NETGEAR ProSafe 7000 Software Administration Manual Download | Manualshive

Page: 131 / 562

background image

9-1

v1.0, June 2010

Chapter

9

Access Control Lists (ACLs)

This chapter describes the Access Control Lists (ACLs) feature. The following examples are provided:

•

“Set up an IP ACL with Two Rules” on page

9-3

•

“Configure a One-Way Access Using a TCP Flag in an ACL” on page

9-8

•

“Configure Isolated VLANs on a Layer 3 Switch by Using ACLs” on page

9-26

•

“Set up a MAC ACL with Two Rules” on page

9-39

•

“ACL Mirroring” on page

9-43

•

“ACL Redirect” on page

9-49

•

“Configure IPv6 ACLs” on page

9-55

Access Control Lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a firewall
router or in a router connecting two internal networks. When you configure ACLs, you can selectively admit
or reject inbound traffic, thereby controlling access to your network or to specific resources on your
network.

You can set up ACLs to control traffic at Layer 2, or Layer3. MAC ACLs are used for Layer 2. IP ACLs are
used for Layers 3. Each ACL contains a set of rules that apply to inbound traffic. Each rule specifies whether
the contents of a given field should be used to permit or deny access to the network, and may apply to one or
more of the fields within a packet.

The following limitations apply to ACLs. These limitations are platform dependent.

•

Maximum of 100 ACLs

•

Maximum rules per ACL is 8-10

•

Stacking systems do not support redirection

The system does not support MAC ACLs and IP ACLs on the same interface.

The system supports ACLs set up for inbound traffic only.

MAC ACLs

MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet
(limited by platform):

•

Source MAC address with mask

•

Destination MAC address with mask

•

VLAN ID (or range of IDs)

•

Class of Service (CoS) (802.1p)

«
...
129
130
131
132
133
...
»

Summary of Contents for ProSafe 7000

Page 1: ...202 10515 03 June 2010 v1 0 NETGEAR Inc 350 East Plumeria Drive San Jose CA 95134 ProSafe 7000 Managed Switch Software Administration Manual Release 8 0 3...

Page 2: ...e products described in this document without notice NETGEAR does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein Netgear s...

Page 3: ...Aggregation Create Two LAGs 2 2 Add the Ports to the LAGs 2 3 Enable Both LAGs 2 5 Chapter 3 Port Routing Port Routing Configuration 3 1 Enable Routing for the Switch 3 2 Enable Routing for Ports on t...

Page 4: ...8 4 Chapter 9 Access Control Lists ACLs MAC ACLs 9 1 Configuring IP ACLs 9 2 Set up an IP ACL with Two Rules 9 3 Configure a One Way Access Using a TCP Flag in an ACL 9 8 Configure Isolated VLANs on...

Page 5: ...ng VLAN 12 5 IGMP Querier 12 7 Enable IGMP Querier 12 7 Show IGMP Querier Status 12 10 Chapter 13 Security Management Port Security 13 1 Protected Ports 13 6 802 1x Port Security 13 13 Create a Guest...

Page 6: ...ck Configuration Files 17 7 Switch Stack Management Connectivity 17 7 Switch Stack Configuration Scenarios 17 8 Stacking Recommendations 17 9 Renumber Stack Members 17 11 Moving a Master to a Differen...

Page 7: ...802 1s 23 4 Chapter 24 Tunnel Chapter 25 IPv6 Interface Configuration Creating an IPv6 Routing Interface 25 1 Create an IPv6 Network Interface 25 4 Create an IPv6 Routing VLAN 25 6 Chapter 26 PIM PIM...

Page 8: ...oftware Administration Manual Release 8 0 3 x v1 0 June 2010 Block a Captive Portal Instance 31 5 Local Authorization User Group Configuration 31 6 Remote Authorization RADIUS User Configuration 31 8...

Page 9: ...for your switch Hardware Installation Guide Software Setup Guide NETGEAR CLI Reference for the Prosafe 7X00 Series Managed Switch Refer to the Command Line Reference for information for the command st...

Page 10: ...he only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN Each VLAN in a network has an associated VLAN ID which appears in the IEEE 802 1...

Page 11: ...ing examples show how to create VLANs assign ports to the VLANs and assign a VLAN as the default VLAN to a port Create Two VLANs The example is shown as CLI commands and as a Web interface procedure C...

Page 12: ...g displays Figure 1 2 b Enter the following information in the VLAN Configuration In the VLAN ID field enter 2 In the VLAN Name field enter VLAN2 Select Static in the VLAN Type field c Click Add 2 Cre...

Page 13: ...ear Switch Config interface range 1 0 1 1 0 2 Netgear Switch conf if range 1 0 1 1 0 2 vlan participation include 2 Netgear Switch conf if range 1 0 1 1 0 2 vlan acceptframe vlanonly Netgear Switch co...

Page 14: ...o the following displays Figure 1 5 b Under PVID Configuration scroll down to interface 1 0 1 and select the checkbox for 1 0 1 Then scroll down to the interface 1 0 2 and select the checkbox for 1 0...

Page 15: ...Netgear Switch Interface 1 0 4 exit Netgear Switch Config exit Web Interface Assigning Ports to VLAN3 To use the Web interface to configure the managed switch proceed as follows 1 Assign ports to VLAN...

Page 16: ...mit All in the Acceptable Frame Type polyhedron field d Click Apply to save the settings Assign VLAN3 as the Default VLAN for Port 1 0 2 This example shows how to assign VLAN 3 as the default VLAN for...

Page 17: ...imilar to the following displays Figure 1 8 b Under PVID Configuration scroll down to interface 1 0 2 and select the checkbox for that interface Now 1 0 2 appears in the Interface field at the top c U...

Page 18: ...be set to zero The assigned VLAN ID is verified against the VLAN table if the VLAN is valid ingress processing on the packet continues otherwise the packet is dropped This implies that the user is all...

Page 19: ...3 a From the main menu select Switching VLAN Basic VLAN configuration A screen similar to the following displays Figure 1 10 b Enter the following information in the VLAN Configuration In the VLAN ID...

Page 20: ...select Switching VLAN Advanced Port PVID Configuration A screen similar to the following displays Figure 1 12 b Under PVID Configuration scroll down to interface 1 0 23 and select the checkbox for 1...

Page 21: ...ased VLAN Create a vlan protocol group vlan_ipx based on IPX protocol Netgear Switch config Netgear Switch Config vlan protocol group vlan_ipx Netgear Switch Config vlan protocol group add protocol 1...

Page 22: ...Interface 1 0 11 exit Web Interface Creating a Protocol based VLAN To use the Web interface to configure the managed switch proceed as follows 1 Create protocol based VLAN group vlan_ipx a From the m...

Page 23: ...roup Configuration In the Group Name field enter vlan_Ip In the Protocol field select IP and ARP while holding down the Ctrl key In the VLAN field enter 5 c Click Add 3 Add the port 11 to the group vl...

Page 24: ...d VLAN In an IP subnet based VLAN all the end workstations in an IP subnet are classified to the same VLAN In this VLAN users can move their workstations without reconfiguring their network addresses...

Page 25: ...1 Figure 1 18 CLI Creating an IP Subnet Based VLAN Netgear Switch vlan database Netgear Switch Vlan vlan 2000 Netgear Switch Vlan vlan association subnet 10 100 0 0 255 255 0 0 2000 Netgear Switch Vl...

Page 26: ...to configure the IP subnet based VLAN proceed as follows 1 Create VLAN 2000 a From the main menu select Switching VLAN Basic VLAN configuration A screen similar to the following displays Figure 1 19 b...

Page 27: ...Unit 1 The Ports display d Click the gray box before the Unit 1 until U displays e Click Apply 3 Associate the IP subnet with VLAN 2000 a From the main menu select Switching VLAN Advanced IP Subnet B...

Page 28: ...of an IP phone could be safeguarded from deteriorating when the data traffic on the port is high Also the inherent isolation provided by VLANs ensures that inter VLAN traffic is under management cont...

Page 29: ...e 10 Netgear Switch conf if range 1 0 1 1 0 2 vlan tagging 10 Netgear Switch conf if range 1 0 1 1 0 2 exit Configure Voice VLAN globally Netgear Switch Config voice vlan Configure Voice VLAN Mode in...

Page 30: ...Switch Config policy classmap exit Assign it to the interfaces 1 0 1 and 1 0 2 Netgear Switch Config interface range 1 0 1 1 0 2 Netgear Switch conf if range 1 0 1 1 0 2 service policy in PolicyVoiceV...

Page 31: ...d At the end of this configuration a screen similar to the following displays Figure 1 24 2 Include the ports 1 0 1 and 1 0 2 in the VLAN 10 a From the main menu select Switching VLAN Advanced VLAN Me...

Page 32: ...10 c Select Port 1 and Port 2 as Tagged A screen similar to the following displays Figure 1 26 d Click Apply 3 Configure Voice VLAN globally a From the main menu select Switching VLAN Advanced Voice V...

Page 33: ...g displays Figure 1 28 4 Configure Voice VLAN Mode in the interface 1 0 2 a From the main menu select Switching VLAN Advanced Voice VLAN Configuration b Select the checkbox for 1 0 2 c Set the Interfa...

Page 34: ...lowing displays Figure 1 30 b Enter Class Name as ClassVoiceVLAN c Select Class Type as All A screen similar to the following displays Figure 1 31 d Click Add A screen similar to the one in Figure 1 3...

Page 35: ...class ClassVoiceVLAN A screen similar to the following displays Figure 1 33 c In the DiffServ Class Configuration table select VLAN d Enter VLAN ID as 10 A screen similar to the following displays Fig...

Page 36: ...figuration A screen similar to the following displays Figure 1 36 b Enter Policy Name as PolicyVoiceVLAN c Select Policy Type as In d Select Member Class as ClassVoiceVLAN A screen similar to the foll...

Page 37: ...al Release 8 0 3 1 28 Virtual LANs v1 0 June 2010 a From the main menu select QoS Advanced Policy Configuration A screen similar to the following displays Figure 1 38 b Click the Policy PolicyVoiceVLA...

Page 38: ...Assign Queue as 3 A screen similar to the following displays Figure 1 40 d Click Apply 9 Assign it to the interfaces 1 0 1 and 1 0 2 a From the main menu select QoS Advanced Service Interface Configur...

