NETGEAR 7000 Switch User Manual
Contents
1. sssssssese 5 17 Example 2 Configuring OSPF on a Border Router sssuss 5 19 vi v1 1 May 2006 Proxy Address Resolution Protocol ARP 1 isse esiuaen katie maman k nuuc 5 21 i DI UD 5 21 MERCI Pe ec NN 5 22 Example 1 js IP ICE e E 5 22 example 2 ip PDO A E 5 22 Chapter 6 Virtual Router Redundancy Protocol CU ESSES aiia A A 6 2 Chapter 7 Access Control Lists ACLs E PAG UE E AOI AA A I INE NII A ON AE OE A E NTT 7 1 UAT a Lect 1 saena AN 7 1 VAS ix Ep peer ren rere AA rte rent err eet re ree Ter Terr r errr etree ert err re 7 1 Son e IVE ae eE a Rr hiss Goat atten leh A A T A AT 7 2 dj o5 e 7 3 IP RGELLILEXSIBDIB seston esas erates boc anis a Lap ape 7 3 MAC IT MRINEI IDE RT 7 4 Example ui lEes o Mee 7 5 Example Gees zu Er Me CM 7 6 Example 3 Configure mac access group sss 7 7 OTe dd DERE ooccscsiisdecsn vince saute and a p eps ptr ue a redu ad pasto d ar n a a A TS 7 8 Example 5 show mac access isis so cassscicsseuisisssassansusrsadauadsrcadsdatsy a 7 9 Chapter 8 Class of Service CoS Queuing VOTON pissan REE 8 1 CoS Gugus AS UI m RE 8 1 M ea eR RN NR 8 1 RID EC ER E o S o SN ae mumtetnniceaets 8 2 Gun Quale CONTIG asiste patito pecia ipei oa a LE pea bbc a aot dana 8 2 Port Egress Queue Configuratioii ass csnousadcie cte pd canc a aa cibi pa adii 8 2 Drop Precedence Configurat2. OSPF For larger networks Open Shortest Path First OSPF is generally used in preference to RIP OSPF offers several benefits to the administrator of a large and or complex network Less network traffic Routing table updates are sent only when a change has occurred Only the part of the table which has changed is sent Updates are sent to a multicast not a broadcast address Hierarchical management allowing the network to be subdivided The top level of the hierarchy of an OSPF network is known as an autonomous system AS or routing domain and is a collection of networks with a common administration and routing strategy The AS is divided into areas intra area routing is used when a source and destination address are in the same area and inter area routing across an OSPF backbone is used when they are not An inter area router communicates with border routers in each of the areas to which it provides connectivity The 7000 Series Managed Switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route The order for choosing a route if more than one type of route exists is as follows IP Routing Services 5 15 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide e ntra area e Inter area e External type 1 the route is external to the AS e External Type 2 the route was learned from other protocols such as RIP CLI Exa
3. h etgear Switc Interface 1 0 5 exit Netgear Switc Config exit VLAN Routing You can configure 7000 Series Managed Switch with some ports supporting VLANs and some supporting routing You can also configure it to allow traffic on a VLAN to be treated as if the VLAN were a router port When a port is enabled for bridging the default rather than routing all normal bridge processing is performed for an inbound packet which is then associated with a VLAN Its MAC Destination Address DA and VLAN ID are used to search the MAC address table If routing is enabled for the VLAN and the MAC DA of an inbound unicast packet is that of the internal bridge router interface the packet will be routed An inbound multicast packet will be forwarded to all ports in the VLAN plus the internal bridge router interface if it was received on a routed VLAN Since a port can be configured to belong to more than one VLAN VLAN routing might be enabled for all of the VLANs on the port or for a subset VLAN Routing can be used to allow more than one physical port to reside on the same subnet It could also be used when a VLAN spans multiple physical networks or when additional segmentation or security is required 5 4 IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide The next section will show you how to configure the 7000 Series Managed Switch to support VLAN routing
4. NETGEAR 7000 Series Managed Switch Administration Guide NETGEAR NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 USA 202 10194 02 May 2006 2006 by NETGEAR Inc All rights reserved FullManual Trademarks NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR Inc Microsoft Windows and Windows NT are registered trademarks of Microsoft Corporation Other brand and product names are registered trademarks or trademarks of their respective holders Portions of this document are copyright Intoto Inc May 2006 Statement of Conditions In the interest of improving internal design operational function and or reliability NETGEAR reserves the right to make changes to the products described in this document without notice NETGEAR does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein EN 55 022 Declaration of Conformance This is to certify that the 7000 Series Managed Switch is shielded against the generation of radio interference in accordance with the application of Council Directive 89 336 EEC Article 4a Conformity is declared by the application of EN 55 022 Class B CISPR 22 Certificate of the Manufacturer Importer It is hereby certified that the 7000 Series Managed Switch has been suppressed in accordance with the conditions set out in the BMPT AmtsblVfg 243 1991 and Vfg 46 1992 The operation of som
5. Netgear Switc Interface vlan 20 ip ospf priority 255 Netgear Switc Interface vlan 20 ip ospf cost 64 Netgear Switc Interface vlan 20 exit Netgear Switc Config exit JO 0 00o0 o Routing Information Protocol Routing Information Protocol RIP is one of the protocols which may be used by routers to exchange network topology information It is characterized as an interior gateway protocol and is typically used in small to medium sized networks RIP Configuration A router running RIP will send the contents of its routing table to each of its adjacent routers every 30 seconds When a route is removed from the routing table it will be flagged as unusable by the receiving routers after 180 seconds and removed from their tables after an additional 120 seconds There are two versions of RIP e RIPv1 defined in RFC 1058 Routes are specified by IP destination network and hop count The routing table is broadcast to all stations on the attached network e RIPv2 defined in RFC 1723 Route specification is extended to include subnet mask and gateway The routing table is sent to a multicast address reducing network traffic An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP You may configure a given port e To receive packets in either or both formats e To transmit packets formatted for RIPv
6. 7 7 Lae aana atia za 2 w J ECT SS e el i Subnet 2 Subnet 3 Subnet 5 Figure 5 1 Example 1 Enabling routing for the Switch Use the following command to enable routing for the switch Execution of the command enables IP forwarding by default Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit IP Routing Services 5 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 2 Enabling Routing for Ports on the Switch Use the following commands to enable routing for ports on the switch The default link level encapsulation format is Ethernet Configure the IP addresses and subnet masks for the ports Network directed broadcast frames will be dropped and the maximum transmission unit MTU size will be 1500 bytes etgear Switc etgear Switc h config h Netgear Switch h h Config interface 1 0 2 Interface 1 0 2 routing Interface 1 0 2 ip address 192 150 2 1 255 255 255 0 Interface 1 0 2 exit Netgear Switc etgear Switc Config interface 1 0 3 Interface 1 0 3 routing Interface 1 0 3 ip address 192 150 3 1 255 255 255 0 Interface 1 0 3 exit etgear Switc etgear Switc etgear Switc etgear Switc h h h h etgear Switch Config fsinterface 1 0 5 etgear Switch Interface 1 0 5 routing Netgear Switch Interface 1 0 5 ip address 192 150 5 1 255 255 255 0 h
7. role of the switch in your network e Edge device An edge device handles ingress traffic flowing towards the core of the network and egress traffic flowing away from the core An edge device segregates inbound traffic into a small set of traffic classes and is responsible for determining a packet s classification Classification is primarily based on the contents of the Layer 3 and Layer 4 headers and is recorded in the Differentiated Services Code Point DSCP added to a packet s IP header Interior node A switch in the core of the network is responsible for forwarding packets rather than for classifying them It decodes the DSCP code point in an incoming packet and provides buffering and forwarding services using the appropriate queue management algorithms Before configuring DiffServ on a particular 7000 Series Managed Switch you must determine the QoS requirements for the network as a whole The requirements are expressed in terms of rules which are used to classify inbound traffic on a particular interface The switch software does not support DiffServ in the outbound direction Rules are defined in terms of classes policies and services e Class A class consists of a set of rules that identify which packets belong to the class Inbound traffic is separated into traffic classes based on Layer 3 and 4 header data and the VLAN ID and marked with a corresponding DSCP value One type of class is supported All which specifies tha
8. 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide 18 6 Syslog v1 1 May 2006
9. Netgear Netgear gear gear tgear oO oO tgear tgear tgear 0 o oO tgear tgear tgear 0 0 gear gear tgear oO oO tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear 0c 00000000 0000 0 Ensur Switch config Switch Config diffserv Swi Swi Swi Swi Swit Swi Swit Swi Swi Swit Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Swi Create a DiffServ class of type all for each of the departments and nam match criteria them Defin th for the new classes CC CC CC Create a DiffServ policy for inbound traffic named internet access adding the previously created department Config class map ma Config cl Config c Config class map Config cl Config c Config class map lass map lass map Config c Config c Config class map lass map Config c lass map lass map Config cl ass map ass map ass map EC ma exit CC ma ma exit CC CC ma matc exit CC ma ma exit CC CC DiffServ operation is enabled for the switch IP address h all finance dept h srcip 172 16 10 0 255 h all marketing dept h srcip 172 166 2020 255 h all test dept h srcip 172 16 30 0 255 Sourc 255 255 0 255 255 0 255 255 0 h all development dep
10. Read instructions for correct handling v1 1 May 2006 Note Delete this note and the information below for products that are not wireless FCC Information to User This product does not contain any user serviceable components and is to be used with approved antennas only Any product changes or modifications will invalidate all applicable regulatory certifications and approvals FCC Guidelines for Human Exposure This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance of 20 cm between the radiator and your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter Declaration Of Conformity We NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 declare under our sole responsibility that the model 7xxx Cardbus Card Wireless Adapter complies with Part 15 of FCC Rules Operation is subject to the following two conditions This device may not cause harmful interference and This device must accept any interference received including interference that may cause undesired operation Regulatory Compliance Information This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices Failure of the end user to comply with the applicable requirements may
11. Switc Interface 1 0 4 ip ospf cost 64 Interface 1 0 4 exit Config exit PY 20000 o Proxy Address Resolution Protocol ARP This section describes the Proxy Address Resolution Protocol ARP feature Overview e Proxy ARP allows a router to answer ARP requests where the target IP address is not the router itself but a destination that the router can reach e Ifahost does not know the default gateway proxy ARP can learn the first hop e Machines in one physical network appear to be part of another logical network e Without proxy ARP a router will only respond to an ARP request if the target IP address is an address configured on the interface where the ARP request arrived IP Routing Services 5 21 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide CLI Examples The following are examples of the commands used in the proxy ARP feature Example 1 show ip interface Netgear Switch show ip interface lt slot port gt Enter an interface in slot port format brief Display summary information about IP configuration settings for all ports Netgear Switch show ip interface 0 24 Routrndg Modetc ese RUE ade e MAE ite aI Seatac eiectus Disable Administrative MOdej oie qeteseeiteeetm e fepe o Ru eus Enable Forward Net Directed Broadcasts Disable EO ARPA AS Eaa Ere Eve d Ne e vede ee Disable AGtave SGA Ge ieee Scien Di
12. Switch show port security Port Security Administration Mode Enabled Example 2 show port security on a specific interface Netgear Switch show port security 1 0 10 Admin Dynamic Static Violation Intf Mode Limit Limit Trap Mode 1 0 10 Disabled 600 20 Disabled Example 3 Config port security Netgear Switch Config port security cr Press Enter to execute the command Netgear Switch Config port security Port Security v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide 11 4 Port Security v1 1 May 2006 Chapter 12 Traceroute This section describes the Traceroute feature Use Traceroute to discover the routes that packets take when traveling on a hop by hop basis to their destination through the network Maps network routes by sending packets with small Time to Live TTL values and watches the ICMP time out announcements Command displays all L3 devices Can be used to detect issues on the network Tracks up to 20 hops Default UPD port used 33343 unless modified in the traceroute command Note You can execute Traceroute with CLI commands only there is no Web interface for this feature 12 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide CLI Example The following shows an example of using the traceroute command to determine how many hops there are to the destination The c
13. This section describes the Class of Service CoS Queue Mapping and Traffic Shaping features Overview Each port has one or more queues for packet transmission During configuration you can determine the mapping and configuration of these queues Based on service rate and other criteria you configure queues provide preference to specified packets If a delay becomes necessary the system holds packets until the scheduler authorizes transmission As queues become full packets are dropped Packet drop precedence indicates the packet s sensitivity to being dropped during times of queue congestion CoS mapping queue parameters and queue management are configurable per interface Queue management is configurable per interface Some hardware implementations allow queue depth management using tail dropping or Weighted random early discard WRED Some hardware implementations allow queue depth management using tail dropping The operation of CoS Queuing involves queue mapping and queue configuration CoS Queue Mapping CoS Queue Mapping uses trusted and untrusted ports Trusted Ports e System takes at face value certain priority designation for arriving packets e Trust applies only to packets that have that trust information e Can only have one trust field at a time per port 802 1p User Priority default trust mode Managed through Switching configuration 8 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switc
