Netgear 7000 Series User's Manual
Contents
1. internet ws _ 10 100 5 34 Layer 2 Switch 192 166 1 25 192 168 1 25 PC 1 d PC 2 a er eee ee Th 192 168 1 192 166 1 Figure 25 1 The example is shown as CLI commands and as a Web interface procedure CLI Commands To use the CLI to configure a protected port in commands order to isolate ports enter the following CLI Step 1 Create one VLAN 192 including PC1 and PC2 etgear Switch vlan database etgear Switch vlan 192 etgear Switch vlan routing 192 etgear Switch exit etgear Switch configure etgear Switch Config interface 1 0 23 etgear Switch Interface 1 0 23 vlan pvid 192 etgear Switch Interface 1 0 23 vlan participation include 192 etgear Switch Interface 1 0 23 exit etgear Switch Config interface 1 0 24 etgear Switch Interface 1 0 24 vlan pvid 192 etgear Switch Interface 1 0 24 vlan participation include 192 etgear Switch Interface 1 0 24 exit etgear Switch Interface vlan 192 interface vlan 192 etgear Switch Interface vlan 192 routing etgear Switch Interface vlan 192 ip address 192 168 1 254 255 255 255 0 etgear Switch Interface vlan 192 exit 25 2 Protected Ports v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear2. vlan Configure a match condition based on a VLAN ID lt cr gt Press Enter to execute the command Access Control Lists ACLs 9 41 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 5 show mac access lists Netgear Switch show mac access lists Current number of all ACLs 2 Maximum number of all ACLs 100 MAC ACL Name Rules Interface s Direction bl 1 1 0 5 inbound b2 1 Netgear Switch show mac access lists lt name gt Enter access list name up to 31 characters in length lt cr gt Press Enter to execute the command Netgear Switch show mac access lists bl lt cr gt Press Enter to execute the command Netgear Switch show mac access lists bl Rule Number 1 PG ON see eea ea ent E tase ed tetany ogee lames ane ranean N permit Macek AM 2k ccc ait ate EAN E sty TRUE 9 42 Access Control Lists ACLs v1 0 May 2008 Chapter 10 Class of Service CoS Queuing This section describes the Class of Service CoS Queue Mapping and Traffic Shaping features Overview Each port has one or more queues for packet transmission During configuration you can determine the mapping and configuration of these queues Based on service rate and other criteria you configure queues provide preference to specified packets If a delay becomes necessary the system holds packets until the scheduler authorizes transmission As queues be
3. 4 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 2 Enable Web mode a At the CLI prompt enter the show network command b Set Web Mode to Enabled Starting the Web Interface Follow these steps to start the switch Web interface 1 2 3 5 Enter the IP address of the switch in the Web browser address field When the Login panel is displayed click Login Enter the appropriate User Name and Password The User Name and associated Password are the same as those used for the terminal interface Click on the Login button The System Description Menu displays with the navigation tree appearing to the left of the screen Make a selection by clicking on the appropriate item in the navigation tree Web Interface Layout As of software release 7 2 the Web interface has a new look The new Web interface is called the Prosafe Control Center PCC When you use the switch s IP address to log into the switch the following screen displays 4 2 Using the Web Interface v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 NETGEAR GSM7328FS Help Figure 4 1 The switch can accommodate two types of users administrative users and guests An administrative user may configure the switch for network application but a guest may not The guest may only view the settings and status of the network As shipped from the factory b
4. Netgear Switch Web Interface Procedure To use the Web Interface to enable a double VLAN on a VLAN proceed as follows 1 Create static VLAN 200 a From the main menu select Switching gt VLAN gt Basic gt VLAN Configuration A screen similar to the following displays Security Monitoring Maintenance Switching Routing STP Multicast Address Table Ports LAG Basic VLAN Configuration gt VLAN Configuration Reset Advanced Reset Configuration o VLAN Configuration Po riano wannane VLAN TB A a eo Ei Default Default O 100 Static Figure 27 2 b Under VLAN Configuration enter the following information and make the following selection e Inthe VLAN ID field enter 200 e Inthe VLAN Name field enter vian200 e Select Static from the VLAN Type pulldown menu c Click Add Double VLANs 27 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 2 Add ports 24 and 48 to VLAN 200 a From the main menu select Switching gt VLAN gt Advanced gt VLAN Membership A screen similar to the following displays STP Multicast Address Table Ports LAG Routing Security Monitoring Maintenance Help Basic VLAN Membership Advanced gt VLAN VLAN Membership Configuration VLAN ID 200 Group Operation untag All VLAN Membership VLAN Name vlan200 UNTAGGED PORT MEMBERS TA
5. Layer 3 Switch Ereren operating ae Router 1 Mitep fegetene Port 103 Internet Layer 3 Switch LTA operating as Router 2 PERRE Figure 11 2 Differentiated Services 11 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 The following example configures DiffServ VoIP support Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Enter Global Config mode Set queue 5 on all ports to use strict priority mode This queue shall be used for all VoIP packets Activate DiffServ for the switch Switch config Switch Config cos queue strict 5 Switch Config diffserv Create a DiffServ classifier named class_voip and define a sin gle match criterion to detect UDP packets The class type match all indicates that all match criteria defined for the class must be satisfied in order for a packet to be considered a match Switch Config class map match all class_voip Switch Config class map match protocol udp Switch Config class map exit Create a second DiffServ classifier named class_ef and define a single match criterion to detect a DiffServ code point DSCP of EF expedited forwarding This handles incoming traffic that was previously marked as expedited somewhere in the network Switch Config class map match all class_ef Switch Config class map match ip dscp ef Switch Config class
6. 16 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 16 4 Outbound Telnet v1 0 May 2008 Chapter 17 Port Mirroring This section describes the Port Mirroring feature Overview Port Mirroring Allows you to monitor network traffic with an external network analyzer Forwards a copy of each incoming and outgoing packet to a specific port Is used as a diagnostic tool debugging feature or means of fending off attacks Assigns a specific port to copy all packets to Allows inbound or outbound packets to switch to their destination and to be copied to the mirrored port CLI Examples The following are examples of the commands used in the Port Mirroring feature 17 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 1 show monitor session Netgear Switch Routing show monitor session 1 Session ID Admin Mode Probe Port Mirrored Port 1 Enable 1 0 8 1 0 7 Note Monitor session ID 1 1 is a hardware limitation Example 2 show port all Netgear Switch Routing show port all Admin Physical Physical Link Link LACP Intf Type ode Mode Status Status Trap ode 1 0 1 Enable Auto Down Enable Enable 1 0 2 Enable Auto Down Enable Enable 1 0 3 Enable Auto Down Enable Enable 1 0 4 Enable Auto Down Enable Enable 1 0 5 Enable Auto Down Enable Enable 1 0 6 Enable Auto Down Enable Enable
7. Intra area Inter area External type 1 the route is external to the AS External Type 2 the route was learned from other protocols such as RIP CLI Example This example adds support for OSPF to the configuration created in the base VLAN routing example The script shows the commands you would use to configure the 7000 Series Managed Switch as an inter area router Refer to Figure 7 2 7 10 IP Routing Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example of configuring OSPF on a 7000 Series Managed Switch acting as an inter area router tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear To7 00 DD ODA MDAADAAAAADAA DAA DAHA A A e etgear etgear etgear etgear amp S ooooeododaa ys tgear tgear tgear tgear tgear tgear tgear tgear Swit Swi Swi Swit Swi Swi Swi Swit Swi Swi Swit Swi Swi Swi Swit Swi Swi Swit Swit Swi Swi Swit Swi Swi Specify the Swi Swi Swi Swi ble OSPF Swi Swi Swi Swi Swi Swi Swi Swi CC CC CC CC CC CC CC CC D o a O VV VP PVP VP PvP yPvv Vy PV O A PDP h h h h for the VLAN and physical router ports Py YPD PY PD YP uter ID and enable OSPF for the switch vlan data vlan 10 vlan 20 Vlan vlan
8. NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 NETGEAR NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 USA 202 10238 02 May 2008 2008 by NETGEAR Inc All rights reserved Trademarks NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR Inc Microsoft Windows and Windows NT are registered trademarks of Microsoft Corporation Other brand and product names are registered trademarks or trademarks of their respective holders Portions of this document are copyright Intoto Inc Statement of Conditions In the interest of improving internal design operational function and or reliability NETGEAR reserves the right to make changes to the products described in this document without notice NETGEAR does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein Netgear s 7000 Series Managed Switch is compliant with the following EU Council Directives 89 336 EEC and LVD 73 23 EEC Compliance is verified by testing to the following standards EN55022 Class A EN55024 and EN60950 1 Certificate of the Manufacturer Importer It is hereby certified that the 7000 Series Managed Switch has been suppressed in accordance with the conditions set out in the BMPT AmtsblVfg 243 1991 and Vfg 46 1992 The operation of some equipment for example test transmitters in accordance with the regulations may however
9. We NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 declare under our sole responsibility that the model 7000 Series Managed Switch complies with Part 15 of FCC Rules Operation is subject to the following two conditions v1 0 May 2008 e This device may not cause harmful interference and e This device must accept any interference received including interference that may cause undesired operation FCC Requirements for Operation in the United States Radio Frequency Interference Warnings amp Instructions This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following methods e Reorient or relocate the receiving antenna e Increase the separation between the equipment and the receiver e Connect the equipment into an electrical outlet
10. e Snooping can be enabled per VLAN CLI Examples The following are examples of the commands used in the IGMP Snooping feature Example 1 Enable IGMP Snooping The following example shows how to enable IGMP snooping Netgear Switch Netgear Switch Netgear Switch Netgear Switch config Config ip igmpsnooping Config ip igmpsnooping interfacemode Config exit 12 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 2 show igmpsnooping Netgear Switch lt cr gt lt slot port gt mrouter lt 1 4093 gt BE Netgear Switch show igmpsnooping Enter to execute the command ss Enter interface in slot port format Display IGMP Snooping Multicast Router information Display IGMP Snooping valid VLAN ID information show igmpsnooping Admin MOGESd ers eee aes Be BS GS a a lee Enable Multicast Control Frame Count 0 Interfaces Enabled for IGMP Snooping 1 0 10 Vlans enabled for IGMP snooping 20 Example 3 show mac address table igmpsnooping Netgear Switch show mac address table igmpsnooping lt cr gt Press Enter to execute the command Netgear Switch show mac address table igmpsnooping Type Description Interfaces 00 01 01 00 5E 00 01 16 Dynamic Network Assist Fwd 1 0 47 00 01 01 00 5E 00 01 18 Dynamic Network Assist Fwd
11. el B i Subnet 2 Subnet 3 Subnet 5 Figure 7 1 Example 1 Enabling routing for the Switch Use the following command to enable routing for the switch Execution of the command enables IP forwarding by default Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit IP Routing Services 7 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 2 Enabling Routing for Ports on the Switch Use the following commands to enable routing for ports on the switch The default link level encapsulation format is Ethernet Configure the IP addresses and subnet masks for the ports Network directed broadcast frames will be dropped and the maximum transmission unit MTU size will be 1500 bytes etgear Switc etgear Switc h config h etgear Switch h h Config interface 1 0 2 Interface 1 0 2 routing Interface 1 0 2 ip address 192 150 2 1 255 255 255 0 Interface 1 0 2 exit etgear Switc etgear Switc Config interface 1 0 3 Interface 1 0 3 routing Interface 1 0 3 ip address 192 150 3 1 255 255 255 0 Interface 1 0 3 exit etgear Switch etgear Switch etgear Switch etgear Switch etgear Switch Config interface 1 0 5 etgear Switch Interface 1 0 5 routing Netgear Switch Interface 1 0 5 ip address 192 150 5 1 255 255 255 0 h h etgear Switc Interface 1 0 5 exit Netge
12. 1 0 47 00 01 01 00 5E 37 96 D0 Dynamic Network Assist Fwd 1 0 47 00 01 01 00 5E 7F FF FA Dynamic Network Assist Fwd 1 0 47 00 01 01 00 5E 7F FF FE Dynamic Network Assist Fwd 1 0 47 12 2 IGMP Snooping v1 0 May 2008 Chapter 13 Port Security This section describes the Port Security feature Overview Port Security Allows for limiting the number of MAC addresses on a given port Packets that have a matching MAC address secure packets are forwarded all other packets unsecure packets are restricted Enabled on a per port basis When locked only packets with allowable MAC address will be forwarded Supports both dynamic and static Implement two traffic filtering methods Dynamic Locking User specifies the maximum number of MAC addresses that can be learned on a port The maximum number of MAC addresses is platform dependent and is given in the software Release Notes After the limit is reached additional MAC addresses are not learned Only frames with an allowable source MAC address are forwarded Static Locking User manually specifies a list of static MAC addresses for a port Dynamically locked addresses can be converted to statically locked addresses These methods can be used concurrently 13 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Operation Port Security e Helps secure network by preventing unknown devices from forwarding packets e Wh
13. 1 0 7 Mirror Enable Auto Down Enable Enable 1 0 8 Probe Enable Auto Down Enable Enable 1 0 10 Enable Auto Down Enable Enable Example 3 show port interface Use this command for a specific port The output shows whether the port is the mirror or the probe 17 2 Port Mirroring v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 port and what is enabled or disabled on the port Netgear Switch Routing show port 0 7 Admin Physical Physical Link Link LACP Intf Type ode Mode Status Status Trap ode 1 0 7 Mirror Enable Auto Down Enable Enable Netgear Switch Routing show port 0 8 Admin Physical Physical Link Link LACP Intf Type ode Mode Status Status Trap ode 1 0 8 Probe Enable Auto Down Enable Enable Example 4 Config monitor session 1 mode To set up port mirroring specify the monitor session then the mode Netgear Switch Routing Config monitor session Configure port mirroring Netgear Switch Routing Config monitor session lt 1 1 gt Session number Netgear Switch Routing Config monitor session 1 destination Configure the probe interfac mode Enable Disable port mirroring session source Configure the source interfac Netgear Switch Routing Config monitor session 1 mode lt cr gt Press Enter to execute the command Netgear Switch Routing Config monitor session 1
14. Example 2 permit any Netgear Switch Config mac access list permit lt srcmac gt Enter a MAC address any Configure a match condition for all the destination MAC addresses in the Destination MAC Address field Netgear Switch Config mac access list permit any lt dstmac gt Enter a MAC address any Configure a match condition for all the destination MAC addresses in the Destination MAC Address field Netgear Switch Config mac access list permit any any assign queue Configure the Queue Id assignment attribute cos Configure a match condition based on a CoS value lt ethertypekey gt Enter one of the following keywords to specify an Ethertype appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppo rarp lt 0x0600 Oxffff Enter a four digit hexadecimal number in the range of 0x0600 to Oxffff to specify a custom Ethertype value vlan Configure a match condition based on a VLAN ID lt cr gt Press Enter to execute the command Netgear Switch Config mac access list permit any any Access Control Lists ACLs 9 39 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 3 Configure mac access group Netgear Switch Config interface 1 0 5 Netgear Switch Interface 1 0 5 mac access group Attach MAC Access List to Interface Netgear Switch Interface 1 0 5 mac
15. Oynamic 192 168 50 0 255 255 255 0 192 168 50 1 Dynamic 192 168 200 0 2535 235 233 0 192 168 200 2 Figure 9 20 Under Configure Routes make the following selection and enter the following information e Select Static from the Route Type pulldown menu e Inthe Network Address field enter 192 168 100 0 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Next Hop IP Address field enter 192 168 200 1 Click Add 9 22 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 5 Create a static route with IP address 192 168 30 0 24 a From the main menu select Routing gt Routing Table gt Basic gt Route Configuration A screen similar to the following displays System Switching Routing Pp VLAN ARP RIP OSPF Router Discovery VRRP Security Monitoring Maintenance Help Index Basic Route Configuration Rowe Configuration Configure Routes Advanced Route Type Network Address Subnet mask Next Hop IP Address E oe E ee r Static 192 168 100 0 255 255 255 0 192 168 200 1 1 Learned Routes Next Hop IP Address Dynamic 192 168 40 0 255 255 255 0 Local Vian 40 192 168 40 1 Dynamic 192 168 50 0 255 233 255 0 Local Vien 50 192 168 50 1 192 168 200 0 255 255 255 0 192 168 200 2 Figure 9 21 b Under Configure Routes make the following selection and enter the following information e Select Static from
16. Total number of scripts stored on box limited by NVRAM FLASH size Application of scripts is partial if script fails For example if the script executes five of ten commands and the script fails the script stops at five Scripts cannot be modified or deleted while being applied Validation of scripts checks for syntax errors only It does not validate that the script will run CLI Examples The following are examples of the commands used for the Configuration Scripting feature 15 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 1 script Netgear Switch script apply Applies configuration script to the switch delete Deletes a configuration script file from the switch list Lists all configuration script files present on the switch show Displays the contents of configuration script validate Validate the commands of configuration script Example 2 script list and script delete Netgear Switch script list Configuration Script Name Size Bytes basic scr 93 running config scr 3201 2 configuration script s found 1020706 bytes free Netgear Switch script delete basic scr Are you sure you want to delete the configuration script s y n y 1 configuration script s deleted Example 3 script apply running config scr Netgear Switch script apply running config scr Are you sure you want to apply the configuration script
17. at a time e A gt button that displays the table of contents and an button Double click on a link in the table of contents or index to navigate directly to where the topic is described in the manual e A i button to access the full NETGEAR Inc online knowledge base for the product model e Links to PDF versions of the full manual and individual chapters How to Print this Manual To print this manual you can choose one of the following options according to your needs e Printing a Page from HTML Each page in the HTML version of the manual is dedicated to a major topic Select File gt Print from the browser menu to print the page contents e Printing from PDF Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files The Acrobat reader is available on the Adobe Web site at http www adobe com Printing a PDF Chapter Use the PDF of This Chapter link at the top left of any page xvi v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e Click the PDF of This Chapter link at the top left of any page in the chapter you want to print The PDF version of the chapter you were viewing opens in a browser window e Click the print icon in the upper left of your browser window Printing a PDF version of the Complete Manual Use the Complete PDF Manual link at the top left of any page e Click the Complete PDF Manual link at
18. ccccceceeeeeeeeeeeeeeeeeeeaeeeeeceeeenaeeeess 18 4 Chapter 19 Syslog RPE A AEE E elapse a T E E E E E E E pia TA 19 1 Fen EN LOG FII uana ence et eee ccc eee 19 1 NSIT SHAG Log FES sesira 19 2 CENE SE Gr anai E daha A E a a a AASE OES 19 2 Example T ts SRON WUC onsnasininieiainidin eminem 19 3 Example 2 show logging bolfergd ocsersnissisinssenii eee aR 19 3 Example 3 show logging traploga oie ccsscirssss ccues s cstrueisese una innen nusii anaiai 19 4 Example 4 show logging NOSIS ccccscictacionnnirtactonetiarcdesncecrmbivecadannmecenatnmencnnnaats 19 4 Example 5 logging port CONMQUIATION sssisiasnssnin sien serena 19 5 Chapter 20 Managing Switch Stacks Undersiandng SWAEN SACKS saiisine eaten unis aaan aAA 20 2 SWC oaek MemnbereNip sinsassinieroeiuia rn E E ii 20 3 v1 0 May 2008 Switeh Stack CDMS TP SIM SRR cerir aano an aeh ar EEE EIEEE ANA 20 4 Stack Master Election and Re Election sssessesseeesseessseesrssressresssrnsssrnssrnneenneens 20 5 Sek Member PU OPE scusiamo A 20 5 Stack Member Priority WEIS neanimirani an a 20 6 SWiteh Stack Offline Canfiguratiohi sasassasisnas raiona i kaaa 20 6 Effects of Adding a Preconfigured Switch to a Switched Stack 0 ee 20 6 Effects of Replacing a Preconfigured Switch in a Switch Stack s 20 7 Effects of Removing a Preconfigured Switch from a Switch Stack sa se 20 7 Switch Stack Software Compatibility Recommendations cccccceeeseeeeeeeeeeteeeeeees 2
19. etgear etgear etgear etgear etgear etgear etgear etgear Step 2 Create one VLAN 202 connected to the Internet Step 3 Create Step 4 Enable IProuting and Configure a default route Step 5 Enable Switch vlan database Switch Vlan vlan 202 Switch Vlan vlan routing 202 Switch Vlan exit Switch configure Switch Config interface 1 0 48 Switch Interface 1 0 48 vlan pvid 202 Switch Interface 1 0 48 vlan participation include 202 Switch Interface 1 0 48 exit Switch Config interface vlan 202 Switch Interface vlan 202 routing Switch Interface vlan 202 ip address 10 100 5 34 255 255 255 0 Switch Interface vlan 202 exit DHCP pool to allocate IP addresses to PCs a Switch config service dhcp Switch config ip dhcp pool pool a Switch Config dhcp pool dns server 12 7 210 170 Switch Config dhcp pool default router 192 168 1 254 Switch Config dhcp pool network 192 168 1 0 255 255 255 0 Switch Config dhcp pool exit Switch config ip routing Switch config ip route 0 0 0 0 0 0 0 0 10 100 5 252 a protected port on 1 0 23 and 1 0 24 Switch Config interface 1 0 23 Switch Interface 1 0 23 switchport protected Switch Interface 1 0 23 exit Switch Config interface 1 0 24 Switch Interface 1 0 24 switchport protected Switch Interface 1 0 24 exit Web Interface Procedure To use the Web Interface to configure
20. etgear Switch Interface 1 0 2 exit aan Enable VRRP for the switch Netgear Switch Config ip vrrp Assign virtual router IDs to the port that will particpate in the protocol Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 ip vrrp 20 Specify the IP address that the virtual router function will rec ognize Note that the virtual IP address on port 1 0 2 is the same as the port s actual IP address therefore this router will always be the VRRP master when it is active And the priority default is 255 Netgear Switch Interface 1 0 2 ip vrrp 20 ip 192 150 2 1 Enable VRRP on the port Netgear Switch Interface 1 0 2 ip vrrp 20 mode Netgear Switch Interface 1 0 2 exit Netgear Switch Config exit Virtual Router Redundancy Protocol 8 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 2 Configure VRRP on a Backup Router The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the backup router Enable routing for the switch IP forwarding will then be enabled by default Netgear Switch config Netgear Switch Config ip routing Configure the IP addresses and subnet masks for the port that will particpate in the protocol Netgear Switch Config interface 1 0 4 Netgear Switch Interface 1 0 4
21. gt VLAN Membership VLAN Status gt MAC Based VLAN gt Port PVID Configuration Port DVLAN Configuration Protocol Based VLAN Group Configuration Protocol Based VLAN Group Membership GARP Switch Configuration gt GARP Port Configuration Interface Admin Mode EtherType Custom Value ahia tence a e i dio l iaa fenable o2 107a Disable 802 1Q Tag Disable 802 1Q Tag Disable 802 1Q Tag Disable 802 1Q Tag Disable 802 1Q Tag Disable 802 1Q Tag Disable 802 1Q Tag Disable 802 1Q Tag Disable 802 1Q Tag mla mla kla ala m Disable 802 1Q Tag Figure 27 5 b Under DVLAN Configuration scroll down to interface 1 0 48 and select the chechbox for that interface 1 0 48 now appears in the Interface field at the top c Select Enable from the Admin Mode pulldown menu d Click Apply to save the settings 27 6 Double VLANs v1 0 May 2008 Numerics 802 1x port security 26 1 A ACL 9 1 add 4 5 apply 4 5 ARP 7 2 C cancel 4 5 command archive 20 16 archive download sw 20 8 clear config 2 14 clock timezone 18 4 copy nvram errorlog 2 13 copy nvram startup config 2 12 2 13 copy nvram traplog 2 13 copy system image 2 13 copy system running config nvram startup config 2 12 2 14 cos queue min bandwidth 70 5 ezconfig 3 1 ip igmpsnooping 22 2 ip proxy arp 7 22 logout 2 12 mac access list 9 38 mac access group 9 40 member 20 15 monitor session mode
22. tch Config policy map class tch Config policy class map tch Config policy class map exi tch Config policy map class mar tch Config policy class map tch Config policy class map exi tch Config policy map class tes tch Config policy class map tch Config policy class map exi tch Config policy map class tch Config policy class map tch Config policy class map exi tch Config policy map exit gress queu internet_access in finance_dept assign queue 1 keting_dept assign queue 2 t_dept assign queue 3 development_dept assign queue 4 This is how the Diff Differentiated Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear Netgear Netgear Netgear Netgear Attach the defined policy to interfaces 1 0 1 through 1 0 4 in the inbound direction Switch Config interface 1 0 1 Switch Interface 1 0 1 service policy in internet_access Switch Interface 1 0 1 exit Switch Config interface 1 0 2 Switch Interface 1 0 2 service policy in internet_access Switch Interface 1 0 2 exit Switch Config interface 1 0 3 Switch Interface 1 0 3 service policy in internet_access Switch Interface 1 0 3 exit Switch Config interface 1 0 4 Switch Interface 1 0 4
23. y n y The systems has unsaved changes Would you like to save them now y n y Configuration Saved 15 2 Configuration Scripting v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 4 Creating a Configuration Script Netgear Switch show running config running config scr Config script created successfully Netgear Switch script list Configuration Script Name Size Bytes running config scr 3201 1 configuration script s found 1020799 bytes free Example 5 Upload a Configuration Script Netgear Switch copy nvram script running config scr tftp 192 168 77 52 running config scr MO AG i s aon eta Soles Acs fol eae A E TFTP Set TFTP Server IP ewe tees 192 168 77 52 PTP Pat lies os dene ecstacy desea LESEN ahs ETP Fa LON AMC szgis dab ares tee ava beds running config scr Data TY De no baste lied E a E tana Sorte Config Script Source Filename running config scr Are you sure you want to start y n y File transfer operation completed successfully Configuration Scripting 15 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 15 4 Configuration Scripting v1 0 May 2008 Chapter 16 Outbound Telnet This section describes the Outbound Telnet feature Overview Outbound Telnet e Establishes an outbound telnet connection between a device and a
24. 17 3 monitor session 1 source interface 17 4 movemanagement 20 14 network parms 2 2 no clibanner 2 2 permit 9 41 Index permit any 9 39 port security 13 3 17 4 reload 2 14 script 15 2 script apply running config scr 5 2 script delete 5 2 script list 75 2 session limit 76 3 session timeout 16 3 set classofservice trust mode 0 4 show classofservice ip precedence mapping 0 5 show classofservice trust 70 4 show hardware 2 11 show igmpsnooping 2 2 show ip interface 7 22 show ip vlan 7 5 show logging 19 3 show logging buffered 19 3 show logging hosts 19 4 show logging traplogs 19 4 show loginsession 2 show mac access lists 9 42 show mac address table igmpsnooping 2 2 show monitor session 17 2 show network 2 5 2 12 16 2 show port 20 11 show port all 17 2 20 15 show port interface 77 2 show port security 3 3 show port security on a specific interface 3 3 show port channel all 6 2 show sntp 18 1 show sntp client 8 2 show sntp server 18 2 show supported switchtype 20 15 show switch 20 8 show telnet 6 2 show users 2 11 sntp client mode unicast 8 3 sntp server 18 3 Index 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 switch priority 20 6 switch renumber 20 14 traceroute 74 1 traffic shape 10 7 transport output telnet 6 3 users passwd 2 11 configuration scripting 15 1 CoS 10 1 drop precedence configuration 0 3 per i
25. 22 23 24 Y 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 v 49 50 51 52 Interface Binding Status 1 0 24 Inbound IP ACL 102 1 1 0 48 Inbound 1P ACL 101 1 Figure 9 38 b Under Binding Configuration make the following selection and enter the following information e Select 103 from the ACL ID pulldown menu e Inthe Sequence Number field enter 2 c Click Unit 1 The ports display Configure the following ports e Click on the gray box under port 24 A flag appears in the box e Click on the gray box under port 48 A flag appears in the box d Click Apply to save the settings Access Control Lists ACLs 9 37 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 MAC ACL CLI Examples The following are examples of the commands used for the MAC ACLs feature Example 1 mac access list Netgear Switch Config mac access list extended Configure extended MAC Access List parameters Netgear Switch Config mac access list extended lt name gt Enter access list name up to 31 characters in length renam Rename MAC Access Control List Netgear Switch Config mac access list extended bl lt cr gt Press Enter to execute the command Netgear Switch Config mac access list extended bl 9 38 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2