Page 39: ...e Administration Manual Release 8 0 3 1 30 Virtual LANs v1 0 June 2010 c Select Policy Name as PolicyVoiceVLAN A screen similar to the following displays Figure 1 42 d Click Apply A screen similar to...

Page 40: ...a higher bandwidth connection to a public network Management functions treat a LAG as if it were a single physical port You can include a LAG in a VLAN You can configure more than one LAG for a given...

Page 41: ...LAGs Netgear Switch config Netgear Switch Config port channel lag_10 Netgear Switch Config port channel lag_20 Netgear Switch Config exit Use the show port channel all command to show the logical inte...

Page 42: ...om the main menu select Switching LAG LAG Configuration A screen similar to the following displays Figure 2 2 b In the Lag Name field enter lag_10 c Click the Add 2 Create LAG lag_20 a From the main m...

Page 43: ...ce 0 8 Netgear Switch Interface 0 8 addport 1 2 Netgear Switch Interface 0 8 exit Netgear Switch Config interface 0 9 Netgear Switch Interface 0 9 addport 1 2 Netgear Switch Interface 0 9 exit Netgear...

Page 44: ...Configuration enter the following information Select Lag 2 in the LAG ID field c Click the Unit 1 The Ports display d Click on the gray box under port 8 and 9 Two flags appear in the box e Click Apply...

Page 45: ...o use the Web interface to configure the switch proceed as follows a From the main menu select Switching LAG LAG Configuration A screen similar to the following displays Figure 2 6 b Select the checkb...

Page 46: ...packet to the MAC address of a router When the Layer 3 router receives the packet it will minimally Look up the Layer 3 address in its address table to determine the outbound port Update the Layer 3...

Page 47: ...outing protocols You may then activate RIP or OSPF used by routers to exchange route information on top of IP Routing RIP is more often used in smaller networks while OSPF was designed for larger and...

Page 48: ...e to configure the managed switch proceed as follows 1 From the main menu select Routing Basic IP Configuration A screen similar to the following displays Figure 3 2 2 Next to the Routing Mode select...

Page 49: ...itch Config interface 1 0 5 Netgear Switch Interface 1 0 5 routing Netgear Switch Interface 1 0 5 ip address 192 150 5 1 255 255 255 0 Netgear Switch Interface 1 0 5 exit Netgear Switch Config exit We...

Page 50: ...ct Routing Advanced IP Interface Configuration A screen similar to the following displays Figure 3 4 b Under IP Interface Configuration scroll down to interface 1 0 3 and select the checkbox for that...

Page 51: ...192 150 5 1 In the Subnet Mask enter 255 255 255 0 Select Enable in the Routing Mode field d Click Apply to save the settings Adding a Default Route When IP routing takes place on a switch a route ta...

Page 52: ...n the next chapter See Web Interface Add a Default Route 1 Go to Routing Routing Table Route Configuration The Route Configuration page displays Figure 3 6 1 From the Route Type drop down menu select...

Page 53: ...routing table CLI Command Procedure The following commands assume the switch has already defined a routing interface with network address of 10 10 10 0 and configured that all packets destined for ne...

Page 54: ...0 100 100 1 The last number should always be zero 4 Enter Subnet Mask that matches the subnet range desired 5 The Preference field is optional A value of one will be chosen if nothing is entered 6 Cli...

Page 55: ...N plus the internal bridge router interface if it was received on a routed VLAN Since a port can be configured to belong to more than one VLAN VLAN routing might be enabled for all of the VLANs on the...

Page 56: ...tch Layer 2 Switch VLAN 10 VLAN 20 Port 1 0 1 Figure 4 1 CLI Creating Two VLANs The following code sequence shows an example of creating two VLANs with egress frame tagging enabled Netgear Switch vlan...

Page 57: ...te VLAN 10 VLAN20 a From the main menu select Switching VLAN Advanced VLAN configuration A screen similar to the following displays Figure 4 2 b In the VLAN ID field enter 10 c In the VLAN Name field...

Page 58: ...he main menu select Switching VLAN Advanced VLAN Membership A screen similar to the following displays Figure 4 4 b Select 10 in the VLAN ID field c Click the Unit 1 The Ports display d Click the gray...

Page 59: ...rt j Click Apply 3 Assign PVID to the VLAN10 and VLAN20 a From the main menu select Switching VLAN Advanced Port PVID Configuraton A screen similar to the following displays Figure 4 6 b Under PVID Co...

Page 60: ...4093 field enter 20 i Click Apply to save the settings Set Up VLAN Routing for the VLANs and the Switch The example is shown as CLI commands and as a Web interface procedure CLI Setting Up VLAN Routi...

Page 61: ...gear Switch Config interface vlan 20 Netgear Switch Interface vlan 20 ip address 192 150 4 1 255 255 255 0 Netgear Switch Interface vlan 20 exit Netgear Switch Config exit Web Interface Setting Up VLA...

Page 62: ...ting VLAN VLAN Routing VLAN Routing Configuration A screen similar to the following displays Figure 4 9 5 Under the VLAN Routing Configuration enter the following information Select 10 in the VLAN ID...

Page 63: ...m the routing table it will be flagged as unusable by the receiving routers after 180 seconds and removed from their tables after an additional 120 seconds There are two versions of RIP RIPv1 defined...

Page 64: ...192 130 3 1 Port 1 0 5 192 64 4 1 Port 1 0 2 192 150 2 2 Layer 3 Switch acting as a router Figure 5 1 Enable Routing for the Switch The example is shown as CLI commands and as a Web interface procedu...

Page 65: ...nable routing and assigns IP addresses for ports 1 0 2 and 1 0 3 Netgear Switch config Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 routing Netgear Switch Interface 1 0 2 ip ad...

Page 66: ...Under IP Interface Configuration scroll down to interface 1 0 2 and select the checkbox for that interface Now 1 0 2 appears in the Interface field at the top c Under the IP Interface Configuration en...

Page 67: ...face Configuration scroll down to interface 1 0 3 and select the checkbox for that interface Now 1 0 3 appears in the Interface field at the top c Under the IP Interface Configuration enter the follow...

Page 68: ...e the Web interface to configure the managed switch proceed as follows 1 From the main menu select Routing RIP Basic RIP Configuration A screen similar to the following displays Figure 5 5 2 Next to t...

Page 69: ...rface 1 0 3 Netgear Switch Interface 1 0 3 ip rip Netgear Switch Interface 1 0 3 ip rip receive version both Netgear Switch Interface 1 0 3 ip rip send version rip2 Netgear Switch Interface 1 0 3 exit...

Page 70: ...nformation Protocol RIP is one of the protocols which may be used by routers to exchange network topology information It is characterized as an interior gateway protocol and is typically used in small...

Page 71: ...to Receive packets in either or both formats Transmit packets formatted for RIPv1 or RIPv2 or send RIPv2 packets to the RIPv1 broadcast address Prevent any RIP packets from being received Prevent any...

Page 72: ...tgear Switch Interface 1 0 2 exit Netgear Switch Config interface 1 0 3 Netgear Switch Interface 1 0 3 vlan participation include 20 Netgear Switch Interface 1 0 3 vlan pvid 20 Netgear Switch Interfac...

Page 73: ...e VLAN Routing RIP Configuration To use the Web interface to configure RIP on the switch proceed as follows 1 Configure a VLAN and include ports 1 0 2 in the VLAN a From the main menu select Routing V...

Page 74: ...he Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display Click the gray box under port 3 once until T displays The T specifies that the egress packet is tagged for the port d Click A...

Page 75: ...0 a From the main menu select Routing RIP Advanced RIP Configuration A screen similar to the following displays Figure 5 12 b Under the Interface Configuration enter the following information Select 0...

Page 76: ...ierarchical management allowing the network to be subdivided The top level of the hierarchy of an OSPF network is known as an autonomous system AS or routing domain and is a collection of networks wit...

Page 77: ...network segment with an inter area router connecting areas 0 0 0 2 and 0 0 0 3 The example script shows the commands used to configure a 7000 Series Managed Switch as the inter area router in the diag...

Page 78: ...ter enable Netgear Switch Config router router id 192 150 9 9 Netgear Switch Config router no 1583compatibility Netgear Switch Config router exit Netgear Switch Config exit Step 4 Enable OSPF and set...

Page 79: ...sign IP address 192 150 2 1 to the port 1 0 2 a From the main menu select Routing IP Advanced IP Interface Configuration A screen similar to the following displays Figure 6 3 b Under IP Interface Conf...

Page 80: ...he following displays Figure 6 4 b Under IP Interface Configuration scroll down to interface 1 0 3 and select the checkbox for that interface Now 1 0 3 appears in the Interface field at the top c Ente...

Page 81: ...d OSPF Configuration A screen similar to the following displays Figure 6 5 b Under the OSPF Configuration enter the following information In the Router ID enter 192 150 9 9 Select Enable in the OSPF A...

Page 82: ...oll down to interface 1 0 2 and select the checkbox for that interface Now 1 0 2 appears in the Interface field at the top In the OSPF Area ID field enter 0 0 0 2 Select the Enable in the OSPF Admin M...

Page 83: ...the OSPF Area ID field enter 0 0 0 3 Select the Enable in the OSPF Admin Mode field In the Priority field enter 255 In the Metric Cost field enter 64 c Click Apply to save the settings Configure OSPF...

Page 84: ...for the switch Set disable 1583compatibility to prevent a routing loop Netgear Switch Config router ospf Netgear Switch Config router enable Netgear Switch Config router router id 192 130 1 1 Netgear...

Page 85: ...8 0 3 6 10 OSPF v1 0 June 2010 Web Interface Configuring OSPF on a Border Router To use the Web interface to configure OSPF on the switch proceed as follows 1 Enable IP routing on the switch a From th...

Page 86: ...ace Configuration In the IP Address field enter 192 150 2 2 In the Network Mask field enter 255 255 255 0 Select Enable in the Admin Mode field d Click Apply to save the settings 3 Assign IP address 1...

Page 87: ...rface Configuration A screen similar to the following displays Figure 6 11 b Under IP Interface Configuration scroll down to interface 1 0 4 and select the checkbox for that interface Now 1 0 4 appear...

Page 88: ...llowing information In the Router ID enter 192 130 1 1 Select the Enable in the OSPF Admin Mode field Select the Disable in the RFC 1583 Compatibility field c Click Apply to save the settings 6 Enable...