14. code point DSCP of EF expedited forwarding This handles incoming traffic that was previously marked as expedited somewhere in the network Switch Config class map match all class ef Switch Config class map match ip dscp ef Switch Config class map exit Create a DiffServ policy for inbound traffic named pol voip then add the previously created classes class ef and class voip as instances within this policy This policy handles incoming packets already marked with a DSCP value of EF per class ef definition or marks UDP packets per the class voip definition with a DSCP value of EF In each case the matching packets are assigned internally to use queue 5 of the egress port to which they are forwarded etgear Switch Config policy map pol voip in etgear Switch Config policy map class class ef etgear Switch Config policy class map fassign queue 5 etgear Switch Config policy class map fexit etgear Switch Config policy map class class voip etgear Switch Config policy class map fmark ip dscp ef etgear Switch Config policy class map fassign queue 5 etgear Switch Config policy class map fexit etgear Switch Config policy map exit Attach the defined policy to an inbound service interfac Netgear Switch Config 4interface 1 0 2 Netgear Switch Interface 1 0 2 service policy in pol voip Netgear Switch Interface 1 0 2 exit Netgear Switch Config exi
15. ee y eee v aeg Inactive Link Speed Data Rates eed gue euer pr e ies Inactive IAC CAddEGSS Cu epa MEC ede ur M ede nr SE ae RUE TEE 08 00 17 05 05 02 Encapsulation TY Deis wisi ugs e ara a e Rene e oe SUR E eae Ethernet LEOMIUSLIaGAa We sack ar ae a oe EO ACA ACCORD CA ARDOR 1500 Example 2 ip proxy arp Netgear Switch Interface 0 24 ip proxy arp cr Press Enter to execute the command Netgear Switch Interface 0 24 ip proxy arp 5 22 IP Routing Services v1 1 May 2006 Chapter 6 Virtual Router Redundancy Protocol When an end station is statically configured with the address of the router that will handle its routed traffic a single point of failure is introduced into the network If the router goes down the end station is unable to communicate Since static configuration is a convenient way to assign router addresses Virtual Router Redundancy Protocol VRRP was developed to provide a backup mechanism VRRP eliminates the single point of failure associated with static default routes by enabling a backup router to take over from a master router without affecting the end stations using the route The end stations will use a virtual IP address that will be recognized by the backup router if the master router fails Participating routers use an election protocol to determine which router is the master router at any given time A given port may appear as more than one virtual router
16. etgear Switch Interface 1 0 3 exit Netgear Switch Config exit 5 18 IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 2 Configuring OSPF on a Border Router Layer 3 Switch acting as an inter area Router Port 1 0 3 Port 1 0 2 192 150 3 1 192 150 2 1 LL E a LL Figure 5 6 IP Routing Services 5 19 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide The following example configures OSPF on a 7000 Series Managed Switch operating as a border router Enable routing for the switch Netgear Switch config Netgear Switch Config ip routing Enable routing amp assign IP for ports 1 0 2 1 0 3 and 1 0 4 Config interface 1 0 2 Interface 1 0 2 routing Interface 1 0 2 ip address 192 150 2 2 255 255 255 0 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 routing Interface 1 0 3 ip address 192 130 3 1 255 255 255 0 Interface 1 0 3 exit Config interface 1 0 4 Interface 1 0 4 routing Interface 1 0 4 ip address 192 64 4 1 255 255 255 0 Interface 1 0 4 exit tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc tgear Switc 0o 0000000000 0 D DODBDDBDOoOngiuuiunouiunongmissscsisni 5 Specify the router ID and enable OSP
17. network and may apply to one or more of the following fields within a packet Source IP address Destination IP address Source Layer 4 port Destination Layer 4 port TOS byte Protocol number Note that the order of the rules is important when a packet matches multiple rules the first rule takes precedence Also once you define an ACL for a given port all traffic not specifically permitted by the ACL will be denied access 7 2 Access Control Lists ACLs v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Process To configure ACLs follow these steps e Create an ACL by specifying a name MAC ACL or a number IP ACL e Add new rules to the ACL e Configure the match criteria for the rules e Apply the ACL to one or more interfaces IP ACL CLI Example The script in this section shows you how to set up an IP ACL with two rules one applicable to TCP traffic and one to UDP traffic The content of the two rules is the same TCP and UDP packets will only be accepted by the 7000 Series Managed Switch if the source and destination stations have IP addresses that fall within the defined sets Layer 3 Switch TCP packet to 192 178 88 3 rejected Dest IP not in range TCP packet to 192 178 77 3 accepted Dest IP in range Port 1 02 ACL1 Layer 2 s mee eT avs 7 Switch m a 192 168 77 1 192 168 77 4 192 168 77 9 192 168 77 2 Figure 7 1 Access Co
18. operator login do the following steps Type admin at the login prompt Since a number of the Quick Setup commands require administrator account rights log in to an administrator account Do not enter a password because the default mode does not use a password Check the CLI User EXEC prompt is displayed Enter enable to switch to the Privileged EXEC mode from User EXEC Enter configure to switch to the Global Config mode from Privileged EXEC Enter exit to return to the previous mode Enter to show a list of commands that are available in the current mode System Information and System Setup This section describes the commands you use to view system information and to setup the network device Table 1 1 contains the Quick Start commands that allow you to view or configure the following information e Software versions e Physical port data e User account management e IP address configuration Getting Started v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide e Uploading from Networking Device to Out of Band PC Only XMODEM e Downloading from Out of Band PC to Networking Device Only XMODEM Downloading from TFTP Server e Restoring factory defaults If you configure any network parameters you should execute the following command copy system running config nvram startup config This command saves the changes to the configuration file You must be in the correct mode to execute the comman
19. range 1 0 1 1 0 2 vlan pvid 2 conf if range 1 0 1 1 0 2 exit Config vlan port tagging all 2 Config Example 3 Assign Ports to VLAN3 This example shows how to assign the ports that will belong to VLAN 3 and to specify that untagged frames will be accepted on port 1 0 4 Note that port 1 0 2 belongs to both VLANs and that port 1 0 1 can never belong to VLAN 3 Netgear Netgear Netgear Netgear Netgear Netgear Switch Switch Switch Switch Switch Switch Switch Config interface range 1 0 2 1 0 4 conf if range 1 0 2 1 0 4 vlan participation include 3 conf if range 1 0 2 1 0 4 fexit Config interface 1 0 4 Interface 1 0 4 vlan acceptframe all Interface 1 0 4 exit Config exit Example 4 Assign VLANG as the Default VLAN This example shows how to assign VLAN 3 as the default VLAN for port 1 0 2 Netgear Switch config Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 vlan pvid 3 Netgear Switch Interface 1 0 2 exit Netgear Switch Config exit Virtual LANs 3 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Graphical User Interface Use the following screens to perform the same configuration using the Graphical User Interface e Switching gt VLAN Configuration To create the VLANs and specify port participation Switching gt VLAN gt Port Confi
20. result in unlawful operation and adverse action against the end user by the applicable National regulatory authority NOTE This product s firmware limits operation to only the channels allowed in a particular Region or Country Therefore all options described in this user s guide may not be available in your version of the product FCC Requirements for Operation in the United States Radio Frequency Interference Warnings amp Instructions This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following methods Reorient or relocate the receiving antenna Increase the separation between the equipment and the receiver e Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected ii v1 1 May
21. that regulates the output of the entire interface regardless of which queues originate the outbound traffic 8 6 Class of Service CoS Queuing v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 1 traffic shape Netgear Switch Config dtraffic shape bw Enter the shaping bandwidth percentage from 0 to 100 in increments of 5 Netgear Switch Config traffic shape 70 cr Press Enter to execute the command Netgear Switch Config traffic shape 70 Netgear Switch Config Class of Service CoS Queuing 8 7 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide 8 8 Class of Service CoS Queuing v1 1 May 2006 Chapter 9 Differentiated Services Differentiated Services DiffServ is one technique for implementing Quality of Service QoS policies Using DiffServ in your network allows you to directly configure the relevant parameters on the switches and routers rather than using a resource reservation protocol This section explains how to configure the 7000 Series Managed Switch to identify which traffic class a packet belongs to and how it should be handled to provide the desired quality of service As implemented on the 7000 Series Managed Switch DiffServ allows you to control what traffic is accepted and what traffic is discarded How you configure DiffServ support on a 7000 Series Managed Switch varies depending on the
22. timeout 15 Outbound Telnet 14 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide 14 4 Outbound Telnet v1 1 May 2006 Chapter 15 Port Mirroring This section describes the Port Mirroring feature Overview Port Mirroring Allows you to monitor network traffic with an external network analyzer Forwards a copy of each incoming and outgoing packet to a specific port Is used as a diagnostic tool debugging feature or means of fending off attacks Assigns a specific port to copy all packets to Allows inbound or outbound packets to switch to their destination and to be copied to the mirrored port CLI Examples The following are examples of the commands used in the Port Mirroring feature 15 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 1 show monitor session Netgear Switch Routing show monitor session 1 Session ID Admin Mode Probe Port Mirrored Port 1 Enable 1 0 8 1 0 7 Note Monitor session ID 1 1 is a hardware limitation Example 2 show port all Netgear Switch Routing show port all Admin Physical Physical Link Link LACP Intf Type ode Mode Status Status Trap ode 1 0 1 Enable Auto Down Enable Enabl 1 0 2 Enable Auto Down Enable Enabl 1 0 3 Enable Auto Down Enable Enabl 1 0 4 Enable Auto Down Enable Enabl 1 0 5 Enable Auto Down Enable Enabl 1 0 6 Enable A
23. tt br t r ronda dE dedi undas O DG seaman E dO 11 3 Example 71 BOW port oig m 11 3 Example 2 show port security on a specific interface eseese 11 3 Example 33 Config port Security 12i uice tania rema Enc ugue inion eben 11 3 Chapter 12 Traceroute Nasce cena ced eyed pn bn ame rnd tatitaatensacpne anand mae algun bastuane oneeiaepoenaionetertiodn 12 2 Chapter 13 Configuration Scripting B nU T 13 1 Consert Mer M PA 13 1 Ez CI er M m RM 13 1 Example HTS SOMO e 13 2 viii v1 1 May 2006 Example 2 script list and script delete seuusss Example 3 script apply running config scr ssseessss 13 2 Example 4 Creating a Configuration Script sessssse 13 3 Example 5 Upload a Configuration Script ssssssse 13 3 Chapter 14 Outbound Telnet LEE e 14 1 OUE aN Me Em 14 1 Example 1 SNOW nell 2ccscessene sene content rece sont er deese reae UE 14 2 Example 2 show telnet iunii ase aa ki cca e Luke dias nic 14 2 Example 43 transport output telnet 1o tete rat eiie ere coe 14 3 Example 4 session limit and session timeout 14 3 Chapter 15 Port Mirroring IU e datas 15 1 CUVE AG o asta ibo deque apa bac S Enid ebb
24. xmodem lt filepath gt lt filename gt config F or example If the user is using Hyper Terminal the user must specify which file is to be sent to the networking device The Networking Device restarts automatically once the code has been downloaded copy lt tftp Privileged Sets the destination download datatype to be an image sys lt ipaddress gt EXEC tem image or a configuration file nvram startup config lt filepath gt lt file E names eyes The URL must be specified as tem image xmodem lt filepath gt lt filename gt copy lt tftp Privileged Sets the destination download datatype to be a configuration lt ipaddress gt EXEC file fil h file D e SE The URL must be specified as name gt gt tftp lt ipaddress gt lt filepath gt lt filename gt Before starting a TFTP server download you must configure the IP address Getting Started 1 9 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Table 1 1 Quick Start Commands Command Mode Description copy tftp Privileged Sets the destination download datatype to be an image lt ipaddress gt EXEC is rildnsthoy lt P te The URL must be specified as name gt gt sys tftp lt ipaddress gt lt filepath gt lt filename gt tem image The system image option downloads the code file clear config Privileged Enter yes when the prompt asks if you want to clear all the con EXEC figurati
25. 1 0 4 are members of VLAN 3 only The script following the diagram shows the commands you would use to configure the switch as shown in the diagram Layer 3 Switch Port 1 072 VLAN Router Port 1 3 1 192 150 3 1 Port 1 0 33 VLAN Router Port 1 3 2 192 150 4 1 PORT 1 0 1 Lo ai Switch e RC P VLAN 10 Figure 3 1 CLI Examples The following examples show how to create VLANS assign ports to the VLANS and assign a VLAN as the default VLAN to a port Example 1 Create Two VLANs Use the following commands to create two VLANS and to assign the VLAN IDs while leaving the names blank vlan database Vlan vlan 2 Vlan vlan 3 Vlan exit Netgear Switch Netgear Switch Netgear Switch Netgear Switch 3 2 Virtual LANs v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 2 Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2 specify that frames will always be transmitted tagged from all member ports and that untagged frames will be rejected on receipt etgear etgear etgear etgear etgear etgear etgear etgear Switc Switc Switc Switc Switc Switc Switc Switc DJ OO D000oD0 om config Config interface range 1 0 1 1 0 2 conf if range 1 0 1 1 0 2 vlan participation include 2 conf if range 1 0 1 1 0 2 vlan acceptframe vlanonly conf if
26. 1 or RIPv2 or to send RIPv2 packets to the RIPv1 broadcast address e To prevent any RIP packets from being received 5 12 IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide e To prevent any RIP packets from being transmitted CLI Example The configuration commands used in the following example enable RIP on ports 1 0 2 and 1 0 3 as shown in the network illustrated in Figure 5 4 Layer 3 Switch acting as a router AAA LETTER Port 102 Port 1 0 5 192 150 22 192 64 4 1 Port 1 0 3 192 130 3 1 Daa 77 Lae aana ne pol d d Jj Umm Se ER f e 2x a D D e A Subnet 2 Subnet 3 Subnet 5 Figure 5 4 Example 1 Enable Routing for the Switch The following sequence enables routing for the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config fexit IP Routing Services 5 13 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 2 Enable Routing for Ports The following command sequence enables routing and assigns IP addresses for ports 1 0 2 and 1 0 3 etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc config Config interface 1 0 2 Interface 1 0 2 routing Interface 1 0 2 ip address 192 150 2 1 255 255 255 0 Interface 1 0 2 exit Con
