Disable Disable Enable Disable C t gt v 3 radi tease Disable Disable Disable Disable Enable Disable Disable Disable Disable Disable Enable Disable b Scroll down and select the interface 1 0 23 check box Now 1 0 23 appears in the Interface field at the top c Enter the following information e Inthe IPv6 Mode field select Enable e Inthe Routing Mode field select Enable e Inthe DHCPv6 Client Mode field select Enable d Click Apply to apply the settings Show the ipv6 address assigned from 1 0 23 a Select Routing gt IPv6 gt Advanced gt Prefix Configuration A screen similar to the following displays System Switching BAe Security Monitoring Maintenance Help Index Routing Table Pod VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast DP vd Mulicasi CARIE IPv6 Prefix Configuration Sesearce IP v6 Interface Selection Global R Configuration Interface 1 0 23 gt Interface Configuration IPv6 Interface Configuration pan Prefi inv Pref Valid Life Preferred Configuration A has Time Life Time gt Statistics gt Neighbour Table gt Static Route I 2000 1DSC 7CFE 820F 8144 128 Disable Configuration FE 0 6291 FSFF FE06 2BF6 128 Disable gt Route Table gt Route Preference b Scroll down and select the interface 1 0 23 You can see the IPv6 address assigned by the DHCPV6 server Chapter 27 IPv6 Interface Configuration PIM Proto
352. e 2 check box The image2 now appears in the Image name field at the top c In the Active Image field select TRUE d Click Apply Outbound Telnet In this section the following examples are provided e CLI show network on page 335 e CLI transport output telnet on page 336 e Web Interface Configure Telnet on page 336 e CLI Configure the session limit and session timeout on page 337 e Web Interface Configure the Session Timeout on page 337 Outbound Telnet e Establishes an outbound Telnet connection between a device and a remote host e A Telnet connection is initiated each side of the connection is assumed to originate and terminate at a network virtual terminal NVT e Server and user hosts do not maintain information about the characteristics of each other s terminals and terminal handling conventions e Must use a valid IP address 334 Chapter 17 Tools ProSafe M4100 and M7100 Managed Switches CLI show network Netgear Switch Routing gt telnet 192 168 77 151 Trying 192 1608 77 19 ss Netgear Switch Routing User admin Password Netgear Switch Routing Password Netgear Switch Routing show network IP Address 192 168 77 151 Subnet Mask 239s 25920940 Default Gateway 192a L608 ele Burned In MAC Address 00 10 18 82 04 E9 Locally Administered MAC Address 00 00 00 00 00 00 MAC Address Type Burned In Network Configuration Protocol Current DHCP Management VLAN ID Web Mode Enable
353. e F b Scroll down and select the interface 2 0 19 check box 2 0 19 now appears in the Interface field at the top c Enter the following information e Inthe OSPF Area ID field enter 0 0 0 1 e Inthe OSPF Admin Mode field select Enable d Click Apply to save the settings 7 Configure area 0 0 0 1 as a nssa area a Select Routing gt OSPF gt Advanced gt NSSA Area Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP i Router Discovery VRRP gt Basic NSSA Area Configuration Advanced OSPF NSSA Area Configuration Configuration ae F Common 4rea Aging External SPF Border Area LSA piste aire 3 Area ID fins Yalue 1 to Configuration Interval Routing Runs Router Checksum 16777215 Stub Area Count Configuration b Enter the following information e Inthe Area ID field enter 0 0 0 1 e Inthe Import Summary LSA s field select Disable c Click Add to save the settings CLI Configure Area 1 as an nssa Area on A2 1 Enable routing on the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config router ospf Chapter 7 OSPF 111 112 Netgear Switch Netgear Switch Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netge
354. e Inthe ACL ID list select 10 e Inthe Sequence Number field enter 1 c Click Unit 1 The ports display d Click the gray box under port 2 A check mark displays in the box e Click Apply to save the settings One Way Access Using a TCP Flag in an ACL This example shows how to set up one way Web access using a TCP flag in an ACL PC 1 can access FIP server 1 and FIP server 2 but PC 2 can access only FIP server 2 Port 0 13 192 168 100 2 j FTP server 2 Port 1 0 48 Port 0 44 Tiii j ja Baia Ma m Layer 3 switch Port 0 35 Port 1 0 25 Figure 17 One Way Web access using a TCP flag in an ACL CLI Configure One Way Access Using a TCP Flag in an ACL This is a two step process e Step 1 Configure the Switch on page 142 e Step 2 Configure the GSM7352S on page 144 Step 1 Configure the Switch See Figure 17 One Way Web access using a TCP flag in an ACL 142 Chapter 10 ACLs Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch ProSafe M4100 and M7100 Managed Switches 1 Create VLAN 30 with port 0 35 and assign IP address 192 168 30 1 24 vlan database Vlan vlan 30 Vlan vlan routing 30 Vlan exit config Config interface 0 35 Interface 0 35 vlan pvid 30 Interface 0 35 vlan participation
355. e M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS VLAN ARP ee a OSPF i Routing Table gt Basic Advanced IP Configuration Statistics IP Interface Configuration Secondary IP Security Monitoring Maintenance Help Index Router Discovery VRRP IP Interface Configuration Configuration Go To Interface l SQ ba Routin Administrative Interface Description IP Address Subnet Mask 9 Mode Mode E P 10 3 J 255 255 255 0 255 255 255 0 Wenable i Enable xi O 1 o 1 0 0 0 0 Disable Enable E aos 255 255 255 0 Enable Enable Mo I 170 4 0 0 0 0 192 150 2 2 0 0 0 0 0 0 0 0 Disable Enable b Scroll down and select the interface 1 0 3 check box Now 1 0 3 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 130 3 1 e Inthe Network Mask field enter 255 255 255 0 e Inthe Admin Mode field select Enable d Click Apply to save the settings 4 Assign IP address 192 64 4 1 to port 1 0 4 a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Routing Table i VLAN ARP RIP OSPF Security Monitoring Maintenance Help Index i Router Discovery VRRP gt Basic IP Interface Configuration Advanced IP Configuration Configuration Go To Interface e
356. e Network Mask field enter 255 255 255 0 e Inthe Admin Mode field select Enable d Click Apply to save the settings 4 Specify the router ID and enable OSPF for the switch Chapter 7 OSPF 101 102 ProSafe M4100 and M7100 Managed Switches a Select Routing gt OSPF gt Basic gt OSPF Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP i Router Discovery VRRP Basic OSPF Configuration OSPF Configuration OSPF Configuration gt Advanced OSPF Admin Mode Disable Enable Router ID b Under OSPF Configuration in the Router ID field enter 1 1 1 1 c Click Apply to save the settings 5 Enable OSPF on the port 2 0 11 a Select Routing gt OSPF gt Advanced gt Interface Configuration C A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP Router Discovery VRRP Interface OSPF Area ID Admin Priority 0 to Interval 0 Interval 1 Mode 255 to 3600 to 65535 20 0 0 am Configuration Common Area 2 0 1 Disable 10 Configuration 2 0 2 Disable 10 Stub Area Configuration NSSA Area Configuration 270 3 Disable 2 0 4 Disable 2 075 Disable 1 1 pi 1 1 Area Range 2 0 6 Disable 2 1 as I 1 Configuration Interface Configu
357. e an IPv6 Routing Interface 1 Enable IPv6 forwarding and unicast routing on the switch a d Select Routing gt IPv6 gt Basic gt Global Configuration A screen similar to the following displays System Switching Routing Qo05 security Monitoring Maintenance Help Index Routing Table IP i VLAN ARP RIP OSPF OSPFy3 Router Discovery WRRP Multicast IPv Multicast Basic IPv6 Global Configuration Global Route Table IPv Unicast Routing Disable f Enable gt Advanced IPv6 Forwarding Disable Enable Hop Limit lo 0 to 255 ICMPy 6 Rate Limit Error Interval 1000 0 to 2147493647 msecs ICMPv6 Rate Limit Burst Size 100 i to 200 For IPv6 Unicast Routing select the Enable radio button For IPv6 Forwarding select the Enable radio button Click Apply 2 Enable IPv6 routing on interface 1 0 1 a C d Select Routing gt IPv6 gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing Qos Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP OSPF eg Router Discovery VRRP Multicast IPv Multicast gt Basic IPv6 Interface Configuration Advanced z Global IPv6 Interface Configuration fi fre i fi Con iguration a oi Go To Interface gt Interface Configuration Duplicate Lif gt Prefix Tore Sena Routing Admin Operational Address i Adv NS Configuration E VERE vo Uee Mode Mode M
358. e the global configuration stack master command switch stack member number priority new priority number to set a stack member to a higher member priority value e Restart both stack members at the same time Stack master election specifically Assuming that both stack members The stack member with the higher determined by the MAC address have the same priority value and MAC address is elected stack firmware image restart both stack master members at the same time Add a stack member e Power off the new switch The stack master is retained The Through their stacking ports connect New switch is added to the switch the new switch to a powered on stack switch stack e Power on the new switch Stack master failure Remove or power off the stack One of the remaining stack master members becomes the new stack master All other members in the stack remain stack members and do not reboot Preconfigure a Switch You can preconfigure Supply a configuration to a new switch before it joins the switch stack You can specify the stack member number the switch type and the interfaces associated with a switch that is not currently part of the stack Note If you are replacing a switch with the same model in the same position in the stack you do not need to preconfigure it The new switch assumes the same configuration as the previous switch 364 Chapter 19 Switch Stacks ProSafe M4100 and M7100 Managed Switches
359. e using tftp a Select Maintenance gt Download gt File Download A screen similar to the following displays System Switching Routing Upload Reset Save Config File Download File Download gt HTTP File Download File Download File Type Image Name Transfer Mode Server Address Type Server Address Remote File Hante File Management i Security Monitoring Maintenance Help Index Troubleshooting TFTP 10 100 5 17 b In the File Type list select Archive c In the Image Name list select image2 d In the Transfer Mode list select TFTP e In the Server Address Type list select IPv4 f In the Server Address field enter 10 100 5 17 tftp server IP address g In the Remote File Name enter gsm73xxse r8vOm0b3 stk h Click Apply 2 Activate imaged a Select Maintenance gt File Management gt Dual Image Configuration Chapter17 Tools 333 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring i Maintenance Help Index f Save Config Reset Upload Download i Troubleshooting gt Copy Dual Image Configuration Dual Image Configuration Dual Image Configuration Image Active Update Boot Description Name Image Code TRUE Disable x ee TRUE default image 8 0 0 4 Disable iv b Under Dual Image Configuration scroll down and select the Imag
360. ear Switch Interface vlan 10 exit Interface vlan 20 ip address 192 150 4 1 255 255 255 0 Netgear Switch Interface vlan 20 exit 2 Enable RIP for the switch The route preference defaults to 15 Netgear Switch Config router rip Netgear Switch Config router enable Netgear Switch Config router exit 3 Configure the IP address and subnet mask for a nonvirtual router port Config interface 1 0 5 Interface 1 0 5 ip address 192 150 5 1 255 255 255 0 Interface 1 0 5 exit Netgear Switch Netgear Switch Netgear Switch 4 Enable RIP for the VLAN router ports Authentication defaults to none and no default route entry is created Netgear Switch Config interface vlan 10 Netgear Switch Interface vlan 10 ip rip Switch Interface vlan 10 exit Switch Interface vlan 20 ip rip Switch Interface vlan 20 exit Switch Switch Config interface vlan 20 Config exit Chapter6 RIP 83 ProSafe M4100 and M7100 Managed Switches Web Interface Configure VLAN Routing with RIP Support 1 Configure a VLAN and include ports 1 0 2 in the VLAN a Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP ARP RIP OSPF Router Discovery VRRP v LAN Routing VLAN Routing Wizard
361. eck box Now 102 appears in the interface field at the top c In the Private VLAN Type field select Community from the pull down menu d Click Apply to save the settings Chapter2 VLANs 47 ProSafe M4100 and M7100 Managed Switches Configure Private VLAN Association The example is shown as CLI commands and as a Web interface procedure CLI Configure Private VLAN Association Use the following commands to associate VLAN 101 102 Secondary VLAN to VLAN 100 primary VLAN Netgear Switch config Netgear Switch Config vlan 100 Netgear Switch Config Vlan private vlan association 101 102 Netgear Switch Config Vlan end Web Interface Configure Private VLAN Association 1 Associate VLAN 101 102 secondary VLAN to VLAN 100 primary VLAN a Select Security gt Traffic Control gt Private VLAN gt Private VLAN Association Configuration A screen similar to the following displays Sy thom Switching Rovhing Go Security Moaniloring Maintenance Halp Can trad gt MAC Filter Private VLAN Assocation Configuration Port Securit x Private VLAN Association Primary VLAN Secondary VLANI Lecleted VLAN psos 202 Community WLAN Ss e Povate Vlen Type Configurabon s Prvate Vien ALPS eT Conin Configurator Private Vian Port Mode Configurabon b Under Private VLAN Association Configuration select the VLAN ID 100 c In the Secondary VLAN s field tyoe 101 102 d Click Appl
362. ect Switching gt LAG gt LAG Membership A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicast Address Table Ports gt LAG LAG Membership Configuration LAG Membership LAG Membership LAG Description Port Selection Table Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Wea e ae ee ee a el eis 25 26 27 28 PARNER I a In the LAG ID list select LAG 1 Click Unit 1 The ports display Click the gray boxes under port 2 and 3 Two check marks display in the box Click Apply to save the settings 2 Add ports to lag_20 a Select Switching gt LAG gt LAG Membership A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicast Address Table Ports gt LAG LAG Membership Configuration LAG Membership LAG Membership LAG Description Admin Mode Link Trap STP Mode Static Mode Hash Mode Source IP and Source TCP UDP Port X Port Selection Table Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 SERERE E Jy ps ee ee ee ELENE 25 26 27 28 b Under LAG Membership in the LAG ID list select LAG 2 c Click Unit 1 The ports display 58 Chapter3 LAG s ProSafe M4100 and M7100 Managed Switches d Click the gray boxes under ports 8 and 9 Two check marks displ
363. ecurity Routing Table IP IPv amp VIAN ARP RIP OSPF OSPFv3 gt Mroute Table _ PIM SM Global Configuration gt Global Configuration PIM SM Global Configuration gt Interface Admin Moda Configuration gt DYMRP Data Threshold Rate Kbps Register Threshold Rate Kbps Monitoring Maintenance Help Index i Router Discovery WRRP Disable Enable o O te 2000 o 0 to 2000 For PIM Protocol Type select the PIM SM radio button For Admin Mode select the Enable radio button Click Apply 8 Enable PIM SM on interfaces 1 0 21 and 1 0 22 Chapter 28 PIM a Select Routing gt Multicast gt PIM gt Interface Configuration ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP IPv VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP i IPv Multicast s Mroute rable PIM Interface Configuration gt Global Configuration gt Interface 1 all Go To Interface Configuration gt D YMRP gt IGMP v PIM Global Configuration gt SSM Configuration gt Interface Configuration PIM Neighbor Candidate RP Configuration PIM Interface Configuration Protocol IP Join Prune BSR Interface Hello Interval secs State Address Interval secs Border Disable Non Operational 0 0 0 Disable Disable Non Operational 0 0 0 Disable Disable Non Operational 0 0 0 Disab
364. ed transferred 1505280 2040320 2566656 3092992 3619328 4145152 4669952 5202944 5729280 bytes bytes bytes bytes bytes bytes bytes bytes by transferred transferred transferred transferred transferred transferred transferred transferred 1680896 2215936 2741760 3268096 3794432 4320768 4849152 5378560 bytes bytes bytes bytes bytes bytes bytes bytes tes transferred 5904896 bytes transferred 6078976 bytes transferred 6255616 bytes transferred 6423040 bytes transferred 6606336 bytes transferred 6781952 bytes transferred 6957056 bytes transferred 7111168 bytes transferred 7307776 bytes transferred 7483392 bytes transferred 7658496 bytes transferred Verifying CRC of file in Flash File System Distributing the code to the members of the stack File transfer operation completed successfully Netgear Switch Netgear Switch Image Descriptions imagel image2 default image show bootvar Images currently available on Flash Chapter 17 Tools ProSafe M4100 and M7100 Managed Switches 1 Jedlo L boot system image2 Netgear Switch Activating image image2 Netgear Switch show bootvar Image Descriptions imagel default image image2 Images currently available on Flash Image2 will be executed after reboot Web Interface Download a Backup Image and Make It Active 1 Download a backup imag
365. ed internet_access adding the previously created department classes as instances within this policy 202 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches This policy uses the assign queue attribute to put each department s traffic on a different egress queue This is how the DiffServ inbound policy connects to the CoS queue settings established in the following example Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Config policy map internet_access in policy map class finance_dept policy class map assign queue 1 policy class map exit policy map class marketing_dept policy class map assign queue 2 policy class map exit policy map class test_dept policy class map assign queue 3 policy class map exit policy map class development_dept policy class map assign queue 4 policy class map exit policy map exit 4 Attach the defined policy to interfaces 1 0 1 through 1 0 4 in the inbound direction Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Config interface 1 0 1 Interface 1 0 1 service policy i Interface 1 0 1 exit Config interface 1 0 2 Interface 1 0 2 service policy i Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 service policy i Interface 1 0 3 ex
366. ed tan VLAN Membership Configuration VLAN ID Group Operation Untag All bd gt VLAN Membership UNTAGGED PORT MEMBERS VLAN Status H MAC Based VLAN Port PVID Configuration 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Port DYLAN Ul ul ul Ul Ul uj uj uj u u uj uj uj uj ul Configuration 25 26 27 28 s Ul U U U In the VLAN ID list select 3 Click Unit 1 The ports display Click the gray box before Unit 1 until U displays e Click Apply 3 Assign VPID3 to port 1 0 23 a Select Switching gt VLAN gt Advanced gt Port PVID Configuration 29 5 A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index STP i Multicast Address Table Ports LAG gt Basic Port VLAN Id Configuration Advanced VLAN P ID Configuration Configuration Go To Interface GO 1 All VLAN Membership Port VLAN Status titerface P ID 1 to Acceptable Frame Ingress SEERIA 0 MAC Based VLAN i 4093 Types Filtering to 7 Port P VID C Port DYLAN TDAI 1 Admit All Disable 0 Configuration e o 1 Admit All Disable o b Scroll down and select the 1 0 23 check box c In the PVID 1 to 4093 field enter 3 d Click Apply to save the settings 4 Map the specific MAC to VLANS a Select Switching gt VLAN gt Advanced gt MAC based VLAN A screen similar to the following displays Switching Routing QoS Security Monitorin
367. ed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Routing Table IP IPv amp VLAN ARP RIP OSPF OSPFv3 Routor Discovery VRRP Ay j IPvS Multicast Mroute Tabie PIM Interface Configuration gt Global Configuration gt Interface 1 all Go To Interface PIM Interface Configuration Configuration gt DYMRP gt IGMP PIM Global Configuration gt SSM Configuration Interface Configuration PIM Neighbor Candidate RP Configuration gt BSR Candidate Configuration Static RP Configuration gt Static Routes Configuration gt Admin Boundary Configuration Interface Admin Protocol ag Hello Interval secs Join Prune BSR ac secs Mode State Address Interval secs Border Enable iz E om Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable Disable Non Operational Disable es D DR Priority R Disable Non Operational 0 0 0 0 Disable 1 0 13 Disable Non Operational 0 0 0 0 Disable 1 0 14 Disable Non Operational 0 0 0 0 Disable miia fim fk k fa fim ia fin ia fin ia fimin m Scroll down and select the Interface 1 0 10 and 1 0 11 check boxes In the Admin Mode field select Enable Click Apply to save the settings 9 Set
368. ees 336 CLI Configure the session limit and session timeout 337 Web Interface Configure the Session Timeout 337 Chapter 18 Syslog SOW LOGON ei ereer ain oh a Was ee be EE E Hares 340 Clit how Loggins tic2t tugs cect eeenes bes beet eee ae eres 340 Web Interface Show Logging 0 00 cece eee eee eee 340 Show Logging Buffered 2 264550 seth teen een inaead tees 342 CLI Show Logging Buffered 0 0 ccc eee 342 Contents 9 ProSafe M4100 and M7100 Managed Switches Web Interface Show Logging Buffered 02005 343 Show Logging TraplogS cece eee ee 343 CLI Show Logging TraplogS 606 steve rdsw oversee eeaed ead des 343 Web Interface Show Logging Trap Logs 000005 343 Show Logging HOSS td ci eecciedeus 4s tdetesdesninctenybaccues 344 CLI Show Logging Hosts svicwesu a thee vane eee ceeeg cees 344 Web Interface Show Logging Hosts 2002 00s 345 Configure Logging fora Port 0c cece eee eee 345 CLI Configure Logging for the Port 00008 345 Web Interface Configure Logging for the Port 346 EW FRING orari 5d eh She ae BA ee ee bee OS 347 CLI Send Log Messages to admin switch com Using Account aaaa net H e 64 4 5 4 54500 058 bee 0g dee dd ehh es ae ehh eek A 348 Chapter 19 Switch Stacks Switch Stack Management and Connectivity 00005 349 The Stack Mas
369. efreshed State refresh messages are generated periodically by the router directly attached to the source There are two versions of PIM DM Version 2 does not use IGMP messages instead it uses a message that is encapsulated in IP packets with protocol number 103 In version 2 the Hello message is introduced in place of the query message CLI Configure PIM DM PIM DM on Switch A 1 Enable IP routing on the switch Netgear Switch configure Netgear Switch Config ip routing 2 Enable pimdm on the switch Netgear Switch Config ip pim dense 3 Enable IP multicast forwarding on the switch Netgear Switch Config ip multicast 4 Enable RIP to build the unicast IP routing table Netgear Config interface 1 0 1 Interface 1 0 1 routing Interface 1 0 1 ip address 192 168 2 2 255 255 255 0 Interface 1 0 1 ip rip Netgear Netgear Netgear Chapter 28 PIM 437 438 ProSafe M4100 and M7100 Managed Switches 5 Enable PIM DM on the interface Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Interface Interface 1 0 1 ip pim dense 1 0 1 exit Config interface 1 0 9 Interface Interface Interface Interface Interface 1
370. eld select Enable d Click Apply to save the settings 4 Enable IP multicast on the switch Chapter 31 DVMRP Help Routing Mode Index Administrative Mode Enable IN Enable 535 536 ProSafe M4100 and M7100 Managed Switches a Select Routing gt Multicast gt Global Configuration A screen similar to the following displays System Switching Routing Pe Routing Table IP gt Mroute Table Global Configuration gt Interface Configuration gt DYMRP gt IGMP gt PIM DM gt PIM S SM gt MLD gt Static Routes Configuration gt Admin Boundary Configuration Qos VLAN ARP RIP OSPF Global Configuration Global Configuration Admin Mode Protocol State Table Maximum Entry Count Protocol Table Enty Count Security OSPR Monitoring Maintenance Help VRRP Router Discovery Disable Enable Non Operational 256 No Protocol Enabled 0 b For Admin Mode select the Enable radio button c Click Apply 5 Enable DVMRP on the switch a Select Routing gt Multicast gt DVMRP gt Global Configuration A screen similar to the following displays System TT Switching Routing Pw Routing Table i IP Mroute Table Global Configuration gt Interface Configuration DYMRP Global Configuration Interface Configuration DVMBP Neighbor 2 DYMRP Next Hop DVMRP Prone OVMERP Route Qo5 AR
371. elds will not accept input as they are not needed e The Preference field is optional A value of 1 highest will be assigned by default if not specified 4 Click the Add button on the bottom of the screen This creates the default route entry in the routing table Add a Static Route When the switch performs IP routing it forwards the packet to the default route for a destination that is not in the same subnet as the source address However you can seta path static route that is different than the default route if you prefer The following procedure shows how to add a static route to the switch routing table CLI Add a Static Route The following commands assume that the switch already has a defined a routing interface with a network address of 10 10 10 0 and is configured so that all packets destined for network 10 10 100 0 take the path of routing port FSM7328S show ip route Total Number of Routes Network Subnet Next Hop Next Hop AddressMaskProtocoliIntfIP Address Oe LO 10 0 25S 259 255 0 Local 170 3 10 10210 1 66 Chapter 4 Port Routing ProSafe M4100 and M7100 Managed Switches To delete the static route simply add no keyword in the front of the ip route command Web Interface Add a Static Route 1 Select Routing gt Routing Table gt Basic gt Route Configuration to display the Route Configuration screen System Switching Routing QoS Security Monitoring Maintenance Help Ind
372. en similar to the following displays Switching Routing Go Security Monitoring Maintenance gt Diffserv Wizard Policy Configuration Auto olP gt Basic Advanced Diiserv ember Class Ea Ai guarat Teed i pl gt Class elaasiomp ye Configuration Ph Clase onfiginratren Policy Configuration Service Interface onfigur at 234 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches c In the Assign Queue list select 6 Syutom Switching Routing EDE Smsurity Monitering i haintanonca Halp ndez Las gt Diffserv Wizard Policy Class Configuration gt Avo Folk gt Basic Class Information Advanced DiffServ Configivrathan r CLEF Gonhigus atan gt Pd Class Policy Attribute Configuration Policy Atribute Assign Que i agiep Confijuralisn l Serea Interface Herk IF COG Configuration Hark IP Precedence 0 r Gerte Statistiss Wark IF DIEP N Simple May Color Hode Toler Blind Comitted Rate Comitted Burst Sioe Tonig Achion F fend Demp park Gad Mark IF breecedence O0 D Mark P DECR E gend r Drop D Mah os I Herk IP Preeedence I Mark IP OSCR d Click Apply 5 Attach the policy policyicmpv to interfaces 1 0 1 1 0 2 and 1 0 3 a Select QoS gt DiffServ gt Advanced gt Service Interface Configuration A screen similar to the following displays Sytem Swilching Rowling j Security Monitoring Mointenonce Holp I Diffeecy Wizard Servi
373. end only RIPv2 formatted frames config Config interface 1 0 2 Interface 1 0 2 ip rip Interface 1 0 2 ip rip receive version both Interface 1 0 2 ip rip send version rip2 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 ip rip Interface 1 0 3 ip rip receive version both Netgear Interface 1 0 3 ip rip send version rip2 Netgear Interface 1 0 3 exit Netgear Config exit Web Interface Enable RIP for Ports 1 0 2 and 1 0 3 1 Select Routing gt RIP gt Advanced gt RIP Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP i OSPF Router Discovery VRRP gt Basic Interface Configuration Advanced RIP Configuration Interface Configuration Interface Interface 1 0 2 Configuratio 9 3 Send Version RIP 2 Route B th Redistribution Raceive Version 5 RIP Admin Mode Disable 4 Enable Authentication Type None N Status Bad Bad IP Send Receive Admin Link 2 5 Updates Interface t Packets Routes Address Yersion ersion Mode State J A Sent Received Received 0 0 0 1 0 2 0 0 0 0 RIP 2 Both isabla Unk Down 1 0 3 0 0 0 0 RIP 2 Both Disable Do 0 0 2 Enter the following information e Inthe Interface field select 1 0 2 e For RIP Admin Mode select the Enable radi
374. ep Basie iir IF ACL JF Rudden a JP Fiteni Giiled a Pvt AEL x 1Pv Rules IF Birding Configuration gt Bindong Table gt Wan Binding Table Extended ACL Rules IF Rules ACL 0 MAE Extended ACL Rule Table Source Source Destinatiog Redirect Fiabch Protocol TEP Flag i Ne Source IF va sik ie E LP Ay a ace ft Ce an re Le Intertac Every Keyword address lark a PAT Rule Assign Destination Destinatl Hirrer a Action Logging IF Haak L4 Port LH Queue ID Inberiace Fl ii Permit sable oO Chapter10 ACLs 181 182 4 b System Milan rebel Sec unify gt Basic Advanced IF ACL P Rules IP Extended Rules ih Pa ACL Pe Bulle EF Banding Configuration gt Banding Table a Vlan Banding Table re Switching ProSafe M4100 and M7100 Managed Switches Click Add and the Extended ACL Rule Configuration screen displays Go Rat Monitoring Maintenance Help Index Routing Port Authentication ratie Centred Canine Extended ACL Rule Configuration Extended ACL Rule Configuration 100 199 ACL UD Maen redweahttP Fule 10 Z Action parma Dany Logging Disable True Amer Lb RST Cater E IPDP P Precedence IP TOS In the Rule ID field enter 2 For Action select the Permit radio button In the Match Every field select True Click Apply A screen similar to the following displays op 209 Syaham Switchi
375. erface uer Last Configuration Aa Q y z Startup Startup Han min uer Routing Interface Interface Version Robustness s AS Query Query AR Mode Interval Response Query Configuration t Interval aS l Routing Interface ika DEZ Statistics Enable v IGMP Groups Disable b Scroll down and select the Interface 1 0 24 check box Now 1 0 24 appears in the Interface field at the top c In the Admin Mode field select Enable d Click Apply to save the settings Chapter31 DVMRP 541 Captive Portal This chapter includes the following sections e Captive Portal Configuration on page 543 e Enable Captive Portal on page 543 e Client Access Authentication and Control on page 545 e Block a Captive Portal Instance on page 546 e Local Authorization Create Users and Groups on page 546 e Remote Authorization RADIUS User Configuration on page 548 e SSL Certificates on page 550 The captive portal feature is a software implementation that blocks clients from accessing the network until user verification has been established You can set up verification to allow access for both guests and authenticated users Authenticated users must be validated against a database of authorized captive portal users before access is granted The authentication server supports both HTTP and HTTPS Web connections In addition you can configure captive portal to use an optional HTTP port in support of HT TP proxy networks If co
376. erface 1 0 3 check box Now 1 0 38 appears in the Interface field at the top 3 Inthe Admin Mode field select Enable 4 Click Apply Multicast Router Using VLAN The example is shown as CLI commands and as a Web interface procedure CLI Configure the Switch with a Multicast Router Using VLAN This example configures the interface to forward only the snooped IGMP packets that come from VLAN ID lt VLAN Id gt to the multicast router attached to this interface Netgear Switch Interface 1 0 3 set igmp mrouter 2 Web Interface Configure the Switch with a Multicast Router Using VLAN 1 Select Switching gt Multicast gt Multicast Router VLAN Configuration Chapter 13 IGMP Snooping and Querier 249 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multi Address Toble Ports LAG MEDB Multicast Router VLAN Configuration IGMP mneenine Multicast Router VLAN Configuration Configuration Interface Configuration Interface 1 0 3 zi IGMP VLAN Configuration Multicast Router Multicast Router VLAN Configuration Senn vtanto Multicast Router S gt Multicast Router VLAN Configuration mel Querier Configuration Querier VLAN Configuration MLD Snooping 2 Under Multicast Router VLAN Configuration scroll down and select the Interface 1 0 3 check box 3 Enter t
377. eronca Halp Index E a Select Security gt Control gt DHCP Snooping Global Configuration Chapter 15 Security Management 307 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Routing Security Monitoring Maintenance Help Indox Port Agthanticoton Troti Control AC DHCP Snooping Global Conliquration DHCP Snooping Global Configuration CHCE Srsupiyg Mode Cissbte Enable Configuration HAT Adimas Validation Disable Enable Banding Configuration VLAN Configuration b Porgteet Configuration DHCP Snooping Mlode Sbabetics 7 TE Ez b In the VLAN ID list select 1 c For DHCP Snooping Mode select the Enable radio button A screen similar to the following displays yaam Switching Routing security Monitoring Maintenance Miareaqereacd Sacuriby Aromes HLF taped DHCP Snooping Global Configuration Gledal Cipri DHCP Snooping Global Configuration n interface DHCP Sreopirg Harde Disable Enable Configuaration fending Configuration v Persistent VLAN Configuration Da nigur atua VLAN ID DHCP Snooping Mode EERE IEE i Wi MA Midrous Vale ation Disable Emable IP Source Guard Dynamic ARP d Click Apply 3 Configure the port through which DHCP server is reached as trusted a Select Security gt Control gt DHCP Snooping Interface Configuration A screen similar to the following displays Monitoring Mainlarnance Help indez
378. ers passwd admin Enter old password Enter new password 12345678 Confirm new password 12345678 Password Changed change the password to 12345678 Netgear Switch Config users snmpv3 authentication admin md5 Set the authentication mode to md5 Netgear Switch Config users snmpv3 encryption admin des 12345678 Set the encryption mode to des and the key is 12345678 Web Interface Configure SNMP V3 1 2 Change the user password If you set the authentication mode to MD5 you must make the length of password longer than 8 characters a Select Security gt Management Security gt User Configuration gt User Management A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index i Access Port Authentication Traffic Control ACL v User User Management Configuration User Management Manage Users gt Login 2 E Wf admin CHA jarsonas READ_WRITE q quest sek aK sok ok kK READ_ONLY b Under User Management scroll down and select the User Name admin check box Now admin appears in the User Name field at the top c In the Password field enter 12345678 d In the Confirm Password field enter 12345678 e Click Apply to save the settings Configure the SNMP V3 user Chapter 20 SNMP ProSafe M4100 and M7100 Managed Switches 920 5 sFlow sFlow is the standard for monitoring high speed switched and rou
379. erver Mode Server Maximum Entries Server Current Entries SNTP Servers IP Address Address Type Priority Version POrt Last Update Time Last Attempt Time Last Update Status Total Unicast Requests unicast broadcast 4 123 unicast 6 5 1 show sntp server 831 169 155 234 ipv4 3 NTP Srv 212 186 110 32 Server a 1 81 169 155 234 IPV4 1 4 LZ MAY 18 04 59 13 2005 MAY 18 1139 33 2005 Other IA Failed Unicast Requests 361 318 Chapter 16 SNTP ProSafe M4100 and M7100 Managed Switches Configure SNTP The example is shown as CLI commands and as a Web interface procedure CLI Configure SNTP NETGEAR switches do not have a built in real time clock However it is possible to use SNTP to get the time from a public SNTP NTP server over the Internet You may need permission from those public time servers The following steps configure SNTP on the switch 1 Configure the SNTP server IP address The IP address can be either from the public NTP server or your own You can search the Internet to locate the public server The servers available could be listed in domain name format instead of address format In that case use the ping command on the PC to find the server s IP address The following example configures the SNTP server IP address to 208 14 208 19 Netgear Switch Config sntp server 208 14 208 19 2 After configuring the IP address enable SNTP client m
380. es its default stack member number to the preconfigured switch and adds it to the stack e The stack member number configuration in the preconfigured switch changes to reflect the new information Is not found in the stack The switch stack applies the default configuration configuration to the new switch and adds it to the stack e The preconfigured information is changed to reflect the new information Is not found in the The switch stack applies the default configuration to preconfigured switch the preconfigured switch and adds it to the stack Renumber Stack Members This example is provided as CLI commands and a Web interface procedure Chapter 19 Switch Stacks 365 ProSafe M4100 and M7100 Managed Switches CLI Renumber Stack Members Note When issuing a command such as move management or renumber NETGEAR recommends that you wait until the command has fully executed before issuing the next command For example if a reset is issued to a stack member use the show port command to verify that the switch has re merged with the stack and all ports are joined before issuing the next command e If specific numbering is required NETGEAR recommends that you assign stack members their numbers when they are first installed and configured in the stack if possible e Ifthe stack unit number for a switch is unused you can renumber the unit by using the switch lt oldunit id gt renumber lt newunit id gt CLI command
381. essage type non urgent to addr admin switch com 3 Increase the severity of traps to 3 error By default it is 6 infor Netgear Switch Config logging traps 3 348 Chapter 18 Syslog Switch Stacks This chapter describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches running release 4 x x x or newer This chapter includes the following topics e Switch Stack Management and Connectivity e The Stack Master and Stack Members on page 350 e Install and Power up a Stack on page 352 e Switch Firmware on page 353 e Configure a Stacking Port as an Ethernet Port on page 355 e Stack Switches Using 10G Fiber on page 359 e Add Remove or Replace a Stack Member on page 361 e Switch Stack Configuration Files on page 363 e Preconfigure a Switch on page 364 e Renumber Stack Members on page 365 e Move the Stack Master to a Different Unit on page 368 Switch Stack Management and Connectivity You manage the switch stack through the stack master You cannot manage stack members on an individual basis To access the stack master use either a serial connection to the switch master s console port or a Telnet connection to the IP address of the stack You can use these methods to manage switch stacks e Web Management Interface e CLI over a serial connection e Anetwork management application through SNMP Chapter 19 Switch Stacks 349 ProSafe M4100 and M7100 Managed Sw
382. est priority is elected If all the priorities are equal then the candidate with the highest IP address becomes the BSR PIM SM is defined in RFC 4601 The following example describes how to configure and use PIM SM In this case set the switch B C D as RP candidate and BSR candidate Switch B will become the BSR because it has the highest priority Switch D will become the RP after RP election CLI Configure PIM SM PIM SM on Switch A 1 Enable IP routing on the switch Netgear Switch configure Netgear Switch Config ip routing 2 Enable PIM SM on the switch Netgear Switch Config ip pim sparse 3 Enable IP multicast forwarding on the switch Netgear Switch Config ip multicast 4 Enable RIP to build a unicast IP routing table Config interface 1 0 1 Interface 1 0 1 routing Interface 1 0 1 ip address 192 168 2 2 255 255 255 0 Interface 1 0 1 ip rip Netgear Netgear Netgear Chapter 28 PIM 461 462 Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Interface 1 0 1 ip pim sparse Interface 1 0 1 exit Interface Interface Interface Interface Interface Config interf