Page 89: ...le OSPF on the port 1 0 3 a From the main menu select Routing OSPF Advanced Interface Configuration A screen similar to the following displays Figure 6 14 b Under Interface Configuration scroll down t...

Page 90: ...appears in the Interface field at the top In the OSPF Area ID field enter 0 0 0 2 Select the Enable in the OSPF Admin Mode field In the Priority field enter 255 In the Metric Cost field enter 64 c Cli...

Page 91: ...0 1 Netgear Switch Config router no area 0 0 0 1 stub summarylsa Netgear Switch Config router exit Enable OSPF area 0 on the 2 0 11 Netgear Switch Config interface 2 0 11 Netgear Switch Interface 2 0...

Page 92: ...168 20 0 255 255 255 0 Local 2 0 19 192 168 20 1 ProSafe 7000 Managed Switch Software Administration Manual Release 8 0 3 OSPF 6 17 v1 0 June 2010 Web Interface Configuring Area 1 as a Stub Area on A...

Page 93: ...field enter 192 168 10 1 In the Network Mask field enter 255 255 255 0 Select Enable in the Admin Mode field d Click Apply to save the settings 3 Assign IP address 192 168 20 1 to the port 2 0 19 a F...

Page 94: ...pecify the Router ID and Enable OSPF for the switch a From the main menu select Routing OSPF Basic OSPF Configuration A screen similar to the following displays Figure 6 20 b Under the OSPF Configurat...

Page 95: ...ort 2 0 19 a From the main menu select Routing OSPF Advanced Interface Configuration A screen similar to the following displays Figure 6 22 b Under Interface Configuration scroll down to interface 2 0...

Page 96: ...ure the area 0 0 0 1 as a stub area Netgear Switch Config router area 0 0 0 1 stub Enable OSPF area 0 0 0 1 on the 1 0 15 Netgear Switch Config router exit Netgear Switch Config router exit Netgear Sw...

Page 97: ...he Routing Mode select the Enable radio button c Click Apply to save the settings 2 Assign IP address 192 168 10 1 to the port 1 0 15 a From the main menu select Routing IP Advanced IP Interface Confi...

Page 98: ...6 26 b Under the OSPF Configuration enter the following information In the Router ID enter 2 2 2 2 c Click Apply to save the settings 4 Enable OSPF on the port 1 0 15 a From the main menu select Routi...

Page 99: ...dvanced Stub Area Configuration A screen similar to the following displays Figure 6 28 b Enter the following information in the Sub Area Configuration In the Area ID field enter 0 0 0 1 c Click Add to...

Page 100: ...ing summary LSA to the area 0 0 0 1 Netgear Switch Config router area 0 0 0 1 nssa no summary Enable area 0 0 0 1 on the 2 0 19 Netgear Switch Config router exit Netgear Switch Config interface 2 0 11...

Page 101: ...192 168 20 2 192 168 42 0 255 255 255 0 OSPF NSSA T2 2 0 19 192 168 20 2 ProSafe 7000 Managed Switch Software Administration Manual Release 8 0 3 6 26 OSPF v1 0 June 2010 Web Interface Configuring Ar...

Page 102: ...field enter 192 168 10 1 In the Network Mask field enter 255 255 255 0 Select Enable in the Admin Mode field d Click Apply to save the settings 3 Assign IP address 192 168 20 1 to the port 2 0 19 a F...

Page 103: ...fy the Router ID and Enable OSPF for the switch a From the main menu select Routing OSPF Basic OSPF Configuration A screen similar to the following displays Figure 6 33 b Under the OSPF Configuration...

Page 104: ...port 2 0 19 a From the main menu select Routing OSPF Advanced Interface Configuration A screen similar to the following displays Figure 6 35 b Under Interface Configuration scroll down to interface 2...

Page 105: ...1 as a nssa area Netgear Switch Config router area 0 0 0 1 nssa Redistribute the rip routes into the OSPF Netgear Switch Config router redistribute rip Netgear Switch Config router redistribute rip su...

Page 106: ...255 0 RIP 1 0 11 192 168 30 2 ProSafe 7000 Managed Switch Software Administration Manual Release 8 0 3 OSPF 6 31 v1 0 June 2010 Web Interface Configuring Area 1 as a nssa Area on A2 To use the Web int...

Page 107: ...e Configuration In the IP Address field enter 192 168 30 1 In the Network Mask field enter 255 255 255 0 Select Enable in the Routing Mode field d Click Apply to save the settings 3 Assign IP address...

Page 108: ...main menu select Routing OSPF Basic OSPF Configuration A screen similar to the following displays Figure 6 40 b Under the OSPF Configuration enter the following information In the Router ID enter 2 2...

Page 109: ...to interface 1 0 15 and select the checkbox for that interface Now 1 0 15 appears in the Interface field at the top In the OSPF Area ID field enter 0 0 0 1 Select the Enable in the OSPF Admin Mode fie...

Page 110: ...icast not a broadcast address Hierarchical management allowing the network to be subdivided The top level of the hierarchy of an OSPF network is known as an autonomous system AS or routing domain and...

Page 111: ...tagging all 20 Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 vlan participation include 10 Netgear Switch Interface 1 0 2 vlan pvid 10 Netgear Switch Interface 1 0 2 exit Netge...

Page 112: ...cost for the VLAN and physical router ports Netgear Switch Config interface vlan 10 Netgear Switch Interface vlan 10 ip ospf priority 128 Netgear Switch Interface vlan 10 ip ospf cost 32 Netgear Switc...

Page 113: ...figure a VLAN and include ports 1 0 3 in the VLAN a From the main menu select Routing VLAN VLAN Routing Wizard A screen similar to the following displays Figure 6 46 b Enter the following information...

Page 114: ...anced Interface Configuration A screen similar to the following displays Figure 6 48 b Under the Interface Configuration click the VLANS to show all the VLAN interfaces c Under IP Interface Configurat...

Page 115: ...ld enter 0 0 0 3 Select the Enable in the OSPF Admin Mode field In the Priority field enter 255 In the Metric Cost field enter 64 d Click Apply to save the settings OSPFv3 Open Shortest Path First OSP...

Page 116: ...iguring OSPFv3 On A1 enable IPv6 unitcast routing on the switch Netgear Switch Config ipv6 unicast routing Enable OSPFv3 and assign 1 1 1 1 to router ID Netgear Switch Config ipv6 router ospf Netgear...

Page 117: ...ig rtr enable Netgear Switch Config rtr router id 2 2 2 2 Netgear Switch Config rtr exit Enable routing mode on the interface 1 0 13 and assign 2000 2 to IPv6 address Netgear Switch Config interface 1...

Page 118: ...elect the Enable radio button c Click Apply to save the settings 2 Specify the Router ID and Enable OSPFv3 for the switch a From the main menu select Routing OSPFv3 Basic OSPFv3 Configuration A screen...

Page 119: ...he checkbox for that interface Now 1 0 1 appears in the Interface field at the top c Enter the following information in the IP Interface Configuration Select Enable in the IPv6 Mode field Select Enabl...

Page 120: ...settings 5 Enable OSPFv3 on the port 1 0 1 a From the main menu select Routing OSPFv3 Advanced Interface Configuration A screen similar to the following displays Figure 6 55 b Under IP Interface Confi...

Page 121: ...e 6 56 ProSafe 7000 Managed Switch Software Administration Manual Release 8 0 3 6 46 OSPF v1 0 June 2010 To use the Web interface to configure OSPF on the switch A2 refer to the configuration of switc...

Page 122: ...l only respond to an ARP request if the target IP address is an address configured on the interface where the ARP request arrived Proxy ARP Examples The following are examples of the commands used in...

Page 123: ...ring Proxy ARP on a Port To use the Web interface to configure proxy ARP on a port proceed as follows 1 Configure proxy ARP a From the main menu select Routing IP Advanced IP Interface Configuration A...

Page 124: ...ssociated with static default routes by enabling a backup router to take over from a master router without affecting the end stations using the route The end stations will use a virtual IP address tha...

Page 125: ...r the port that will participate in the protocol Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 routing Netgear Switch Interface 1 0 2 ip address 192 150 2 1 255 255 0 0 Netgear...

Page 126: ...To use the Web interface to configure VRRP on a master router on the switch proceed as follows 1 Enable IP routing on the switch a From the main menu select Routing IP IP Configuration A screen simila...

Page 127: ...ct Enable in the Routing Mode field d Click Apply to save the settings 3 Enable VRRP on the 1 0 2 a From the main menu select Routing VRRP Advanced VRRP Configuration A screen similar to the following...

Page 128: ...ess 192 150 4 1 255 255 0 0 Netgear Switch Interface 1 0 4 exit Enable VRRP for the switch Netgear Switch Config ip vrrp Assign virtual router IDs to the port that will particpate in the protocol Netg...

Page 129: ...to the following displays Figure 8 5 b Next to the Routing Mode select the Enable radio button c Click Apply to save the settings 2 Assign IP address 192 150 4 1 to the port 1 0 4 a From the main menu...

Page 130: ...he main menu select Routing VRRP Basic VRRP Configuration A screen similar to the following displays Figure 8 7 b Under Global Configuration next to the Admin Mode select Enable radio button c Enter t...

Page 131: ...or to specific resources on your network You can set up ACLs to control traffic at Layer 2 or Layer3 MAC ACLs are used for Layer 2 IP ACLs are used for Layers 3 Each ACL contains a set of rules that...

Page 132: ...up to ten rules applied to inbound traffic Each rule specifies whether the contents of a given field should be used to permit or deny access to the network and may apply to one or more of the followi...

Page 133: ...4 192 168 77 9 192 168 77 2 Layer 2 Switch Layer 3 Switch Port 1 0 2 ACL 1 TCP packet to 192 178 88 3 rejected Dest IP not in range TCP packet to 192 178 77 3 accepted Dest IP in range Figure 9 1 CLI...

Page 134: ...tch Config interface 1 0 2 Netgear Switch Interface 1 0 2 ip access group 101 in Netgear Switch Interface 1 0 2 exit Netgear Switch Config exit Web Interface Setting up an IP ACL with Two Rules To use...

Page 135: ...ACL ID select 101 c Click Add to create a new rule 3 Create a new ACL rule and add it to the ACL 101 a After you click the Add button on the step 2 A screen similar to the following displays Figure 9...

Page 136: ...you click the Add button on the step 3 A screen similar to the following displays Figure 9 5 b Enter the following information in the Extended ACL Rule Configuration In the Rule ID 1 to 23 field ente...