26. Addresses Admin Mode ODisable Enable Ping Packet Count 2 0 2 to 10 Figure 24 3 1 Next to Admin Mode select the Enable radio button 2 Click Apply to enable the DHCP service 3 From the main menu select System gt Services gt DHCP Server gt DHCP Pool Configuration A screen similar to the following displays DHCP Server 24 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 System Switching Routing QoS Security Monitoring Maintenance Management Device View o Stacking SNMP DHCP Server DHCP Pool Configuration DHCP Server Configuration DHCP Pool Configuration gt DHCP Pool Configuration Pool l manual DHCP Pool Options pase a Se DHCP Server Statistics Root Name DHCP Bindings Type of Binding Manual v Information Network Number DHCP Conflicts Network Mask Information Network Prefix Length 0 32 DHCP Relay Client Name dhepclient UDP Relay Hardware Address Hardware Address Type Client ID 00 01 02 03 04 05 ethernet Host Number 192 168 200 1 Host Mask 255 255 255 0 Host Prefix Length 0 32 Lease Time Specified Duration v Days 1 0 to 59 0 to 1439 Figure 24 4 Under DHCP Pool Configuration enter the following information e Select Create from the Pool Name pulldown menu e Inthe Pool Name field enter pool_manual e Select Manual from the Type of Binding pulldown menu e
27. FS abd lett GAIN Gasca E E 9 41 Example FS Show mac accosti creirsinibcionisiiehiiiikindhiih 9 42 Chapter 10 Class of Service CoS Queuing B E E E A A E E E A 10 1 GaS CMGI kapping oeaaiganengann iaa a A 10 1 Trusted POS sccccnsussscencassetccanemntes sade anea perra EA ESSE 10 1 PRISE TEM a i E A A A A E E T A Madd 10 2 GOS QUEUS KOICHI sects vitcecdstedbiadeneneaince EN 10 2 Pert Egress Oues Contquratign soniri a N 10 2 Drop Precedence Configuration per Queue s ssssssrsssesrrsrirererersrenrenernnsrnrnnnnnnens 10 3 Perinterlaco BASS senracie erin rna aaa EAA 10 3 GUESSES pfen irana R AE AEE 10 3 Example 1 show classolservice IrUSt ssicccctccedaiecersecajecehtesviccseearsiiccdeeseevicienterviond 10 4 Example 2 Set classofservice TUST MOUE scissccdessecsnsdachestesesiertaasetmanieedaceitiednecenine 10 4 Example 3 show classofservice ip precedence Mapping sssesssssrrssssserrssreee 10 5 Example 4 Config Cos queue Min bandwidth and Strict Priority Scheduler Mode 10 5 Example 5 Set CoS Trust Mode of an Interface sessssessrerssssrsrrrrresereressrnsrnsens 10 6 TANG Fs NING cu cna ncn ede oe sais aan vain E a ile nasa xn Sieh nada a duns sidan menontils 10 6 MTN reac sitet acetid s cavdesiey a tate bier ep Gade Sacer eaiee ks 10 6 emir pee SI Teri Osos IY ae 10 7 Chapter 11 Differentiated Services CLIE SIDE a a act senate se trans cians anit cain Guta Niamh E E Alaomeaiaesa Nisam 11 2 DiffServ tor Volf Configuration EB MARNE ss
28. From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP N ARP Security Monitoring Maintenance Help VLAN Routing VLAN Routing Wizard Wizard VLAN Routing VLAN Routing Wizard Vian ID 200 LAG Enabled 5 IP Address 192 168 200 1 Network Mask 255 255 255 0 Port 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 u Figure 9 5 b Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 200 e Inthe IP Address field enter 192 168 200 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 44 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 200 9 10 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 4 Enable IP Routing a From the main menu select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Swite Routing QoS Security Monitoring Maintenance hing Routing Table VLAN ARP RIP OSPF Router Discovery VRRP Basic IP Configuration IP Configuration gt Statistics Advanced Default Time to Live 30 Routing Mode O Disable
29. Guide Version 7 2 2 Create VLAN 50 with IP address 192 168 50 1 24 a From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP y l ARP RIP OSPF Router Discovery VRRP Security Monitoring Maintenance Help VLAN Routing VLAN Routing Wizard Wizard VLAN Routing VLAN Routing Wizard 6 f LAG Enabled 192 168 50 1 Network Mask 255 255 255 0 Poti 2 3 4 5 6 7 8 9 10141 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 u 49 50 51 52 Figure 9 18 b Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 50 e Inthe IP Address field enter 192 168 50 1 e In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 25 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 50 9 20 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 3 Create VLAN 200 with IP address 192 168 200 2 24 a From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Toble IP N ARP RIP OSPF Router Discovery VRRP Security Monitoring
30. Inthe Client Name field enter dhepclient e Inthe Hardware Address field enter 00 01 02 03 04 05 e Select ethernet from the Hardware Type pulldown menu Inthe Host Number field enter 192 168 200 1 e In the Network Mask field enter 255 255 255 0 As an alternate you can enter 24 in the Network Prefix Length field e Inthe Days field enter 1 5 Click Add The pool_manual name is now added to the Pool Name pulldown menu 24 6 v1 0 May 2008 DHCP Server NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Chapter 25 Protected Ports This section describes how to set up protected ports on the switch Some situations might require that traffic is prevented from being forwarded between any ports at Layer 2 so that one user cannot see the traffic of another user on the same switch Overview Protected Ports e Prevent traffic from being forwarded between protected ports e Allow traffic to be forwarded between a protected port and a non protected port Example The following are examples of how the Protected Ports feature is used Example 1 Configure a Protected Port to Isolate Ports on the Switch In following example PC1 and PC2 can access the Internet as usual but PC1 cannot see the traffic that is generated by PC2 that is no traffic is forwarded between PC1 and PC2 Protected Ports 25 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Adm inistration Guide Version 7 2
31. Maintenance Help VLAN Routing Wizard gt VLAN Routing VLAN Routing Wizard u Vian ID LAG Enabled ka IP Address 192 168 200 2 Network Mask 255 255 255 0 Port 1 2 3 4 S 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Figure 9 19 b Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 200 e Inthe IP Address field enter 192 168 200 2 e In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 48 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 200 Access Control Lists ACLs 9 21 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 4 Create a static route with IP address 192 168 100 0 24 a From the main menu select Routing gt Routing Table gt Basic gt Route Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index f IP VLAN ARP OSPF Router Discovery VRRP Basic Route Configuration gt Route Configure Routes Advanced Route Type Network Address Subnet mask Next Hop IP Address jstatic JIE 192 168 100 0 255 255 255 0 192 168 200 1 Learned Routes Next Hop IP Address Dynamic 192 168 40 0 255 255 253 0 192 168 40 1
32. Managed Switch s management IP address or to that of any active router interface if the management address is not configured After the routing configuration commands have been issued the following functions will be active e IP Forwarding responsible for forwarding received IP packets e ARP Mapping responsible for maintaining the ARP Table used to correlate IP and MAC addresses The table contains both static entries and entries dynamically updated based on information in received ARP frames e Routing Table Object responsible for maintaining the common routing table used by all registered routing protocols You may then activate RIP or OSPF used by routers to exchange route information on top of IP Routing RIP is more often used in smaller networks while OSPF was designed for larger and more complex topologies 7 2 IP Routing Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 CLI Examples This diagram shows a Layer 3 switch configured for port routing It connects three different subnets each connected to a different port The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the port routing support shown in the diagram Layer 3 Switch acing as a router OAS AGA ee T Poet 102 Port 105 192 150 22 192 64 4 1 Port 103 192 130 3 1 biisii a Lae aana atia e za i l bad EF en TT eee eT Te ee SS e
33. Manual Mode sses 24 4 CU C ONIN ccinn ii 24 4 Web literate Proceiie oninia a SRA 24 5 Chapter 25 Protected Ports B saison E E E E E A E E 25 1 EXAME pinpin R 25 1 Example 1 Configure a Protected Port to Isolate Ports on the Switch 25 1 CSU MWC A AA N A E A A A AETA T A 25 2 Wep Interlace PROCCOUINS sicondi e a EN 25 3 Chapter 26 802 1x Port Security COVEIVIOW ceiros aa a Ea aG 26 1 xii v1 0 May 2008 Example PTE N E pe ta ce pdb E cle cle ee eae eee cnc eet eee samen ean ae 26 1 Example 1 Enable 802 1x Authentication on One Port in a VLAN neeese 26 1 E EES iN ELL S ys cece catered A EE ne A EE E E A ee 26 2 Web Interface Procedure sis sccscssesesessrdevisnesadsinrdsnsesdete n enaderiemiains 26 3 Chapter 27 Double VLANs CPOE UE ia ba A a N T RAN a ees 27 1 E ADE a cegucuase Ro lew esc unicmreee eae ee ee 27 1 Example 1 Enable a Double VLAN on a VLAN eeeeeeeeeeeeeeeeeeeeeeeeeneeeeeeeeeeeee 27 1 CR TRUCE ech asin A E E E E A EAE I 27 2 Web Interlace Procedure gs oisiiiesscnccsanceaeeimeisatare accatoncedousicedade ASRA 27 3 Index xiii v1 0 May 2008 xiv v1 0 May 2008 About This Manual The NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 describes how to install configure and troubleshoot the 7000 Series Managed Switch The information in this manual is intended for readers with intermediate computer and Internet skills Conventions Formats an
34. RIPv1 or RIPv2 or to send RIPv2 packets to the RIPv1 broadcast address e To prevent any RIP packets from being received 7 12 IP Routing Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e To prevent any RIP packets from being transmitted CLI Examples The configuration commands used in the following example enable RIP on ports 1 0 2 and 1 0 3 as shown in the network illustrated in Figure 7 4 Layer 3 Switch acting as a router pe 1 Port 102 Port 105 192 150 22 192 654 4 1 Port 103 192 130 3 1 Subnet 2 Subnet 3 Subnet 5 Figure 7 4 Example 1 Enable Routing for the Switch The following sequence enables routing for the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit IP Routing Services 7 13 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 2 Enable Routing for Ports The following command sequence enables routing and assigns IP addresses for ports 1 0 2 and 1 0 3 etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc config Config interface 1 0 2 Interface 1 0 2 routing Interface 1 0 2 ip address 192 150 2 1 255 255 255 0 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 routing Interface 1 0 3 ip address 192 15
35. The command shows that the IGMP admin mode is Active The mode is controlled by the ip igmpsnooping command If the mode is inactive no query packet is sent 22 2 IGMP Querier v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Chapter 23 DNS This section describes the Domain Name System DNS feature The DNS protocol maps a host name to an IP address allowing you to replace the IP address with the host name for IP commands such as a ping and a traceroute and for features such as RADIUS DHCP Relay SNTP SNMP TFTP SYSLOG and UDP Relay You can obtain the DNS server IP address from your ISP or public DNS server list Overview DNS e Is used to resolve the host s IP address e Enables a static host name entry to be used to resolve the IP address Examples The following are examples of how the DNS feature is used Example 1 Specify Two DNS Servers The following example shows how to specify two DNS servers that is two IP addresses for DNS servers and to resolve an IP address using the DNS server The example is shown as CLI commands and as a Web interface procedure DNS 23 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 CLI Commands To use the CLI to specify two DNS servers enter the following CLI commands Netgear Netgear Netgear Netgear Netgear Switch config c Switch Config ip name serve
36. aa aa means 1 2 CU SEN LUNI aiieieo a A A 1 3 Prebated Documenta as cascsiccccenautancecoumaccesonance seuueonursececonmene denieanaeccduenmercccecateseccnoamen 1 3 Chapter 2 Getting Started lf band and Oubel band Connecti ssccciccisscsscsacainentaccannaniecnnsnmbaniadsimceantennmratearnnenny 2 5 Gonfiguring TOF I band Li CIIDY sissies aana inadai nidia 2 5 Weng Eoo P ar DAOP sisri miii eE a 2 5 Uoto TO ENO Po FO enata Treen eeecrer Treen tree et recerr rt rere ae 2 6 Configuring for Out Of Band Connectivity ccccceccecececeeeeeeeeeeeeaeeeeeeeeseaeseeeeeeess 2 7 Sering TS SEI aooiee AE EE a aea E 2 8 Mia on A aa a r A A Aa 2 8 inital Goniiguraton Procedure sirsiineniierenc niini eiia 2 9 OOS Metalai es ccceu cntsiestin acct noe acaesuuedinank dentin aces nihy aaaa E a eiaa 2 10 Quick Starting the Networking Device ccccceesceceeeeeeeeeeeeeeeeeeeaaeeseeaeeeeaaeeesenees 2 10 System Information and System SOUP civicsscceccacccresaccuscceetariesansseesadcdeessestonseteeticaee 2 10 Chapter 3 Using Ezconfig for Switch Setup Ghenging the PASEO comeron aane aaa Eae aa aN 3 2 v1 0 May 2008 Seng Up the Switch IP Address 2 cs cesnits acuconctnchideabiacsluninntdanthedinesanteiekeaieeteanisneds 3 2 Assigning Switch Name and Location Information ccccecceeseeeeeeeeeeeneeeeeteeeeeaeetees 3 3 Sadiho Me ANON canrenaman a erect nemeotetmanaiacts 3 3 Chapter 4 Using the Web Interface QTE for Web ACCESE corio aa
37. access group lt name gt Enter name of MAC Access Control List Netgear Switch Interface 1 0 5 mac access group bl in Enter the direction lt in gt Netgear Switch Interface 1 0 5 mac access group bl in lt cr gt Press Enter to execute the command lt 1 4294967295 gt Enter the sequence number greater than 0 to rank precedence for this interface and direction A lower sequence number has higher precedence Netgear Switch Interface 1 0 5 mac access group bl in 9 40 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 4 permit lt dstmac gt any access queue cos lt ethertypekey gt lt 0x0600 Oxffff Netgear Switch Config mac access list extended b2 Netgear Switch Config mac access list permit 00 00 00 00 00 00 Netgear Switch Config mac access list permit 00 00 00 00 00 00 any Enter a MAC Address Configure a a match condition for all the destination MAC addresses in the Destination MAC Address field Configure the Queue Id assignment attribute Configure a match condition based on a CoS value Enter one of the following keywords to specify an Ethertype appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppo rarp Enter a four digit hexadecimal number in the range of 0x0600 to Oxffff to specify a custom Ethertype value
38. and includes information on configuring those functions using the Command Line Interface and Web Interface The switch software can operate as a Layer 2 switch a Layer 3 router or a combination switch router The switch also includes support for network management and Quality of Service functions such as Access Control Lists and Differentiated Services Which functions you choose to activate will depend on the size and complexity of your network this document describes configuration for some of the most used functions This document contains configuration information about the following e Layer 2 VLANs e Layer 3 Port routing VLAN Routing Virtual Router Redundancy Protocol VRRP RIP OSPF Proxy ARP e Quality of Service QoS Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Class of Service CoS Differentiated Services e Multicast IGMP Snooping e Security Denial of Service Port Security e Operating System Dual Configuration e Tools Alarm Manager Traceroute Configuration Scripting Advance Keying Prelogin Banner Port Mirroring SNTP Syslog Data Migration Audience Use this guide if you are a n e Experienced system administrator who is responsible for configuring and operating a network using switch software e Level 1 and Level 2 Support provider To obt
39. anniiaivan padunstadpseaeeceaastiaueea patuncne 7 22 Exame te IS ROK VOID aa 7 22 Chapter 8 Virtual Router Redundancy Protocol CLIE AMDE E aai an a R Naame aeradints 8 2 Example 1 Configure VRRP on a Master Router sassessesessrersresissrnerirererersressenens 8 3 Example 2 Configure VRRP on a Backup Router 0 c cccececeeeeeeeeeeeeeeeeeaeeteees 8 4 Chapter 9 Access Control Lists ACLs ETIEN erent erence ree crrene ee or Cree yer erneer Pro TNS 9 1 LENONS aise bi esas tes A Aan edad NNA A 9 1 PO AO E a ta Susana rea cana aa ncubeou ltt sin isan duebie ie Gia juni eaute Gul Vian elta pon dan dutta aiuais 9 1 Gonkong IP AGES icc cst cos ance lncatsnne sate ai a a A OEE EEO 9 2 POCO aeran E E 9 3 IP Pes Me EO pinnin 9 3 Example 1 Set up an IP ACL with Two Rules iccccniscisniiscenunmntienonmnatennenninnes 9 3 v1 0 May 2008 vii Example 2 Configure a One Way Access Using a TCP Flag in an ACL 9 4 CAI ORIN a cesses ubacaatien tata us Meecattatdi posites ue kv aml has atte at unde acue Salsw anntaatintamansss ae 9 5 Wep Iter es PCRS ceniris aa 9 8 Example 3 Configure Isolated VLANs on a Layer 3 switch by Using ACLs 9 23 EMEETAN A A E ET E A ited oui 9 24 Web Interlace PROC COMING oiii a 9 26 VAGACLGL E I ainiai tin N meets 9 38 Example r i mac pieces NGL eraa 9 38 Example 22 permit ANY sorserion aa O 9 39 Example 3 Configure Mac ACCESS QrOUP sssrssirsissssrnsuricinnouiisnriadnin iniinda 9 40
40. asks if you want to reset the system the networking device EXEC You can reset the networking device or cold boot the network ing device Both work effectively 2 14 Getting Started v1 0 May 2008 Chapter 3 Using Ezconfig for Switch Setup Ezconfig is an interactive utility that provides a simplified procedure for setting up the following switch parameters e Switch management IP address e Switch admin user password e Switch name and location Ezconfig can be entered either in Global Config mode or in Display mode gt The utility displays the following text when you enter the ezconfig command FSM7352S gt ezconfig NETGEAR EZ Configuration Utility Hello and Welcome This utility will walk you through assigning the IP address for the switch management CPU It will allow you to save the changes at the end After the session simply use the newly assigned IP address to access the Web GUI using any public domain Web browser Admin password not defined Do you want to change the password Y N Q Note At any point in the setup you can type Q to abort the program At this point Ezconfig will check if there is any change and prompt you if the changes should be saved 3 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Changing the Password The first question it will ask is whether you wish to change the admin pas
41. configuration 5 Reduce network traffic by turning off the Network Configuration Protocol Enter the following command configure network protocol none 2 6 Getting Started v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 6 Set the IP address subnet mask and gateway address by issue the following command config network parms ipaddress netmask gateway IP Address Unique IP address for the switch Each IP parameter is made up of four decimal numbers ranging from 0 to 255 The default IP address is 169 254 100 100 Subnet Subnet mask for the LAN The default value is 255 255 255 0 gateway IP address of the default router if the switch is a node outside the IP range of the LAN 7 To enable these changes to be retained during a reset of the switch type Ctrl Z to return to the main prompt type save config at the main menu prompt and type y to confirm the changes 8 To view the changes and verify in band information issue the command show network 9 The switch is configured for in band connectivity and ready for Web based management Configuring for Out Of Band Connectivity To monitor and configure the switch using out of band connectivity use the console port to connect the switch to a terminal desktop system running terminal emulation software The console port connector is a male DB 9 connector implemented as a data terminal equipment DTE connector The following hardwar
42. mae eRe Every Keyword Flag Rule Action 1D Queue IP Address Figure 9 34 b Under IP Extended Rules select 103 from the ACL ID pulldown menu c Click Add The Extended ACL Rule Configuration screen displays System Switching Routing QoS Security Monitoring Maintenance Help Index J Access Port Authentication Traffic Control MAC ACL Extended ACL Rule Configuration 1P act 2 2 ys Extended ACL Rule Configuration 100 199 Pe eae Roles ACLID 103 gt IP Binding Configuration Rule ID 1 to 23 1 Binding Table Permit Egress Queue Deny False 1P 0 to 255 FIN Ignore SYN Ignore PSH Ignore ACK Ignore 0 to 65535 0 to 65535 Figure 9 35 d Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections Inthe Rule ID field enter 1 9 34 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e Next to Action mode select the Permit radio button e Select False from the Match Every pulldown menu e Select IP from the Protocol Type pulldown menu e Click Apply to save the settings 11 Apply ACL 102 to port 24 a From the main menu select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Manogement Security Access Port Authentico
43. map exit Create a DiffServ policy for inbound traffic named pol_voip then add the previously created classes class_ef and class_voip as instances within this policy This policy handles incoming packets already marked with a DSCP value of EF per class_ef definition or marks UDP packets per the class_voip definition with a DSCP value of EF In each case the matching packets are assigned internally to use queue 5 of the egress port to which they are forwarded etgear Switch Config policy map pol_voip in etgear Switch Config policy map class class_ef etgear Switch Config policy class map assign queue 5 etgear Switch Config policy class map exit etgear Switch Config policy map class class_voip etgear Switch Config policy class map mark ip dscp ef etgear Switch Config policy class map assign queue 5 etgear Switch Config policy class map exit etgear Switch Config policy map exit Attach the defined policy to an inbound service interfac Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 service policy in pol_voip Netgear Switch Interface 1 0 2 exit Netgear Switch Config exit 11 6 Differentiated Services v1 0 May 2008 Chapter 12 IGMP Snooping This section describes the Internet Group Management Protocol IGMP feature IGMPv3 and IGMP Snooping Overview IGMP e Uses Version 3 of IGMP e Includes snooping
44. mode Port Mirroring 17 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 5 Config monitor session 1 source interface Specify the source mirrored ports and destination probe port etgear Switch Routing Config monitor session 1 source interface Configure interface etgear Switch Routing Config monitor session 1 source interface lt slot port gt Enter the interfac etgear Switch Routing Config monitor session 1 source interface 0 7 etgear Switch Routing Config monitor session 1 destination interface Configure interface etgear Switch Routing Config monitor session 1 destination interface slot port gt Enter the interfac etgear Switch Routing Config monitor session 1 destination interface 0 8 A Example 6 Interface port security Netgear Switch Routing Interface 0 7 port security lt cr gt Press Enter to execute the command mac address Add Static MAC address to the interface max dynamic Set Dynamic Limit for the interface max static Set Static Limit for the interface Netgear Switch Routing Interface 0 7 port security max static lt 0 20 gt Set Static Limit for the interface Netgear Switch Routing Interface 0 7 port security max static 5 Netgear Switch Routing Interface 0 7 port security max dynamic 10 17 4 Port Mirror
45. node outside the IP range of the LAN MAC Address MAC address of the switch When you connect the switch to the network for the first time after setting up the BootP or DHCP server it is configured with the information supplied above The switch is ready for in band connectivity over the network If you do not use BootP or DHCP access the switch through the EIA 232 port and configure the network information as described below Using the EIA 232 Port You can use a locally or remotely attached terminal to configure in band management through the EIA 232 port 1 To use a locally attached terminal attach one end of a null modem serial cable to the EIA 232 port of the switch and the other end to the COM port of the terminal or workstation For remote attachment attach one end of the serial cable to the EIA 232 port of the switch and the other end to the modem 2 Set up the terminal for VT100 terminal emulation a Set the terminal ON b Launch the VT100 application 3 Configure the COM port as follows a Set the data rate to 9600 baud b Set the data format to 8 data bits 1 stop bit and no parity c Set the flow control to none d Select the proper mode under Properties e Select Terminal keys The Log in User prompt displays when the terminal interface initializes 4 Enter an approved user name and password The default is admin for the user name and the password is blank The switch is installed and loaded with the default
46. remote host e A telnet connection is initiated each side of the connection is assumed to originate and terminate at a Network Virtual Terminal NVT e Server and user hosts do not maintain information about the characteristics of each other s terminals and terminal handling conventions e Must use a valid IP address CLI Examples The following are examples of the commands used in the Outbound Telnet feature 16 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 1 show network Netgear Switch Routing gt telnet 192 168 77 151 Trying 192 NOS ToL Lae Netgear Switch Routing User admin P P assword etgear Switch Routing gt en assword Netgear Switch Routing Sshow network TRY Addres Soes votete sere Sie ed hte o ete ated teats oth a 192 168 77 151 Subnet Maskor eo 6 che he 8 Sie tala oe e o Gael eaten 239 209 e290 40 DEFAULE Gateways eap selec Pa A er wears 192 168 77 127 Burned In MAC Address 00 00 10 18 82 04 E9 Locally Administered MAC Address 00 00 00 00 00 00 MAC AAGre S S T pa e eon tae te A eee alee Burned In Network Configuration Protocol Current DHCP Management VLAN SE Die erae e bene a eer Oe aheis R 1 WED Modereer seen ei Seer te se erento eae AA S Enable Jaya Mde wesana ea gae 958 Meal E E a4 a b See kene ee Disable Example 2 show telnet Netgear Switch Routing show te
47. resolve the IP address The example is shown as CLI commands and as a Web interface procedure CLI Commands To use the CLI to manually add a host name and an IP address enter the following CLI commands Netgear Switch Netgear Switch Netgear Switch Netgear Switch Send count 3 R config Config ip host www netgear com 206 82 202 46 Config ip domain lookup Config ping www netgear com ceive count 3 from 206 82 202 46 Web Interface Procedure To use the Web interface to manually add a host name and an IP address proceed as follows 1 From the main menu select System gt Management gt DNS gt Host Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Device View Services Stacking SNMP gt System Information gt Switch Statistics System Resource gt IP Configuration Slot Information gt Time DNS gt ONS Configuration gt Host Configuration Figure 23 2 DNS Host Configuration DNS Host Configuration Host Name 1 158 characters IP Address VS t hea s D o e o o o ouou ss C www netgear com 206 82 202 46 Dynamic Host Mapping DNS 23 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 2 Under DNS Host Configuration enter the following information e Inthe Host Name field enter www netgear com e Inthe IP Address field enter 206
48. routing 10 vlan routing 20 ip routing Config vlan port tagging all 10 vlan port tagging all 20 Config interface 1 0 2 Interface 1 0 2 vlan participation include 10 Interface 1 0 2 vlan pvid 10 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 vlan participation include 20 Interface 1 0 3 vlan pvid 20 Interface 1 0 3 exit Config interface vlan 10 Interface vlan 10 ip address 192 150 3 1 255 255 255 0 Interface vlan 10 exit Config interface vlan 20 Interface vlan 20 ip address 192 150 4 1 255 255 255 0 Interface vlan 20 exit Config router ospf Config router router id 192 150 9 9 Config router enable Config router exit Config interface vlan 10 Interface vlan 10 ip ospf areaid 0 0 0 2 Interface vlan 10 ip ospf Interface vlan 10 exit Config interface vlan 20 Interface vlan 20 ip ospf areaid 0 0 0 3 Interface vlan 20 ip ospf Interface vlan 20 exit IP Routing Services 7 11 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Set the OSPF priority and cost for the VLAN and physical router ports Netgear Switch Config interface vlan 10 Netgear Switch Interface vlan 10 ip ospf priority 128 Netgear Switc Interface vlan 10 ip ospf cost 32 Netgear Switc Interface vlan 10 exit Netgear Switc Config interface vlan
49. service policy in internet_access Switch Interface 1 0 4 exit Set the CoS queue configuration for the presumed egress inter face 1 0 5 such that each of queues 1 2 3 and 4 get a minimum guaranteed bandwidth of 25 All queues for this interface use weighted round robin scheduling by default The DiffServ inbound policy designates that these queues are to be used for the departmental traffic through the assign queue attribute It is presumed that the switch will for ward this traffic to interface 1 0 5 based on a normal destination address lookup for internet traffic Switch Config interface 1 0 5 Switch Interface 1 0 5 cos queue min bandwidth 0 25 25 25 25 00 0 Switch Interface 1 0 5 exit Switch Config exit DiffServ for VolP Configuration Example One of the most valuable uses of DiffServ is to support Voice over IP VoIP VoIP traffic is inherently time sensitive for a network to provide acceptable service a guaranteed transmission rate is vital This example shows one way to provide the necessary quality of service how to set up Differentiated Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 a class for UDP traffic have that traffic marked on the inbound side and then expedite the traffic on the outbound side The configuration script is for Router 1 in the accompanying diagram a similar script should be applied to Router 2
50. ten rules applied to inbound traffic Each rule specifies whether the contents of a given field should be used to permit or deny access to the network and may apply to one or more of the following fields within a packet Source IP address Destination IP address Source Layer 4 port Destination Layer 4 port ToS byte Protocol number Note that the order of the rules is important when a packet matches multiple rules the first rule takes precedence Also once you define an ACL for a given port all traffic not specifically permitted by the ACL will be denied access 9 2 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Process To configure ACLs follow these steps e Create an ACL by specifying a name MAC ACL or a number IP ACL e Add new rules to the ACL e Configure the match criteria for the rules e Apply the ACL to one or more interfaces IP ACL Examples Example 1 Set up an IP ACL with Two Rules The script in this section shows you how to set up an IP ACL with two rules one applicable to TCP traffic and one to UDP traffic The content of the two rules is the same TCP and UDP packets will only be accepted by the 7000 Series Managed Switch if the source and destination stations have IP addresses that fall within the defined sets Layer 3 Switch TCP packet to 192 178 77 3 accepted Dest IP in range TCP packet to 192 178 88 3 rejec