383. etgear Netgear Interface 1 0 23 ipv6 enable Interface 1 0 23 ipv6 address dhcp Interface 1 0 23 Netgear 432 Chapter 27 IPv6 Interface Configuration ProSafe M4100 and M7100 Managed Switches 3 Show the ipv6 address assigned from 1 0 23 show ipv6 interface 1 0 23 Netgear Switch IPv6 is enabled IPv6 Prefix is Routing Mode IPv6 Enable Mode Administrative Mode IPv6 Operational Mode Bandwidth Interface Maximum Transmit Unit Router Duplicate Address Detection Transmits Address DHCP Mode NS Interval Router Advertisement Router Advertisement Lifetime Router Advertisement Reachable Time Router Advertisement Interval Router Advertisement Managed Config Flag Router Advertisement Other Config Flag Router Advertisement Router Preference Router Advertisement Suppress Flag IPv6 Destination Unreachables PECO E291 F5PF FE06 2BF6 128 20002 5 1DSC 7CRE 828F 6144 7128 Enabled Enabled DHCP 1 Disabled Disabled medium Disabled Enabled Web Interface Configure DHCPv6 mode on routing interface 1 Enable IPv6 unicast globally a Select Routing gt IPv6 gt Basic gt Global Configuration A screen similar to the following displays system Switching Routing Routing Table IP WLAN ARP RIP OSPF IPv6 Global Configuration Y Basic Global Configuration 2 Route Table gt Advanced IPv6 Global Configuration IPv Unicast Routing IPvG Porey
384. etgear Switch Config exit Netgear Switch Vlan vlan association mac 00 00 00A 00 00 02 3 Vian exit vlan data Netgear Switch Netgear Switch 4 Add all the ports to VLANS Netgear Switch config it Netgear Switch Config interface range 1 0 1 1 0 28 conf if range 1 0 1 1 0 28 vlan participation include 3 conf if range 1 0 1 1 0 28 exit Netgear Switch Netgear Switch Netgear Switch Config exit Web Interface Assign a MAC Based VLAN 1 Create VLANS a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index STP Multicast Address Table Ports LAG v Basic VLAN Configuration VLAN Configuration Reset Advanced Reset Configuration LAN Configuration VLAN3 Default Default VLAN2 Static b Enter the following information e Inthe VLAN ID field enter 3 e Inthe VLAN Name field enter VLANS3 e Inthe VLAN Type list select Static c Click Add 2 Assign ports to VLANS a Select Switching gt VLAN gt Advanced gt VLAN Membership 26 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help STP Multicast Address Table Ports LAG gt Basic VLAN Membership Advanc
385. ettings 4 Assign an IPv6 address to 1 0 1 a Select Routing gt IPv6 gt Advanced gt Prefix Configuration A screen similar to the following displays System T Switching Routing T Security Monitoring Maintenance Help Index Routing Table IP gt Basic Advanced Global Configuration Interface Configuration gt Prefix Configuration gt Statistics Neighbour Table Static Route Configuration Route Table Route Preference Tunnel Configuration VLAN ARP RIP OSPF OSPFw3 Router Discovery VRRP Multicast IPv6 Prefix Configuration IPv6 Interface Selection Interface IPv6 Interface Configuration Yalid Life Ferre pve Prefix Prefix Length a are cece Time Life Time Ea D FEGO 222 3FFF FE9E 955D 126 b In the Interface field select 1 0 1 c Enter the following information In the IPv6 Prefix field enter 2001 1 1 In the Prefix Length field enter 64 In the EUI64 field select Disable d Click Add to save the settings Chapter 30 MLD ProSafe M4100 and M7100 Managed Switches 5 Assign an IPv6 address to 1 0 13 a Select Routing gt IPv6 gt Advanced gt Prefix Configuration A screen similar to the following displays System Switching Routing Gos Security Monitoring Maintenance if Help Index Routing Table IP VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic IPv6 Prefix Configuration
386. ettings for all global and interface specific settings that define the operation of the stack and individual members Once a save config command is issued all stack members store a copy of the configuration settings If a stack master becomes unavailable any stack member assuming the role of stack master will operate from the saved configuration files When a new out of box switch joins a switch stack it uses the system level settings of that switch stack However if you want it to store this system level configuration you must issue a save config command You back up and restore the stack configuration using the copy command the same way that you would for standalone switch configuration Chapter 19 Switch Stacks 363 ProSafe M4100 and M7100 Managed Switches The following table provides switch stack configuration scenarios Most of the scenarios assume at least two switches are connected through their stacking ports Table 1 Switch Stack Master Scenarios Stack master election specifically Connect two powered on switch stacks Only one of the stack masters determined by existing stack through the stacking ports becomes the new stack master masters No other stack members become Note This is not recommended the stack master Stack master election specifically Connect two switches through their The stack member with the determined by the stack member stacking ports higher priority value is elected priority value e Us
387. etwork Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 24 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 24 2 Create VLAN 48 with IP address 192 168 48 1 Chapter10 ACLs 161 ProSafe M4100 and M7100 Managed Switches a Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Cho security Monitoring Maimnbtenance Help Routing Tabla IP ARP RIP OSPF Router Discovery VRRP v VLAN Routing VLAN Routing Wizard Wizard gt VLAN Routing VLAN Routi ng Wizard T IP Address Natok Mask 255 255 255 0 Port 1i 2 3 4 5 6 7 6 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 TETEEETETETEHET 49 50 51 52 b Enter the following information e Inthe Vlan ID field enter 48 e Inthe IP Address field enter 192 168 48 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 48 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 48 3 Create VLAN 38 with IP address 10 100 5 34 a Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP ARF RIP OSPF Rou
388. ex IP VLAN ARP RIP OSPF Router Discovery VRRP Route Configuration Configure Routes E Static G E 10 10 20 0 255 255 255 255 255 0 0 192 168 1 1 I D mera 0 0 0 0 0 0 0 0 10 10 10 2 DefaultRoute Learned Routes Route Network Next Hop Next Hop IP Subnet mask Protocol Preference Metri Type Addres Interface Addres 2 In the Route Type list select Static 3 Fill in the Network Address field Note that this field should have a network IP address not a host IP address Do not enter something like 70 100 100 1 The last number should always be 0 zero 4 Inthe Subnet Mask field enter a value that matches the subnet range that you want to use 5 The Preference field is optional A value of 1 is entered by default if you do not enter a number 6 Click the Add button on the bottom of the screen The screen is updated with the static route shown in the routing table 7 To remove a route entry either static or default select the check box to the left of the entry and click the Delete button on the bottom of the screen Chapter 4 Port Routing 67 VLAN Routing This chapter provides the following examples e Create Two VLANs on page 68 e Set Up VLAN Routing for the VLANs and the Switch on page 73 You can configure the M4100 and M7100 Managed Switch with some ports supporting VLANs and some supporting routing You can also configure it to allow traffic on a VLAN to be treated as if the
389. exit Config interface 1 0 15 Interface 1 0 15 routing Interface 1 0 15 ip address 192 168 20 2 255 255 255 0 Interface 1 0 15 ip ospf Interface 1 0 15 ip ospf areaid 0 0 0 1 Interface 1 0 15 exit Config exit show ip route Total Number of Routes 1 Network Address 92 2 OO x200 Subnet Next Hop IP Address OSPF Inter 1707 19 192 168 20 1 ZOO 2IL L900 Local 170715 Les TOS 2032 Web Interface Configure Area 1 as a Stub Area on A2 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Routing Table Basic gt IP Configuration Statistics gt Advanced Switching Routing Security Monitoring Maintenance Help Index VLAN ARP RIP OSPF Router Discovery VRRP IP Configuration IP Configuration Default Time to Live 30 Routing Mode Disable Enable IP Forwarding Mode Disable Enable Maximum Next Hops 2 Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches b For Routing Mode select the Enable radio button c Click Apply to save the settings 2 Assign IP address 192 168 10 1 to port 1 0 15 a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP OSPF Router Discovery VRRP
390. face 1 0 2 Interface 1 0 2 routing Interface 1 0 2 ip address 192 150 2 1 255 255 255 0 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 routing Interface 1 0 3 ip address 192 150 3 1 255 255 255 0 Interface 1 0 3 exit Config exit 3 Specify the router ID and enable OSPF for the switch Set disable1583 compatibility to prevent a routing loop Netgear Netgear Netgear Netgear config ine cans ospf router enable router router id 192 150 9 9 router no 1583compatibility Config router exit Config exit config Config interface 1 0 2 Interface 1 0 2 ip ospf Interface 1 0 2 ip ospf areaid 0 0 0 2 Interface 1 0 2 ip ospf cost 32 Interface 1 0 2 Interface 1 0 2 ip ospf priority 128 exit Config interface 1 0 3 Interface 1 0 3 ip ospf Interface 1 0 3 ip ospf areaid 0 0 0 3 Interface 1 0 3 ip ospf cost 64 Interface 1 0 3 ip ospf priority 255 Interface 1 0 3 exit Config exit Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches Web Interface Configure an Inter area Router 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP
391. fig ip routing Contig ip route 192 168 4020 255 255 2255 0 192 108 2002 Contig ip route 192 168 50 0 255 255 255 0 192 168 200 2 5 Create an ACL that denies all the packets with TCP flags syn ack Netgear Switch Config access list 101 deny tcp any flag syn ack 6 Create an ACL that permits all the IP packets Netgear Switch Config access list 102 permit ip any 7 Apply ACLs 101 and 102 to port 0 44 the sequence of 101 is 1 and of 102 is 2 Step 2 Configure the GSM7352S See Figure 17 One Way Web access using a TCP flag in an ACL on page 142 1 Netgear Switch Netgear Switch Netgear Switch Netgear Switch Enter the following commands Config interface 0 44 Interface 0 44 ip access group 101 in 1 Interface 0 44 ip access group 102 in 2 Interface 0 44 exit Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches 2 Create VLAN 40 with port 1 0 24 and assign IP address 192 168 40 1 24 Netgear Switch vlan database Netgear Switch Vlan vlan 40 Netgear Switch Vlan vlan routing 40 Netgear Switch configure Netgear Switch Config interface 1 0 24 Netgear Switch Interface 1 0 24 vlan pvid 40 Netgear Switch Interface 1 0 24 vlan participation include 40 Netgear Switch Interface 1 0 24 exit Netgear Switch Config interface vlan 40 Netgear Switch Interface vlan 40 routing Netgear Switch Interface vlan 4
392. figuration Route Redistribution z Switching ij Qos OSPF Routing Security IPvS VLAN ARP Interface Configuration Interface Configuration Interface Send Version Receive Version RIP Admin Mode Authentication Type b In the Interface list select 1 0 22 c For RIP Admin Mode select the Enable radio button d Click Apply 7 Enable RIP on interface 1 0 24 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Routing Table IP gt Basic Advanced RIP Configuration Interface Configuration Route Redistribution i Switching QoS OSPF Routing Security Pwd VLAN ARP Interface Configuration Interface Configuration Interface Send Version Receive Version RIP Admin Mode Authentcaton Type b In the Interface list select 1 0 24 c For RIP Admin Mode select the Enable radio button d Click Apply 8 Enable multicast globally a Select Routing gt Multicast gt Global Configuration OSPFy3 OSP i Monitoring Router Discovery 1 0 22 Disable i Enable Monitoring Router Discovery Disable f Enable O None VRRP VRRP Maintenance Multicast Multicast Help Maintenance Chapter 28 PIM Index 483 484 A screen similar to the following displays System Routing Table IP Mroute Table Global Conf
393. flow sampler 1 Netgear Switch Interface 1 0 1 sflow sampler rate 1024 k k T Netgear Switch Interface 1 0 1 sflow sampler maxheadersize 64 5 View the sampling port configurations GSM7328S show sflow samplers Sampler Receiver Packet Max Header Data Source Sampling Rate Web Interface Configure Statistical Packet based Sampling with sFlow 1 Configure the sFlow receiver IP address a Select Monitoring gt sFlow gt Advanced gt sFlow Receiver Configuration b Select the 1 check box c In the Receiver Owner field enter NetMonitor d In the Receiver Timeout field enter 31536000 Chapter 20 SNMP 375 ProSafe M4100 and M7100 Managed Switches e Inthe Receiver Address field enter 192 168 10 2 A screen similar to the following displays Sy iheni Seii hime Rouling Gad Securiby Monitoring Mointanansa Help indar asie sFlow Receiver Configuration Adwanced a aFlow Agent slows Receiver Configuration i hes hiin Receiver p Recelver Plast rem Recelver Datagram Ganigera i er Receiver Part Dine Tine Datagram Sie Address Version a Fine Irterniace i wi iMetMonitor A SLEGEODD EC EE EE OOOO Tenigursian f Click Apply A screen similar to the following displays O Basic sFlow Receiver Configuration w Advanced Fiw geni sFiow Receiver Configuration T gt shira im Receiver Heceiwer Faime Bevceivwer Datagram Ce vigureepe Hecehner ener z Recetver Port
394. g Maintenance Help Index Routing Table VLAN ARP RIP OSPF Router Discovery VRRP Basic IP Configuration IP Configuration IP Configuration Statistics Default Time to Live 30 gt Advanced Routing Mode Disable Enable IP Forwarding Mode Disable Enable Maximum Next Hops 2 b For Routing Mode select the Enable radio button C Click Apply to save the settings 2 Assign IP address 192 150 2 2 to port 1 0 2 a d Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP IP Interface Configuration Configuration Configuration Go To Interface GO Statistics IP Interface VAN EF ai outin ministrative Configuration Interface Description IP Address Subnet Mask 9 Mode Mode Secondary IP c L 0 0 0 0 0 0 0 0 Disable Enable Scroll down and select the interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top Enter the following information e Inthe IP Address field enter 192 150 2 2 e Inthe Network Mask field enter 255 255 255 0 e Inthe Admin Mode field select Enable Click Apply to save the settings 3 Assign IP address 192 130 3 1 to port 1 0 3 a select Routing gt IP gt Advanced gt IP Interface Configuration Chapter 7 OSPF ProSaf
395. g Maintenance Help Index LAN STP Multicast Address Table Ports LAG MAC Based VLAN Configuration Configuration oo D Configuration i MAC Address LAN ID VLAN Membership Chapter 2 VLANs 27 ProSafe M4100 and M7100 Managed Switches b Enter the following information e Inthe MAC Address field enter 00 00 0A 00 00 02 e Inthe PVID 1 to 4093 field enter 3 c Click Add Create a Protocol Based VLAN Create two protocol VLAN groups One is for IPX and the other is for IP ARP The untagged IPX packets are assigned to VLAN 4 and the untagged IP ARP packets are assigned to VLAN 5 CLI Create a Protocol Based VLAN 1 Create a VLAN protocol group vian_ipx based on IPX protocol Netgear Switch config Netgear Switch Config vlan protocol group vlan_ipx Netgear Switch Config vlan protocol group add protocol 1 ipx 2 Create a VLAN protocol group vian_ipx based on IP ARP protocol Netgear Switch Config vlan protocol group vlan_ip Netgear Switch Config vlan protocol group add protocol 2 ip Netgear Switch Config vlan protocol group add protocol 2 arp Netgear Switch Config exit 3 Assign VLAN protocol group 1 to VLAN 4 vlan database Netgear Switch Vlan vlan 4 Netgear Switch Netgear Switch Vlan vlan 5 Netgear Switch Vlan protocol group 1 4 4 Assign VLAN protocol group 2 to VL
396. g Security Monitoring Mointenonce Routing Table IP ARP OSPF Reuter Diseove LAN Routing VLAN Routing Wizard Wizard gt VLAN Routing VLAN Routing Wizard a a ee so LAG Enabled 192 168 50 1 Network Mask 299 290 000 0 Port 1 2 3 4 5 6 T 8 9 10 11 1 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 b Enter the following information e Inthe Vlan ID field enter 50 e Inthe IP Address field enter 192 168 50 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display Chapter10 ACLs 155 ProSafe M4100 and M7100 Managed Switches d Click the gray box under port 25 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 50 3 Create VLAN 200 with IP address 192 168 200 2 24 a Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays Security Monitoring Maintenance Help System Switching Routing QoS Routing Table IF ARP RIP OSPF Router Discovery VRRP v VLAN Routing VLAN Routing Wizard Wizard gt LAN Routing VLAN Routing Wizard Wlan ID 200 LAG Enabled E 192 168 200 2 Network Mask 255 255 295 0 Fort l 2 3 4 5 6 7 E F 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 U 49 50 51 52 b Enter
397. gement 289 290 ProSafe M4100 and M7100 Managed Switches Make sure that 1 0 12 and 1 0 6 are configured as force authorized before you do this step otherwise you cannot access the switch through the Web Interface a Select Security gt Port Authentication gt Basic gt 802 1x Configuration A screen similar to the following displays Switching Routing System Management Security Access Basic BO2 1 Configuration gt Advanced Administrative Mode WLAN Assignment Mode Authentication List Qo5 security Monitoring Maintenance Help Index Traffic Control Control ACL 802 1 Configuration 802 1 Configuration Disable Enable i Disable C Enable admin defaultlist defaultList b For Administrative Mode select the Enable radio button c Click Apply to save settings 5 Configure the dot1x authentication list a Select Security gt Management Security gt Authentication List gt Dot1x Authentication List A screen similar to the following displays System Switching Routing i Access gt Local User Port Authentication Qos Security Monitoring Maintenance Help Index Trattic Control Control i Dot1lx Authentication List Dotix Authentication List Authentication List Login Authentication List Enable Authentication List Dotix Authentication a defaultList PF Tustiame ft 3 LocaL z Local
398. gt Interface Configuration Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Routing Table IP VLAN ARP i i OSPF Router Discovery VRRP Interface Configuration RIP Configuration Interface Configuration Interface P R 1 0 11 Configuration f Send Version Route Redistribution Receive Version Both xl RIP Admin Mode Disable Enable Authentication Type None 7 b Enter the following information C e Inthe Interface field select 1 0 11 e For RIP Admin Mode select the Enable radio button Click Apply to save the settings 6 Enable OSPF on port 1 0 15 a d Select Routing gt OSPF gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Routing Table IP VLAN ARP RIP Router Discovery VRRP Interface Configuration Interface Configuration Configuration Common amp 4rea Configuration OSPF Router Retransmit Hello Stub Area Interface OSPF Area ID Admin Priority 0 to Interval 0 Interval 1 Configuration Mode 255 to 3600 to 65535 NSSA Area Configuration Srea Range A Configuration 5 Interface T Configuration gt Ne ld giste ADLE E Mezea 10 0 Disable 170 2 Anank Disable 1 0 3 0 0 Disable 1 0 4 0 0
399. gt Multicast gt PIM gt Global Configuration A screen similar to the following displays System Switching FREI Routing Tabla gt Mroute Table gt Global Configuration gt Interface Configuration gt DYMRP gt IGMP PIM Global Configuration 2 SSM Configuration Security IF 1 Pi ARP RIF OSPF OSPFva PIM Global Configuration PIM Global Configuration PIM Protocol Type Admin Mode Data Threshold Rate Kbps Register Threshold Rate Kbps OSPFy3 OSPR Monitoring Index Help Maintenance Router Discovery VRRP Multicast 1 0 13 C Disable Enable Select Routing gt Multicast gt Global Configuration Monitoring Maintenance Help VRRP Router Discovery Disable j Enable Non Operational 256 No Protocol Enabled 0 For Admin Mode select the Enable radio button Monitoring Maintenance Help Router Discovery WVREP Pe Mulhicasi PIM DM PIM SM C Disable f Enable o 0 to 2000 0 0 to 2000 Chapter 28 PIM 469 ProSafe M4100 and M7100 Managed Switches b For PIM Protocol Type select the PIM SM radio button c For Admin Mode select the Enable radio button d Click Apply 10 Enable PIM SM on interfaces 1 0 1 1 0 9 and 1 0 13 a Select Routing gt Multicast gt PIM gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help index Routing Table IP IP
400. guration select the 1 0 1 interface check box Now 1 0 1 appears in the Interface field at the top c In the Promiscuous Primary VLAN field enter 100 d In the Promiscuous Secondary VLAN field enter 101 102 e Click Apply to save the settings Chapter 2 VLANs 53 LAGs Link Aggregation Groups This chapter provides the following examples e Create Two LAGs on page 55 e Add Ports to LAGs on page 56 e Enable Both LAGs on page 59 Link aggregation allows the switch to treat multiple physical links between two endpoints as a single logical link All the physical links in a given LAG must operate in full duplex mode at the same speed LAGs can be used to directly connect two switches when the traffic between them requires high bandwidth and reliability or to provide a higher bandwidth connection to a public network Management functions treat a LAG as if it were a single physical port You can include a LAG in a VLAN You can configure more than one LAG for a given switch Port 1 0 3 Subnet 3 ie Port 1 0 2 Caan LAG 10 e e e A Eri Port 1 0 8 Port 1 0 9 LAG 20 LAG 20 Layer 3 Switc Layer 2 Switch ssbeieail Subnet 2 vse dh el dd as Figure 6 Example network with two LAGs LAGs offer the following benefits e Increased reliability and availability If one of the physical links in the LAG goes down traffic is dynamically and transparently reassigned to one of the other
401. h config Netgear Switch Config interface 1 0 2 1 0 3 Netgear Switch Interface 1 0 2 1 0 3 switchport private vlan host association 100 101 Netgear Switch Interface 1 0 2 1 0 3 exit Netgear Switch Config interface 1 0 4 1 0 5 Netgear Switch Interface 1 0 4 1 0 5 switchport private vian host association 100 102 Netgear Switch Interface 1 0 4 1 0 5 end Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches Web Interface Assign Private VLAN Port Host Ports 1 Associate isolated ports 1 0 2 1 0 3 to a private VLAN primary 100 secondary 101 a d e Select Security gt Traffic Control gt Private VLAN gt Private VLAN Host Interface Configuration A screen similar to the following displays Syriam Switching Routing QoS Security Monitoring Mointenonce Help lindax Peller cena crea r aT hy Aue ceili Pest Auth aalcotion I Conta ACI gt MAC Filter Private VLAN Host Interface Configuration Port Security ir eona Privala Group Private VLAN Host Interlace Configuration gt Protected Port 1 LAGS All Go To Interface Private Wan ae Host Primary WLAN Host Secondary VLAN t Ps Private Vien Type 2 te 4093 2 te 4093 Stalin L 2 Poveate Vian Assocation Cenhiguratian Provete Vlen Port Mode Configuration Prranbg Wlan Hirt Imgrieze Configurar Dperalional VLAM Under Private VLAN Host Interface Configuration select the 1 0 2 an
402. he ACL ID list select 102 c Click Add 152 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches The Extended ACL Rule Configuration screen displays System Switching Rouling Qos Security Monitoring Maintenance Help Index Monogemen Security Accoss Port Authentication Trafic Contre gt Basic Extended ACL Rule Configuration t Advanced gt TP ACL Extended ACL Rule Configuration 100 199 IF Rules z IF Extended Rules S amp L L102 IF Binding Rule ID 1 to 24 E Configuration Action Binding Table Permit Egress Queue 0 to 7 C Deny False Ig Aore F ACE ignore URG l to 65535 liD to 65535 d Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections e Inthe Rule ID field enter 1 e For Action select the Permit radio button e Inthe Match Every field select False e Inthe Protocol Type list select IP e Click Apply to save the settings 11 Apply ACL 101 to port 44 a Select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays QoS Security i Monitoring System Switching Routing Mointenance Help Index Monogement Security Ae capa Fort duu rendition i Cantal gt Basic IP Binding Configuration Advanced IP ACL Binding Configuration m IP Rules ACL IG gt IP Extended Rules Sequence Humber 1 to 4294967295 g
403. he following examples e Configure MLD on page 506 e MLD Snooping on page 519 Multicast Listener Discovery MLD protocol enables IPv6 routers to discover multicast listeners the nodes that are configured to receive multicast data packets on its directly attached interfaces The protocol specifically discovers which multicast addresses are of interest to its neighboring nodes and provides this information to the active multicast routing protocol that makes decisions on the flow of multicast data packets Periodically the multicast router sends general queries requesting multicast address listener information from systems on an attached networks These queries are used to build and refresh the multicast address listener state on the attached networks In response to the queries multicast listeners reply with membership reports These membership reports specify their multicast addresses listener state and their desired set of sources with current state multicast address records The multicast router also processes unsolicited filter mode change records and source list change records from systems that want to indicate interest in receiving or not receiving traffic from particular sources Chapter 30 MLD 505 Configure MLD ProSafe M4100 and M7100 Managed Switches In this case PIM DM is enabled on Switch A and Switch B and MLD is enabled on Switch B s port 1 0 24 to discover the multicast listeners 2001 2 65 Port 1 0 13 P
404. he following information in the Multicast Router VLAN Configuration e Inthe VLAN ID field enter 2 e Inthe Multicast Router field select Enable 4 Click Apply IGMP Querier 250 When the switch is used in network applications where video services such as IPTV video streaming and gaming are deployed the video traffic is normally flooded to all connected ports because such traffic packets usually have multicast Ethernet addresses IGMP snooping can be enabled to create a multicast group to direct that traffic only to those users that require it However the IGMP snooping operation usually requires an extra network device usually a router that can generate an IGMP membership query and solicit interested nodes to Chapter 13 IGMP Snooping and Querier ProSafe M4100 and M7100 Managed Switches respond With the built in IGMP querier feature inside the switch such an external device is no longer needed Video Streaming device NETGEAR _ Prosate 4 Line FM Ganeway Switch HETET TE IGMP query Video i IGMP query IGMP query IGMP response Notebook PC Figure 26 IGMP querier Since the IGMP querier is designed to work with IGMP snooping it is necessary to enable IGMP snooping when using it The following figure shows a network application for video streaming service using the IGMP querier feature Enable IGMP Querier The example is shown as CLI commands and as a Web interface procedure
405. he master Power up this switch first 4 Monitor the console port Allow this switch to come up to the login prompt If the switch has the default configuration it should come up as unit 1 and automatically become a master switch If not renumber the units 5 If you want to configure switches offline preconfigure the other switches to be added to the stack See Preconfigure a Switch on page 364 6 Power on a second switch making sure it is adjacent the next physical switch in the stack to the switch already powered up This ensures that the second switch comes up as a member of the stack and not a master of a separate stack 7 Monitor the master switch to see that the second switch joins the stack Use the show switch command to determine when the switch joins the stack It will be assigned a unit number unit 2 if it has the default configuration 8 Renumber this stack member if you want See Renumber Stack Members on page 365 for recommendations for renumbering stack members Repeat steps 6 through 8 to add members to the stack Always power on a switch adjacent to the switches already in the stack Switch Firmware All stack members must run the same firmware version This helps ensure full compatibility in the stack protocol version among the stack members lf a stack member is running a different firmware version than the stack master that stack member is not allowed to join the stack Use the show switch command to
406. hing Routing QoS Security Monitoring Maintenance Help Routing Table IP IPv ARP OSPF OSPFv3 Routor Discovery VRRP IPv6 Multicast PIM Candidate RP Configuration gt Mroute Table gt Global Configuration gt Interface Configuration gt DYMRP gt IGMP PIM gt Global Configuration gt SSM Configuration Interface Configuration gt PIM Neighbor Candidate RP Configuration gt BSR Candidate Configuration PIM Interface Selection Interface PIM Candidate RP Configuration Group Address Group Mask m Eie ies i In the Interface list select 1 0 22 In the Group IP field enter 225 1 1 1 In the Group Mask field enter 255 255 255 0 Click Add 12 Set up BSR Candidate configuration a Select Routing gt Multicast gt PIM gt BSR Candidate Configuration Chapter 28 PIM Des Rou 485 486 29 5 e ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Se security Monitoring Maintenance Help Routing Tabla gt Mroute Table Global IP Povo i ARP OSPF OSPFva Router Discovery VRRP MulHca Peb Multicast PIM BSR Candidate Configuration PIM BSR Candidate Configuration Configuration gt Interface Interface Configuration Hash Mask Length 0 32 gt DYMRP gt Global Configuration SSM BSR Expiry Time hhimmiss Priority 0 te 255 IP Addrass Next bootstrap Message hh mmss Next C
407. hing Routing QoS Security Monitoring Maintenance Help Index STP Multicast Address Table Ports LAG Basic VLAN Configuration VLAN Configuration Reset gt Advanced _ Reset Configuration LAN Configuration anmo Seanno vanme O Se a ET ef Default Default b Enter the following information In the VLAN ID field enter 200 In the VLAN Name field enter VLAN200 In the VLAN Type field select Static c Click Add 2 Add ports 1 0 6 1 0 7 1 0 16 and 1 0 17 to VLAN 200 a Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index STP Multicast Address Table Ports LAG WLAN Membership LAN Membership Configuration LAN ID Group Operation Untag All X gt VLAN Membership EP LAN200 UNTAGGED PORT MEMBERS VLAN Status l s VLANT TAGGED PORT MEMBERS MAC Based VLAN lat stole i a Port PVID a Configuration Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Port DYLAN Configuration CR ae ES Se eh an Eh a a E Ss a eh Se ee a 25 26 27 28 Chapter 24 Double VLANs and Private VLAN Groups ProSafe M4100 and M7100 Managed Switches e Under VLAN Membership in the VLAN ID list select 200 Click Unit 1 The ports display Click the gray boxes under ports 6 7 16 and 17 until U displays The U specifies that the egress pac
408. ia j 1 to 16777215 Configuration Metric Type External Type 2 NSSA Area Configuration Area Range OSPF Configuration Configuration Router ID 192 150 9 9 Interface P T OSPF Admin Mode Configuration Neighbor Table ASBR Mode Disabled Link State RFC 1583 Compatibility Disable Database ABR Status Virtual Link Exit Overflow Interval secs o Oe 0 to 2147483647 Extemal LSA Count Configuration Under OSPF Configuration enter the following information e Inthe Router ID field enter 192 150 9 9 e Inthe OSPF Admin Mode field select Enable Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches e Inthe RFC 1583 Compatibility field select Disable c Click Apply to save the settings 5 Enable OSPF on port 1 0 2 a Select Routing gt OSPF gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP Router Discovery VRRP gt Basic Interface Configuration Advanced OSPF Interface Configuration Configuration Go To Inte Common 4rea Configuration OSPF Router Retransmit Hello eee la Stub 4rea Interface OSPF Area ID Admin Priority 0 to Interval 0 Interval 1 a vit Bede Configuration Mode 255 to 3600 to 65535 2147483647 NSS4 Area sie ES a a rea Range Disable Configuration 6 e Interface Configuratio
409. iach Pretocal JP Bosding fa ni Achan Logging iiss 4 a i oe Int Zs E i E rind rd TCP Flag IP a el E dit i ae N i Configuration IEE terimi tert ace wary eywg addret r Binding Table 180 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches b Click Add Sy shen Monpgenan erur ity gt Basic Advanced t FP ADL 2 IP Rules a JP Extended Rules r IFE ACL Pye Rules JF Binding Configuration Binding Table Wlan Birding Table Switching and the Extended ACL Rule Configuration screen displays Security Mointenones Index Routing Monitoring Help Accomey Forn Aufhantcooten Troti Contra Donia Extended ACL Rule Configuration Extended ACL Rule Configuration 100 199 ACL 1D Hamne redirectHTTP Fale TE i Action 2 Deny Desshle Pan Legging Enable 1 0 13 False Dier r FREG RET hp IF OSCR IP Precedence IP T S In the Rule ID field enter 1 For Action select the Permit radio button In the Redirect Interface list select 1 0 19 In the Dst L4 Port list select http moao in this procedure 3 Create a rule to match every other traffic a Select Security gt ACL gt Advanced gt IP Extended Rules A screen similar to the following displays Syren Sei behing Routing Mon Per ing Maintenance Halp indas MMonogeemant Security Asoebi Parn dufhentication Click Apply The Extended ACL Rules screen displays as described in the next st
410. icast VLAN source port to the VLAN tag used by the receiver port The Multicast VLAN is the VLAN that is configured in the specific network for MVR purposes It has to be manually specified by the operator for all source ports in the network Itis a VLAN that is used to transfer multicast traffic over the network to avoid duplication of Chapter 14 MVR Multicast VLAN Registration 255 ProSafe M4100 and M7100 Managed Switches multicast streams for clients in different VLANs A diagram of a network configured for MVR is shown in the following illustration SP is the source port and FP is the receiver port Multicast source HNI nin j HL If I m H Hy i IGMP GSM7328Sv2 UY T UIT UT eT Pe ote eee ee VSS bm oy SP VLAN 999 MVR GSM7212P nh Alf HH Ih lji RP VLAN 1001 RP VLAN 1003 A San 2S a A Q Multicast client J lj i Hi A RP VLAN 1002 Multicast client tl Hn j nny mama i HL P lif j I i fi Multicast client Figure 27 Network configured for MVR Note The following examples show how to configure the MVR on the MVR switch GSM7212P in this case Configure MVR in Compatible Mode In compatible mode the MVR switch does not learn multicast groups the groups have to be configured by the operator as the MVR does not forward IGMP reports from the hosts RP port to the IGMP router SP port To operate i
411. ick Apply 15 Set the CoS queue 1 configuration for interface 1 0 5 a Select QoS gt CoS gt Advanced gt Interface Queue Configuration 214 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index i DiffServ Interface Queue Configuration Interface Queue Configuration Configuration A eg oe TFS so 802 1p Queue Mapping TAE TRE eaii Minimum Scheduler REM ee IP Precedence Bandwidth Type ae a Queue Mapping ootan C BSc RE Mapping 10 1 weighted Cera CoS Interface z 170 2 0 0 0 0 weighted taildrop Configuartion 170 3 0 o weighted taildrop 0 0 Interface Queue T Configuration 10 4 weighted taildrop a b Scroll down and select the Interface 1 0 5 check box Now 1 0 5 appears in the Interface field at the top c In the Queue ID list select 1 d In the Minimum Bandwidth field enter 25 e Click Apply 16 Set the CoS queue 2 configuration for interface 1 0 5 a Select QoS gt CoS gt Advanced gt Interface Queue Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Interface Queue Configuration Interface Queue Configuration Configuration Go To Interface Go 602 1p Queue Mapping a Minimum Scheduler mgt Interface Management IP Precedence Bandwidth Ty
412. ign queue 6 Netgear Switch Config policy map exit 6 Attach the policy policy_icmpv 6 to interfaces 1 0 1 1 0 2 and 1 0 3 Switch Config interface 1 0 1 Switch Interface 1 0 1 service policy in policyicmpv6 Switch Interface 1 0 1 exit Switch Config interface 1 0 2 Switch Interface 1 0 2 service policy in policyicmpv6 Switch interface 1 0 2 4 exit Switch Config interface 1 0 3 Switch Interface 1 0 3 service policy in policyicmpv6 Switch Interface 1 0 3 exit 230 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches Web Interface Configure DiffServ for IPv6 1 Create the IPv6 class classicmpv 6 a Select QoS gt DiffServ gt Advanced gt IPv6 Class Configuration A screen similar to the following displays Sytem Switching Fouling Qe Security Manitoring Maintenance O Diser Wizard IPv6 Class Name Pve Class Mame Oitserv Configuration a Clars Canhguratied e Wya Clas In the Class Name field enter classicmpv6 c In the Class Type list select All A screen similar to the following displays System Sertching Routing BEREE Security Monitoring Maintenance Les gt Diffserv Wizard IPw Class Name gt Auto VoIP gt Basic 1Pv Class Name Advanced 2 Daer n u C claps Class Hame Clars Type Configuration gt IF wh Chase Configurator d Click Add to create the IPv6 class A screen similar to the following dis
413. iguration Interface Configuration DYMRP gt Static Routes Configuration Admin Boundary Configuration _ Switching Qo05 ARP RIP Routing security Iv VLAN es Global Configuration Global Configuration Admin Mode Protocol State Table Maxinuum Entry Count Protocol Table Entry Count OSPR3 ProSafe M4100 and M7100 Managed Switches Maintenance Monitoring Help Index VRRP Router Discovery Disable Enable Non Operational 256 No Protocol Enabled 0 b For Admin Mode select the Enable radio button c Click Apply 9 Enable PIM SM globally a Select Routing gt Multicast gt PIM gt Global Configuration A screen similar to the following displays System Routing Table IP gt Mroute Table gt Global Configuration gt Interface Configuration gt DYMRP gt IGMP Configuration Switching IPv Routing Security VLA ARP RIP OSPF OSPFv3 PIM Global Configuration PIM Global Configuration PIM Protocol Type Admin Mode Data Threshold Rate Kbps oO Register Threshold Rate Kbps o Monitoring Router Discovery Maintenance Help VWREP Ped Aeulicenst C PIM DM PIM SM C Disable Enable Oto 2000 0 to 2000 b For PIM Protocol Type select the PIM SM radio button c For Admin Mode select the Enable radio button d Click Apply 10 Enable PIM SM on interfaces 1 0 21 1 0 22 and 1 0 24 a Select Routing gt
414. iguration A screen similar to the following displays Security Monitoring Maintenance Help Index QoS ARP RIP System Switching Routing Routing Table IP il eu VLAN OSPF OSPFv3 Router Discovery VRRP Multicast Basic IPv6 Global Configuration 2 Global Configuration Route Table gt Advanced IPv6 Global Configuration IPv6 Unicast Routing IPv Forwarding Disable Enable Disable Enable Hop Limit 1000 100 0 to 255 ICMPy6 Rate Limit Error Interval 0 to 2147483647 mecs ICMP w6 Rate Limit Burst Size 1 te 200 b For IPv6 Unicast Routing select the Enable radio button c For IPv6 Forwarding select the Enable radio button d Click Apply 3 Create a routing interface and assign an IP address to it Chapter 26 Tunnel 417 418 a C ProSafe M4100 and M7100 Managed Switches Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System switching Routing security Monitoring Maintenance Help Index Routing Table Pei YLAN ARP RIP OSPF OSPF3 Router Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced gt IP Configuration IP Interface Configuration Statistics gt IP Interface Configuration Routing Administrativa gt Secondary IP Port Description IP Address Subnet Mask a Mode Mode 132 168 1 1 Enable j Under IP Interface Configurat