Page 137: ...ne 2010 to the following displays Figure 9 6 b Enter the following information in the IP Binding Configuration Select 101 in the ACL ID field In the Sequence Number field enter 1 c Click the Unit 1 Th...

Page 138: ...t 1 0 48 Port 1 0 24 192 168 40 2 Port 0 13 192 168 100 2 Figure 9 7 CLI Configuring a One Way Access Using a TCP Flag in an ACL To use the CLI to configure the switch enter the following CLI commands...

Page 139: ...e vlan 100 ip address 192 168 100 1 255 255 255 0 Netgear Switch Interface vlan 100 exit Netgear Switch Config exit Create VLAN 200 with port 0 44 and assign IP address 192 168 200 1 24 Netgear Switch...

Page 140: ...face 0 44 ip access group 102 in 2 Netgear Switch Interface 0 44 exit Step 2 Configure the GSM7352S see Figure 9 7 To use the CLI to Configure the GSM7352S enter the following CLI commands Create VLAN...

Page 141: ...Switch Config interface 1 0 48 Netgear Switch Interface 1 0 48 vlan pvid 200 Netgear Switch Interface 1 0 48 vlan participation include 200 Netgear Switch Interface 1 0 48 exit Netgear Switch interfa...

Page 142: ...AN Routing Wizard In the Vlan ID field enter 30 In the IP Address field enter 192 168 30 1 In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under por...

Page 143: ...he IP Address field enter 192 168 100 1 In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 13 twice until U displays The U specifies that th...

Page 144: ...200 In the IP Address field enter 192 168 200 1 In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 44 twice until U displays The U specifie...

Page 145: ...main menu select Routing Routing Table Basic Route Configuration A screen similar to the following displays Figure 9 12 b Under Configure Routes make the following selection and enter the following i...

Page 146: ...ormation Select Static in the Route Type field In the Network Address field enter 192 168 50 0 In the Subnet Mask field enter 255 255 255 0 In the Next Hop IP Address field enter 192 168 200 2 c Click...

Page 147: ...dvanced IP ACL A screen similar to the following displays Figure 9 15 b In the IP ACL ID field of the IP ACL Table enter 102 c Click Add 9 Add and configure an IP extended rule that is associated with...

Page 148: ...ake the following selections In the Rule ID field enter 1 Next to Action mode select the Deny radio button Select False in the Match Every field Select TCP in the Protocol Type field Next to TCP Flag...

Page 149: ...eld c Click Add The Extended ACL Rule Configuration screen displays Figure 9 19 d Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections In the...

Page 150: ...plays Figure 9 20 b Under Binding Configuration make the following selection and enter the following information Select 101 in the ACL ID field In the Sequence Number field enter 1 c Click Unit 1 The...

Page 151: ...Select 102 in the ACL ID field In the Sequence Number field enter 2 c Click Unit 1 The ports display d Click on the gray box under port 44 A flag appears in the box e Click Apply to save the settings...

Page 152: ...the following information in the VLAN Routing Wizard In the Vlan ID field enter 40 In the IP Address field enter 192 168 40 1 In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports di...

Page 153: ...he following displays Figure 9 23 b Enter the following information in the VLAN Routing Wizard In the Vlan ID field enter 50 In the IP Address field enter 192 168 50 1 In the Network Mask field enter...

Page 154: ...Wizard In the Vlan ID field enter 200 In the IP Address field enter 192 168 200 2 In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 48 twic...

Page 155: ...lowing information Select Static in the Route Type field In the Network Address field enter 192 168 100 0 In the Subnet Mask field enter 255 255 255 0 In the Next Hop IP Address field enter 192 168 20...

Page 156: ...op IP Address field enter 192 168 200 1 c Click Add Configure Isolated VLANs on a Layer 3 Switch by Using ACLs Server 10 100 5 252 Port 11 0 38 10 100 5 34 Layer 3 Switch Port 1 0 24 192 148 24 1 Port...

Page 157: ...Config interface vlan 24 Netgear Switch Interface vlan 24 routing Netgear Switch Interface vlan 24 ip address 192 168 24 1 255 255 255 0 Netgear Switch Interface vlan 24 exit Netgear Switch Config exi...

Page 158: ...ffic that has destination IP 192 168 24 0 24 Netgear Switch Config access list 101 deny ip any 192 168 24 0 0 0 0 255 Create ACL 102 to deny all traffic that has destination IP 192 168 48 0 24 Netgear...

Page 159: ...1 a From the main menu select Routing VLAN VLAN Routing Wizard A screen similar to the following displays Figure 9 28 b Enter the following information in the VLAN Routing Wizard In the Vlan ID field...

Page 160: ...e VLAN Routing Wizard In the Vlan ID field enter 48 In the IP Address field enter 192 168 48 1 In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under...

Page 161: ...er 38 In the IP Address field enter 10 100 5 34 In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 38 twice until U displays The U specifies...

Page 162: ...IP Forwarding Mode select the Enable radio button c Click Apply to enable IP Routing 5 Create an ACL with ID 101 a From the main menu select Security ACL Advanced IP ACL A screen similar to the follo...

Page 163: ...he main menu select Security ACL Advanced IP ACL A screen similar to the following displays Figure 9 34 b In the IP ACL ID field of the IP ACL Table enter 103 c Click Add 8 Add and configure an IP ext...

Page 164: ...n and make the following selections In the Rule ID field enter 1 Next to Action mode select the Deny radio button Select False in the Match Every field In the Destination IP Address field enter 192 16...

Page 165: ...Rule Configuration screen displays Figure 9 38 d Under Extended ACL Rule Configuration 100 199 enter the following information and make the following selections In the Rule ID field enter 1 Next to A...

Page 166: ...to the following displays Figure 9 39 b Under IP Extended Rules select 103 in the ACL ID field c Click Add The Extended ACL Rule Configuration screen displays Figure 9 40 d Under Extended ACL Rule Co...

Page 167: ...plays Figure 9 41 b Under Binding Configuration make the following selection and enter the following information Select 102 in the ACL ID field In the Sequence Number field enter 1 c Click Unit 1 The...

Page 168: ...d enter the following information Select 101 in the ACL ID field In the Sequence Number field enter 1 c Click Unit 1 The ports display d Click on the gray box under port 48 A flag appears in the box e...

Page 169: ...r 2 c Click Unit 1 The ports display Configure the following ports Click on the gray box under port 24 A flag appears in the box Click on the gray box under port 48 A flag appears in the box d Click A...

Page 170: ...mac access list exit Apply the MAC ACL acl_bpdu to the port 1 0 2 Netgear Switch Config interface 1 0 2 Netgear Switch Interface 1 0 2 mac access group acl_bpdu in Web Interface Setting up a MAC ACL...

Page 171: ...ect acl_bpdu in the ACL Name field b Select Deny in the Action field c Enter the following information in the Rule Table In the ID field enter 1 In the Destination MAC enter 01 80 c2 00 00 00 In the D...

Page 172: ...ield c Click theAdd button 4 Apply the ACL acl_bpdu to the port 2 a From the main menu select Security ACL MAC ACL MAC Binding Configuration A screen similar to the following displays Figure 9 47 b En...

Page 173: ...with ACL functionality Define ACL Rule matching the desired traffic with the option mirror to an interface Whatever the traffic matching this rule will be copied to the specified mirrored interface G...

Page 174: ...Netgear Switch Config ipv4 acl permit every Bind the ACL with the interface 1 0 1 Netgear Switch Interface 1 0 1 ip access group monitorHost in 1 View the configuration Netgear Switch show ip access l...

Page 175: ...on the switch proceed as follows 1 Create an IP access control list with the name monitorHost on the switch a From the main menu select Security ACL Advanced IP ACL A screen similar to the following...

Page 176: ...ng displays Figure 9 51 b Click Add to take the Extended ACL Rule Configuration screen similar to the following displays Figure 9 52 c Enter Rule ID as 1 d Selection Action as Permit e Select Mirror I...

Page 177: ...ACL Advanced IP Extended Rules A screen similar to the following displays Figure 9 53 b Click Add and a screen similar to the following displays Figure 9 54 c Enter the Rule ID as 2 d Select the Permi...

Page 178: ...the main menu select Security ACL Advanced IP Binding Configuration A screen similar to the following displays Figure 9 56 b Enter Sequence Number as 1 c Click Unit 1 in the Port Selection Table to di...

Page 179: ...section shows how to redirect HTTP traffic stream received in an interface to the desired interface This examples redirects the HTTP traffic stream received in the port 1 0 1 to the port 1 0 19 CLI Re...

Page 180: ...Current number of ACLs 1 Maximum number of ACLs 100 ACL ID Name Rules Direction Interface s VLAN s redirectHTTP 2 inbound 1 0 1 Netgear Switch show ip access lists redirectHTTP ACL Name redirectHTTP...

Page 181: ...om the main menu select Security ACL Advanced IP ACL A screen similar to the following displays Figure 9 59 b In the IP ACL filed enter redirectHTTP c Click Add to create the IP ACL redirectHTTP At th...

Page 182: ...the following displays Figure 9 61 b Click Add to take the Extended ACL Rule Configuration screen similar to the following displays Figure 9 62 c Enter Rule ID as 1 d Selection Action as Permit e Sel...

Page 183: ...ne 2010 a From the main menu select Security ACL Advanced IP Extended Rules A screen similar to the following displays Figure 9 63 b Click Add to take the Extended ACL Rule Configuration screen simila...

Page 184: ...screen similar to the following displays Figure 9 65 4 Bind the ACL with the interface 1 0 1 a From the main menu select Security ACL Advanced IP Binding Configuration A screen similar to the followin...

Page 185: ...the network and may apply to one or more of the following fields within a packet Source IPv6 Prefix Destination IPv6 Prefix Protocol number Source Layer 4 port Destination Layer 4 port DSCP Value Flo...

Page 186: ...e destination network 2001 DB8 C0AB AC14 64 from the source network 2001 DB8 C0AB AC11 64 Permit IPv6 TELNET traffic to the destination network 2001 DB8 C0AB AC13 64 from the source network 2001 DB8 C...

Page 187: ...6 acl in Netgear Switch Interface 1 0 1 exit Netgear Switch Config exit View the configuration Netgear Switch show ipv6 access lists Current number of all ACLs 1 Maximum number of all ACLs 100 IPv6 AC...