27. 20 Vlan vlan routing 10 vlan routing 20 ip routing Config vlan port tagging all 10 vlan port tagging all 20 Config interface 1 0 2 Interface 1 0 2 vlan participation include 10 Interface 1 0 2 vlan pvid 10 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 vlan participation include 20 Interface 1 0 3 vlan pvid 20 Interface 1 0 3 exit Config interface vlan 10 Interface vlan 10 ip address 192 150 3 1 255 255 255 0 Interface vlan 10 exit Config interface vlan 20 Interface vlan 20 ip address 192 150 4 1 255 255 255 0 Interface vlan 20 exit Config router ospf Config router router id 192 150 9 9 Config router enable Config router exit Config interface vlan 10 Interface vlan 10 ip ospf areaid 0 0 0 2 Interface vlan 10 ip ospf Interface vlan 10 exit Config interface vlan 20 Interface vlan 20 ip ospf areaid 0 0 0 3 Interface vlan 20 ip ospf Interface vlan 20 exit IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Set the OSPF priority and cost for the VLAN and physical router ports Netgear Switch Config interface vlan 10 Netgear Switch Interface vlan 10 ip ospf priority 128 Netgear Switc Interface vlan 10 ip ospf cost 32 Netgear Switc Interface vlan 10 exit Netgear Switc Config interface vlan 20
28. 2006 e Consult the dealer or an experienced radio TV technician for help 7000 Series Managed Switch Tested to Comply C with FCC Standards FOR HOME OR OFFICE USE PY3WG111 Modifications made to the product unless expressly approved byNETGEAR Inc could void the user s right to operate the equipment Canadian Department of Communications Radio Interference Regulations This digital apparatus 7000 Series Managed Switch does not exceed the Class B limits for radio noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications Canada ID 4054A WG111 Product and Publication Details Model Number Publication Date Product Family Product Name Home or Business Product Language Publication Part Number Publication Version Number 7XXX May 2006 Managed Switch 7000 Series Managed Switch Business English 202 10194 02 1 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide POLE TIUS BOOK xoi once am ppc tuam ense xum eno p aM E acne dna Iss c MM E EE Chapter 1 Getting Started In band and Out of band Connectivity esses Configuring for In band Connectivity ssesssss Helms BootP or DEO eiecti tace aiaa Using the EIA 232 POTI auuussensuiecanuiidkesubnixaac basa dace na Configuring for Out Of Band Connectivity SSmi Ore SUPE i
29. F for the switch Set disable 1583compatibility to prevent a routing loop Netgear Switch Netgear Switch Netgear Switch Netgear Switch Config router ospf Config router enable Config router router id 192 130 1 1 Config router fno 1583compatibility Netgear Switch Config router exit Netgear Switch Config exit 5 20 IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Enable OSPF for the ports and set the OSPF priority and cost for the ports etgear Switc Netgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc config Config interface 1 0 2 Interface 1 0 2 ip ospf Interface 1 0 2 ip ospf areaid 0 0 0 2 Interface 1 0 2 ip ospf priority 128 Interface 1 0 2 ip ospf cost 32 Interface 1 0 2 exit D D 0 2000 2 Config interface 1 0 3 Interface 1 0 3 ip ospf Interface 1 0 3 ip ospf areaid 0 0 0 2 Interface 1 0 3 ip ospf priority 255 etgear Switc etgear Switc etgear Switc etgear Switc Netgear Switc etgear Switc Interface 1 0 3 ip ospf cost 64 Interface 1 0 3 exit D D O0 0020 o Config interface 1 0 4 Interface 1 0 4 ip ospf Interface 1 0 4 ip ospf areaid 0 0 0 2 etgear Switc Interface 1 0 4 ip ospf priority 255 etgear Switc etgear Switc etgear Switc etgear Switc Netgear Switc etgear
30. JAN 01 00 00 09 0 0 0 0 1 UNKN 268434944 bootos c 531 3 Starting code 6 JAN 01 00 00 16 0 0 0 0 3 UNKN 251627904 cda cnfgr c 383 4 CDA Creating new STK file 6 JAN 01 00 00 39 0 0 0 0 3 UNKN 233025712 edb c 360 5 EDB Callback Unit Join 3 6 JAN 01 00 00 40 0 0 0 0 3 UNKN 251627904 sysapi c 1864 6 File user mgr cfg same version 6 but the sizes 2312 gt 7988 differ Syslog 18 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 3 show logging traplogs Netgear Switch Routing show logging traplogs cr Press Enter to execute the command Netgear Switch Routing show logging traplogs Number of Traps Since Last Reset 6 Trap LOG CapaeQibyaeuee ere ex USED AES RR ERI ee 256 Number of Traps Since Log Last Viewed 6 Log System Up Time Trap 0 O0 days 00 00 46 Link Up Unit 3 Slot O0 Port 2 1 O0 days 00 01 01 Cold Start Unit 0 2 0 days 00 21 33 Failed User Login Unit 1 User ID admin 3 0 days 18 33 31 Failed User Login Unit 1 User ID 4 0 days 19 27 05 Multiple Users Unit 0 Slots 3 Porti A 5 0 days 19 29 57 Multiple Users Unit 0 Slot 3 Port 1 Example 4 show logging hosts Netgear Switch Routing show logging hosts cr Press Enter to execute the command Netgear Switch Routing show logging hosts Index IP Address
31. K of memory Provides List Delete Apply Upload Download Provides script format of one CLI command per line Considerations Total number of scripts stored on box limited by NVRAM FLASH size Application of scripts is partial if script fails For example if the script executes five of ten commands and the script fails the script stops at five Scripts cannot be modified or deleted while being applied Validation of scripts checks for syntax errors only It does not validate that the script will run CLI Examples The following are examples of the commands used for the Configuration Scripting feature 13 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 1 script Netgear Switch script apply Applies configuration script to the switch delete Deletes a configuration script file from the switch list Lists all configuration script files present on the switch show Displays the contents of configuration script validate Validate the commands of configuration script Example 2 script list and script delete Netgear Switch script list Configuration Script Name Size Bytes basic scr 93 running config scr 3201 2 configuration script s found 1020706 bytes free Netgear Switch script delete basic scr Are you sure you want to delete the configuration script s y n y 1 configuration script s deleted Example 3 script apply
32. RRP for the switch Netgear Switch Config ip vrrp 20 Assign virtual router IDs to the port that will particpate in the protocol Netgear Switch Config interface 1 0 4 Netgear Switch Interface 1 0 4 ip vrrp 20 Specify the IP address that the virtual router function will rec ognize Since the virtual IP address on port 1 0 4 is the same as Router 1 s port 1 0 2 actual IP address this router will always be the VRRP backup when Router 1 is active etgear Switch Interface 1 0 4 ip vrrp 20 ip 192 150 2 1 Set the priority for the port Ihe default priority is 100 etgear Switch Interface 1 0 4 ip vrrp 20 priority 254 Enable VRRP on the port etgear Switch Interface 1 0 4 ip vrrp 20 mode etgear Switch Interface 1 0 4 exit etgear Switch Config exit 6 4 Virtual Router Redundancy Protocol v1 1 May 2006 Chapter 7 Access Control Lists ACLs This section describes the Access Control Lists ACLs feature Overview Access Control Lists ACLs can control the traffic entering a network Normally ACLs reside in a firewall router or in a router connecting two internal networks When you configure ACLs you can selectively admit or reject inbound traffic thereby controlling access to your network or to specific resources on your network You can set up ACLs to control traffic at Layer 2 or Layer3 MAC ACLs are used for Layer 2 IP ACLs are used for Layers 3 Each ACL contains a set of rules that apply to inbou
33. Severity Port Status 1 192 168 21 253 critical 514 Active 18 4 Syslog v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 5 logging port configuration Netgear Switch Routing Netgear Switch Routing buffered cli command console host syslog Syslog Netgear Switch Routing lt hostaddress gt reconfigure remove Buffered In Memory Logging Configuration CLI Command Logging Configuration Console Logging Configuration Enter IP Address for Enter Logging Host IP Address Logging Host Reconfiguration Logging Host Removal config Config logging Logging Host Configuration Config logging host Netgear Switch Routing Config logging host 192 168 21 253 lt cr gt Press Enter to execute the command lt port gt Enter Port Id Netgear Switch Routing Config logging host 192 168 21 253 4 lt cr gt Press Enter to execute the command lt severitylevel gt Enter Logging Severity Level emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 info 6 debug 7 Netgear Switch Routing Enter to Config logging host 192 168 21 253 4 1 xecute the command Sor Press Netgear Switch Routing Netgear Switch Routing Config logging host 192 168 21 253 4 1 show logging hosts Index IP Address Severity Port Status 1 192 168 21 253 alert 4 Active Syslog 18 5 v1
34. Switc etgear Switc etgear Switc config Config interface 0 2 Interface 0 2 addport 1 1 Interface 0 2 exit Config interface 0 3 Interface 0 3 addport 1 1 Interface 0 3 exit Config interface 0 8 Interface 0 8 addport 1 2 Interface 0 8 exit Config interface 0 9 Interface 0 9 addport 1 2 Interface 0 9 exit Config exit DJ O2 OD vYPVYP PVP YP PVP VP YP YP Dp Example 3 Enable both LAGs By default the system enables link trap notification Console config Console Config port channel adminmode all Console Config exit At this point the LAGs could be added to VLANs 4 4 Link Aggregation v1 1 May 2006 Chapter 5 IP Routing Services IP routing services are divided into five areas e Port Routing e VLAN Routing e Routing Information Protocol RIP e Open Shortest Path First OSPF Protocol e Proxy Address Resolution Protocol ARP Port Routing The first networks were small enough for the end stations to communicate directly As networks grew Layer 2 bridging was used to segregate traffic a technology that worked well for unicast traffic but had problems coping with large quantities of multicast packets The next major development was routing where packets were examined and redirected at Layer 3 End stations needed to know how to reach their nearest router and the routers had to understand the network topology so tha
35. The tree consists of a combination of folders subfolders and configuration and status HTML pages You can think of the folders and subfolders as branches and the configuration and status HTML pages as leafs Only the selection of a leaf not a folder or subfolder will cause the display of a new HTML page A folder or subfolder has no corresponding HTML page The third area at the bottom right of the panel displays the currently selected device configuration status and or the user configurable information that you have selected from the tree view Configuring an SNMP V3 User Profile Configuring an SNMP V3 user profile is a part of user configuration Any user can connect to the switch using the SNMPv3 protocol but for authentication and encryption additional steps are needed Use the following steps to configure an SNMP V3 new user profile 1 Select System Configuration User Accounts from the hierarchical tree on the left side of the web interface 2 Using the User pulldown menu select Create to create a new user 2 2 Using the Web Interface v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide 3 Enter a new user name in the User Name field 4 Enter a new user password in the Password field and then retype it in the Confirm Password field Note If SNMPv3 Authentication is to be used for this user the password must be eight or more alphanumeric characters gt If you do not ne
36. ace range 1 0 1 1 0 2 conf if range 1 0 1 1 0 2 vlan participation include 10 conf if range 1 0 1 1 0 2 vlan pvid 10 conf if range 1 0 1 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 vlan participation include 20 Interface 1 0 3 vlan pvid 20 Interface 1 0 3 exit Config vlan port tagging all 10 Config vlan port tagging all 20 Config exit etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc Netgear Switc Netgear Switc etgear Switc etgear Switc etgear Switc DJ OO D OD DJD002000olooogoisogsiss m Example 2 Set Up VLAN Routing for the VLANs and the Switch The following code sequence shows how to enable routing for the VLANs vlan data Vlan vlan routing 10 Vlan vlan routing 20 Vlan exit Netgear Switch Netgear Switch Netgear Switch Netgear Switch This returns the logical interface IDs that will be used instead of slot port in subsequent routing commands Assume that VLAN 10 is assigned ID 3 1 and VLAN 20 is assigned ID 3 2 Enable routing for the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit 5 6 IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide The next sequence shows an example of configuring the IP addresses and
37. ace vlan 10 Interface vlan 10 ip rip Interface vlan 10 exit Config interface vlan 20 Interface vlan 20 ip rip Interface vlan 20 exit Config exit IP Routing Services 5 9 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide VLAN Routing OSPF Configuration For larger networks Open Shortest Path First OSPF is generally used in preference to RIP OSPF offers several benefits to the administrator of a large and or complex network e Less network traffic Routing table updates are sent only when a change has occurred Only the part of the table which has changed is sent Updates are sent to a multicast not a broadcast address e Hierarchical management allowing the network to be subdivided The top level of the hierarchy of an OSPF network is known as an autonomous system AS or routing domain and is a collection of networks with a common administration and routing strategy The AS is divided into areas intra area routing is used when a source and destination address are in the same area and inter area routing across an OSPF backbone is used when they are not An inter area router communicates with border routers in each of the areas to which it provides connectivity The 7000 Series Managed Switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route The order for choosing a route if more than one type of route e
38. alls off Can be saved to local server to monitor at a later point in time 18 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Interpreting Log Files 130 JAN 01 00 00 06 0 0 0 0 1 UNKN 0x800023 bootos c 386 4 Event 0xaaaaaaaa NL Nt S Pt f A B C D E F G H I Priority Timestamp Stack ID Component Name Thread ID File Name Aas HUA Dw p gt Line Number CLI Examples The following are examples of the commands used in the Syslog feature 18 2 Syslog v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 1 show logging Netgear Switch Routing show logging Logging Client Local Port 514 CLI Command Logging disabled Console Logging disabled Console Logging Severity Filter alert Buffered Logging enabled Syslog Logging enabled Log Messages Received 66 Log Messages Dropped 0 Log Messages Relayed 0 Log Messages Ignored 0 Example 2 show logging buffered Netgear Switch Routing show logging buffered cr Press Enter to execute the command Netgear Switch Routing show logging buffered Buffered In Memory Logging enabled Buffered Logging Wrapping Behavior On Buffered Log Count 2 66 1 JAN 01 00 00 02 0 0 0 0 0 UNKN 268434944 usmdb sim c 1205 1 Error 0 0x0 2 JAN 01 00 00 09 0 0 0 0 1 UNKN 268434944 bootos c 487 2 Event 0xaaaaaaaa 6