415. iguration ee rece __ Admin Mode Disable K Enable Configuration i i EAEN cee A T a gt DYMRP IGMP Global b For Admin Mode select the Enable radio button c Click Apply 12 Enable IGMP on interface 1 0 24 a Select Routing gt Multicast gt IGMP gt Interface Configuration Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Routing Tablo IP IPw VLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP gt Mroute Table IGMP Routing Interface Configuration gt Global Configuration IGMP Routing Interface Configuration gt Interface L All Go To Interface Gaa Configuration gt DYMRP Query ees Last Admin Query MEF startup SrArIUD Member IGMP Interface Version Robustness Query Query ie Mode Interval Response Query Global Interval Count Time Interval Configuration rouo mnene MIERE vwo WE Ee E EC af ab i E Configuration fe b Scroll down and select the interface 1 0 24 check box C d In the Admin Mode field select Enable Click Apply to save the settings Chapter 28 PIM 459 ProSafe M4100 and M7100 Managed Switches PIM SM Protocol independent multicast sparse mode PIM SM is used to efficiently route multicast traffic to multicast groups that can span wide area networks where bandwidth is a constraint Source ef
416. iguration Sand Version Route Receive Version Redistribution RIP Admin Mode Authentication Type b In the Interface field select 1 0 9 c For RIP Admin Mode select the Enable radio button d Click Apply 7 Enable RIP on interface 1 0 13 a Select Routing gt RIP gt Advanced gt Interface Configuration 468 Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing IP Routing Table gt Basic Advanced RIF Configuration Interface Configuration Route Redistribution d Click Apply QoS OSPF security IPv VLAN ARP Interface Configuration Interface Configuration Interface Send Version Receive Version RIP Admin Mode Authentication Select 1 0 13 in the Interface field For RIP Admin Mode select the Enable radio button 8 Enable multicast globally a A screen similar to the following displays System Routing Table Mroute Table Global Configuration Interface Configuration gt DYMRP IGMP PIM DM PIM SM gt MLD Static Routes Configuration Admin Boundary Configuration b c Click Apply Switching IP Qo5 RIP Routing Security IPv VLAN ARP OSPF Global Configuration Global Configuration Admin Mode Protocol State Table Haximum Entry Count Protocol Table Enty Count 9 Enable PIM SM globally a Select Routing
417. ill show Disabled with an appropriate reason code 550 Chapter 32 Captive Portal iSCSI This chapter includes the following sections e Enable iSCSI Awareness with VLAN Priority Tag on page 552 e Enable iSCSI Awareness with DSCP on page 553 e Set the iSCSI Target Porton page 554 e Show iSCSI Sessions on page 555 The iSCSI feature is used in networks containing iSCSI initiators and targets where the administrator desires to protect the iSCSI traffic from interruption by giving the traffic preferential QoS treatment The dynamically generated classifier rules are used to direct the iSCSI data traffic to queues that can be given the desired preference characteristics over other data transiting the switch This can avoid session interruptions during times of congestion that would otherwise cause iSCSI packets to be dropped The administrator can select VPT VLAN Priority Tag or DSCP mapping for the QoS preferential treatment iSCSI flows are assigned by default to the highest VPT DSCP queue not used for stack management or voice VLAN The administrator should also take care of configuring the relevant Class of Service parameters for the queue chosen in order to complete the setting Figure 51 shows an example of iSCSI implementation iSCSI APPLIANCES iSCSI Targets Dy Clients with iSCSI initiators connected to switch Figure 51 Sample iSCSI implementation Chapter 33 iSCSI 551 ProSafe M4100 and M7100 Managed
418. imary 10 100 5 17 6 Configure an accounting server Netgear Switch Config radius accounting mode Netgear Switch Config radius server host acct 10 100 5 17 7 Configure the shared secret between the accounting server and the client Netgear Switch Config radius server key acct 10 100 5 17 Enter secret 16 characters max 123456 Re enter secret 123456 Web Interface Authenticating dot1x Users by a RADIUS Server 1 Enable routing for the switch a Select Routing gt Basic gt IP Configuration Chapter 15 Security Management 281 282 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table VLAN ARP RIP OSPF Router Discovery VRRP Basic IP Configuration IP Configuration Statistics IP Configuration gt Advanced Default Time to Live 30 Routing Mode Disable Enable IP Forwarding Mode Disable Enable Maximum Next Hops 2 b For Routing Mode select the Enable radio button c Click Apply to save the settings 2 Assign IP address 192 168 1 1 24 to the interface 1 0 1 a Select Routing gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP IP Interface Configuration
419. imilar d STF Multicast b Basic v Advanced VLAN Configuration VLAN Membership VLAH Status MAC Based VLAN Port P ID Configuration Port DYLAN Configuration Protocol Based VLAN Group Configuration Protocol Based VLAN Group Membership GARP Switch Configuration GARP Port Configuration Switching ie Rowling Address Tabla Ports to the following displays Gos Lats i Security Port VLAN Id Configuration PVID Configuration i All Interface O o0 O o0 0 o d o d o d oa doao d og W P ID 1 to 4093 Monitoring Types Ingress Filtering Maintenance Help Go To Interface co Acceptable Frame Port to 7 Ta a Oh op a l a j i j j j j O i l Adrnit All Admit All Adrait All Admit All Adrar All Admit All Adrar All Admit All Adran All Admit All dmit All Admit All Admit All Adrnit All Admit All Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable E BDE 4 Configure port 48 as the provider service port a Select Switching gt VLAN gt Advanced gt Port DVLAN Configuration A screen similar to the following displays STP Multicast gt Basic Y Advanced gt VLAN Configuration gt VLAN Membership VLAN Status 2 MAC Based VLAN Port PYID Configuration gt Port DVLAN Configuration
420. include 30 Interface 0 35 Fexit Config interface vlan 30 Interface vlan 30 routing Interface vlan 30 ip address 192 168 30 1 255 255 255 0 Interface vlan 30 exit Config exit 2 Create VLAN 100 with port 0 13 and assign IP address 192 168 100 1 24 vlan database Vlan vlan 100 Vlan vlan routing 100 Vlan exit configure Config interface 0 13 Interface 0 13 vlan pvid 100 Interface 0 13 vlan participation include 100 Interface 0 13 exit Config interface vlan 100 Interface vlan 100 routing Interface vlan 100 ip address 192 168 100 1 255 255 255 0 Interface vlan 100 exit Config exit Chapter 10 ACLs 143 144 ProSafe M4100 and M7100 Managed Switches 3 Create VLAN 200 with port 0 44 and assign IP address 192 168 200 1 24 Netgear Netgear Netgear vlan database Vlan vlan 200 Vlan vlan routing 200 Vlan exit configure Config interface 0 44 Interface 0 44 vlan pvid 200 Interface 0 44 vlan participation include 200 Interface 0 44 exit Interface vlan 200 routing Interface vlan 200 ip address 192 168 200 1 255 255 255 0 Config interface vlan 200 Interface vlan 200 exit 4 Add two static routes so that the switch forwards the packets for which the destinations are 192 168 40 0 24 and 192 168 50 0 24 to the correct next hops Netgear Switch Netgear Switch Netgear Switch Con
421. ing Interface 1 0 13 tip address 192 168 1 2 255 2554950 Interface 1 0 13 exit Config interface tunnel 0 Interface tunnel 0 ipv6 enable Interface tunnel 0 ipv6 address 2000 2 64 Interface tunnel 0 tunnel mode ipv6ip Interface tunnel 0 tunnel source 192 168 1 2 Interface tunnel 0 tunnel destination 192 168 1 1 Interface tunnel 0 exit Config exit show interface tunnel TunnelMode SourceAddress DestinationAddress 6 in 4 Configured 192 168 1 2 192 168 1 1 Chapter 26 Tunnel ProSafe M4100 and M7100 Managed Switches Web Interface Create a Tunnel Configure Switch GSM7328S 1 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays IPvG VLAN ARP RIP Security OSPF Routing Table OSPFy3 Basic 2 IP Configuration 2 Statistics gt Advanced IP Configuration IP Configuration Default Time to Live Routing Mode ICMP Echo Replies ICMP Redirects ICMP Rate Limit Interval ICMP Rate Limit Burst Size Maximum Next Hops Monitoring Maintenance 1 Help Index i VRRP Multicast 64 Enable Disable Enable Disable Enable Disable 1000 O o 0 to 2147483647 ms 100 1 te 200 4 b For Routing Mode select the Enable radio button c Click Apply 2 Enable IPv6 forwarding and unicast routing on the switch a Select Routing gt IPv6 gt Basic gt Global Conf
422. ing SNMP i LLDP ISDP gt DHCP Server DHCP Relay E Rey DHCP Relay gt DHCP L2 Relay gt UDP Relay gt DHCPv6 Server Admin Mode gt DHCP v6 Relay gt Minimum Wait Time secs CO to 100 Circuit ID Option Mode Disable Enable Maximum Hop Count 4 1 to i DHCP Status Requests Received i Requests Relayed Packets Discarded b For Admin Mode select the Enable radio button c Click Apply to save the settings 8 Configure the DHCP server IP address a Select System gt Services gt UDP Relay A screen similar to the following displays System E Switching Routing QoS Security Monitoring Maintenance Help Manogement Device View i Stacking SNMP LLDP ISDP gt DHCP Server UDP Relay DHCP Relay gt DHCP L2 Relay v UDP Relay _ UDP Relay Configuration Admin Mode Disable Enable UDP Relay Global Configuration _ UDP Relay Global Configuration UDP Relay Gerve UDP Port a erver UDP Port ort Interface Configuration gt DHCPy 6 Server gt DHCP v6 Relay Address Other Value b In the Server Address field enter 10 100 1 1 dex Index Chapter 29 DHCP L2 Relay and L3 Relay 503 ProSafe M4100 and M7100 Managed Switches c In the UDP Port field enter dhcp d Click Add to save the settings 504 Chapter 29 DHCP L2 Relay and L3 Relay MLD Multicast Listener Discovery This chapter provides t
423. ing gt VLAN gt Advanced gt VLAN Membership 70 Chapter 5 VLAN Routing ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help STP Multicast Address Table Ports LAG gt Basic VLAN Membership F Advanced gt VLAN LAN Membership Configuration VLAN ID Group Operation Untag All X VLAN Membership EPF VLANLO _UNTAGGED PORT MEMBERS Ss VLAN Type Static TAGGED PORT MEMBERS MA Static C Based VLAN L etree an Ae LAL dd bd 4 Port PVID Configuration 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Port DVLAN sA AE A A N AA MES Wie ell Configuration 25 26 nts a Protocol Based In the VLAN ID field select 10 Click the Unit 1 The ports display d Click the gray boxes under ports 1 and 2 until T displays 9 The T specifies that the egress packet is tagged for the port e Click Apply f Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help STP Multicast Address Table Ports LAG _ VLAN Membership LAN Membership Configuration LAN ID Group Operation Untag All ba gt VLAN Membership EF VLANZO UNTAGGED PORT MEMBERS ee Stati TAGGED PORT MEMBERS MAC Based VLAN ype e MEA Port PVID ii inn ae Configuration Port 1 2 3 45 6 7 8 9 10 11 12 13
424. ing Maintenance Management Device View Services Basic Stack Configuration Stack Configuration Management Unit Selection e ee ee e M a e a e a e a gt Advanced Management Unit Selected Stack Configuration Hardware Management Preference Admin Management Preference GSM 7328S Unassigned Unassigned GSM 732895 Unassigned Unassigned GSM 7328S Unassigned Unassigned Management Status Switch Status Management Unit OK Stacking Member OK Stacking Member Not Present Chapter 19 Switch Stacks 367 ProSafe M4100 and M7100 Managed Switches Move the Stack Master to a Different Unit This example is provided as CLI commands and a Web interface procedure CLI Move the Stack Master to a Different Unit 1 Using the movemanagement command move the master to a different unit number The operation takes between 30 seconds and 3 minutes depending on the stack size and configuration The command is movemanagement lt fromunit id gt lt tounit id gt 2 Make sure that you can log in on the console attached to the new master Use the show switch command to verify that all units rejoined the stack 3 NETGEAR recommends that you rest the stack with the reload command after moving the masier Web Interface Move the Stack Master to a Different Unit 1 Select System gt Management gt Basic gt Stack Configuration A screen similar to the following displays System Switching Monitoring
425. ing Routing QoS Security Monitoring Maintenance Help Index Management Device View Services Stacking SNMP 1 2 Community Configuration Community Configuration Community Configuration Trap Configuration Access Community Name Client Address Client IP Mask Status Trap Flags Mode public 0 0 0 0 ReadOnly Enable private 0 0 Aa Maf ReadWrite Enable public i 0 0 0 0 ReadOnly Enable public 2 0 0 0 0 ReadOnly Enable sinned oes PUT ex ES S gt SNMP 3 wae m r r public 3 0 0 0 0 ReadOnly Enable In the Community Name field enter public 4 In the Client Address field enter 0 0 0 0 In the Client IP Mask field enter 0 0 0 0 In the Access Mode field select Read Write In the Status field select Enable Click Add Enable SNMP Trap SS SY ly The example is shown as CLI commands and as a Web interface procedure CLI Enable SNMP Trap This example shows how to send SNMP trap to the SNMP server Netgear switch config Netgear switch Config snmptrap public 10 100 5 17 Enable send trap to SNMP server 10 100 5 17 Netgear switch Config snmp server traps linkmode Enable send link status to the SNMP server when link status changes 370 Chapter 20 SNMP ProSafe M4100 and M7100 Managed Switches Web Interface Enable SNMP Trap 1 Enable SNMP trap for the server 10 100 5 17 a Select System gt SNMP gt SNMP V1 V2 gt Trap Configuration A
426. ing Routing Security Monitoring Maintenance Help Index Ports i Mirroring gt Buffered Logs Trap Logs gt Command Log Configuration Trap Logs gt Console Log Number of Traps Since Last Reset Configuration Trap Log Capacity Sys Log Number of Traps Since Log Last Viewed Configuration Trap Logs gt Event Logs Trap Logs 0 days 01 33 44 Link Up Unit 0 Slot 2 Port 1 0 days 01 31 56 Link Up Unit 1 Slot 0 Port 7 0 days 01 31 54 Link Up Unit 1 Slot 0 Port 1 0 days 01 31 49 Last or default VLAN deleted VLAN 3 0 days 01 31 49 Last or default VLAN deleted VLAN 1 O days 01 31 48 Link Down Unit 1 Slot 0 Port 7 0 days 01 31 48 Link Down Unit 1 Slot 0 Port 1 Show Logging Hosts 344 The example is shown as CLI commands and as a Web interface procedure CLI Show Logging Hosts Netgear Switch Routing show logging hosts Press Enter to execute the command Netgear Switch Routing show logging hosts Index IP Address Severity Port Status 192 168 21 253 critical 514 Active Chapter 18 Syslog ProSafe M4100 and M7100 Managed Switches Web Interface Show Logging Hosts Select Monitoring gt Logs gt Sys Log Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Ports i Mirroring gt Buffered Logs Syslog Configuration gt Command Log Configuration Syslog Configuration gt Console Log Admi
427. ing displays System Switching Routing Routing Table i iP VLAN ARP RIP Qo5 security Monitoring Maintenance Help OSPF OSPFy3 Router Discovery VRRP Multicast Basic _ IP Configuration IP Configuration Statistics IP Configuration Index gt Advanced Default Time to Live Rowting Mode ICMP Echo Replies ICMP Redirects ICMP Rate Limit Interval ICMP Rate Limit Burst Size 64 Disable Enable Disable Enable 1000 0 to 2147493647 ms 100 1 to 200 b For Routing Mode select the Enable radio button 470 Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches c Click Apply 2 Configure 1 0 10 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching pi Routing QoS Security Monitoring Maintenance Help index Routing Tabla Pwd VLAN ARP RIP OSPF OSPFV3 Router Discovery VRRP Multicast Basic IP Interface Configuration Advanced s IP Interface Configuration o 3 paria IP Subnet Routing Administrative Secondary IP t Description Address Mask Mode Mode iB 122 168 3 2 255 255 255 0 IN Enable Disable Enable b Scroll down and select the interface 1 0 10 check box Now 1 0 10 appears in the Interface field at the top c Enter the following information e Inthe IP Address field e
428. ing examples e Configure Classic STP 802 1d e Configure Rapid STP 802 1w on page 410 e Configure Multiple STP 802 1s on page 411 The purpose of Spanning Tree is to eliminate loops in the switch system There are three STPs Classic STP 802 1d Rapid STP RSTP 802 1w and Multiple STP MSTP 802 1s While STP can take 30 to 50 seconds to respond to a topology change RSTP is typically able to respond to changes within a few seconds RSTP can revert back to 802 1d in order to interoperate with legacy bridges on a per port basis This drops the benefits it introduces In Multiple Spanning Tree Protocol MSTP each Spanning Tree instance can contain several VLANs Each Spanning Tree instance is independent of other instances This approach provides multiple forwarding paths for data traffic enabling load balancing and reducing the number of Spanning Tree instances required to support a large number of VLANs Configure Classic STP 802 1d The example is shown as CLI commands and as a Web interface procedure CLI Configure Classic STP 802 1d Netgear Switch Config spanning tree Netgear Switch Config spanning tree forceversion 802 1d Netgear switch Interface 1 0 3 spanning tree port mode Chapter 25 Spanning Tree Protocol 408 ProSafe M4100 and M7100 Managed Switches Web Interface Configure Classic STP 802 1d 1 Enable 802 1d on the switch a Select Switching gt STP gt STP Configuration
429. intenance CoS gt Diffserv Wizard Policy Configuration Policy Configuration DiffServ E N Policy Member Configuration arene Type Class SD com eee Configuration Policy Configuration Service Configuration Service Statistics In the Policy Selector field enter pol_ voip In the Member Class list select class_voip Click Add to create a new policy Click the pol_ voip whose class member is class_ voip e205 A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Class Information Policy Name Policy Type In i DiffServ z Member Class Name class_voip Configuration Class Policy Attribute Configuration l Policy Assign Queue Configuration Policy Atribute Drop Service Configuration Mark COS o I Service Statistics Mark IP Precedence Mark IP DSCP Police Simple f In the Assign Queue list select 5 Index Index g For Policy Attribute select the Mark IP DSCP radio button and select ef h Click Apply to create a new policy 6 Add class _ef to the policy pol_voip a Select QoS gt DiffServ gt Advanced gt Policy Configuration Chapter 12 DiffServ 223 224 Advanced DiffServ Configuration Class Configuration Policy Configuration Service Configuration Service Statistics ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays S
430. intenance Help Index STP Multicast Address Table Ports LAG Basic IP Subnet Based VLAN Configuration Advanced gt VLAN IP Subnet Based VLAN Configuration Configuration pE IP Address Subnet Mask LAN ID VEAN Membership El 10 100 0 0 255 255 0 0 VLAN Status Port PVID Configuration MAC Based VLAN 2 IP Subnet Based b Enter the following information e Inthe IP Address field enter 10 100 0 0 e Inthe Subnet Mask field enter 255 255 0 0 e Inthe VLAN 1 to 4093 field enter 2000 c Click Add Voice VLANs The voice VLAN feature enables switch ports to carry voice traffic with defined priority to enable separation of voice and data traffic coming onto port Voice VLAN ensures that the sound quality of an IP phone does not deteriorate when the data traffic on the port is high Also the inherent isolation provided by VLANs ensures that inter VLAN traffic is under Chapter 2 VLANs 33 ProSafe M4100 and M7100 Managed Switches management control and that clients attached to the network cannot initiate a direct attack on voice components GSM73xxS 1 0 2 1 0 3 r JED p aaa SID gt VolP SEPETU d I ETIE k ea ud IPS F H ri F fer Pee PUNET Voice traffic Data traffic Figure 3 Voice VLAN The script in this section shows how to configure Voice VLAN and prioritize the voice traffic Here the Voice VLAN mode is in VLAN ID 10 CLI
431. ion A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Stacking SNMP LLDP ISDP gt DHCP Server DHCP L2 Relay Configuration gt DHCP Relay DHCP L2 Relay DHCP L2 Relay Configuration DHCP L2 Relay 1 all GoTo Interface __ _ Global Configuration gt DHCP L2 Relay Admin Mode 82 Option Trust Mode Interface Saig SRPA Configuration DHCP L2 Relay Disable Disable Interface Disable Disable Statistics gt UDP Relay gt DHCPv6 Server gt DHCP v6 Relay ce a L 5 D jv jv jv Scroll down and select the 1 0 4 1 0 5 and 1 0 6 check boxes In the Admin Mode field select Enable Click Apply to save the settings 6 Enable DHCP L2 relay trust on interface 1 0 6 Chapter 29 DHCP L2 Relay and L3 Relay ProSafe M4100 and M7100 Managed Switches a Select System gt Services gt DHCP L2 Relay gt DHCP L2 Relay Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View Stacking SNMP LLDP ISDP gt DHCP Server DHCP L2 Relay Configuration gt DHCP Relay DHCP L2 Relay DHCP L2 Relay Configuration DHCP L2 Relay 1 All Go To Interface GO Global ee Configuration il RC CECE 82 Option Trust Mode a Enable Enable x gt DHCP L2 Relay Interface Configuration DHCP L2 Rel
432. ion Beis eE Me e e ES E Disable I O 1 071 Auto Disable al Auto 60 30 30 30 Disable b Scroll down and select the Interface 1 0 19 check box Now 1 0 19 appears in the Interface field at the top c In the Control Mode list select Force Authorized d Click Apply to save the settings 6 Enable dot1x on the switch a Select Security gt Port Authentication gt Server Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access i Traffic Control ACL Basic 802 1X Configuration 802 1X Configuration Mode Advanced Administrative Mode Disable Enable VLAN Assignment Mode Disable Enable 802 1X Configuration Users Non configured ust w Login dotixList z b For Administrative Mode select the Enable radio button c In the Login list select dot1xList d Click Apply to save settings 7 Configure the RADIUS authentication server a Select Security gt Management Security gt Server Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index i Access Port Authentication Traffic Control ACL gt User Server Configuration Configuration RADIUS Server Configuration Radius al Server Address Poe Secret Configured prom Server ooo M an a Yes xi Yes v Server E Configuration Accounting S
433. ion scroll down and select the Port 1 0 1 check box Now 1 0 1 appears in the Interface field at the top e Inthe IP Address field enter 192 168 1 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable Click Apply 4 Create a 6 in 4 tunnel interface a e205 Select Routing gt IPv6 gt Advanced gt Tunnel Configuration A screen similar to the following displays System T Switching Routing Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP OSPF OSPR Rouler Discovery WREP Mulicost gt Basic Tunnel Configuration e Advanced Global Tur nn el Configurati on sengor en ee Mod IPv Mod LENG EWIG4 5 Add BeuECE F Dne tt Doe i urce d resg Interface are achanlas Address Interface Configuration s si in 4 conhigured Enable ial 1192 168 11 163 1 1 d Prefix Conhiguratonm gt Statistics Neighbour Table Static Route Configuration gt Route Table Route Preference Tunnel Configuration In the Tunnel Id list select 0 In the Mode field select 6 in 4 configured In the Source Address field enter 192 168 1 1 In the Destination Address field enter 192 168 1 2 Click Apply 5 Assign an IPv6 address to the tunnel Chapter 26 Tunnel ProSafe M4100 and M7100 Managed Switches a 920 5 Select Routing gt IPv6 gt Advanced gt Prefix Configuration A screen similar to the following displays System
434. ion IP Address Subnet Mask piss penne aaah Mode Mode C b Scroll down and select the interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top c Under the IP Interface Configuration enter the following information In the IP Address field enter 192 150 2 1 In the Subnet Mask field enter 255 255 255 0 In the Routing Mode field select Enable Chapter 4 Port Routing 63 ProSafe M4100 and M7100 Managed Switches d Click Apply to save the settings 2 Assign IP address 192 150 3 1 24 to interface 1 0 3 a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN ARP RIP OSPF Router Discovery VRRP gt Basic IP Interface Configuration Advanced IP Configuration Configuration Statistics Go To Interface GO IP Interface ennau ston LAN Routi Ad trati Secondary IP Interface Description IP Address Subnet Mask pedis gellar fen si Mode Mode T f vE A C 1 0 1 0 0 0 0 Cd 0 0 0 fo Enable 1 0 2 192 150 2 1 255 255 255 0 Enable Enable 1 0 4 0 0 0 0 0 0 0 0 Disable Enable 1 0 5 0 0 0 0 0 0 0 0 Disable Enable b Scroll down and select the interface 1 0 3 check box Now 1 0 3 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 150 3 1 e Inthe Subnet Mask fiel
435. ip VLAN Status Volce VLAN Configuration t Port PID Conigurateon ATANAN Interface Interface Mode Value Cog Override DACP Value Operational e EP Subnet Based I Mode State WLAN T All Go To Interf re t Port OVLAN PT Disable Dirata Coral Configurateon Protocol Based Disable i Disable B Diable e Click Apply 5 Create the DiffServ class ClassVoiceVLAN a Select QoS gt Advanced gt DiffServ gt Class Configuration 38 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Syatan Switching Rouhng a Security Manitoring Mornhanance Diffserv Wizard Class Mame 4 are ites Class Marie gt Basie vt ow Die Configueratesn Chad Pwi Class Configueratesn b In the Class Name field enter ClassVoiceVLAN c In the Class Type list select All A screen similar to the following displays Syston Switcheng Routing Go Security Monitering Maintenance asd gt Dilfwerv Wizard Class Mame Aho olP Basic E gt Bvt ed Clase Name Class Type gies a Gonfigue ethan z E Class A ame a pyg Class _ Gonfiquraten d Click Add The Class Name screen displays as shown in the next step in this procedure 6 Configure matching criteria for the class as VLAN 10 a Select QoS gt DiffServ gt Advanced gt Class Configuration A screen similar to the following displays Seitching Fouling Gos Securit hy Moniboring Maintenances
436. is example ARP packets from the DHCP client are dropped since it does not have a matching rule though it has a DHCP snooping entry Web Interface Configure Static Mapping 1 Create an ARP ACL a b C Select Security gt Control gt Dynamic ARP Inspection gt DAI ACL Configuration In the Name field enter ArpFilter Click Add A screen similar to the following displays kla Lii DHCP Snooping Dynamic ARP Inspection ACL Configuration TP Source Guard Dpr ARP MAC ACL Tabbr F eur bey Dal ACL Aule 2 Configure a rule to allow the static client a e205 Select Security gt Control gt Dynamic ARP Inspection gt DAI ACL Rule Configuration In the ACL Name list select ArpFilter In the Source IP Address field enter 192 168 10 2 In the Source MAC Address field enter 00 11 85 EE 54 E9 Click Add 304 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Moniforng Motnhngnce Holp gt DHCP Snooping Dynamic ARP Inspection ACL Rules Configuration TP Source Guard Dynami AAP Rules Is ACL Name arpfilter DAL Configuration T deyin DAL Rule Table Configuration DAJ terface Configuration DAT ACL Comiguranan DAT ATE Bide rh gar DAL Stabstics Captive Portal 192160 O01 S5 EE HET 3 Configure the ARP ACL used for VLAN 1 a Select Security gt Control gt Dynamic ARP Inspection gt DAI VL
437. iscovery VRRP Multicast IPv amp Multicast Basic IP Configuration IP Configuration IP Contiguration Statistics gt Advanced Default Time to Live a Routing hode ICMP Echo Replies ICMP Redirects 64 Enable Disable Enable Disable ICMP Rate Limit Interval 1000 _ 0 to 2147483647 ms ICMP Rate Limit Burst Size 100 i to 200 Maximum Next Hops 4 b For Routing Mode select the Enable radio button c Click Apply 2 Create a routing interface and assign 10 100 1 2 24 to it a Select Routing gt IP gt Advanced gt IP Interface Configuration 500 Chapter 29 DHCP L2 Relay and L3 Relay ProSafe M4100 and M7100 Managed Switches e205 f A screen similar to the following displays System Swite hing Routing Monitoring i Index ioco Maintenance Help Routing Ta bla Pwd VLAN ARP RIF OSPF OSPF Router Discovery VRRP Multicast IPS Adulticaost Basic IP Interface Contiguration Advanced IP Interface Configuration IP Configuration Statistics i all Go To Interface IP Interface Forward Configuration Port E VLAN IP Subnet Routing Administrative ale oe Met Secondary IF z pica clara ID Address Mask Mode Hode Directed Broadcast mw ova 10 100 1 2 255 255 255 0 Enable C imi 6 0 0 0 0 0 0 0 Disable Enable Disable Disable BIENTE 0 0 0 0 0 0 0 0 Disable Enable Disable Disable Tr a03 0 0 0 0 0 0 0 0 Di
438. iscuous Port 00000 c eee eee 52 CLI Map Private VLAN Promiscuous Port a na a anaana anaana 52 Web Interface Map Private VLAN Promiscuous Port 52 Chapter 3 LAGs Cee 6 LAGS 5 at eG Od oS He Se PA Nes baa a we ea a 55 CLI Create Two LAGS 0 00 ee eee ee eee 55 Web Interface Create Two LAGS annann aana aaa eee eae 59 Add Pons to LAGS oc cesta nghie chee hat eeweew eDi Anin E ARE 56 CLI Add Ports to the LAGS 0 0 ee eee 57 Web Interface Add Ports to LAGS anaana aana 58 Enable Both LAGS 044 5sce40idee bobo eden ewww bes aaev dawn verve 59 CLI Enable Both LAGS 2 00 cicacdeaw ewes ee eawedvewiaswenies 59 Web Interface Enable Both LAGs 0 0000 eee 59 Chapter 4 Port Routing Port Routing Goniguravons1 444 5484448 aie ened ered ened e wet a 61 Enable Routing for the Switch 0 0 00 62 CLI Enable Routing for the Switch 0 00002 c eee eee 62 Web Interface Enable Routing for the Switch 62 Enable Routing for Ports on the Switch anaana cc eee ees 62 CLI Enable Routing for Ports on the Switch 00 63 Web Interface Enable Routing for Ports on the Switch 63 Add a Default Route 2 eee 65 CLI Add a Default Route 2 2 0 0 ee 65 Web Interface Add a Default Route 0 20 20 02 eee 65 Add a Static Route ania yds a aoe ae 6 eae w ERS Ge GOR TRE Qe eR EM 66 CLI
439. it Config interface 1 0 4 Interface 1 0 4 service policy i Interface 1 0 4 exit internet_access internet_access internet_access internet_access 5 Set the CoS queue configuration for the presumed egress interface 1 0 5 such that each of queues 1 2 3 and 4 gets a minimum guaranteed bandwidth of 25 percent All queues for this interface use weighted round robin scheduling by default The DiffServ inbound policy designates that these queues are to be used for the departmental traffic through the Chapter 12 DiffServ 203 204 Netgear Switch Netgear Switch Netgear Switch Netgear Switch ProSafe M4100 and M7100 Managed Switches assign queue attribute It is presumed that the switch will forward this traffic to interface 1 0 5 based on a normal destination address lookup for Internet traffic Config interface 1 0 5 Interface 1 0 5 cos queue min bandwidth 0 25 25 25 25 0 0 0 Interface 170 75 exit Config exit Web Interface Configure DiffServ 1 PA Enable Diffserv a Select QoS gt DiffServ gt Basic gt DiffServ Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Diffserv configuration DiffServ Config Configuration Diffserv Admin Mode Disable Enable gt Advanced b For Diffserv Admin Mode select the Enable radio button c Click Apply to save
440. itches The Stack Master and Stack Members A switch stack is a set of up to 8 switches connected through their stacking ports The switch that controls the operation of the stack is the stack master The stack master and the other switches in the stack are stack members Stack members use stacking technology to behave and work together as a unified system Layer 2 and Layer 3 protocols present the entire switch stack as a single entity to the network The following figure shows an example of switches that are interconnected to form a stack Connecting AX742 modules with stacking cable Figure 37 Stacked switches Stack Master The stack master is the single point of stack wide management From the stack master you configure e System level global features that apply to all stack members e Interface level features for all interfaces on any stack member A switch stack is identified in the network by its network IP address The network IP address is assigned according to the MAC address of the stack master Every stack member is uniquely identified by its own stack member number The stack master contains the saved and running configuration files for the switch stack The configuration files include the system level settings for the switch stack and the interface level settings for all stack members Each stack member retains a copy of the saved file for backup purposes If the master is removed from the stack another member is ele
441. itoring WLAN aIP AMulticout Addros Table Ports LAG 1 Basic CST Port Configuration Adwanced STP Conleguraiert CST Port Configuration a CST Configeiratian 1 Lait all ST Fort enhgutabor CST Port Status MST Configuratean a MST Port Status STP Statist O wore stove naa LOS ior woe Loe ujor VaL 1O12 sja mfa s hao ve Admin Port Part Path ela i Fale Priarily Trst Port EE 126 Trius Li 12i True Oo 128 True a 12h Trus G 126 Trus G 12i Tiis i128 Tre e 178 Troe i 15i Trua Oo ie Tre a 128 Tius i Enable Maoiniananen Holp Aa Lo Caleulated Port Path Cost Clisable Enable Enable nabla Enable habla Enable Enable Trabia Enable Enable indas Go t Inherfac a Heilin Timer Nat Configured Nat Cenlegured Hak nin Figured Mok Confegured Not Canhigured Wot Configured Kot Conlegurad Rint Configured Not Combgured Hot Configured ee A oe olf 6 amp 2 os amp External Port Path Cost Aun Calculated Prternal Port Path Cost Chiabled Enabled nabbed Enabled Probe Enabisd trabhed Enabled Enabled nabis Enabted abi Part ID 32755 ae Port Male Oia abled Disabled Chime bled Disabled Digs bie Disabled Cra bland Disabled Disabled Disabled ee mon bm b Under CST Port Configuration scroll down and select the Interface 1 0 3 check box Now 1 0 38 appears in the Interface
442. j atah Policy Voice VLAN e Pyh Class I rs Policy Youre VLAN Tonfiguratesn Poley Configieaton Chapter 2 VLANs 43 ProSafe M4100 and M7100 Managed Switches Private VLANs The Private VLANs feature separates a regular VLAN domain into two or more subdomains Each subdomain is defined represented by a primary VLAN and a secondary VLAN The primary VLAN ID is the same for all subdomains that belong to a private VLAN The secondary VLAN ID differentiates subdomains from each other and provides Layer 2 isolation between ports of the same private VLAN There are three types of VLAN within a private VLAN Primary VLAN it forwards the traffic from the promiscuous ports to isolated ports community ports and other promiscuous ports in the same private VLAN Only one primary VLAN can be configured per private VLAN All ports within a private VLAN share the same primary VLAN Community VLAN is a secondary VLAN It forwards traffic between ports which belong to the same community and to the promiscuous ports There can be multiple community VLANs per private VLAN Isolated VLAN is a secondary VLAN It carries traffic from isolated ports to promiscuous ports Only one isolated VLAN can be configured per private VLAN There are three types of port designation within a private VLAN Promiscuous port belongs to a primary VLAN and can communicate with all interfaces in the private VLAN including other promiscuous ports comm
443. ket is untagged for the port Click Apply 3 Specify the PVID on ports 1 0 6 1 0 7 1 0 16 and 1 0 17 a d e Select Switching gt VLAN gt Advanced gt Port PVID Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index STP i Multicast Address Table Ports LAG Port VLAN Id Configuration P ID Configuration Configuration GoTo Interface GO VLAN Membership VLAN Status Sieny pe P ID 1 to Acceptable Frame Ingress eer o MAC Based VLAN 4093 Types Filtering to a y Port PYID a WCE E o Port DYLAN 1 0 1 Admit All Disable Configuration 1 0 2 Admit all Disable Protocol Based 1 0 3 admit all Disab VLAN Group oe celeste Protocol Based 1 0 5 Admit All Disable Membership Under PVID Configuration scroll down and select the Interface 1 0 6 1 0 7 1 0 16 and 1 0 17 check boxes In the PVID 1 to 4093 field enter 200 In the Acceptable Frame Type list select Admit All Click Apply to save the settings 4 Create a private group group a 9 Select Security gt Traffic Control gt Private Group VLAN gt Private Group VLAN gt Private Group Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication ACL gt MAC Filter Private Group Configuration gt Port Security
444. kets that do not match a binding in the bindings database IP Source Guard can be configured to enforce just the source IP address or both the source IP address and source MAC address Static client tums IP address 192 168 10 1 Me P HW address 00 11 85 EE 54 E9 E Interface 1 0 2 Interface Interface 1 0 3 1 0 1 DHCP Client _ DHCP Server IP address 192 168 10 86 obtained IP address 192 168 10 1 HW address 00 16 76 A7 88 CC Figure 34 IP Source Guard The example is shown as CLI commands and as a Web interface procedure CLI Configure Dynamic ARP Inspection 1 Enable DHCP snooping globally Netgear Switch Config ip dhcp snooping 312 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches 2 Enable DHCP snooping in a VLAN Netgear Switch Config ip dhcp snooping vlan 1 3 Configure the port through which the DHCP server is reached as trusted Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 ip dhcp snooping trust 4 View the DHCP Snooping Binding table GSM7328S show ip dhcp snooping binding Total number of bindings 1 MAC Address IP Address VLAN Interface Lease Secs 00 16 76 A7 88 CC T92 L68106 1 0 2 DYNAMIC If the entry does not exist in the DHCP Snooping Binding table it can statically added through the command ip verify binding lt mac address gt vlan lt vlan id gt lt ip address gt interface
445. l Inbound Interface s 1 0 1 Rule Number Action permit Protocol 255 ipv6 Source IP Address 2001 DB8 C0AB 4AC11 Destination IP Address 2001 DB8 C0AB 4AC14 Rule Number Action Protocol Source IP Address Destination IP Address Destination L4 Port Keyword Chapter 10 ACLs 185 Rule Number ProSafe M4100 and M7100 Managed Switches 2001 DB8 COAB AC11 64 80 www http Web Interface Configure an IPv6 ACL 1 Create the access control list with the name ipv6 acl a Select Security gt ACL gt Advanced gt IPv6 ACL b In the IPv6 ACL Table in the IPv6 ACL field enter ipv6 acl A screen similar to the following displays Syutem Muresan rem Sete iy Switching ee Routing Goad Man itoring Maintenance Security Port duthanticalien ratie Cantal Basic Advanced EF AEL FP Rules gt IF Extended Rules 46 ACL Pi Aulas Bending Configuration Basic Advanced JF ADL TP Rules IF Extended Rules d Pa AL Pri Rules IP Binding Cerfiguratian Bindkag Tatla Wien Mring Table IPv ACL 1Pv Configuration Currnaet Humle of ACL Hasire ACL IPVG ACL Table TPG ACI IPv ACL TPv6 Configuration Current Harber of ACL _IPv6 ACL Table 2 Define the first rule 1 of 3 a Select Security gt ACL gt Advanced gt IPv6 Rules Sy sem Moanogaanant Sapcunihy JF Rubee PF Extended Aules ve AT
446. l YLAN Configuration l Internal VLAN Allocation Base 4095 Internal VLAN Allocation Policy ascending Descending VLAN Configuration FLAN ID FLAN Name YLAN Type E _ In the VLAN ID field enter 2000 In the VLAN Type field select Static Click Add 3 Set force authorized mode on ports 1 0 6 and 1 0 12 a Select Security gt Port Authentication gt Advanced gt Port Authentication Chapter 15 Security Management Help Qos Security Monitoring Maintenance l 295 296 b Cc d ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Qo5 Security Ji Monitoring Maintenance Help Index Management Security Access i i Traffic Control Control ACL gt Basic Port Authentication Advanced 602 1 Port Authentication Configuration 1 all Port Authentication Port Summary Client Summary Under Port Authentication scroll down and select the 1 0 6 and 1 0 12 check boxes In the Control Mode list select Force Authorized Click Apply to save settings 4 Enable dotix on the switch Make sure that 1 0 12 and 1 0 6 are configured as force authorized before you do this step otherwise you cannot access the switch through the Web Management Interface a b Cc d Select Security gt Port Authentication gt Basic gt 802 1x Configuration A screen similar to the following displays Maintenan