51. to be used by the SNMP manager at a given IP address You may choose to skip this step if SNMP management is not used for this switch e Allows you to specify the management server IP or permit SNMP access from all IP addresses e Configures the default gateway IP address Getting Started 2 9 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Software Installation This section contains procedures to help you become acquainted quickly with the switch software Before installing switch software you should verify that the switch operates with the most recent firmware Quick Starting the Networking Device 1 Configure the switch for In band or Out of Band connectivity In band connectivity allows access to the software locally or from a remote workstation You must configure the device with IP information IP address subnet mask and default gateway 2 Turn the Power ON Allow the device to load the software until the login prompt appears The device initial state is called the default mode 4 When the prompt asks for operator login do the following steps Type admin at the login prompt Since a number of the Quick Setup commands require administrator account rights log in to an administrator account Do not enter a password because the default mode does not use a password Check the CLI User EXEC prompt is displayed Enter enable to switch to the Privileged EXEC mode from User E
52. to change the IP address again simply type N Assigning Switch Name and Location Information Ezconfig will proceed to the next step in the setup Do you want to assign switch name and location information Y N Q System Name Alphal 1 System Location Bldl System Contact James There are changes detected do you wish to save the changes permanently Y N gt Note The System Name System Location and System Contact fields accept only alphanumeric characters characters like are not supported gt Note The maximum length of the value cannot be longer than 31 bytes Saving the Configuration After the name and location values are entered Ezconfig will ask if you would like to have the changes be saved into the Flash permanently storage Enter Y to save the configuration There are changes detected do you wish to save the changes permanently Y N y The configuration changes have been saved successfully Please enter show running config to see the final configuration Thanks for using EzConfig Using Ezconfig for Switch Setup 3 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 If during the session the switch loses its power the setup information will be lost if Ezconfig does not have the chance to save the changes before power down 3 4 Using Ezconfig for Switch Setup v1 0 May 2008 Ch
53. untagged traffic you can specify default 802 1p priority on a per port basis Untrusted Ports e No incoming packet priority designation is trusted therefore the port default priority value is used e All ingress packets from Untrusted ports where the packet is classified by an ACL or a DiffServ policy are directed to specific CoS queues on the appropriate egress port That specific CoS queue is determined by either the default priority of the port or a DiffServ or ACL assign queue attribute e Used when trusted port mapping is unable to be honored i e when a non IP DSCP packet arrives at a port configured to trust IP DSCP CoS Queue Configuration CoS queue configuration involves port egress queue configuration and drop precedence configuration per queue The design of these on a per queue per drop precedence basis allows the user to create the desired service characteristics for different types of traffic Port Egress Queue Configuration e Scheduler Type Strict vs Weighted e Minimum guaranteed bandwidth e Maximum allowed bandwidth Per queue shaping e Queue management type 10 2 Class of Service CoS Queuing v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Tail drop vs WRED Drop Precedence Configuration per Queue e WRED parameters Minimum threshold Maximum threshold Drop probability Scale factor e Tail Drop parameters Threshol
54. 0 3 1 255 255 255 0 Interface 1 0 3 exit Config exit PY PND YP PVP YP YP YP Example 3 Enable RIP for the Switch The next sequence enables RIP for the switch the route preference defaults to 15 Switch Switch config Config router rip Config router enable Config router exit Config exit Switch Switch Switch 7 14 IP Routing Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 4 Enable RIP for ports 1 0 2 and 1 0 3 This command sequence enables RIP for ports 1 0 2 and 1 0 3 Authentication defaults to none and no default route entry is created The commands specify that both ports receive both RIPv1 and RIPv2 frames but send only RIPv2 formatted frames config Config interface 1 0 2 Interface 1 0 2 ip rip Interface 1 0 2 ip rip receive version both Interface 1 0 2 ip rip send version rip2 Interface 1 0 2 exit Config interface 1 0 3 etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc Interface 1 0 3 ip rip Interface 1 0 3 ip rip receive version both Interface 1 0 3 ip rip send version rip2 Interface 1 0 3 Config exit exit ee oO D ee ee OSPF For larger networks Open Shortest Path First OSPF is generally us
55. 0 8 Incompatible Software and Stack Member Image Upgrades cccessceeesseeeeteeees 20 8 Switch Stack Configuration Flea cca se scecevaseaiagatd ratdaneoivatenieaseteswieasedvaiiudddnemaulogsberuiedes 20 8 Switeh Stack Management Connectivity i scrdetssastveisssiivessiaiiadueneneediediinee 20 9 Connectivity to the Switch Stack Through Console Ports n se 20 9 Connectivity to the Switch Stack Through Telnet ecseeseseeeeeereceeseneeeteeeeeneees 20 9 SWIM Stack Configuration SeenarioS sis nsscctiss vensrtererisamndenrenadinaadiviet A a 20 9 Stacking Recommend aNonS seinssirsinisien ea S 20 11 General Pracht ES oree a a o aia 20 11 Initial installation and Power up of a Stack is sscssrerriiiiiineiinnninaniuninieenieonisianian 20 12 Removing a Unit fom Me Stack eniras aa 20 12 Addinga Unit to an Operating SACK sismis eisin A senees 20 13 Replacing a Stack Member with a New Unit assassssessississirerenersrereinurirerenernrnnennena 20 13 PIS ISR Stack WS EIS scirarconhiia anaki a aE Ea 20 14 Moving a Master to a Different Unit in the Stack eesessessesessressrsrnerererensressrnrnere 20 14 Removing a Master Unit from an Operating Stack cscceeseeeeeeeeeesteeeeeneeeee 20 14 Merging Two Operational SIRES can tehcccsmnrpascetcdueseasuidaanatccetesidedonianegiacednieigcscenas 20 15 PP Ae UN O ON Saas can chet cs wd eds dade serge NEAS 20 15 Basr sliekai e eeenee err A A A rerrere ere tree peor rere 20 15 Migration of C
56. 00 in increments of 5 Netgear Switch Config traffic shape 70 lt cr gt Press Enter to execute the command Netgear Switch Config traffic shape 70 Netgear Switch Config Class of Service CoS Queuing 10 7 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 10 8 Class of Service CoS Queuing v1 0 May 2008 Chapter 11 Differentiated Services Differentiated Services DiffServ is one technique for implementing Quality of Service QoS policies Using DiffServ in your network allows you to directly configure the relevant parameters on the switches and routers rather than using a resource reservation protocol This section explains how to configure the 7000 Series Managed Switch to identify which traffic class a packet belongs to and how it should be handled to provide the desired quality of service As implemented on the 7000 Series Managed Switch DiffServ allows you to control what traffic is accepted and what traffic is discarded How you configure DiffServ support on a 7000 Series Managed Switch varies depending on the role of the switch in your network e Edge device An edge device handles ingress traffic flowing towards the core of the network and egress traffic flowing away from the core An edge device segregates inbound traffic into a small set of traffic classes and is responsible for determining a packet s classification Classification is pr
57. 1 0 24 exit etgear Switch Config interface vlan 24 etgear Switch Interface vlan 24 routing etgear Switch Interface vlan 24 ip address 192 168 24 1 255 255 255 0 etgear Switch Interface vlan 24 exit etgear Switch Config exit 9 24 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Create VLAN 48 add port 1 0 48 to it and assign IP address 192 168 48 1 to it etgear Switch vlan database etgear Switch Vlan vlan 48 etgear Switch Vlan vlan routing 48 etgear Switch Vlan exit etgear Switch config etgear Switch Config interface 1 0 48 etgear Switch Interface 1 0 48 vlan participation include 48 etgear Switch Interface 1 0 48 vlan pvid 48 etgear Switch Interface 1 0 48 exit etgear Switch Config vlan interface vlan 48 etgear Switch Interface vlan 48 routing etgear Switch Interface vlan 48 ip address 192 168 48 1 255 255 255 0 etgear Switch Interface vlan 48 exit etgear Switch Config exit reate VLAN 38 add port 1 0 38 to it and assign IP address 10 100 5 34 to it vlan database Vlan vlan 38 Vlan vlan routing Vlan exit config Config interface 1 0 38 Interface 1 0 38 vlan participation include 38 Interface 1 0 38 vlan pvid 38 Interface 1 0 38 exit e etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc e
58. 1 34 192 150 3 1 Porn 1 03 VLAN j Router Port 1 3 72 192 150 4 1 PORT 10 Layer 2 Switch 3 azi 7 aU SS E VLAN 10 i VLAN 20 Figure 5 1 CLI Examples The following examples show how to create VLANs assign ports to the VLANs and assign a VLAN as the default VLAN to a port Example 1 Create Two VLANs Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank vlan database Vlan vlan 2 Vlan vlan 3 Vlan exit Netgear Switch Netgear Switch Netgear Switch Netgear Switch 5 2 Virtual LANs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 2 Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2 specify that frames will always be transmitted tagged from all member ports and that untagged frames will be rejected on receipt etgear etgear etgear etgear etgear etgear etgear etgear Switc Switc Switc Switc Switc Switc Switc Switc D D YP VD YP YP YP DP config Config interface range 1 0 1 1 0 2 conf if range 1 0 1 1 0 2 vlan participation include 2 conf if range 1 0 1 1 0 2 vlan acceptframe vlanonly conf if range 1 0 1 1 0 2 vlan pvid 2 conf if range 1 0 1 1 0 2 exit Config vlan port tagging all 2 Config Example 3 Assign Ports to VLAN3 This example sh
59. 10 Admin Dynamic Static Violation INGE Mode Limit Limit Trap Mode 1 0 10 Disabled 600 20 Disabled Example 3 Config port security Netgear Switch Config port security lt cr gt Press Enter to execute the command Netgear Switch Config port security Port Security 13 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 13 4 Port Security v1 0 May 2008 Chapter 14 Traceroute This section describes the Traceroute feature Use Traceroute to discover the routes that packets take when traveling on a hop by hop basis to their destination through the network Maps network routes by sending packets with small Time to Live TTL values and watches the ICMP time out announcements Command displays all L3 devices Can be used to detect issues on the network Tracks up to 20 hops Default UPD port used 33343 unless modified in the traceroute command gt Note You can execute Traceroute with CLI commands only there is no Web interface for this feature 14 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 CLI Example The following shows an example of using the traceroute command to determine how many hops there are to the destination The command output shows each IP address the packet passes through and how long it takes to get there In this example the packet takes 16 hops to reach its desti
60. 2 or Layer3 MAC ACLs are used for Layer 2 IP ACLs are used for Layers 3 Each ACL contains a set of rules that apply to inbound traffic Each rule specifies whether the contents of a given field should be used to permit or deny access to the network and may apply to one or more of the fields within a packet Limitations The following limitations apply to ACLs These limitations are platform dependent e Maximum of 100 ACLs e Maximum rules per ACL is 8 10 e Stacking systems do not support redirection The system does not support MAC ACLs and IP ACLs on the same interface The system supports ACLs set up for inbound traffic only MAC ACLs MAC ACLs are Layer 2 ACLs You can configure the rules to inspect the following fields of a packet limited by platform e Source MAC address with mask 9 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e Destination MAC address with mask e VLAN ID or range of IDs e Class of Service CoS 802 1p e Ethertype e L2 ACLs can apply to one or more interfaces e Multiple access lists can be applied to a single interface sequence number determines the order of execution e You cannot configure a MAC ACL and an IP ACL on the same interface e You can assign packets to queues using the assign queue option e You can redirect packets using the redirect option Configuring IP ACLs IP ACLs classify for Layer 3 Each ACL is a set of up to
61. 20 Netgear Switc Interface vlan 20 ip ospf priority 255 Netgear Switc Interface vlan 20 ip ospf cost 64 Netgear Switc Interface vlan 20 exit Netgear Switc Config exit DE Ja e YD YP YD Routing Information Protocol Routing Information Protocol RIP is one of the protocols which may be used by routers to exchange network topology information It is characterized as an interior gateway protocol and is typically used in small to medium sized networks RIP Configuration A router running RIP will send the contents of its routing table to each of its adjacent routers every 30 seconds When a route is removed from the routing table it will be flagged as unusable by the receiving routers after 180 seconds and removed from their tables after an additional 120 seconds There are two versions of RIP e RIPv1 defined in RFC 1058 Routes are specified by IP destination network and hop count The routing table is broadcast to all stations on the attached network e RIPv2 defined in RFC 1723 Route specification is extended to include subnet mask and gateway The routing table is sent to a multicast address reducing network traffic An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP You may configure a given port e To receive packets in either or both formats e To transmit packets formatted for
62. 2008 Chapter 6 Link Aggregation This section includes instructions on configuring Link Aggregation using the Command Line Interface and the Graphical User Interface Link Aggregation LAG allows the switch to treat multiple physical links between two end points as a single logical link All of the physical links in a given LAG must operate in full duplex mode at the same speed Link Aggregation can be used to directly connect two switches when the traffic between them requires high bandwidth and reliability or to provide a higher bandwidth connection to a public network LAG offers the following benefits e Increased reliability and availability if one of the physical links in the LAG goes down traffic is dynamically and transparently reassigned to one of the other physical links e Better use of physical resources traffic can be load balanced across the physical links e Increased bandwidth the aggregated physical links deliver higher bandwidth than each individual link e Incremental increase in bandwidth A physical upgrade could produce a 10 times increase in bandwidth LAG produces a two or five times increase useful if only a small increase is needed Management functions treat a LAG as if it were a single physical port You can include a LAG in a VLAN You can configure more than one LAG for a given switch CLI Example This section provides an example of configuring the software to support Link Aggregation L
63. 3285 AR FSM73285 Figure 20 1 Interconnect gt ports 51 and 52 d as shown port 51 BEEBE BERR RRR LLLCLLCLLCLLCLLLCLLLCETLLLLLLLLCLCLCLCECECECLALA V 23 BEEBE RR RR EERE BERR eee NETCQAR OFSN73525 See Figure 20 2 20 4 Managing Switch Stacks v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Stack Master Election and Re Election The stack master is elected or re elected based on one of these factors and in the order listed 1 The switch that is currently the stack master 2 The switch with the highest stack member priority value Note Netgear recommends assigning the highest priority value to the switch that you prefer to be the stack master This ensures that the switch is re elected as stack master if a re election occurs 3 The switch with the higher MAC address A stack master retains its role unless one of these events occurs e The stack master is removed from the switch stack e The stack master is reset or powered off e The stack master has failed e The switch stack membership is increased by adding powered on standalone switches or switch stacks In the case of a master re election the new stack master becomes available after a few seconds In the meantime the switch stack uses the forwarding tables in memory to minimize network disruption The physical interfaces on the other available stack members are not affected while a new stack master is ele
64. 8 11 59 33 2005 Last Update Status Other Total Unicast Requests TIIT Failed Unicast Requests 361 Example 4 Configure SNTP Netgear switches do not have a built in real time clock However it is possible to use SNTP to get the time from a public SNTP NTP server over the Internet You may need permission from those public time servers The following steps configure SNTP on the switch 18 2 Simple Network Time Protocol SNTP v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 1 Configure the SNTP server IP address The IP address can be either from the public NTP server or your own You can search the Internet to locate the public server The servers available could be listed in domain name format instead of address format In that case use the ping command on the PC to find the server s IP address The following example configures the SNTP server IP address to 208 14 208 19 Netgear Switch Config sntp server 208 14 208 19 2 After configuring the IP address enable SNTP client mode The client mode may be either broadcast mode or unicast mode If the NTP server is not your own you must use unicast mode Netgear Switch Config sntp client mode unicast 3 Once enabled the client will wait for the polling interval to send the query to the server The default value is approximately one minute After this period issue the show command to confi
65. 82 202 46 3 Click Add The host name and IP address now show in the DNS Host Configuration table 23 4 DNS v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Chapter 24 DHCP Server This section describes the DHCP server configuration When a client sends a request to a DHCP server the DHCP server assigns the IP address from address pools that are specified on the switch The network in the DHCP pool must belong to the same subnet Overview DHCP Server e Allows the switch to dynamically assign an IP address to a DHCP client that is attached to the switch e Enables the IP address to be assigned based on the client s MAC address Examples The following are examples of how the DHCP Server feature is used Example 1 Configure DHCP Server in Dynamic Mode The following example shows how to create a DHCP server with a dynamic pool The example is shown as CLI commands and as a Web interface procedure CLI Commands To use the CLI to create a DHCP server with a dynamic pool enter the following CLI commands Netgear Switch config Netgear Switch Netgear Switch Netgear Switch Config service dhcp Config ip dhcp pool pool_dynamic Config network 192 168 100 0 255 255 255 0 DHCP Server 24 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Web Interface Procedure To use the Web interfac
66. 9 b Inthe IP ACL ID field of the IP ACL Table enter 101 c Click Add 8 Create an ACL with ID 102 a From the main menu select Security gt ACL gt Advanced gt IP ACL A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Manogement Security Accoss Port Authentication Troffic Control Basic IP ACL e IP ACL IP ACL gt IP Rules Current Number of ACL gt IP Extended Rules gt IP Binding Configuration gt Binding Table IP ACL Table Maximum ACL IP ACLID Figure 9 10 b Inthe IP ACL ID field of the IP ACL Table enter 102 c Click Add Access Control Lists ACLs 9 13 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 9 Add and configure an IP extended rule that is associated with ACL 101 a From the main menu select Security gt ACL gt Advanced gt IP Extended Rules A screen similar to the following displays Help Index System Switching Routing QoS Security Monitoring Maintenance Monogement Security Access Port Authentication Trollie Control Basic IP Extended Rules Advanced gt IP ACL IP Extended Rules gt 1P Rules AcLIO moa a IP Extended Rules IP Binding Configuration Extended ACL Rule Table Source Source gt Binding Table Source Creer dare TCP Destination Destination Destination Ser Rule Assign Match Protocol g Action IP 10 Queue Every K
67. 967295 gt IP Binding re Port Selection Table Configuration gt Binding Table nae gt Porti 2 3 4 S5 6 7 9 21011 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Interface Binding Status ACL Type ACLID Sequence Number 1 0 24 Inbound IP ACL 102 1 Figure 9 37 b Under Binding Configuration make the following selection and enter the following information e Select 101 from the ACL ID pulldown menu e Inthe Sequence Number field enter 1 Click Unit 1 The ports display d Click on the gray box under port 48 A flag appears in the box e Click Apply to save the settings 9 36 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 13 Apply ACL 103 to port 24 and port 48 a From the main menu select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays System Switching Routing QoS Security Management Security Access Port Authentication Traffic Control Maintenance Help Monitoring gt MAC ACL IP Binding Configuration gt IP ACL Binding Configuration gt IP Rules ACLID 103 Direction inbound gt IP Extended Rules Sequence Number Da 1 to 4294967295 Port Selection Table Configuration gt Binding Tabie EAE Pot 2 3 4 5 6 7 8 9 1011 12 13 14 15 16 17 18 19 20 21
68. ACTV SGA Ge ieee Scien Tee Stee ea e oe ata ede Gi Ar 4 Beetles Inactive Link Speed Data Rail Sig eed aks ent ee a a ae ia a e ee su s i Inactive AC Address enedes AE EEEa tenes Ge ae ee Oo 08 00 17 05 05 02 Encapsulation TY Deis wisi ieee hoe E E E oe wi bee Ethernet ie a ae ar ae a oe ee aa E A EE 1500 Example 2 ip proxy arp Netgear Switch Interface 0 24 ip proxy arp lt cr gt Press Enter to execute the command Netgear Switch Interface 0 24 ip proxy arp 7 22 IP Routing Services v1 0 May 2008 Chapter 8 Virtual Router Redundancy Protocol When an end station is statically configured with the address of the router that will handle its routed traffic a single point of failure is introduced into the network If the router goes down the end station is unable to communicate Since static configuration is a convenient way to assign router addresses Virtual Router Redundancy Protocol VRRP was developed to provide a backup mechanism VRRP eliminates the single point of failure associated with static default routes by enabling a backup router to take over from a master router without affecting the end stations using the route The end stations will use a virtual IP address that will be recognized by the backup router if the master router fails Participating routers use an election protocol to determine which router is the master router at any given time A given port ma
69. AG to a server and to a Layer 3 switch 6 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Figure 6 1 shows the example network Layer 3 Switch meenshcecececes Layer 2 Switch S msaidia ma se DAT Subnet 2 Figure 6 1 Example 1 Create two LAGS Netgear Switch Netgear Switch Netgear Switch Netgear Switch config Config port channel lag_10 Config port channel lag_20 Config exit Use the show port channel all command to show the logical interface ids you will use to identify the LAGs in subsequent commands Assume that lag_10 is assigned id 1 1 1 and lag_20 is assigned id 1 1 2 Console Show port channel all Port Link Log Channel Adm Trap STP Mbr Port Port Intf Name Link Mode Mod Mod Typ Ports Speed Active 1 1 1 lag_10 Down En En Dis Dynamic 1 1 2 lag_20 Down En En Dis Dynamic 6 2 Link Aggregation v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 2 Add the ports to the LAGs etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc config Config interface 0 2 Interface 0 2 addport 1 1 Interface 0 2 exit Config interface 0 3 Interface 0 3 addport 1 1 Interface 0 3 exit C
70. Click the gray box under port 35 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 30 9 8 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 2 Create VLAN 100 with IP address 192 168 100 1 24 a From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP ARP Security Monitoring Maintenance Help VLAN Routing VLAN Routing Wizard Wizard VLAN Routing VLAN Routing Wizard BSC 100 e LAG Enabled 192 168 100 1 Network Mask 255 255 255 0 Port 2 3 4 5 6 7 8B 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 u 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 Figure 9 4 b Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 100 e Inthe IP Address field enter 192 168 100 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 13 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 100 Access Control Lists ACLs 9 9 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 3 Create VLAN 200 with IP address 192 168 200 1 24 a
71. Config diffserv Swi Swi Swi Swi Swit Swi Swit Swi Swi Swit Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Create a DiffServ class of type all for each of the departments and nam match criteria them Defin th for the new classes CC CC CC Create a DiffServ policy for inbound traffic named internet_access adding the previously created department Config class map ma Config cl Config c Config class map Config cl Config c Config class map lass map lass map Config c Config c Config class map lass map Config c lass map lass map Config cl ass map ass map ass map EC ma exit CC ma ma exit CC CC ma matc exit CC ma ma exit CC CC DiffServ operation is enabled for the switch IP address h all finance_dept h srcip 172 16 10 0 255 h all marketing_dept h lt Srei1p 172 166 2020 255 h all test_dept h srcip 172 16 30 0 255 Sourc 255 255 0 255 255 0 255 255 0 h all development_dept h srcip 172 16 40 0 255 299 295 0 classes as instances within this policy This policy uses the assign queue attribute to put each depart ment s traffic on a different Serv inbound policy connects to the CoS queue settings established below tch Config policy map
72. Config exit 7 18 IP Routing Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 2 Configuring OSPF on a Border Router Layer 3 Switch acting as an inter area Router Port 1 03 Port 1 02 192 150 3 1 192 150 2 1 Petete t te ee Pree Figure 7 6 IP Routing Services 7 19 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 The following example configures OSPF on a 7000 Series Managed Switch operating as a border router Enable routing for the switch Netgear Switch config Netgear Switch Config ip routing Enable routing amp assign IP for ports 1 0 2 1 0 3 and 1 0 4 Config interface 1 0 2 Interface 1 0 2 routing Interface 1 0 2 ip address 192 150 2 2 255 255 255 0 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 routing Interface 1 0 3 ip address 192 130 3 1 255 255 255 0 Interface 1 0 3 exit Config interface 1 0 4 Interface 1 0 4 routing Interface 1 0 4 ip address 192 64 4 1 255 255 255 0 Interface 1 0 4 exit tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc o0ooooodogodad aoa dad OEL A vp vPyPyyeyy yp Specify the router ID and enable OSPF for the switch Set disable 1583compati
73. ES VLAN Type State gt MAC Based VLAN c gt Port PVID Configuration Port 1 2 3 4 5 6 7 8 9 1011 12 13 14 15 16 17 18 19 20 21 22 23 24 gt Port OVLAN u 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 T Configuration gt Protocol Based VLAN Group Configuration gt Protocol Based VLAN Group Membership gt GARP Switch Configuration gt GARP Port Configuration 49 50 51 52 Figure 27 3 b Under VLAN Membership select 200 from the VLAN ID pulldown menu c Click Unit 1 The ports display e Click the gray box under port 24 twice until U displays The U specifies that the egress packet is untagged for the port e Click the gray box under port 48 once until T displays The T specifies that the egress packet is tagged for the port d Click Apply to save the settings 27 4 Double VLANs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 3 Change the Port VLAN ID PVID of port 24 to 200 a From the main menu select Switching gt VLAN gt Advanced gt Port PVID Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index STP Multicast Address Toble Ports LAG Basic Port VLAN Id Configuration Advanced gt VLAN PVID Configuration Configuration gt VLAN Membership gt VLAN Status P ID 1 to Acceptable Frame Ingress gt MAC Based VLAN Interface 4093 Types F
74. Enable IP Forwarding Mode ODisable Enable Maximum Next Hops 2 IP Configuration Figure 9 6 b Under IP Configuration make the following selections e Next to Routing Mode select the Enable radio button e Next to IP Forwarding Mode select the Enable radio button c Click Apply to enable IP Routing 5 Add a static route with IP address 192 268 40 0 24 a From the main menu select Routing gt Routing Table gt Basic gt Route Configuration A screen similar to the following displays Routing QoS Security Monitoring Maintenance Help Index iP VIAN ARP Route Configuration Configure Routes Advanced Route Type Network Address Subnet mask Next Hop IP Address Preference Bsecc lt M ssz 1c040 0 25s 255 255 0 Jf 1s2 1c0 z002 Learned Routes Next Hop IP Address Dynamic 192 168 100 0 255 255 255 0 Vian 100 192 168 100 1 Figure 9 7 Access Control Lists ACLs 9 11 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 C Under Configure Routes make the following selection and enter the following information e Select Static from the Route Type pulldown menu e Inthe Network Address field enter 192 168 40 0 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Next Hop IP Address field enter 192 168 200 2 Click Add 6 Create a static route with IP address 192 168 50 0 24 a From the main menu select Routing gt Routing Table gt Basic gt Route Confi