39. and how to use RIP and OSPF A port may be either a VLAN port or a router port but not both However a VLAN port may be part of a VLAN that is itself a router port VLAN Routing Configuration This section provides an example of how to configure 7000 Series Managed Switch to support VLAN routing The configuration of the VLAN router port is similar to that of a physical port The main difference is that after the VLAN has been created you must use the show ip vlan command to determine the VLAN s interface ID so that you can use it in the router configuration commands CLI Examples The diagram in this section shows a Layer 3 switch configured for port routing It connects two VLANS with two ports participating in one VLAN and one port in the other The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the VLAN routing support shown in the diagram Layer 3 Switch Port 142 VLAN Pon 1 03 VLAN Router Port 1 3 1 Router Port 1 3 2 192 150 3 1 192 150 4 1 PORT 1 0 1 Layer 2 Switch VLAN 10 Figure 5 2 IP Routing Services 5 5 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 1 Create Two VLANs The following code sequence shows an example of creating two VLANS with egress frame tagging enabled vlan data Vlan vlan 10 Vlan vlan 20 Vlan exit conf Config interf
40. ate Status Other Total Unicast Requests 1111 Failed Unicast Requests 361 Example 4 Configure SNTP Netgear switches do not have a built in real time clock However it is possible to use SNTP to get the time from a public SNTP NTP server over the Internet You may need permission from those public time servers The following steps configure SNTP on the switch 16 2 Simple Network Time Protocol SNTP v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide 1 Configure the SNTP server IP address The IP address can be either from the public NTP server or your own You can search the Internet to locate the public server The servers available could be listed in domain name format instead of address format In that case use the ping command on the PC to find the server s IP address The following example configures the SNTP server IP address to 208 14 208 19 Netgear Switch Config sntp server 208 14 208 19 2 After configuring the IP address enable SNTP client mode The client mode may be either broadcast mode or unicast mode If the NTP server is not your own you must use unicast mode Netgear Switch Config sntp client mode unicast 3 Once enabled the client will wait for the polling interval to send the query to the server The default value is approximately one minute After this period issue the show command to confirm the time has been received The ti
41. ay 2006 Chapter 16 Simple Network Time Protocol SNTP This section describes the Simple Network Time Protocol SNTP feature Overview SNTP Used for synchronizing network resources Adaptation of NTP Provides synchronized network timestamp Can be used in broadcast or unicast mode SNTP client implemented over UDP which listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature Example 1 show sntp Netgear Switch Routing show sntp cr Press Enter to execute the command client Display SNTP Client Information server Display SNTP Server Information 16 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 2 show snip client Netgear Switch Routing show sntp client Client Supported Modes unicast broadcast SNTP Version 4 Port 123 Client Mode unicast Unicast Poll Interval 6 Poll Timeout seconds 5 Poll Retry i Example 3 show sntp server Netgear Switch Routing show sntp server Server IP Address 811 169 155 234 Server Type ipv4 Server Stratum 3 Server Reference Id NTP Srv 212 186 110 32 Server Mode Server Server Maximum Entries 3 Server Current Entries 1 SNTP Servers IP Address 81 169 155 234 Address Type IPV4 Priority dl Version 4 Port 123 Last Update Time MAY 18 04 59 13 2005 Last Attempt Time MAY 18 11 59 33 2005 Last Upd
42. bnet IP mask gateway address range is from 0 0 0 0 to 255 255 255 255 copy nvram star Privileged Starts the configuration file upload displays the mode and type tup config EXEC of upload and confirms the upload is progressing ftp i e e ca The URL must be specified as xmodem lt filepath gt lt filename gt For example If the user is using HyperTerminal the user must specify where the file is going to be received by the PC Getting Started v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Table 1 1 Quick Start Commands nvram startup config Command Mode Description copy nvram error Privileged Starts the error log upload displays the mode and type of log tftp EXEC upload and confirms the upload is progressing lt ipaddress gt s Etilepatha seio The URL must be specified as name xmodem lt filepath gt lt filename gt copy nvram tra Privileged Starts the trap log upload displays the mode and type of upload plog lt tftp EXEC and confirms the upload is progressing lt ipaddress gt ve i lt filepath gt s tile The URL must be specified as name gt gt xmodem lt filepath gt lt filename gt copy lt tftp Privileged Sets the destination download datatype to be an image sys lt ipaddress gt EXEC tem image or a configuration file nvram startup config fil th file ees The URL must be specified as name gt gt nvram startup
43. c Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc 2D JD OD oO D 232000 000 005 0000 VV VP PyPy ps Switch Switch Switch figure the IP Switc Switc Switc pp p Enable RIP for the VLAN router ports Authentication will default to none and no default route entry will be created Switch Switch Switch Switch Switch Switch Switch the switch The route preference will default to 15 vlan data Vlan vlan 10 Vlan vlan 20 Vlan vlan routing 10 vlan routing 20 exit ip routing contig vlan port tagging all 10 vlan port tagging all 20 Config interface 1 0 2 Interface 1 0 2 vlan participation include 10 Interface 1 0 2 vlan pvid 10 Interface 1 0 2 exit Config interface 1 0 3 Interface 1 0 3 vlan participation include 20 Interface 1 0 3 vlan pvid 20 Interface 1 0 3 exit config Config interface vlan 10 Interface vlan 10 ip address 192 150 3 1 255 255 255 0 Interface vlan 10 exit Config interface vlan 20 Interface vlan 20 ip address 192 150 4 1 255 255 255 0 Interface vlan 20 exit Config router rip Config router enable Config router exit address and subnet mask for a non virtual router port Config interface 1 0 5 Interface 1 0 5 ip address 192 150 5 1 255 255 255 0 Interface 1 0 5 exit Config interf
44. d If you do not save the configuration all changes are lost when a you power down or reset the networking device In a stacking environment the running configuration is saved in all units of the stack Table 1 1 describes the command syntax the mode you must be in to execute the command and the purpose and output of the command Table 1 1 Quick Start Commands username Command Mode Description show hardware Privileged Shows hardware version MAC address and software version EXEC information show users Privileged Displays all of the users that are allowed to access the network EXEC ing device Access Mode shows whether you can change parameters on the networking device Read Write or can only view them Read Only As a factory default the admin user has Read Write access and the guest user has Read Only access There can only be one Read Write user There can be up to five Read Only users show User EXEC Displays all of the login session information loginsession users passwd Global Config Allows the user to set passwords or change passwords needed to login A prompt appears after the command is entered requesting the users old password In the absence of an old password leave the area blank User password should not be more than eight characters in length Getting Started 1 7 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Table 1 1 Quic
45. d e Minimum guaranteed bandwidth Maximum allowed bandwidth Per queue shaping e Queue management type 8 2 Class of Service CoS Queuing v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Tail drop vs WRED Drop Precedence Configuration per Queue e WRED parameters Minimum threshold Maximum threshold Drop probability Scale factor e Tail Drop parameters Threshold Per Interface Basis e Queue management type Tail Drop vs WRED Only if per queue config is not supported e WRED Decay Exponent e Traffic Shaping For an entire interface CLI Examples The following are examples of the commands used in the CoS Queuing feature Class of Service CoS Queuing 8 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 1 show classofservice trust Netgear Switch show classofservice trust cr Press Enter to execute the command Netgear Switch show classofservice trust Class of Service Trust Mode Dot1P Example 2 set classofservice trust mode Netgear Switch Config classofservice dotlp mapping Configure dotlp priority mapping ip dscp mapping Maps an IP DSCP value to an internal traffic class trust Sets the Class of Service Trust Mode of an Interface Netgear Switch Config classofservice trust dotlp Sets the Class of Service Trust Mode of an Interface to 802 1
46. e M ura bui hearin 15 1 Example t show monitor SOB SION 1ognicietecni dices bee meibet cedat sieex petere b bere v cedeE 15 2 Example 2 Show DOTA M 15 2 Example 3 show port interface sccccsissuscsueed scuanosetessJawisyecssdauderscetadudaresdsuuuounineneigudes 15 2 Example 4 Config monitor session 1 mode sssssseeee 15 3 Example 5 Config monitor session 1 source interface ssussssse 15 4 Example 6 Interface port Sec rity 5issunnisseccsn ri eesti sere 15 4 Chapter 16 Simple Network Time Protocol SNTP qi Luc san CT 16 1 EB zIlnjys We c 16 1 Exampe eS ND fas etatired Er 16 1 Exar ple ac SRON SnD Chem cnnic 16 2 Example d Show SHIT Seyer Lusia pe etna iA 16 2 Example 4 Configure SNTP 1 asian oranana iane aa tia d RUE ER Ru 16 2 Chapter 17 Pre Login Banner DUBII cocoa ates Ms ori EDI GERI aie arene 17 1 OLN BAINES qe 17 1 v1 1 May 2006 Chapter 18 Syslog EI Rd EU OO SL LLLI SEES 18 1 mri png me 18 1 Inteipreling Loo FIOS iussione e eder ade ard Eae RID ESQ tuer Sio Eos issc talla tere ete teen ty 18 2 em zciys We 18 2 Exaile mugs KD epo T 18 3 Example 42 show logging DUITIPBO c i csssieccivossaiecerssculagenissviedmiszesidececsseuloanlee viens 18 3 Example 353 snow Ipaa Traplogi iac eene
47. e equipment for example test transmitters in accordance with the regulations may however be subject to certain restrictions Please refer to the notes in the operating instructions The Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations Bestatigung des Herstellers Importeurs Es wird hiermit best tigt da das7000 Series Managed Switch gem der im BMPT AmtsbIVfg 243 1991 und Vfg 46 1992 aufgef hrten Bestimmungen entst rt ist Das vorschriftsm fige Betreiben einiger Ger te z B Testsender kann jedoch gewissen Beschr nkungen unterliegen Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung Das Bundesamt f r Zulassungen in der Telekommunikation wurde davon unterrichtet da dieses Ger t auf den Markt gebracht wurde und es ist berechtigt die Serie auf die Erf llung der Vorschriften hin zu berpr fen Voluntary Control Council for Interference VCCI Statement This equipment is in the Class B category information equipment to be used in a residential area or an adjacent area thereto and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas When used near a radio or TV receiver it may become the cause of radio interference
48. e the Queue Id assignment attribute Configure a match condition based on a CoS value Enter one of the following keywords to specify an Ethertype appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppo rarp Enter a four digit hexadecimal number in the range of 0x0600 to Oxffff to specify a custom Ethertype value vlan Configure a match condition based on a VLAN ID cr Press Enter to execute the command 7 8 Access Control Lists ACLs v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 5 show mac access lists Netgear Switch show mac access lists Current number of all ACLs 2 Maximum number of all ACLs 100 MAC ACL Name Rules Interface s Direction bl 1 1 0 5 inbound b2 1 Netgear Switch show mac access lists lt name gt Enter access list name up to 31 characters in length lt cr gt Press Enter to execute the command Netgear Switch show mac access lists bl lt cr gt Press Enter to execute the command Netgear Switch show mac access lists bl Rule Number 1 AGUMOLs igipedieg e Rr ed tetany ogee lames e Per N permit Matem wg e uet aire reet entes vd aver uut etus TRUE Access Control Lists ACLs v1 1 May 2006 7 9 NETGEAR 7000 Series Managed Switch Administration Guide 7 10 Access Control Lists ACLs v1 1 May 2006 Chapter 8 Class of Service CoS Queuing
49. ed authentication go to Step 9 6 To enable authentication use the Authentication Protocol pulldown menu to select either MDS or SHA for the authentication protocol If you do not need encryption go to Step 9 8 To enable encryption use the Encryption Protocol pulldown menu to select DES for the encryption scheme Then enter in the Encryption Key field an encryption code of eight or more alphanumeric characters 9 Click Submit Command Buttons The following command buttons are used throughout the Web interface panels for the switch Save Pressing the Save button implements and saves the changes you just made Some settings may require you to reset the system in order for them to take effect Refresh Pressing the Refresh button that appears next to the Apply button in Web interface panels refreshes the data on the panel Submit Pressing the Submit button sends the updated configuration to the switch Configuration changes take effect immediately but these changes are not retained across a power cycle unless a save is per formed Using the Web Interface 2 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide 2 4 v1 1 May 2006 Using the Web Interface Chapter 3 Virtual LANs Adding Virtual LAN VLAN support to a Layer 2 switch offers some of the benefits of both bridging and routing Like a bridge a VLAN switch forwards traffic based on the Layer 2 header which is fast and like a
50. elnet Establishes an outbound telnet connection between a device and a remote host Atelnet connection is initiated each side of the connection is assumed to originate and terminate at a Network Virtual Terminal NVT e Server and user hosts do not maintain information about the characteristics of each other s terminals and terminal handling conventions e Must use a valid IP address CLI Examples The following are examples of the commands used in the Outbound Telnet feature 14 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 1 show network Netgear Switch Routing gt telnet 192 168 77 151 Trying 192 168 77 151 Netgear Switch Routing User admin P P assword etgear Switch Routing gt en assword Netgear Switch Routing show network TRY Addres Soer uei a Sie a uite uu E 192 168 77 151 Subnet Masks eu 6 che oe 8 Sie xdi outa e Galo ee eb 295 255 2550 Default Gateway leg ee eta Siege e e e inire 192 168 77 127 Burned In MAC Address 00 10 18 82 04 E9 Locally Administered MAC Address 00 00 00 00 00 00 MAC Address TYpQ v eR ew vA UT Burned In Network Configuration Protocol Current DHCP Management WVLAN ED weieto eec e gsm o Ee 1 Web MOOG cauce irr EO Ir erento eae AA S Reg RU Enable Jaya Mde vet ors ace ah Sadie a Rees E ele S EE RTL GNE Disable Example 2 show telnet Netgear S
51. ending the portfolio of supported switching silicon to the broadest range in the industry e Increasing the software s Quality of Service and Class of Service capabilities with integrated Layer 2 3 and 4 Access Control Lists e Improving switch s industry leading Switching package with new features in the areas of IGMP port mirroring and others xiii v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Xiv v1 1 May 2006 Chapter 1 Getting Started Connect a terminal to the switch to begin configuration In band and Out of band Connectivity Ask the system administrator to determine whether you will configure the switch for in band or out of band connectivity Configuring for In band Connectivity In band connectivity allows you to access the switch from a remote workstation using the Ethernet network To use in band connectivity you must configure the switch with IP information IP address subnet mask and default gateway Configure for In band connectivity using one of the following methods e BootP or DHCP e EIA 232 port Using BootP or DHCP You can assign IP information initially over the network or over the Ethernet service port through BootP or DHCP Check with your system administrator to determine whether BootP or DHCP is enabled You need to configure the BootP or DHCP server with information about the switch obtain this information through the serial port connection usi