Page 188: ...Create the Access Control List with the name ipv6 acl a From the main menu select Security ACL Advanced IPv6 ACL b In the IPv6 ACL table enter ipv6 acl in the IPv6 ACL field A screen similar to the fo...

Page 189: ...ules A screen similar to the following displays Figure 9 71 b Select the ACL Name as ipv6 acl c Click Add d Enter Rule ID as 1 e Select Action as Permit f Enter Source Prefix as 2001 DB8 C0AB AC11 g E...

Page 190: ...e Prefix as 2001 DB8 C0AB AC11 e Enter Source Prefix Length as 64 f Enter Destination Prefix as 2001 DB8 C0AB AC13 g Enter Destination Prefix Length as 64 h Select Destination L4 Port as telnet A scre...

Page 191: ...lowing displays Figure 9 74 g Click Apply 5 Apply the rules to inbound traffic on port 1 0 1 Only traffic matching the criteria will be accepted a From the main menu select Security ACL Advanced IP Bi...

Page 192: ...ontrol Lists ACLs 9 62 v1 0 June 2010 f Click Apply At the end of this configuration a screen similar to the following displays Figure 9 76 6 View the binding table From the main menu select Security...

Page 193: ...ProSafe 7000 Managed Switch Software Administration Manual Release 8 0 3 9 63 Access Control Lists ACLs v1 0 June 2010...

Page 194: ...o specified packets If a delay becomes necessary the system holds packets until the scheduler authorizes transmission As queues become full packets are dropped Packet drop precedence indicates the pac...

Page 195: ...lue is used All ingress packets from Untrusted ports where the packet is classified by an ACL or a DiffServ policy are directed to specific CoS queues on the appropriate egress port That specific CoS...

Page 196: ...classofservice trust To use the CLI to show CoS trust mode use these commands Netgear Switch show classofservice trust cr Press Enter to execute the command Netgear Switch show classofservice trust C...

Page 197: ...ofservice trust dot1p cr Press Enter to execute the command Netgear Switch Config classofservice trust dot1p ProSafe 7000 Managed Switch Software Administration Manual Release 8 0 3 10 4 Class of Serv...

Page 198: ...ssofservice ip precedence mapping IP Precedence Traffic Class 0 1 1 0 2 0 3 1 4 2 5 2 6 3 7 3 Web Interface Showing classofservice ip precedence Mapping To use the Web interface to show CoS trust mode...

Page 199: ...mum bandwidth percentage for Queue 0 Netgear Switch Config cos queue min bandwidth 15 Incorrect input Use cos queue min bandwidth bw 0 bw 7 Netgear Switch Config cos queue min bandwidth 15 25 10 5 5 2...

Page 200: ...in the Queue ID field c Under Interface Queue Configuration scroll down to interface 1 0 2 and select the checkbox for 1 0 1 1 0 2 now appears in the Interface field at the top d Enter the following i...

Page 201: ...d at the top d Enter the following information in the Interface Queue Configuration In the Minimum Bandwidth enter 25 Select the Strict in the Scheduler Type field e Click the Apply to save the settin...

Page 202: ...vanced CoS Configuration A screen similar to the following displays Figure 10 6 2 Under CoS Configuration Select the Interface radio button 3 Select 1 0 3 in the interface field 4 Select trust dot1p i...

Page 203: ...ate control mechanism that regulates the output of the entire interface regardless of which queues originate the outbound traffic CLI Configuring traffic shape Netgear Switch Config traffic shape bw E...

Page 204: ...ervice CoS Queuing 10 11 v1 0 June 2010 b Under CoS Interface Configuration scroll down to interface 1 0 3 and select the 1 0 3 checkbox Now 1 0 3 appears in the Interface field at the top c In the In...

Page 205: ...ng away from the core An edge device segregates inbound traffic into a small set of traffic classes and is responsible for determining a packet s classification Classification is primarily based on th...

Page 206: ...ts by dropping or re marking those that exceed the class s assigned data rate Counting the traffic within the class Service Assigns a policy to an interface for inbound traffic Differentiated Services...

Page 207: ...ig class map match srcip 172 16 40 0 255 255 255 0 Netgear Switch Config class map exit Create a DiffServ policy for inbound traffic named internet_access adding the previously created department clas...

Page 208: ...nterface 1 0 4 service policy in internet_access Netgear Switch Interface 1 0 4 exit Set the CoS queue configuration for the presumed egress interface 1 0 5 such that each of queues 1 2 3 and 4 get a...

Page 209: ...b Next to the Diffserv Admin Mode select the Enable radio button c Click Apply to save the settings 2 Create class finance_dept a From the main menu select QoS DiffServ Advanced Class Configuration A...

Page 210: ...class Figure 11 4 e Under the Diffserv Class Configuration page enter the following information In the Source IP Address field enter 172 16 10 0 In the Source Mask field enter 255 255 255 0 f Click A...

Page 211: ...s Name field enter marketing_dept Select All in the Class Type field c Click Add to create a new class marketing_dept d Click the marketing_dept to configure this class Figure 11 6 e On the Diffserv C...

Page 212: ...lect QoS DiffServ Advanced Class Configuration A screen similar to the following displays Figure 11 7 b Enter the following information in the Class Configuration In the Class Name field enter test_de...

Page 213: ...Mask field enter 255 255 255 0 f Click Apply 5 Create class development_dept a From the main menu select QoS DiffServ Advanced Class Configuration A screen similar to the following displays Figure 11...

Page 214: ...figuration page enter the following information In the Source IP Address field enter 172 16 40 0 In the Source Mask field enter 255 255 255 0 f Click Apply 6 Create a policy named internet_access and...

Page 215: ...From the main menu select QoS DiffServ Advanced Policy Configuration A screen similar to the following displays Figure 11 12 b Under Policy Configuration scroll down to internet_access and select the...

Page 216: ...ass test_dept to the policy internet_access 9 Add the class development_dept into the policy internet_access a From the main menu select QoS DiffServ Advanced Policy Configuration A screen similar to...

Page 217: ...n menu select QoS DiffServ Advanced Policy Configuration A screen similar to the following displays Figure 11 15 b Click the internet_access whose member class is finance_dept another screen similar t...

Page 218: ...in menu select QoS DiffServ Advanced Policy Configuration A screen similar to the following displays Figure 11 17 b Click the internet_access whose member class is marketing_dept another screen simila...

Page 219: ...n menu select QoS DiffServ Advanced Policy Configuration A screen similar to the following displays Figure 11 19 b Click the internet_access whose member class is test_dept another screen similar to t...

Page 220: ...dvanced Policy Configuration A screen similar to the following displays Figure 11 21 b Click the internet_access whose member class is development_dept another screen similar to the following displays...

Page 221: ...elect the checkbox for 1 0 1 c Scroll down to interface 1 0 2 and select the checkbox for 1 0 2 d Scroll down to interface 1 0 3 and select the checkbox for 1 0 3 e Scroll down to interface 1 0 4 and...

Page 222: ...rface field at the top c Select the 1 in the Queue ID field d In the Minimum Bandwidth field enter 25 e Click Apply 16 Set the CoS queue 2 configuration for the interface 1 0 5 a From the main menu se...

Page 223: ...d Interface Queue Configuration A screen similar to the following displays Figure 11 26 b Under Interface Queue Configuration scroll down to interface 1 0 5 and select the checkbox for 1 0 5 1 0 5 now...

Page 224: ...Click Apply DiffServ for VoIP Configuration One of the most valuable uses of DiffServ is to support Voice over IP VoIP VoIP traffic is inherently time sensitive for a network to provide acceptable se...

Page 225: ...priority mode This queue shall be used for all VoIP packets Activate DiffServ for the switch Netgear Switch config Netgear Switch Config cos queue strict 5 Netgear Switch Config diffserv Create a Diff...

Page 226: ...e the matching packets are assigned internally to use queue 5 of the egress port to which they are forwarded Netgear Switch Config policy map pol_voip in Netgear Switch Config policy map class class_e...

Page 227: ...heduler Type field e Click the Apply to save the settings 2 Enable the DiffServ a From the main menu select QoS DiffServ Basic DiffServ Configuration A screen similar to the following displays Figure...

Page 228: ...v1 0 June 2010 b In the Class Name enter class_voip c Select All in the Class Type field d Click Add to create a new class e Click the class_voip another screen similar to the following displays Figu...

Page 229: ...nu select QoS DiffServ Advanced DiffServ Configuration A screen similar to the following displays Figure 11 33 b In the Class Name enter class_ef c Select All in the Class Type field d Click the Add t...

Page 230: ...licy a From the main menu select QoS DiffServ Advanced Policy Configuration A screen similar to the following displays Figure 11 35 b In the Policy Selector field enter pol_voip c Select class_voip in...

Page 231: ..._voip a From the main menu select QoS DiffServ Advanced Policy Configuration A screen similar to the following displays Figure 11 37 b Under Policy Configuration scroll down to pol_voip and select the...

Page 232: ...efined policy to the interface 1 0 2 in the inbound direction a From the main menu select QoS DiffServ Advanced Service Configuration A screen similar to the following displays Figure 11 39 b Under Di...

Page 233: ...he source and destination IP Address and Layer 4 Port of the current session Based on these parameters a filter will be installed to assign the highest priority to VOIP data packets As soon as the cal...

Page 234: ...d 6 1 0 15 Enabled 6 1 0 16 Enabled 6 1 0 17 Enabled 6 1 0 18 Enabled 6 1 0 19 Enabled 6 1 0 20 Enabled 6 More or q uit Interface Auto VoIP Mode Traffic Class 1 0 21 Enabled 6 1 0 22 Enabled 6 1 0 23...

Page 235: ...d Services v1 0 June 2010 a From the main menu select QoS DiffServ Auto VoIP A screen similar to the following displays Figure 11 41 b Select the check box in the first row to select all the interface...

Page 236: ...00 Managed Switch Software Administration Manual Release 8 0 3 Differentiated Services 11 32 v1 0 June 2010 d Click Apply At the end of this configuration a screen similar to the following displays Fi...

Page 237: ...y providing support for IPv6 packet classification Internet IPv6 Workstation IPv6 Workstation IPv6 Workstation ICMPv6 traffic Other traffic GSM73xxS Interface 1 0 1 Interface 1 0 3 Interface 1 0 2 Fig...