75. LAN port or a router port but not both However a VLAN port may be part of a VLAN that is itself a router port VLAN Routing Configuration This section provides an example of how to configure 7000 Series Managed Switch to support VLAN routing The configuration of the VLAN router port is similar to that of a physical port The main difference is that after the VLAN has been created you must use the show ip vlan command to determine the VLAN s interface ID so that you can use it in the router configuration commands CLI Examples The diagram in this section shows a Layer 3 switch configured for port routing It connects two VLANs with two ports participating in one VLAN and one port in the other The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the VLAN routing support shown in the diagram Layer 3 Switch Port 142 VLAN Por 1 03 VLAN Router Port 1 31 Router Port 1 32 192 150 3 1 192 150 41 o rs PORT 1 0 1 Layer2 Switch VLAN 10 Figure 7 2 IP Routing Services 7 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 1 Create Two VLANs The following code sequence shows an example of creating two VLANs with egress frame tagging enabled vlan data Vlan vlan 10 Vlan vlan 20 Vlan exit conf Config interface range 1 0 1 1 0 2 conf if range 1 0 1 1 0 2 vlan participation inc
76. LAN routing port routing and protocols such as RIP OSPF VRRP and other protocols Qos This tag contains quality of service features such as DiffServ and CoS queue assignment Security This tag contains security services such as 802 1x port authentication traffic control with various forwarding controls and ACLs Monitoring This tag contains Ethernet port statistics various system logs and port mirroring Maintenance This tag contains services to perform a firmware upgrade to save the configuration and to perform a backup of the configuration Help This tag provides access to the Netgear product support Web site and the online user guide 4 4 Using the Web Interface v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Index This tag contains the site index that allows direct access to any of the pages under the main tags and sub tags e Sub Tags The sub tag content changes depending on the selected main tag In turn each sub tag provides further sub categories of functions 2 Unified Web Control Buttons Depending on the selected main tag and sub tag in the lower right corner there are buttons that enable you to perform various page dependent operations e Add Add a new class group ACL or VLAN Apply Apply all changes that you made to a page e Cancel Cancel all changes that you made to a page e Delete Delete an existing list or group that was crea
77. Managed Switch Administration Guide Version 7 2 Port 1 0 48 Port 1 0 48 WeeyervENe Layer 2 Switch Layer 2 Switch 5 Part 1 0 24 Port 1 0 24 Nt Customer Domain Customer Domain Figure 27 1 The example is shown as CLI commands and as a Web interface procedure CLI Commands To use the CLI to enable a double VLAN ona VLAN enter the following CLI commands Create a VLAN 200 Netgear Switch vlan database Netgear Switch Vlan vlan 200 Netgear Switch Vlan exit Add interface 1 0 24 to VLAN 200 add pvid 200 to the port Netgear Switc config Netgear Switc Config interface 1 0 24 Netgear Switc Interface 1 0 24 vlan pvid 200 Netgear Switc Interface 1 0 24 vlan participation include 200 Netgear Switc Interface 1 0 24 exit Py PSD vp Add interface 1 0 48 to the VLAN 200 in a tagging mode Netgear Switch Config interface 1 0 48 Netgear Switch Interface 1 0 48 vlan participation include 200 Netgear Switch Interface 1 0 48 vlan tagging 200 Netgear Switch Interface 1 0 48 exit 27 2 Double VLANs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Select interface 1 0 48 as the provider port Config Config interface 1 0 48 Interface 1 0 48 mode dvlan tunnel Interface 1 0 48 exit Netgear Switch Netgear Switch Netgear Switch
78. P Server Statistics Pool Name DHCP Bindings Type of Binding Dynamic Information Network Number 192 168 100 0 gt DHCP Conflicts Network Mask 255 255 255 0 Information Network Prefix Length 0 32 DHCP Relay Client Name UDP Relay Hardware Address Hardware Address Type ethernet Client ID Host Number Host Mask Host Prefix Length 0 32 Lease Time Specified Duration v Days 1 0 to 59 Hours 0 0 to 1439 0 to 86399 Figure 24 2 5 Under DHCP Pool Configuration enter the following information e Select Create from the Pool Name pulldown menu e Inthe Pool Name field enter pool_dynamic e Select Dynamic from the Type of Binding pulldown menu e Inthe Network Number field enter 192 168 100 0 e In the Network Mask field enter 255 255 255 0 As an alternate you can enter 24 in the Network Prefix Length field e Inthe Days field enter 1 6 Click Add The pool_dynamic name is now added to the Pool Name pulldown menu DHCP Server 24 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 2 Configure a DHCP Server in Manual Mode The following example shows how to create a DHCP server with a manual pool The example is shown as CLI commands and as a Web interface procedure CLI Commands To use the CLI to create a DHCP server with a with a manual pool enter the following CLI commands Netgear Switch config Netgear Switch Netgear Swi
79. Port 1 0 24 192 164 100 2 192 168 40 2 FIPS q Port O44 Port 1 0 48 Layer 3 Switch Layer 2 Switci Port 0 35 Port 1 0 25 Figure 9 2 9 4 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 The example is shown as CLI commands and as a Web interface procedure CLI Commands To use the CLI to configure the GSM7248R enter the following CLI commands etgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear Q oo ooododddodod ooo ao od 000000000000000 tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi ate VLAN Swi Swit Swi Swi Swit Swi Swi Swi Swit Swi Swi Swit Swit Swi Create VLAN 30 CC CC CC CC CC CC CC CC CC CC CC CC CC CC e N E E E E E YP VV PvP PyPy ps a O e E O E e e a e VV YP PVP VSS Step 1 Configure the GSM7248R see Figure 9 2 with port 0 3 and assign IP address 192 168 30 1 24 vlan database Vlan vlan 30 Vlan vlan routing 30 Vlan exit config Config interface 0 35 Interface 0 35 vlan pvid 30 Interface 0 35 vlan participation include Interface 0 35 exit Config interface vlan 30 Interface vlan 30 routing Interface vlan 30 ip address 192 168 30 1 Interface vlan 30 ex
80. Pt f A B C D E F G H I Priority Timestamp Stack ID Component Name Thread ID File Name Aai a Aae Line Number CLI Examples The following are examples of the commands used in the Syslog feature 19 2 Syslog v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 1 show logging Netgear Switch Routing show logging Logging Client Local Port 514 CLI Command Logging disabled Console Logging disabled Console Logging Severity Filter alert Buffered Logging enabled Syslog Logging enabled Log Messages Received 66 Log Messages Dropped 0 Log Messages Relayed 0 Log Messages Ignored 0 Example 2 show logging buffered Netgear Switch Routing show logging buffered lt cr gt Press Enter to execute the command Netgear Switch Routing show logging buffered Buffered In Memory Logging enabled Buffered Logging Wrapping Behavior On Buffered Log Count 2 66 lt 1 gt JAN 01 00 00 02 0 0 0 0 0 UNKN 268434944 usmdb_sim c 1205 1 Error 0 0x0 lt 2 gt JAN 01 00 00 09 0 0 0 0 1 UNKN 268434944 bootos c 487 2 Event Oxaaaaaaaa lt 6 gt JAN 01 00 00 09 0 0 0 0 1 UNKN 268434944 bootos c 531 3 Starting code lt 6 gt JAN 01 00 00 16 0 0 0 0 3 UNKN 251627904 cda_cnfgr c 383 4 CDA Creating new STK file lt 6 gt JAN 01 00 00 39 0 0 0 0 3 UNKN 233025712 edb c 360 5 EDB Callback Unit Joi
81. Series Managed Switch first as an inter area router and then as a border router They show two areas each with its own border router connected to one inter area router The first diagram shows a network segment with an inter area router connecting areas 0 0 0 2 and 0 0 0 3 The example script shows the commands used to configure a 7000 Series Managed Switch as the inter area router in the diagram by enabling OSPF on port 1 0 2 in area 0 0 0 2 and port 1 0 3 in area 0 0 0 3 7 16 IP Routing Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 1 Configuring an Inter Area Router Layer 3 Switch acting as an inter area Router Border Pe he he Oe Oe we Router p t te Peet Figure 7 5 Enable Routing for the Switch The following command sequence enables ip routing for the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit Assign IP Addresses for Ports The following sequence enables routing and assigns IP addresses for ports 1 0 2 and 1 0 3 etgear Switch config etgear Switch Config interface 1 0 2 etgear Switch Interface 1 0 2 routing etgear Switch Interface 1 0 2 ip address 192 150 2 1 255 255 255 0 etgear Switch Interface 1 0 2 exit etgear Switch Config interface 1 0 3 etgear Switch Interface 1 0 3 routing etgear Switch Interface 1 0 3 ip addr
82. Vlan exit tgear Switc config tgear Switc Config interface 1 0 1 tgear Switc Interface 1 0 1 vlan participation include 100 tgear Switc Interface 1 0 1 vlan pvid 100 tgear Switc Interface 1 0 1 exit tgear Switc Config interface vlan 100 tgear Switc Interface vlan 100 routing tgear Switc Interface vlan 100 ip address 192 168 100 1 255 255 255 0 tgear Switc Interface vlan 100 exit ooo oeododgodaaoa oa PP YD PY VPP YP YP YD DP Enable ip routing on the switch etgear Switch Config ip routing Add a new user named adam etgear Switch Config users name adam 26 2 802 1x Port Security v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Add a new listname named doti1xList Netgear Switch Config authentication login dot1xList Enable 802 1x on the switch Netgear Switch Config dotlx system auth control Permit the user adam to login Netgear Switch Config dotlx login adam dot1xList Permit 4 users to login simultaneously Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 dot1x max user 4 Enable the MAC based method This method permits multi user login through one port Netgear Switch Interface 1 0 1 dot1lx port method macbased Netgear Switch Interface 1 0 1 exit Web Interface Procedure To use the Web Interface to enable 802 1x authenticatio
83. XEC Enter configure to switch to the Global Config mode from Privileged EXEC Enter exit to return to the previous mode Enter to show a list of commands that are available in the current mode System Information and System Setup This section describes the commands you use to view system information and to setup the network device Table 2 1 contains the Quick Start commands that allow you to view or configure the following information e Software versions e Physical port data e User account management e IP address configuration 2 10 Getting Started v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e Uploading from Networking Device to Out of Band PC Only XMODEM e Downloading from Out of Band PC to Networking Device Only XMODEM e Downloading from TFTP Server e Restoring factory defaults If you configure any network parameters you should execute the following command copy system running config nvram startup config This command saves the changes to the configuration file You must be in the correct mode to execute the command If you do not save the configuration all changes are lost when a you power down or reset the networking device In a stacking environment the running configuration is saved in all units of the stack Table 2 1 describes the command syntax the mode you must be in to execute the command and the purpose and output of the command Table 2 1 Qu
84. a protected port in order to isolate ports proceed as follows 1 Create a DHCP pool gt Note This example assumes that the DHCP service is enabled For information about how to enable the DHCP service see the Web interface procedure in Example 1 Configure DHCP Server in Dynamic Mode in Chapter 24 Protected Ports 25 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 a From the main menu select System gt Services gt DHCP Server gt DHCP Server Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Management Device View Stacking SNMP DHCP Server DHCP Pool Configuration DHCP Server Configuration DHCP Pool Configuration DHCP Pool Configuration x Pool N ol v DHCP Pool Options spb ee gt DHCP Server Statistics Pool Name DHCP Bindings Type of Binding Dynamic v Information Network Number 192 168 1 0 DHCP Conflicts Network Mask 255 255 255 0 Information Network Prefix Length 0 32 gt DHCP Relay east en ame gt UDP Relay Hardware Address Hardware Address Type ethernet Client ID Host Number Host Mask Host Prefix Length 0 32 Lease Time Specified Duration Y Days 1 0 to 59 Hours 0 0 to 1439 0 0 to 86399 192 168 1 254 Minutes 12 7 210 170 Figure 25 2 b Under DHCP Pool Configuration enter
85. acking ports Table 20 2 Switch stack configuration scenarios Scenario Result Stack master election specifically determined by Only one of the two stack masters becomes the new existing stack masters stack master None of the other stack members Note This is not recommended become the stack master Connect two powered on switch stacks through the stacking ports Stack master election specifically determined by the The stack member with the higher priority value is stack member priority value elected stack master Connect two switches through their stacking ports Use the switch stack member number priority new priority number global configuration command to set one stack member to a higher member priority value Restart both stack members at the same time Managing Switch Stacks 20 9 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Table 20 2 Switch stack configuration scenarios continued Scenario Result Stack master election specifically determined by the MAC address Assuming that both stack members have the same priority value and software image restart both stack members at the same time The stack member with the higher MAC address is elected stack master Add a stack member Power off the new switch Through their stacking ports connect the new switch to a powered on switch stack Power on the new switch Stac
86. ain the greatest benefit from this guide you should have an understanding of the switch software base and should have read the specification for your networking device platform You should also have a basic knowledge of Ethernet and networking concepts 1 2 Introduction v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 CLI Documentation The Command Line Reference provides information about the CLI commands used to configure the switch and the stack The document provides CLI descriptions syntax and default values Refer to the Command Line Reference for information for the command structure Related Documentation Before proceeding read the Release Notes for this switch product The Release Notes detail the platform specific functionality of the Switching Routing SNMP Config Management and other packages In addition see the following publications e Netgear Quick Installation Guide 7000 Series Managed Switch e Netgear CLI Reference for the Prosafe 7X00 Series Managed Switch There are three documents in this series choose the appropriate one for your product e Netgear Hardware Installation Guide for your switch These documents may be found at http Awww NETGEAR com Introduction 1 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 1 4 Introduction v1 0 May 2008 Chapter 2 Getting Started Connect a terminal to the swi
87. ame gt For example If the user is using HyperTerminal the user must specify where the file is going to be received by the PC 2 12 Getting Started v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Table 2 1 Quick Start Commands nvram startup config Command Mode Description copy nvram error Privileged Starts the error log upload displays the mode and type of log lt tftp EXEC upload and confirms the upload is progressing lt ipaddress gt ae i eb iteparhs eriios The URL must be specified as name gt gt xmodem lt filepath gt lt filename gt copy nvram tra Privileged Starts the trap log upload displays the mode and type of upload plog lt tftp EXEC and confirms the upload is progressing lt ipaddress gt Fe i er leparho 2tile The URL must be specified as name gt gt xmodem lt filepath gt lt filename gt copy lt tftp Privileged Sets the destination download datatype to be an image sys lt ipaddress gt EXEC tem image or a configuration file nvram startup config fil th file ees The URL must be specified as name gt gt nvram startup xmodem lt filepath gt lt filename gt config F or example If the user is using Hyper Terminal the user must specify which file is to be sent to the networking device The Networking Device restarts automatically once the code has been downloaded copy lt tftp Privileged Se
88. apter 4 Using the Web Interface This chapter is a brief introduction to the web interface for example it explains how to access the Web based management panels to configure and manage the system Tip Use the Web interface for configuration instead of the CLI interface Web configuration is quicker and easier than entering the multiple required CLI commands There are equivalent functions in the Web interface and the terminal interface that is both applications usually employ the same menus to accomplish a task For example when you log in there is a Main Menu with the same functions available You can manage your switch through a Web browser and Internet connection This is referred to as Web based management To use Web based management the system must be set up for in band connectivity To access the switch the Web browser must support e HTML version 4 0 or later e HTTP version 1 1 or later e JavaScript version 1 2 or later There are several differences between the Web and terminal interfaces For example on the Web interface the entire forwarding database can be displayed while the terminal interface only displays 10 entries starting at specified addresses To terminate the Web login session close the web browser Configuring for Web Access To enable Web access to the switch 1 Configure the switch for in band connectivity The switch Getting Started Guide provides instructions
89. ar Switc Config exit VLAN Routing You can configure 7000 Series Managed Switch with some ports supporting VLANs and some supporting routing You can also configure it to allow traffic on a VLAN to be treated as if the VLAN were a router port When a port is enabled for bridging the default rather than routing all normal bridge processing is performed for an inbound packet which is then associated with a VLAN Its MAC Destination Address DA and VLAN ID are used to search the MAC address table If routing is enabled for the VLAN and the MAC DA of an inbound unicast packet is that of the internal bridge router interface the packet will be routed An inbound multicast packet will be forwarded to all ports in the VLAN plus the internal bridge router interface if it was received on a routed VLAN Since a port can be configured to belong to more than one VLAN VLAN routing might be enabled for all of the VLANs on the port or for a subset VLAN Routing can be used to allow more than one physical port to reside on the same subnet It could also be used when a VLAN spans multiple physical networks or when additional segmentation or security is required 7 4 IP Routing Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 The next section will show you how to configure the 7000 Series Managed Switch to support VLAN routing and how to use RIP and OSPF A port may be either a V
90. be subject to certain restrictions Please refer to the notes in the operating instructions The Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations Bestatigung des Herstellers Importeurs Es wird hiermit best tigt da das7000 Series Managed Switch gem der im BMPT AmtsblVfg 243 1991 und Vfg 46 1992 aufgef hrten Bestimmungen entstort ist Das vorschriftsmaBige Betreiben einiger Ger te z B Testsender kann jedoch gewissen Beschr nkungen unterliegen Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung Das Bundesamt fiir Zulassungen in der Telekommunikation wurde davon unterrichtet da dieses Ger t auf den Markt gebracht wurde und es ist berechtigt die Serie auf die Erf llung der Vorschriften hin zu berpr fen Voluntary Control Council for Interference VCCI Statement This equipment is in the Class A category information equipment to be used in a residential area or an adjacent area thereto and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas When used near a radio or TV receiver it may become the cause of radio interference Read instructions for correct handling FCC Information to User Declaration Of Conformity
91. bility to prevent a routing loop Netgear Switch Netgear Switch Netgear Switch Netgear Switch Config router ospf Config router enable Config router router id 192 130 1 1 Config router no 1583compatibility Netgear Switch Config router exit Netgear Switch Config exit 7 20 IP Routing Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Enable OSPF for the ports and set the OSPF priority and cost for the ports etgear Switc Netgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc config Config interface 1 0 2 Interface 1 0 2 ip ospf Interface 1 0 2 ip ospf areaid 0 0 0 2 Interface 1 0 2 ip ospf priority 128 Interface 1 0 2 ip ospf cost 32 Interface 1 0 2 exit D D PVD YD YP DP Config interface 1 0 3 Interface 1 0 3 ip ospf Interface 1 0 3 ip ospf areaid 0 0 0 2 Interface 1 0 3 ip ospf priority 255 etgear Switc etgear Switc etgear Switc etgear Switc Netgear Switc etgear Switc Interface 1 0 3 ip ospf cost 64 Interface 1 0 3 exit P D YP PY Config interface 1 0 4 Interface 1 0 4 ip ospf Interface 1 0 4 ip ospf areaid 0 0 0 2 etgear Switc Interface 1 0 4 ip ospf priority 255 etgear Switc etgear Switc etgear Switc etgear Switc Netgear Switc etgear Switc Interface 1 0 4 ip
92. ce mapping Netgear Switch show classofservic IP Precedence Traffic Class 0 1 1 0 2 0 3 1 4 2 5 2 6 3 F 3 ip precedence mapping Example 4 Config Cos queue Min bandwidth and Strict Priority Scheduler Mode Netgear Switch lt bw 0 gt Netgear Switc Incorrect inpu Netgear Switc Netgear Switc lt queue id gt h Netgear Switch lt cr gt lt queue id gt Netgear Switch Config cos queue Config cos queue Use cos queue min Config cos queue Config cos queue Config Config Enter a Que cos queue Enter the minimum bandwidth percentage for Queue 0 min bandwidth min bandwidth 15 bandwidth lt bw 0 gt lt bw 7 gt min bandwidth 15 25 10 5 5 20 10 10 strict ue Id from 0 to 7 strict Lh Press Enter Enter an ad cos queue to execute the command ditional Queue Id from 0 to 7 Strict Class of Service CoS Queuing 10 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 5 Set CoS Trust Mode of an Interface Netgear Switch Config classofservice trust dotip Sets the Class of Service Trust Mode of an Interface to 802 1p ip dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP Netgear Switch Config classofservice trust dotlp lt cr gt Press Enter to execute the command Netgea
93. ck cabling 20 4 configuration files 20 8 configuration scenarios 20 9 management connectivity 20 9 master re election 20 5 member numbers 20 5 member priority values 20 6 membership 20 3 offline configuration 20 6 software compatibility 20 8 stacking recommendations 20 11 syslog 19 1 T traceroute 14 1 traffic shaping 10 6 U untrusted ports 70 2 V video streaming 22 1 VLAN 5 1 VRRP 8 W web interface index page 4 5 main tags 4 4 saving the configuration 4 5 sub tags 4 5 web control buttons 4 5 WRED 10 1 Index 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Index 4 v1 0 May 2008
94. come full packets are dropped Packet drop precedence indicates the packet s sensitivity to being dropped during times of queue congestion CoS mapping queue parameters and queue management are configurable per interface Queue management is configurable per interface Some hardware implementations allow queue depth management using tail dropping or Weighted random early discard WRED Some hardware implementations allow queue depth management using tail dropping The operation of CoS Queuing involves queue mapping and queue configuration CoS Queue Mapping CoS Queue Mapping uses trusted and untrusted ports Trusted Ports e System takes at face value certain priority designation for arriving packets e Trust applies only to packets that have that trust information e Can only have one trust field at a time per port 802 1p User Priority default trust mode Managed through Switching configuration 10 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 IP Precedence IP DiffServ Code Point DSCP The system can assign service level based upon the 802 1p priority field of the L2 header You configure this by mapping the 802 1p priorities to one of three traffic class queues These queues are e Queue 2 Minimum of 50 of available bandwidth e Queue Minimum of 33 of available bandwidth e Queue 0 Lowest priority minimum of 17 of available bandwidth For
95. cted If a new stack master is elected and the previous stack master becomes available the previous stack master does not resume its role as stack master Stack Member Numbers A stack member number 1 to 8 identifies each member in the switch stack The member number also determines the interface level configuration that a stack member uses You can display the stack member number by using the show switch user EXEC command A new out of the box switch one that has not joined a switch stack or has not been manually assigned a stack member number ships with a default stack member number of 1 When it joins a switch stack its default stack member number changes to the lowest available member number in the stack Managing Switch Stacks 20 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Stack members in the same switch stack cannot have the same stack member number Every stack member including a standalone switch retains its member number until you manually change the number or unless the number is already being used by another member in the stack See Renumbering Stack Members and Merging Two Operational Stacks Stack Member Priority Values A stack member priority can be changed if the user would like change who is the master of the stack Use the following command to change stack member s priority this command is in the global config mode switch unit priority value S
96. cting all unpowered units at that point Completely cable the stacking connections making sure the redundant link is also in place 4 Then power up each unit one at a time by following Adding a Unit to an Operating Stack Preconfiguration All configuration on the stack except unit numbers is stored on the management unit This means that a stack unit may be replaced with another device of the same type without having to reconfigure the switch Unit numbers are stored independently on each switch so that after power cycling the stack the units always come back with the same unit numbers The unit type associated with each unit number may be learned by the management unit automatically as the units are connected or preconfigured by the administrator 1 Issue the member lt unit id gt lt switchindex gt command to preconfigure a unit Supported unit types are shown by the show supported switchtype command 2 Next configure the unit you just defined with configuration commands just as if the unit were physically present 3 Ports for the preconfigured unit come up in detached state and can be seen with the show port all command The detached ports may now be configured for VLAN membership and any other port specific configuration 4 After a unit type is preconfigured for a specific unit number attaching a unit with different unit type for this unit number causes the switch to report an error The show switch command ind
97. d Per Interface Basis e Queue management type Tail Drop vs WRED Only if per queue config is not supported e WRED Decay Exponent e Traffic Shaping For an entire interface CLI Examples The following are examples of the commands used in the CoS Queuing feature Class of Service CoS Queuing 10 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 1 show classofservice trust Netgear Switch show classofservice trust lt cr gt Press Enter to execute the command Netgear Switch show classofservice trust Class of Service Trust Mode Dot1P Example 2 set classofservice trust mode Netgear Switch Config classofservice dotlp mapping Configure dotlp priority mapping ip dscp mapping Maps an IP DSCP value to an internal traffic class trust Sets the Class of Service Trust Mode of an Interface Netgear Switch Config classofservice trust dotip Sets the Class of Service Trust Mode of an Interface to 802 1p ip dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP Netgear Switch Config classofservice trust dotlp lt cr gt Press Enter to execute the command Netgear Switch Config classofservice trust dotlp 10 4 Class of Service CoS Queuing v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 3 show classofservice ip preceden
98. d Scope The conventions formats and scope of this manual are described in the following paragraphs Typographical Conventions This manual uses the following typographical conventions Italics Emphasis books CDs URL names Bold User input Fixed Screen text file and server names extensions commands IP addresses e Formats This manual uses the following formats to highlight special messages Note This format is used to highlight information of importance or special interest Tip This format is used to highlight a procedure that will save time or resources equipment Danger This is a safety warning Failure to take heed of this notice may result in A Warning Ignoring this type of note may result in a malfunction or damage to the A personal injury or death XV v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e Scope This manual is written for the 7000 Series Managed Switch according to these specifications Product Version 7000 Series Managed Switch Manual Publication Date May 2008 Note Product updates are available on the NETGEAR Inc website at http kbserver netgear com products xxx asp How to Use This Manual The HTML version of this manual if provided includes the following e Buttons gt and lt for browsing forwards or backwards through the manual one page
99. dress Source 1P Mask Source L4 Port E 0 to 65535 Destination IP Address Destination IP Mask 0 to 65535 Figure 9 14 d Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections e Inthe Rule ID field enter 1 e Next to Action mode select the Permit radio button e Select False from the Match Every pulldown menu e Select IP from the Protocol Type pulldown menu e Click Apply to save the settings 9 16 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 11 Apply ACL 101 to port 44 a From the main menu select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control IP Binding Configuration gt IP ACL Binding Configuration gt IP Rules Direction gt IP Extended Rules S nee Nomie aeo o 1 to 4294967295 IF Binding Cantiqurabon Binding Table Pot i 2 3 4 5 6 7 B 9 10 Eh 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 Y Interface Binding Status Interface Direction ACL Type ACL ID Sequence Number Figure 9 15 b Under Binding Configuration make the follo