447. l of the ports to VLAN 300 a Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help E STP Multicast Address Table Ports LAG gt Basic _ VLAN Membership Advanced VLAH VLAN Membership Configuration VLAN ID gt VLAN Membership ek VLAN Status Port PVID SLSR YEE Configuration j s MAC Based VLAN Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 IP Subnet Based oll ik i SE ek Ee pode SS pad bp U YLAN In the VLAN ID list select 300 c Click Unit 1 The ports display d Click the gray boxes under ports 1 and 24 until U displays The U specifies that the egress packet is untagged for the port e Click Apply 3 Assign PVID to ports 1 0 1 and 1 0 24 a Select Switching gt VLAN gt Advanced gt Port PVID Configuration Index Chapter30 MLD 521 522 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays STP Multicast Maintenance Help Monitoring Security Address Tabla Ports Basic Port PVID Configuration Advanced VLAN Configuration VLAN Membership VLAN Status Port PVID Configuration MAT Based WLAN IP Subnet Based VLAN Port DYLAN P ID Configuration Go To Interface pim Acceptable Frame Ingress ENR Interface P ID Port Priority Filtering
448. lays QoS RIP System Switching 1 Routing Routing Table I Pw s VLAN ARP OSPF OSPFy3 gt Basic IP Interface Configuration Advanced 2 IP Configuration Statistics IP Interface Configuration Secondary IF IP Interface Configuration 1 All i Port Description ta 60 C C lt Ci Cti i C z Sd cl TLAN ID Security Monitoring Maintenance Help Index Router Discovery VRRP Multicast Administrative Mode Subnet Mask IF Address Routing Mode 192 160 2 2 255 250 200 0 En Scroll down and select the interface 1 0 1 check box Now 1 0 1 appears in the Interface field at the top Enter the following information e Inthe IP Address field enter 192 168 2 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Configure 1 0 9 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Jos Security Monitoring Maintenance Help Index Routing Table Pwd VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast Basic IP Interface Configuration Advanced gt IP Configuration IP Interface Configuration Statistics gt IP Interface Configuration gt Secondary IP Port Descriptio
449. ld enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 35 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 30 2 Create VLAN 100 with IP address 192 168 100 1 24 a Select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays NETGEAR Connect with Innevation system Switching Routing Qos Security Monitoring Maintenance Help Routing Table IP L i ARP LAN Routing VLAN Routing Wizard Wizard 5 l gt LAN Routing YLA Routing Wizard Wlan ID Port 1 3 4 5 6 F7 B HE ay 11 12 13 14 15 16 17 18 19 20 71 a 23 274 2 FANS es FSS FS SIS SO tN as Me a i nae 25 26 27 28 29 30 31 32 T 34 35 36 37 36 39 40 41 42 43 44 45 46 47 46 Le A E ws te ea ia eee cere APPARE nee ere ore 2 15 pitt Eaten OENE PERENS cranes EEA VALNE BRANA EAN ACEA AS SOS y amal prensa b Enter the following information e Inthe Vlan ID field enter 100 Chapter 10 ACLs 147 ProSafe M4100 and M7100 Managed Switches e Inthe IP Address field enter 192 168 100 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 13 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 100 3 Create VLAN 200 with IP address 192 168 200 1 24 a Select Routing gt
450. le Disable Non Operational 0 0 0 Disable Disable Non Operational 0 0 0 Disable Disable Non Operational 0 0 0 Disable Disable Non Operational 0 0 0 Disable Disable Non Operational 0 0 0 Disable r r r b Scroll down and select the Interface 1 0 21 and 1 0 22 check boxes c In the Admin Mode field select Enable d Click Apply to save the settings 9 Candidate RP Configuration a Select Routing gt Multicast gt PIM gt Candidate RP Configuration A screen similar to the following displays System Switching RBLGIUT Security Monitoring Maintenance Help Routing Table IF Pye VLAN ARF RIP SPF OSPA Routar Discovery VREP Aulicost Pts Muliicasi gt Mroute Table PIM Candidate RP Configuration Global Configuration gt Interface Interface Configuration gt D MRP PIM Candidate RP Configuration gt IGMP fal Group Address Group Mask TEI ee 225 1 1 1 255 255 255 255 255 2550 gt Global Configuration 2 55M Configuration Interface Configuration PIM Neighbor Candidate RP Configurahon 2 BSR Candidate Configuration PIM Interface Selection In the Interface list welect 1 0 22 In the Group IP field enter 225 1 1 1 In the Group Mask field enter 255 255 255 0 e Click Add 10 BSR Candidate Configuration a Select Routing gt Multicast gt PIM gt BSR Candidate Configuration 29 5 ee ih DR Priority Chapter 28 PIM 479 ProSafe M4100 and M710
451. le none Disable INACTIVE INVLAN Disable none Disable INACTIVE InVLAN Disable none Disable ACTIVE INVLAN Go To Interface GO b Under MVR Interface Configuration scroll down and select the Interface 0 1 0 5 and 0 7 check boxes c Enter the following information e Inthe Admin Mode list select Enable e Inthe Type list select Receiver d Click Apply to save the settings Chapter 14 MVR Multicast VLAN Registration 267 ProSafe M4100 and M7100 Managed Switches 5 Configure a source interface a Select Switching gt MVR gt Basic gt MVR Interface Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicast Vi Address Table Ports LAG Basic MVR Interface Configuration MVR Configuration MYR Group Configuration MVR Interface 1 All Go To Interface wen Bcd a SC a aa E TS RET aoea 0 1 Enable receiver Disable ACTIVE INVLAN 0 2 Disable none Disable INACTIVE InVLAN Disable none Disable INACTIVE INVLAN 0 4 Disable none Disable INACTIVE InVLAN 0 5 Enable receiver Disable ACTIVE INVLAN 0 6 Disable none Disable INACTIVE InVLAN 0 7 Enable receiver Disable ACTIVE INVLAN Disable none Disable INACTIVE INVLAN MYR Interface Configuration ke m jmf jmf ee ie Disable none Disable INACTIVE INVLAN Disable none Disable INACTIVE INVLAN Disable none Disable ACTIVE INVLAN Go To Interface gow b Under MVR
452. led by default 78 Chapter 6 RIP 1 Configuration van Pee Secondary IP Interface Description IP Address Subnet Mask crear O E v T T Enable Enable Enable Enable ProSafe M4100 and M7100 Managed Switches CLI Enable RIP on the Switch This sequence enables RIP for the switch The route preference defaults to 15 Netgear Switch config Netgear Switch Config router rip Config router enable Netgear Switch Netgear Switch Config router exit Netgear Switch Config exit Web Interface Enable RIP on the Switch 1 Select Routing gt RIP gt Basic gt RIP Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP i OSPF Router Discovery VRRP RIP Configuration RIP Configuration gt Advanced RIP Admin Mode Disable Enable 2 For RIP Admin Mode select Enable radio button 3 Click Apply to save the setting RIP for Ports 1 0 2 and 1 0 3 The example is shown as CLI commands and as a Web interface procedure Chapter6 RIP 79 80 ProSafe M4100 and M7100 Managed Switches CLI Enable RIP for Ports 1 0 2 and 1 0 3 This command sequence enables RIP for ports 1 0 2 and 1 0 3 Authentication defaults to none and no default route entry is created The commands specify that both ports receive both RIPv1 and RIPv2 frames but s
453. licy Configuration Policy Configuration i Policy Policy Selector Member Class Type O Ce intemet_access finance_dept intemet_access marketing_dept internet_access test_dept internet_access development b Click the internet_access check box for the member class finance_dept Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenance CoS Diffserv Wizard Policy Class Configuration gt Basic v Advanced Class Information DiffServ Policy Name Configuration Policy Type a Class Member Class Name finance_dept Configuration Policy Policy Attribute Configuration wieercine Assign Queue Configuration Policy Atribute Drop Service Statistics Mark COS Mark IP Precedence Mark IP DSCP Police Simple Color Mode ColorBlind Color Conform Class zl Color Conform Mode lt lt c In the Assign Queue list select 1 d Click Apply 11 Assign queue 2 to marketing_dept a Select QoS gt DiffServ gt Advanced gt Policy Configuration A screen similar to the following displays System Switching Routing re Teh Security Monitoring Maintenance gt Diffserv Wizard Policy Configuration Policy Configuration i Policy Z Policy Selector Member Class Configuration C o Configuration intemet_access E _dept Service Configuration Service Sta
454. lp gt Diffserv Wizard Glass Name gt Auto YoIP Class Name a DiffServ Configuration Class Configuration IPv6 Class Configuration Policy Configuration Service Interface Configuration Service Statistics Index Madak b Enter the following information In the Class Type list select All In the Class Name field enter class_vlan Chapter 12 DiffServ 239 240 e f ProSafe M4100 and M7100 Managed Switches Click Add to create a new class class_vlan l System Switching Routing Security Monitoring Maintenance Help Index gt Diffserv Wizard Class Name Auto oIP Class Name E Class Name Class Type DiffServ EI C Configuration DC class vlan All gt Glass aerer EIEEE E E E Configuration IPv6 Class Configuration Policy Configuration Service Interface Configuration Service Statistics Click class_vlan to configure this class A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Diffserv Wizard Class Configuration gt Auto VoIP Class Information gt Basic z p Advanced _ Class Name class_vian DiffServ Class Type All Configuration Class DiffServ Class Configuration Configuration ov kiatch Every 7 IPv6 Class Configuration i C Reference Class Clase Of Service f VLAN s 0 to 4095 Configuration i __ 5 Etherne
455. lt m VLAN2 Static b Enter the following information e Inthe VLAN ID field enter 3 e Inthe VLAN Name field enter VLANS3 e Inthe VLAN Type list select Static c Click Add 18 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2 and to specify that frames will always be transmitted tagged from all member ports and that untagged frames will be rejected on receipt CLI Assign Ports to VLAN2 Netgear Switch Netgear Switch Netgear Switch Netgear Switch config Config interface range 1 0 1 1 0 2 Switch conf if range 1 0 1 1 0 2 vlan participation include 2 conf if range 1 0 1 1 0 2 vlan acceptframe vlanonly Switch conf if range 1 0 1 1 0 2 vlan pvid 2 Switch conf if range 1 0 1 1 0 2 exit Config vlan port tagging all 2 Switch Config Web Interface Assign Ports to VLAN2 1 Assign ports to VLAN2 a e Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays Y A y y 4 Switching Routing Security Monitoring Maintenance Help STP Multicast Address Table Ports LAG Basic VLAN Membership Advanced VLAN VLAN Membership Configuration LAN ID Group Operation Untag All VLAN Membership VLAN2 UNTAGGED PORT MEMBERS pce Stati TAGGED PORT MEMBERS 5 Static OO O O O O MAC Based VLAN bcbg SB
456. lt link level encapsulation format is Ethernet Configure the IP addresses and subnet masks for the ports Network directed broadcast frames will be dropped The maximum transmission unit MTU size is 1500 bytes 62 Chapter 4 Port Routing ProSafe M4100 and M7100 Managed Switches CLI Enable Routing for Ports on the Switch Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear config Config interface 1 0 2 Interface 1 0 2 routing Interface 1 0 2 ip address 192 150 2 1 255 255 255 0 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 routing Interface 1 0 3 ip address 192 150 3 1 255 255 255 0 Interface 1 0 3 exit Config interface 1 0 5 Interface 1 0 5 routing Interface 1 0 5 ip address 192 150 5 1 255 255 255 0 Interface 1 0 5 exit Config exit Web Interface Enable Routing for Ports on the Switch 1 Assign IP address 192 150 2 1 24 to interface 1 0 2 a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP IP Interface Configuration IP Configuration Configuration Statistics Go To Interface rT 82 J IP Interface paige SIR et LAN Routi Administrati Secondary IP Interface Descript
457. lticost IPv Multicast gt Basic IP Interface Configuration v Advanced IP Configuration gt Statistics 1 2 VLANS All IP Interface Configuration Secondary IP IP Interface Configuration we Link Speed Data Rate Disable Enable Unknown Disable Enable Unknown Disable Enable Unknown Disable Enable Unknown Disable Enable Unknown Disable Enable Unknown Disable Enable Unknown Disable Enable Unknown Disable Enable Unknown z Li x O r 5 e a Under IP Interface Configuration scroll down and select the Port 1 0 15 check box In the IP Address Configuration Method field enter Manual In the IP Address field enter 10 200 1 1 In the Subnet Mask field enter 255 255 255 0 In the Routing Mode field select Enable Click Apply to save the settings 5 Create a routing interface and assign 10 200 2 1 24 to it a 920 5 g Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays Routing QoS Security Monitoring Maintenance Help Index Routing Table IPv VLAN ARP RIP OSPF OSPFv3 Router Discover VRRP Multicast IPv Multicast ng Y IP Interface Configuration IP Interface Configuration gt IP Configuration gt Statistics 1 2 LANS All gt IP Interface Configuration ress IP gt Secondary IP z i Configuration Address eed Data Rate a e Disable Unknown Disable Enable Unknown Disable Enable Unknown Disable Enable Unknown Di
458. mmand Line Interface CLI User Manual e ProSafe M4100 M7100 Managed Switch Web Management User Manual Chapter 1 Documentation Resources 15 VLANs Virtual LANs This chapter provides the following examples Create Two VLANs on page 17 Assign Ports to VLAN2 on page 19 Create Three VLANs on page 20 Assign Ports to VLAN3 on page 22 Assign VLAN3 as the Default VLAN for Port 1 0 2 on page 24 Create a MAC Based VLAN on page 25 Create a Protocol Based VLAN on page 28 Virtual VLANs Create an IP Subnet Based VLAN on page 31 Voice VLANs on page 33 Private VLANs on page 44 Assign Private VLAN Types Primary Isolated Community on page 46 Configure Private VLAN Association on page 48 Configure Private VLAN Port Mode Promiscuous Host on page 49 Configure Private VLAN Host Ports on page 50 Map Private VLAN Promiscuous Port on page 52 Adding virtual LAN VLAN support to a Layer 2 switch offers some of the benefits of both bridging and routing Like a bridge a VLAN switch forwards traffic based on the Layer 2 header which is fast Like a router it partitions the network into logical segments which provides better administration security and management of multicast traffic A VLAN is a set of end stations and the switch ports that connect them You can have different reasons for the logical division such as department or project membership The only physical requirement is that the end station and the port to which it i
459. mmand Log Configuration Console Log Configuration Admin Status Disable Enable Severity Fiter Configuration gt Trap Logs gt Event Logs cance apply b Under Console Log Configuration for Admin Status select the Disable radio bution c Click Apply 4 Configure the buffer logs a Select Monitoring gt Logs gt Buffer Logs Chapter 18 Syslog 341 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Ports i Mirroring Buffered Logs Buffered Logs gt Command Log Configuration Buffered Logs Console Log Admin Status Disable Enable Configuration s Behavior gt Sys Log Configuration gt Trap Logs gt Event Logs Message Log Total number of Messages 369 displaying only the last 128 messages lt 14 gt Jan 1 02 14 37 0 0 0 0 1 UNKN 774669480 dns_client_txrx c 195 371 DNS Client Configured DNS server 192 168 10 1 unreachable lt 14 gt Jan 1 02 13 26 0 0 0 0 1 UNKN 774669480 dns_client_txrx c 195 370 DNS Client Configured DNS server 192 168 10 1 unreachable lt 14 gt Jan 1 02 12 15 0 0 0 0 1 UNKN 774669480 dns_client_txrx c 195 369 9 DNS Client Configured DNS server 192 168 10 1 unreachable CLEAR REFRESH CANCEL APPLY Naah ao b Under Buffer Logs for Admin Status select the Enable radio button c Click Apply Show Logging
460. mmary Multicast Route Table Summary Incoming Protocol Interface Source IP Group IP 192 168 1 DOM te dak PIMDM 1 0 13 B show ip mcast mroute summary Multicast Route Table Summary Incoming Protocol Interface pource IP Group IP 192 168 1 1 225 1 1 1 PIMDM 1 0 10 C show ip mcast mroute summary Multicast Route Table Summary Incoming Protocol Interface Source IP Group IP Ee Oo dad 229a Medes k PIMDM D show ip mcast mroute summary Multicast Route Table Summary Incoming Protocol Interface pource IP Group IP 192 168 1 1 225 1 1 1 PIMDM 7 0 21 440 Chapter 28 PIM Outgoing Interface List Outgoing Interface List Outgoing Interface List Outgoing Interface List 7 0 24 ProSafe M4100 and M7100 Managed Switches Web Interface Configure PIM DM PIM DM on Switch A 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing QoS Security j Monitoring Maintenance Help Index Routing Table i IPS WLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast Basic IP Configuration IP Configuration Statistics IP Configuration Advanced Default Time to Live 64 Routing Mode ICMP Echo Replies Disable Enable ICMP Redirects Disable Enable ICMP Rate Limit Interval 1000 OR 21474832647 ms ICMP Rate Limit Burst Size 100 a to 200
461. n 454 Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching ME Gos Security Monitoring Maintenance Help index Routing Table Pwd VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced gt IP Configuration IP Interface Configuration gt Statistics 1 All ID Address Mask Mode Mode 2 IP Interface i Configuration s ie WLAN IP Subnet Routing Administrative Secondary IF Port Description s s 0 0 0 0 0 0 0 0 Disable Enable 0 2 I 192 168 6 2 HE 255 255 255 0 b Scroll down and select the Port 1 0 22 check box Now 1 0 22 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 6 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 4 Configure 1 0 24 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System i Switching Routing mf Security Monitoring Maintenance Help Index Routing Table Pads VLAN ARP RIF OSPF OSPI Router Discovery VRRP Multicast Basic IP Interface Configuration Advanced gt IP Configuration IP Interface Configuration gt IP Interface Configuration Secondary IF Desc
462. n 0 0 0 0 Disable 1 10 40 0 0 0 0 Disable 1 10 40 b Scroll downand select the interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top e Inthe OSPF Area ID field enter 0 0 0 2 e Inthe OSPF Admin Mode field select Enable e Inthe Priority field enter 128 e Inthe Metric Cost field enter 32 c Click Apply to save the settings 6 Enable OSPF on port 1 0 3 a Select Routing gt OSPF gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP i Router Discovery VRRP gt Basic Interface Configuration Advanced OSPF Interface Configuration Configuration Go To Inte NSS4 Area Configuration Satie all Area Range 1 o 1 Disable Configuration 1 0 2 Enable Interface y Configuration Link ate T 170 5 0 0 Disable Common Area Dead Configuration OSPF Router Retransmit Hello Interval 1 Stub 4rea Interface OSPF Area ID Admin Priority 0 to Interval 0 Interval 1 HE M i 5 6 t Configuration tode 255 to 3600 o 65535 2147483647 a r 1 5 10 40 b Scroll down and select the interface 1 0 3 check box Chapter 7 OSPF 91 ProSafe M4100 and M7100 Managed Switches Now 1 0 3 appears in the Interface field at the top e Inthe OSPF Area ID field enter 0 0 0 3 e Inthe OSPF Admin Mode field select Enable e
463. n IP Routing Administrative Address Mode Mode j192 68 3 2 255 255 2550 o o o 192 188 2 2 255 255 255 0 Enable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable b Scroll down and select the interface 1 0 9 check box Now 1 0 9 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 3 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply 4 Configure 1 0 13 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing Qo Security j Monitoring Maintenance Help Index Routing Table IPw VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic IP Interface Configuration t Advanced gt IP Configuration IP Interface Configuration IP Interface Configuration Secondary IF Port Description FLAN IP Subnet Routing Administrative 1D Address HEEL Mode Mode TILO E 255 255 2550 192 166 2 2 255 255 255 0 Enable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable b Scroll down and select the interface 1
464. n Status Disable Enable Configuration Local UDP Port 1 to 65535 Sys Log Configuration Messages Relayed 0 gt Trap Logs Messages Ignored 0 gt Event Logs Host Configuration Pe ee eee eee E O 514 192 168 21 253 Active Critical ADD DELETE CANCEL APPLY Configure Logging for a Port The example is shown as CLI commands and as a Web interface procedure CLI Configure Logging for the Port Netgear Switch Routing config Netgear Switch Routing Config logging buffered Buffered In Memory Logging Configuration cli command CLI Command Logging Configuration console Console Logging Configuration host Enter IP Address for Logging Host syslog Syslog Configuration Netgear Switch Routing Config logging host lt hostaddress gt Enter Logging Host IP Address reconfigure Logging Host Reconfiguration remove Logging Host Removal Netgear Switch Routing Config logging host 192 168 21 253 Press Enter to execute the command Enter Port Id Chapter 18 Syslog 345 346 ProSafe M4100 and M7100 Managed Switches Netgear Switch Routing Config logging host 192 168 21 253 4 lt cr gt lt severitylevel gt error 3 warning 4 notice 5 info 6 debug 7 Press Enter to execute the command Enter Logging Severity Level emergency 0 alert 1 critical 2 Netgear Switch Routing Config logging host 192 168 21 253 4 1 Press Enter to execute the
465. n protocol This section explains how to configure the M4100 and M7100 Managed Switch to identify which traffic class a packet belongs to and how it should be handled to provide the quality of service you want As implemented on the M4100 and M7100 Managed Switch DiffServ allows you to control what traffic is accepted and what traffic is discarded How you configure DiffServ support on a M4100 and M7100 Managed Switch varies depending on the role of the switch in your network e Edge device An edge device handles ingress traffic flowing toward the core of the network and egress traffic flowing away from the core An edge device segregates inbound traffic into a small set of traffic classes and is responsible for determining a packet s classification Classification is based primarily on the contents of the Layer 3 and Layer 4 headers and is recorded in the Differentiated Services Code Point DSCP added to a packet s IP header e Interior node A switch in the core of the network is responsible for forwarding packets rather than for classifying them It decodes the DSCP code point in an incoming packet and provides buffering and forwarding services using the appropriate queue management algorithms Before configuring DiffServ on a particular M4100 and M7100 Managed Switch you must determine the QoS requirements for the network as a whole The requirements are expressed in terms of rules which are used to classify inbound traffic on a p
466. n this mode the IGMP router has to be statically configured to transmit all required multicast streams to the MVR switch 256 Chapter 14 MVR Multicast VLAN Registration ProSafe M4100 and M7100 Managed Switches CLI Configure MVR in Compatible Mode 1 Create MVlan VLAN1 VLAN2 and VLANS Netgear vlan database Netgear 1002 1003 name 999 mVlan name 1001 Vlanl name 1002 Vlan2 name 1003 Vlan3 2 Enable MVR configure VLAN 999 as a multicast VLAN and add group 224 1 2 3 to MVR Netgear Switch config Netgear Switch Config mvr Netgear Switch Config mvr vlan 999 Netgear Switch Config mvr group 224 1 2 3 3 Configure multicast VLAN on the source port Netgear Config interface 0 9 Netgear Interface 0 9 vlan participation include 999 Netgear Interface 0 9 vlan tagging 999 Netgear Netgear Interface 0 9 mvr type source Interface 0 9 mvr Netgear Interface 0 9 exit 4 Configure the receive ports Chapter 14 MVR Multicast VLAN Registration 257 ProSafe M4100 and M7100 Managed Switches Note The receive port can participate in only one VLAN Switch Config interface 0 1 Switch Interface 0 1 vlan participation Switch Interface 0 1 vlan pvid 1001 Switch Interface 0 1 vlan participation exclude Switch Interface O 1 mvr Switch Interface 0 1 mvr type receiver Switch Interface 0 1 mvr vlan 999
467. naged Switches A screen similar to the following displays System Switching Routing Qo Security Monitoring Maintenance Help Index Routing Table IPvd VLAN ARP RIP OSPF OSPF Rouler Discovery VRRP Multicast Basic IP Interface Configuration Advanced gt IP Configuration IP Interface Configuration 2 Statistics 1 All IP Interface Configuration SR gt TEN YLAN IP Subnet Routing Administrative Secondary IP Port Description eee ID Address Mask Mode Mode Ra ED s2tce Wesss esso Mere lt P Ere C ii 0 0 0 0 0 0 0 0 Disable Enable Scroll down and select the Port 1 0 21 check box Now 1 0 21 appears in the Interface field at the top Enter the following information e Inthe IP address enter 192 168 5 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable Click Apply to save the settings 3 Configure 1 0 22 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration d A screen similar to the following displays System Switching Routing o5 Security Monitoring Maintenance Help Index Routing Table I Pwes VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced IP Configuration IP Interface Configuration IP Interface Configuration es FLAN IP Routing Administrative Secondary IP Port
468. nagement Security Access Port Authentication Traffic Control MAC ACL MAC Rules MAC ACL MAC Rules Rules MAC Binding ACL Name Configuration Binding Table gt IP ACL Rule Table Assign Match Destination MAC Action Destination MAC Every Mask In the ACL Name field select acl_bpdu In the Action field select Deny Enter the following information in the Rule Table e Inthe ID field enter 1 e Inthe Destination MAC field enter 01 80 c2 00 00 00 e Inthe Destination MAC Mask field enter 00 00 00 ff ff ff Click the Add button 3 Create a another rule associated with the ACL acl_bpdu a C Select Security gt ACL gt MAC ACL gt MAC Rules A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control MAC ACL MAC Rules MAC ACL MAC Rules Rules MAC Binding ACLName acl_bpdu x Configuration Binding Table gt IP ACL Rule Table A ZEIN Match Destination MAC si Destination MAC Every Mask i i 80 C2 00 00 00 00 00 00 be FF FF Select acl_bpdu in the ACL Name field Enter the following information in the Rule Table e Inthe ID field enter 2 e In he Action field select the Permit Click the Add button 4 Apply the ACL acl_bpdu to port 2 a Select Security gt ACL gt MAC ACL gt MAC Binding Configuration Chapter 10 ACLs
469. nce Help Index i Route Configuration Configure Routes Subnet mask Next Hop IP Address Pb 255 255 255 0 Piszise2002 HEET Eia 172 166 700 2 Learned Routes Pagar bere Piast Hap H xt Hop IP Address Tipe i i Interface Dynamic 192 168 100 0 255 255 255 0 Local Vian 100 192 168 100 1 b Under Configure Routes make the following selection and enter the following information e Inthe Route Type list select Static e Inthe Network Address field enter 192 168 50 0 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Next Hop IP Address field enter 192 168 200 2 c Click Add 7 Create an ACL with ID 101 a Select Security gt ACL gt Advanced gt IP ACL A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Manogement Security Access Port Authentication Traftic Control IP ACL IP ACL IP Rules Current Sumber of ACL gt IP Extended Rules Maximum ACL gt IP Binding Configuration Binding Table IP ACL Table IF ACL ID b In the IP ACL Table in the IP ACL ID field enter 101 c Click Add 8 Create an ACL with ID 102 a Select Security gt ACL gt Advanced gt IP ACL 150 Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays system Switching Routing Qo Security Monitoring Monogement Security Aconss Port Au
470. nd enter the following information e Inthe ACL ID field select 102 e Inthe Sequence Number field enter 1 c Click Unit 1 The ports display d Click the gray box under port 24 A check mark displays in the box e Click Apply to save the settings 12 Apply ACL 101 to port 48 a Select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Management Security Access Port Authentication Traffic Control MAC ACL IP Binding Configuration IP ACL IP ACL Binding Configuration 2 I Rules cL IG Direc tihom IP Extended Rules Sequence Number 1 te 4294967295 gt IP Binding a i Configuration 2 Binding Table Port Selection Table Port i 2 3 4 5 6 7 B 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Interface lt u Status ACL Type ACL ID Sequence Number ifoza Inbound IP ACL 168 Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches e Under Binding Configuration make the following selection and enter the following information e In he ACL ID field select 101 e Inthe Sequence Number field enter 1 Click Unit 1 The ports display Click the gray box under port 48 A check mark displays in the box Click Apply to save the settings 13 Apply ACL 103 to port 24 and port
471. nder Port Security Configuration in the Port List field select 1 0 1 3 Select the Convert Dynamic Address to Static check box 4 Click Apply to save the settings Create a Static Address The example is shown as CLI commands and as a Web interface procedure 272 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches CLI Create a Static Address Netgear Switch Interface 1 0 1 port security mac address 00 13 00 01 02 03 Web Interface Create a Static Address 1 Select Security gt Traffic Control gt Port Security gt Static MAC address A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Management Security Access Port Authentication ACL gt MAC Filter Static MAC Address Configuration gt Storm Control Port Security Port List Port Interface 170 1 Administration Interface Configuration Static MAC Address AXE areal Pues Static MAC Address PETN Address i EERE Static MAC 00 13 00 01 02 03 x T Address 00 0 45 30 15 F3 gt Protected Port 00 13 46 EC 2F 62 1 00 14 6 0 68 81 23 1 2 Under Port List in the Interface list select 1 0 1 3 Inthe Static MAC Address section of the screen enter the following information e Inthe Static MAC Address field enter 00 13 00 01 02 03 e Inthe Vian ID list select 3 4 Click Add Protected Ports This section describes how to set up
472. nder Private VLAN Port Mode Configuration select the 1 0 1 interface check box Now 1 0 1 appears in the Interface field at the top c In the Port VLAN Mode field select Promiscuous from the pull down menu Chapter 2 VLANs 49 ProSafe M4100 and M7100 Managed Switches d Click Apply to save the settings 2 Configure ports 1 0 2 1 0 5 to host port mode a Select Security gt Traffic Control gt Private VLAN gt Private VLAN Port Mode Configuration A screen similar to the following displays System Switching Rowhing Monitoring Maintenance Help Inde gt HAC Filter Private Vlan Port Mode Configuration Port Security Privute Group Private Vian Port Mode Configuration Protected Port Ge To Teterface Private Vian Private Vien Type k I J om s Pit ie Promipeugri Agpociation Conhgurabor Private Wien Port Meta enhgiurrtice i Pre Ulem Hei b Under Private VLAN Port Mode Configuration select the 1 0 2 to 1 0 5 interface check box c In the Port VLAN Mode field select Host from the pull down menu d Click Apply to save the settings Configure Private VLAN Host Ports 50 The example is shown as CLI commands and as a Web interface procedure CLI Configure Private VLAN Host Ports Use the following commands to associate Isolated ports 1 0 2 1 0 3 to a private VLAN primary 100 secondary 101 Community ports 1 0 4 1 0 5 to a private VLAN primary 100 secondary 102 Netgear Switc
473. nections 7 Power up the new switches one by one Verify by monitoring the master switch console port that the new switch joins the stack by issuing the show switch command The new switch should join as a member never as master the existing master of the stack should not change 8 If the firmware version of the newly added member is not the same as the existing stack update the firmware as described in Upgrade the Firmware on page 354 Remove a Switch from the Stack 1 Make sure the redundant stack connection is in place and functional All stack members should be connected in a logical ring 2 Power down the switch to be removed Note Removing powered on stack members can cause the switch stack to divide partition into two or more switch stacks each with the same configuration However if cabled correctly the switch stack should not divide 3 Disconnect the stack cables 4 lf the switch is not to be replaced reconnect the stack cable from the stack member above to the stack member below the switch being removed 5 Remove the switch from the rack 6 If you want to remove the switch from the stack configuration issue the command no member lt unit id gt If the switch stack divides and you want the switch stacks to remain separate change the IP address or addresses of the newly created switch stacks If you did not intend to partition the switch stack 362 Chapter 19 Switch Stacks ProSafe M4100
474. nfigure the Switch with a Multicast Router Using VLAN 249 Web Interface Configure the Switch with a Multicast Router Using VLAN249 IGMP COUCH cam note oie taeda wee gd pisin wend phases Reece 250 Enable IGMP Querier 0 0 0 eee 251 CLI Enable IGMP Querier 0 0 0 0 cece eee eee 251 Web Interface Enable IGMP Querier 0000 e eee ees 252 Show IGMP Querier Status anaana cece ee eee 254 CLI Show IGMP Querier Status 0 6 6 csncsia week da Nae ae 254 Web Interface Show IGMP Querier Status 005 254 Chapter 14 MVR Multicast VLAN Registration Configure MVR in Compatible Mode 0 0000 eee eee eee 256 Contents 7 ProSafe M4100 and M7100 Managed Switches CLI Configure MVR in Compatible Mode 0005 257 Web Interface Configure MVR in Compatible Mode 259 Configure MVR in Dynamic Mode 0 000 cee ee ees 263 CLI Configure MVR in Dynamic Mode nnana anaana anaana 263 Web Interface Configure MVR in Dynamic Mode 265 E E EE EE as E EEE T EEE EEEE EE EET ET 268 Chapter 15 Security Management FOR ECU ea e a aa ea eee seen 269 Set the Dynamic and Static Limit on Port 1 0 1 270 CLI Set the Dynamic and Static Limit on Port 1 0 1 270 Web Interface Set the Dynamic and Static Limit on Port 1 0 1 270 Convert the Dynamic Address Learned from 1 0 1 to a Static Address 271 CLI Con
475. nfigured this additional port is then used exclusively by captive portal Note that this optional port is in addition to the standard HTTP port 80 which is currently being used for all other Web traffic Captive portal for wired interfaces allows the clients directly connected to the switch to be authenticated using a captive portal mechanism before the client is given access to the network When a wired physical port is enabled for captive portal the port is set in captive portal enabled state such that all the traffic coming to the port from the unauthenticated clients is dropped except for the ARP DHCP DNS and NETBIOS packets The switch forwards these packets so that unauthenticated clients can get an IP address and resolve the hostname or domain names Data traffic from authenticated clients goes through and the rules do not apply to these packets All the HTTP HTTPS packets from unauthenticated clients are directed to the CPU on the switch for all the ports that are enabled for captive portal When an unauthenticated client opens a Web browser and tries to connect to network the captive portal redirects all the HTTP HTTPS traffic from unauthenticated clients to the authenticating server on the switch A captive portal Web page is sent back to the unauthenticated client The client can authenticate If the client successfully authentiates the client is given access to port Chapter 32 Captive Portal 542 ProSafe M4100 and M7100 Managed
476. ng but Layer 3 routing must be explicitly enabled first for the M4100 and M7100 Managed Switch as a whole and then for each port that is to be part of the routed network The configuration commands used in the example in this section enable IP routing on ports 1 0 2 1 0 3 and 1 0 5 The router ID will be set to the M4100 and M7100 Managed Switch s management IP address or to that of any active router interface if the management address is not configured After the routing configuration commands have been issued the following functions will be active e IP forwarding responsible for forwarding received IP packets e ARP mapping responsible for maintaining the ARP Table used to correlate IP and MAC addresses The table contains both static entries and entries dynamically updated based on information in received ARP frames e Routing Table Object responsible for maintaining the common routing table used by all registered routing protocols You can then activate RIP or OSPF used by routers to exchange route information on top of IP Routing RIP is more often used in smaller networks while OSPF was designed for larger and more complex topologies The following figure shows a Layer 3 switch configured for port routing It connects three different subnets each connected to a different port Layer 3 switch acting as a router Port 1 0 2 Port 1 0 5 192 150 2 2 192 64 4 1 Port 1 0 3 192 130 3 1 Subnet 2 Subnet 3 Subne
477. ng Binding Configuration Static Binding Configuration Interface MAC Address FLAW ID IP Address eS EO Dynamic Binding Configuration Interface MAC Address FLAN ID IP Address Lease Time IP Source Guard OO 18 8B S6 FD 35 192 168 10 94 86394 Enter Static Binding into the Binding Database You can also enter the static binding into the binding database CLI Enter Static Binding into the Binding Database 1 Enter the DHCP snooping static binding Netgear Switch Config ip dhcp snooping binding 00 11 11 11 11 11 vlan 1 192 168 10 1 interface 1 0 2 Chapter 15 Security Management 309 ProSafe M4100 and M7100 Managed Switches 2 Check to make sure the binding database has the static entry GSM7328S show ip dhcp snooping binding Total number of bindings 2 MAC Address IP Address VLAN Interface Lease Secs 00s Li The tiie ad 192 168 10 1 STATIC 00 16 76 A7 88 CC 192 168 10 89 DYNAMIC Web Interface Enter Static Binding into the Binding Database 1 Select Security gt Control gt DHCP Snooping gt Binding Configuration Hal HHEN ganapin DHCP Snooping Binding Configuration Global Configuration Static Binding Configuration Interface ater ace RAC Address Coatigurahon 5 Wie Aimi rig asia a Pergertene Configuration i ss WLAN ID IP Address Statics IP Source Guard Or LS 6B S6sFO S 292 168 10 2 Fill in the fields for the static binding and click
478. ng Configuration IGMP Snooping Configuration Interface Configuration Admin Mode C Disable Enable IGMP VLAN Configuration Unknown Multicast Filtering IGMP Snooping Configuration Multicast Router Multicast Control Frame Count 11 Configuration Multicast Router VLAN Configuration Interfaces Enabled for IGMP Snooping Data Frames Forwarded by the CPU Querier Configuration Querier VLAN VLAN IDs Enabled for IGMP Snooping Configuration gt MLD Snooping b For Admin Mode select the Enable radio button c For Unknown Multicast Filtering select the Enable radio button d Click Apply Show igmpsnooping 246 The example is shown as CLI commands and as a Web interface procedure Chapter 13 IGMP Snooping and Querier ProSafe M4100 and M7100 Managed Switches CLI Show igmpsnooping Netgear Switch show igmpsnooping Admin Mode Disable Unknown Multicast Filtering Disable Multicast Control Frame Count Interfaces Enabled for IGMP Snooping VLANS enabled for IGMP snooping Web Interface Show igmpsnooping Select Switching gt Multicast gt IGMP Snooping Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Address Table Ports LAG MEDB IGMP Snooping Configuration IGMP Snooping Configuration Interface Configuration IGMP VLAN Configuration Unknown Multicast Filtering Disable Ena