52. ere Hb ada ted eb d d VP da E adn fiit COO RUD T uua etacuci ost aeu ott asus Fo aa annt antra t Earn da Mittal Configuration Procedura cx ueczcccseecrcete terere unter sottware Instellaligly sesimin Quick Starting the Networking Device ssss System Information and System Setup Chapter 2 Using the Web Interface Ganliqudang for Web ACCESS Loi oer de a ke rS enia Starting the Web Interlace assesses tears enhancer Web Fage Er Configuring an SNMP V3 User Profile ssse ra nciysi ihis cec Chapter 3 Virtual LANs VLAN Configuration Example iusso cicuiies eot t quiae Ese IN deo eee quo gU b epeDA DLL ESSIDEUBS cineri d Mc Eph M EDU REM DN RR RMIR Example 1 Create Two VLANS sse Example 2 Assign Ports to VLANe2 sssr Contents v1 1 May 2006 Example 33 Assn Pars fia YLANG casses eidem appe ciiin Lire brec dust teta 3 3 Example 4 Assign VLAN3 as the Default VLAN sese 3 3 Tree BNET Men METRE EE 3 4 Chapter 4 Link Aggregation ELE oia ncs tupolas box Ga Fab das xcsfiotnl Greed Sc besar a D nets 4 1 Example T Cree Bio LS sanera ur EUUNA US Qepub rb beg teo rer Rx a EA DRE RE 4 3 Example 2 Add the parts tothe LAGS 12s ede hebben Dia hen LR GM IERI SR EDO 4 4 Example S Enable both iL E sis cesta parie xf cus Ee trad acis opa ud CHA d Eu 4 4 Chapter 5 IP Routing Services aol I E
53. erface 1 0 2 Switch Interface 1 0 2 service policy in internet_access Switch Interface 1 0 2 exit Switch Config interface 1 0 3 Switch Interface 1 0 3 service policy in internet_access Switch Interface 1 0 3 exit Switch Config interface 1 0 4 Switch Interface 1 0 4 service policy in internet_access Switch Interface 1 0 4 exit Set the CoS queue configuration for the presumed egress inter face 1 0 5 such that each of queues 1 2 3 and 4 get a minimum guaranteed bandwidth of 25 All queues for this interface use weighted round robin scheduling by default The DiffServ inbound policy designates that these queues are to be used for the departmental traffic through the assign queue attribute It is presumed that the switch will for ward this traffic to interface 1 0 5 based on a normal destination address lookup for internet traffic Switch Config interface 1 0 5 Switch Interface 1 0 5 cos queue min bandwidth 0 25 25 25 25 0 00 Switch Interface 1 0 5 exit Switch Config exit DiffServ for VolP Configuration Example One of the most valuable uses of DiffServ is to support Voice over IP VoIP VoIP traffic is inherently time sensitive for a network to provide acceptable service a guaranteed transmission rate is vital This example shows one way to provide the necessary quality of service how to set up Differentiated Services v1 1 May 2006 NETGEAR 7000 Series Mana
54. ervices Xi v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide e Multicast IGMP Snooping e Security Denial of Service Port Security e Operating System Dual Configuration e Tools Alarm Manager Traceroute Configuration Scripting Advance Keying Prelogin Banner Port Mirroring SNTP Syslog Data Migration Audience Use this guide if you are a n e Experienced system administrator who is responsible for configuring and operating a network using switch software e Level 1 and Level 2 Support provider To obtain the greatest benefit from this guide you should have an understanding of the switch software base and should have read the specification for your networking device platform You should also have a basic knowledge of Ethernet and networking concepts CLI Documentation The Command Line Reference provides information about the CLI commands used to configure the switch and the stack The document provides CLI descriptions syntax and default values Xii v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Refer to the Command Line Reference for information for the command structure Related Documentation Before proceeding read the Release Notes for this switch product The Release Notes detail the platform specific functionality of the Switching Routing SNMP Config Management and other packages e Ext
55. ession 1 mode Port Mirroring 15 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 5 Config monitor session 1 source interface Specify the source mirrored ports and destination probe port etgear Switch Routing Config monitor session 1 source interface Configure interface etgear Switch Routing Config monitor session 1 source interface lt slot port gt Enter the interfac etgear Switch Routing Config monitor session 1 source interface 0 7 etgear Switch Routing Config monitor session 1 destination interface Configure interface etgear Switch Routing Config monitor session 1 destination interface slot port gt Enter the interfac etgear Switch Routing Config monitor session 1 destination interface 0 8 A Example 6 Interface port security Netgear Switch Routing Interface 0 7 4port security lt cr gt Press Enter to execute the command mac address Add Static MAC address to the interface max dynamic Set Dynamic Limit for the interface max static Set Static Limit for the interface Netgear Switch Routing Interface 0 7 f4port security max static 0 20 Set Static Limit for the interface Netgear Switch Routing Interface 0 7 f4port security max static 5 Netgear Switch Routing Interface 0 7 4port security max dynamic 10 15 4 Port Mirroring v1 1 M
56. fig interface 1 0 3 Interface 1 0 3 routing Interface 1 0 3 ip address 192 150 3 1 255 255 255 0 Interface 1 0 3 exit Config exit PY PND YP PVP YP YP YP Example 3 Enable RIP for the Switch The next sequence enables RIP for the switch the route preference defaults to 15 Switch Switch config Config router rip Config router enable Config router exit Config exit Switch Switch Switch 5 14 IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 4 Enable RIP for ports 1 0 2 and 1 0 3 This command sequence enables RIP for ports 1 0 2 and 1 0 3 Authentication defaults to none and no default route entry is created The commands specify that both ports receive both RIPv1 and RIPv2 frames but send only RIPv2 formatted frames config Config interface 1 0 2 Interface 1 0 2 ip rip Interface 1 0 2 ip rip receive version both Interface 1 0 2 ip rip send version rip2 Interface 1 0 2 exit Config interface 1 0 3 etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc Interface 1 0 3 ip rip Interface 1 0 3 ip rip receive version both Interface 1 0 3 ip rip send version rip2 Interface 1 0 3 Config exit exit H D P o o D ee ee
57. ged Switch Administration Guide a class for UDP traffic have that traffic marked on the inbound side and then expedite the traffic on the outbound side The configuration script is for Router 1 in the accompanying diagram a similar script should be applied to Router 2 Layer 3 Switch LLLI LT EI III operating ae Router 1 WMilfesemegesene Por 1 0 3 Internet Layer 3 Switch EE operating as Router 2 PERRE Figure 9 2 Differentiated Services 9 5 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide The following example configures DiffServ VoIP support Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Netgear Enter Global Config mode Set queue 5 on all ports to use strict priority mode This queue shall be used for all VoIP packets Activate DiffServ for the switch Switch config Switch Config cos queue strict 5 Switch Config diffserv Create a DiffServ classifier named class voip and define a sin gle match criterion to detect UDP packets The class type match all indicates that all match criteria defined for the class must be satisfied in order for a packet to be considered a match Switch Config class map match all class voip Switch Config class map fmatch protocol udp Switch Config class map exit Create a second DiffServ classifier named class ef and define a single match criterion to detect a DiffServ
58. guration To specify the handling of untagged frames on receipt and whether frames will be transmitted tagged or untagged 3 4 Virtual LANs v1 1 May 2006 Chapter 4 Link Aggregation This section includes instructions on configuring Link Aggregation using the Command Line Interface and the Graphical User Interface Link Aggregation LAG allows the switch to treat multiple physical links between two end points as a single logical link All of the physical links in a given LAG must operate in full duplex mode at the same speed Link Aggregation can be used to directly connect two switches when the traffic between them requires high bandwidth and reliability or to provide a higher bandwidth connection to a public network LAG offers the following benefits e Increased reliability and availability if one of the physical links in the LAG goes down traffic is dynamically and transparently reassigned to one of the other physical links Better use of physical resources traffic can be load balanced across the physical links e Increased bandwidth the aggregated physical links deliver higher bandwidth than each individual link e Incremental increase in bandwidth A physical upgrade could produce a 10 times increase in bandwidth LAG produces a two or five times increase useful if only a small increase is needed Management functions treat a LAG as if it were a single physical port You can include a LAG in a VLAN You ca
59. h Config mac access list permit any any 7 6 Access Control Lists ACLs v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 3 Configure mac access group Netgear Switch Config interface 1 0 5 Netgear Switch Interface 1 0 5 mac access group Attach MAC Access List to Interface Netgear Switch Interface 1 0 5 mac access group name Enter name of MAC Access Control List Netgear Switch Interface 1 0 5 mac access group bl in Enter the direction in Netgear Switch Interface 1 0 5 mac access group bl in cr Press Enter to execute the command lt 1 4294967295 gt Enter the sequence number greater than 0 to rank precedence for this interface and direction A lower sequence number has higher precedence Netgear Switch Interface 1 0 5 mac access group b1 in Access Control Lists ACLs 7 7 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 4 permit lt dstmac gt any access queue cos ethertypekey 0x0600 0xffff Netgear Switch Config mac access list extended b2 Netgear Switch Config mac access list permit 00 00 00 00 00 00 Enter a MAC Address Configure a a match condition for all the destination MAC addresses in the Destination MAC Address field Netgear Switch Config mac access list permit 00 00 00 00 00 00 any Configur
60. h Administration Guide P Precedence IP DiffServ Code Point DSCP The system can assign service level based upon the 802 1p priority field of the L2 header You configure this by mapping the 802 1p priorities to one of three traffic class queues These queues are e Queue 2 Minimum of 50 of available bandwidth e Queue Minimum of 33 of available bandwidth e Queue 0 Lowest priority minimum of 17 of available bandwidth For untagged traffic you can specify default 802 1p priority on a per port basis Untrusted Ports e No incoming packet priority designation is trusted therefore the port default priority value is used e All ingress packets from Untrusted ports where the packet is classified by an ACL or a DiffServ policy are directed to specific CoS queues on the appropriate egress port That specific CoS queue is determined by either the default priority of the port or a DiffServ or ACL assign queue attribute e Used when trusted port mapping is unable to be honored i e when a non IP DSCP packet arrives at a port configured to trust IP DSCP CoS Queue Configuration CoS queue configuration involves port egress queue configuration and drop precedence configuration per queue The design of these on a per queue per drop precedence basis allows the user to create the desired service characteristics for different types of traffic Port Egress Queue Configuration e Scheduler Type Strict vs Weighte
61. he switch Netgear Switch Config ip vrrp Assign virtual router IDs to the port that will particpate in the protocol Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 ip vrrp 20 Specify the IP address that the virtual router function will rec ognize Note that the virtual IP address on port 1 0 2 is the same as the port s actual IP address therefore this router will always be the VRRP master when it is active And the priority default is 255 Netgear Switch Interface 1 0 2 ip vrrp 20 ip 192 150 2 1 Enable VRRP on the port Netgear Switch Interface 1 0 2 ip vrrp 20 mode Netgear Switch Interface 1 0 2 exit Netgear Switch Config exit Virtual Router Redundancy Protocol 6 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the backup router Enable routing for the switch IP forwarding will then be enabled by default Netgear Switch config Netgear Switch Config ip routing Configure the IP addresses and subnet masks for the port that will particpate in the protocol Netgear Switch Config interface 1 0 4 Netgear Switch Interface 1 0 4 routing Netgear Switch Interface 1 0 4 ip address 192 150 4 1 255 255 255 0 Netgear Switch Interface 1 0 4 exit Enable V
62. ing copy tftp 192 168 77 52 banner txt nvram clibanner Modessa A M TFTP Set TEIP SOrvef IP exe o ma SOROR E hcm BORA ede 192 168 77 52 ETP Paths Iuexse e EA Rc CETUR A o E CET cR sf EPP OHIO TIG ero 2 aiai eR E EE E E e a E Ea banner txt Data TY Pe riedant aa eke tie a a e die a eek wwe Cli Banner Are you sure you want to start y n y CLI Banner file transfer operation completed successfully Netgear Switch Routing exit Netgear Switch Routing gt logout Login Banner Unauthorized access is punishable by law User i Note The command no clibanner removes the banner from the switch 17 2 Pre Login Banner v1 1 May 2006 Chapter 18 Syslog This section provides information about the Syslog feature Overview Syslog Allows you to store system messages and or errors Can store to local files on the switch or a remote server running a syslog daemon Method of collecting message logs from many systems Persistent Log Files Currently three one for each of the last three sessions Each log has two parts Start up log is the first 32 messages after system startup Operational log is the last 32 messages received after the startup log is full Files are stored in ASCII format SlogO txt slog2 txt ologO txt olog2 txt Where 0 is for the boot is for the last boot 2 is for the boot before that and the third one f
63. ion The wizard sets up the following configuration on the switch e Establishes the initial privileged user account with a valid password The wizard configures one privileged user account during the set up Enables CLI login and HTTP access to use the local authentication setting only Sets up the IP address for the management interface e Sets up the SNMP community string to be used by the SNMP manager at a given IP address You may choose to skip this step if SNMP management is not used for this switch e Allows you to specify the management server IP or permit SNMP access from all IP addresses e Configures the default gateway IP address Getting Started 1 5 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Software Installation This section contains procedures to help you become acquainted quickly with the switch software Before installing switch software you should verify that the switch operates with the most recent firmware Quick Starting the Networking Device 1 Configure the switch for In band or Out of Band connectivity In band connectivity allows access to the software locally or from a remote workstation You must configure the device with IP information IP address subnet mask and default gateway 2 Turn the Power ON Allow the device to load the software until the login prompt appears The device initial state is called the default mode 4 When the prompt asks for