100. e configuration on the stack but The switch type of the preconfigured switch does not match the switch type in the configuration on the stack e The switch stack applies the default configuration to the preconfigured switch and adds it to the stack The configuration in the preconfigured switch is changed to reflect the new information The stack member number is not found in the configuration The stack member number of the preconfigured switch is not found in the configuration e The switch stack applies the default configuration to the new switch and adds it to the stack The preconfigured information is changed to reflect the new information The switch stack applies the default configuration to the preconfigured switch and adds it to the stack Effects of Replacing a Preconfigured Switch in a Switch Stack When a preconfigured switch in a switch stack fails is removed from the stack and is replaced with another switch the stack applies either the preconfiguration or the default configuration to it The events that occur when the switch stack compares the configuration with the preconfigured switch are the same as those described in Effects of Adding a Preconfigured Switch to a Switched Stack Effects of Removing a Preconfigured Switch from a Switch Stack If you remove a preconfigured switch from the switch stack the configuration associated with the removed stack member remains in the runn
101. e 40 Netgear Switch Interface 1 0 24 exit Netgear Switch Config interface vlan 40 Netgear Switch Interface vlan 40 routing Netgear Switch Interface vlan 40 ip address 192 168 40 1 255 255 255 0 Netgear Switch Interface vlan 40 exit Create VLAN 50 with port 1 0 25 and assign IP address 192 168 50 1 24 Netgear Switch Config exit Netgear Switch vlan database Netgear Switch Vlan vlan 50 Netgear Switch Vlan vlan routing 50 Netgear Switch Vlan exit Netgear Switch configure Netgear Switch Config interface 1 0 25 Netgear Switch Interface 1 0 25 vlan pvid 50 Netgear Switch Interface 1 0 25 vlan participation include 50 Netgear Switch Interface 1 0 25 exit Netgear Switch Config interface vlan 50 Netgear Switch Interface vlan 50 routing Netgear Switch Interface vlan 50 ip address 192 168 50 1 255 255 255 0 Netgear Switch Interface vlan 50 exit Netgear Switch Config exit Create VLAN 200 with port 1 0 48 and assign IP address 192 168 200 1 24 Netgear Switch vlan database Netgear Switch Vlan vlan 200 Netgear Switch Vlan vlan routing 200 Netgear Switch Config interface 1 0 48 Netgear Switch Interface 1 0 48 vlan pvid 200 Netgear Switch Interface 1 0 48 vlan participation include 200 Netgear Switch Interface 1 0 48 exit Netgear Switch interface vlan 200 Netgear Switch Interface vlan 200 routing Netgear Switc
102. e a E east banner txt Data Typs riedant aida doe eke tie a a ar die wa eek wwe Cli Banner Are you sure you want to start y n y CLI Banner file transfer operation completed successfully Netgear Switch Routing exit Netgear Switch Routing gt logout Login Banner Unauthorized access is punishable by law User gt Note The no clibanner command removes the banner from the switch 21 2 Pre Login Banner v1 0 May 2008 Chapter 22 IGMP Querier When the switch is used in network applications where video services such as IPTV video streaming and gaming are deployed the video traffic would normally be flooded to all connected ports because such traffic packets usually have multicast Ethernet addresses IGMP snooping can be enabled to create a multicast group to direct that traffic only to those users that require it However the IGMP snooping operation usually requires an extra network device normally a router that can generate an IGMP membership query and solicit interested nodes to respond With the build in IGMP Querier feature inside the switch such an external device is no longer needed Since the IGMP querier is designed to work with IGMP snooping it is necessary to enable IGMP snooping when using it The examples in this chapter show how to setup the switch to generate the IGMP query Figure 22 1 shows a network application for video streaming service using the IGMP querier feature Vide
103. e is required to use the console port e VT100 compatible terminal or a desktop or a portable system with a serial port running VT100 terminal emulation software e An RS 232 crossover cable with a female DB 9 connector for the console port and the appropriate connector for the terminal Perform the following tasks to connect a terminal to the switch console port using out of band connectivity 1 Connect an RS 232 crossover cable to the terminal running VT100 terminal emulation software 2 Configure the terminal emulation software as follows a Select the appropriate serial port serial port 1 or serial port 2 to connect to the console b Set the data rate to 9600 baud c Set the data format to 8 data bits 1 stop bit and no parity Getting Started 2 7 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 d Set the flow control to none e Select the proper mode under Properties f Select Terminal keys Note When using HyperTerminal with Microsoft Windows 2000 make sure that you have Windows 2000 Service Pack 2 or later installed With Windows 2000 Service Pack 2 the arrow keys function properly in HyperTerminal s VT100 emulation Go to www microsoft com for more information on Windows 2000 service packs 3 Connect the female connector of the RS 232 crossover cable directly to the switch console port and tighten the captive retaining screws Starting the Switc
104. e to create a DHCP server with a dynamic pool proceed as follows 1 From the main menu select System gt Services gt DHCP Server gt DHCP Server Configuration A screen similar to the following displays System Switching Manogement Device View gt DHCP Pool Configuration DHCP Pool Options DHCP Server Statistics DHCP Bindings Information DHCP Conflicts Information gt DHCP Relay UDP Relay Figure 24 1 Routing QoS Security Stacking SNMP DHCP Server Configuration DHCP Server Configuration Admin Mode Disable Ping Packet Count 2 Conflict Logging Mode Disable Bootp Automatic Mode Disable Excluded Addresses Monitoring Maintenance Enable 0 2 to 10 Enable Enable ac IP Range From IP Range To 2 Next to Admin Mode select the Enable radio button 3 Click Apply to enable the DHCP service 24 2 v1 0 May 2008 DHCP Server NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 4 From the main menu select System gt Services gt DHCP Server gt DHCP Pool Configuration A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Management Device View Stacking SNMP DHCP Server DHCP Pool Configuration DHCP Server Configuration DHCP Pool Configuration gt DHCP Pool Configuration Pool Name pool_dynami gt DHCP Pool Options DHC
105. ed in preference to RIP OSPF offers several benefits to the administrator of a large and or complex network e Less network traffic Routing table updates are sent only when a change has occurred Only the part of the table which has changed is sent Updates are sent to a multicast not a broadcast address e Hierarchical management allowing the network to be subdivided The top level of the hierarchy of an OSPF network is known as an autonomous system AS or routing domain and is a collection of networks with a common administration and routing strategy The AS is divided into areas intra area routing is used when a source and destination address are in the same area and inter area routing across an OSPF backbone is used when they are not An inter area router communicates with border routers in each of the areas to which it provides connectivity The 7000 Series Managed Switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route The order for choosing a route if more than one type of route exists is as follows IP Routing Services 7 15 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e Intra area e Inter area e External type 1 the route is external to the AS e External Type 2 the route was learned from other protocols such as RIP CLI Examples The examples in this section show you how to configure a 7000
106. ember command Managing Switch Stacks 20 13 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Add the new stack unit to the stack using the process described in section Adding a Unit to an Operating Stack The unit can be inserted into the same position as the unit just removed or the unit can be inserted at the bottom of the stack In either case make sure all stack cables are connected with the exception of the cable at the position where the new unit is to be inserted to insure that the stack does not get divided into two separate stacks causing the election of a new master Renumbering Stack Members 1 If particular numbering is required it is recommended that stack members be assigned specific numbers when they are first installed and configured in the stack if possible If the desired stack unit number for a particular unit is unused a unit can be renumbered simply by using the switch lt oldunit id gt renumber lt newunit id gt CLI command This command is found in global config mode If the newunit id has been preconfigured you may need to remove the newunit id from the configuration before renumbering the unit If reassignment of multiple existing stack unit numbers is necessary there are a number of implications in terms of mismatching of configuration In this case it is recommended that all units except the master be powered down and added back one at a time using the pr
107. emoving or relocating a unit always power down the unit before disconnecting stack cables When reconnecting stack cables connect them before powering up the unit if possible and insure a good connection by tightening all connector screws where applicable Managing Switch Stacks 20 11 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Initial installation and Power up of a Stack 1 2 Install units in rack Install all stacking cables Fully connect including the redundant stack link It is highly recommended that a redundant link be installed Identify the unit to be the master Power this unit up first Monitor the console port Allow this unit to come up to the login prompt If unit has the default configuration it should come up as unit 1 and will automatically become a master unit If not renumber as desired If desired preconfigure other units to be added to the stack Preconfiguration is described in Section Preconfiguration Power on a second unit making sure it is adjacent next physical unit in the stack to the unit already powered up This will insure the second unit comes up as a member of the stack and not a Master of a separate stack Monitor the master unit to see that the second unit joins the stack Use the show switch command to determine when the unit joins the stack It will be assigned a unit number unit 2 if it has the default co
108. en link goes down all dynamically locked addresses are freed e Ifa specific MAC address is to be set for a port set the dynamic entries to 0 then only allow packets with a MAC address matching the MAC address in the static list e Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the age out time The user can set the time out value e Dynamically locked MAC addresses are eligible to be learned by another port e Static MAC addresses are not eligible for aging e Dynamically locked addresses can be converted to statically locked addresses 13 2 Port Security v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 CLI Examples The following are examples of the commands used in the Port Security feature Example 1 show port security Netgear Switch show port security lt cr gt Press Enter to execute the command all Display port security information for all interfaces lt unit slot port gt Enter interface in unit slot port format dynamic Display dynamically locked MAC addresses static Display statically locked MAC addresses violation Display the source MAC address of the last packet that was discarded on a locked port Netgear Switch show port security Port Security Administration Mode Enabled Example 2 show port security on a specific interface Netgear Switch show port security 1 0
109. erence Metric Type Address Interface Dynamic 10 100 3 0 233 295 235 0 Local Vian 202 10 100 35 34 o o Dynamic 192 168 1 0 235 235 255 0 Local Vlan 192 192 168 1 254 o o Figure 25 5 b Under Configure Routes select DefaultRoute from the Route Type pulldown menu Under Configure Routes in the Next Hop IP Address field enter 10 100 5 252 d Click Add to add the route that is associated to VLAN 202 to the Learned Routes table Protected Ports 25 7 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 6 Configure port 23 and port 24 as protected ports a From the main menu select Security gt Traffic Control gt Protected Port A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Management Security Access Port Authentication gt MAC Filter Protected Ports Membership gt Storm Control Port Security Protected Port Membership Protected Port Port 1 2 3 4 S 6 7 8 9 160 11 12 13 14 15 16 17 16 19 20 21 22 23 24 vv 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Figure 25 6 b Under Protected Ports Configuration Click Unit 1 The ports display c Click the gray box under ports 23 A flag appears in the box d Click the gray box under ports 24 A flag appears in the box e Click Apply to activate ports 23 and 24 as protected ports 25 8 Protected P
110. erface vlan 200 exit Add two static routes so that the switch forwards the packets for which the destinations are 192 168 40 0 24 and 192 168 50 0 24 to the correct next hops Config ip routing Config ip route 192 168 40 0 255 255 255 0 192 168 200 2 Config ip route 192 168 50 0 255 255 255 0 192 168 200 2 that denies all the packets with TCP flags syn ack Config access list 101 deny tcp any any flag syn ack that permits all the IP packets Config access list 102 permit ip any any Apply the ACL 101 and 102 to the port 0 44 the sequence of 101 is 1 and of 102 is 2 Netgear Switch Config interface 0 44 Netgear Switch Interface 0 44 ip access group 101 in 1 Netgear Switch Interface 0 44 ip access group 102 in 2 Netgear Switch Interface 0 44 exit 9 6 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 To use the CLI to Configure the GSM7352S enter the following CLI commands Step 2 Configure the GSM7352S see Figure 9 2 Create VLAN 40 with port 1 0 24 and assign IP address 192 168 40 1 24 Netgear Switch vlan database Netgear Switch Vlan vlan 40 Netgear Switch Vlan vlan routing 40 Netgear Switch configure Netgear Switch Config interface 1 0 24 Netgear Switch Interface 1 0 24 vlan pvid 40 Netgear Switch Interface 1 0 24 vlan participation includ
111. ess 192 150 3 1 255 255 255 0 etgear Switch Interface 1 0 3 exit etgear Switch Config exit IP Routing Services 7 17 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Specify Router ID and Enable OSPF for the Switch The following sequence specifies the router ID and enables OSPF for the switch Set disable1583 compatibility to prevent the routing loop Netgear Switch config Netgear Switch Config router ospf Netgear Switch Config router enable Netgear Switch Config router router id 192 150 9 9 Netgear Switch Config router no 1583compatibility Netgear Switch Config router exit Netgear Switch Config exit Enable and Configure OSPF for the Ports The following sequence enables OSPF and sets the OSPF priority and cost for the ports etgear Switch config etgear Switch Config interface 1 0 2 etgear Switch Interface 1 0 2 ip ospf etgear Switch Interface 1 0 2 ip ospf areaid 0 0 0 2 etgear Switch Interface 1 0 2 ip ospf priority 128 Netgear Switch Interface 1 0 2 ip ospf cost 32 etgear Switch Interface 1 0 2 exit etgear Switch Config interface 1 0 3 etgear Switch Interface 1 0 3 ip ospf etgear Switch Interface 1 0 3 ip ospf areaid 0 0 0 3 etgear Switch Interface 1 0 3 ip ospf priority 255 etgear Switch Interface 1 0 3 ip ospf cost 64 etgear Switch Interface 1 0 3 exit Netgear Switch
112. established order of stack up to stack down connections 6 Power up the new unit Verify by monitoring the master unit console port that the new unit successfully joins the stack by issuing the show switch command The new unit should always join as a member never as master the existing master of the stack should not change 7 Ifthe code version of the newly added member is not the same as the existing stack update the code as described in section Upgrading Firmware Replacing a Stack Member with a New Unit There are two possible situations here First if you replace a stack member of a certain model number with another unit of the same model follow the process below e Follow the process in section Removing a Unit from the Stack to remove the desired stack member e Follow the process in section Adding a Unit to an Operating Stack to add a new member to the stack with the following exceptions Insert the new member in the same position in the stack as the one removed Preconfiguration described in step Preconfigure the new unit if desired of that procedure is not required Second if you replace a stack member with another unit of a different model number use the following process e Follow the process in section Removing a Unit from the Stack to remove the desired stack member e Remove the now absent stack member from the configuration by issuing the command no m
113. eyword Flag IP Address IP Mask L4 Port Tyi Address Mask Figure 9 11 b Under IP Extended Rules select 101 from the ACL ID pulldown menu c Click Add The Extended ACL Rule Configuration screen displays System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control Basic Extended ACL Rule Configuration Advanced gt IP ACL Extended ACL Rule Configuration 100 199 gt IP Rules gt IP Extended Rules gt IP Binding Rule IO 1 to 24 1 Configuration CP gt Binding Table ae Egress Queve ACLID 101 Deny Faise a rer z 0 to 255 FIN Tonore SYN Set RST Ignore PSH Ignore ACK Clear URG Ignore a I 0 to 65535 Figure 9 12 9 14 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections e Inthe Rule ID field enter 1 e Next to Action mode select the Deny radio button e Select False from the Match Every pulldown menu e Select TCP from the Protocol Type pulldown menu e Next to TCP Flag select Set from the SYN pulldown menu and select Clear from the ACK pulldown menu Click Apply to save the settings 10 Add and configure an IP extended rule that is associated with ACL 102 a From the main menu select Securit
114. gnore RST Ignore PSH Ignore ACK Ignore URG Ignore Source IP Address Source IP Mask Source L4 Port v 0 to 65535 Destination IP Address 192 168 48 0 Destination IP Mask 90 0 0 255 Destination L4 Port v 0 to 65535 Figure 9 33 d Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections e Inthe Rule ID field enter 1 e Next to Action mode select the Deny radio button e Select False from the Match Every pulldown menu In the Destination IP Address field enter 192 168 48 0 In the Destination IP Mask field enter 0 0 0 255 e Click Apply to save the settings Access Control Lists ACLs 9 33 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 10 Add and configure an IP extended rule that is associated with ACL 103 a From the main menu select Security gt ACL gt Advanced gt IP Extended Rules A screen similar to the following displays System Switching Management Security Access MAC ACL 1P ACL gt IP ACL gt IP Rules IP Extended Rules IP Binding Configuration gt Binding Table index Help Routing QoS Security Monitoring Maintenance Port Authentication Traffic Control IP Extended Rules IP Extended Rules ACLID Extended ACL Rule Table Source Source Source IP 1p ta Destination Destination Destination Assign Match Protocol TCP Address Mask Port
115. guration A screen similar to the following displays System Switching Routing IP VLAN ARP Security Monitoring Maintenance Help Index Route Configuration Route Configure Routes A Advanced Route Type Network Address Subnet mask Next Hop IP Address Preference s EZS 255 255 255 0 I 192 168 200 2 Ds F Statie 192 168 40 0 255 255 255 0 192 168 200 2 1 Learned Routes Next Hop IP Address Dynamic 192 168 100 0 255 255 255 0 Local Vian 100 192 168 100 1 o Figure 9 8 Under Configure Routes make the following selection and enter the following information e Select Static from the Route Type pulldown menu e Inthe Network Address field enter 192 168 50 0 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Next Hop IP Address field enter 192 168 200 2 Click Add 9 12 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 7 Create an ACL with ID 101 a From the main menu select Security gt ACL gt Advanced gt IP ACL A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Management Security Accoss Port Authentication Traffic Control Basic IP ACL Advanced IP ACL IP ACL gt IP Rules Current Number of ACL gt IP Extended Rules gt IP Binding Configuration gt Binding Table IP ACL Table IP ACLID Rules Maximum ACL Figure 9
116. h 1 Make sure that the switch console port is connected to a VT100 terminal or VT100 terminal emulator via the RS 232 crossover cable Locate an AC power receptacle 2 3 Deactivate the AC power receptacle 4 Connect the switch to the AC receptacle 5 Activate the AC power receptacle When the power is turned on with the local terminal already connected the switch goes through a power on self test POST POST runs every time the switch is initialized and checks hardware components to determine if the switch is fully operational before completely booting If POST detects a critical problem the startup procedure stops If POST passes successfully a valid executable image is loaded into RAM POST messages are displayed on the terminal and indicate test success or failure The boot process runs for approximately 60 seconds Initial Configuration The initial simple configuration procedure is based on the following assumptions e The switch was not configured before and is in the same state as when you received it e The switch booted successfully 2 8 Getting Started v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e The console connection was established and the console prompt appears on the screen of a VT100 terminal or terminal equivalent The initial switch configuration is performed through the console port After the initial configuration you can manage the switch either f
117. h Interface vlan 200 ip address 192 168 200 2 255 255 255 0 Netgear Switch Interface vlan 200 exit Access Control Lists ACLs 9 7 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Add two static routes so that the switch forwards the packets with destinations 192 168 100 0 24 and 192 168 30 0 24 to the correct next hops Netgear Switch Config ip routing Netgear Switch Config ip route 192 168 100 0 255 255 255 0 192 168 200 1 Netgear Switch Config ip route 192 168 30 0 255 255 255 0 192 168 200 1 Web Interface Procedure To use the Web interface to configure the GSM7248R proceed as follows 1 Create VLAN 30 with IP address 192 168 30 1 24 a From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP VLAN ARP QoS Security Monitoring Maintenance Help VLAN Routing Wizard VLAN Routing VLAN Routing Wizard Vlan 1D e LAG Enabled 192 168 30 1 Network Mask Port 2 3 4 S 6 7 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 as 36 37 38 39 40 41 42 43 44 45 46 47 48 u J Figure 9 3 b Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 30 e Inthe IP Address field enter 192 168 30 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d
118. hapter 16 Outbound Telnet MOO ic tesan ces an a peccitee ohare O Soadin eden wind besanuiatiadesdunlutGanadatin 16 1 GU AUN orior o ee EE Ra AAE Sleek AE AS 16 1 Exame arts SAW SIO asosa senna aaa irene 16 2 Exaile ee Bio LON IGE unaa R et leuet ies 16 2 Example 3 transport output telnet sive tasers ccaccnesrcnccinitectedonieteedriiwdrendviaieeveadenis 16 3 v1 0 May 2008 Example 4 session limit and S SSION fIMEOUE 2 0 0 0 cee sesseeeneseeeseneeeneeeeennee 16 3 Chapter 17 Port Mirroring CGO es ex oxi E E PE E E ia otc ens SE E EEE EE E 17 1 GLI ERIS oiriin aa a a ea a E E ES 17 1 Example 1 show monitor SESSION scccccccrccaseasnsirccssusehieeclavussssdousidendecssiudoussecouduces 17 2 Eromen SRON PON al apna ialeuet uence iaiels 17 2 Example F show porn WSIS annens 17 2 Example 4 Config monitor session 1 mode sssssssessessrssssressressseessessressrens 17 3 Example 5 Config monitor session 1 source interface ccscceeeesteeeeeeeeees 17 4 Example 6 Interface port SOUN nssnsnssnusnsasnninss rime ashore 17 4 Chapter 18 Simple Network Time Protocol SNTP B AE EA deli Seep Slit caus dlc asus Sal oa dias E css E N 18 1 CU EONS saneso aa aad eee ee eee ees 18 1 Fear ea SY E E E E A 18 1 nid ee shes ShoN SPE oenina 18 2 Example 3 SHOW SITIO SOIVED iccirco AS EAAS 18 2 Example F4 TNA SNTP nronu a aa SAE aN 18 2 Example 5 Sening MMe LONG sirais a i 18 4 Example 6 Setting Named SNTP Server
119. hem You may have many reasons for the logical division such as department or project membership The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN Each VLAN in a network has an associated VLAN ID which appears in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station may omit the tag or the VLAN portion of the tag in which case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID A given port may handle traffic for more than one VLAN but it can only support one default VLAN ID The Private Edge VLAN feature lets you set protection between ports located on the switch This means that a protected port cannot forward traffic to another protected port on the same switch The feature does not provide protection between ports located on different switches 5 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 VLAN Configuration Example The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs port 1 0 2 handles traffic for both VLANs while port 1 0 1 is a member of VLAN 2 only and ports 1 0 3 and 1 0 4 are members of VLAN 3 only The script following the diagram shows the commands you would use to configure the switch as shown in the diagram Layer 3 Switch Port 1 072 VLAN Router Port
120. icates config mismatch for the new unit and the ports on that unit don t come up To resolve this situation the customer may change the unit number of the mismatched unit or delete the preconfigured unit type using the no member lt unit id gt command Upgrading Firmware New code is downloaded via TFTP or xmodem to the management unit using the copy command Once code is successfully loaded on the management unit it automatically propagates the code to the other units in the stack If some error occurs during code propagation to stack units then the Managing Switch Stacks 20 15 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 archive command in stack configuration mode may be issued to make another attempt to copy the software to the unit s that did not get updated Errors during code propagation to stack members could be caused by stack cable movement or unit reconfiguration during the propagation phase An error could also occur in the presence of excessive network traffic such as a broadcast event All units in the stack must run the same code version Ports on stack units that don t match the management unit code version don t come up and the show switch command shows a code mismatch error To resolve this situation the administrator may issue archive command This command copies management unit s software to the other units with mismatched code version Before issuing this c
121. ick Start Commands Command Mode Description show hardware Privileged Shows hardware version MAC address and software version EXEC information show users Privileged Displays all of the users that are allowed to access the network EXEC ing device Access Mode shows whether you can change parameters on the networking device Read Write or can only view them Read Only As a factory default the admin user has Read Write access and the guest user has Read Only access There can only be one Read Write user There can be up to five Read Only users show User EXEC Displays all of the login session information loginsession users passwd Global Config Allows the user to set passwords or change passwords needed lt username gt to login A prompt appears after the command is entered requesting the users old password In the absence of an old password leave the area blank User password should not be more than eight characters in length Getting Started 2 11 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Table 2 1 Quick Start Commands path gt lt filename gt gt Command Mode Description copy system run Privileged Saves passwords and all other changes to the device ee E S EXEC If you do not save the configuration all changes are lost when ion fig p you power down or reset the networking device In a stacking envir
122. ilar to the following displays System Switching Routing QoS Security Manogement Security Access Port Authentication Traffic Control MAC ACL IP ACL IP ACL gt IP ACL IP ACL gt IP Rules Current Number of ACL gt IP Extended Rules Maximum ACL gt IP Binding Configuration Binding Table IP ACL Table z IP ACL ID Rules Type 1103 T 101 0 Extended E 102 0 Extended Figure 9 29 9 30 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 b Inthe IP ACL ID field of the IP ACL Table enter 103 c Click Add 8 Add and configure an IP extended rule that is associated with ACL 101 a From the main menu select Security gt ACL gt Advanced gt IP Extended Rules A screen similar to the following displays Switching System Monogement Security Access Basic Advanced gt IP ACL gt IP Rules IP Extended fules IP Binding Configuration gt Binding Table res o ACLID Rule 1D Figure 9 30 Routing Port Authentication QoS Security Monitoring Troffic Control IP Extended Rules IP Extended Rules rox Extended ACL Rule Table Source Protocol TCP iP IP Every Keyword Flag Assign Match Action Queue Maintenance Source Source Address Mask Help index Destination Destination Destination Ser IP Address IP Mask L4 Port Tya b Under IP Extended Rules select 101 from the ACL ID p
123. iltering s Port PYID Configuration gt Port DVLAN Configuration gt Protocol Based VLAN Group Configuration gt Protocol Based VLAN Group Membership gt GARP Switch Configuration GARP Port Configuration All Go To Interface Port Priority 0 to 7 0 24 EIM E om Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable Admit All Disable ba pa pa oe a e o p o o e en gHo0nocdcoccdodcocodog eocococooeoeceeeeeoeeeoeee se Figure 27 4 b Under PVID Configuration scroll down to interface 1 0 24 and select the chechbox for that interface 1 0 24 now appears in the Interface field at the top c Under PVID Configuration in the PVID 1 to 4093 field enter 200 d Click Apply to save the settings Double VLANs 27 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 4 Configure port 48 as the provider service port a From the main menu select Switching gt VLAN gt Advanced gt Port DVLAN Configuration A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help STP Multicost Address Toble Ports LAG Basic Port DVLAN Configuration Advanced gt VLAN DYLAN Configuration Configuration Go To Interface
124. imarily based on the contents of the Layer 3 and Layer 4 headers and is recorded in the Differentiated Services Code Point DSCP added to a packet s IP header e Interior node A switch in the core of the network is responsible for forwarding packets rather than for classifying them It decodes the DSCP code point in an incoming packet and provides buffering and forwarding services using the appropriate queue management algorithms Before configuring DiffServ on a particular 7000 Series Managed Switch you must determine the QoS requirements for the network as a whole The requirements are expressed in terms of rules which are used to classify inbound traffic on a particular interface The switch software does not support DiffServ in the outbound direction Rules are defined in terms of classes policies and services e Class A class consists of a set of rules that identify which packets belong to the class Inbound traffic is separated into traffic classes based on Layer 3 and 4 header data and the VLAN ID and marked with a corresponding DSCP value One type of class is supported All which specifies that every match criterion defined for the class must be true for a match to occur e Policy Defines the QoS attributes for one or more traffic classes An example of an attribute is the ability to mark a packet at ingress The 7000 Series Managed Switch supports a Traffic Conditions Policy This type of policy is associated with an inbound