479. ng Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast address In IPv6 MLD snooping performs a similar function With MLD snooping IPv6 multicast data is selectively forwarded to a list of ports Chapter 30 MLD 519 520 ProSafe M4100 and M7100 Managed Switches that want to receive the data instead of being flooded to all ports in a VLAN This list is constructed by snooping IPv6 multicast control packets MLD is a protocol used by IPv6 multicast routers to discover the presence of multicast listeners nodes configured to receive IPv6 multicast packets on its directly attached links and to discover which multicast packets are of interest to neighboring nodes MLD is derived from IGMP MLD version 1 MLDv1 is equivalent to IGMPv2 and MLD version 2 MLDv2 is equivalent to IGMPv3 MLD is a subprotocol of Internet Control Message Protocol version 6 ICMPv6 and MLD messages are a subset of ICMPv6 messages identified in IPv6 packets by a preceding Next Header value of 58 The switch can snoop on both MLDv1 and MLDv2 protocol packets and bridge IPv6 multicast data based on destination IPv6 multicast MAC addresses The switch can be configured to perform MLD snooping and IGMP snooping simultaneously CLI Configure MLD Snooping 1 Enter the following commands Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch
480. ng Routing Monitoring Maintenance Help Index Routing Table IP IP VLAN ARP i OSPF OSPFv3 Router Discovery VRRP Multicast Basic Interface Configuration Advanced RIP Configuration Interface Configuration Interface Interface 170 21 Configuration Send Version ihe Receive Version Redistribution RIP Admin Mode Authentication Type b In the Interface list select 1 0 21 c For RIP Admin Mode select the Enable radio button d Click Apply 5 Enable RIP on interface 1 0 22 a Select Routing gt RIP gt Advanced gt Interface Configuration Chapter 28 PIM 451 452 A screen similar to the following displays System Switching Routing Routing Table IP i gt Basic Advanced RIP Configuration Interface Configuration Route Redistribution Qo05 i OSPF Security Pwd VLAN ARP Interface Configuration Interface Configuration Interface _ Send Version Receive Version _ RIP Admin Mode Authentication Type b In the Interface list select 1 0 22 c For RIP Admin Mode select the Enable radio button d Click Apply 6 Enable mulicast globally a Select Routing gt Multicast gt Global Configuration A screen similar to the following displays System Routing Table IP gt Mroute Table Global Configuration Interface Configuration gt DYMRP IGMP PIM DM PIM SM MLD Static Routes Configuration gt Admin Boundary Configu
481. ng Routing Security Monitoring Maintenance Halp lados Monsgameai Secrity e TT Port Aufhanhcahon Trot Conal Coniral Basic Extended ACL Rules Advanced F ACL J Rules IP Extended Rules e IPye ACL z Pyt Rubis P Gerding IP Rules ACL IP MAHE Extended ACL Rule Table Source Match Protocol TCR Flag IP Every Keyword Address Redirect Interface zign irrror A Elion L agare 5 s Queue 10 Interface Configuration r Birding Table z Vlen Banding Tabs IF Mask Permit Darahli oO Permit issble oF Bind the ACL with interface 1 0 1 a Select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays Synem Seitching Monioring Mointenance Help Basit IF Binding Configuration Aiea nd 2 JP ACL iF Rules IF Extended Aulas PVG ACL Pr Rules Binding Configuration redirectHTT 1 te 422 8S Binding Table Vian Binding Tabla Interface Binding Status ACL Trae Interlace Direction ACL ID Mane Lora Intang IF ALL redirectHTTe b In the Sequence Number field enter 1 Chapter 10 ACLs 1 Destination Desbinal ProSafe M4100 and M7100 Managed Switches c In the Port Selection Table click Unit 1 to display all the ports d Select the check box below Port 1 e Click Apply At the end of this configuration a screen similar to the following displays Configure IPv6 ACLs
482. nitoring Maintenance Management Security Aces Port Authentication Troftic Control gt IP ACL IP ACL IP Rules Current Number of ACL 2 IP Binding Configuration Binding Table IP ACL Table macei Rules Type 101 Extended 102 Extended b In the IP ACL ID field of the IP ACL Table enter 103 c Click Add 8 Add and configure an IP extended rule that is associated with ACL 101 a Select Security gt ACL gt Advanced gt IP Extended Rules 164 Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Gos Security Monitoring Maintenance Halp index Manogomani Security Aceon Part duthenticotion Traffic Control IP Extended Rules IP Extended Rules IF Rules ACL ID o gt IP Extended Rules IF Binding Configuration Extended ACL Rule Table gt Banding Table Source Source IF IP Address Mask Assign Match Proetecal TCP Qucuc Every Keyword Flag Under IP Extended Rules in the ACL ID field select 101 c Click Add The Extended ACL Rule Configuration screen displays System Switching Routing QoS Security Monitoring Maintenance Help Index Monogomaent Security Acomss Port Authentication Traffic Control Extended ACL Rule Configuration Extended ACL Rule Configuration 100 199 gt IF Rules gt IP Extended Rules ACLID ECH IP Binding Configuration Rule ID 1 to 23
483. nitoring Maintenance Help Index Routing Table VLAN ARP RIP OSPF Router Discovery VRRP IP Configuration Configuration IP Configuration Statistics Default Time to Live 30 gt Advanced Routing Mode Disable Enable IP Forwarding Mode Disable Enable Maximum Next Hops 2 b For Routing Mode select the Enable radio button c Click Apply to save the settings 2 Assign IP address 192 168 30 1 to port 1 0 11 a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP OSPF Router Discovery VRRP IP Interface Configuration Configuration Configuration Go To Interface GO Statistics epee sean Routi Administrati Configuration Interface Description IP Address Subnet Mask aaa pire acta Secondary IP Aee Eee Se CI 1 0 1 Disable Enable b Scroll down and select the interface 1 0 11 check box Now 1 0 11 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 30 1 e Inthe Network Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Assign IP address 192 168 20 2 to port 1 0 15 a Select Routing gt IP gt Advanced gt IP Interface Configuration Chapter 7 OSPF 113 114 ProSafe M4100 and M
484. nt ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Monitoring Mainhananca Help indas DHCP Snooping Interface Confiquration Global Lert ra E neys DHCP Snooping interi Configuration Configuration E af t J aping nahiei msaa a ENT Pores hrs a arc I 2 Ali Go Te Inierlace oeiia Logging Binding Interface Trost Mode Invalid Rate Linit pps furst nterval sece Cordiquration Packets scents m Conhgurstin b Select the check box for Interface 1 0 1 c For Interface 1 0 1 set the Trust Mode as Enable d Click Apply A screen similar to the following displays Switching G Security Monitoring Maintenance MERETET DREP Sanoping DHCP Snooping Interface Configuration a Global fankguration DHCP Snooping Interface Configuration thtelace Sania ur aii Bmdng Logging conhguraton jer ace uet Moe Tinea bid Bate Limiti pe iret laterval pecs Persivient Configuration e Statistics IP Source Guard F auii Qitable Dynamic ARP an a o 1 Al 4 View the DHCP Snooping Binding table a Select Security gt Control gt DHCP Snooping Binding Configuration A screen similar to the following displays System Switching Routing Qos Security Monitoring Maintenance Help Management Security Accoss Port Authentication Traffic Control DHCP Snooping DHCP Snooping Binding Configuration Global Configuration Static Binding Configuration 5 Interface m I
485. nt 2 0 2 to 10 DHCP Server Statistics g Packet Loun 0 2 to 10 DHEP Bindings Conflict Logging Mode Disable Enable Information Bootp Automatic Mode Disable 0 Enable DHCP Conflicts Information Excluded Addresses IP Range From IP Range To 2 For Admin Mode select the Enable radio button 3 Click Apply to enable the DHCP service 4 Select System gt Services gt DHCP Server gt DHCP Pool Configuration Chapter 22 DHCP Server 385 386 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Rout ng Qos Security Monito ring Maintenance Management Device View Stacking SNMP DHCP Server DHCP Pool Configuration DHCP Server Configuration DHCP Pool Configuration G DHCP Pool Configuration a eee pool_manual DHCP Pool Options areae DHCP Server Statistics Pon Haina DHCP Bindings Typa of Binding Manual Information Network Number DHCP Conflicts Network Mask Information Network Prefix Length 0 32 j puc lit Client Name Pioda sd UDP Relay Hardware Address 00 01 02 03 04 05 Hardware Address Type ethernet Client ID Host Number 192 168 200 1 Host Mask 255 255 255 0 Host Prefix Length 0 32 Lease Time Specified Duration Days ii O O 0 to 59 Hours oO f0 te 1439 lin iL LI U ta gin Steal Under DHCP Pool Configuration enter the following informati
486. nt Logs Message Log Total number of Messages 369 displaying only the last 128 messages lt 14 gt Jan 1 02 14 37 0 0 0 0 1 UNKN 774669480 dns_client_txrx c 195 371 DNS Client Configured DNS server 192 168 10 1 unreachable lt 14 gt Jan 1 02 13 26 0 0 0 0 1 UNKN 774669480 dns_client_txrx c 195 370 DNS Client Configured DNS server 192 168 10 1 unreachable lt 14 gt Jan 1 02 12 15 0 0 0 0 1 UNKN 774669480 dns_client_txrx c 195 369 9 DNS Client Configured DNS server 192 168 10 1 unreachable lt 6 gt Jan 1 02 11 04 0 0 0 0 1 UNKN 774669480 dns_client_txrx c 195 CLEAR REFRESH CANCEL APPLY Show Logging Traplogs The example is shown as CLI commands and as a Web interface procedure CLI Show Logging Traplogs Netgear Switch Routing show logging traplogs lt cr gt Press Enter to execute the command Netgear Switch Routing show logging traplogs Number of Traps Since Last Reset Trap Log Capacity Number of Traps Since Log Last Viewed Log System Link Up Unit 3 Slot 0 Port Cold Start Unit 0 Failed User Login Unit 1 User ID admin Failed User Login Unit 1 User ID Multiple Users Unit 0 Slot 3 Port 1 Multiple Users Unit 0 Slot 3 Port 1 Web Interface Show Logging Trap Logs Chapter 18 Syslog 343 ProSafe M4100 and M7100 Managed Switches Select Monitoring gt Logs gt Trap Logs A screen similar to the following displays System Switch
487. nter 192 168 3 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Configure 1 0 11 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System i Switching Routing Qos Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP OSPF OSPFy3 Rouler Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced IP Configuration IP Interface Configuration Statistics 1 all Configuration Secondary IP Dascrintoa LAN IP Subnet Routing Administrative ID Address Mask Mode Mode 0 0 0 0 0 0 0 0 Disable Enable b Scroll down and select the Port 1 0 11 check box Now 1 0 11 appears in the Port field at the top c Enter the following information e Inthe IP Address field enter 192 168 5 1 e Inthe Subnet Mask field enter 255 255 255 0 Chapter 28 PIM 471 472 4 5 6 ProSafe M4100 and M7100 Managed Switches e Inthe Routing Mode field select Enable d Click Apply to save the settings Enable RIP on interface 1 0 10 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Routing Table IP IPvG i VLAN ARP OSPF OSPF gt Basic Interface Configuration
488. nterface MAC Address Configuration lt lt Aiding S Configuration Persistent Dynamic Binding Configuration z Configuration Interface MAC Address Lease Time Statistics IP Source Guard 00 18 86 5565 F0 35 192 168 10 94 26794 5 Enable ARP Inspection in VLAN 1 a Select Security gt Control gt Dynamic ARP Inspection gt DAI VLAN Configuration Chapter 15 Security Management 301 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Maintenance Halp Index System Switching Rouling i Mercere hipanga rene Sapa iy de cae Port Agthaaheo hoes DHCP Snooping Dynamic ARP Inspection Configuration o IP Source Guard ee VLAN Configuration WLAN Dyas Logging ARP Dinewalied ARP ACL Hame D4 Configuration 1D laape ction Packets BAJ Po as Cundeynpe eran u E EE DAL Interface Gonhiquraben e DAT ACL Configersbn t DAT ACL Rula Conhiguraben a DAJ Statistics gt Captive Portal b In the VLAN ID field enter 1 c In the Dynamic ARP Inspection field select Enable A screen similar to the following displays Syviem Switching Routing Gas Teguri Monitoring Mainhenarce i Help inden Kner beruriy Acca Pon Airtherttier teen i DHP Snooping Dynamic ARP Inspection Configuration IP Source Guard s he kiip VLAN Configuration Dipth aide B J ath iris Tnepection Dynamic Logging i iaj ARP Invalid ARP ACL Name Statin Gal C
489. nthe Interface list select 0 2 1 e For RIP Admin Mode select the Enable radio button c Click Apply to save the settings Chapter6 RIP 85 OSPF Open Shortest Path First This chapter provides the following examples e Inter area Router on page 87 e OSPF on a Border Router on page 92 e Stub Areas on page 98 e nssa Areas on page 107 e VLAN Routing OSPF on page 116 e OSPFv3on page 122 For larger networks Open Shortest Path First OSPF is generally used in preference to RIP OSPF offers several benefits to the administrator of a large or complex network e Less network traffic Routing table updates are sent only when a change has occurred Only the part of the table which has changed is sent Updates are sent to a multicast not a broadcast address e Hierarchical management allowing the network to be subdivided The top level of the hierarchy of an OSPF network is Known as an autonomous system AS or routing domain and is a collection of networks with a common administration and routing strategy The AS is divided into areas Intra area routing is used when a source and destination address are in the same area and inter area routing across an OSPF backbone is used when they are not An inter area router communicates with border routers in each of the areas to which it provides connectivity The M4100 and M7100 Managed Switch operating as a router and running OSPF determines the best route using the assigned cost and the
490. o button e For IP Forwarding Mode select the Enable radio button Click Apply to enable IP routing 5 Create an ACL with ID 101 a b C Select Security gt ACL gt Advanced gt IP ACL A screen similar to the following displays System Switching Routing Qos Security Monitoring Maintenance Help Monegement Security Acesas Port Authentication Trafic Contre gt Basic IP ACL F Advanced IP ACL IP ACL IP Rules Current Humber of ACL o E IP Extended Rules Maximum ACL 100 IP Binding l Configuration Binding Table IP ACL Table aa In the IP ACL Table in the IP ACL ID field enter 101 Click Add 6 Create an ACL with ID 102 a Select Security gt ACL gt Advanced gt IP ACL Chapter 10 ACLs 163 ProSafe M4100 and M7100 Managed Switches A screen similar to the rome displays System Switching Routing Qo ERTU E Monitoring Maintenance Help Monogement Security Accs Port Authentication Trafic Control gt Basic Advanced 2 IP ACL 2 IP Rules gt IP Extended Rules gt IP Binding Configuration gt Binding Table IP ACL Table ip actio eel eee b In the IP ACL Table in the IP ACL ID field enter 102 c Click Add 7 Create an ACL with ID 103 a Select Security gt ACL gt Advanced gt IP ACL A screen similar to the following displays System Switching Routing aos item ty Mo
491. o button e Inthe Send Version field select RIP 2 3 Click Apply to save the settings Chapter 6 RIP ProSafe M4100 and M7100 Managed Switches 4 Select Routing gt RIP gt Advanced gt RIP Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Routing Table IP VLAN ARP i i OSPF Router Discovery VRRP Interface Configuration RIP Configuration Interface Configuration Interface Interface 1 0 3 v Configuration Send Version RIP 2 Route Redistribution Receive Version Both H RIP Admin Mode Disable Enable Authentication Type None Status 1 0 2 0 0 0 0 RIP 2 Both Disable Link 170 3 0 0 0 0 RIP 2 Both Disable Seon 0 5 Enter the following information e Inthe Interface field select 1 0 3 Maintenance Help Index Bad Bad IP Send Receive Admin Link 4 E Update Interface Packets Routes Address ersion ersion Mode State Sent Received Received 0 0 0 Link Down 0 0 e For RIP Admin Mode select the Enable radio button e Inthe Send Version list select RIP 2 6 Click Apply to save the settings Chapter 6 RIP 81 ProSafe M4100 and M7100 Managed Switches VLAN Routing with RIP 82 Routing Information Protocol RIP is one of the protocols that routers can use to exchange network topology information It is characterized as an interior gateway protocol an
492. o the following displays Switching Routing QoS Security Monitoring Maintenance Help Index i STP i Multicast Address Table Ports LAG Port VLAN Id Configuration P ID Configuration Configuration 1 Go To Interface la alla J VLAN Membership MAC Based VLAN 4093 Types Filtering re o Port PVID Port DYLAN Configuration v T r T 7 T 170 1 Admit All Disable Protocol Based VLAN Group Configuration 1 0 3 Admit All Disable 1 0 4 Admit All Disable 1 0 5 Admit All Disable 1 0 6 Admit All Disable 1 0 7 Admit All Disable Protocol Based VLAN Group Membership Under PVID Configuration scroll down and select the Interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top In the PVID 1 to 4093 field enter 3 Click Apply to save the settings Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches Create a MAC Based VLAN Switching Security epuer Maintenance Multicast Port VLAN Id Configuration PVID Configuration Configuration 1 All Go To Interface C laagi SO VLAN Membership Port VLAN Status nee ee P ID 1 to Acceptable Frame Ingress sites 0 MAC Based VLAN 4093 Types Filtering to 7 if 2 Port PVID Configuration Port DYLAN Configuration Protocol Based VLAN Group The MAC based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet
493. obal Configuration gt Interface Configuration DYMRP gt IGMP gt PIM DM PIM SM MLD gt Static Routes Configuration gt Admin Boundary Configuration Switching Routing imilar to the following displays Qos IP IPvS VLAN ARP RIP OSPF Global Configuration Global Configuration Admin Mode Protocol State Table Maximum Entry Count Protocol Table Enty Count Security OSPR Monitoring Er Maintenance iiig Help index VRRP Router Discovery Disable Enable Non Operational 256 No Protocol Enabled 0 b For Admin Mode select the Enable radio button c Click Appl y 9 Enable PIM DM globally a Select Routing gt Multicast gt PIM gt Global Configuration A screens System Switching AGI Routing Tabla Mroute Table Global Configuration gt Interface Configuration gt DYMRP gt IGMP PIH Global Configuration 55M 444 Chapter 28 PIM imilar to the following displays Qos Security IF 1 Ps ARP RIP OSPF OSPFya PIM Global Configuration PIM Global Configuration PIM Protocol Type Admin Mode Monitoring Maintenance Help Router Discovery VREP Pees Mulicasi PIM DM C PIM SM C Disable f Enable ProSafe M4100 and M7100 Managed Switches b For PIM Protocol Type select the PIM DM radio button c For Admin Mode select the Enable radio button d Click Apply 10 Enable PIM DM on interfaces 1 0 1 1 0 9
494. ode The client mode can be either broadcast mode or unicast mode If the NTP server is not your own you must use unicast mode Netgear Switch Config sntp client mode unicast 3 Once SNTP client mode is enabled the client waits for the polling interval to send the query to the server The default value is approximately 1 minute After this period issue the show Chapter 16 SNTP 319 ProSafe M4100 and M7100 Managed Switches command to confirm that the time has been received The time will be used in all logging messages Netgear Switch server server server server server server Server IP Address Type Stratum Reference Id Mode show sntp server 208 14 208 19 ipv4 4 NTP Srv 208 14 208 3 Server Maximum Entries 3 Current Entries 1 SNTP Servers IP Address Address Type IPV4 P rority 1 Version 4 Port Last Update Time Last Attempt Time 123 Last Update Status 208 14 208 Mar 26 03 36 09 2006 Mar 26 03 36 09 2006 Success Total Unicast Requests 2 Failed Unicast Requests 0 Web Interface Configure SNTP 1 Configure the SNTP server a Select System gt Management gt Time gt SNTP Server Configuration A screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index Device View Services Stacking SNMP gt System Information gt Switch Statistics gt System Resource gt IP
495. ode Detection et i Interval Statistics Transmits PETA gedaan a enable E l o i ie Cisable E eee vais Enable i Enable able isoo fi 1800 0 Configuration gt Route Table C 1 0 2 Disable Disable Enable Disable i500 1 1800 a Route Preference D ima Disable Disable Enable Disable 1500 1 1800 a gt Tunnel fi Disable Disable Enable Disable 1500 1 1800 S E IE E gurah Under IPv6 Interface Configuration scroll down and select the Interface 1 0 1 check box Now 1 0 1 appears in the Interface field at the top In the IPv6 Mode field select Enable Click Apply to save the settings 3 Assign an IPv6 address to the routing interface a select Routing gt IPv6 gt Advanced gt Prefix Configuration 424 Chapter 27 IPv6 Interface Configuration ProSafe M4100 and M7100 Managed Switches 920 5 A screen similar to the following displays l System Switching Routing Security Monitoring Maintenance Routing Table IP WLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic IPv6 Prefix Configuration Advanced Global IPv6 Interface Selection Configuration Interface Interface Configuration IPv6 Interface Configuration gt Prefix F Configuration Ipv6 Prefix Length EUI64 Valid Life Time Statistics Help Index _ Preferred Life Time gt E Sioned In the Interface list select 1 0 1 In the
496. ollowing examples e Double VLANs e Private VLAN Groups on page 402 Double VLANs This section describes how to enable the double DVLAN feature Double VLANs pass traffic from one customer domain to another through the metro core Custom VLAN IDs are preserved and a provider service VLAN ID is added to the traffic so the traffic can pass the metro core in a simple and cost effective manner You can use VLANs to specify customer ports and a service provider port In this example the switches have the same configuration Port 1 0 48 i Port 1 0 48 ss dh dub i FPF PEPP PIPI a a m Layer 2 switch kim _ Layer 2 switch Port 1 0 24 Port 1 0 24 FATT TE N Ueto ee b Ai Customer L Customer domain domain Figure 42 Double VLANS Chapter 24 Double VLANs and Private VLAN Groups 398 ProSafe M4100 and M7100 Managed Switches The following example shows how to configure the NETGEAR switch shown in the preceding figure to add a double VLAN tag for traffic going from the subnet domain connected to port 1 0 24 This example assumes there is a Layer 2 switch connecting all these devices in your domain The Layer 2 switch tags the packet going to the NETGEAR switch port 1 0 24 The example is shown as CLI commands and as a Web interface procedure CLI Enable a Double VLAN Create a VLAN 200 Switch vlan database Switch Vlan vlan 200 Vlan exit Netgear Netgear Netgear Switch Add interface 1 0
497. olored green That Chapter 12 DiffServ 237 238 ProSafe M4100 and M7100 Managed Switches means these packets will be the last packets to be dropped in the event of congestion beyond the policed rate Netgear Switch Config policy map policy_vlan in Netgear Switch Config policy map class class_vlan Netgear Switch Config policy classmap police simple 1000 64 conform action transmit violate action drop Netgear Switch Config policy classmap conform color class_color Netgear Switch Config policy classmap exit Netgear Switch Config policy map exit 4 Apply this policy to port 1 0 13 Netgear Switch Config interface 1 0 13 Netgear Switch Interface 1 0 13 service policy in policy_vlan P Netgear Switch Interface 1 0 13 exit Netgear Switch Config exit Web Interface Configure a Color Conform Policy 1 Create a VLAN a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Qo5 i STP i Multicast Address Table Ports LAG Routing security Monitoring Maintenance Help Index manele VLAN Configuration ZEAN i Reset E Configuration Saidvanced Reset Configuration C Internal YLAN Configuration E Internal LAN Allocation Base 4093 Internal WLAN Allocation Policy Ascending Descending LAN Configuration T LAN ID LAN Name Make Static Oe
498. omhiguraton io J AFT Inspection Packets Cay ay u Cm E o z DAnte eca Comhiguranon DAL ASL Configuration E DAL ACL Rube Coediguration gt DAL Stabi Captive Portal d Click Apply A screen similar to the following displays System Switching Routing Gos Monitoring Maintenances Help Mnoga rem Hamy Arep DHCP Snooping Dynamic ARP Inspection Confiquration Ts r aaar puani WLAN Configuration Dyuma ALP f yray Cyaan Logging oe ARP Invalid ARP ACL Name ha DA Configi piian io Packets a a Whe Inspection 3 Digable E DAJ Interface F int er Now all the ARP packets received on the ports that are member of the VLAN are copied to the CPU for ARP inspection If there are trusted ports you can configure them as trusted in the next step ARP packets received on the trusted ports are not copied to the CPU 302 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches Note Make sure the administrator PC has a DHCP snooping entry or can access the device through the trusted port for ARP Otherwise you might get disconnected from the device 6 Configure port 1 0 1 as trusted a Select Security gt Control gt Dynamic ARP Inspection gt DAI Interface Configuration b Select the Interface 1 0 1 check box For the Trust Mode select Enable d Click Apply A screen similar to the following displays Man rorng merit tet lita
499. on gt Switch Statistics DNS Configuration gt Systemi Resource DHS Status O Disable 5 Enable DNS Default Hame 0 to 235 i gt IP Configu ration ct tars gt Slot Information gt Time DNS gt DONS Host Configuration DNS Server Configuration 1d 7 210 170 a SY Serial No o 0 lt i 2 219 141 140 106 Under DNS Server Configuration in the DNS Server field enter 12 7 210 170 Click Add In the DNS Server field enter 219 141 140 10 Click Add Both DNS servers now show in the DNS Server Configuration table Manually Add a Host Name and an IP Address The following example shows commands to add a static host name entry to the switch so that you can use this entry to resolve the IP address The example is shown as CLI commands and as a Web interface procedure CLI Manually Add a Host Name and an IP Address Netgear Netgear Netgear Netgear Switch config Switch Config ip host www netgear com 206 82 202 46 Switch Config ip domain lookup Switch Config ping www netgear com Send count 3 Receive count 3 from 206 82 202 46 Web Interface Manually Add a Host Name and an IP Address 1 Select System gt Management gt DNS gt Host Configuration Chapter 21 DNS 379 380 3 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Switching Device View gt System Information gt Switch Sta
500. on of 2 2 0 0 0 0 Enable 1 5 10 40 Configuration 1 Interface Configuration Neighbor Table Link State VLANS All Status Interface OSPF Area ID SPF Runs Area Border Router Count AS Border Router Under Interface Configuration click VLANS to show all the VLAN interfaces Scroll down and select the interface 0 2 1 check box Now 0 2 1 appears in the Interface field at the top Enter the following information e Inthe OSPF Area ID field enter 0 0 0 2 e Inthe OSPF Admin Mode field select Enable e Inthe Priority field enter 128 e Inthe Metric Cost field enter 32 Click Apply to save the settings 5 Enable OSPF on VLAN 20 a Select Routing gt OSPF gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Routing Table IP VLAN ARP RIP gt Basic Advanced OSPF Configuration Common Area Configuration Stub 4rea Configuration NSSA Area Configuration rea Range Configuration Interface Configuration Neighbor Table Link State Database Virtual Link Security Monitoring Maintenance Help Index Router Discovery VRRP Router Retransmit Hello Priority 0 to Interval 0 Interval 1 255 to 3600 to 65535 Interface Configuration Interface Configuration VLANS All OSPF Interface OSPF Area ID Admin Mode Go To Inte Dead Interval 1 o 2147483647 CER EOS CR CR E
501. on e Inthe Pool Name list select Create e Inthe Pool Name field enter pool_manual e Inthe Type of Binding list select Manual e Inthe Client Name field enter dhcpclient e Inthe Hardware Address field enter 00 01 02 03 04 05 e Inthe Hardware Type list select ethernet e Inthe Host Number field enter 192 168 200 1 e Inthe Network Mask field enter 255 255 255 0 As an alternate you can enter 24 in the Network Prefix Length field e Inthe Days field enter 1 Click Add The pool_manual name is now added to the Pool Name drop down list Chapter 22 DHCP Server DHCPv6 Server This chapter provides the following examples e CLI Configure DHCPV6 on page 389 e Web Interface Configure an Inter area Router on page 390 e Configure Stateless DHCPv6 Server on page 394 Dynamic Host Configuration Protocol for IPv6 DHCP v6 is used to assign IPv6 addresses Statefully and distribute other configuration information such as domain name or DNS server Although DHCPv6 supports stateful address allocation prefix delegation and stateless services only prefix delegation mode and stateless service are supported on managed switches This chapter shows how to configure prefix delegation mode using DHCPV6 pool When create a DHCPV6 pool user needs to assign a prefix to client DUID DUID is used to identify the client s unique duid value The format iS XX XX XX XX XX XX RFC3315 defines three types a Link layer address plus time e
502. onfiguration gt Global Configuration PIM DM Interface Configuration gt Interface i Al Go To Interface Configuration acai gt DYMRP EEr ce Admin Hello Protocol Neighbor Designated gt IGMP Mode Interval State Address Count Router PIM DM CEOE m aS Global Disable 30 Non Operational 0 0 0 0 Configuration Interface Disable 30 Non Operationsl 0 0 0 0 hee Te r Disable 30 Non Operational 0 0 0 0 Under PIM Interface Configuration scroll down select the Interface 1 0 21 and 1 0 24 check boxes In the Admin Mode field select Enable Click Apply to save the settings 11 Enable MLD on the switch a select Routing gt IPv6 Multicast gt MLD gt Global Configuration Chapter 30 MLD ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays MLD Global Configuration MLD Global Configuration Admin Mode gt Static Routes Configuration fvstart 2 z S amp S gt Superte 198_7 198_7 GQ win2ks Automation vm b For Admin Mode select the Enable radio button c Click Apply 12 Enable MLD on interface 1 0 24 a Select Routing gt IPv6 Multicast gt MLD gt Routing Interface Configuration A screen similar to the following displays 2 Most visited gt Getting Started gt Latest Headlines http 127 0 0 1 2002 NETGEAR XSM72245 24 Port 10G SFP Ports Managed L2 Stackable Switch Connect with
503. onfiguration Statistics Default Time to Live 30 Advanced Routing Mode Disable Enable IP Forwarding Mode Disable Enable Maximum Next Hops 2 b For Routing Mode select the Enable radio button C Click Apply to save the settings 2 Assign the IP address 192 150 2 1 to port 1 0 2 a Select Routing gt IP gt Advanced gt IP Interface Configuration d A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Di Go To Interface GO IP Configuration Ae ich Routing Administrative gt Statistics Interface Description IP Address Subnet Mask rac Mode IP Interface swe Oee M e e e O 1 0 1 0 0 0 0 Disable Enable iv D 1 0 3 0 0 0 0 Enable T 1 0 4 0 0 0 0 Enable Scroll down and select the Interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top Enter the following information e Inthe IP Address field enter 192 150 2 1 e Inthe Network Mask field enter 255 255 0 0 e Inthe Routing Mode field select Enable Click Apply to save the settings 3 Enable VRRP on port 1 0 2 a Select Routing gt VRRP gt Advanced gt VRRP Configuration Chapter9 VRRP 131 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Routing Table
504. onfigure an IPv6 ACL 1 Create the access control list with the name ipv 6 acl Netgear Switch Config ipv6 access list ipv6 acl 2 Define three rules to e Permit any IPv6 traffic to the destination network 2001 DB8 COAB AC14 64 from the source network 2001 DB8 COAB AC11 64 184 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches e Permit IPv6 Telnet traffic to the destination network 2001 DB8 COAB AC13 64 from the source network 2001 DB8 COAB AC11 64 e Permit IPv6 HTTP traffic to any destination network from the source network 2001 DB8 COAB AC11 64 Netgear Switch Config ipv6 acl permit ipv 2001 DB8 COAB AC11 64 2001 DB8 COAB AC14 64 Netgear Switch Config ipv6 acl permit tcp 2001 DB8 C0OAB AC11 64 2001 DB8 COAB AC13 64 eq telnet Netgear Switch Config ipv6 acl permit tcp 2001 DB8 COAB AC11 64 any eq http 3 Apply the rules to inbound traffic on port 1 0 1 Only traffic matching the criteria will be accepted Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 ipv6 traffic filter ipv6 acl in Netgear Switch Interface 1 0 1 exit 4 Netgear Switch Config exit 4 View the configuration Netgear Switch show ipv6 access lists Current number of all ACLs 1 Maximum number of all ACLs 100 IPv6 ACL Name Rules Direction Interface s ipvo acl Netgear Switch show ipv6 access lists ipv6 acl ACL Name ipv6o ac
505. or IGMP Snooping Enable IGMP snooping on VLAN 1 a Select Switching gt Multicast gt IGMP Snooping gt IGMP VLAN Configuration A screen similar to the following displays Switching Routing Qos Security Monitoring Maintenance Help VLAN STP Multicast Address Table Ports LAG gt MEDB _ IGMP VLAN Configuration IGMP Snooping IGMP VLAN Configuration Configuration 1 7 i Fast Interface G 3 Leave Seta F Maximum Multicast Router Configuration a Membership i an Admin Response Time Expiry Time GMP VLAN Mada Interval Configuratan Multicast Router Configuration b Enter the following information e Inthe VLAN ID field enter 1 Chapter 13 IGMP Snooping and Querier ProSafe M4100 and M7100 Managed Switches e Inthe Admin Mode field select Enable c Click Add 3 Enable the IGMP snooping querier globally a Select Switching gt Multicast gt IGMP Snooping gt IGMP VLAN Configuration A screen similar to the following displays System E Routing QoS Security Monitoring Maintenance Help STP baltic Address Tablo Ports LAG IGMP Snooping Querier Configuration IGMP Snooping Querier Configuration Configuration Interface A E E Configuration Querier IP Address 10 10 10 1 Querier Admin Mode Disable Enable IGMP VLAN IGMP Version 2 Configuration Query Interval secs 60 1 to 16800 Multicast Router Configuration
506. orm in their support for the dual Image feature The Dual Image feature works in the following way in a Stack e When an image is activated the Management node notifies all the participating nodes All nodes activate the specified image Chapter17 Tools 331 332 ProSafe M4100 and M7100 Managed Switches e When any node is unable to execute the active image successfully it attempts to execute the backup image as mentioned in the section above Such cases will require user intervention to correct the problem by using appropriate stacking commands CLI Download a Backup Image and Make It Active Netgear Switch copy tftp 192 168 0 1 gsm73xxseps stk image2 192 168 0 1 gsm73xxseps stk Data Type Destination Filename Management access will be blocked for the duration of the transfer Are you sure you want to start y n y TFTP code transfer starting 101888 bytes transferred 277504 bytes transferred 410112 bytes transferred 628224 bytes transferred 803328 bytes transferred 978944 bytes transferred 1154560 bytes transferred transferred transferred transferred transferred transferred transferred transferred transferred 1330176 1861632 2391040 2916864 3443712 3970048 4496384 5027840 5554176 bytes bytes bytes bytes bytes bytes bytes bytes bytes transferred transferred transferred transferred transferred transferred transferred transferr
507. ort 1 0 1 2001 1 64 Port 1 0 21 Switch B Port 1 0 24 2001 3 64 Figure 49 Configure MLD CLI Configure MLD MLD on Switch A Netgear Switch configure Netgear Switch Config ipv6 router ospf Netgear Switch Config rtr router id 1 1 1 1 Netgear Switch Config exit 506 Chapter 30 MLD ProSafe M4100 and M7100 Managed Switches Switch Config ipv6 unicast routing Switch Config ipv6 pim dense Switch Switch Config ip multicast Switch Switch Config ip routing Config interface 1 0 1 Switch Interface 1 0 1 ipv6 address 2001 1 1 64 Switch Interface 1 0 1 ipv6 enable Switch Interface 1 0 1 ipv6 pim dense Switch Interface 1 0 1 ipv6 ospf Switch Interface 1 0 1 Interface 1 0 1 routing exit Switch Config interface 1 0 13 Interface 1 0 13 routing Interface 1 0 13 ipv6 address 2001 2 1 64 Interface 1 0 13 ipv6 enable Switch Switch Switch Switch Interface 1 0 13 ipv6 pim dense Switch Interface 1 0 13 ipv6 ospf Switch Interface 1 0 13 exit MLD on Switch B 1 Enable OSPFv3 to build a unicast route table Netgear Switch configure Netgear Switch Config ipv6 router ospf Netgear Switch Config rtr router id 2 2 2 2 Netgear Switch Config exit 2 En
508. ort sFlow receiver index and polling interval You need to repeat this for all the ports to be polled Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 sflow poller 1 Netgear Switch Interface 1 0 1 sflow poller interval 300 2 View the polling port configurations GSM7328S show sflow pollers Poller Receiver Poller Data Source Interval Web Interface Configure Time Based Sampling of Counters with sFlow 1 Configure thesampling ports sFlow receiver index and polling interval a Select Monitoring gt sFlow gt Advanced gt sFlow Interface Configuration b Select the Interface 1 0 1 check box c In the Poller Interval field enter 300 A screen similar to the following displays Security LEU toring Moinlnnance Help ladex Sewite hi outing Sy pigi g gt Basic sFlow Interface Configuration Maly atte eel flow agent 2Flow Interface Configuration T show Receiwer i Configuration 1 Al Go To interface fo ibe intertece Poller Sampler Gatigoriten s Li i Receiver Poller Receiver Sampie Maximu nterflace lndez nierval ETETE Rate Hender Sie Lal ee a a ee aa iiai i 200 i toza ft u m pO d Click Apply Chapter 20 SNMP 377 DNS Domain Name System This chapter provides the following examples e Specify Two DNS Servers e Manually Add a Host Name and an IP Address on page 379 This section describes the
509. oundary Configuration Table Maximum Entry Count 256 Protocol No Protocol Enabled b For Admin Mode select the Enable radio button C Click Apply 6 Enable DVMRP on the switch a Select Routing gt Multicast gt DVMRP gt Global Configuration Chapter31 DVMRP 539 540 Routing Table gt Mroute Table gt Global Configuration gt Interface Configuration F DYMRP Global Configuration Interface Configuration DVMRP Neighbor DYMRP Next Hop gt DYMRP Prune IPv ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security VLAN ARP RIP OSPF OSPFv3 Router Discovery _ VRRP Monitoring DVMRP Global Configuration DY MRP Global Configuration Admin Mode C Disable 5 Enable Version 3 Total Number of Routes 0 Reachable Routes 0 Maintenance Help b For Admin Mode select the Enable radio button c Click Apply 7 Enable DVMRP on the interface Routing Table gt Mroute Table Global Configuration gt Interface Configuration DYMRP Global Configuration Interface Configuration DVMRP Neighbor DVMRP Next Hop DVMRP Prune DVMRP Route gt IGMP gt PIM DM gt PIM SM Chapter 31 DVMRP a Select Routing gt Multicast gt DVMRP gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Se