64. ion per Queue eese 8 3 Fer Interface BOIS noocadssceeqdp denn ise pe veas d ddr S d REA eae 8 3 Ga cic MM pce Gans mriausonetapsepenrend netomat eae 8 3 Example 1 snow classofservice WUSU sciccecescciteccssnrecdenannnendsccusiwersuccenniweesannnnnnlae 8 4 v1 1 May 2006 vii Example 2 set classotservice trust mode Lecce iaaiiai 8 4 Example 3 show classofservice ip precedence mapping 8 5 Example 4 Configure Cos queue Min bandwidth and Strict Priority Scheduler Mode 8 5 Example 5 Set CoS Trust Mode of an Interface sse 8 6 Ei remises NEN TUTTO 8 6 PW EW IG foriris ia taut a a aa 8 6 Exampe TI Taie ShD m rm 8 7 Chapter 9 Differentiated Services E E eiea E zb pda a A O a OA 9 2 DiffServ tor VolP Gonguration Example serirsresiisseiereiiiisineena Pee dd du RE CE Xa RR iniiai 9 4 Chapter 10 IGMP Snooping BU 10 1 EL UU er het ea E aaikun Danae dr A E A etit UnSd esed orca DU DE Em Gade 10 1 Example 1 Enable IGMP Snooping i sccsaiccscssctdniedictaaeleg te abvigdactameiadusiostuleaebarieaae 10 1 Example 2 show OMPSNOODINO 2 55 ak ERR ERREUR RERO I ened eset pRETRRE RUE 10 2 Example 3 show mac address table igmpsnooping eesessssss 10 2 Chapter 11 Port Security UI E PEE E T OE 11 1 Bici m P 11 2 E ESTIS painian Duis castus Econo
65. ity and ready for Web based management Configuring for Out Of Band Connectivity To monitor and configure the switch using out of band connectivity use the console port to connect the switch to a terminal desktop system running terminal emulation software The console port connector is a male DB 9 connector implemented as a data terminal equipment DTE connector The following hardware is required to use the console port VT100 compatible terminal or a desktop or a portable system with a serial port running VT100 terminal emulation software An RS 232 crossover cable with a female DB 9 connector for the console port and the appropriate connector for the terminal Perform the following tasks to connect a terminal to the switch console port using out of band connectivity 1 Connect an RS 232 crossover cable to the terminal running VT100 terminal emulation software Configure the terminal emulation software as follows Select the appropriate serial port serial port 1 or serial port 2 to connect to the console a b Setthe data rate to 115 200 baud e Set the data format to 8 data bits 1 stop bit and no parity R Set the flow control to none Getting Started 1 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide e Select the proper mode under Properties f Select Terminal keys Note When using HyperTerminal with Microsoft Windows 2000 make sure that you have Wi
66. k Start Commands path gt lt filename gt gt Command Mode Description copy system run Privileged Saves passwords and all other changes to the device ccs i EXEC If you do not save the configuration all changes are lost when BOR fig i you power down or reset the networking device In a stacking environment the running configuration is saved in all units of the stack logout User EXEC Logs the user out of the networking device Privileged EXEC show network User EXEC Displays the following network configuration information P Address IP Address of the interface default 0 0 0 0 e Subnet Mask IP Subnet Mask for the interface default 0 0 0 0 Default Gateway The default Gateway for this interface default 0 0 0 0 Burned in MAC Address The Burned in MAC Address used for in band connectivity Locally Administered MAC Address Can be configured to allow a locally administered MAC address MAC Address Type Specifies which MAC address should be used for in band connectivity Network Configurations Protocol Current Indicates which network protocol is being used default none Management VLAN Id Specifies VLAN id Web Mode Indicates whether HTTP Web is enabled Java Mode Indicates whether java mode is enabled network parms Privileged Sets the IP address subnet mask and gateway of the router The lt ipaddr gt net EXEC IP address and the gateway must be on the same su
67. ly v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Operation Port Security e M Helps secure network by preventing unknown devices from forwarding packets e When link goes down all dynamically locked addresses are freed e Ifa specific MAC address is to be set for a port set the dynamic entries to 0 then only allow packets with a MAC address matching the MAC address in the static list e Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the age out time The user can set the time out value e Dynamically locked MAC addresses are eligible to be learned by another port e Static MAC addresses are not eligible for aging e Dynamically locked addresses can be converted to statically locked addresses 11 2 Port Security v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide CLI Examples The following are examples of the commands used in the Port Security feature Example 1 show port security Netgear Switch show port security cr Press Enter to execute the command all Display port security information for all interfaces lt unit slot port gt Enter interface in unit slot port format dynamic Display dynamically locked MAC addresses static Display statically locked MAC addresses violation Display the source MAC address of the last packet that was discarded on a locked port Netgear
68. me will be used in all logging messages Netgear Switch show sntp server Server IP Address 208 14 208 19 Server Type ipv4 Server Stratum 4 Server Reference Id NTP Srv 208 14 208 3 Server Mode Server Server Maximum Entries 3 Server Current Entries T SNTP Servers IP Address 208 14 208 19 Address Type IPV4 Priority 1 Version 4 Port 123 Last Update Time Mar 26 03 36 09 2006 Last Attempt Time Mar 26 03 36 09 2006 Last Update Status Success Total Unicast Requests 2 Failed Unicast Requests 0 Simple Network Time Protocol SNTP 16 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide 16 4 Simple Network Time Protocol SNTP v1 1 May 2006 Chapter 17 Pre Login Banner This section describes the Pre Login Banner feature Overview Pre Login Banner e Allows you to create message screens when logging into the CLI Interface e By default no Banner file exists e Can be uploaded or downloaded File size cannot be larger than 2K The Pre Login Banner feature is only for the CLI interface CLI Example To create a Pre Login Banner follow these steps 1 On your PC using Notepad create a banner txt file that contains the banner to be displayed Login Banner Unauthorized access is punishable by law 17 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide 2 Transfer the file from the PC to the switch using TFTP Netgear Switch Rout
69. mples The examples in this section show you how to configure a 7000 Series Managed Switch first as an inter area router and then as a border router They show two areas each with its own border router connected to one inter area router The first diagram shows a network segment with an inter area router connecting areas 0 0 0 2 and 0 0 0 3 The example script shows the commands used to configure a 7000 Series Managed Switch as the inter area router in the diagram by enabling OSPF on port 1 0 2 in area 0 0 0 2 and port 1 0 3 in area 0 0 0 3 5 16 IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 1 Configuring an Inter Area Router Layer 3 Switch acting as an inter area Router Port 1 03 10215031 Border LA 2424 LLLI Router e t te etu Figure 5 5 Enable Routing for the Switch The following command sequence enables ip routing for the switch Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config exit Assign IP Addresses for Ports The following sequence enables routing and assigns IP addresses for ports 1 0 2 and 1 0 3 etgear Switch config etgear Switch Config interface 1 0 2 etgear Switch Interface 1 0 2 routing etgear Switch Interface 1 0 2 ip address 192 150 2 1 255 255 255 0 etgear Switch Interface 1 0 2 exit etgear Switch Config 4interface 1 0 3 etgear Swi
70. n configure more than one LAG for a given switch CLI Example This section provides an example of configuring the software to support Link Aggregation LAG to a server and to a Layer 3 switch 4 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Figure 4 1 shows the example network Port 103 Layer 3 Switch Subnet 2 Subnet 3 Figure 4 1 4 2 v1 1 May 2006 Link Aggregation NETGEAR 7000 Series Managed Switch Administration Guide Example 1 Create two LAGS config Config port channel lag_10 Config port channel lag 20 Config exit Netgear Switch Netgear Switch Netgear Switch Netgear Switch Use the show port channel all command to show the logical interface ids you will use to identify the LAGs in subsequent commands Assume that lag_10 is assigned id 1 1 1 and lag_20 is assigned id 1 1 2 Console show port channel all Port Link Log Channel Adm Trap STP Mbr Port Port Intf Name Link Mode Mod Mod Typ Ports Speed Active 1 1 1 lag 10 Down En En Dis Dynamic 1 1 2 lag 20 Down En En Dis Dynamic Link Aggregation 4 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 2 Add the ports to the LAGs etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear Switc etgear
71. n ports 1 0 2 1 0 3 and 1 0 5 The router ID will be set to the 7000 Series Managed Switch s management IP address or to that of any active router interface if the management address is not configured After the routing configuration commands have been issued the following functions will be active e IP Forwarding responsible for forwarding received IP packets ARP Mapping responsible for maintaining the ARP Table used to correlate IP and MAC addresses The table contains both static entries and entries dynamically updated based on information in received ARP frames e Routing Table Object responsible for maintaining the common routing table used by all registered routing protocols You may then activate RIP or OSPF used by routers to exchange route information on top of IP Routing RIP is more often used in smaller networks while OSPF was designed for larger and more complex topologies 5 2 IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide CLI Examples This diagram shows a Layer 3 switch configured for port routing It connects three different subnets each connected to a different port The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the port routing support shown in the diagram Layer 3 Switch acing as a router mui i E E E E ee T Port 102 Port 105 192 150 22 192 64 4 1 Port 1 0 3 192 130 3 1 biisii
72. nd traffic Each rule specifies whether the contents of a given field should be used to permit or deny access to the network and may apply to one or more of the fields within a packet Limitations The following limitations apply to ACLs These limitations are platform dependent e Maximum of 100 ACLs e Maximum rules per ACL is 8 10 e Stacking systems do not support redirection The system does not support MAC ACLs and IP ACLs on the same interface The system supports ACLs set up for inbound traffic only MAC ACLs MAC ACLs are Layer 2 ACLs You can configure the rules to inspect the following fields of a packet limited by platform e Source MAC address with mask 7 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide e Destination MAC address with mask e VLAN ID or range of IDs e Class of Service CoS 802 1p e Ethertype e L2 ACLs can apply to one or more interfaces e Multiple access lists can be applied to a single interface sequence number determines the order of execution e You cannot configure a MAC ACL and an IP ACL on the same interface Youcan assign packets to queues using the assign queue option e You can redirect packets using the redirect option Configuring IP ACLs IP ACLs classify for Layer 3 Each ACL is a set of up to ten rules applied to inbound traffic Each rule specifies whether the contents of a given field should be used to permit or deny access to the
73. nded name renam Rename MAC Access Control List Netgear Switch Config mac access list extended bl lt cr gt Press Enter to execute the command Netgear Switch Config mac access list extended bl Enter access list name up to 31 characters in length Access Control Lists ACLs v1 1 May 2006 7 5 NETGEAR 7000 Series Managed Switch Administration Guide Example 2 permit any Netgear Switch Config mac access list permit srcmac Enter a MAC address any Configure a match condition for all the destination MAC addresses in the Destination MAC Address field Netgear Switch Config mac access list permit any lt dstmac gt Enter a MAC address any Configure a match condition for all the destination MAC addresses in the Destination MAC Address field Netgear Switch Config mac access list permit any any assign queue Configure the Queue Id assignment attribute cos Configure a match condition based on a CoS value ethertypekey Enter one of the following keywords to specify an Ethertype appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppo rarp 0x0600 0xffff Enter a four digit hexadecimal number in the range of 0x0600 to Oxffff to specify a custom Ethertype value vlan Configure a match condition based on a VLAN ID cr Press Enter to execute the command Netgear Switc
74. ndows 2000 Service Pack 2 or later installed With Windows 2000 Service Pack 2 the arrow keys function properly in HyperTerminal s VT100 emulation Go to www microsoft com for more information on Windows 2000 service packs 3 Connect the female connector of the RS 232 crossover cable directly to the switch console port and tighten the captive retaining screws Starting the Switch 1 Make sure that the switch console port is connected to a VT100 terminal or VT100 terminal emulator via the RS 232 crossover cable Locate an AC power receptacle 2 3 Deactivate the AC power receptacle 4 Connect the switch to the AC receptacle 5 Activate the AC power receptacle When the power is turned on with the local terminal already connected the switch goes through a power on self test POST POST runs every time the switch is initialized and checks hardware components to determine if the switch is fully operational before completely booting If POST detects a critical problem the startup procedure stops If POST passes successfully a valid executable image is loaded into RAM POST messages are displayed on the terminal and indicate test success or failure The boot process runs for approximately 60 seconds Initial Configuration The initial simple configuration procedure is based on the following assumptions e The switch was not configured before and is in the same state as when you received it e The switch booted s
75. nere esee cene ceni en Yen en one p cer 18 4 Example 4 show logging HOSTS 2e enii eiae erecti Ere denote pic rbU osteo ncc 18 4 Example 5 logging port configuration Lesasicee cedat eere rante exar Fere aceite endo p eren RUE 18 5 v1 1 May 2006 About This Book This document provides an understanding of the CLI and Web configuration options for software Release 4 3 features Document Organization This document provides examples of the use of the switch software in a typical network It describes the use and advantages of specific functions provided by the 7000 Series Managed Switch and includes information on configuring those functions using the Command Line Interface and Web Interface The switch software can operate as a Layer 2 switch a Layer 3 router or a combination switch router The switch also includes support for network management and Quality of Service functions such as Access Control Lists and Differentiated Services Which functions you choose to activate will depend on the size and complexity of your network this document describes configuration for some of the most used functions This document contains configuration information about the following e Layer 2 VLANs Routing Layer 3 Port routing VLAN Routing Virtual Router Redundancy Protocol VRRP RIP OSPF Proxy ARP e Quality of Service QoS Access Control Lists ACLs Class of Service CoS Differentiated S