125. ing v1 0 May 2008 Chapter 18 Simple Network Time Protocol SNTP This section describes the Simple Network Time Protocol SNTP feature Overview SNTP Used for synchronizing network resources Adaptation of NTP Provides synchronized network timestamp Can be used in broadcast or unicast mode SNTP client implemented over UDP which listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature Example 1 show sntp Netgear Switch Routing show sntp lt cr gt Press Enter to execute the command client Display SNTP Client Information server Display SNTP Server Information 18 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 2 show snip client Netgear Switch Routing show sntp client Client Supported Modes unicast broadcast SNTP Version 4 Port 123 Client Mode unicast Unicast Poll Interval 6 Poll Timeout seconds 5 Poll Retry i Example 3 show sntp server Netgear Switch Routing show sntp server Server IP Address 811 169 155 234 Server Type ipv4 Server Stratum 3 Server Reference Id NTP Srv 212 186 110 32 Server Mode Server Server Maximum Entries 3 Server Current Entries 1 SNTP Servers IP Address 81 169 155 234 Address Type IPV4 Priority dl Version 4 Port 123 Last Update Time MAY 18 04 59 13 2005 Last Attempt Time MAY 1
126. ing configuration as configured information To completely remove the configuration use the no member unit_number this is in the stacking configuration mode Managing Switch Stacks 20 7 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Switch Stack Software Compatibility Recommendations All stack members must run the same software version to ensure compatibility between stack members The software versions on all stack members including the stack master must be the same This helps ensure full compatibility in the stack protocol version among the stack members If a stack member is running a software version that is not the same as the stack master then the stack member is not allowed to join the stack Use the show switch command to list the stack members and software versions See Code Mismatch Incompatible Software and Stack Member Image Upgrades You can upgrade a switch that has an incompatible software image by using the archive download sw xmodem ymodem zmodem tftp ip filepath filename command this is in the stacking configuration mode It copies the software image from an existing stack member to the one with incompatible software That switch automatically reloads and joins the stack as a fully functioning member Switch Stack Configuration Files The configuration files record settings for all global and interface specific settings that define the opera
127. is associated with ACL 102 a From the main menu select Security gt ACL gt Advanced gt IP Extended Rules A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index wood Port Authentication Troftic Control Basic IP Extended Rules Advanced gt IP ACL IP Extended Rules gt IP Rules ACLIO ozz gt IP Extended Rules gt IP Binding Configuration Extended ACL Rule Table gt Binding Table Source Source Source Rule Assign Match Protocol TCP 75 pate Destination Destination Destination x 1D aan G Every Keyword Flag rA Heei r IP Address IP Mask L4 Port l Figure 9 32 b Under IP Extended Rules select 102 from the ACL ID pulldown menu c Click Add The Extended ACL Rule Configuration screen displays 9 32 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 System Switching Routing QoS Security Monitoring Maintenance Help Index Management Security Access Port Authentication Traffic Control MAC ACL Extended ACL Rule Configuration gt IP ACL Extended ACL Rule Configuration 100 199 gt IP Rules IP Extended Rules ACCID 102 gt IP Binding Configuration Rule ID 1 to 23 1 Binding Table _ Action Permit Egress Queue 0 to 6 Deny Match Every False v Protocol Type tP v 0 to 255 TCP Flag FIN Ignore SYN I
128. it Config exit with port 0 13 and assign IP address 192 168 vlan database Vlan vlan 100 Vlan vlan routing 100 Vlan exit configure Config interface 0 13 Interface 0 13 vlan pvid 100 Interface 0 13 vlan participation include Interface 0 13 exit Config interface vlan 100 Interface vlan 100 routing Interface vlan 100 ip address 192 168 100 Interface vlan 100 exit Config exit 30 2992295 12959 20 100 1 24 100 1 299 299 29 9 0 Access Control Lists ACLs v1 0 May 2008 9 5 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 etgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear o0oooeoodoodaeoeod ad oO Netgear Netgear Netgear Netgear Netgear Create an ACL Create an ACL Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc H D D DDPDDDD DD DDDD Switch Switch Switch Switch Switch Create VLAN 200 with port 0 44 and assign IP address 192 168 200 1 24 vlan database Vlan vlan 200 Vlan vlan routing 200 Vlan exit configure Config interface 0 44 Interface 0 44 vlan pvid 200 Interface 0 44 vlan participation include 200 Interface 0 44 exit Config interface vlan 200 Interface vlan 200 routing Interface vlan 200 ip address 192 168 200 1 255 255 255 0 Int
129. k master failure Remove or power off the stack master The stack master is retained The new switch is added to the switch stack Based on Stack Master Election and Re Election one of the remaining stack members becomes the new stack master All other stack members in the stack remain as stack members and do not reboot 20 10 Managing Switch Stacks v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Stacking Recommendations The purpose of this section is to collect notes on recommended procedures and expected behavior of stacked managed switches Procedures addressed initially are listed below Initial installation and power up of a stack Removing a unit from the stack Adding a unit to an operating stack Replacing a stack member with a new unit Renumbering stack members Moving the master to a different unit in the stack Removing a master unit from an operating stack Merging two operational stacks Preconfiguration Upgrading firmware Migration of configuration with a firmware upgrade General Practices When issuing a command such as move management or renumber it is recommended that the command has fully completed before issuing the next command For example if a reset is issued to a stack member use the show port command to verify that the unit has re merged with the stack and all ports are joined before issuing the next command When physically r
130. ld enter 192 168 1 254 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display e Click the gray box under port 23 twice until U displays e Click the gray box under port 24 twice until U displays Protected Ports 25 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 The U specifies that the egress packet is untagged for the port d Click Apply to save the VLAN that includes ports 23 and 24 3 Configure a VLAN and include port 1 0 48 in the VLAN a e From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP VLA ARP RIP OSPF Router Discovery Security Monitoring Maintenance Help VLAN Routing VLAN Routing Wizard Wizard n gt VLAN Routing VLAN Routing Wizard LAG Enabled Network Mask 255 255 255 0 Port 1 2 3 4 5 6 7 8 9 1011 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 aa lu 49 50 51 52 Figure 25 4 Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 202 e Inthe IP Address field enter 10 100 5 34 e Inthe Network Mask field enter 255 255 255 0 Click Unit 1 The ports display Click the gray box under port 48 twice until U displays The U specifies that the egress packet is untagged for the port Click Apply to sa
131. lick Unit 1 The ports display d Click on the gray box under port 44 A flag appears in the box e Click Apply to save the settings 9 18 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 To use the Web interface to configure the GSM7352S proceed as follows 1 Create VLAN 40 with IP address 192 168 40 1 24 a From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP A ARP RIP OSPF Router Discovery VRRP Security Monitoring Maintenance Help VLAN Routing VLAN Routing Wizard Wizard gt VLAN Routing VLAN Routing Wizard Vian ID LAG Enabled 5 192 168 40 1 Network Mask 255 255 255 0 Poti 2 3 4 5 6 7 8 9 10141 12 13 14 15 16 17 18 19 20 21 22 23 24 u 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 SO 51 52 Figure 9 17 b Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 40 e Inthe IP Address field enter 192 168 40 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 24 twice until U displays The U specifies that the egress packet is untagged for the port e Click Apply to save VLAN 40 Access Control Lists ACLs 9 19 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration
132. lnet Outbound Telnet Login Timeout minutes Maximum Number of Outbound Telnet Sessions Allow New Outbound Telnet Sessions 16 2 v1 0 May 2008 Outbound Telnet NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 3 transport output telnet Netgear lt cr gt Netgear Netgear input output Netgear telnet Netgear lt CrS Netgear Netgear Config lineconfig Switch Routing Switch Routing Switch Routing Switch Routing Switch Routing Switch Routing Switch Routing Press Enter to execute the command Config lineconfig Line transport Displays the protocols to use to connect to a specific line of the router Displays the protocols to use for outgoing connections from a line Line transport output Allow or disallow new telnet sessions Line transport output telnet Press Enter to execute the command Line transport output telnet Line Example 4 session limit and session timeout etgear lt 0 5 gt allowed etgear etgear lt 1 160 gt Netgear Switch Routing Configure the maximum number of outbound telnet sessions Switch Routing Switch Routing Switch Routing Line session limit Line session limit 5 Line Session timeout Enter time in minutes Line Session timeout 15 Outbound Telnet
133. lude 10 conf if range 1 0 1 1 0 2 vlan pvid 10 conf if range 1 0 1 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 vlan participation include 20 Interface 1 0 3 vlan pvid 20 Interface 1 0 3 exit Config vlan port tagging all 10 Config vlan port tagging all 20 Config exit etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc Netgear Switc Netgear Switc etgear Switc etgear Switc etgear Switc Do AO PV VP VV VP PPV Py p Example 2 Set Up VLAN Routing for the VLANs and the Switch The following code sequence shows how to enable routing for the VLANs vlan data Vlan vlan routing 10 Vlan vlan routing 20 Vlan exit Netgear Switch Netgear Switch Netgear Switch Netgear Switch This returns the logical interface IDs that will be used instead of slot port in subsequent routing commands Assume that VLAN 10 is assigned ID 3 1 and VLAN 20 is assigned ID 3 2 Enable routing for the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit 7 6 IP Routing Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports Netgear Switch Netgea
134. n 3 lt 6 gt JAN 01 00 00 40 0 0 0 0 3 UNKN 251627904 sysapi c 1864 6 File user_mgr_cfg same version 6 but the sizes 2312 gt 7988 differ Syslog 19 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 3 show logging traplogs Netgear Switch Routing lt cr gt Press Enter to execute the command Netgear Switch Routing show logging traplogs show logging traplogs Number of Traps Since Last Reset 6 Trap LOG Capat yes arae Secs or Geese andes BSG Se ase ws 256 Number of Traps Since Log Last Viewed 6 Log System Up Time Trap 0 0 days 00 00 46 Link Up Unit 3 Slot 0 Port 2 1 0 days 00 01 01 Cold Start Unit 0 2 0 days 00 21 33 Failed User Login Unit 1 User ID admin 3 0 days 18 33 31 Failed User Login Unit 1 User ID 4 0 days 19 27 05 Multiple Users Unit 0 Slots 3S Rort 2 5 0 days 19 29 57 Multiple Users Unit 0 Slot 3 Port 1 Example 4 show logging hosts Netgear Switch Routing show logging hosts lt cr gt Press Enter to execute the command Netgear Switch Routing show logging hosts Index IP Address Severity Port Status 1 192 168 21 253 critical 514 Active 19 4 Syslog v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 5 logging port configuration Netgear Switch Ro
135. n eSa rar O AE EINAN 4 1 staring thie Wep Mere sunrises ii sh ai ARN TA NL EER 4 2 Mente Ws earl La e T T E E ae enema tae 4 2 Configuring an SNMP V3 User Profile siciisirisssisri iaoiae aai 4 6 Chapter 5 Virtual LANs VLAN Conhourahon Example snas a een aaa At 5 2 GUE PES gasnom acer rire r rer trrercer rer ren setre rere Te 5 2 Example Fi ore TAO VLANS oss cece sccd cnacede scchannceadiechaneeciaacine RaRa 5 2 Example 2 Assign Poris to VLANZ ic secsudosescsiatuuesieassirusinsSsuaidundesanadgaresscunouiecdediindueas 5 3 Example 3 Assign Forts to VLANI ciscssicccdeccdneuseecreuutsrundainniccemeanieames 5 3 Example 4 Assign VLANS as the Default VLAN sssescssssssrirssresrirssrerrrrssrsrnssss 5 3 Graphical User Morate norui a a R aa a aii 5 4 Chapter 6 Link Aggregation GEVE SSE ae ET T 6 1 Example r T Oreo LAOS meiosis iaaa aE Saale bats dvs ENESA 6 2 Example 2 Add the ports to the LAGS coirasses 6 3 Example 73 Enable poth LAGS aia sienna casas aeastigarn aA 6 3 Chapter 7 IP Routing Services PONP aE deca hae cus anual iis acn pasa eseeam des Gumuty ss nmi eaten teenie 7 1 Forn RATING ITNT sopikin n E NNR 7 2 GEFEIERT A EA NN 7 3 Example 1 Enabling routing for the Switch sssssssssessseessrnessreeseessresrreesrens 7 3 Example 2 Enabling Routing for Ports on the Switch sesesssseeesseeesseesneeenn 7 4 VEAN F OUUD anri a cabs craus cpasttpauida deatuaitt a pdunaatanduataeditlasenaeenn paaseentsianebenun aN 7 4 VLAN Roving CTIA se ca
136. n on one port and to allow only the user with the name adam to access the VLAN proceed as follows 1 Create VLAN 100 with IP address 192 168 100 1 a From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP ARP RIP OSPF Router Discovery VRRP Security Monitoring Maintenance Help Index VLAN Routing Wizard VLAN Routing VLAN Routing Wizard Vian 10 ioo e LAG Enabled a 192 168 100 1 Network Mask 255 255 255 0 IP Address Port 1 2 3 4 S 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 iu 25 26 27 28 Figure 26 2 802 1x Port Security 26 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 100 e Inthe IP Address field enter 192 168 100 1 e Inthe Network Mask field enter 255 255 255 0 Click Unit 1 The ports display Click the gray box under port 1 twice until U displays The U specifies that the egress packet is untagged for the port Click Apply to save VLAN 100 2 Enable IP Routing a From the main menu select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays System Switching Routing Routing Table VLAN ARP RIP OSPF Router Discovery VRRP Securit
137. nation Netgear Switc lt ipaddr gt Netgear Switc h traceroute Enter IP address h traceroute 216 109 118 74 lt cr gt Press lt port gt Netgear Switc Enter to execute the command Enter port no h traceroute 216 109 118 74 Tracing route over a maximum of 20 hops 1 10 254 24 1 40 ms 9 ms 10 ms 2 102254 253 51 30 ms 49 ms 21 ms 3 63 223 70 323 33 29 ms 10 ms 10 ms 4 63 144 4 1 39 ms 63 ms 67 ms 5 63 144 1 141 70 ms 50 ms 50 ms 6 205 171 21 89 39 ms 70 ms 50 ms T 205217138 054 70 ms 50 ms 70 ms 8 205 171 8 222 70 ms 50 ms 80 ms 9 205171 25 1 34 60 ms 90 ms 50 ms 10 209 244 219 181 60 ms 70 ms 70 ms 11 209 244 11 9 60 ms 60 ms 50 ms 12 4 68 121 146 50 ms 70 ms 60 ms 13 4 79 228 2 60 ms 60 ms 60 ms TA 29661 1 5 9 6 1 8 5 110 ms 59 ms 70 ms 15 216 109 120 203 70 ms 66 ms 95 ms 16 216 109 118 74 78 ms 121 ms 69 ms 14 2 Traceroute v1 0 May 2008 Chapter 15 Configuration Scripting This section describes the Configuration Scripting feature Overview Configuration Scripting Allows you to generate text formatted files Provides scripts that can be uploaded and downloaded to the system Provides flexibility to create command configuration scripts May be applied to several switches Can save up to ten scripts or 500K of memory Provides List Delete Apply Upload Download Provides script format of one CLI command per line Considerations
138. nfiguration Renumber this stack unit if desired See section Renumbering Stack Members on recommendations for renumbering stack members Repeat steps 6 through 8 to add additional members to the stack Always power on a unit adjacent to the units already in the stack Removing a Unit from the Stack 1 Make sure the redundant stack connection is in place and functional All stack members should be connected in a logical ring Power down the unit to be removed Disconnect stack cables If unit is not to be replaced reconnect the stack cable from the stack member above to the stack member below the unit being removed Remove unit from the rack If desired remove the unit from the configuration by issuing the command no member lt unit id gt 20 12 Managing Switch Stacks v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Adding a Unit to an Operating Stack 1 Make sure the redundant stack connection is in place and functional All stack members should be connected in a logical ring 2 Preconfigure the new unit if desired 3 Install new unit in the rack Assumes installation below the bottom most unit or above the top most unit 4 Disconnect the redundant stack cable that connects the last unit in the stack back up to the first unit in the stack at the position in the ring where the new unit is to be inserted 5 Connect this cable to the new unit following the
139. normally with the stack code should be loaded to the newly added unit from the master using the copy command The newly added member should then be reset and should reboot normally and join the stack Managing Switch Stacks 20 17 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 20 18 Managing Switch Stacks v1 0 May 2008 Chapter 21 Pre Login Banner This section describes the Pre Login Banner feature Overview Pre Login Banner e Allows you to create message screens when logging into the CLI Interface e By default no Banner file exists e Can be uploaded or downloaded e File size cannot be larger than 2K The Pre Login Banner feature is only for the CLI interface CLI Example Example 1 Create a Pre Login Banner To create a Pre Login Banner follow these steps 1 On your PC using Notepad create a banner txt file that contains the banner to be displayed Login Banner Unauthorized access is punishable by law v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 2 Transfer the file from the PC to the switch using TFTP Netgear Switch Routing copy tftp 192 168 77 52 banner txt nvram clibanner Modessa kas se eis ERE es St eee ae Bee ene eee TETP Set TRIP Bervet IPsec iana a aeea a E R a 192 168 77 52 FTP Pabheuirsn aa a a E a eit ono ede eee ee af EPP Prbenanesa eao Sis eee ie ana ae EE ee 8a
140. nterface basis 70 3 port egress queue configuration 0 2 queue mapping 10 1 traffic shaping 0 6 untrusted ports 0 2 D delete 4 5 DHCP server dynamic mode 24 1 manual mode 24 4 DiffServ edge device 17 1 interior node 77 1 VoIP support 4 DNS 23 1 DSCP 10 2 DVLAN 27 1 E Easy Setup Wizard 2 9 Ezconfig utility 3 G gaming 22 1 IGMP IGMP snooping 12 1 IGMPv3 12 1 IGMP querier 22 1 IGMP snooping 22 1 in band connectivity BootP 2 5 DHCP 2 5 EJA 232 2 5 2 6 initial configuration procedure 2 9 interpreting log files 79 2 IP routing ARP 7 21 OSPF 7 15 port routing 7 1 7 2 RIP 7 12 VLAN routing 7 4 VLAN routing OSPF configuration 7 10 VLAN routing RIP configuration 7 5 7 7 IPTV 22 1 L link aggregation LAG 6 1 MAC ACL 9 1 N NVT 16 1 O OSPF 7 1 7 2 7 10 7 15 outbound Telnet 6 out of band connectivity 2 7 P password change the admin password 3 2 permit 9 41 port mirroring 17 1 port security 73 7 pre login banner 2 private edge VLAN 5 1 Index 2 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 protected ports 25 1 Q QoS class 77 1 policy 71 1 service 71 2 R refresh 4 5 RIP 7 1 7 2 7 7 7 12 S SNMP V3 user profile 4 6 SNTP 8 static host name 23 1 switch FSM family of switches 20 1 GSM family of switches 20 1 IP address 3 2 name 3 3 saving the configuration 3 3 switch sta
141. o Streaming device NETGEAR posate Une FU Gamma w 2 eog Switch i as TTT TT hee ETT Oe eee ETE FSET Video i IGMP query IGMP query aii ii Stream i IGMP response LE DO Desktop PC Notebook PC MAC Figure 22 1 22 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 CLI Examples Example 1 Enable IGMP Querier Use the following CLI commands to set up the switch to generate IGMP querier packet for a designated VLAN The IGMP packet will be transmitted to every ports on the VLAN The following example enables the querier for VLAN 1 See the CLI Manual for more details about other IGMP querier command options Netgear switch vlan database Netgear switch vlan ip igmp 1 Netgear switch vlan ip igmpsnooping querier 1 Netgear switch vlan exit Netgear switch config Netgear switch config ip igmpsnooping Netgear switch config exit Example 2 Show IGMP Querier Status To see the IGMP querier status use the following command Netgear switch show ip igmpsnooping querier 1 viban TD yie aR RED a E N E dl dae The Ao eee ere i Admin MJE 8 oxs can naa tele Veneta td Setanta E ste sntet avatars brea Active Query TP Addres Sis tevin eine anniek dep aeee gO aw ea ae es 10 10 10 1 Ouerier Intervalos s eede onan dene Booed xo E EA E ey ses tects 60 Query Packets Sent Count wees cis eee cet eee eee 242
142. ocedure in Section Adding a Unit to an Operating Stack Moving a Master to a Different Unit in the Stack 1 3 Using the movemanagement command move the master to the desired unit number The operation may take between 30 seconds and 3 minutes depending on the stack size and configuration The command is movemanagement lt fromunit id gt lt tounit id gt Make sure that you can log in on the console attached to the new master Use the show switch command to verify that all units rejoined the stack It is recommended that the stack be reset with the reload command after moving the master Removing a Master Unit from an Operating Stack 1 2 First move the designated master to a different unit in the stack using Moving a Master to a Different Unit in the Stack Second using Removing a Unit from the Stack remove the unit from the stack 20 14 Managing Switch Stacks v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Merging Two Operational Stacks It is strongly recommended that two functioning stacks each having an independent master not be merged simply by the reconnection of stack cables That process may result in a number of unpredictable results and should be avoided 1 Always power off all units in one stack before connecting into another stack 2 Add the units as a group by unplugging one stacking cable in the operational stack and physically conne
143. okup Netgear switch config ip name server 192 168 1 1 Netgear switch config sntp server time a netgear com where 192 168 1 1 is the public network gateway IP address for your device This method of setting DNS name look up can be used for any other applications that require a public IP address for example a RADIUS server 18 4 Simple Network Time Protocol SNTP v1 0 May 2008 Chapter 19 Syslog This section provides information about the Syslog feature Overview Syslog e Allows you to store system messages and or errors e Can store to local files on the switch or a remote server running a syslog daemon e Method of collecting message logs from many systems Persistent Log Files e Currently three one for each of the last three sessions e Each log has two parts e Start up log is the first 32 messages after system startup e Operational log is the last 32 messages received after the startup log is full e Files are stored in ASCII format e slog0 txt slog2 txt e olog0 txt olog2 txt Where 0 is for the boot 1 is for the last boot 2 is for the boot before that the third one overflows upon the next boot e Can be saved to local server to monitor at a later point in time 19 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Interpreting Log Files lt 130 gt JAN 01 00 00 06 0 0 0 0 1 UNKN 0x800023 bootos c 386 4 Event Oxaaaaaaaa LATA S
144. ommand be sure the code running on the management unit is the desired code revision for all units in the stack Once code is loaded to all members of the stack the units must be reset in order for the new code to start running Migration of Configuration With a Firmware Upgrade In some cases a configuration may not be carried forward in a code update For updates where this issue is to be expected the following procedure should be followed 1 Save the current configuration by uploading it from the stack using the copy command from the CLI Load new code into the stack manager Reboot the stack Upon reboot go into the boot menu and erase the configuration restore to factory defaults Continue with boot of operational code vw PF amp b Once the stack is up download the saved configuration back to the master This configuration should then be automatically propagated to all members of the stack 20 16 Managing Switch Stacks v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Code Mismatch If a unit is added to a stack and it does not have the same version of code as that of the master the following should happen e New unit will boot up and become a member of the stack e Ports on the added unit should remain in the detached state e A message should appear on the CLI indicating a code mismatch with the newly added unit e To have the newly added unit to merge
145. on a circuit different from that which the radio receiver is connected e Consult the dealer or an experienced radio TV technician for help 7000 Series Managed Switch Tested to Comply C with FCC Standards FOR HOME OR OFFICE USE Modifications made to the product unless expressly approved by NETGEAR Inc could void the user s right to operate the equipment Canadian Department of Communications Radio Interference Regulations This digital apparatus 7000 Series Managed Switch does not exceed the Class A limits for radio noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications iii v1 0 May 2008 Product and Publication Details Model Number Publication Date Product Family Product Name Home or Business Product Language Publication Part Number Publication Version Number 7XXX May 2008 Managed Switch 7000 Series Managed Switch Business English 202 10238 02 1 0 v1 0 May 2008 Contents NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 About This Manual Conventions Formats and SCOGS i ccssdscecdeasivicnddussiscnncendedendensanirqendenial aaa aeei XV Hon OU e TMS IE Sisnct ict readcansysicde teens ds earenseaveda nedaiecgeneaacelu aw igcuneateoie eens xvi Fow To Fan Pis ISN eaaa xvi ao ela i et e A E EE E EE cages A A E T xvii Chapter 1 Introduction CST IE IST saorane E 1 1 PENE aaa a aa
146. on and so do its stack members All remaining switches including the former stack masters reload and join the switch stack as stack members They change their stack member numbers to the lowest available numbers and use the stack configuration of the re elected stack master Therefore when you merge two powered stacks you cannot control which unit becomes stack master and which configuration is used For these reasons it is recommended that powered switches be powered down before adding to an existing operating stack e Removing powered on stack members can cause the switch stack to divide partition into two or more switch stacks each with the same configuration However if cabled properly the switch stack should not divide e Ifthe switch stack divides and you want the switch stacks to remain separate change the IP address or addresses of the newly created switch stacks e Ifyou did not intend to partition the switch stack e Power off the newly created switch stacks e Reconnect them to the original switch stack through their stacking ports e Power on the switches Managing Switch Stacks 20 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Switch Stack Cabling FSM73xxS Figure 20 1 and Figure 20 2 illustrate how individual switches are interconnected to form a stack You can use the regular Category 5 Ethernet 8 wire cable Interconnect ports 27 and 28 as shown FSM73285 FSM7
147. oncepts and recommended operating procedures to manage Netgear stackable managed switches running Release 4 x x x or newer Netgear stackable managed switches include the following models e FSM7328S FSM7352S FSM7352PS e GSM7328S e GSM7352S gt Note The FSM family and GSM family cannot be stacked together at this point This chapter includes the following topics e Initial installation and power up of a stack e Removing a unit from the stack e Adding a unit to an operating stack e Replacing a stack member with an new unit e Renumbering stack members e Moving the master to a different unit in the stack e Removing a master unit from an operating stack e Merging two operational stacks e Pre configuration e Upgrading firmware e Migration of configuration with a firmware upgrade 20 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Understanding Switch Stacks A switch stack is a set of up to eight Ethernet switches connected through their stacking ports One of the switches controls the operation of the stack and is called the stack master The stack master and the other switches in the stack are stack members The stack members use stacking technology to behave and work together as a unified system Layer 2 and Layer 3 protocols present the entire switch stack as a single entity to the network The stack master is the single point of stack wide management From the
148. onfig interface 0 8 Interface 0 8 addport 1 2 Interface 0 8 exit Config interface 0 9 Interface 0 9 addport 1 2 Interface 0 9 exit Config exit PvP vYPVYPD PVP YP PVP VP YP YP Dp Example 3 Enable both LAGs By default the system enables link trap notification Console config Console Config port channel adminmode all Console Config exit At this point the LAGs could be added to VLANs Link Aggregation 6 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 6 4 Link Aggregation v1 0 May 2008 Chapter 7 IP Routing Services IP routing services are divided into five areas e Port Routing e VLAN Routing e Routing Information Protocol RIP e Open Shortest Path First OSPF Protocol e Proxy Address Resolution Protocol ARP Port Routing The first networks were small enough for the end stations to communicate directly As networks grew Layer 2 bridging was used to segregate traffic a technology that worked well for unicast traffic but had problems coping with large quantities of multicast packets The next major development was routing where packets were examined and redirected at Layer 3 End stations needed to know how to reach their nearest router and the routers had to understand the network topology so that they could forward traffic Although bridges tended to be faster than routers using ro