510. outing gt Multicast gt DVMRP gt Global Configuration A screen similar to the following displays System Switching Routing Routing Table IP gt Mroute Table Global Configuration gt Interface Configuration DMAP Global Configuration Interface Configuration DYMRF Neighbor DVMRP Next Hop kd DVMRP Prune DVMRP Route security IPv WLAN ARP RIP OSPF OSPFW3 DVMRP Global Configuration DVMRP Global Configuration Admin Mode Version Total Number of Routes Reachable Routes Monitoring Maintenance Help VRRP Router Discovery i Disable Enable 3 1 1 b For Admin Mode select the Enable radio button c Click Apply 7 Enable DVMRP on the interface a Select Routing gt Multicast gt DVMRP gt Interface Configuration Chapter 31 DVMRP 533 534 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Routing Security Monitoring Maintenance Help Routing Table IP IPvS VLAN ARP RIP OSPF gt OSPR Router Discovery VRRP gt Mroute Table DVMRP Interface Configuration gt Global Configuration DYMRP Interface Configuration gt Interface i all Go To Interface Go Configuration OVMRP Neighbor DVMARP Next Hop DVMRP Prune DYMRP Route E Disable Kai In b Scroll down select the Interface 1 0 1 1 0 13 and 1 0 21 check boxes c In the Interface Mode field select 300 d Click Apply
511. owing information e Inthe IP Address field enter 10 100 5 33 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable Click Apply to save the settings 4 Create an authentication name list a Select Security gt Management Security gt Login gt Authentication List A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index i Access Port Authentication Traffic Control ACL v User Authentication List Configuration User Authentication List E onscement MEE Me dot xList m Undefined X E X 7 defaultList Poca Undefined Undefined Authentication List Login Sessions b Select the check box before dot1xList C d In the 1 list select Radius Click Apply 5 Set port 1 0 19 to force authorized mode In this case the RADIUS server is connected to this interface a Select Security gt Port Authentication gt Advanced gt Port Authentication Chapter 15 Security Management 283 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access i Traffic Control ACL Port Authentication Port Authentication Configuration Port Sit uiet Transmit Supplicant Server Maximum Periodic Port Summary erio erio imeou imeou C E eauthenticat
512. p count The routing table is broadcast to all stations on the attached network e RIPv2 defined in RFC 1723 Route specification also includes subnet mask and gateway The routing table is sent to a multicast address reducing network traffic Authentication is used for security You can configure a given port to do the following e Receive packets in either or both formats e Send packets formatted for RIPv1 or RIPv2 or send RIPv2 packets to the RIPv1 broadcast address e Prevent any RIP packets from being received e Prevent any RIP packets from being sent Chapter6 RIP 75 ProSafe M4100 and M7100 Managed Switches Layer 3 slwitch acting as a router i i a i i eee Port 1 0 2 Port 1 0 5 192 150 2 2 192 64 4 1 Port 1 0 3 192 130 3 1 ams hihih ihh Subnet 2 Subnet 3 Subnet 5 Figure 9 Network with RIP on ports 1 0 2 and 1 0 3 Routing for the Switch The example is shown as CLI commands and as a Web interface procedure CLI Enable Routing for the Switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit Web Interface Enable Routing for the Switch 1 Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays Routing F QoS T Security T Monitoring T Maintenance T Help T Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP v Basic IP Configuration IP Configuration
513. packet to be switched PC 1 PC 2 10 100 5 1 10 100 5 30 Figure 2 IP subnet based VLAN CLI Create an IP Subnet Based VLAN vlan database Vlan vlan 2000 Vlan vlan association subnet 10 100 0 0 255 255 0 0 2000 Vlan exit Netgear Switch Netgear Switch Netgear Switch Netgear Switch Create an IP subnet based VLAN 2000 Netgear Switch config Netgear Switch Config interface range 1 0 1 1 0 24 conf if range 1 0 1 1 0 24 vlan participation include 2000 conf if range 1 0 1 1 0 24 exit Config Switch Switch Switch Chapter 2 VLANs 31 32 ProSafe M4100 and M7100 Managed Switches Assign all the ports to VLAN 2000 Netgear Switch show mac addr table vlan 2000 MAC Address Interface Status 00 00 24 58 F5 56 1 7071 Learned 00 00 24 59 00 62 1 0 24 Learned Web Interface Create an IP Subnet Based VLAN 1 Create VLAN 2000 a Select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index STP Multicast Address Table Ports LAG gt Basic VLAN Configuration Advanced VLAN Reset Configuration Reset Configuration C VLAN Membership gt VLAN Status Internal YLAN Configuration Port PVID Configuration MAC Based VLAN IP Subnet Based VLAN Configuration VLAN SPAA DIEG LAN ID LAN
514. pe Queue Mapping IP DSCP Queue a oro e weighted tiaro Mapping 1 ofi weighted laap CoS Interface z 170 2 Configuartion Interface Queue Configuration weighted taildrop 0 0 C 170 2 o weighted taildrop o weighted taildrop b Under Interface Queue Configuration scroll down and select the interface 1 0 5 check box Now 1 0 5 appears in the Interface field at the top c In the Queue ID list select 2 d In the Minimum Bandwidth field enter 25 e Click Apply 17 Set the CoS queue 3 configuration for interface 1 0 5 Chapter 12 DiffServ 215 216 C d e ProSafe M4100 and M7100 Managed Switches Select QoS gt CoS gt Advanced gt Interface Queue Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index DiffServ gt Basic Interface Queue Configuration Advanced CoS Interface Queue Configuration Configuration Go To Interface GO J 602 1p Queue Mapping CE ye Minimum Scheduler E IP Precedence Bandwidth Type ao oe Queue Mapping veoscrame CMMI IT ID Mapping 1 of1 weighted taildrop 2 CoS Interface z 1 o 2 2 weighted taildrop Configuartion 2 2 Interface Queue Configuration T 1 04 weighted taildrop od Bo weighted taildrop O 10 7 weighted taildrop O 170 3 weighted taildrop Under Interface Queue Configuration scroll down and select the interface 1 0 5 check bo
515. physical links Chapter3 LAGs 54 ProSafe M4100 and M7100 Managed Switches e Better use of physical resources Traffic can be load balanced across the physical links e Increased bandwidth The aggregated physical links deliver higher bandwidth than each individual link e Incremental increase in bandwidth A physical upgrade could produce a tenfold increase in bandwidth LAG produces a two or fivefold increase useful if only a small increase is needed Create Two LAGs The example is shown as CLI commands and as a Web interface procedure CLI Create Two LAGs Netgear Switch config Netgear Switch Config port channel name lag 1 lag_10 Netgear Switch Config port channel name lag 1 lag_20 Netgear Switch Config exit Use the show port channel all command to show the logical interface IDs you will use to identify the LAGs in subsequent commands Assume that lag_10 is assigned ID 1 1 and lag_20 is assigned ID 1 2 Console show port channel all Port Link Channel Adm Trap STP Mbr Port Port Link Mode Mode Mode Type Ports Speed Active Dynamic Dynamic Web Interface Create Two LAGs 1 Create LAG lag_10 a Select Switching gt LAG gt LAG Configuration Chapter 3 LAGS 55 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index Multicast Address Table Ports
516. plays System Switching Routing on SoD by Monitoring ALoinlenonce gt Diffserv Wizard IPv Class Nannie 2 Auto olP gt Basic class Name Advanced _ Class Mame Class Type DriSery PE i Configuration a A a Class rj Donfiguratizn He Class Configueabon 2 Define matching criteria as protocol ICMPv 6 a Select QoS gt DiffServ gt Advanced gt IPv6 Class Configuration Chapter 12 DiffServ 231 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays SOL hy Monitoring Moinlenonce Help gt Diffserv Wizard IPv Class Narne gt Auto olP i Class Nante va i Oi sary Sonfigueaten Class Configue atin te Class Configuration b Click the class classicmpv6 A screen similar to the following displays Switching Routing Tl Security Moen thong Maintenance Halp Diffserv Wizard IPv6 Class Configuration gt Auto Yol IPv6 Class Information gt asic a Diass Hania Clits Typ Caonhgur sien Class IPw DiffServ Class Configuration Configurator o z ae i i Match Every Anp Canys Referecce Clase Policy Protocol Type IMP Configuration j j O feurme Pre Fix Length Service Interface l Taure L4 Port Canhiguraten Service States O Dertnalkn Prefs Largih thes tinartion L4 Port ae Gb 5595 Oo Fira Label 0 to iaag IP DIEE ari Ot 63 c Select the Protocol Type radio button select Other
517. pted on port 1 0 4 a Select Switching gt VLAN gt Advanced gt Port PVID Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index i STP Multicast Address Table Ports Port P ID 1 to Acceptable Frame Ingress bs Interface Priority 0 4093 Types Filtering to o VLAN Membership 1 0 1 Pree All Disable VLAN Status MAC Based VLAN Lo Ove 1 Admit All piseble Port PYID O 1 0 3 1 Admit all Disable Configuration lv Port DYLAN o 1 0 5 Admit All Disable b Scroll down and select the Interface 1 0 4 check box Now 1 0 4 appears in the Interface field at the top c In the Acceptable Frame Types list select Admit All d Click Apply to save the settings Chapter 2 VLANs 23 ProSafe M4100 and M7100 Managed Switches Assign VLAN3 as the Default VLAN for Port 1 0 2 24 This example shows how to assign VLAN 3 as the default VLAN for port 1 0 2 CLI Assign VLAN3 as the Default VLAN for Port 1 0 2 Netgear Switch Netgear Switch Netgear Switch Netgear Switch Netgear Switch config Config interface 1 0 2 Interface 1 0 2 vlan pvid 3 Interface 1 0 2 exit Config exit Web Interface Assign VLAN3 as the Default VLAN for Port 1 0 2 1 Assign VLAN3 as the default VLAN for port 1 0 2 a Select Switching gt VLAN gt Advanced gt Port PVID Configuration A screen similar t
518. r each email address specify whether to deliver urgent log messages non urgent log messages or both There is an exception to the sending of the messages periodically to the SMTP server When the log buffer is completely full before the expiry of the periodic timer sending of the log messages to the SMTP server does not until the expiry of the timer When the log buffer is full a connection is opened immediately with the SMTP server and all the messages that have not previously been emailed are sent to it Chapter 18 Syslog 347 ProSafe M4100 and M7100 Managed Switches CLI Send Log Messages to admin switch com Using Account aaaa netgear com 1 Configure an SMTP server for example smtp netgear com Before you configure the smtp server you need to have an account on SMTP server Switch Config mail server smtp netgear com port 465 Netgear Switch Switch Mail Server security tlsvl username aaaa Netgear Switch Mail Server Mail Server password XXXXXX exit Netgear Switch Mail Server 2 Configure logging mail From addr is the source address of email and to addr is the destination address of email Netgear Switch Config logging email Netgear Switch Config logging email from addr aaaa netgear com Netgear Switch Config logging email message type urgent to addr admin switch com l k Netgear Switch Config logging email m
519. ration IP Configuration 2 Statistics IP Configuration gt Advanced Default Time to Live 64 Routing Mode ICMP Echo Replies Disable Enable ICMP Redirects Disable Enable ICMP Rate Limit Interval 1000 O to 2147483647 ms ICMP Rate Limit Burst Size 100 1 to 200 Maximum Next Hops 4 b For Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 1 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing q Security Monitoring Maintenance Help Index Routing Toble lPi VLAN ARP RIP OSPF OSPFy3 Rouler Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced gt IP Configuration IP Interface Configuration gt Statistics 1 gt IP Interface Configuration ee P EREA Oun AS Or a Cee 2 Secondary IP Description IP Address Subnet Mask Hode Mode 1 0 1 192 168 1 1 255 255 255 b Scroll down and select the Port 1 0 1 check box Now 1 0 1 appears in the Port field at the top c Enter the following information e Inthe IP Address field enter 192 168 1 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Configure 1 0 13 as a routing port and assign an IP address to it Chapter31 DVMRP 531 532 a
520. ration Neighbor Table Link State Database 2 077 Disable 2 078 Disable 270 9 Disable Hil IE 2 0 10 Disable ks im fuj m fm m faf a oho Under Interface Configuration scroll down and select the interface 2 0 11 check box Now 2 0 11 appears in the Interface field at the top e Inthe OSPF Area ID field enter 0 0 0 0 e Inthe Admin Mode field select Enable Click Apply to save the settings 6 Enable OSPF on the port 2 0 19 a Select Routing gt OSPF gt Advanced gt Interface Configuration Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches C A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP i Router Discovery VRRP Interface Configuration Interface Configuration Configuration Go To Interface F Common 4rea Dead Ift it Configuration OSPF Router Retransmit Hello Interval a ETN Stub rea Interface OSPF Area ID Admin Priority 0 to Interval 0 Interval 1 resid a igurati Mod 255 to 3600 to 65535 Configuration one 2 ji OTAS to 3600 NSSA Area Soe 2 0 19 m SNE CC EC CS a Area Range x 2 0 11 0 0 0 0 Disable Configuration 0 0 0 0 Disable Interface Under Interface Configuration scroll down and select the interface 2 0 19 check box Now 2 0 19 appears in the Interface field at the top e Inthe OSPF Area ID field enter 0 0 0 1 e Inthe OS
521. ration Switching Routing l Security IPvS VLAN ARP RIP OSPF Global Configuration Global Configuration Admin Mode Protocol State Table Maximum Entry Count Protocol Table Enty Count Ospa Router Discovery OSPF ProSafe M4100 and M7100 Managed Switches Monitoring Maintenance Help index Router Discovery VRRP Multicast Monitoring pi Maintenance 7 Help ji Index VRRP Disable Enable Non Operational 256 No Protocol Enabled o b For Admin Mode select the Enable radio button c Click Apply 7 Enable PIM DM globally a Select Routing gt Multicast gt PIM gt Global Configuration Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Routing Security Monitoring Maintenance Help Routing Table IF Pai VLAN ARF RIP OSPF OSPF Router Discovery VREP MolHcaosi Pv Multicast gt Mroute Table PIM Global Configuration gt Global Configuration PIM Global Configuration gt Interface PIM Protocol Type f PIM OM PIM SM Configuration Admin Mode C Disable 7 Enable gt DYMRP IGMP v PIM Global Configuration SSM b For PIM Protocol Type select the PIM DM radio button c For Admin Mode select the Enable radio button d Click Apply 8 Enable PIM DM on interfaces 1 0 21 and 1 0 22 a Select Routing gt Multicast gt PIM gt Interface Configuration A screen similar to the following display
522. ration reenen 3 CP Binding Soe i ee Configruation CP Binding Table CP Group Configuration CP User CO oofiurs b Enter the following information e Inthe User ID Field enter 2 e Inthe User Name field enter user1 e Inthe Password field enter 12345678 e Inthe Confirm Password field enter 12345678 e Inthe Group field select 2 c Click Add Remote Authorization RADIUS User Configuration A remote RADIUS server can be used for client authentication In software release 8 0 or newer the RADIUS authentication and accounting servers are configured separate from the captive portal configuration In order to perform authentication and accounting using RADIUS you configure one or more RADIUS servers and then references the servers using their names in the captive portal configuration Each captive portal instance can be assigned one RADIUS authentication server and one RADIUS accounting server If RADIUS is enabled for a captive portal configuration and no RADIUS servers are assigned the captive portal activation status will indicate that the instance is disabled with an appropriate reason code The following table indicates the RADIUS attributes that are used to configure captive portal users The table indicates both RADIUS attributes and vendor specific attributes VSA that 548 Chapter 32 Captive Portal ProSafe M4100 and M7100 Managed Switches are used to configure captive portal VSAs are denoted in
523. re two modes for the private group The mode can be either isolated or community When in isolated mode the member port in the group cannot forward its egress traffic to any other members in the same group the default mode is community in which each member port can forward traffic to other members in the same group but not to members in other groups The following examples shows how to create a private group The following example creates two groups Group 1 is in community mode and Group 2 is in isolated mode i Internet Port 1 0 13 Layer 2 Switch Fa Port 1 0 6 Port 1 0 17 Port 1 0 7 Port 1 0 16 Figure 43 Private VLAN groups in community mode and isolated mode 402 Chapter 24 Double VLANs and Private VLAN Groups ProSafe M4100 and M7100 Managed Switches CLI Create a Private VLAN Group i Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Enter the following commands vlan data Vlan vlan 200 Vlan exit config Config interface 1 0 6 Interface 1 0 6 vlan participation include 200 Interface 1 0 6 vlan pvid 200 Interface 1 0 6 exit Config interface 1 0 7 Interface 1 0 7 vlan participation include 200 Interfa
524. revious stack master becomes available the previous stack master does not resume its role as stack master Stack Members A switch stack has up to 8 stack members connected through their stacking ports A switch stack always has one stack master A standalone switch is a switch stack with one stack member that also operates as the stack master You can connect one standalone switch to another to create a switch stack containing two stack members with one of them being the stack master You can connect standalone switches to an existing switch stack to increase the stack membership The operation of the switch stack continues uninterrupted during membership changes unless you remove the stack master or you add powered on standalone switches or switch stacks Stack Member Numbers A stack member number 1 to 8 identifies each member in the switch stack The member number also determines the interface level configuration that a stack member uses You can display the stack member number by using the show switch user EXEC command A new out of the box switch one that has not joined a switch stack or has not been manually assigned a stack member number ships with a default stack member number of 1 When it Chapter 19 Switch Stacks 351 ProSafe M4100 and M7100 Managed Switches joins a switch stack its default stack member number changes to the lowest available member number in the stack Stack members in the same switch stack cannot
525. ring Monitoring Maintenance Help C kegs P ID 1 to Acceptable Ingress Port Priority Interface 4093 Frame Types Filtering 0 to 7 Disable Disable Disable Disable Disable Scroll down and select 1 0 1 and 1 0 2 check boxes In the PVID 1 to 4093 field enter 10 Click Apply to save the settings Select Switching gt VLAN gt Advanced gt Port PVID Configuraton Maintenance Help Go To Interface GO Li Ca 0 All 170 2 Admit All Admit All 1 0 5 Admit all 1 0 6 Admit All Admit f Scroll down and select the 1 0 3 check box g Inthe PVID 1 to 4093 field enter 20 h Click Apply to save the settings Chapter 5 VLAN Routing P ID 1 to Acceptable Ingress Port Priority Interface C M N Frame Filtering C to 7 Disable Disable Disable Disable Disable Disable Index Index ProSafe M4100 and M7100 Managed Switches Set Up VLAN Routing for the VLANs and the Switch The example is shown as CLI commands and as a Web interface procedure CLI Set Up VLAN Routing for the VLANs and the Switch 1 The following code sequence shows how to enable routing for the VLANs Netgear Switch vlan data Netgear Switch Vlan vlan routing 10 Netgear Switch Vlan vlan routing 20 Vlan exit Netgear Switch This returns the logical interface IDs that will be used instead of the slot port in subsequent routing commands Assume that VLAN 10 is
526. ription VLAN IP Subnet Routing Administrative ID Address Mask Mode Mode 0724 C IF 192 168 4 1 Jf 255 255 255 0 Enable 0 0 0 0 0 0 0 0 Disable Enable b Scroll down tand select the Port 1 0 24 check box Now 1 0 24 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 4 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 5 Enable RIP on interface 1 0 21 Chapter 28 PIM 455 ProSafe M4100 and M7100 Managed Switches a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays Routing QoS Security Monitoring Maintenance Help Index System Switching Routing Table IP IPv VLAN ARP i OSPF i OSPF Router Discovery VRRP Multicast gt Basic _ Interface Configuration Advanced RIP Configuration Interface Configuration Interface Interface 1 0 21 Configuration Send Version RIP 2 eee Receive Version RIP 2 Redistribution RIP Admin Mode Authentication Typ b In the Interface list select t 1 0 21 c For RIP Admin Mode select the Enable radio button d Click Apply 6 Enable RIP on interface 1 0 22 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing QoS Security
527. rity DHCP Snooping gt IP Source Guard Switching Qos Routing Security Access Port Authentication Traffic Control Captive Portal Global Configuration Captive Portal Global Configuration Dynamic ARP Inspection Admin Mode Captive Portal Operational Status CP Global Disabled Reason Configuration CP Configuration CRI Adimas CP Binding Additional HTTP Port Configruation Additional HTTP Secure Port CP Binding Table Authentication Timeout CP Group l Decoded Image Size Configuration Encoded Image Text 2 CF User Supported Captive Portals Configured Captive Portals Configuration CP Trap Flags CP Client Active Captive Portals System Supported Users Local Supported Users Authenticated Users Index Monitoring Maintenance Help Disable Fi Enable Disabled Administrator Disabled 0 0 0 0 lo O Oteessss Go K te BBS aoao 60to 00 p ooo i 1 m 1024 128 Oo b For Admin Mode Select the Enable radio button c Click Apply a Select Security gt Control gt Captive Portal gt CP Configuration Chapter 32 Captive Portal ProSafe M4100 and M7100 Managed Switches C d CP Binding _ A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control i ACL il DHCP Snooping Cap
528. rmation e Inthe IPv6 Mode field select Enable e Inthe Routing Mode field select Enable e Inthe Admin Mode field select Enable d Click Apply to save the settings 4 Assign an IPv6 address to 1 0 21 a Select Routing gt IPv6 gt Advanced gt Prefix Configuration A screen similar to the following displays System Switching Routing Security i Monitoring Maintenance Help Index Routing Table IP VLAN ARF RIP OSPF OSPFv3 Rouler Discovery VRRP Multicast gt Basic IPv6 Prefix Configuration Advanced Global IPv6 Interface Selection Configuration Interface 47 0 21 Interface Configuration __ IPw Interface Configuration Life Time Prefix Valid Lif Pref d Configuration Ka Ipv Prefix Prefix Length B Sa lk Tahi M Statistics Neighbour Table Static Route Configuration Route Table Route Preference Tunnel Configuration 7 M D FESO 222 3FFF FE9E 956D 128 b In the Interface field select 1 0 21 c Enter the following information e Inthe IPv6 Prefix field enter 2001 1 2 e Inthe Prefix Length field enter 64 e Inthe EUI64 field select Disable d Click Add to save the settings Chapter 30 MLD 515 ProSafe M4100 and M7100 Managed Switches 5 Assign an IPv6 address to 1 0 24 a Select Routing gt IPv6 gt Advanced gt Prefix Configuration A screen similar to the following displays System Switching Routing Routing Table IP Sec
529. rst Size i ta 200 b For IPv6 Unicast Routing select the Enable radio button c Click Apply 3 Configure 1 0 1 and 1 0 13 as a IPv6 routing ports a Select Routing gt IPv6 gt Advanced gt Interface Configuration re Help Index Index Chapter 30 MLD 509 510 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays gt Basic Configuration System lee Switching Routing i Security Monitoring Maintenance Help ladak Advanced gt Global Configuration s Interface Configuration gt Prefix Configuration gt Statistics Neighbour Table 2 Statice Route Configuration gt Route Table gt Route Preference Tunnel VLAN ARP RIP OSPF OSPI Router Discovery WREP Mullet IPv6 Interface Configuration IPV6 Interface Configuration Go To Interface Go Duplicate Po Routin Admin Operational Add Lite Ady MS l ress Interface IPFv Mode z r MTU Time Mode Mode Mode Detection Interval Interval Transmits EEN ics Lite fl Disable Disable Enable Disable 4500 1 1800 o Disable Disable Enable Disable 1500 1 1800 Disable Disable Enable Disable i 1800 D i b Scroll down and select the Interface 1 0 1 and 1 0 13 check boxes c Enter the following information In the IPv6 Mode field select Enable In the Routing Mode field select Enable In the Admin Mode field select Enable d Click Apply to save the s
530. rust on page 192 e Set classofservice Trust Mode on page 193 e Show classofservice P Precedence Mapping on page 194 e Configure Cos queue Min bandwidth and Strict Priority Scheduler Mode on page 195 e Set CoS Trust Mode for an Interface on page 196 e Configure Traffic Shaping on page 197 Each port has one or more queues for packet transmission During configuration you can determine the mapping and configuration of these queues Based on the service rate and other criteria you configure queues provide preference to specified packets If a delay is necessary the system holds packets until the scheduler authorizes transmission As queues become full packets are dropped Packet drop precedence indicates the packet s sensitivity to being dropped during queue congestion Select per interface configuration scheme You can configure CoS mapping queue parameters and queue management are configurable per interface Queue management is configurable per interface Some hardware implementations allow queue depth management using tail dropping or weighted random early discard WRED some hardware implementations allow queue depth management using tail dropping The operation of CoS queuing involves queue mapping and queue configuration Chapter 11 CoS Queuing 190 ProSafe M4100 and M7100 Managed Switches CoS Queue Mapping CoS queue mapping uses trusted and untrusted ports Trusted Ports e The system takes at face value
531. rv Configuration 0 ti Class Interface Policy In Direction Rca O Status Configuration Policy oe 1 0 20 pol voip 7 voip EE Configuration 1 0 1 2 Service Configuration Service Statistics O 1 044 E eines b Scroll down and select the Interface 1 0 2 check box Now 1 0 2 appears in the Interface field at the top c In the Policy In list select pol_voip d Click Apply to create a new policy Auto VoIP The Auto VoIP feature makes it easy to set up VoIP for IP phones on a switch This functionality copies VoIP signaling packets to the CPU to get the source and destination IP address and Layer 4 port of the current session Based on these parameters a filter is Chapter 12 DiffServ 225 ProSafe M4100 and M7100 Managed Switches installed to assign the highest priority to VOIP data packets As soon as the call ends the filters are removed Voice traffic Data traffic Figure 24 Auto VolP The example is shown as CLI commands and as a Web interface procedure CLI Configure Auto VolP This script in this section shows how to set up auto VolP system wide 1 Enable auto VolP on all the interfaces in the device Netgear Switch Config auto voip all 226 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches 2 View the auto VoIP information Netgear Switch show auto voip interface all Interface Auto VoIP Mode Traffic Class 1 0 10 L077
532. s 0 0 00 eee 363 Preconiigure a OWIG 22045 s sissa chee aai a dene ee RR a ween dees 364 Renumber Stack Members 0 0 00 cece eee eee eee 365 CLI Renumber Stack Members 0000 eee eee eee 366 Web Interface Renumber Stack Members 005 366 Move the Stack Master to a Different Unit 368 CLI Move the Stack Master to a Different Unit 368 Web Interface Move the Stack Master to a Different Unit 368 10 Contents ProSafe M4100 and M7100 Managed Switches Chapter 20 SNMP Add a New Community 0 0 0 0 ccc ee ees 369 CLI Add a New Community 0 0 0 0 cc cee eee 369 Web Interface Add a New Community 0 00000 ee eee 370 Enable SNMP Wats ce2522 sanr cdndadte ef bse eee a 370 CLI Enable SNMP VWirap 24464 sdenc casas ves dutinu t iaaa aii 370 Web Interface Enable SNMP Trap 00 0c eee eee ees 371 S o EE T E cents oo Ec EE E E E E 371 GLI Configure SNMP Vo 2 lt cceween o ohbecbetaedeeeceeee sira 372 Web Interface Configure SNMP V3 00 0000 eee eee 372 E oc PE ones eae gee Beene kgs pokes een Haase ace een eee eyes 373 CLI Configure Statistical Packet Based Sampling of Packet Flows with sFlow374 Web Interface Configure Statistical Packet based Sampling with sFlow375 Time Based Sampling of Counters with SFlow 05 377 CLI Configure Time Based Sampling of Counters with sFlo
533. s System Switching Routing QoS Security Monitoring Maintenance Help index Routing Table IP IPv VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP tul IPv Multicast Sroa Tabia PIM Interface Configuration gt Global Configuration gt Interface 1 All Go To Interface PIM Interface Configuration Configuration Admin Protocol IP Join Prune BSR D Interf Hello Int I DRP t gt DYMRP AALLS Mode State Address ila ervallsecs Interval secs Border Seda gt Global Disable Non Operational Disable Configuration Disable Non Operational Disable gt SSM Disable Non Operational Disable Configuration Disable Non Operational Disable z aeara Disable Non Operational Disable PIM Neighbor Disable Non Operational Disable gt Candidate RP Disable Non Operational Disable b Scroll down and select the 1 0 21 and 1 0 22 check boxes c In the PIM Interface Configuration in the Admin Mode field select Enable d Click Apply to save the settings PIM DM on Switch D 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration Chapter 28 PIM 453 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching BRST QoS Security Monitoring Maintenance Help Index Routing Table i Pv WLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP Multicast Basic IP Configuration IP Configuration Statistics IP Configuration
534. s A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index DiffServ Configuration Class Configuration Policy Configuration Service Configuration Service Statistics Policy Configuration Policy Configuration Policy Policy Selector Member Class Type internet_access marketing_dej v b Under Policy Configuration scroll down and select the internet_access check box internet_access now appears in the Policy Selector field at the top c In the Member Class list select marketing_dept d Click Apply to add the class marketing_dept to the policy internet_access 8 Add the class test_dept into the policy internet_access a Select QoS gt DiffServ gt Advanced gt Policy Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index gt Diffserv Wizard DiffServ Configuration Class Configuration Policy Configuration Service Configuration Service Statistics Policy Configuration Policy Configuration Polic F Policy Selector Member Class Type Elemere Ull finternet_access access a Re test test_dept vi O intemet_access finance_dept a b Under Policy Configuration scroll down and select the internet_access check box Internet_access now appears in the Policy Selector field at the top c In the Member Class list select test_
535. s 192 168 20 1 255 255 255 0 Interface 2 0 19 ip ospf Interface 2 0 19 ip ospf areaid 0 0 0 1 Interface 2 0 19 exit Config exit show ip route Total Number of Routes Network Subnet Next Hop Address IP Address Chey s Map eats ny Aa a a8 29922095 255 255 255 255 259 2595929 5 255 255 255 253s 259s 200 4 2534255253 OSPF Inter 2 0 11 2 07 11 2707 11 2 0 19 2 07 19 Ary LS 2707 19 192 192 192 192 192 192 168 10 168 10 168 20 168 20 168 20 168 20 OSPF Inter Local Local OSPF NSSA T2 OSPF NSSA T2 OSPF NSSA T2 192 Loe LU eZ Web Interface Configure Area 1 as an nssa Area on Al 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Routing Table VLAN ARP RIP OSPF Router Discovery VRRP Basic IP Configuration IP Configuration Statistics gt Advanced IP Configuration Default Time to Live 30 Routing Mode Disable Enable IP Forwarding Mode Disable Enable Maximum Next Hops 2 b For Routing Mode select the Enable radio button 108 Chapter 7 OSPF Help Index ProSafe M4100 and M7100 Managed Switches C Click Apply to save the settings 2 Assign IP address 192 168 10 1 to port 2 0 11 a d Select Routing gt IP gt Advanced gt IP Interface Configura
536. s allocated 25 percent of the available bandwidth on the port accessing the Internet Internet Port 1 0 5 Outbound Layer 3 Switch Port 1 0 4 Port 1 0 1 Port 1 0 3 Port 1 0 2 VLAN 10 VLAN 20 VLAN 30 VLAN 40 Finance Marketing Test Development Figure 22 Class B subnet with differentiated services The example is shown as CLI commands and as a Web interface procedure Chapter 12 DiffServ 201 ProSafe M4100 and M7100 Managed Switches CLI Configure DiffServ 1 Ensure that the DiffServ operation is enabled for the switch Netgear Switch config Netgear Switch Config diffserv 2 Create a DiffServ class of type all for each of the departments and name them Define the match criteria of source IP address for the new classes Switch Config class map match all finance_dept Switch Config class map match srcip 172 16 10 0 255 255 255 0 Switch Config class map exit Switch Config class map match all marketing_dept Switch Config class map match srcip 172 16 20 0 255 255 255 0 Switch Config class map exit Switch Config class map match all test_dept Switch Config class map match srcip 172 16 30 0 255 255 255 0 Switch Config class map exit Switch Config class map match all development_dept Switch Contig class map match srceip 172 16 40 0 255 255 255 0 Switch Config class map exit 3 Create a DiffServ policy for inbound traffic nam
537. s connected both belong to the same VLAN Each VLAN in a network has an associated VLAN ID which appears in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station might omit the tag or the VLAN portion of the tag in which case the first switch port to receive the packet can either reject it or insert a tag using its default VLAN ID A given port can handle traffic for more than one VLAN but it can support only one default VLAN ID Chapter 2 VLANs 16 ProSafe M4100 and M7100 Managed Switches The Private Edge VLAN feature lets you set protection between ports located on the switch This means that a protected port cannot forward traffic to another protected port on the same switch The feature does not provide protection between ports located on different switches The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs Port 1 0 2 handles traffic for both VLANs while port 1 0 1 is a member of VLAN 2 only and ports 1 0 3 and 1 0 4 are members of VLAN 3 only The script following the diagram shows the commands you would use to configure the switch as shown in the diagram Layer 3 switch Port 1 0 3 VLAN Router Port 1 3 2 192 150 4 1 Port 1 0 2 VLAN Router Port 1 3 1 192 150 3 1 Layer 2 p Switch Ne WNO S N aNd S Figure 1 Switch with 4 ports configured for traffic from 2 VLANs The following examples show how to create VL
538. sable Enable Disable Disable oS 00 00 0 0 00 Disable Enable Disable Cisable Scroll down and select the Port 1 0 4 check box In the IP Address field enter 10 100 1 2 In the Subnet Mask field enter 255 255 255 0 In the Routing Mode field select Enable Click Apply to save the settings 3 Enable RIP on interface 1 0 4 a d Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index Routing Table IP IPv VLAN ARP OSPF OSPFy3 Router Discovery VRRP Multicast IPv Multicast G Interface Configuration Advanced RIP Configuration Interface antes tae 1074 l Configuration Send Version RIP 2 Route Receive Version _RIP 2 Redistribution RIP Admin Mode C Disable Enable Authentication Type None 7 Interface Configuration In the Interface list select 1 0 4 For RIP Admin Mode select the Enable radio button Click Apply to save the settings 4 Create a routing interface and assign 10 200 1 1 24 to it a select Routing gt IP gt Advanced gt IP Interface Configuration Chapter 29 DHCP L2 Relay and L3 Relay 501 920 5 g ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Routing Monitoring Maintenance Help Index Routing Table IPv VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Mu
539. sable Enable Unknown Disable Enable Unknown Disable Enable Unknown Disable Enable Unknown Disable Enable Unknown z r r r r r Under IP Interface Configuration scroll down and select the Port 1 0 16 check box In the IP Address Configuration Method field enter Manual In the IP Address field enter 10 200 2 1 In the Subnet Mask field enter 255 255 255 0 In the Routing Mode field select Enable Click Apply to save the settings 6 Redistribute the connected routes to RIP a Select Routing gt RIP gt Advanced gt Route Redistribution 502 Chapter 29 DHCP L2 Relay and L3 Relay ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System il N Switching p Rouling i T Security T Monitoring Maintenance Help Index Routing Table IP IPw VLAN ARP OSPF QPF Router Discovery WRRP Multicast DP yh Multicast Basic Route Redistribution PAVAN AEEA Configuration RIP Configuration Interface Sowia Connected Configuration Redistibute Mode Enable gt Route Metric 0 Redistribution Distabute List id b In the Source field select Connected c In the Redistribute Mode field select Enable d Click Apply to save the settings 7 Enable DHCP L3 relay a Select System gt Services gt DHCP Relay A screen similar to the following displays system Switching _ Routing 5 Security Monitoring i Maintenance Help Monogement Device View i Stock
540. save the settings 4 Enable RIP on interface 1 0 10 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switching Routing Routing Table IP IPv VLAN ARP Maintenance Index QoS OSPF Security Monitoring Help OSPFv3 VRRP Multicast Router Discovery gt Basic Interface Configuration Advanced RIP Configuration Interface Interface Configuration Interface 1 0 10 Configuration Route Redistribution Send Version Receive Version RIP Admin Mode Authentication b In the Interface list select 1 0 10 RIP 2 z RIP 2 C Disable f Enable c For RIP Admin Mode select the Enable radio button d Click Apply 5 Enable RIP on interface 1 0 11 a Select Routing gt RIP gt Advanced gt Interface Configuration Chapter 28 PIM 447 448 6 f A screen similar to the following displays System Switching Routing Routing Table IP IPv6 VLAN ARP QoS Security OSPF OSPFv3 gt Basic Interface Configuration Advanced RIP Configuration Interface Configuration Route Redistribution Interface Configuration Interface Send Version Receive Version RIP Admin Mode Authentication Type b In the Interface list select 1 0 11 Router Discovery ProSafe M4100 and M7100 Managed Switches Index Monitoring Maintenance Help VRRP Multicast 1 0 11
541. screen similar to the following displays System Management SNMP 1 2 Community Configuration Trap Configuration Trap Flags Switching Device View Routing QoS Security Monitoring Maintenance Help Stacking Services Trap Configuration Trap Configuration Index OL pub SNMPy1 Supported MIBS gt SNMP 3 In the Community Name field enter public In the Version list select SNMPv1 In the Address field enter 10 100 5 17 In the Status field select Enable f Click the Add button 2 Set the Link Up Down flag a Select System gt SNMP gt SNMP V1 V2 gt Trap Flags A screen similar to the following displays e205 System Switching Routing Security Monitoring Maintenance Help Index Management Device View Services Stacking SNMP 1 2 Trap Flags Community Configuration Trap Configuration Trap Flags Supported MIBS gt SNMP 3 Trap Flags Disable Enable Disable Enable Disable Enable Disable Enable Authentication Link Up Down Multiple Users Spanning Tree OSPF Traps Disable Enable b For Link Up Down select the Enable radio button c Click Apply SNMP V3 The example is shown as CLI commands and as a Web interface procedure Chapter 20 SNMP 371 372 ProSafe M4100 and M7100 Managed Switches CLI Configure SNMP V3 Netgear Switch config Netgear Switch Config us