Page 238: ...queue 6 Netgear Switch Config policy classmap assign queue 6 Netgear Switch Config policy map exit Attach the policy policy_icmpv6 in the interface 1 0 1 1 0 2 and 1 0 3 Netgear Switch Config interfac...

Page 239: ...Pv6 Class Configuration A screen similar to the following displays Figure 11 45 b Enter Class Name as classicmpv6 c Select Class Type as All A screen similar to the following displays Figure 11 46 d C...

Page 240: ...8 0 3 Differentiated Services 11 36 v1 0 June 2010 a From the main menu select QoS DiffServ Advanced IPv6 Class Configuration A screen similar to the following displays Figure 11 48 b Click the class...

Page 241: ...June 2010 c For the Protocol Type select Other and enter 58 A screen similar to the following displays Figure 11 50 d Click Apply At the end of this configuration a screen similar to the following di...

Page 242: ...y Configuration A screen similar to the following displays Figure 11 52 b Enter the Policy Name as policyicmpv6 c For the Policy Type select In d Select Member Class as classicmpv6 A screen similar to...

Page 243: ...8 0 3 11 39 Differentiated Services v1 0 June 2010 a From the main menu select QoS DiffServ Advanced Policy Configuration A screen similar to the following displays Figure 11 54 b Click the Policy po...

Page 244: ...vices 11 40 v1 0 June 2010 c Select Assign Queue as 6 Figure 11 56 d Click Apply 5 Attach the policy policyicmpv6 in the interface 1 0 1 1 0 2 and 1 0 3 a From the main menu select QoS DiffServ Advanc...

Page 245: ...1 0 3 A screen similar to the following displays Figure 11 58 d Click Apply At the end of this configuration a screen similar to the following displays Figure 11 59 Color Conform Policy Configuration...

Page 246: ...r Switch Config class map match all class_vlan Netgear Switch Config classmap match vlan 5 Netgear Switch Config classmap exit Netgear Switch Config class map match all class_color Netgear Switch Conf...

Page 247: ...gear Switch Interface 1 0 13 service policy in policy_vlan Netgear Switch Interface 1 0 13 exit Netgear Switch Config exit Web Interface Configuring a Color Conform Policy 1 Create a VLAN a From the m...

Page 248: ...ilar to the following displays Figure 11 61 b Select 5 in the VLAN ID field c Click Unit 1 The Ports display d Click the gray box under port 13 and 25 until T displays The T specifies that the egress...

Page 249: ...e Class Configuration In the Class Name field enter class_vlan In the class Type field select All c Click Add to create a new class class_vlan d Click the class_vlan to configure this class Figure 11...

Page 250: ...ain menu select QoS DiffServ Advanced Class Configuration A screen similar to the following displays Figure 11 65 b Enter the following information in the Class Configuration In the Class Name field e...

Page 251: ...Release 8 0 3 11 47 Differentiated Services v1 0 June 2010 e After that a screen similar to the following displays Figure 11 67 f Under the Diffserv Class Configuration page select 7 from the Preceden...

Page 252: ...ar to the following displays Figure 11 68 b In the Policy Name field enter policy_vlan c In the Policy Type field Select In d Click Add 6 Associate the policy_vlan with class_vlan a From the main menu...

Page 253: ...ion Click the policy_vlan a screen similar to the following displays Figure 11 70 b Select the Simple Policy radio button c Select Color Aware in the Color Mode field d Select class_color from Color C...

Page 254: ...une 2010 a From the main menu select QoS DiffServ Advanced Service Interface Configuration A screen similar to the following displays Figure 11 71 b Under Service Interface Configuration scroll and se...

Page 255: ...describes the Internet Group Management Protocol IGMP feature IGMPv3 and IGMP Snooping IGMP Uses Version 3 of IGMP Includes snooping Snooping can be enabled per VLAN Enable IGMP Snooping The following...

Page 256: ...figuration Next to the Admin mode field select the Enable radio button c Click Apply Show igmpsnooping The example is shown as CLI commands and as a Web interface procedure CLI Showing igmpsnooping Ne...

Page 257: ...as CLI commands and as a Web interface procedure CLI Showing mac address table igmpsnooping Netgear Switch show mac address table igmpsnooping cr Press Enter to execute the command Netgear Switch sho...

Page 258: ...Router The example is shown as CLI commands and as a Web interface procedure CLI Configuring the Switch with an External Multicast Router This example configures the interface as the one the multicas...

Page 259: ...checkbox for that interface Now 1 0 3 appears in the Interface field at the top 3 In the Multicast Router field select Enable 4 Click Apply Configure the Switch with a Multicast Router Using VLAN The...

Page 260: ...rom the main menu select Switching Multicast Multicast Router VLAN Configuration A screen similar to the following displays Figure 12 5 2 Under Multicast Router VLAN Configuration scroll down to inter...

Page 261: ...ct that traffic only to those users that require it However the IGMP snooping operation usually requires an extra network device normally a router that can generate an IGMP membership query and solici...

Page 262: ...the source IP address in querier packets See the CLI Manual for more details about other IGMP querier command options Netgear switch vlan database Netgear switch vlan set igmp 1 Netgear switch vlan s...

Page 263: ...on in the IGMP VLAN Configuration In the VLAN ID field enter 1 In the Admin Mode field select Enable c Click Add 3 Enable IGMP Snooping Querier globally a From the main menu select Switching Multicast...

Page 264: ...rier Status The example is shown as CLI commands and as a Web interface procedure CLI Showing IGMP Querier Status To see the IGMP querier status use the following command Netgear Switch show igmpsnoop...

Page 265: ...ual Release 8 0 3 12 11 IGMP Snooping and Querier v1 0 June 2010 Web Interface Showing IGMP Querier Status 1 From the main menu select Switching Multicast IGMP Snooping Configuration A screen similar...

Page 266: ...ts are restricted Enabled on a per port basis When locked only packets with allowable MAC address will be forwarded Supports both dynamic and static Implement two traffic filtering methods Dynamic Loc...

Page 267: ...e example is shown as CLI commands and as a Web interface procedure CLI Setting the Dynamic and Static Limit on the Port 1 0 1 Netgear Switch Config port security Enable port security globally Netgear...

Page 268: ...rity Traffic Control Port Security Interface Configuration A screen similar to the following displays Figure 13 2 b Under Port Security Interface Configuration scroll down to interface 1 0 1 and selec...

Page 269: ...1 0 1 exit Netgear Switch Config exit Netgear Switch show port security static 1 0 1 Number of static MAC addresses configured 3 Statically configured MAC Address VLAN ID 00 0E 45 30 15 F3 1 00 13 46...

Page 270: ...rt security mac address 00 13 00 01 02 03 Web Interface Creating a Static Address To use the Web interface to create a static address proceed as follows 1 From the main menu select Security Traffic Co...

Page 271: ...s Prevent traffic from being forwarded between protected ports Allow traffic to be forwarded between a protected port and a non protected port In following example PC1 and PC2 can access the Internet...

Page 272: ...s 192 168 1 254 255 255 255 0 Netgear Switch Interface vlan 192 exit Step 2 Create one VLAN 202 connected to the Internet Netgear Switch vlan database Netgear Switch Vlan vlan 202 Netgear Switch Vlan...

Page 273: ...ear Switch Config interface 1 0 24 Netgear Switch Interface 1 0 24 switchport protected Netgear Switch Interface 1 0 24 exit Web Interface Configuring a Protected Port to Isolate Ports on the Switch T...

Page 274: ...ol Name field enter pool a Select Dynamic in the Type of Binding field In the Network Number field enter 192 168 1 0 In the Network Mask field enter 255 255 255 0 In the Days field enter 1 Click on De...

Page 275: ...ng Wizard In the Vlan ID field enter 192 In the IP Address field enter 192 168 1 254 In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display Click the gray box under port 23 twi...

Page 276: ...IP Address field enter 10 100 5 34 In the Network Mask field enter 255 255 255 0 c Click Unit 1 The ports display d Click the gray box under port 48 twice until U displays The U specifies that the egr...

Page 277: ...for VLAN 202 a From the main menu select Routing Routing Table Basic Route Configuration A screen similar to the following displays Figure 13 10 b Under Configure Routes select DefaultRoute in the Rou...

Page 278: ...ay box under ports 24 A flag appears in the box c Click Apply to activate ports 23 and 24 as protected ports 802 1x Port Security This section describes how to configure the 802 1x Port Security featu...

Page 279: ...username list dot1xList Netgear Switch config Netgear Switch Config ip routing Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 routing Netgear Switch Interface 1 0 1 ip address 19...

Page 280: ...en the RADIUS client and the server Netgear Switch Config radius server key auth 10 100 5 17 Enter secret 16 characters max 123456 Re enter secret 123456 Set the RADIUS server as a primary server Netg...

Page 281: ...r the switch a From the main menu select Routing Basic IP Configuration A screen similar to the following displays Figure 13 13 b Next to the Routing Mode select the Enable radio button c Click Apply...

Page 282: ...55 255 255 0 in the Subnet Mask Select Enable in the Routing Mode field d Click Apply to save the settings 3 Assign IP address 10 100 5 33 24 to the interface 1 0 19 a From the main menu select Routin...

Page 283: ...16 b Select the checkbox before dot1xList c Select Radius in the 1 field d Click Apply 5 Set the port 1 0 19 to the Force Authorized mode In this case the Radius server is connected to this interface...

Page 284: ...uration A screen similar to the following displays Figure 13 18 b Next to the Administrative Mode select the Enable radio button c Select dot1xList in the Login field d Click Apply to save settings 7...

Page 285: ...ct Security Management Security RADIUS Radius Configuration A screen similar to the following displays Figure 13 20 b In the Server Address enter 10 100 5 17 c Select Enable in the Accounting Mode fie...

Page 286: ...sts from the switch and the port would remain in the unauthorized state and the client is not granted access to the network If the guest VLAN was configured for that port then the port is placed in th...

Page 287: ...1 0 24 Netgear Switch Interface 1 0 24 vlan participation include 2000 Netgear Switch Interface 1 0 24 exit Create a VLAN 2000 and have 1 0 1 and 1 0 24 being the member of VLAN 2000 Netgear Switch C...

Page 288: ...ID 2000 Guest VLAN Period secs 90 Supplicant Timeout secs 30 Server Timeout secs 30 Maximum Requests 2 VLAN Id 2000 VLAN Assigned Reason Guest Reauthentication Period secs 3600 Reauthentication Enabl...