149. onfiguration With a Firmware Upgrade n 20 16 Coge IEA TCLS Meee rennet corey mene tte pent erent ee tener renrttes erent een etary 20 17 Chapter 21 Pre Login Banner CVGIVIGN E E A EE E nia E E E 21 1 E e E E E E E T r E E 21 1 Example 1 Create a Pre Login Banner sssssssssssssssssssssssirssrrrssrnnernnssnnesnnesnnns 21 1 v1 0 May 2008 Chapter 22 IGMP Querier GLE NPER ccaseccacracessnecbiasaniaciiaccanenskn edith N 22 2 Example Si Enable IGMP Queer cscecscsiccecssaanvort annda E A a 22 2 Example 2 Show IGMP Querier Status 0 ccccccsseeeeeeeeeseeeeeeeceesneeeeeeaeeeseeeaeees 22 2 Chapter 23 DNS EG E EE E E A E EE A A E A E E T 23 1 Era O a a aan En eRe 23 1 Example 1 Specify Two DNS Servers cc csccsccsesusscesccneenceaancessescauscurseseneace 23 1 CEIC OMNO a capemeeeee pare nea peerter es ereerrrctr ne cern ener te ete eee Nene crs emer errr ree 23 2 Web literate Proce une nirani aAA 23 2 Example 2 Manually Add a Host Name and an IP Address 23 3 UU AUN S icini kacemnanenacs deme pdaesoncend Sausdaanesace danteaesavendentaceacaade 23 3 Wep internace WOES nerusna cxtasss ceazendsiicuuesedaanunetedenmiSgue aE NASSA 23 3 Chapter 24 DHCP Server E a a AE E 24 1 FEAT USNS rienshanin aaa 24 1 Example 1 Configure DHCP Server in Dynamic Mode n 24 1 2B Ges a E E E E rer E E E rrrrtrr reenter rete 24 1 Wep NAOT REG PROCS soriiiniiriiionien nite a aE aS 24 2 Example 2 Configure a DHCP Server in
150. onment the running configuration is saved in all units of the stack logout User EXEC Logs the user out of the networking device Privileged EXEC show network User EXEC Displays the following network configuration information e IP Address IP Address of the interface default 0 0 0 0 e Subnet Mask IP Subnet Mask for the interface default 0 0 0 0 e Default Gateway The default Gateway for this interface default 0 0 0 0 e Burned in MAC Address The Burned in MAC Address used for in band connectivity e Locally Administered MAC Address Can be configured to allow a locally administered MAC address e MAC Address Type Specifies which MAC address should be used for in band connectivity e Network Configurations Protocol Current Indicates which network protocol is being used default none e Management VLAN Id Specifies VLAN id e Web Mode Indicates whether HTTP Web is enabled e Java Mode Indicates whether java mode is enabled network parms Privileged Sets the IP address subnet mask and gateway of the router The lt ipaddr gt lt net EXEC IP address and the gateway must be on the same subnet IP mask gt gateway address range is from 0 0 0 0 to 255 255 255 255 copy nvram star _ Privileged Starts the configuration file upload displays the mode and type tup config EXEC of upload and confirms the upload is progressing ftp i pee eos The URL must be specified as xmodem lt filepath gt lt filen
151. onnection to the console port of the master e A network management application through the Simple Network Management Protocol SNMP 20 2 Managing Switch Stacks v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Switch Stack Membership A switch stack has up to eight stack members connected through their stacking ports A switch stack always has one stack master A standalone switch is a switch stack with one stack member that also operates as the stack master You can connect one standalone switch to another to create a switch stack containing two stack members with one of them being the stack master You can connect standalone switches to an existing switch stack to increase the stack membership If you replace a stack member with an identical model the new switch functions with exactly the same configuration as the replaced switch assuming that the new switch is using the same member number as the replaced switch For information about the benefits of preconfiguring a switch stack see Preconfiguration on page 20 15 The operation of the switch stack continues uninterrupted during membership changes unless you remove the stack master or you add powered on standalone switches or switch stacks e Adding powered on switches merging causes the stack masters of the merging switch stacks to elect a stack master from among themselves The re elected stack master retains its role and configurati
152. ori oaas 11 4 viii v1 0 May 2008 Chapter 12 IGMP Snooping OE Toy epee E ener ec E Preece tc E E rrr ree tere A ee rere 12 1 ie Ge 221 Aho Meee Perret ere Penge A Tremere Terres 12 1 Example 1 Enable IGMP Snooping visi isastiscocusstncatauisiea tise anduneneibinioneiien 12 1 Example 2 SHOW IGINPSMOO DING cciccssianciessiconmeressnontenycncatnegnedsnonierecaqnaniedcacneanies 12 2 Example 3 show mac address table ig MPSNOOPING cceeeeeeeeeeeenteeeeeeeeenaaes 12 2 Chapter 13 Port Security E E sacs sia ria tsraa E E A E E A A did N N amass 13 1 Bee eA e A A E A E A E A tach E cna eves 13 2 CN EAS aiia A agi tanaa anaes pataee nana 13 3 Examples Bow Pol SOCUING opmsnncsanekiabi nianna 13 3 Example 2 show port security on a specific interface eener 13 3 Example 3 Config POSEGU iioii ninaa aa 13 3 Chapter 14 Traceroute GENE SAE naoa ai as SA a a ASSE 14 2 Chapter 15 Configuration Scripting B E E E A T E A E A E A A E E E A 15 1 Ea MCS TAU MIS eb a E E E E E A E E Saas 15 1 GLE AMDE iren a a a 15 1 mile hs BONN sannana 15 2 Example 2 Script list and script GGG siti cased persion scmnaveninia smears 15 2 Example 3 script apply TANMINGHCOMIGQISE c ccducsicesciutsees eirnodesesssnoodscedounces ed deenben 15 2 Example 4 Creating a Configuration Script cccceesceeeeeeeeeeeeeeeeeeeeeeeeeseeneeees 15 3 Example 5 Upload a Configuration Script cccccccecseeeeseeeeeeeeeeeeeeeeeceeeenaeeeee 15 3 C
153. orts v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Chapter 26 802 1x Port Security This section describes how to configure the 802 1x Port Security feature on a switch port IEEE 802 1x authentication prevents unauthorized clients from connecting to a VLAN unless these clients are authorized by the server Overview 802 1x Port Security e Prevents unauthorized clients from connecting to a VLAN e Can be configured on a per port basis Example The following is an examples of how the 802 1x Port Security feature is used Example 1 Enable 802 1x Authentication on One Port in a VLAN The following example shows how to enable 802 1x authentication on one port and to allow only the user with the name adam to access the VLAN 802 1x Port Security 26 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Layer 2 Switch Layer 2 Switch _ sessesessaas oe w Figure 26 1 The example is shown as CLI commands and as a Web interface procedure CLI Commands To use the CLI to enable 802 1x authentication on one port and to allow only the user with the name adam to access the VLAN enter the following CLI commands Create a VLAN 100 then add 1 0 1 to this VLAN and assign IP address 192 168 1001 to it etgear Switch vlan database tgear Switc Vlan vlan 100 tgear Switc Vlan vlan routing 100 tgear Switc
154. ospf cost 64 Interface 1 0 4 exit Config exit PY YP YD YP YD YP Proxy Address Resolution Protocol ARP This section describes the Proxy Address Resolution Protocol ARP feature Overview e Proxy ARP allows a router to answer ARP requests where the target IP address is not the router itself but a destination that the router can reach e Ifahost does not know the default gateway proxy ARP can learn the first hop e Machines in one physical network appear to be part of another logical network e Without proxy ARP a router will only respond to an ARP request if the target IP address is an address configured on the interface where the ARP request arrived IP Routing Services 7 21 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 CLI Examples The following are examples of the commands used in the proxy ARP feature Example 1 show ip interface Netgear Switch show ip interface lt slot port gt Enter an interface in slot port format brief Display summary information about IP configuration settings for all ports Netgear Switch show ip interface 0 24 ROUEIENG MODS so ieee hate ee eM ate A eee ite aI Seatac EASES Disable Administrative MOMS seh ras ekee Stone eke a e E eo Enable Forward Net Directed Broadcasts Disable POR ARPA AS Eaa e Sia ie hh E ey gee eae wc we EE wtb seit tisk dete tates Disable
155. oth users can log in without a password Netgear strongly recommends that the network administrator creates a unique password for the administrative user before placing the switch into production The following screen shows an example of the PCC NETGEAR GSM7328FS gt 24 SFP Pont padit Layer 3 Managed Sachabie Sanh wn 4 10 Goadbt Sots touheg Qos ecurity Monitoring Maintenance Hels ndes poow VLAN Configuration Reset ewe eetaper atom VLAN Configuration Figure 4 2 Using the Web Interface 4 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 The new PCC web interface has the following four new significant features 1 A layout change The new layout organizes the navigation pane into two rows of tags as shown in the following screen z GSM7328FS N E T G E A R 24 SFP Port Gigabit Layer 3 Managed Stackable Switch with 4 10 Gigabit Slots System Switching Routing Security Monitoring Maintenance Help Index Locour Figure 4 3 e Main Tags The PCC provides the following main tags System This tag contains configuration and status information for system features and services such as the timer DNS server IP address and system resource usage Switching This tag contains features that relate to Layer 2 services such as VLANs link aggregation spanning tree protocol port configuration and the MAC address table Routing This tag contains Layer 3 services such as V
156. outing 5 Create an ACL with ID 101 a From the main menu select Security gt ACL gt Advanced gt IP ACL A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Management Security Accoss Port Authentication Traffic Control Basic IP ACL Advanced ACE IP ACL gt IP Rules Current Number of ACL gt IP Extended Rules iiniu ACL gt IP Binding Configuration gt Binding Table IP ACL Table IP ACLID Rules Type Ss Figure 9 27 b Inthe IP ACL ID field of the IP ACL Table enter 101 c Click Add Access Control Lists ACLs 9 29 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 6 Create an ACL with ID 102 a b Inthe IP ACL ID field of the IP ACL Table enter 102 C From the main menu select Security gt ACL gt Advanced gt IP ACL A screen similar to the following displays System Switching Routing QoS Security Manogement Security Access Port Authentication Troffic Control Basic IP ACL Advanced IP ACL gt IP Rules gt IP Extended Rules gt IP Binding Configuration gt Binding Table IP ACL Current Number of ACL Maximum ACL IP ACL Table Monitoring Maintenance Help IP ACL ID Rules Type F 101 0 Extended Figure 9 28 Click Add 7 Create an ACL with ID 103 a From the main menu select Security gt ACL gt Advanced gt IP ACL A screen sim
157. outing Wizard LAG Enabled s Network Mask 255 255 255 0 Port 2 3 4 5 6 7 8 9 1011 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 U 49 50 51 52 Figure 9 25 Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 38 e Inthe IP Address field enter 10 100 5 34 e Inthe Network Mask field enter 255 255 255 0 Click Unit 1 The ports display Click the gray box under port 38 twice until U displays The U specifies that the egress packet is untagged for the port Click Apply to save VLAN 38 4 Enable IP Routing a From the main menu select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays 9 28 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 c System Switch Routing QoS Security Monitoring Maintenance ing Routing Table VLAN ARP RIP OSPF Router Discovery VRRP Basic IP Configuration gt IP Configuration gt Statistics IP Configuration Advanced Default Time to Live 30 Routing Mode O Disable Enable IP Forwarding Mode ODisable Enable Maximum Next Hops 2 Figure 9 26 Under IP Configuration make the following selections e Next to Routing Mode select the Enable radio button e Next to IP Forwarding Mode select the Enable radio button Click Apply to enable IP R
158. ows how to assign the ports that will belong to VLAN 3 and to specify that untagged frames will be accepted on port 1 0 4 Note that port 1 0 2 belongs to both VLANs and that port 1 0 1 can never belong to VLAN 3 Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Config interface range 1 0 2 1 0 4 conf if range 1 0 2 1 0 4 vlan participation include 3 conf if range 1 0 2 1 0 4 exit Config interface 1 0 4 Interface 1 0 4 vlan acceptframe all Interface 1 0 4 exit Config exit Example 4 Assign VLANS as the Default VLAN This example shows how to assign VLAN 3 as the default VLAN for port 1 0 2 Netgear Switch config Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 vlan pvid 3 Netgear Switch Interface 1 0 2 exit Netgear Switch Config exit Virtual LANs 5 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Graphical User Interface Use the following screens to perform the same configuration using the Graphical User Interface e Switching gt VLAN gt Configuration To create the VLANs and specify port participation e Switching gt VLAN gt Port Configuration To specify the handling of untagged frames on receipt and whether frames will be transmitted tagged or untagged 5 4 Virtual LANs v1 0 May
159. p Interface vlan 10 exit Config interface vlan 20 Interface vlan 20 ip rip Interface vlan 20 exit Config exit IP Routing Services 7 9 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 VLAN Routing OSPF Configuration For larger networks Open Shortest Path First OSPF is generally used in preference to RIP OSPF offers several benefits to the administrator of a large and or complex network e Less network traffic Routing table updates are sent only when a change has occurred Only the part of the table which has changed is sent Updates are sent to a multicast not a broadcast address e Hierarchical management allowing the network to be subdivided The top level of the hierarchy of an OSPF network is known as an autonomous system AS or routing domain and is a collection of networks with a common administration and routing strategy The AS is divided into areas intra area routing is used when a source and destination address are in the same area and inter area routing across an OSPF backbone is used when they are not An inter area router communicates with border routers in each of the areas to which it provides connectivity The 7000 Series Managed Switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route The order for choosing a route if more than one type of route exists is as follows
160. ply to save VLAN 24 2 Create VLAN 48 with IP address 192 168 48 1 a From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Security Monitoring Maintenance Help Routing Table IP i ARP OSPF Router Discovery VRRP VLAN Routing VLAN Routing Wizard Wizard VLAN Routing VLAN Routing Wizard Port 2 3 4 5 6 7 86 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 u 49 50 51 52 Figure 9 24 b Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 48 e Inthe IP Address field enter 192 168 48 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 48 twice until U displays The U specifies that the egress packet is untagged for the port Access Control Lists ACLs 9 27 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e Click Apply to save VLAN 48 3 Create VLAN 38 with IP address 10 100 5 34 a e From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP ARP RIP OSPF Routor Discovery VRRP Security Monitoring Maintenance Help VLAN Routing VLAN Routing Wizard Wizard VLAN Routing VLAN R
161. r 12 7 210 170 219 141 140 10 Config ip domain lookup Switch Config exit Switch Switch ping www netgear com Send count 3 Receive count 3 from 206 82 202 46 Web Interface Procedure To use the Web interface to specify two DNS servers proceed as follows 1 From the main menu select System gt Management gt DNS gt DNS Configuration A screen similar to the following displays gt System gt System System Switching Routing QoS Security Monitoring Maintenance Information gt Switch Statistics DNS Configuration Device View Services Stocking SNMP DNS Configuration ONS Status Disable Enable DNS Default Name 0 to 255 characters Resource gt IP Configuration gt Slot Information gt Time DNS DNS Server Configuration a eee eee eee eee ee a Configuration 12 7 210 170 2 219 141 140 10 Figure 23 1 Under DNS Server Configuration in the DNS Server field enter 12 7 210 170 Under DNS Server Configuration in the DNS Server field enter 219 141 140 10 Click Add 2 3 Click Add 4 5 Both DNS s ervers now show in the DNS Server Configuration table 23 2 DNS v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 2 Manually Add a Host Name and an IP Address The following example shows commands to add a static host name entry to the switch so that you can use this entry to
162. r Switch Config classofservice trust dotlp Note The Traffic Class value range is lt 0 6 gt instead of lt 0 7 gt because queue 7 is P reserved in a stacking build for stack control and is therefore not configurable by the user Traffic Shaping This section describes the Traffic Shaping feature Traffic shaping controls the amount and volume of traffic transmitted through a network This has the effect of smoothing temporary traffic bursts over time CLI Example Use the traffic shape command to enable traffic shaping by specifying the maximum transmission bandwidth limit for all interfaces Global Config or for a single interface Interface Config The lt bw gt value is a percentage that ranges from 0 to 100 in increments of 5 The default bandwidth value is 0 meaning no upper limit is enforced which allows the interface to transmit up to its maximum line rate The bw value is independent of any per queue maximum bandwidth value s in effect for the interface and should be considered as a second level transmission rate control mechanism that regulates the output of the entire interface regardless of which queues originate the outbound traffic 10 6 Class of Service CoS Queuing v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 1 traffic shape Netgear Switch Config traffic shape lt bw gt Enter the shaping bandwidth percentage from 0 to 1
163. r Switch Netgear Switch Config interface vlan 10 Netgear Switch Interface vlan 10 ip address 192 150 3 1 255 255 255 0 Interface vlan 10 exit Config interface vlan 20 Netgear Switch Netgear Switch Netgear Switch Interface vlan 20 ip address 192 150 4 1 255 255 255 0 Interface vlan 20 exit Config exit VLAN Routing RIP Configuration Routing Information Protocol RIP is one of the protocols which may be used by routers to exchange network topology information It is characterized as an interior gateway protocol and is typically used in small to medium sized networks A router running RIP will send the contents of its routing table to each of its adjacent routers every 30 seconds When a route is removed from the routing table it will be flagged as unusable by the receiving routers after 180 seconds and removed from their tables after an additional 120 seconds There are two versions of RIP e RIPv1 defined in RFC 1058 Routes are specified by IP destination network and hop count The routing table is broadcast to all stations on the attached network e RIPv2 defined in RFC 1723 Route specification is extended to include subnet mask and gateway The routing table is sent to a multicast address reducing network traffic An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP You may configure a gi
164. re an SNMP V3 new user profile 1 Select System gt Configuration gt User Accounts from the hierarchical tree on the left side of the web interface 2 Using the User pulldown menu select Create to create a new user Enter a new user name in the User Name field 4 Enter a new user password in the Password field and then retype it in the Confirm Password field gt Note If SNMPv3 Authentication is to be used for this user the password must be eight or more alphanumeric characters 5 Ifyou do not need authentication go to Step 9 6 To enable authentication use the Authentication Protocol pulldown menu to select either MDS or SHA for the authentication protocol If you do not need encryption go to Step 9 8 To enable encryption use the Encryption Protocol pulldown menu to select DES for the encryption scheme Then enter in the Encryption Key field an encryption code of eight or more alphanumeric characters 9 Click Submit 4 6 Using the Web Interface v1 0 May 2008 Chapter 5 Virtual LANs Adding Virtual LAN VLAN support to a Layer 2 switch offers some of the benefits of both bridging and routing Like a bridge a VLAN switch forwards traffic based on the Layer 2 header which is fast and like a router it partitions the network into logical segments which provides better administration security and management of multicast traffic A VLAN is a set of end stations and the switch ports that connect t
165. riodic Reauthentication M Port Control Mod Requests Reauthentication Period Period a Period Timeout Timeout e eee b Figure 26 6 26 6 802 1x Port Security v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 b Under Port Authentication enter the following information e Inthe Max Users field enter 4 e Select Mac based from the Port Method pulldown menu c Click Apply to save the settings 802 1x Port Security 26 7 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 26 8 802 1x Port Security v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Chapter 27 Double VLANs This section describes how to configure the Double VLAN DVLAN feature on the switch A DVLAN is a way to pass traffic of customers who have multiple VLANs from one customer domain to another customer domain Custom VLAN IDs are preserved and a provider service VLAN ID is added to the traffic so that the traffic can pass the metro core in a simple and cost effective manner Overview Double VLANs e Pass customer traffic from one customer domain to another through the metro core e Select customer ports and a service provider port Example Example 1 Enable a Double VLAN on a VLAN In the following example the two switches have the same configuration Double VLANs 27 1 v1 0 May 2008 NETGEAR 7000 Series
166. rm the time has been received The time will be used in all logging messages Netgear Switch show sntp server Server IP Address 208 14 208 19 Server Type ipv4 Server Stratum 4 Server Reference Id NTP Srv 208 14 208 3 Server Mode Server Server Maximum Entries 3 Server Current Entries i SNTP Servers IP Address 208 14 208 19 Address Type IPV4 Priority 1 Version 4 Port 123 Last Update Time Mar 26 03 36 09 2006 Last Attempt Time Mar 26 03 36 09 2006 Last Update Status Success Total Unicast Requests 2 Failed Unicast Requests 0 Simple Network Time Protocol SNTP 18 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 5 Setting Time Zone The SNTP NTP server is set to Coordinated Universal Time UTC by default The following example shows how to set the time zone to Pacific Standard Time PST which is 8 hours behind GMT UTC Netgear switch config clock timezone PST 8 Example 6 Setting Named SNTP Server Netgear provides SNTP servers accessible by Netgear devices Because Netgear may change IP addresses assigned to its time servers it is best to access a SNTP server by DNS name instead of using a hard coded IP address The public time servers available are time a time b and time c To use this feature follow the steps below Enable a DNS name server and access a time server with the following commands Netgear switch config ip domain lo
167. rom the already connected console port or remotely through an interface defined during the initial configuration The switch is not configured with a default user name and password All of the settings below are necessary to allow the remote management of the switch through Telnet Telnet client or HTTP Web browser Before setting up the initial configuration of the switch obtain the following information from your network administrator e The IP address to be assigned to the management interface through which the switch is managed The IP subnet mask for the network e The IP address of the default gateway Initial Configuration Procedure You can perform the initial configuration using the Easy Setup Wizard or by using the Command Line Interface CLD The Setup Wizard automatically starts when the switch configuration file is empty You can exit the wizard at any point by entering ctrl z For more information on CLI initial configuration see the User s Configuration Guide This guide shows how to use the Setup Wizard for initial switch configuration The wizard sets up the following configuration on the switch e Establishes the initial privileged user account with a valid password The wizard configures one privileged user account during the set up e Enables CLI login and HTTP access to use the local authentication setting only e Sets up the IP address for the management interface e Sets up the SNMP community string
168. routing Netgear Switch Interface 1 0 4 ip address 192 150 4 1 255 255 255 0 Netgear Switch Interface 1 0 4 exit Enable VRRP for the switch Netgear Switch Config ip vrrp 20 Assign virtual router IDs to the port that will particpate in the protocol Netgear Switch Config interface 1 0 4 Netgear Switch Interface 1 0 4 ip vrrp 20 Specify the IP address that the virtual router function will rec ognize Since the virtual IP address on port 1 0 4 is the same as Router 1 s port 1 0 2 actual IP address this router will always be the VRRP backup when Router 1 is active etgear Switch Interface 1 0 4 ip vrrp 20 ip 192 150 2 1 Set the priority for the port The default priority is 100 etgear Switch Interface 1 0 4 ip vrrp 20 priority 254 Enable VRRP on the port etgear Switch Interface 1 0 4 ip vrrp 20 mode etgear Switch Interface 1 0 4 exit etgear Switch Config exit 8 4 Virtual Router Redundancy Protocol v1 0 May 2008 Chapter 9 Access Control Lists ACLs This section describes the Access Control Lists ACLs feature Overview Access Control Lists ACLs can control the traffic entering a network Normally ACLs reside in a firewall router or in a router connecting two internal networks When you configure ACLs you can selectively admit or reject inbound traffic thereby controlling access to your network or to specific resources on your network You can set up ACLs to control traffic at Layer
169. rs cnereucazcnenevsivaadeas R 7 5 CLI ERGO S enna eia a E E O ENEE 7 5 Example 1 Create Two VLANS sac ciesacataal awssiraaninuinedeannodes naain 7 6 Example 2 Set Up VLAN Routing for the VLANs and the Switch 0 7 6 vi v1 0 May 2008 VLAN Fouling RIF Commarea sierras cdna r 7 7 CLEDES ccs scan Sess iaa A AOA a N 7 8 VLAN Roding OSPF Comigura NON cisien idieianioaielnvonnmae 7 10 CUE m E an a T N 7 10 Routing iormmation Protool ssosiauassirisnanounin nadae aaea AEAEE 7 12 RIP Ore 18 Pec sirni a a errr eer 7 12 CEB elie Qeepeeee creer ee ere repr errr ENTA 7 13 Example 1 Enable Routing for the Switch 0 cccceeeeccceeeceeeeeeeeeeeeeeeeneeeeees 7 13 Example 2 Enable Routing for POTIS sicidsscicncmcccsconmencstenniendesunnieecmseonmereanraate 7 14 Example 3 Enable RIP for the Switch 0 eccecccceeeseeceeeseeeeeeeeeeeeaeeeseeeeeenans 7 14 Example 4 Enable RIP for ports 1 0 2 and 1 0 39 scesssceceeeesstseetnenencans P15 ia asin a aes clan O aa area E E EE ia arg on A neuen acute cada Liem ts 7 15 GU at aatsatin clea tode ds Stina qtciuti tue teulg a 7 16 Example 1 Configuring an Inter Area Router eeeeeeeeceeeeeeeeeeeeteeeeeaes 7 17 Example 2 Configuring OSPF on a Border Router aseeseen 7 19 Proxy Address Resolution Protocol ARP enssrenimsnnnanea 7 21 EE E E T A E E N T A Raa EEN E A 7 21 CERI NOS opara a A 7 22 Example F1 Show P PINS PY ca cs saistsiees pans tanita
170. stack master you configure e System level global features that apply to all stack members e Interface level features for all interfaces on any stack member A switch stack is identified in the network by its network IP address The network IP address is assigned according to the MAC address of the stack master Every stack member is uniquely identified by its own stack member number All stack members are eligible stack masters If the stack master becomes unavailable the remaining stack members participate in electing a new stack master from among themselves A set of factors determine which switch is elected the stack master These factors are 1 The switch that is master always has priority to retain the role of master 2 Assigned priority 3 MAC address If the master cannot be selected by 1 then 2 is used If 2 does not resolve which stack member becomes stack master then 3 is used The stack master contains the saved and running configuration files for the switch stack The configuration files include the system level settings for the switch stack and the interface level settings for all stack members Each stack member retains a copy of the saved file for backup purposes If the master is removed from the stack another member will be elected master and will then run from that saved configuration You can use these methods to manage switch stacks e Stack web interface e Command line interface CLI over a serial c
171. sword For security reasons you should change the password by typing Y If you have already set the password and do not wish to change it again just enter N Enter new password Confirm new password Password Changed The enable password required for switch configuration via the command line interface is currently not configured Do you wish to change it Y N Q y Enter new password Confirm new password Password Changed Setting Up the Switch IP Address After the password for both Admin and Enable mode is changed you will be prompted to setup the IP address of the switch Assigning an IP address to your switch management Current IP Address Configuration IP address 0 0 0 0 Subnet mask 0 0 0 0 Would you like to assign an IP address now Y N Q y IP Address Ezconfig will display the current IP address and subnet mask By default the network management IP address uses DHCP protocol to have a DHCP server assign its IP address automatically However you can overwrite the DHCP client mode by assigning a fixed IP address here Once a fixed IP address is assigned Ezconfig automatically disables DHCP client mode and assigns the static IP address to the management VLAN 3 2 Using Ezconfig for Switch Setup v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 If an IP address is already assigned and you do not wish
172. t Authentication Traffic Control ACL User Authentication List Configuration RADIUS Authentication List Login List Name s Authentication List Hdotixtis Undefined Undefined gt Login Sessions C defaultList Local Undefined Undefined Figure 26 4 b Under Authentication List in the List Name field enter dot1xList without the quotes c Click Add 802 1x Port Security 26 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 5 Enable port authentication a From the main menu select Security gt Port Authentication gt Basic gt 802 1x Configuration A screen similar to the following displays System Switching Routing QoS Security Management Security Access t Aut Traffic Control ACL Basic 802 1X Configuration gt 802 1x Configuration Mode Advanced Administrative Mode ODisable Enable 802 1X Configuration Users adam Login Figure 26 5 b Under Mode next to Administrative Mode select the Enable radio button c Under 802 1X Configuration select the following e Select adam from the Users pulldown menu e Select dot1xList from the Login pulldown menu d Click Apply to save the changes 6 Configure the MAC based port method a From the main menu select Security gt Port Authentication gt Advanced gt Port Authentication A screen similar to the following displays Port Authentication Port Autheotication m Pe