542. settings Set CoS Trust Mode for an Interface The example is shown as CLI commands and as a Web interface procedure 196 Chapter 11 CoS Queuing ProSafe M4100 and M7100 Managed Switches CLI Set CoS Trust Mode for an Interface Netgear Switch Interface 1 0 3 classofservice trust dotlp Sets the Class of Service Trust Mode of an Interface to 802 1p ip dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP Netgear Switch Interface 1 0 3 classofservice trust dotlp lt cr gt Press Enter to execute the command Netgear Switch Interface 1 0 3 classofservice trust dotlp Note The traffic class value range is 0 6 instead of 0 7 because queue 7 is reserved in a stacking build for stack control and therefore you cannot configure it Web Interface Set CoS Trust Mode for an Interface 1 Select QoS gt CoS gt Advanced gt CoS Configuration A screen similar to the following displays m System Switching Routing Security Monitoring Maintenance Help Index i DiffServ Basic CoS Configuration Advanced CoS CoS Configuration Configuration Global Trust ies ai sip Precedence Interface adeno Queue Mapping IP DSCP Queue Mapping CoS Interface Configuartion Interface Queue Configuration Under CoS Configuration select the Interface radio button In the Interface list select 1 0 3 In the Interface Trust Mode list select trust dot1p Click Apply to s
543. signated Root ID Id Topology Change Count er ens FEE 10 01 00 14 6c 53 10 02 00 14 6c 53 62 8e Oday 2 hr 45 min 35 sec 0 10 02 00 14 6c 53 Fia Dan evri aa Yawn B a T DELETE CANCEL j ProSafe M4100 and M7100 Managed Switches e Inthe Priority field enter 4096 e Inthe VLAN Id field enter 2 e Click Add e Inthe VLAN Id field enter 3 e Click Apply c Configure MST ID 2 e Inthe MST ID field enter 2 e Inthe Priority field enter 4096 e Inthe VLAN Id field enter 11 e Click Add e Inthe VLAN Id field enter 12 e Click Apply 3 Configure the MST port a Select Switching gt STP gt MST Port Status A screen similar to the following displays sytem Fe Routing Security Monitoring Maintenance Help Index i Multicast Address Table Ports sw an L Port Auto 3 T Calculated TAa Port STP Configuration Port Port Path Since r 5 Interface Port Forwarding Port Role CST Configuration Priority Cost Path Last State CST Port Cost Clear Configuration Counters 128 TES OMAL ESE MST Configuration 1 MST Port Status 0 HN STP Statistics C 10 2 Enable 32769 OdayOhr3mini3sec Enabled Forwarding Designated 10 01 o Enable 32770 0O day 0 hr 3 min 14 sec Enabled Disabled Disabled 80 01 1 0 4 Enable 32772 0 day 0 hr 3 min 14 sec Enabled Disabled Disabled 80 01 1 0 5 Enable 32773 OdayOhr3miniSsec Enabled Disabled Disabled 80 01 1 0 6 Enable 32774 0 day 0 hr 3 min 15 sec Ena
544. sks for the port that will participate in the protocol Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 routing Interface 1 0 2 ip address 192 150 2 1 255 255 0 0 Interface 1 0 2 exit Netgear Switch yy 4 y 4 Netgear Switch 3 Enable VRRP for the switch Netgear Switch Config ip vrrp 4 Assign virtual router IDs to port that will participate in the protocol Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 ip vrrp 20 5 Specify the IP address that the virtual router function will recognize Note that the virtual IP address on port 1 0 2 is the same as the port s actual IP address therefore this router will always be the VRRP master when it is active The default priority is 255 Netgear Switch Interface 1 0 2 ip vrrp 20 ip 192 150 2 1 6 Enable VRRP on the port Netgear Switch Interface 1 0 2 ip vrrp 20 mode Netgear Switch Interface 1 0 2 exit Netgear Switch Config exit 130 Chapter9 VRRP ProSafe M4100 and M7100 Managed Switches Web Interface Configure VRRP on a Master Router 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP IP Configuration Configuration IP C
545. ss M Class of Service EE VLAN ee 1 4093 Ethernet Type 060 FFF Source MAC Mask Destination MAC Destination MAC Mask a Protocol Type Blo sd eo 255 Source IP Address 172 16 400 Source Mask Source L4 Port Elo ca 65535 patination Tit Aride e Under Diffserv Class Configuration enter the following information e Inthe Source IP Address field enter 172 16 40 0 e Inthe Source Mask field enter 255 255 255 0 f Click Apply 6 Create a policy named internet_access and add the class finance_dept to it a Select QoS gt DiffServ gt Advanced gt Policy Configuration A screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index gt Diffserv Wizard DiffServ Configuration Class Configuration Policy Configuration Service Configuration Service Statistics Policy Configuration Policy Configuration Policy Policy Selector Member Class a EM ereas Llll internet_access sis access finance Prance dent zl Prance dent zl b Enter the following information e Inthe Policy Selector field enter internet_access e Inthe Member Class list select the finance_dept c Click Add to create a new policy internet_access 7 Add the class marketing_dept into the policy internet_access a Select QoS gt DiffServ gt Advanced gt Policy Configuration 208 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switche
546. ssigned iSCSI ports 3260 860 it is recommended that you specify the target IP address Then the switch will only snoop frames where the TCP destination port is one of the configured TCP ports and the destination IP is the target IP address This will improve the performance of the switch by preventing the CPU from processing non iSCSI flows The example is shown as CLI commands and as Web interface procedure CLI Set iSCSI Target Port Use the following commands to set iSCSI target port to 49154 at IP address 172 16 1 20 Netgear Switch config Netgear Switch Config iscsi target port 49154 address 172 16 1 20 Netgear Switch Config exit Web Interface Set iSCSI Target Port 1 Set iSCI Target Port a a Select Switching gt iSCSI gt Advanced gt iSCSI Targets A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN Auto VolP iSCSI STP Multicast MYR Address Table Ports LAG gt Basic iSCSI Targets Advanced iSCSI Targets Configuration gt Global Configuration TCP Port IP Address Target Name iSCSI Targets 0 0 223 gt Sessions E 172 16 1 20 Sessions Detailed F 860 0 0 0 0 3260 0 0 0 0 b Enter the following information e Inthe TCP Port enter 49154 e Inthe IP Address enter 172 16 1 20 c Click Add 554 Chapter 33 iSCSI ProSafe M4100 and M7100 Managed Switches Show iSCSI Sessions The example is sho
547. st routing on the switch Chapter 26 Tunnel 419 420 ProSafe M4100 and M7100 Managed Switches a Select Routing gt IPv6 gt Basic gt Global Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Routing Table IP Pv VLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP Multicast Basic IPv6 Global Configuration Global Configuration IPv6 Global Configuration Route Table IPv6 Unicast Routing Disable Enable p Advanced IPv6 Forwarding Disable Enable Hop Limit C 0 to 255 ICMPv6 Rate Limit Error Interval 1000 0 to 2147483647 msecs ICMPv6 Rate Limit Burst Size 100 i te 200 b For IPv6 Unicast Routing select the Enable radio button c For IPv6 Forwarding select the Enable radio button d Click Apply 3 Create a routing interface and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IPw VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced IP Configuration IP Interface Configuration Statistics l s IP Interface Configuration eee Pe areas r PO UCINE mIn stative Secondary IP Port Description IP Address Subnet Mask i 1 Mode Mod
548. stateful IPv6 address assignment Chapter 23 DHCPv6 Server ProSafe M4100 and M7100 Managed Switches CLI Configure DHCPv6 1 Enable IPv6 routing Netgear Switch configure NETGEAR SWITCH Config ip routing NETGEAR SWITCH Config ipv6 unicast routing 2 Create a DHCPv6 pool and enable DHCP service NETGEAR SWITCH Config service dhcpv6 NETGEAR SWITCH Config ipv6 dhcp pool pooll NETGEAR SWITCH Config dhcp6 pool domain name netgear com NETGEAR SWITCH Config dhcp6s pool prefix delegation 2001 1 64 00 01 00 01 15 40 14 4 00 00 00 4d aa d0 NETGEAR SWITCH Config dhcp6s pool exit 3 Enable DHCPv6 service on port 1 0 9 NETGEAR SWITCH Config interface 1 0 9 NETGEAR SWITCH Interface 1 0 9 routing NETGEAR SWITCH Interface 1 0 9 ipv6 address 2001 1 1 64 NETGEAR SWITCH Interface 1 0 9 ipv6 enable NETGEAR SWITCH Interface 1 0 9 ipv6 dhcp server pooll preference 20 NETGEAR SWITCH Interface 1 0 9 exit 4 Show DHCPv6 binding NETGEAR SWITCH show ipv6 dhcp binding Client Address PESO 200 FF FE4D AADO Client Interface Client DUID 00 01 00 01 15 40 14 4 00 00 00 4d aa d0 Identity Association ID Binding Prefix Address Length Binding Prefix Type Binding Expiration secs Binding Prefix Valid Lifetime secs infinite Binding Prefix Preferred Lifetime secs infinit Chapter 23 DHCPv6 Server 389 ProSafe M4100 and M7100 Managed Switches
549. stics Domain Name From the Pool Name drop down list select Create In the Pool Name field enter ipv6_ server In the DNS Server Addresses fields enter 20011 9 18 1 the DNS server IPv6 address Click Apply 6 Enable DHCPv6 pool on the interface 2 0 21 a Select System gt Services gt DHCPv6 Server gt DHCPv6 Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Device View License Stacking SNMP LLDP ISDP DHCP Server DHCP v6 Interface Configuration DHCP Relay DHCP L2 Relay UDP Relay i EO Go To Interface DHCPv6 Server DHCPv6 Server Configuration DHCP v6 Pool Configuration DHCPyY6 Prefix Delegation Configuration DHCP v6 Interface Configuration DHCPv6 Bindings Information DHCPv6 Server Statistics DHCP v6 Relay DHCPv6 Interface Configuration Interface Admin mode Pool Name Rapid Commit Preference Disable Disable Disable Disable Disable Disable Disable Disable Disable al z a z z 7 7 D p r Scroll down and select the interface 2 0 21 check box Now 2 0 21 appears in the Interface field at the top Enter the following information e Inthe Admin mode field select Enable e Inthe Pool Name field enter ipv6_ server Click Apply Chapter 23 DHCPv6 Server 397 Double VLANs and Private VLAN Groups This chapter includes the f
550. t CLI Redirect a Traffic Stream The script in this section shows how to redirect an HTTP traffic stream received in an interface to the specified interface This example redirects the HTTP traffic stream received in port 1 0 1 to port 1 0 19 178 Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches 1 Create an IP access control list with the name redirectHTTP Netgear Switch Config ip access list redirectHTTP 2 Define a rule to match the HTTP stream and define a rule to permit all others Netgear Switch Config ipv4 acl permit tcp any any eq http redirect 1 0 19 Netgear Switch Config ipv4 acl permit every 3 Bind the ACL with interface 1 0 1 Netgear Switch Interface 1 0 1 ip access group redirectHTTP in 1 4 View the configuration Netgear Switch show ip access lists Current number of ACLs 1 Maximum number of ACLs 100 ACL ID Name redirectHTTP inbound 1 071 Netgear Switch show ip access lists redirectHTTP ACL Name redirectHTTP Inbound Interface s 1 0 1 Rule Number Action Match All Protocol Destination L4 Port Keyword 80 www http Redirect Interface 1 0 19 Rule Number Action Match All Web Interface Redirect a Traffic Stream This example redirects the HTTP traffic stream received in port 1 0 1 to port 1 0 19 1 Create an IP access control list with the name redirectHT TP a Select Security gt ACL gt Advanced gt IP ACL Chapter10 ACLs
551. t q lt 2 o N LO 3 g X 5 5 5 2 Subnet 192 168 6 0 24 2 Switch D Switch C Port 1 0 22 Port Port 1 0 22 Subnet 192 168 4 0 24 Host IP 192 168 4 2 Figure 45 Configuring and Using PIM DM PIM DM uses the existing unicast routing table and join prune and graft mechanism to build a tree PIM DM creates source based shortest path distribution trees making use of reverse path forwarding RPF PIM DM cannot be used to build a shared distribution tree as PIM SM can PIM DM assumes that when a sender starts sending data all downstream routers and hosts want to receive a multicast datagram PIM DM initially floods multicast traffic throughout the network Routers that do not have any downstream neighbors prune back the unwanted traffic Apart from the prune messages PIM DM makes use of two more messages graft and assert Graft messages are used whenever a new host wants to join the group Assert messages are used to shut off duplicate flows onto the same multi access network To minimize the repeated flooding of datagrams and subsequent pruning associated with a particular S G pair PIM DM uses a state refresh message This message is sent by the routers directly connected to the source and is propagated throughout the network When 436 Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches received by a router on its RPF interface the state refresh message causes an existing prune state to be r
552. t IP Bindin B Port Selection Table Configuration Binding Table Port 1 2 3 4 5 amp 7 amp 9 GO ii 12 iJ 14 15 16 i7 18 19 20 21 22 23 24 25 26 77 78 79 30 31 32 33 34 35 36 37 38 39 40 41 42 43 dd 45 46 47 48 Interface Binding Status Interface Direction ACL Type Sequence Number b Under Binding Configuration specify the following e Inthe ACL ID list select 101 e Inthe Sequence Number field enter 1 Chapter10 ACLs 153 C d e ProSafe M4100 and M7100 Managed Switches Click Unit 1 The ports display Click the gray box under port 44 A check mark displays in the box Click Apply to save the settings 12 Apply ACL 102 to port 44 a e Select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays Security Monitoring Maintenance Help Index Switching Routing Syste m Monogement Security Access Port Authentication Traffic Control Basic IP Binding Configuration Advanced IP ACL Binding Configuration i gt IP Rules ACLID jio Direction gt IP Extended Rules gt ite 4294907295 pee Port Selection Table Configuration 2 Bonding Table i Pot i 2 3 4 5 7 9 J0 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 FG 39 40 41 42 43 44 45 46 47 48 i Interface Binding Status of 44 nbound IP ASL i i 1 Under Binding Configuration make the
553. t Prefix Configuration A screen similar to the following displays System i Switching Routing Security Monitoring Maintenance Help Index VLAN ARP RIP OSPF OSPFw3 Router Discovery WREP Multicast Pwd Multicast gt Basic _ IPv6 Prefix Configuration Advanced Global __IP 6 Interface Selection Configuration Interface Interface Configuration IPv6 Interface Configuration Statistics Life Time Neighbour Table Static Route Configuration Route Table Route Preference Tunnel Configuration gt Prefix E Yalid Lif Prefe d Configuration E Ipv6 Prefix Prefix Length alid Life referre 2000 1 FES0 222 3FFF FE9E 955D 128 In the Interface field select 0 4 2 In the IPv6 Prefix field enter 2000 1 In the Length field enter 64 In the EUI64 field select Disable Click Add Chapter 27 IPv6 Interface Configuration 431 ProSafe M4100 and M7100 Managed Switches Configure DHCPv6 Mode on the Routing Interface The routing interface supports DHCPv6 mode which can get the IPv6 address from a DHCPVv6 server address allocation Note Before you enable DHCPv6 mode you have to disable IPv6 unitcast mode globally CLI Configure DHCPv6 mode on routing interface 1 Enable IPv6 unicast globally Netgear Switch Config ipv6 unicast routing 2 Enable DHCPV6 on the interface 1 0 23 Netgear Config interface 1 0 23 Netgear Interface 1 0 23 routing N
554. t 5 Figure 7 Layer 3 switch configured for port routing Chapter 4 Port Routing 61 ProSafe M4100 and M7100 Managed Switches Enable Routing for the Switch The example is shown as CLI commands and as a Web interface procedure CLI Enable Routing for the Switch The following script shows the commands that you would use to configure a M4100 and M7100 Managed Switch to provide the port routing support shown in Figure 7 Layer 3 switch configured for port routing on page 61 Use the following command to enable routing for the switch Execution of the command enables IP forwarding by default Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit Web Interface Enable Routing for the Switch 1 Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing z j Security l Monitoring Maintenance Help Index Routing Table i ARP RIP OSPF Router Discovery VRRP Basic IP Configuration IP Configuration Statistics IP Configuration gt Advanced Default Time to Live 30 Routing Mode C Disable Enable IP Forwarding Mode Disable Enable Maximum Next Hops 2 2 For Routing Mode select the Enable radio button 3 Click Apply to save the settings Enable Routing for Ports on the Switch Use the following commands or the web interface to enable routing for ports on the switch The defau
555. t Pref Prehiclength 200 1 08 COA AC is 4 Soerce La Port Cther Destination Prefix Preeficlength 2001 DEG TIAR ACTS 64 Destas tioa LA Port ihar Fip Lc biel J io 1046373 1 O50 Sence j Click Apply 3 Add Rule 2 In the Rule ID field enter 2 For Action select the Permit radio button In the Protocol Type list select TCP In the Source Prefix field enter 2001 DB8 COAB AC11 In the Source Prefix Length field enter 64 In the Destination Prefix field enter 2001 DB8 COAB AC13 In the Destination Prefix Length field enter 64 In the Destination L4 Port list select telnet seo a0 5 f Chapter10 ACLs 187 A screen similar to the following displays F Extended Aules Pri AZL gt PVE Rules PF Bendis Conhigurateen Bending Table Vlan Binding Table Click Apply 4 Add Rule 3 In the Rule ID field enter 3 a 920 5 g For Action select the Permit radio button Routing th i Manitoring Fort Authentication Troti Cornma Contr IPv6 ACL Rule Configuration ACL Harme ipeh acl Rube iD F Bikan Permit Deny Logging Diable Mirror Interface Redirect Interface Match Every D Csble Prrboel Ty pe Tce Source Pralin PreflinLesgih 2008 OES CABAC Source L Pert Gther Destination Prefiz Prefixlength J001 088 CO4B eClIa Gewtination L Port telnet Fise Label IP O2CP Service r In the Protocol Type list select TCP In the Source Prefix field enter 2001
556. t port 1 0 2 belongs to both VLANs and that port 1 0 1 can never belong to VLAN 3 CLI Assign Ports to VLAN3 Config interface range 1 0 2 1 0 4 conf if range 1 0 2 1 0 4 vlan participation include 3 conf if range 1 0 2 1 0 4 exit Interface 1 0 4 vlan acceptframe all Interface 1 0 4 exit Config interface 1 0 4 Config exit 22 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches Web Interface Assign Ports to VLAN3 1 Assign ports to VLANS a Select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index STP Multicast Address Table Ports LAG gt Basic VLAN Membership Advanced gt VLAN LAN Configuration VLAN ID Group Operation Untag All All VLAN Membership JPPM VLAN3 _UNTAGGED PORT MEMBERS VLAN Status Stat TAGGED PORT MEMBERS LAN T Static MAC Based VLAN Lio _ i Port PVID TURENE EAEEREN Configuration Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 i i 3 H i i Port DYLAN l 25 26 27 28 Configuration In the VLAN ID list select 3 Click Unit 1 The ports display d Click the gray boxes under ports 2 3 and 4 until T displays 9 The T specifies that the egress packet is tagged for the ports e Click Apply to save the settings 2 Specify that untagged frames will be acce
557. t z E a rA eta Ethernet Type Appletalk I 600 to f hex Configuration _ Source MAC Address Mask Service Statistics Destination MAC Address Mask Policy Under Diffserv Class Configuration in the VLAN field enter 5 Click Apply 4 Create a class class_color a Select QoS gt DiffServ gt Advanced gt Class Configuration Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System jas tching Routing Security Monitoring Maintenance Help Index gt Diffserv Wizard Class Name Auto oIP y a ie Class Name Class Type DiffServ Wesco CE Configuration Ju class vlan All bas E ant Configuration IPv Class Configuration Policy Class Name Configuration Service Interface Configuration Service Statistics b Enter the following information e Inthe Class Name field enter class_color e Inthe Class Type list select All c Click Add to create a new class class_ color System Switching Routing Security Monitoring Maintenance I Help Index gt Diffserv Wizard Class Name Class Name SS Class Name Class Type See OOOO _ Configuration C class vlan Class T Pees oeine Configuration diii IPy6 Class Configuration Chapter 12 DiffServ 241 ProSafe M4100 and M7100 Managed Switches d Click class_color to configure this class A screen similar to the following displays
558. take when traveling to their destination through the network on a hop by hop basis Once you click the Apply button the switch will send three traceroute packets each hop and the results will be displayed in the result table In the IP Address field enter 216 109 118 74 Click Apply Configuration Scripting This section provides the following examples script on page 327 script list and script delete on page 327 script apply running config scr on page 328 Create a Configuration Script on page 328 Upload a Configuration Script on page 328 Configuration scripting Allows you to generate text formatted files Provides scripts that can be uploaded and downloaded to the system Provides flexibility to create command configuration scripts Can be applied to several switches Can save up to 10 scripts or 500 K of memory Provides script format of one CLI command per line Here are some considerations The total number of scripts stored is limited by the NVRAM FLASH size 326 Chapter 17 Tools ProSafe M4100 and M7100 Managed Switches e Application of scripts is partial if a script fails For example if the script executes 5 of 10 commands and the script fails the script stops at 5 e Scripts cannot be modified or deleted while being applied e Validation of scripts checks for syntax errors only It does not validate that the script will run successfully script Netgear Switch script apply Applies configur
559. tatistics b In the Policy Name field enter policy_vlan c In the Policy Type list select In d Click Add 6 Associate policy _vian with class_vian a Select QoS gt DiffServ gt Advanced gt Policy Configuration 242 Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System gt Diffsery Wizard gt Auto oIP gt Basic Advanced DiffServ Configuration Class Configuration IPv6 Class Configuration Policy Configuration Service Interface Configuration Service Statistics b Under Policy Configuration scroll down and select the policy_vlan check box Switching Routing Security Monitoring Policy Configuration Policy Configuration Policy Hame Policy Type policy_ vlan c In the Member Class field enter class_vlan d Click Apply 7 Configure policy_vian a Select QoS gt DiffServ gt Advanced gt Policy Configuration Click policy_vlan A screen similar to the following displays System DiffServ Configuration Class Configuration IP 6 Class Configuration Policy Configuration Service Interface Configuration Service Statistics moanos Switching Routing QoS Security Monitoring Policy Class Configuration Class Information Policy Name Policy Type Hember Class Name Policy Attribute Policy Atribute Assign Queue C Drop Mark IP COS C Mark IP Pre
560. tatistics Server m s p Malforme Configuration Server 5 Access Access Access Access Access PE Pending gt Login Address z Requests Retransmissions Accepts Rejects Challenges Authenticators Requests Responses 284 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches 920 5 g In the Server Address field enter 10 100 5 17 In the Secret Configured field select Yes In the Secret field enter 123456 In the Primary Server field select Yes In the Message Authenticator field select Enable Click Add 8 Enable accounting a b C d Select Security gt Management Security gt RADIUS gt Radius Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index i Access Port Authentication Traffic Control ACL Radius Configuration gt User Configuration RADIUS Radius Configuration Server Configuration Accounting Server Radius Configuration Current Server Address i 10 5 1 A Number of Configured Servers Max Number of Retransmits la 1ito 15 5 1 to 30 Timeout Duration secs Accounting Mode Configuration RADIUS Attribute 4 Disable Enable gt TACACS Login In the Server Address field enter 10 100 5 17 In the Accounting Mode field select Enable Click Apply 9 Configure the accounting server a 9 Select Se
561. te VLAN Promiscuous Port Use the following commands to map private VLAN promiscuous port 1 0 1 to a primary VLAN 100 and to secondary VLANs 101 102 Netgear Switch config Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 switchport private vian mapping 100 101 102 Netgear Switch Interface 1 0 1 end Web Interface Map Private VLAN Promiscuous Port 1 1 Map private VLAN promiscuous port 1 0 1 to a primary VLAN 100 and to selected secondary VLANs 101 102 a Select Security gt Traffic Control gt Private VLAN gt Private VLAN Promiscuous Interface Configuration A screen similar to the following displays Sy them awilching Rouhing Gas Socur Lis Manitaring Ma nhnance Help i dex Mancgarmeien Sastre ity Are ai Part Aafia hes Tico on bre ALI L MAC Filter Private VLAN Promiscuous Interface Configuration gt Port Security Private Group ate VLAN Promiscuous Interface Configuration Proatected Port i LAGS All Go To Interface mai Wa Private Vian Type Pr mi ics Prima m VLAR Promega Secondary VLANI 2 bo 4095 Rangel 2 4093 i Private vlan es Intentace 100 200 100 104 100 102 100 102 Configuration Prove Vien Port Mode Configuration Prae Vian Host nter ace Canhgisraban Piveie Wier i ai m aaa Ea ao oo oa if E P E P 52 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches b Under Private VLAN Promiscuous Interface Confi
562. te entry in the routing table can either be created dynamically through routing protocols like RIP and OSPF or be manually created by the network administrator The route created manually is called the static or default route A default route is used for forwarding the packet when the switch cannot find a match in the routing table for an IP packet The following example shows how to create a default route CLI Add a Default Route FSM7338S Config ip route default lt nexthopip gt Enter the IP Address of the next router FSM7328S Config ip route default 10 10 10 2 Note IP subnet 10 10 10 0 should be configured using either port routing Enable Routing for Ports on the Switch on page 62 or VLAN routing see Set Uo VLAN Routing for the VLANs and the Switch on page 73 Web Interface Add a Default Route 1 Select Routing gt Routing Table gt Basic gt Route Configuration Chapter 4 Port Routing 65 ProSafe M4100 and M7100 Managed Switches The Route Configuration screen displays System Switching Routing QoS Security Monitoring Maintenance Help Index able IP VLAN ARP RIP OSPF Router Discovery VRRP Route Configuration Configure Routes Next Hop IP Route Type Network Address Preference Address C C Ad 2 Inthe Route Type list select DefaultRoute 3 Inthe Next Hop IP Address field enter one of the routing interface s IP addresses e The Network Address and Subnet Mask fi
563. ted networks sFlow Select System gt Management gt User Configuration A screen similar to the following displays gt SNMP 1 2 v SNMP 3 User Configuration Security Monitoring SNMP V3 User Configuration User User Name admin 7 User Configuration SNMP v3 Access Mode Read Write Authentication Protocol C None MDS SHA Encryption Protocol None DES Encryption Key se ok a ok In the User Name field select the admin For Authentication Protocol select the MD5 radio button For Encryption Protocol select the DES radio button In the Encryption Key field enter 12345678 Click Apply to save the settings Maintenance technology is built into network equipment and gives complete visibility into network activity enabling effective management and control of network resources The sFlow monitoring system consists of an sFlow agent embedded in a switch or router or in a standalone probe and a central sFlow collector The sFlow agent uses sampling technology to capture traffic statistics from the device it is monitoring The sFlow datagrams are used to immediately forward the sampled traffic statistics to an sFlow collector for analysis Chapter 20 SNMP 373 ProSafe M4100 and M7100 Managed Switches The sFlow agent uses two forms of sampling statistical packet based sampling of switched or routed packet flows and time based sampling of counters
564. tended Rules haxinun ACL IP Binding Configuration Binding Table IP ACL Table IP ACL ID 103 b In the IP ACL ID field enter 101 c Click Add to create ACL 101 2 Create a new rule associated with ACL 101 a Select Security gt ACL gt IP ACL gt IP Extended Rules Chapter 10 ACLs 139 ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control IP Extended Rules IP Extended Rules ACLID IP Extended Rules IP Binding Configuration Extended ACL Rule Table Binding Table S Source Source Source Assign Match Protocol TCP Destination Destination ACRON Queue Every Keyword Fla eu oe ee IP Address IP Mask aaah i i I Address Mask Port b For ACL ID select 101 c Click Add to create a new rule 3 Create a new ACL rule and add it to ACL 101 a After you click the Add button in step 2 A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control Extended ACL Rule Configuration 100 199 ACLID 101 IP Rules Rule ID 1 to 23 IP Extended Rules Action Permit Egress Queue 0 to 6 IP Binding Configuration geal Binding Table
565. ter Discovery VRRP Qos security Monitoring Maintenance Help VLAN Routing VLAN Routing Wizard Wizard VLAN Routing Wizard gt VLAN Routing IP Address 10 100 5 34 Bo Network Mask 255 255 255 0 a Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 d 47 49 50 51 52 b Enter the following information in the VLAN Routing Wizard e Inthe Vian ID field enter 38 e Inthe IP Address field enter 10 100 5 34 162 Chapter10 ACLs ProSafe M4100 and M7100 Managed Switches e e Inthe Network Mask field enter 255 255 255 0 Click Unit 1 The ports display Click the gray box under port 38 twice until U displays The U specifies that the egress packet is untagged for the port Click Apply to save VLAN 38 4 Enable IP routing a b C Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing i l Security Monitoring Maintenance Routing Table VLAN ARP RIP OSPF Rouler Discovery YWREP b Basic IP Configuration IF Configuration Statistics IP Configuration gt Advanced Default Time to Live 30 Routing Mode O Disable Enable IP Forwarding Mode O Disable Enable Mastnmniunm Next Hops 2 Under IP Configuration make the following selections e For Routing Mode select the Enable radi
566. ter and Stack Members 0 00 0c eee 350 Stack MASICl s dace s deed endend doh ea woe Oe oaks doe wees 350 Stack Members nannan anaana weep OES OR ee eee ae 351 Stack Member Numbers 0 0000 ee eee a 351 Stack Member Priority Values 0 0 0 00 eee 352 Install and Power up a Stack 0 0 ce ene J92 Compatible Switch Models n anaana anaana aaa ee eee 352 Install a Switch Stack nuanua anana aaa J53 SWiteh PMO G nin Git 8 ea he ak a A EA eA relate Code Mismatch nananana 0th bee PRS STL HES DOM EEE OR EES 354 Upgrade the Firmware lt 4 610604 ieadsud oeeee es eaneseeeneds 354 Migrate Configuration with a Firmware Upgrade 354 Copy Master Firmware to a Stack Member Web Interface 355 Configure a Stacking Port as an Ethernet Port 355 CLI Configure a Stacking Port as an Ethernet Port 356 Web Interface Configure a Stacking Port as an Ethernet Port 357 Stack Switches Using 10G Fiber 0 0 0 cc ees 359 CLI Stack Switches Using 10G Fiber 0 00 cee 359 Web Interface Stack Switches Using 10G Fiber 360 Add Remove or Replace a Stack Member 2005 361 Add Switches to an Operating Stack 0 0000 c eee eee 361 Remove a Switch from the Stack 0 0 00 cee eee eee 362 Replace a Stack Member 00 0c cee eee eee ees 363 Switch Stack Configuration File
567. terface Configuration gt Switch Statistics Global Configuration gt System Resource Admin Mode C Disable Enable gt Slot Information gt Loopback Interface Network Interface IPva Network Configuration IPY6 Network Configuration IPve Network Neighbor IPv6 Address Auto Configuration Mode Disable Enable Current Network Configuration Protocol te None Cc DHCPY 6 IPV Gateway 2001 1 2 IPv6 Network Interface Configuration IPv Prefix Prefix Length FESO 21E 24FF FED9 2499 64 2001 1 1 64 b In the IPv6 Gateway field enter 2001 1 2 c Click Apply Create an IPv6 Routing VLAN The example is shown as CLI commands and as a Web interface procedure CLI Create an IPv6 Routing VLAN 1 Create a routing VLAN with VLAN ID 500 Netgear Switch Netgear Netgear Switch Switch 2 Add interface Netgear Netgear Netgear Netgear Netgear Vlan vlan 500 Vlan vlan routing 500 Vlan exit 1 0 1 to VLAN 500 config Config interface 1 0 1 Interface 1 0 1 vlan participation include 500 Interface 1 0 1 vlan participation pvid 500 Interface 1 0 1 exit Chapter 27 IPv6 Interface Configuration 427 ProSafe M4100 and M7100 Managed Switches 3 Assign IPv6 address 2000 1 64 to VLAN 500 and enable IPv6 routing Switch Config interface vlan 0 4 1 Switch Interface 0 4 1 routing Switch Interface 0 4 1 ipv
568. the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 5 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 3 Configure 1 0 22 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration Chapter 28 PIM ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System ji i Switching Routing Security Monitoring Maintenance Help Index Routing Table VLAN ARP RIP OSPF OSPFv3 Router Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced IP Configuration IP Interface Configuration Statistics s IP Interface Configuration Secondary IP Description YLA IP Subnet Routing Administrative ID Address Mask Mode Mode o 2 Reena 255 255 255 0 0 0 0 0 0 0 0 0 Disable Enable b Scroll down and select the Port 1 0 22 check box Now 1 0 22 appears in the Port field at the top c Enter the following information e Inthe IP Address field enter 192 168 6 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply to save the settings 4 Enable RIP on interface 1 0 21 a Select Routing gt RIP gt Advanced gt Interface Configuration A screen similar to the following displays System Switchi
569. the following displays System Swite hing Routh ng VLAN ARF RIP QoS OSPF Security Monitoring Rouler Discovery VRRP Routing Table Basic IF Configuration gt Statistics gt Advanced IP Configuration IP Configuration Default Time to Live Routing Mode IP Forwarding Mode 30 O Disable Enable O Disable Enable Maximum Next Hops 2 b Under IP Configuration make the following selections e For Routing Mode select the Enable radio button e For IP Forwarding Mode select the Enable radio button c Click Apply to enable IP routing 5 Configure default route for VLAN 202 278 Chapter 15 Security Management Maintenance ProSafe M4100 and M7100 Managed Switches a Select Routing gt Routing Table gt Basic gt Route Configuration A screen similar to the following displays NETGEAR _GS 48 Port Gigabit Le Connect with Innovation Switch wi System Switching Routing Security Monitoring Maintenance Help Index i ARP Basic Route Configuration Route Configuration Configure Routes ome ome Coe oe E Learned Routes Route Network Next Hop Subnet mask Protocol Next Hop IP Address Preference Type Address Interface Dynamic 192 168 100 0 255 255 255 0 Local vlan 100 192 168 100 1 b Under Configure Routes in the Route Type list select Default Route c In the Next Hop IP Address field enter 10 100 5 252 d Click Add to add the route that is
570. the following information e Inthe Vlan ID field enter 200 e Inthe IP Address field enter 192 168 200 2 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 48 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 200 4 Create a static route with IP address 192 168 100 0 24 a Select Routing gt Routing Table gt Basic gt Route Configuration 156 Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches C A screen similar to the following displays System Switching Rouling QoS Security Monitoring Maintenance Help Index ARP RIF OSPF Router Discovery WREF Basic Route Configuration gt Route Configuration Configure Routes Advanced Eo o Route Type hetwork Address Subnet mask Plas Next Hop IP Address IP Address static JN 192 168 100 0 192 168 100 0 255 255 255 0 192 168 200 1 Learned Routes Roube metur aoe Hop Subnart mask Type Address Interface Dynamic 192 168 400 233 2932390 an 4c 192 168 40 1 Dynamic 192 160 30 0 HEET i a 172 160 50 1 Dynamic 192 168 200 0 255 255 255 0 192 168 200 2 Pmt Hop IP Address Under Configure Routes make the following selections and enter the following information e Select Static in the Route Type field e Inthe Network Address field enter 192 168 100 0 e Inthe Subnet Mask field enter 255 255 255 0 e
571. thenticakon Trafic Control gt Basic V Advanced 3 IP ACL 2 IP Rules gt IP Extended Rules gt IP Binding Configuration Binding Table IP ACL Table _ ap ace ip 101 Extended b In the IP ACL Table in the IP ACL ID field enter 102 c Click Add 9 Add and configure an IP extended rule that is associated with ACL 101 a Select Security gt ACL gt Advanced gt IP Extended Rules A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Halp Index Management Security Acces Port Authentication Traffic Control Basic IP Extended Rules Advanced gt IP ACL IP Extended Rules 2 IP Rules ACL ID KAA gt IP Extended Rules IP Binding Configuration Extended ACL Rule Table Bending Table aa ee al ges ood Source Sou j Rule Action Assign Match Protocol TCP sik P Destination Destination Destination LOM J 1 FI P Mi ID Queue Every Keyword Flag address Mask Port IP Address IP Mask b Under IP Extended Rules in the ACL ID list select 10 c Click Add Chapter10 ACLs 151 ProSafe M4100 and M7100 Managed Switches The Extended ACL Rule Configuration screen displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Trafic Control Basic Extended ACL Rule Configuration Advanced IP ACL Extended AC
572. tic routes so that the switch forwards the packets with destinations 192 168 100 0 24 and 192 168 30 0 24 to the correct next hops Netgear Switch Netgear Switch Netgear Switch Config ip routing Contig ip route 192 168 100 0 2554255 255 0 192 166 2001 Config ip route 192 168 30 0 255425596259 0 192 1602200 1 Web Interface Configure One Way Access Using a TCP Flag in an ACL This is a two part process e Configuring the Switch on page 146 e Configuring the GSM7342S Switch on page 154 Configuring the Switch 1 Create VLAN 30 with IP address 192 168 30 1 24 a Select Routing gt VLAN gt VLAN Routing Wizard Chapter 10 ACLs ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays n the VLAN Routing Wizard System Switching Routing Qos Security Monitoring Maintenance Help Management Security Access Port Authentication Traffic Control gt MAC ACL IP Binding Configuration IP ACL aP AE Binding Configuration IP Rules E Inbound IP Extended Rules Gagquencenumber 1 to 4294967295 IP Binding Configuration Binding Table 2 Port Selection Table Port 1 2 3 4 5 6 7 F J 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Apa E a E E E 25 26 27 28 Interface Binding Status b In the VLAN Routing Wizard enter the following information e Inthe Vian ID field enter 30 e Inthe IP Address field enter 192 168 30 1 e Inthe Network Mask fie
573. tics i gt IP Interface Configuration 7 i 5 Routin Administrative Secondary IP Port Description IP Address Subnet Mask q Hode Mode ID 1 0 21 192 168 3 2 255 255 255 0 1 0 12 192 168 1 1 295 255 255 0 Enable Enable Scroll down and select the Port 1 0 13 check box Now 1 0 13 appears in the Port field at the top Enter the following information e Inthe IP Address field enter 192 168 3 2 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable Chapter 31 DVMRP ProSafe M4100 and M7100 Managed Switches d Click Apply to save the settings 5 Enable IP multicast on the switch a Select Routing gt Multicast gt Global Configuration A screen similar to the following displays System Switching EEM Routing Table IP gt Mroute Table Global Configuration gt Interface Configuration gt DYMRP gt IGMP gt PIM DM gt PIM 5M gt MLD gt Static Routes Configuration Admin Boundary Configuration IPv6 VLAN ARP RIP OSPF i OSPFy3 Global Configuration Global Configuration Admin Mode Protocol State Table Maximum Entry Count Protocol Table Entry Count Security z Monitoring Maintenance Help VRRP Router Discovery Disable Enable Non Operational 256 No Protocol Enabled 0 b For Admin Mode select the Enable radio button c Click Apply 6 Enable DVMRP on the switch a Select R