Page 289: ...AN Type field d Click Add 2 Add ports to the VLAN 2000 a From the main menu select Switching VLAN Advanced VLAN Membership A screen similar to the following displays Figure 13 24 b Select 2000 in the...

Page 290: ...er Port Authentication scroll down to interface 1 0 6 and 1 0 12 select the checkbox for that interface c Under the Port Authentication select Force Authorized in the Control Mode field d Click Apply...

Page 291: ...ication list a From the main menu select Security Management Security Authentication List Dot1x Authentication List A screen similar to the following displays Figure 13 27 b Select the defaultList che...

Page 292: ...iate VLAN that it is supposed to be in this is configured in the RADIUS server This gives flexibility for the clients to move around the network without requiring the administrator to do much configur...

Page 293: ...ithin the Access Request For use in VLAN assignment the following tunnel attributes are used Tunnel Type VLAN 13 Tunnel Medium Type 802 Tunnel Private Group ID VLANID where VLANID is 12 bits taking a...

Page 294: ...etwork radius Enable the switch to accept VLAN assignment by the radius server Netgear Switch Config radius server host auth 192 168 0 1 Set the Radius server IP address Netgear Switch Config radius s...

Page 295: ...VLAN Period secs 90 Supplicant Timeout secs 30 Server Timeout secs 30 Maximum Requests 2 VLAN Id 2000 VLAN Assigned Reason RADIUS Reauthentication Period secs 3600 Reauthentication Enabled FALSE Key T...

Page 296: ...e Current Network Configuration Protocol select the None Radio button c In the IP Address enter 192 168 0 5 d In the Subnet Mask enter 255 255 255 0 e Click Apply 2 Create VLAN 2000 a From the main me...

Page 297: ...lowing displays Figure 13 33 b Under Port Authentication scroll down to interface 1 0 6 and 1 0 12 select the checkbox for that interface c Under Port Authentication select Force Authorized in the Con...

Page 298: ...VLAN Assignment Mode select the Enable radio button d Click Apply to save settings 5 Configure dot1x authentication list a From the main menu select Security Management Security Authentication List Do...

Page 299: ...lick Add Dynamic ARP Inspection Dynamic ARP Inspect DAI is a security feature that rejects invalid and malicious ARP packets The feature prevents a class of man in the middle attacks where an unfriend...

Page 300: ...IP addresses DHCP snooping cannot be run or other switches in the network do not run dynamic ARP inspection A static mapping associates an IP address to a MAC address on a VLAN Static client IP addres...

Page 301: ...LAN 1 Netgear Switch Config ip arp inspection vlan 1 Now all the ARP packets received on the ports that are member of VLAN are copied to CPU for ARP inspection If there are trusted ports it can config...

Page 302: ...similar to the following displays Figure 13 38 b For the DHCP Snooping Mode select Enable c Click Apply At the end of this configuration a screen similar toFigure 13 38 displays 2 Enable DHCP snoopin...

Page 303: ...reen similar to the following displays Figure 13 40 3 Configure the port through which DHCP server is reached as trusted Here Interface 1 0 1 is trusted a From the main menu select Security Control DH...

Page 304: ...Click Apply At the end of this configuration a screen similar to the following displays Figure 13 42 4 View the DHCP Snooping Binding table a From the main menu select Security Control DHCP Snooping...

Page 305: ...ment v1 0 June 2010 a From the main menu select Security Control Dynamic ARP Inspection DAI VLAN Configuration A screen similar to the following displays Figure 13 44 b Set the VLAN ID as 1 c Set the...

Page 306: ...rator PC has a DHCP snooping entry or accessing the device through the trusted port for ARP Otherwise you may get disconnected from the device 6 Configure a port 1 0 1 as trusted a From the main menu...

Page 307: ...n filter ArpFilter vlan 1 Now the ARP packets from the Static client will be through since it has an entry in the ARP ACL ARP packets from the DHCP client is also through since it has DHCP snooping en...

Page 308: ...ain menu select Security Control Dynamic ARP Inspection DAI ACL Rule Configuration b Select ACL Name as ArpFilter c Enter Source IP Address as 192 168 10 2 d Enter the Source MAC Address as 00 11 85 E...

Page 309: ...CP clinet and DHCP server to filter harmful DHCP message and to build a bindings database of MAC address IP address VLAN ID port tuples that are considered authorized The network administrator enables...

Page 310: ...ted Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 ip dhcp snooping trust View the DHCP Snooping Binding table GSM7328S show ip dhcp snooping binding Total number of bindings 1 M...

Page 311: ...n a VLAN a From the main menu select Security Control DHCP Snooping Global Configuration A screen similar to the following displays Figure 13 53 b In the VLAN Configuration table select VLAN ID as 1 c...

Page 312: ...in menu select Security Control DHCP Snooping Interface Configuration A screen similar to the following displays Figure 13 55 b Select the checkbox for Interface 1 0 1 c Select Trust Mode as Enable fo...

Page 313: ...binding database This script in this section shows how to enter the static binding in the binding database CLI Entering Static Binding into the Binding Database DHCP Snooping Static Entry Netgear Swi...

Page 314: ...ets being used as a DoS attach when DHCP snooping is enabled the snooping application enforces a rate limit for DHCP packets received on untrusted interface DHCP snooping monitors the receive rate on...

Page 315: ...2010 View the rate configured GSM7328S show ip dhcp snooping interfaces 1 0 2 Interface Trust State Rate Limit Burst Interval pps seconds 1 0 2 No 5 1 Web Interface Configuring the Maxiumum Rate of DH...

Page 316: ...ding in the bindings database IP Source Guard can be configured to enforce just the source IP address or both the source IP address and source MAC address Static client IP address 192 168 10 1 HW addr...

Page 317: ...ooping binding Total number of bindings 1 MAC Address IP Address VLAN Interface Type Lease Secs 00 16 76 A7 88 CC 192 168 10 86 1 1 0 2 DYNAMIC 86400 If the entry does not exist in the DHCP Snooping B...

Page 318: ...oping Mode as Enable c Click Apply At the end of this configuration a screen similar to Figure 13 64 is displayed 2 Enable DHCP snooping in a VLAN a From the main menu select Security Control DHCP Sno...

Page 319: ...re the port through which DHCP server is reached as trusted Here interface 1 0 1 is trusted a From the main menu select Security Control DHCP Snooping Interface Configuration A screen similar to the f...

Page 320: ...m the main menu select Security Control IP Source Guard Interface Configuration b Select the check box for interface 1 0 2 c Select IPSG mode as Enable d Click Apply At the end of this configuration a...

Page 321: ...7000 Managed Switch Software Administration Manual Release 8 0 3 13 56 Security Management v1 0 June 2010 f Click Add At the end of this configuration a screen similar to the following displays Figur...

Page 322: ...otocol SNTP feature Used for synchronizing network resources Adaptation of NTP Provides synchronized network timestamp Can be used in broadcast or unicast mode SNTP client implemented over UDP which l...

Page 323: ...etgear Switch Routing show sntp server Server IP Address 81 169 155 234 Server Type ipv4 Server Stratum 3 Server Reference Id NTP Srv 212 186 110 32 Server Mode Server Server Maximum Entries 3 Server...

Page 324: ...14 208 19 Netgear Switch Config sntp server 208 14 208 19 2 After configuring the IP address enable SNTP client mode The client mode may be either broadcast mode or unicast mode If the NTP server is...

Page 325: ...Time SNTP Server Configuration A screen similar to the following displays Figure 14 1 b Enter the following information in the SNTP Server Configuration Select IPV4 in the Server Type field In the Ad...

Page 326: ...er PST In the Offset Hours field enter 8 c Click Apply Set the Time Zone CLI Only The SNTP NTP server is set to Coordinated Universal Time UTC by default The following example shows how to set the tim...

Page 327: ...192 168 1 1 Netgear switch config sntp server time a netgear com where 192 168 1 1 is the public network gateway IP address for your device This method of setting DNS name look up can be used for any...

Page 328: ...field enter 4 c Click Add 2 Configure the DNS server a From the main menu select System Management DNS DNS Configuration A screen similar to the following displays Figure 14 4 b Enter the following in...

Page 329: ...alues and watches the ICMP time out announcements Command displays all L3 devices Can be used to detect issues on the network Tracks up to 20 hops Default UPD port used 33343 unless modified in the tr...

Page 330: ...0 ms 60 ms 60 ms 14 216 115 96 185 110 ms 59 ms 70 ms 15 216 109 120 203 70 ms 66 ms 95 ms 16 216 109 118 74 78 ms 121 ms 69 ms ProSafe 7000 Managed Switch Software Administration Manual Release 8 0 3...

Page 331: ...ipt on page 15 5 Configuration Scripting Allows you to generate text formatted files Provides scripts that can be uploaded and downloaded to the system Provides flexibility to create command configura...

Page 332: ...ands of configuration script script list and script delete Netgear Switch script list Configuration Script Name Size Bytes basic scr 93 running config scr 3201 2 configuration script s found 1020706 b...

Page 333: ...nfig scr tftp 192 168 77 52 running config scr Mode TFTP Set TFTP Server IP 192 168 77 52 TFTP Path TFTP Filename running config scr Data Type Config Script Source Filename running config scr Are you...

Page 334: ...you sure you want to start y n y CLI Banner file transfer operation completed successfully Netgear Switch Routing exit Netgear Switch Routing logout Login Banner Unauthorized access is punishable by...

Page 335: ...ce Netgear Switch Config exit Netgear Switch show monitor session 1 Session ID Admin Mode Probe Port Mirrored Port 1 Enable 1 0 3 1 0 2 Web Interface Specifying the Source Mirrored Ports and Destinati...

Page 336: ...nd makes the current active image as the backup image for subsequent reboots On three successive errors executing the active image the switch attempts to execute the backup image If there are errors e...

Page 337: ...sferred 6255616 bytes transferred 6423040 bytes transferred 6606336 bytes transferred 6781952 bytes transferred 6957056 bytes transferred 7111168 bytes transferred 7307776 bytes transferred 7483392 by...

Page 338: ...elect Archive in the File Type field c Select image2 in the Image Name field d Select TFTP in the Transfer Mode field e Select IPv4 in the Server Address Type field f In the Server Address field enter...