76. ng the show network command Set up the server with the following values IP Address Unique IP address for the switch Each IP parameter is made up of four decimal numbers ranging from 0 to 255 The default for all IP parameters is zeroes 0 0 0 0 Subnet Subnet mask for the LAN gateway IP address of the default router if the switch is a node outside the IP range of the LAN 1 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide MAC Address MAC address of the switch When you connect the switch to the network for the first time after setting up the BootP or DHCP server it is configured with the information supplied above The switch is ready for in band connectivity over the network If you do not use BootP or DHCP access the switch through the EIA 232 port and configure the network information as described below Using the EIA 232 Port You can use a locally or remotely attached terminal to configure in band management through the EIA 232 port 1 To use a locally attached terminal attach one end of a null modem serial cable to the EIA 232 port of the switch and the other end to the COM port of the terminal or workstation For remote attachment attach one end of the serial cable to the EIA 232 port of the switch and the other end to the modem 2 Set up the terminal for VT100 terminal emulation a Set the terminal ON b Launch the VT100 application c Configure the COM port as follows e Se
77. ntrol Lists ACLs 7 3 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide The following is an example of configuring ACL support on a 7000 Series Managed Switch Create ACL 101 Define the first rule it will permit packets with a match on the specified Source IP address after the mask has been applied that are carrying TCP traffic and are sent to the specified Destination IP address Netgear Switch config Netgear Switch Config access list 101 permit tcp 192 168 77 0 0 0 0 255 192 178 77 0 0 0 0 255 Define the second rule for ACL 101 Define the rule to set similar conditions for UDP traffic as for TCP traffic Netgear Switch Config saccess list 101 permit udp 192 168 77 0 0 0 0 255 192 178 77 0 0 0 0 255 Apply the rule to inbound traffic on port 1 0 2 Only traffic matching the criteria will be accepted Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 ip access group 101 in Netgear Switch Interface 1 0 2 exit Netgear Switch Config exit MAC ACL CLI Examples The following are examples of the commands used for the MAC ACLs feature 7 4 Access Control Lists ACLs v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 1 mac access list Netgear Switch Config mac access list extended Configure extended MAC Access List parameters Netgear Switch Config mac access list exte
78. o LO S OE DTE 5 1 Per Routing Commer ation ases Laconica Feed eor doa Hcc ce a Pd abb 5 2 GELE CAPE E dois cdidit aao diduct e Esas mccain pida D i dtum 5 3 Example 1 Enabling routing for the SWtehi i a rare resina 5 3 Example 2 Enabling Routing for Ports on the Switch ssussssse 5 4 VE N ERE DER osos Gne eR Eo GERE EF Pra eR Ret Pe Gade ee buta tetra nete eat vasa ote tede CERE EP uS entes cS 5 4 VLAN Ere vg M 5 5 M ule NR UU TT 5 5 Example 1T Greate Two VLAMs 5 cascsicdsciscevecatenccoseastcesedicegiscabnisscnbansiacddbrmeniedseis 5 6 Example 2 Set Up VLAN Routing for the VLANs and the Switch 5 6 VLAN Routing RIP Onn guration icrai aaa DD dcc Db beu gus rab 5 7 AN EU e 5 8 VLAN Rooting OSPF Configufallg iicet atta apri a Kc mes 5 10 Bac CI a EE 5 10 einen asc Mace r 5 12 FUIL SO DERBI coe edes een Re Ronen Renter ee Fou auk Yard RNV oS kia d ORUM ERU 5 12 GEVE Ka mere EIS IRSE SIM 5 13 Example 1 Enable Routing for the Switch 0 0 0 0 cesesseesecceseeeeeeneeeeeeeeneeses 5 13 Example 2 Enable Routing for POMS uiia secet escribe e seiner ko das stak kdo cie 5 14 Example 3 Enable RIP for the SWITOD ice et recicentt re ie Eee nent n eset vomae 5 14 Example 4 Enable RIP for ports 1 0 2 and 1 0 83 nen 5 15 ric e C rr 5 15 BaEzI njn s 5 16 Example 1 Configuring an Inter Area Router
79. ommand output shows each IP address the packet passes through and how long it takes to get there In this example the packet takes 16 hops to reach its destination Netgear Switc ipaddr Netgear Switc h traceroute Enter IP address h traceroute 216 109 118 74 cr Press port Netgear Switc Enter to execute the command Enter port no h traceroute 216 109 118 74 Tracing route over a maximum of 20 hops 1 10 254 24 1 40 ms 9 ms 10 ms 2 T04254 252 1 30 ms 49 ms 21 ms 3 62 2317 23 33 29 ms 10 ms 10 ms 4 63 144 4 1 39 ms 63 ms 67 ms 5 63 144 1 141 70 ms 50 ms 50 ms 6 205 171 21 89 39 ms 70 ms 50 ms T 205217138 054 70 ms 50 ms 70 ms 8 205 171 8 222 70 ms 50 ms 80 ms 9 205171 25 1 34 60 ms 90 ms 50 ms 10 209 244 219 181 60 ms 70 ms 70 ms 11 209 244 11 9 60 ms 60 ms 50 ms 12 4 68 121 146 50 ms 70 ms 60 ms 13 4 79 228 2 60 ms 60 ms 60 ms l4 2T1T6 115 906 1985 110 ms 59 ms 70 ms 15 216 109 120 203 70 ms 66 ms 95 ms 16 216 109 118 74 78 ms 121 ms 69 ms 12 2 Traceroute v1 1 May 2006 Chapter 13 Configuration Scripting This section describes the Configuration Scripting feature Overview Configuration Scripting Allows you to generate text formatted files Provides scripts that can be uploaded and downloaded to the system Provides flexibility to create command configuration scripts May be applied to several switches Can save up to ten scripts or 500
80. ons made to the networking device copy system run Privileged Enter yes when the prompt asks if you want to save the configu ning config EXEC rations made to the networking device nvram startup config reload or cold boot Privileged Enter yes when the prompt asks if you want to reset the system the networking device EXEC You can reset the networking device or cold boot the network ing device Both work effectively Getting Started v1 1 May 2006 Chapter 2 Using the Web Interface This chapter is a brief introduction to the web interface it explains how to access the Web based management panels to configure and manage the system Tip Use the Web interface for configuration instead of the CLI interface Web Q configuration is quicker and easier than entering the multiple required CLI commands There are equivalent functions in the Web interface and the terminal interface that is both applications usually employ the same menus to accomplish a task For example when you log in there is a Main Menu with the same functions available You can manage your switch through a Web browser and Internet connection This is referred to as Web based management To use Web based management the system must be set up for in band connectivity To access the switch the Web browser must support HTML version 4 0 or later e HTTP version 1 1 or later e JavaScript version 1 2 or later There a
81. p ip dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP Netgear Switch Config classofservice trust dotlp cr Press Enter to execute the command Netgear Switch Config classofservice trust dotlp 8 4 Class of Service CoS Queuing v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 3 show classofservice ip precedence mapping Netgear Switch show classofservic IP Precedence Traffic Class 0 1 1 0 2 0 3 1 4 2 5 2 6 3 y 3 ip precedence mapping Example 4 Configure Cos queue Min bandwidth and Strict Priority Scheduler Mode Netgear Switch pw 0 Netgear Switc Incorrect inpu Netgear Switc Netgear Switc queue id h Netgear Switch cr queue id Netgear Switch Config coS queue Config cos queue Use cos queue min Config cos queue Config cos queue Config Config Enter a Que coS queue Enter the minimum bandwidth percentage for Queue 0 min bandwidth min bandwidth 15 bandwidth bw 0 bw 7 min bandwidth 15 25 10 5 5 20 10 10 strict ue Id from 0 to 7 strict Lb Press Enter Enter an ad coS queue to execute the command ditional Queue Id from 0 to 7 Strict Class of Service CoS Queuing vi 8 5 1 May 2006 NETGEAR 7000 Series Managed Switch Administra
82. re several differences between the Web and terminal interfaces For example on the Web interface the entire forwarding database can be displayed while the terminal interface only displays 10 entries starting at specified addresses To terminate the Web login session close the web browser Configuring for Web Access To enable Web access to the switch 1 Configure the switch for in band connectivity The switch Getting Started Guide provides instructions 2 Enable Web mode 2 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide a Atthe CLI prompt enter the show network command b Set Web Mode to Enabled Starting the Web Interface Follow these steps to start the switch Web interface 1 Enter the IP address of the switch in the Web browser address field 2 When the Login panel is displayed click Login 3 Enter the appropriate User Name and Password The User Name and associated Password are the same as those used for the terminal interface Click on the Login button 4 The System Description Menu displays with the navigation tree appearing to the left of the screen 5 Make a selection by clicking on the appropriate item in the navigation tree Web Page Layout A Web interface panel for the switch Web page consists of three areas A banner graphic of the switch appears across the top of the panel The second area a hierarchical tree view appears to the left of the panel
83. ries Managed Switch supports both versions of RIP You may configure a given port e To receive packets in either or both formats e To transmit packets formatted for RIPv1 or RIPv2 or to send RIPv2 packets to the RIPv1 broadcast address e To prevent any RIP packets from being received e To prevent any RIP packets from being transmitted IP Routing Services 5 7 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide CLI Example This example adds support for RIPv2 to the configuration created in the base VLAN routing example A second router using port routing rather than VLAN routing has been added to the network Layer 3 Switch Router port 1 05 192 150 4 1 Port 1 0 22 VLAN Router Port 1 3 1 192 150 3 1 Port 1 0 3 VLAN Router Port 1 3 2 182 150 4 1 Figure 5 3 5 8 IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example of configuring VLAN Routing with RIP support on a 7000 Series Managed Switch gear gear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear 0c 000 000 00000 000 000000000 0 tgear tgear tgear tgear tgear n etgear e e Netgear Netgear Netgear Netgear Netgear Netgear Netgear ble RIP for Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Switc Swit
84. router it partitions the network into logical segments which provides better administration security and management of multicast traffic A VLAN is a set of end stations and the switch ports that connect them You may have many reasons for the logical division such as department or project membership The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN Each VLAN in a network has an associated VLAN ID which appears in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station may omit the tag or the VLAN portion of the tag in which case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID A given port may handle traffic for more than one VLAN but it can only support one default VLAN ID The Private Edge VLAN feature lets you set protection between ports located on the switch This means that a protected port cannot forward traffic to another protected port on the same switch The feature does not provide protection between ports located on different switches 3 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide VLAN Configuration Example The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs port 1 0 2 handles traffic for both VLANs while port 1 0 1 is a member of VLAN 2 only and ports 1 0 3 and
85. running config scr Netgear Switch script apply running config scr Are you sure you want to apply the configuration script y n y The systems has unsaved changes Would you like to save them now y n y Configuration Saved 13 2 Configuration Scripting v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 4 Creating a Configuration Script Netgear Switch show running config running config scr Config script created successfully Netgear Switch script list Configuration Script Name Size Bytes running config scr 3201 1 configuration script s found 1020799 bytes free Example 5 Upload a Configuration Script Netgear Switch copy nvram script running config scr tftp 192 168 77 52 running config scr MO AG i s aon eta Soles xA ES DR TFTP Set TFTP Server IP ewe tees 192 168 77 52 EIP Pat lies os dene ecstacy desi ER eee ahs ETP CEilename aebgele wies running config scr Data Typa o Sene e eea E r IS Config Script Source Filename running config scr Are you sure you want to start y n y File transfer operation completed successfully Configuration Scripting v1 1 May 2006 13 3 NETGEAR 7000 Series Managed Switch Administration Guide 13 4 Configuration Scripting v1 1 May 2006 Chapter 14 Outbound Telnet This section describes the Outbound Telnet feature Overview Outbound T
86. subnet masks for the virtual router ports Netgear Switch Netgear Switch Netgear Switch Config ftinterface vlan 10 Netgear Switch Interface vlan 10 ip address 192 150 3 1 255 255 255 0 Interface vlan 10 exit Config interface vlan 20 Netgear Switch Netgear Switch Netgear Switch Interface vlan 20 ip address 192 150 4 1 255 255 255 0 Interface vlan 20 exit Config exit VLAN Routing RIP Configuration Routing Information Protocol RIP is one of the protocols which may be used by routers to exchange network topology information It is characterized as an interior gateway protocol and is typically used in small to medium sized networks A router running RIP will send the contents of its routing table to each of its adjacent routers every 30 seconds When a route is removed from the routing table it will be flagged as unusable by the receiving routers after 180 seconds and removed from their tables after an additional 120 seconds There are two versions of RIP e RIPv1 defined in RFC 1058 Routes are specified by IP destination network and hop count The routing table is broadcast to all stations on the attached network e RIPv2 defined in RFC 1723 Route specification is extended to include subnet mask and gateway The routing table is sent to a multicast address reducing network traffic Anauthentication method is used for security The 7000 Se
87. t 9 6 Differentiated Services v1 1 May 2006 Chapter 10 IGMP Snooping This section describes the Internet Group Management Protocol IGMP feature IGMPv3 and IGMP Snooping Overview IGMP e Uses Version 3 of IGMP e Includes snooping e Snooping can be enabled per VLAN CLI Examples The following are examples of the commands used in the IGMP Snooping feature Example 1 Enable IGMP Snooping The following example shows how to eanble IGMP snooping Netgear Switch Netgear Switch Netgear Switch Netgear Switch config Config ip igmpsnooping Config ip igmpsnooping interfacemode Config exit 10 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 2 show igmpsnooping Netgear Switch cr lt slot port gt mrouter lt 1 4093 gt BPE Netgear Switch Admin Mode Multicast Control Frame Count Interfaces Enter to xecut show igmpsnooping the command ss show igmpsnooping Enabled for IGMP Snooping Vlans enabled for IGMP snooping Enter interface in slot port format Display IGMP Snooping Multicast Router information Display IGMP Snooping valid VLAN ID information 0 1 0 10 20 Enable Example 3 show mac address table igmpsnooping Netgear Switch show mac address table igmpsnooping lt cr gt Press Enter to execute