574. tion kF Advanced OSPF __ Interface Configuration Configuration Common 4rea Configuration S Router Retransmit Hello Stub Area i Priority 0 to Interval 0 Interval 1 Configuration to 3600 to 65535 NSS4 Area Configuration i Srea Range 0 0 Disable Configuration 0 0 Disable Interface Configuration All Interval 1 to PAC ULUKLY YD Disable Disable b Under Interface Configuration scroll down and select the interface 1 0 15 check box Now 1 0 15 appears in the Interface field at the top e Inthe OSPF Area ID field enter 0 0 0 1 e Inthe OSPF Admin Mode field select Enable c Click Apply to save the settings 5 Configure area 0 0 0 1 as a stub area a Select Routing gt OSPF gt Advanced gt Stub Area Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table IP VLAN ARP RIP Router Discovery VRRP Stub Area Configuration Advanced OSPF Stub Area Configuration Configuration Area n l n Metri Common 4rea Aging External SPF Border Ass Area LSA ests eds fi i mreete Interval Routin Runs Router Hae Checksum pores opted ON Configuration 9 were Counties LSA s 16777215 Stub Area Count Configuration In the Area ID field enter 0 0 0 1 c Click Add to save the settings 106 Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches nssa Areas Layer 3 La
575. tion A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP IP Interface Configuration Configuration SU Te ct Go To Interface so Statistics PAR aerate iran Routi Administrati Configuration Interface Description IP Address Subnet Mask ee sage a Secondary IP a EE 1 0 1 0 0 Disable Enable Scroll down and select the interface 2 0 11 check box Now 2 0 11 appears in the Interface field at the top Enter the following information e Inthe IP Address field enter 192 168 10 1 e Inthe Network Mask field enter 255 255 255 0 e Inthe Admin Mode field select Enable Click Apply to save the settings 3 Assign IP address 192 168 20 1 to port 2 0 19 a b C Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Routing Table VLAN ARP RIP OSPF Router Discovery VRRP gt Basic IP Interface Configuration Advanced IP Configuration Configuration Statistics Go To Interface 4 f co IP Interface Configuration Rout Adimninistrati outin ministrative Secondary IP Interface Description IP Address Subnet Mask 9 Mode Mode e meee ee ee O 2 0 1 Peca 0 0 0 o 0 0 0 Disable Enable TT 2 0 2 0 0 0 0
576. tion can also be configured to allow access for authenticated users Authenticated users are required to enter a valid user name and password that must first be validated against the local database or a RADIUS server Network access is granted once user verification has been confirmed The administrator can block access to a captive portal configuration When an instance is blocked no client traffic is allowed through any interfaces associated with that captive portal configuration Blocking a Chapter 32 Captive Portal 545 ProSafe M4100 and M7100 Managed Switches captive portal instance is a temporary command executed by the administrator and not saved in the configuration Block a Captive Portal Instance CLI Block a Captive Portal Instance Netgear Switch Config CP 1 block Web Interface Block a Captive Portal Instance 1 Select Security gt Control gt Captive Portal gt CP Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Trattic Control i ACL DHCP Snooping Captive Portal Configuration gt IP Source Guard gt Dynamic ARP Captive Portal Configuration Inspection i Admin Captive Portal CP ID CP Name Protocol Yerification Block Group Mode CP Global q Configuration CP Configuration A 2 Under Captive Portal Configuration scroll down an
577. tistics internet_access test_dept of T m intemet_access development b Click the internet_access check box for marketing_dept Chapter 12 DiffServ Help Help Index Index 211 A screen similar to the following displays System Switching Routing Security CoS gt Diffserv Wizard gt Basic Advanced DiffServ Configuration Class Configuration Policy Configuration Service Policy Class Configuration Class Information Policy Name Policy Type Member Class Name Policy Attribute Policy Atribute Drop Service Statistics C Assign Queue Configuration Mark COS Mark IP Precedence C Mark IP DSCP Cc Police Simple Color Mode ProSafe M4100 and M7100 Managed Switches Monitoring Maintenance Help Index marketing_dept om oo ColorBlind Color Conform Class Y Color Conform Mode lt Committed Rate c In the Assign Queue list select 2 d Click Apply 12 Assign queue 3 to test_dept a Select QoS gt DiffServ gt Advanced gt Policy Configuration A screen similar to the following displays Switching Routing Security Policy Configuration Policy Configuration DiffServ Configuration Class S puran intemet_access of z intemet_access Service E Configuration L Service Statistics internet_access internet_access Monitoring Maintenance Help Index P li Policy Selector T Member Class
578. tistics gt System Resource IP Configuration gt Slot Information Time DNS DNS Configuration Host Configuration Routing Security Monitoring Maintenance Services Stacking SNMP DNS Host Configuration Host Configuration Host Hame 1 158 characters O www netgear com 206 82 202 46 Dynamic Host Mapping Under DNS Host Configuration enter the following information e Inthe Host Name field enter www netgear com e Inthe IP Address field enter 206 82 202 46 Click Add The host name and IP address now show in the DNS Host Configuration table Chapter 21 DNS DHCP Server This chapter provides the following examples Figure on page 381 Configure a DHCP Reservation on page 384 When a client sends a request to a DHCP server the DHCP server assigns the IP address from address pools that are specified on the switch The network in the DHCP pool must belong to the same subnet DHCP server allows the switch to dynamically assign an IP address to a DHCP client that is attached to the switch It also enables the IP address to be assigned based on the client s MAC address The following are examples of how the DHCP Server feature is used Configure a DHCP Server in Dynamic Mode The following example shows how to create a DHCP server with a dynamic pool The example is shown as CLI commands and as a Web interface procedure CLI Configure a DHCP Server in Dynamic Mode vlan
579. tive Portal Configuration Ni gt IP Source Guard gt Dynamic ARP Captive Pasal eee l Inspection Admin PARES Captive Partal P ID CP Name Protocol erification Block Group Mode CP Global Configuration CP Configuration SR LN a iv Scroll down and select the CP 1 check box Now CP 1 appears in the CP ID field at the top In the Admin Mode field select Enable Click Apply to save the settings 3 Enable CP 1 on interface 1 0 1 a e205 Select Security gt Controls gt Captive Portal gt CP Binding Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control DHCP Snooping Captive Portal Binding Configuration gt IP Source Guard gt Dynamic ARP Captive Portal Binding Configuration Inspection 1 CP Name Captive Portal j CP Ses Port 1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 PE 2 an en ny nn a T kn Gt nl wh ie CP Configuration FE 26 27 28 CP Binding piane E all pleco gael hla In the CP ID list select 1 Click Unit 1 The ports display Click the gray box under port 1 Click Apply Client Access Authentication and Control User verification can be configured to allow access for guest users users who do not have assigned user names and passwords User verifica
580. to save the settings DVMRP on Switch B 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing QoS _ Security Monitoring Maintenance Help Routing Table i IP WLAN ARP RIP OSPF OSPFy3 Router Discovery VRRP Multicast Basic IP Configuration IP Configuration Statistics IP Configuration gt Advanced Default Time to Live 64 Routing Mode ICMP Echo Replies C Disable Enable ICMP Redirects Disable Enable ICMP Rate Limit Interval 1000 0 to 21474832647 ms ICMP Rate Limit Burst Size 00 O Oae b For Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 13 as a routing port and assign and IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration Chapter 31 DVMRP Index Configuration DVYMRP Interface Parameters Interface Statistics Global Received Received A Triterface Interface Protocol Local Interface Generation sare anes Sent lt allel Mga Mode State Address Metric ID i Routes Interface Packets Routes m cal Index ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays System Switching Routing IPS WLAN ARP Maintenance Security Qo05 RIF Monitoring Routing Table OSPF OSPFV3 Router Discovery VRRP Multicast gt Basic e Advanced 2 IF
581. tool debugging feature or means of fending off attacks e Assigns a specific port to copy all packets to e Allows inbound or outbound packets to switch to their destination and to be copied to the mirrored port The example is shown as CLI commands and as a Web interface procedure CLI Specify the Source Mirrored Ports and Destination Probe Netgear Switch config Netgear Switch Config monitor session 1 mode Enable mirror Netgear Switch Config monitor session 1 source interface 1 0 2 Specify the source interface Netgear Switch Config monitor session 1 destination interface 1 0 3 Specify the destination interface Netgear Switch Config exit Netgear Switch show monitor session 1 Session ID Admin Mode Probe Port Mirrored Port Enable Web Interface Specify the Source Mirrored Ports and Destination Probe 1 Select Monitoring gt Mirroring gt Port Mirroring 330 Chapter 17 Tools ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays AAI D r a ee aaa a i SS St pM LALA fi System Switching Routing Security Monitoring Maintenance Help Index Ports Logs v Port Mirroring Multiple Port Mirroring Status Table Go To Interface et GO Session Mirroring Source Port Destination Port Mode Port OC M a s Disable lw ears Disable 2 Scroll down and select the Source Port 1 0 2 check box The value 1 0 2 no
582. trol gt Private VLAN gt Private VLAN Type Configuration A screen similar to the following displays Syriam Switching Routing Ges Monitoring Maintenance Help Indax Acoma Pon AumPaenticohon MAC Filter Private VLAN Type Configuration Port Security gt private Group Private VLAN Type Configuration Protected Port FLAN TO Private YLAN lype Unconhigured Unconfigured i Primary Configuration fn Uneanfigured Private Vian Port i Uinconfigured Mode Configuration b Under Private VLAN Type Configuration select the VLAN ID 101 check box Now 101 appears in the interface field at the top c In the Private VLAN Type field select Isolated from the pull down menu d Click Apply to save the settings 3 Assign VLAN 102 to community VLAN a Select Security gt Traffic Control gt Private VLAN gt Private VLAN Type Configuration A screen similar to the following displays Syatom Switching Routing carib Moniloring Mointenance Help Index MLoreogeeeen Security e Paaa Pon Au teenFero Bor Cool ACI gt gt MAC Filter Private VLAN Type Configuration gt Port Security 3 Private Group Private VLAN Type Configuration gt Protected Port WLAN ID Private VLAN Type w Private Vier lan ic gt Privaie Vian Type Coanhguretsan Prale Vian Unoonigured Asenclator Premi r Configurator Private Vian Port Mode Configuraton b Under Private VLAN Type Configuration select the VLAN ID 102 ch
583. ts on the network and forwards the authentication request to the RADIUS server in the network For use in VLAN assignment the following tunnel attributes are used e Tunnel Type VLAN 13 e Tunnel Medium Type 802 e Tunnel Private Group ID VLANID where VLANID is 12 bits with a value between 1 and 4094 Host 1 0 12 EEEE i 192 168 0 5 EBBE Jf Switch 192 168 0 1 RADIUS server vian2000 S Figure 31 VLAN assignment using RADIUS In the previous figure the switch has placed the host in the VLAN vian2000 based on the user details of the clients The configureation on a RADIUS server for a user logged in as admin is e Tunnel Type VLAN 13 e Tunnel Medium Type 802 e Tunnel Private Group ID 2000 CLI Assign VLANS Using RADIUS 1 Create VLAN 2000 Netgear Switch network protocol none Changing protocol mode will reset ip configuration Are you sure you want to continue y n y Netgear Switch network parms 192 168 0 5 255 255 255 0 Netgear Switch vlan database Netgear Switch Vlan vlan 2000 Netgear Switch exit 292 Chapter 15 Security Management ProSafe M4100 and M7100 Managed Switches 2 Enable dot1x authentication on the switch Netgear Switch Config dotlx system auth control 3 Use the RADIUS as the authenticator Netgear Switch Config aaa authentication dotlx default radius 4 Enable the switch to accept VLAN assignment by the RADIUS server
584. ulticast MYR Address Table Ports LAG Basic VLAN Membership Advanced VLAN Configuration VLAN Membership gt VLAN Membership VLAN ID Group Operation Untag All 7i Z VEAN Stabs VLANName mylan UNTAGGED PORT MEMBERS Sa Port PVID Configuration T ERA VLAN Type TAGGED PORT MEMBERS gt Protocol Based vuan one Group Configuration Port 1 2 3 4 5 6 7 8 9 10 11 12 Protocol Based VLAN T gt IP Subnet Based VLAN In the VLAN ID list select 999 Click Unit 1 The ports display Click the gray boxes under port 9 until T displays The T specifies that the egress packet is tagged for the ports Click Apply to save the settings Repeat steps from b to e add port 0 1 to VLAN1 1001 add port 0 5 to VLAN2 1002 and add port 0 7 to VLAN3 1003 Enable MVR and multicast VLAN a e205 Select Switching gt MVR gt Basic gt MVR Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index VLAN STP Multicast MV Address Toble Ports LAG v Gasic MVR Configuration MVR Configuration MVR Group Configuration MYR Configuration MVR Interface MVR Running Enable x Configuration MYR Multicast Vian 999 Advanced MVR Max Multicast Groups 256 MYR Current Multicast Groups 1 MYR Global query response time 5 1 to 100 MYR Mode From the MVR Running list select Enable In the MVR Multicast Vlan field enter 999
585. unity ports and isolated ports Community ports These ports can communicate with other community ports and promiscuous ports Isolated ports These can ONLY communicate with promiscuous ports The Private VLANs can be extended across multiple switches through inter switch stack links that transport primary community and isolated VLANs between devices See figure 1 Isolated i Communit Isolated Isolated VLA VLAN VLAN VLAN Figure 4 Private VLANs 44 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches Figure 2 illustrates the private VLAN traffic flow Five ports A B C D and E make up a private VLAN Port A is a promiscuous port which is associated with the primary VLAN 100 Ports B and C are the host ports which belong to the isolated VLAN 101 Ports D and E are the community ports which are associated with community VLAN 102 Port F is the inter switch stack link It is configured to transmit VLANs 100 101 and 102 Colored arrows represent possible packet flow paths in the private VLAN domain Promiscuous port VLAN ID 100 primary 1 o 1 Switch Inter switch stack link Carries VLANs 100 101 and 102 Isolated ports l Community ports aa Primary VLAN 100 VLAN ID 101 a VLAN ID 102 Isolated VLAN 101 secondary w Secondary Community VLAN 102 Figure 5 Packet flow within a Private VLAN domain Chapter 2 VLANs 45 ProSafe M4100 and M7100 Managed Switches Assign Priv
586. urce 4294967295 Configuration ae EE a Under Route Redistribution in the Available Source list select RIP c Click Add to add a route redistribution VLAN Routing OSPF 116 For larger networks Open Shortest Path First OSPF is generally used in preference to RIP OSPF offers the following benefits to the administrator of a large and or complex network e Less network traffic Routing table updates are sent only when a change has occurred Only the part of the table that has changed is sent Updates are sent to a multicast not a broadcast address e Hierarchical management allowing the network to be subdivided The top level of the hierarchy of an OSPF network is Known as an autonomous system AS or routing domain and is a collection of networks with a common administration and routing strategy The AS is divided into areas intra area routing is used when a source and destination address are in the same area and inter area routing across an OSPF backbone is used when they are not An inter area router communicates with border routers in each of the areas to which it provides connectivity Chapter 7 OSPF ProSafe M4100 and M7100 Managed Switches The M4100 and M7100 Managed Switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route The order for choosing a route if more than one type of route exists is as follows Intra area Inter area
587. urity Monitoring Maintenance i OSPF OSPFwa VRRP Multicast Router Discovery gt Basic IPv6 Prefix Configuration Advanced Global Configuration Interface Configuration IPv Interface Selection Interface IPv6 Interface Configuration Help j Index Prefix Configuration Statistics Neighbour Table Static Route Configuration Route Table Route Preference Tunnel Configuration valid Life pv Prefix Prefix Length pa Time 0 FE80 222 3FFF FE9E 956D 128 C E E Preferred Life Time b Under IPv6 Interface Selection in the Interface field select 1 0 24 c Enter the following information e Inthe IPv6 Prefix field enter 2001 3 1 e Inthe Prefix Length field enter 64 e Inthe EUI64 field select Disable d Click Add to save the settings 6 Configure the router ID of OSPFvs a Select Routing gt OSPFv3 gt Basic gt OSPFv3 Configuration A screen similar to the following displays Maintenance QoS _ RIP 5 Switching Security sil Pant System Routing Monitoring VLAN ARP OSPF i Router Discovery VRRP Multicast Routing Table IP Help Basic OSPFy3 Configuration gt Advanced OSPFv3 Configuration OSPFv3 Configuration index Admin Mode Router ID C Disable Enable 2 2 2 2 In the Router ID field enter 2 2 2 2 For Admin Mode select the Enable radio button d Click Apply 7 En
588. uter LAN ID l i f Admin Response Time Expiry Time Mode Chapter 30 MLD Index ProSafe M4100 and M7100 Managed Switches b Enter the following information e Inthe VLAN ID field enter 300 e Inthe Admin Mode field select Enable 6 Click Add Chapter30 MLD 523 DVMRP Distance Vector Multicast Routing Protocol The DVMRP is used for multicasting over IP networks without routing protocols to support multicast The DVMRP is based on the RIP protocol but more complicated than RIP DVRMP maintains a link state database to keep track of the return paths to the source of multicast packages The DVMRP operates as follows e The first message for any source group pair is forwarded to the entire multicast network with respect to the time to live TTL of the packet e TTLrestricts the area to be flooded by the message e All the leaf routers that do not have members on directly attached subnetworks send back prune messages to the upstream router e The branch that transmitted a prune message Is deleted from the delivery tree e The delivery tree which is spanning to all the members in the multicast group is constructed In this example DVMRP is running on switches A B and C IGMP is also running on Switch C which is connected to the host directly After the host sends an IGMP report to switch C Chapter31 DVMRP 524 ProSafe M4100 and M7100 Managed Switches multicast streams are sent from the multicast
589. uting Security Monitoring Maintenance Help Index i DiffServ CoS Configuration Configuration CoS Configuration gt Advanced Global a trust dotip E ode i 7 Interface 7 Interface 1 o 1 eras Untrusted X Set classofservice Trust Mode The example is shown as CLI commands and as a Web interface procedure CLI Set classofservice Trust Mode Netgear Switch Config classofservice dotlip mapping Configure dotlp priority mapping 1p dscp mapping Maps an IP DSCP value to an internal traffic class trust Sets the Class of Service Trust Mode of an Interface Netgear Switch Config classofservice trust dotlp Sets the Class of Service Trust Mode of an Interface to 6021p ip dscp Sets the Class of Service Trust Mode of an Interface to IP DSCPa Netgear Switch Config classofservice trust dotlp lt cr gt Press Enter to execute the command Netgear Switch Config classofservice trust dotlp Web Interface Set classofservice Trust Mode 1 Select QoS gt CoS gt Basic gt CoS Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index DiffServ CoS Configuration Configuration CoS Configuration gt Advanced Global Global Trust ost dotip Mode Interface Untrusted Interface 1 o 1 x Trust Mode Chapter 11 CoS Queuing 193 2 3 4 Select the Global radio button ProSafe M4100
590. uting 73 VLANs 16 assigning ports 19 22 23 creating two VLANs 17 default 24 guest VLANs 286 287 288 IP subnet based 31 IP subnet based 31 32 MAC based 25 26 private edge 17 protocol based 28 29 using RADIUS to assign 291 292 294 VRRP 129 backup router 132 master router 130 W WRED 190 Index 559
591. uting Table VLAN ARP RIP OSPF Router Discovery VRRP gt Basic IP Interface Configuration Advanced IP Configuration Configuration Statistics Go To Interface SQ IP Interface Configuration van ee Secondary IP Interface Description IP Address Subnet Mask ae Ol E Disable T 2 0 2 b Scroll down and select the interface 2 0 11 check box Now 2 0 11 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 10 1 e Inthe Network Mask field enter 255 255 255 0 e Inthe Admin Mode field select Enable d Click Apply to save the settings 3 Assign IP address 192 168 20 1 to port 2 0 19 a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Routing Table i VLAN ARP RIP OSPF Router Discovery VRRP Basic IP Interface Configuration Advanced IP Configuration Configuration Statistics IP Interface Go To Interface Configuration van e Secondary IP Interface Description IP Address Subnet Mask eile a aram 0 0 0 0 0 0 0 0 Eea m 0 0 0 0 0 0 0 0 Disable M 2 0 3 0 0 0 0 0 0 0 0 Disable b Scroll down and select the interface 2 0 19 check box Now 2 0 19 appears in the Interface field at the top c Enter the following information e Inthe IP Address field enter 192 168 20 1 e Inth
592. utton c Click Apply 2 Enable DHCP snooping in a VLAN a Select Security gt Control gt DHCP Snooping Global Configuration A screen similar to the following displays Syatem Switching Routing Monitoring Maintenance Help Indas rame Carnia H OCP tnapjig DHCP Snooping Global Configuration baz a Ennium DHCP Snooping Global Conflguratton a ei iian DHCP Snooping Mode Configuration MAL Addrwes ibd ateon Banding Canhigurshon Percictent VLAN Configuration j jj Configuratan VLAH ID DHCP Snooping Hode Diteble Enable Disable Enable Inspection Captive Portal In the VLAN ID field enter 1 c In the the DHCP Snooping Mode field select Enable A screen similar to the following displays Syatem Switching Routing QoS Security Monitoring Mointenance Help Index Monagamani Saceriby Arons Port Authentication ratie Cari BHLP trannies DHCP Snooping Global Configuration GigSal Epig DHCP Snooping Global Configuration interface DHCP Srenpingy Mode Configuration Bading Configuration amp Persistent Disable Enable HAL Addieeos Valed ation Disable Enable VLAN Configuration aniguet atoan VLAN ID DHCP Snooping Mode Satis 1P Source Guard Dynamic ARP 3 Configure the port through which the DHCP server is reached as trusted Here interface 1 0 1 is trusted a Select Security gt Control gt DHCP Snooping Interface Configuration 300 Chapter 15 Security Manageme
593. v amp ARP OSPF OSPFv3 Router Discovery VRRP IPv amp Multicast Mroute Table PIM Interface Configuration Global Configuration Interface 1 all Configuration Admin DYMRP Interface ode State gt IGMP PIM Global Configuration gt SSM Configuration Interface Configuration PIM Neighbor Candidate RP Configuration gt BSR Candidate Configuration Static RP Configuration gt Static Routes Configuration gt Admin Boundary PIM Interface Configuration Go To Interface Protocol IP Address L Join Prune BSR Interval secs Border Lo Hello Interval secs Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable Disable Non Operational 0 0 0 0 Disable 1 0 8 Disable Non Operational 0 0 0 0 Disable juja isle ie 1 0 10 Disable C 1 0 11 Disable M 1 0 12 Disable Non Operational 0 0 0 0 Disable Non Operational 0 0 0 0 Disable Non Operational 0 0 0 0 Disable 1 0 14 Disable Non Operational 0 0 0 0 Disable DR Priority 9 R Scroll down and select the Interface 1 0 1 1 0 9 and 1 0 13 check boxes c In the Admin Mode field select Enable d Click Apply to save the settings PIM SM on Switch B 1 Enable IP routing on the switch a Select Routing gt IP gt Basic gt IP Configuration A screen similar to the follow
594. vert the Dynamic Address Learned from 1 0 1 to the Static Address272 Web Interface Convert the Dynamic Address Learned from 1 0 1 to the Static Ad Se eae eat be She beene Cee e eRe eee te ooo eee EA 272 Create a Static Address 0 a 272 CLI Create a Static Address nananana ce ees e138 Web Interface Create a Static Address 00000 213 Protected PortS 1 0 0c ee ee ee ee eee 273 CLI Configure a Protected Port to Isolate Ports on the Switch 274 Web Interface Configure a Protected Port to Isolate Ports on the Switch276 802 1x PON SECUI oco aoea aa iaaa aa d A a a a Baa e 280 CLI Authenticating dot1x Users by a RADIUS Server 280 Web Interface Authenticating dot1x Users by a RADIUS Server 281 Create a Guest VLAN 2 0 ee ees 286 CLI Create a Guest VLAN 2 2 ees 287 Web Interface Create a Guest VLAN 0 00 00 eee 288 Assign VLANs Using RADIUS 0 0 0 0 0 cc ee 291 CLI Assign VLANS Using RADIUS 0 000000 ce eee 292 Web Interface Assign VLANS Using RADIUS 294 Dynamic ARP Inspection 0 0000 cee eee eee 297 CLI Configure Dynamic ARP Inspection 00068 298 Web Interface Configure Dynamic ARP Inspection 299 Statie WIAD GING e cata au cea oon eR ooo a Heed Ghee oe ee ee Ecos 303 CLI Configure Static Mapping 4 5e5 6060 02 eee e ewes 303 Web Interface Configure Static Mapping
595. w orf Web Interface Configure Time Based Sampling of Counters with sFlow377 Chapter 21 DNS Specify Two DNS Servers 0 000 eee eens 378 CLI Specify Two DNS Servers 0 0 00 ee 378 Web Interface Specify Two DNS Servers 0000 eee 378 Manually Add a Host Name and an IP Address 0 379 CLI Manually Add a Host Name and an IP Address 379 Web Interface Manually Add a Host Name and an IP Address 379 Chapter 22 DHCP Server Configure a DHCP Server in Dynamic Mode 20005 381 CLI Configure a DHCP Server in Dynamic Mode 381 Web Interface Configure a DHCP Server in Dynamic Mode 382 Configure a DHCP Reservation 000 cece eee eee 384 CLI Configure a DHCP Reservation 02 00005 385 Web Interface Configure a DHCP Reservation 385 Chapter 23 DHCPv6 Server CLI Configure DHCPV6 1 es 389 Web Interface Configure an Inter area Router 205 390 Configure Stateless DHCPVv6 Server 0 000 e ee eee 394 CLI Configure Stateless DNS Server 000 eee 394 Web Interface Configure Stateless DHCPv6 Server 395 Chapter 24 Double VLANs and Private VLAN Groups POUpIe VLANS ss rsio caeee eed wo ee dri akitia iiie eee Galen 398 CLI Enable a Double VLAN 0 0000 cee eee eee eee 399 Web Interface Enable a Double VLAN
596. w appears in the Interface field at the top 3 Enter the following information e Inthe Destination Port field enter 1 0 3 e Inthe Session Mode field select Enable 4 Click Apply Dual Image Traditionally switches contain a single image in the permanent storage This image is loaded into memory every time there is a reboot The dual image feature allows switches to have two images in permanent storage You can denote one of these images as an active image that will be loaded in subsequent reboots and the other image as a backup image This feature provides for reduced down time for the switches when the firmware is being upgraded or downgraded The images are stored in the file system with the file names imagel and image2 These names are used in the CLI Web and SNMP interfaces Each of the images can be associated with a textual description The switch provides commands to associate and retrieve the text description for an image A switch also provides commands to activate the backup image such that it is loaded in subsequent reboots This activation command makes the current active image as the backup image for subsequent reboots On three successive errors executing the active image the switch attempts to execute the backup image If there are errors executing the backup image as well the bootloader will invoke the boot menu The Dual Image feature works seamlessly with the stacking feature All members in the stack must be unif
597. witching Routing QoS Security Monitoring Maintenance Help Index Policy Configuration Policy Configuration Policy nner Poli Select frome ea class_ef iwi _ef iv Under Policy Configuration scroll down and select the pol_ voip check box Pol_voip now appears in the Policy Selector field at the top In the Member Class list select class_ef in Click Apply to add the class class_ef to the policy pol_ voip DiffServ Configuration Class Configuration Policy Configuration Service Configuration Click the pol_voip whose class member is class_ef and a screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index Policy Class Configuration Class Information Policy Name Policy Type Member Class Name Policy Attribute Assign Queue 5 Policy Atribute Drop Service Statistics O Dairia o Mark IP Precedence 0 Mark IP DSCP In the Assign Queue list select 5 g Click Apply to create a new policy 7 Attach the defined policy to interface 1 0 2 in the inbound direction a Select QoS gt DiffServ gt Advanced gt Service Configuration Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays Switching Routing Security Monitoring Maintenance Help Index Diffserv Wizard DiffServ Service Configuration Policy Service Config Go To Interface C Gaga GO DiffSe
598. witching Routing Security Monitoring Monogement Security Access Port Authentication Traffic Control Control gt Basic Advanced IP ACL IP Rules IP Extended Rules IP 6 ACL IPy Rules IP Binding Configuration Binding Table Vian Binding Table IP ACL IP Configuration Current Humber of ACL Kaxinnun AEL _IP ACL Table Ea IP ACL Rules manitarHost b In the IP ACL ID field enter monitorHost c Click Add to create ACL monitorHost and the following screen displays System Manogement Security gt Basic Advanced s IP ACL IP Rules IP Extended Rules IPy ACL Pwo Rules IP Binding Configuration Switching Routing Security Monitoring Accoss Traffic Control Control Port Authentication IP ACL IP Configuration Maintenance Help Index Current Humber of ACL Mawinan EL ae eee Binding Table Vian Binding Table E monitorHost Named IP ACL 2 Create a rule to match host 10 0 0 1 in the ACL monitorHost a Select Security gt ACL gt Advanced gt IP Extended Rules A screen similar to the following displays Switching ALoncege rene Saucer iby e Pd hen DP Banding Configuration a Birding Table Ar cons Port Agthanticofice Routing Gas Maniloring Moinkaonce Frolf Coniiol Contr Extended ACL Rules __ IP Rules ACL 1D ARE Extended ACL Rule Table Assign Airror BRe
599. wn as CLI commands and as Web interface procedure CLI Show iSCSI Sessions Use the following commands to show iSCSI sessions and session details Netgear Switch show iscsi sessions Session 0 Target iqn 2012 08 com example storage lunl Initiator ign 1991 05 com microsoft netgear think ISID 400001370000 Netgear Switch show iscsi sessions detailed Session 0 Target iqn 2012 08 com example storage lunl Initiator iqn 1991 05 com microsoft netgear think Up Time 00 00 04 11 DD HH MM SS Time for aging out 382 secs ISID 400001370000 Initiator Initiator Target Target IP Address TCP Port IP Address TCP Port L922166 10 107 192 168 10 116 Netgear Switch The command shows that there is an active iSCSI session The initiator is at IP address 192 168 10 107 and the Target is at IP address 192 168 10 116 Web Interface Show iSCSI Sessions 1 Show iSCSI sessions a Select Switching gt iSCSI gt Advanced gt Sessions A screen similar to the following displays Chapter 33 iSCSI 555 ProSafe M4100 and M7100 Managed Switches System Switching Routing QoS Security Monitoring Maintenance Help Index VLAN Auto VoIP iSCS STP Multicast MVR Address Table Ports LAG 5 Basic iSCSI Sessions secre Global x Configuration Target Name Initiator Name ISID Initiator Session ID iSCSI Targets ign 2012 06 com example storage lunl iqn 1991 05 com microsoft netgear think 400001370000
600. x Now 1 0 5 appears in the Interface field at the top In the Queue ID list select 3 In the Minimum Bandwidth field enter 25 Click Apply 18 Set the CoS queue 4 configuration for interface 1 0 5 a Select QoS gt CoS gt Advanced gt Interface Queue Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Index i DiffServ Interface Queue Configuration Interface Queue Configuration D Configuration Go To Interface acO 802 1p Queue Mapping seas Minimum Scheduler queue Interface Management IP Precedence Bandwidth Type Queue Mapping gt IP DSCP Queue oo Eel CEE weighted a Mapping 1 0 14 CoS Interface Z 170 2 Configuartion Interface Queue Configuration weighted Aatop weighted taildrop 3 3 170 3 3 weighted taildrop 3 weighted taildrop weighted taildrop weighted taildrop Under Interface Queue Configuration scroll down and select the Interface 1 0 5 check box Now 1 0 5 appears in the Interface field at the top Chapter 12 DiffServ ProSafe M4100 and M7100 Managed Switches c In the Queue ID list select 4 d In the Minimum Bandwidth field enter 25 e Click Apply Chapter 12 DiffServ 217 ProSafe M4100 and M7100 Managed Switches DiffServ for VoIP One of the most valuable uses of DiffServ is to support Voice over IP VoIP VoIP traffic is inherently time sensitive For a network
601. y VRRP Multicast IPv Multicast Interface Configuration Interface Configuration RIP Configuration Interface interface Configuration Send Version Route Receive Version Redistribution RIP Admin Mode Disable Enable Authentication Type In the Interface field select 1 0 3 For RIP Admin Mode select the Enable radio button Click Apply to save the settings 4 Set up the DHCP global configuration a select System gt Services gt DHCP Server gt DHCP Server Configuration Chapter 29 DHCP L2 Relay and L3 Relay ProSafe M4100 and M7100 Managed Switches 29 5 e A screen similar to the following displays System Management w DHCP Server DHCP Server Configuration DHCP Pool Configuration DHCP Pool Options DHCP Server Statistics DHCP Bindings Information DHCP Conflicts Information gt DHCP Relay Switching Davies View Routing i Stocking Security Monitoring Maintenance Help Index SNMP LLDP ISDP DHCP Server Configuration DHCP Server Configuration Admin Mode gt Ping Packet Count gt Conflict Logging Mode Bootp Automatic Mode Excluded Address mi IF Range From Disable Enable 2 0 2 to 10 Disable Enable Disable Enable IP Range To E 10 200 1 1 10 200 1 1 For Admin Mode select the Enable radio button In the IP Range From field enter 10 200 1 1 In the IP Range To field enter 10
602. y VRRP Multicast gt Basic IP Interface Configuration V Advanced gt IP Configuration IP Interface Configuration gt Statistics gt IP Interface Configuration VJAT VLAN IP Subnet Routing Administrative gt Secondary IP Description ID Address Mask Mode Mode es 192 16831 ifzss 2ss zss 0 If enable IIIf enable 192 168 2 2 255 255 255 0 Enable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable 0 0 0 0 0 0 0 0 Disable Enable b Scroll down and select the Port 1 0 9 check box Now 1 0 9 appears in the Port field at the top Enter the following information e Inthe IP Address field enter 192 168 3 1 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Routing Mode field select Enable d Click Apply 4 Configure 1 0 13 as a routing port and assign an IP address to it a Select Routing gt IP gt Advanced gt IP Interface Configuration A screen similar to the following displays System i Switching Routing Security T Monitoring Maintenance Help index Routing Table Pwd OSPFv3 Router Discovery VRRP Multicast gt Basic IP Interface Configuration Advanced IP Configuration IP Interface Configuration Statistics 1 all gt IP Interface Configuration Secondary IP Port Description VLAN IP Subnet Routing Administrative ID A
603. y Monitoring Maintenance Help Index Routing Table IP i ARP RIP OSPF Router Discovery VRRP gt LAN Routing VLAN Routing Configuration Wizard YLAN Routing VLAN Routing a 2 1 to ae ee MAC Address IP Address Subnet Mask of 2 4 a 192 150 3 1 255 255 255 0 5 Enter the following information e Select 10 in the VLAN ID 1 to 4093 field e Inthe IP Address field enter 192 150 4 1 e Inthe Subnet Mask field enter 255 255 255 0 6 Click Add to save the settings 74 Chapter 5 VLAN Routing RIP Routing Information Protocol This chapter provides the following examples e Routing for the Switch on page 76 e Routing for Ports on page 77 e RIP for the Switch on page 78 e RIP for Ports 1 0 2 and 1 0 3 on page 79 e VLAN Routing with RIP on page 82 Routing Information Protocol RIP is a protocol that routers can use to exchange network topology information It is characterized as an interior gateway protocol and is typically used in small to medium sized networks A router running RIP sends the contents of its routing table to each of its adjacent routers every 30 seconds When a route is removed from the routing table it is flagged as unusable by the receiving routers after 180 seconds and removed from their tables after an additional 120 seconds There are two versions of RIP the managed switch supports both e RIPv1 defined in RFC 1058 Routes are specified by IP destination network and ho
604. y to save the settings 48 Chapter 2 VLANs ProSafe M4100 and M7100 Managed Switches Configure Private VLAN Port Mode Promiscuous Host The example is shown as CLI commands and as a Web interface procedure CLI Configure Private VLAN Port Mode Promiscuous Host Use the following commands to assign port 1 0 1 to promiscuous port mode and ports 1 0 2 1 0 5 to host port mode Netgear Switch Netgear Switch Netgear Switch Netgear Switch config Config interface 1 0 1 Interface 1 0 1 switchport mode private vlan promiscuous Interface 1 0 1 exit Config interface 1 0 2 1 0 5 Interface 1 0 2 1 0 5 switchport mode private vlan host Interface 1 0 2 1 0 5 end Netgear Switch Netgear Switch Netgear Switch Web Interface Configure Private VLAN Port Mode Promiscuous Host 1 Configure port 1 0 1 to promiscuous port mode a Select Security gt Traffic Control gt Private VLAN gt Private VLAN Port Mode Configuration A screen similar to the following displays Syalem Switching Routing od Security Monitoring Moinieanango Help HAC Filter Private Vian Port Mode Configuration gt Port Security aP m i Private Group Private Vian Port Mode Configuration Protected Port i LAGS All Go To Interface Private Vien Interface Port Vian Mode Private Vian Type ce Lowa Promiscupus w Configuration Prowate Vian hha hon Configuration b U
605. yer 3 switch Switch Port 2 0 11 Port 2 0 191 Port 1 0 151 i 5 to hs hae Po ho Dp tate Pe a ETa Fa puaa en ee Ipa fafafa faka l ia j i et j Figure 13 nssa Area The example is shown as CLI commands and as a Web interface procedure CLI Configure Area 1 as an nssa Area 1 Enable routing on the switch Netgear Switch config Netgear Switch Config router ospf Netgear Switch Config ip routing 2 Configure area 0 0 0 1 as an nssa area Netgear Switch Config router ospf Netgear Switch Config router router id 1 1 1 1 Netgear Switch Config router area 0 0 0 1 nssa 3 Stop importing summary LSAs to area 0 0 0 1 Netgear Switch Config router area 0 0 0 1 nssa no summary Chapter 7 OSPF 107 ProSafe M4100 and M7100 Managed Switches 4 Enable area 0 0 0 1 on port 2 0 19 Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Config router exit Config interface 2 0 11 Interface 2 0 11 routing Interface 2 0 11 ip address 192 168 10 1 255 255 255 0 Interface 2 0 11 ip ospf Interface 2 0 11 exit Config interface 2 0 19 Interface 2 0 19 routing Interface 2 0 19 ip addres
Download Pdf Manuals
Related Search