173. tch Netgear Switch Netgear Switch Netgear Switch Netgear Switch Config service dhcp Config ip dhcp pool pool_manual Config client name dhcpclient Config hardware address 00 01 02 03 04 05 Config host 192 168 200 1 255 255 255 0 Config client identifier 01 00 01 02 03 04 05 gt Note The unique identifier is a concatenation of the media type and MAC addresses For example the Microsoft client identifier for Ethernet address c8 19 24 88 f1 77 is 01 c8 19 24 88 f1 77 where 01 represents the Ethernet media type For more information see the Address Resolution Protocol Parameters section of RFC 1700 24 4 DHCP Server v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Web Interface Procedure To use the Web interface to create a DHCP server with a manual pool proceed as follows 1 From the main menu select System gt Services gt DHCP Server gt DHCP Server Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance f Manogement Device View Stocking SNMP DHCP Server Configuration DHCP Server Configuration gt DHCP Pool Configuration DHCP Pool Options DHCP Server Statistics DHCP Bindings Conflict Logging Mode ODisable eEnable Information Bootp Automatic Mode Disable O Enable DHCP Conflicts Information gt DHCP Relay Excluded
174. tch Config interface 1 0 48 Netgear Switch Interface 1 0 48 ip access group 101 in 1 Netgear Switch Interface 1 0 48 ip access group 103 in 2 Netgear Switch Interface 1 0 48 exit Web Interface Procedure To use the Web interface to isolate VLANs on a Layer 3 switch by using ACLs proceed as follows 1 Create VLAN 24 with IP address 192 168 24 1 a From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP t ARP RIP OSPF Router Discovery VRRP Security Monitoring Maintenance Help i VLAN Routing VLAN Routing Wizard Wizard gt VLAN Routing VLAN Routing Wizard LAG Enabled IP Address 192 168 24 1 Network Mask Port 2 3 4 S 6 7 8 9 1011 12 13 14 15 16 17 18 19 20 21 22 23 24 u 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Figure 9 23 9 26 Access Control Lists ACLs v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 b Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 24 e Inthe IP Address field enter 192 168 24 1 e Inthe Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 24 twice until U displays The U specifies that the egress packet is untagged for the port e Click Ap
175. tch to begin configuration In band and Out of band Connectivity Ask the system administrator to determine whether you will configure the switch for in band or out of band connectivity Configuring for In band Connectivity In band connectivity allows you to access the switch from a remote workstation using the Ethernet network To use in band connectivity you must configure the switch with IP information IP address subnet mask and default gateway Configure for In band connectivity using one of the following methods e BootP or DHCP e EIA 232 port Using BootP or DHCP You can assign IP information initially over the network or over the Ethernet service port through BootP or DHCP Check with your system administrator to determine whether BootP or DHCP is enabled You need to configure the BootP or DHCP server with information about the switch obtain this information through the serial port connection using the show network command Set up the server with the following values IP Address Unique IP address for the switch Each IP parameter is made up of four decimal numbers ranging from 0 to 255 If there is no DHCP server available to assign an IP address to the switch via DHCP the default IP address for the switch is 169 254 100 100 Subnet Subnet mask for the LAN 2 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 gateway IP address of the default router if the switch is a
176. ted Dest IP not in range Layer 2 Switch 192 168 77 1 192 168 77 4 192 168 77 9 192 168 77 2 Figure 9 1 The following is an example of configuring ACL support on a 7000 Series Managed Switch Access Control Lists ACLs 9 3 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Create ACL 101 Define the first rule the ACL will permit packets with a match on the specified source IP address after the mask has been applied that are carrying TCP traffic and that are sent to the specified destination IP address Netgear Switch config Netgear Switch Config access list 101 permit tcp 192 168 77 0 0 0 0 255 192 178 77 0 0 0 0 255 Define the second rule for ACL 101 Define the rule to set similar conditions for UDP traffic as for TCP traffic Netgear Switch Config access list 101 permit udp 192 168 77 0 0 0 0 255 192 L787 FO 040402595 Apply the rule to inbound traffic on port 1 0 2 Only traffic matching the criteria will be accepted Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 ip access group 101 in Netgear Switch Interface 1 0 2 exit Netgear Switch Config exit Example 2 Configure a One Way Access Using a TCP Flag in an ACL This example shows how to set up one way web access using a TCP flag in an ACL PC1 can access FTP server and FTP server2 but PC2 only access FTP server2 Port 0 13
177. ted by using an Add operation e Refresh Refresh the data on the page such as log entry port statistics and other data 3 Index Page One of the unique features of the PCC is the Index page This page provides links to all available pages on the PCC allowing you to connect to each page directly On the Index page you can use your Web browser s search function to locate a particular feature and then connect directly to the page that enables you to view or configure that feature Note that when you access a page directly from the Index page the navigation pane does not adjust as it normally would when you navigate to the page by using a main tag and sub tag 4 Save the Configuration When you click the Apply button to save the changes the changes are applied to the switch but not saved into the permanent memory of the switch When you reboot the switch the changes are lost To save the changes into the permanent memory of the switch use the Save Configuration function that you can reach by clicking on the Maintenance tag and then on the Save Config tag Using the Web Interface 4 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Configuring an SNMP V3 User Profile Configuring an SNMP V3 user profile is a part of user configuration Any user can connect to the switch using the SNMPv3 protocol but for authentication and encryption additional steps are needed Use the following steps to configu
178. tgear Switc pypvovND YD PPP PY Netgear Switch Config interface vlan 38 Netgear Switch Interface vlan 38 routing Netgear Switch Interface vlan 38 ip address 10 100 5 34 255 255 255 0 Netgear Switch Interface vlan 38 exit Enable IP routing on the switch Netgear Switch Config ip routing Add a default route so that all the traffic without a destination is forwarded according to this default route Netgear Switch Config ip route default 10 100 5 252 Create ACL 101 to deny all traffic that has destination IP 192 168 24 0 24 Netgear Switch Config access list 101 deny ip any 192 168 24 0 0 0 0 255 Create ACL 102 to deny all traffic that has destination IP 192 168 48 0 24 Netgear Switch Config access list 102 deny ip any 192 168 48 0 0 0 0 255 Access Control Lists ACLs 9 25 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Create ACL 103 to permit all other traffic Netgear Switch Config access list 103 permit ip any any Deny all traffic with destination IP address 192 168 48 0 24 and permit all other traffic Netgear Switch Config interface 1 0 24 Netgear Switch Interface 1 0 24 ip access group 102 in 1 Netgear Switch Interface 1 0 24 ip access group 103 in 2 Netgear Switch Interface 1 0 24 exit Deny all traffic with destination IP address 192 168 24 0 24 and permit all other traffic Netgear Swi
179. the Route Type pulldown menu e Inthe Network Address field enter 192 168 30 0 e Inthe Subnet Mask field enter 255 255 255 0 e Inthe Next Hop IP Address field enter 192 168 200 1 c Click Add Example 3 Configure Isolated VLANs on a Layer 3 switch by Using ACLs This example shows how to isolate VLANs on a Layer 3 switch by using ACLs In this example PC1 is in VLAN 24 PC2 is in VLAN 48 and PC3 is in VLAN 38 PC1 and PC2 are isolated by an ACL but can both access the server Access Control Lists ACLs 9 23 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Port 1 0 38 10 100 5 34 Server Ba ha Ba Se Be He Preteen Layer 3 Switch Port 1 0 24 192 148 48 1 Port 1 0 24 192 148 24 1 192 148 24 2 192 148 48 2 Figure 9 22 The example is shown as CLI commands and as a Web interface procedure CLI Commands To use the CLI to isolate VLANSs on a Layer 3 switch by using ACLs enter the following CLI commands Create VLAN 24 add port 1 0 24 to it and assign IP address 192 168 24 1 to it Netgear Switch vlan database etgear Switch Vlan vlan 24 etgear Switch Vlan vlan routing 24 etgear Switch Vlan exit etgear Switch config etgear Switch Config interface 1 0 24 etgear Switch Interface 1 0 24 vlan participation include 24 etgear Switch Interface 1 0 24 vlan pvid 24 etgear Switch Interface
180. the following information e Select Create from the Pool Name pulldown menu e Inthe Pool Name field enter pool a e Select Dynamic from the Type of Binding pulldown menu 25 4 Protected Ports v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 e Inthe Network Number field enter 192 168 1 0 e Inthe Network Mask field enter 255 255 255 0 e In the Days field enter 1 e Click on Default Router Addresses The DNS server address fields display In the first router address field enter 192 168 1 254 e Click on DNS Server Addresses The router address fields display In the first DNS server address field enter 12 7 210 170 c Click Add 2 Configure a VLAN and include ports 1 0 23 and 1 0 24 in the VLAN a From the main menu select Routing gt VLAN gt VLAN Routing Wizard A screen similar to the following displays System Switching Routing Routing Table IP ARP RIP OSPF Router Discovery VRRP Security Monitoring Maintenance Help VLAN Routing Wizard VLAN Routing VLAN Routing Wizard ae Vian ID 192 LAG Enabled 192 168 1 254 Network Mask 255 255 255 0 Port 2 3 4 5 6 7 8 9 1011 12 13 14 15 16 17 18 19 20 21 22 23 24 u u 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Figure 25 3 b Enter the following information in the VLAN Routing Wizard e Inthe Vlan ID field enter 192 e Inthe IP Address fie
181. the top left of any page in the manual The PDF version of the complete manual opens in a browser window e Click the print icon in the upper left of your browser window O Tip If your printer supports printing two pages on a single sheet of paper you can x save paper and printer ink by selecting this feature Revision History Part Number Version Description Number 202 10238 01 1 0 Product update New firmware and new user Interface 202 10238 02 1 0 The following changes were made e The Web Interface Layout section in Chapter 4 Using the Web Interface was changed to introduce the Prosafe Control Center e New CLI and Web interface examples were added to the IP ACL Examples section in Chapter 9 Access Control Lists ACLs e Chapter 23 DNS was added e Chapter 24 DHCP Server was added e Chapter 25 Protected Ports was added e Chapter 26 802 1x Port Security was added e Chapter 27 Double VLANs was added xvii v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 xviii v1 0 May 2008 Chapter 1 Introduction This document provides an understanding of the CLI and Web configuration options for software Release 7 2 features Document Organization This document provides examples of the use of the switch software in a typical network It describes the use and advantages of specific functions provided by the 7000 Series Managed Switch
182. tion Traffic Control b MAC ACL IP Binding Configuration IP ACL gt IP ACL Binding Configuration gt IP Rules ACLID 102 Direction J inbound gt IP Extended Rules Sequence Number Be 1 to 4294967295 IP Bindin 9 Port Selection Table Configuration ending Table Pot 1 2 3 4 5 6 7 6 9 10141 12 13 14 15 16 17 16 19 20 21 22 23 24 v 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Interface Binding Status Direction ACL Type ACLID Sequence Number Figure 9 36 b Under Binding Configuration make the following selection and enter the following information e Select 102 from the ACL ID pulldown menu e Inthe Sequence Number field enter 1 c Click Unit 1 The ports display d Click on the gray box under port 24 A flag appears in the box e Click Apply to save the settings Access Control Lists ACLs 9 35 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 12 Apply ACL 101 to port 48 a From the main menu select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Manogement Security Access Port Authentication Traffic Control b MAC ACL IP Binding Configuration IP ACL gt IP ACL Binding Configuration gt IP Extended Rules Sequence Number Lao 1 to 4294
183. tion of the stack and individual members Once a save config command is issued all stack members store a copy of the configuration settings If a stack master becomes unavailable any stack member assuming the role of stack master will operate from the saved configuration files When a new out of box switch joins a switch stack it uses the system level settings of that switch stack However if you want it to store this system level configuration you must issue a save config command You back up and restore the stack configuration in the same way as you would for standalone switch configuration by using the copy command 20 8 Managing Switch Stacks v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Switch Stack Management Connectivity You manage the switch stack and the stack member interfaces through the stack master You can use the web interface the CLI and SNMP You cannot manage stack members on an individual switch basis Connectivity to the Switch Stack Through Console Ports You can connect to the stack master through the console port of the stack master only Connectivity to the Switch Stack Through Telnet You can connect to the stack master by using a Telnet connection to the IP address of the stack Switch Stack Configuration Scenarios Table 20 2 provides switch stack configuration scenarios Most of the scenarios assume at least two switches are connected through their st
184. traffic class and specifies the actions to be performed on packets meeting the class rules 11 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Marking the packet with a given DSCP code point IP precedence or CoS Policing packets by dropping or re marking those that exceed the class s assigned data rate Counting the traffic within the class e Service Assigns a policy to an interface for inbound traffic CLI Example This example shows how a network administrator can provide equal access to the Internet or other external network to different departments within a company Each of four departments has its own Class B subnet that is allocated 25 of the available bandwidth on the port accessing the Internet intermet Port 105 Outbound Layer 3 Swatch VLAN 10 VLAN 20 VLAN 40 Finance i Marketing j ers Development Figure 11 1 11 2 Differentiated Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 The following example configures DiffServ on a 7000 Series Managed Switch Netgear Netgear gear gear tgear oO oO tgear tgear tgear 0 0 oO tgear tgear tgear 0 Oo gear gear tgear oO oO tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear T70oooeoooeodoeovaoed Oo Ensur Switch config Switch
185. ts the destination download datatype to be an image sys lt ipaddress gt EXEC tem image or a configuration file nvram startup config lt filepath gt lt file ny names sys The URL must be specified as tem image xmodem lt filepath gt lt filename gt copy lt tftp Privileged Sets the destination download datatype to be a configuration lt ipaddress gt EXEC file fil h file R ee ae The URL must be specified as name gt gt tftp lt ipaddress gt lt filepath gt lt filename gt Before starting a TFTP server download you must configure the IP address Getting Started 2 13 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Table 2 1 Quick Start Commands Command Mode Description copy lt tftp Privileged Sets the destination download datatype to be an image lt ipaddress gt EXEC is Fil aput hs lt P te The URL must be specified as name gt gt sys tftp lt ipaddress gt lt filepath gt lt filename gt tem image The system image option downloads the code file clear config Privileged Enter yes when the prompt asks if you want to clear all the con EXEC figurations made to the networking device copy system run Privileged Enter yes when the prompt asks if you want to save the configu ning config EXEC rations made to the networking device nvram startup config reload or cold boot Privileged Enter yes when the prompt
186. ulldown menu c Click Add The Extended ACL Rule Configuration screen displays System Switching Management Security Access MAC ACL IP ACL gt IP ACL gt IP Rules IP Extended Rules gt IP Binding Configuration Binding Table Figure 9 31 Routing QoS Security Port Authentication Traffic Control Extended ACL Rule Configuration Extended ACL Rule Configuration 100 199 ACLID 101 Rule ID 1 to 23 1 Permit Deny False Action Match Every Protocol Type IP v TCP Flag FIN Ignore PSH Ignore Source IP Address Source IP Mask Source L4 Port v Destination IP Address 192 168 24 0 Destination IP Mask 0 0 0 255 Destination L4 Port v Monitoring Maintenance Help Index f Egress Queue 0 to 6 0 to 255 SYN ACK RST URG Ignore Ignore Ignore Ignore 0 to 65535 0 to 65535 Access Control Lists ACLs v1 0 May 2008 9 31 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 d e Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections e Inthe Rule ID field enter 1 e Next to Action mode select the Deny radio button e Select False from the Match Every pulldown menu e In the Destination IP Address field enter 192 168 24 0 e In the Destination IP Mask field enter 0 0 0 255 Click Apply to save the settings 9 Add and configure an IP extended rule that
187. uters allowed the network to be partitioned into logical subnetworks which restricted multicast traffic and also facilitated the development of security mechanisms An end station specifies the destination station s Layer 3 address in the packet s IP header but sends the packet to the MAC address of a router When the Layer 3 router receives the packet it will minimally e Look up the Layer 3 address in its address table to determine the outbound port e Update the Layer 3 header e Recreate the Layer 2 header The router s IP address is often statically configured in the end station although the 7000 Series Managed Switch supports protocols such as DHCP that allow the address to be assigned dynamically Likewise you may assign some of the entries in the routing tables used by the router statically but protocols such as RIP and OSPF allow the tables to be created and updated dynamically as the network configuration changes 7 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Port Routing Configuration The 7000 Series Managed Switch always supports Layer 2 bridging but Layer 3 routing must be explicitly enabled first for the 7000 Series Managed Switch as a whole and then for each port which is to participate in the routed network The configuration commands used in the example in this section enable IP routing on ports 1 0 2 1 0 3 and 1 0 5 The router ID will be set to the 7000 Series
188. uting Netgear Switch Routing config Config logging buffered cli command console host syslog Netgear Switch Routing Config logging host lt hostaddress gt reconfigure remove Netgear Switch Routing lt cr gt lt port gt Netgear Switch Routing lt cr gt lt severitylevel gt critical 2 error 3 warning 4 notice 5 info 6 debug 7 Netgear Switch Routing lt cr gt Buffered In Memory I Logging Configuration CLI Command Logging Configuration Console Logging Configuration Enter IP Address for Logging Host Syslog Configuration Enter Logging Host IP Address Logging Host Reconfiguration Logging Host Removal Config logging host 192 168 21 253 xecute the command ss Enter to nter Port Id fH Uv K Config logging host 192 168 21 253 4 Press Enter to execute the command Enter Logging Severity Level emergency 0 alert 1 Config logging host 192 168 21 253 41 xecute the command Press Enter to Netgear Switch Routing Netgear Switch Routing Config logging host 192 168 21 253 4 1 show logging hosts Index IP Address Severity Port Status 1 192 268 217 253 alert 4 Active Syslog 19 5 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 19 6 Syslog v1 0 May 2008 Chapter 20 Managing Switch Stacks This chapter describes the c
189. ve the VLAN that includes port 48 4 Enable IP Routing a From the main menu select Routing gt IP gt Basic gt IP Configuration A screen similar to the following displays 25 6 Protected Ports v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 System Swite Routing QoS Security Monitoring Maintenance P hing Routing Table VLAN AR RIP OSPF Router Discovery VRRP Basit IP Configuration gt IP Configuration gt Statistics IP Configuration Advanced Default Time to Live 30 Routing Mode O Disable Enable IP Forwarding Mode ODisable Enable Maximum Next Hops 2 Figure 0 1 b Under IP Configuration make the following selections e Next to Routing Mode select the Enable radio button e Next to IP Forwarding Mode select the Enable radio button c Click Apply to enable IP Routing 5 Configure default route for VLAN 202 a From the main menu select Routing gt Routing Table gt Basic gt Route Configuration A screen similar to the following displays System Switching Routing IP VLAN ARP RiP OSPF Router Discovery VRRP QoS Security Monitoring Maintenance Help Index iosour Basic Route Configuration Route Configure Routes Configuration Advanced Route Type Network Address Subnet mask Next Hop IP Address Preference E COES eee Ee Learned Routes l Route Network Next Hop Subnet mask Protocol Next Hop IP Address Pref
190. ven port e To receive packets in either or both formats e To transmit packets formatted for RIPv1 or RIPv2 or to send RIPv2 packets to the RIPv1 broadcast address e To prevent any RIP packets from being received e To prevent any RIP packets from being transmitted IP Routing Services 7 7 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 CLI Example This example adds support for RIPv2 to the configuration created in the base VLAN routing example A second router using port routing rather than VLAN routing has been added to the network Layer 3 Switch Router pon 1 05 192 150 4 1 Port 12 VLAN Router Port 1 31 192 150 3 1 Poet 1 073 VLAN Router Port 1 372 182 150 4 1 Figure 7 3 7 8 IP Routing Services v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example of configuring VLAN Routing with RIP support on a 7000 Series Managed Switch gear gear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear T9077 TO AAAMAADAAADAAADHAAADHAAHAA DOD A tgear tgear tgear tgear tgear n etgear e e Netgear Netgear Netgear Netgear Netgear Netgear Netgear ble RIP for Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc S
191. wing selection and enter the following information e Select 101 from the ACL ID pulldown menu e Inthe Sequence Number field enter 1 c Click Unit 1 The ports display d Click on the gray box under port 44 A flag appears in the box e Click Apply to save the settings Access Control Lists ACLs 9 17 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 12 Apply ACL 102 to port 44 a From the main menu select Security gt ACL gt Advanced gt IP Binding Configuration A screen similar to the following displays System Switching Routing QoS Security Monitorin Maintenance Hel Index 9 pP i Manogement Security Accoss Port Authentication Traffic Control Basic IP Binding Configuration Advanced gt IP ACL Binding Configuration gt IP Rules Direction gt IP Extended Rules la 1 to 4294967295 IP Binding Configurabon gt Binding Table Port Selection Table Pot i 2 3 4 5 6 7 B 9 1011 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 v Interface Binding Status Interface Direction ACL Type ACL 10 Sequence Number 0 44 Inbound 1P ACL 101 1 Figure 9 16 b Under Binding Configuration make the following selection and enter the following information e Select 102 from the ACL ID pulldown menu Inthe Sequence Number field enter 2 c C
192. witc Switc Switc Switc Switc Switc Switc Switc PPYPvVND PVP VP YP VV PVP VP VV a O VV VP PyPy ps Switch Switch Switch figure the IP Switc Switc Switc pp p Enable RIP for the VLAN router ports Authentication will default to none and no default route entry will be created Switch Switch Switch Switch Switch Switch Switch the switch The route preference will default to 15 vlan data Vlan vlan 10 Vlan vlan 20 Vlan vlan routing 10 vlan routing 20 exit ip routing contig vlan port tagging all 10 vlan port tagging all 20 Config interface 1 0 2 Interface 1 0 2 vlan participation include 10 Interface 1 0 2 vlan pvid 10 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 vlan participation include 20 Interface 1 0 3 vlan pvid 20 Interface 1 0 3 exit config Config interface vlan 10 Interface vlan 10 ip address 192 150 3 1 255 255 255 0 Interface vlan 10 exit Config interface vlan 20 Interface vlan 20 ip address 192 150 4 1 255 255 255 0 Interface vlan 20 exit Config router rip Config router enable Config router exit address and subnet mask for a non virtual router port Config interface 1 0 5 Interface 1 0 5 ip address 192 150 5 1 255 255 255 0 Interface 1 0 5 exit Config interface vlan 10 Interface vlan 10 ip ri
193. witch Stack Offline Configuration You can use the offline configuration feature to preconfigure supply a configuration to a new switch before it joins the switch stack You can configure in advance the stack member number the switch type and the interfaces associated with a switch that is not currently part of the stack see Preconfiguration Effects of Adding a Preconfigured Switch to a Switched Stack When you add a preconfigured switch to the switch stack the stack applies either the preconfigured configuration or the default configuration Table 20 1 lists the events that occur when the switch stack compares the preconfigured configuration with the new switch 20 6 Managing Switch Stacks v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Table 20 1 Results of comparing the preconfiguration with the new switch Scenario The stack member numbers and the switch types match If the stack member number of the preconfigured switch matches the stack member number in the configuration on the stack and If the switch type of the preconfigured switch matches the switch type in the configuration on the stack Result The switch stack applies the configuration to the preconfigured new switch and adds it to the stack The stack member numbers match but the switch types do not match If the stack member number of the preconfigured switch matches the stack member number in th
194. y gt ACL gt Advanced gt IP Extended Rules A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Monogement Security Access Port Authentication Troftic Control Basic IP Extended Rules Advanced gt IP ACL IP Extended Rules gt IP Rules ACLID ozz b IP Extended Rules gt IP Binding Configuration Extended ACL Rule Table Binding Table Source Source Source Assign Match Protocol TCP 75 x Destination Destination Destination Action Queue Every Keyword Fiap res ae ae IP Address IP Mask L4 Port Figure 9 13 b Under IP Extended Rules select 102 from the ACL ID pulldown menu c Click Add The Extended ACL Rule Configuration screen displays Access Control Lists ACLs 9 15 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 QoS Index System Switching Routing Security Monitoring Maintenance Help Monogement Security Access Port Authentication Traffic Control Basic Extended ACL Rule Configuration Advanced gt IP ACL Extended ACL Rule Configuration 100 199 gt IP Rules gt IP Extended Rules ACLID 102 gt IP Binding Rule 10 1 to 24 i gt Sparks Permit Egress Queue 0 to 7 C Deny Match Every Faise Protocol Type P Z 0 to 255 TCP Flag AN Ignore le sw ipoe rst ignore psu ipoe ack ipoe E ure ignore Source IP Ad
195. y Monitoring Maintenance Basit IP Configuration IP Configuration gt Statistics IP Configuration Advanced Default Time to Live 30 Routing Mode O Disable Enable IP Forwarding Mode O Disable Enable Maximum Next Hops 2 Figure 0 1 b Under IP Configuration make the following selections e Next to Routing Mode select the Enable radio button e Next to IP Forwarding Mode select the Enable radio button c Click Apply to enable IP Routing 26 4 802 1x Port Security v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 3 Add anew user account with the name adam a From the main menu select Security gt Management Security gt User Configuration gt User Management A screen similar to the following displays Switching Routing QoS Security Monitoring Maintenance Help Index Access Port Authentication Traffic Control ACL User Management Manage Users User Name Password Confirm Password Access Mode Lodam n Cc admin tee neee sessesss guest eesessee seseeees Figure 26 3 b Under Manage Users in the User Name field enter adam without the quotes c Click Add 4 Add a new authentication list with the name dot1xList a From the main menu select Security gt Management Security gt Login gt Authentication A screen similar to the following displays System Switching Routing QoS Security Monitoring Maintenance Help Index Access Por
196. y appear as more than one virtual router to the network also more than one port on a 7000 Series Managed Switch may be configured as a virtual router Either a physical port or a routed VLAN may participate 8 1 v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 CLI Examples This example shows how to configure the 7000 Series Managed Switch to support VRRP Router 1 will be the default master router for the virtual route and Router 2 will be the backup router Layer 3 Switch Layer 3 Switch acting as Router 1 acting as Router 2 SAA ee ee Bees eee Sr Gee sopope rege g Port 102 Port 1 0 4 VLAN 192150 2 1 192 150 44 Virtual Router IO 20 Virtual Router ID 20 1 Virtual Addr 182 150 2 1 qe Figure 8 1 8 2 Virtual Router Redundancy Protocol v1 0 May 2008 NETGEAR 7000 Series Managed Switch Administration Guide Version 7 2 Example 1 Configure VRRP on a Master Router The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the master router Enable routing for the switch IP forwarding will then be enabled by default Netgear Switch config Netgear Switch Config ip routing Configure the IP addresses and subnet masks for the port that will particpate in the protocol etgear Switch Config interface 1 0 2 etgear Switch Interface 1 0 2 routing etgear Switch Interface 1 0 2 ip address 192 150 2 1 255 255 255 0
Download Pdf Manuals
Related Search