88. t h srcip 172 16 40 0 255 255 255 0 classes as instances within this policy This policy uses the assign queue attribute to put each depart ment s traffic on a different Serv inbound policy connects to the CoS queue settings established below tch Config policy map tch Config policy map class tch Config policy class map tch Config policy class map exi tch Config policy map class mar tch Config policy class map tch Config policy class map exi tch Config policy map class tes tch Config policy class map tch Config policy class map exi tch Config policy map class tch Config policy class map tch Config policy class map exi tch Config policy map exit gress queu internet access in finance dept assign queue 1 keting dept assign queue 2 t dept assign queue 3 development dept assign queue 4 This is how the Diff Differentiated Services v1 1 May 2006 9 3 NETGEAR 7000 Series Managed Switch Administration Guide etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear etgear Netgear Netgear Netgear Netgear Attach the defined policy to interfaces 1 0 1 through 1 0 4 in the inbound direction Switch Config interface 1 0 1 Switch Interface 1 0 1 service policy in internet_access Switch Interface 1 0 1 exit Switch Config int
89. t every match criterion defined for the class must be true for a match to occur e Policy Defines the QoS attributes for one or more traffic classes An example of an attribute is the ability to mark a packet at ingress The 7000 Series Managed Switch supports the following policy type Traffic Conditioning Policy this type of policy is associated with an inbound traffic class and specifies the actions to be performed on packets meeting the class rules 9 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Marking the packet with a given DSCP code point IP precedence or CoS Policing packets by dropping or re marking those that exceed the class s assigned data rate Counting the traffic within the class e Service Assigns a policy to an interface for inbound traffic CLI Example This example shows how a network administrator can provide equal access to the Internet or other external network to different departments within a company Each of four departments has its own Class B subnet that is allocated 25 of the available bandwidth on the port accessing the Internet intermet Port 1 0 5 Outbound Layer 3 Swatch VLAN 10 VLAN 20 VLAN 40 Finance i Marketing j m Development j Figure 9 1 9 2 Differentiated Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide The following example configures DiffServ on a 7000 Series Managed Switch
90. t the data rate to 115 200 baud e Set the data format to 8 data bits 1 stop bit and no parity e Set the flow control to none e Select the proper mode under Properties Select Terminal keys 3 The Log in User prompt displays when the terminal interface initializes Enter an approved user name and password The default is admin for the user name and the password is blank The switch is installed and loaded with the default configuration 4 Reduce network traffic by turning off the Network Configuration Protocol Enter the following command configure network protocol none 5 Setthe IP address subnet mask and gateway address by issue the following command 1 2 Getting Started v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide config network parms ipaddress netmask gateway IP Address Unique IP address for the switch Each IP parameter is made up of four decimal numbers ranging from 0 to 255 The default for all IP parameters is zeroes 0 0 0 0 Subnet Subnet mask for the LAN gateway IP address of the default router if the switch is a node outside the IP range of the LAN To enable these changes to be retained during a reset of the switch type Ctrl Z to return to the main prompt type save config at the main menu prompt and type y to confirm the changes To view the changes and verify in band information issue the command show network The switch is configured for in band connectiv
91. t they could forward traffic Although bridges tended to be faster than routers using routers allowed the network to be partitioned into logical subnetworks which restricted multicast traffic and also facilitated the development of security mechanisms An end station specifies the destination station s Layer 3 address in the packet s IP header but sends the packet to the MAC address of a router When the Layer 3 router receives the packet it will minimally e Look up the Layer 3 address in its address table to determine the outbound port e Update the Layer 3 header e Recreate the Layer 2 header The router s IP address is often statically configured in the end station although the 7000 Series Managed Switch supports protocols such as DHCP that allow the address to be assigned dynamically Likewise you may assign some of the entries in the routing tables used by the router statically but protocols such as RIP and OSPF allow the tables to be created and updated dynamically as the network configuration changes 5 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Port Routing Configuration The 7000 Series Managed Switch always supports Layer 2 bridging but Layer 3 routing must be explicitly enabled first for the 7000 Series Managed Switch as a whole and then for each port which is to participate in the routed network The configuration commands used in the example in this section enable IP routing o
92. tch Interface 1 0 3 routing etgear Switch Interface 1 0 3 ip address 192 150 3 1 255 255 255 0 etgear Switch Interface 1 0 3 exit etgear Switch Config exit IP Routing Services 5 17 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Specify Router ID and Enable OSPF for the Switch The following sequence specifies the router ID and enables OSPF for the switch Set disable1583 compatibility to prevent the routing loop Netgear Switch config Netgear Switch Config router ospf Netgear Switch Config router fenable Netgear Switch Config router frouter id 192 150 9 9 Netgear Switch Config router fno 1583compatibility Netgear Switch Config router exit Netgear Switch Config exit Enable and Configure OSPF for the Ports The following sequence enables OSPF and sets the OSPF priority and cost for the ports etgear Switch config etgear Switch Config interface 1 0 2 etgear Switch Interface 1 0 2 ip ospf etgear Switch Interface 1 0 2 ip ospf areaid 0 0 0 2 etgear Switch Interface 1 0 2 ip ospf priority 128 Netgear Switch Interface 1 0 2 ip ospf cost 32 etgear Switch Interface 1 0 2 exit etgear Switch Config interface 1 0 3 etgear Switch Interface 1 0 3 ip ospf etgear Switch Interface 1 0 3 ip ospf areaid 0 0 0 3 etgear Switch Interface 1 0 3 ip ospf priority 255 etgear Switch Interface 1 0 3 ip ospf cost 64
93. the command Netgear Switch show mac address table igmpsnooping Type Description Interfaces 00 01 01 00 5E 00 01 16 Dynamic Network Assist Fwd 1 0 47 00 01 01 00 5E 00 01 18 Dynamic Network Assist Fwd 1 0 47 00 01 01 00 5E 37 96 D0 Dynamic Network Assist Fwd 1 0 47 00 01 01 00 5E 7F FF FA Dynamic Network Assist Fwd 1 0 47 00 01 01 00 5E 7F FF FE Dynamic Network Assist Fwd 1 0 47 10 2 IGMP Snooping v1 1 May 2006 Chapter 11 Port Security This section describes the Port Security feature Overview Port Security Allows for limiting the number of MAC addresses on a given port Packets that have a matching MAC address secure packets are forwarded all other packets unsecure packets are restricted Enabled on a per port basis When locked only packets with allowable MAC address will be forwarded Supports both dynamic and static Implement two traffic filtering methods Dynamic Locking User specifies the maximum number of MAC addresses that can be learned on a port The maximum number of MAC addresses is platform dependent and is given in the software Release Notes After the limit is reached additional MAC addresses are not learned Only frames with an allowable source MAC address are forwarded Static Locking User manually specifies a list of static MAC addresses for a port Dynamically locked addresses can be converted to statically locked addresses These methods can be used concurrent
94. tion Guide Example 5 Set CoS Trust Mode of an Interface Netgear Switch Config classofservice trust dotip Sets the Class of Service Trust Mode of an Interface to 802 1p ip dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP Netgear Switch Config classofservice trust dotlp cr Press Enter to execute the command Netgear Switch Config classofservice trust dotlp Note The Traffic Class value range is 0 6 instead of 0 7 because queue 7 is gt reserved in a stacking build for stack control and is therefore not configurable by the user Traffic Shaping This section describes the Traffic Shaping feature Traffic shaping controls the amount and volume of traffic transmitted through a network This has the effect of smoothing temporary traffic bursts over time CLI Example Use the traffic shape command to enable traffic shaping by specifying the maximum transmission bandwidth limit for all interfaces Global Config or for a single interface Interface Config The lt bw gt value is a percentage that ranges from 0 to 100 in increments of 5 The default bandwidth value is 0 meaning no upper limit is enforced which allows the interface to transmit up to its maximum line rate The bw value is independent of any per queue maximum bandwidth value s in effect for the interface and should be considered as a second level transmission rate control mechanism
95. to the network also more than one port on a 7000 Series Managed Switch may be configured as a virtual router Either a physical port or a routed VLAN may participate 6 1 v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide CLI Examples This example shows how to configure the 7000 Series Managed Switch to support VRRP Router 1 will be the default master router for the virtual route and Router 2 will be the backup router Layer 3 Switch Layer 3 Switch acting as Router 1 acting as Router 2 TRU LLLI ea Ba Fa ee nee na eeeeee eet LLLI Port 1 02 Port 1 0 4 VLAN 192 150 2 1 192 150 4 1 Virtual Router ID 20 Virtual Router ID 20 Virtual Addr 152 1502 1 Virtual Addr 152 1502 Hosts Figure 6 1 6 2 Virtual Router Redundancy Protocol v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the master router Enable routing for the switch IP forwarding will then be enabled by default Netgear Switch config Netgear Switch Config ip routing Configure the IP addresses and subnet masks for the port that will particpate in the protocol tgear Switch Config finterface 1 0 2 tgear Switch Interface 1 0 2 routing tgear Switch Interface 1 0 2 ip address 192 150 2 1 255 255 255 0 tgear Switch Interface 1 0 2 fexit ooo ao Enable VRRP for t
96. uccessfully 1 4 Getting Started v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide e The console connection was established and the console prompt appears on the screen of a VT100 terminal or terminal equivalent The initial switch configuration is performed through the console port After the initial configuration you can manage the switch either from the already connected console port or remotely through an interface defined during the initial configuration The switch is not configured with a default user name and password All of the settings below are necessary to allow the remote management of the switch through Telnet Telnet client or HTTP Web browser Before setting up the initial configuration of the switch obtain the following information from your network administrator e The IP address to be assigned to the management interface through which the switch is managed The IP subnet mask for the network e The IP address of the default gateway Initial Configuration Procedure You can perform the initial configuration using the Easy Setup Wizard or by using the Command Line Interface CLI The Setup Wizard automatically starts when the switch configuration file is empty You can exit the wizard at any point by entering ctrl z For more information on CLI initial configuration see the User s Configuration Guide This guide shows how to use the Setup Wizard for initial switch configurat
97. uto Down Enable Enabl 1 0 7 Mirror Enable Auto Down Enable Enabl 1 0 8 Probe Enable Auto Down Enable Enabl 1 0 10 Enable Auto Down Enable Enabl 0000 00000 Example 3 show port interface Use this command for a specific port The output shows whether the port is the mirror or the probe 15 2 v1 1 May 2006 Port Mirroring NETGEAR 7000 Series Managed Switch Administration Guide port and what is enabled or disabled on the port Netgear Switch Routing show port 0 7 Admin Physical Physical Link Link LACP Intf Type ode Mode Status Status Trap ode 1 0 7 Mirror Enable Auto Down Enable Enable Netgear Switch Routing show port 0 8 Admin Physical Physical Link Link LACP Intf Type ode Mode Status Status Trap ode 1 0 8 Probe Enable Auto Down Enable Enable Example 4 Config monitor session 1 mode To set up port mirroring specify the monitor session then the mode Netgear Switch Routing Config monitor session Configure port mirroring Netgear Switch Routing Config monitor session 1 1 Session number Netgear Switch Routing Config monitor session 1 destination Configure the probe interfac mode Enable Disable port mirroring session source Configure the source interfac Netgear Switch Routing Config monitor session 1 mode lt cr gt Press Enter to execute the command Netgear Switch Routing Config monitor s
98. witch Routing show telnet Outbound Telnet Login Timeout minutes 5 Maximum Number of Outbound Telnet Sessions 5 Allow New Outbound Telnet Sessions Yes 14 2 Outbound Telnet v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example 3 transport output telnet Netgear cr Netgear Netgear input output Netgear telnet Netgear S QE Netgear Netgear Switch Routing Switch Routing Switch Routing Switch Routing Switch Routing Switch Routing Switch Routing Config lineconfig Press Enter to execute the command Config lineconfig Line transport Displays the protocols to use to connect to a specific line of the router Displays the protocols to use for outgoing connections from a line Line transport output Allow or disallow new telnet sessions Line transport output telnet Press Enter to execute the command Line transport output telnet Line Example 4 session limit and session timeout etgear lt 0 5 gt allowed etgear etgear lt 1 160 gt Netgear Switch Routing Configure the maximum number of outbound telnet sessions Switch Routing Switch Routing Switch Routing Line session limit Line session limit 5 Line Session timeout Enter time in minutes Line session
99. xists is as follows Intra area Inter area External type 1 the route is external to the AS External Type 2 the route was learned from other protocols such as RIP CLI Example This example adds support for OSPF to the configuration created in the base VLAN routing example The script shows the commands you would use to configure the 7000 Series Managed Switch as an inter area router Refer to Figure 5 2 5 10 IP Routing Services v1 1 May 2006 NETGEAR 7000 Series Managed Switch Administration Guide Example of configuring OSPF on a 7000 Series Managed Switch acting as an inter area router tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear tgear 0o 00000000 0000 0000 0000 00 0 e etgear etgear etgear etgear Ex S 00000000 ys tgear tgear tgear tgear tgear tgear tgear tgear Swit Swi Swi Swit Swi Swi Swi Swit Swi Swi Swit Swi Swi Swi Swit Swi Swi Swit Swit Swi Swi Swit Swi Swi Specify the Swi Swi Swi Swi ble OSPF Swi Swi Swi Swi Swi Swi Swi Swi CC CC CC CC CC CC CC CC DJ OO OD OD O0 VV VP 00 0 DJ000ol0oooogoi3ngois3ngisso s h h h h for the VLAN and physical router ports DJ ODIO 2000 o oo uter ID and enable OSPF for the switch vlan data vlan 10 vlan
Download Pdf Manuals
Related Search