Page 339: ...elnet connection is initiated each side of the connection is assumed to originate and terminate at a Network Virtual Terminal NVT Server and user hosts do not maintain information about the characteri...

Page 340: ...uting Config lineconfig Netgear Switch Routing Line transport input Displays the protocols to use to connect to a specific line of the router output Displays the protocols to use for outgoing connecti...

Page 341: ...Enable radio button 4 Click Apply CLI session limit and session timeout Netgear Switch Routing Line session limit 0 5 Configure the maximum number of outbound telnet sessions allowed Netgear Switch Ro...

Page 342: ...15 14 v1 0 June 2010 1 From the main menu select Security Access Telnet A screen similar to the following displays Figure 15 6 2 Enter the following information in the Outbound Telnet In the Session...

Page 343: ...r each of the last three sessions Each log has two parts Start up log is the first 32 messages after system startup Operational log is the last 32 messages received after the startup log is full Files...

Page 344: ...ocal Port 514 CLI Command Logging disabled Console Logging disabled Console Logging Severity Filter alert Buffered Logging enabled Syslog Logging enabled Log Messages Received 66 Log Messages Dropped...

Page 345: ...to the Admin Status select the Enable radio button c Click Apply 2 Configure the Command Log a From the main menu select Monitoring Logs Command Log Figure 16 3 b Enter the following information in th...

Page 346: ...16 4 v1 0 June 2010 b Enter the following information in the Console Log Configuration Next to the Admin Status click the Disable radio button c Click Apply 4 Configure Buffer Logs a From the main men...

Page 347: ...Buffered Logging Wrapping Behavior On Buffered Log Count 66 1 JAN 01 00 00 02 0 0 0 0 0 UNKN 268434944 usmdb_sim c 1205 1 Error 0 0x0 2 JAN 01 00 00 09 0 0 0 0 1 UNKN 268434944 bootos c 487 2 Event 0x...

Page 348: ...er to execute the command Netgear Switch Routing show logging traplogs Number of Traps Since Last Reset 6 Trap Log Capacity 256 Number of Traps Since Log Last Viewed 6 Log System Up Time Trap 0 0 days...

Page 349: ...Logging Hosts The example is shown as CLI commands and as a Web interface procedure CLI Showing Logging Hosts Netgear Switch Routing show logging hosts cr Press Enter to execute the command Netgear S...

Page 350: ...g Config logging buffered Buffered In Memory Logging Configuration cli command CLI Command Logging Configuration console Console Logging Configuration host Enter IP Address for Logging Host syslog Sys...

Page 351: ...ts Index IP Address Severity Port Status 1 192 168 21 253 alert 4 Active ProSafe 7000 Managed Switch Software Administration Manual Release 8 0 3 16 9 Syslog v1 0 June 2010 Web Interface Logging Port...

Page 352: ...up of a Stack on page 17 9 Removing a Unit from the Stack on page 17 10 Adding a Unit to an Operating Stack on page 17 10 Replacing a Stack Member with a New Unit on page 17 11 Renumber Stack Members...

Page 353: ...are eligible stack masters If the stack master becomes unavailable the remaining stack members participate in electing a new stack master from among themselves A set of factors determine which switch...

Page 354: ...among themselves The re elected stack master retains its role and configuration and so do its stack members All remaining switches including the former stack masters reload and join the switch stack a...

Page 355: ...010 use the regular Category 5 Ethernet 8 wire cable Figure 17 1 Interconnect ports 51 and 52 as shown port 51 port 52 Figure 17 2 Stack Master Election and Re Election The stack master is elected or...

Page 356: ...The member number also determines the interface level configuration that a stack member uses You can display the stack member number by using the show switch user EXEC command A new out of the box sw...

Page 357: ...econfigured new switch and adds it to the stack The stack member numbers match but the switch types do not match If the stack member number of the preconfigured switch matches the stack member number...

Page 358: ...pgrade a switch that has an incompatible software image by using the copy xmodem ymodem zmodem tftp ip filepath filename command It copies the software image from an existing stack member to the one w...

Page 359: ...ned by the stack member priority value Connect two switches through their stacking ports Use the switch stack member number priority new priority number global configuration command to set one stack m...

Page 360: ...mmand For example if a reset is issued to a stack member use the show port command to verify that the unit has re merged with the stack and all ports are joined before issuing the next command When ph...

Page 361: ...be replaced reconnect the stack cable from the stack member above to the stack member below the unit being removed 5 Remove unit from the rack 6 If desired remove the unit from the configuration by i...

Page 362: ...ck The unit can be inserted into the same position as the unit just removed or the unit can be inserted at the bottom of the stack In either case make sure all stack cables are connected with the exce...

Page 363: ...follows 1 Renumbering the stacking member s ID from 3 to 2 a From the main menu select System Management Basic Stack Configuration A screen similar to the following displays Figure 17 3 b Under Stack...

Page 364: ...movemanagement fromunit id tounit id 2 Make sure that you can log in on the console attached to the new master Use the show switch command to verify that all units rejoined the stack 3 It is recommen...

Page 365: ...wered units at that point 3 Completely cable the stacking connections making sure the redundant link is also in place 4 Then power up each unit one at a time by following Adding a Unit to an Operating...

Page 366: ...ack must run the same code version Ports on stack units that don t match the management unit code version don t come up and the show switch command shows a code mismatch error To resolve this situatio...

Page 367: ...to the newly added unit from the master using the copy command The newly added member should then be reset and should reboot normally and join the stack Web Interface Upgrading Firmware To use the We...

Page 368: ...d Running Link Stack Stack Link Speed Unit Intf SlotId Type XFP Adapter Mode Mode Status Gb s 2 0 27 None Stack Stack Link Down 0 2 0 28 AX742 stack Stack Stack Link Down 12 Netgear Switch config Netg...

Page 369: ...k port 1 0 51 ethernet Netgear Switch Config stack exit Netgear Switch Config exit Netgear Switch reload Are you sure you want to reload the stack y n y After Switch B reboots Netgear Switch show port...

Page 370: ...creen similar to the following displays Figure 17 9 b Select 2 for Reboot Unit No c Click Apply Web Interface On Switch B 1 Configure a stack port as an Ethernet port a From the main menu select Syste...

Page 371: ...the following displays Figure 17 11 b Select 1 for Reboot Unit No c Click Apply Stack the Switches using 10G fiber This example shows how to make two switches stack together in different buildings at...

Page 372: ...Switch B Show the stack port information Netgear Switch show stack port Configured Running Link Stack Stack Link Speed Unit Intf SlotId Type XFP Adapter Mode Mode Status Gb s 2 0 27 None Stack Stack L...

Page 373: ...OK 8 0 1 2 Web Interface on Switch A a From the main menu select System Stacking Advanced Stack Port Configuration A screen similar to the following displays Figure 17 13 b Since the port 1 0 52 is s...

Page 374: ...8 0 3 Managing Switch Stacks 17 23 v1 0 June 2010 d Click Apply to save the settings 2 Reboot the switch a From the main menu select maintenance Reset Device Reboot A screen similar to the following...

Page 375: ...Community The example is shown as CLI commands and as a Web interface procedure CLI Adding a New Community Netgear switch config Netgear switch Config snmp server community rw public 4 Web Interface A...

Page 376: ...to send SNMP trap to the SNMP server Netgear switch config Netgear switch Config snmptrap public 10 100 5 17 Enable send trap to SNMP server 10 100 5 17 Netgear switch Config snmp server traps linkmod...

Page 377: ...Click the Apply button Configure SNMP V3 The example is shown as CLI commands and as a Web interface procedure CLI Configuring SNMP V3 This example shows how to configure SNMP v3 on the NETGEAR switc...

Page 378: ...nt Security User Configuration User Management A screen similar to the following displays Figure 18 4 b Under User Management scroll down to User Name admin and select the checkbox for admin admin now...

Page 379: ...built into network equipment and gives complete visibility into network activity enabling effective management and control of network resources The sFlow monitoring system consists of a sFlow Agent em...

Page 380: ...cal Packet Based Sampling of Packet Flows with sFlow Configure the sFlow receiver sFlow collector IP address In this example sFlow samples will be sent to the destination address 192 168 10 2 Netgear...

Page 381: ...sFlow receiver index sampling rate sampling max header size It has to be repeated for all the ports to be sampled Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 sflow sampler 1...

Page 382: ...of this configuration a screen similar to the following displays Figure 18 8 2 Configure sampling ports sFlow receiver index sampling rate sampling max header size a From the main menu select Monitor...

Page 383: ...to be repeated for all the ports to be polled Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 sflow poller 1 Netgear Switch Interface 1 0 1 sflow poller interval 300 View the poll...

Page 384: ...oSafe 7000 Managed Switch Software Administration Manual Release 8 0 3 SNMP 18 10 v1 0 June 2010 c Enter the Poller Interval as 300 A screen similar to the following displays Figure 18 11 d Click Appl...

Page 385: ...host s IP address Enables a static host name entry to be used to resolve the IP address The following are examples of how the DNS feature is used Specify Two DNS Servers The following example shows h...

Page 386: ...er Configuration table Manually Add a Host Name and an IP Address The following example shows commands to add a static host name entry to the switch so that you can use this entry to resolve the IP ad...

Page 387: ...name and an IP address proceed as follows 1 From the main menu select System Management DNS Host Configuration A screen similar to the following displays Figure 19 2 2 Under DNS Host Configuration en...

Page 388: ...itch The network in the DHCP pool must belong to the same subnet DHCP Server Allows the switch to dynamically assign an IP address to a DHCP client that is attached to the switch Enables the IP addres...

Page 389: ...itch Config interface vlan 200 Netgear Switch Interface vlan 200 routing Netgear Switch Interface vlan 200 ip address 192 168 100 1 255 255 255 0 Netgear Switch config Netgear Switch Config service dh...

Page 390: ...rt 1 0 1 to VLAN 200 a From the main menu select Switching VLAN Advanced VLAN Membership A screen similar to the following displays Figure 20 3 b Select 200 in the VLAN ID field c Click Unit 1 The Por...

Page 391: ...0 4 b Under Port PVID Configuration scroll down and select the checkbox for 1 0 1 c In the PVID Configuration PVID 1 to 4093 field enter 200 d Click Apply to save the settings 4 Create a new DHCP pool...

Page 392: ...the Type of Binding field In the Network Number field enter 192 168 100 0 In the Network Mask field enter 255 255 255 0 As an alternate you can enter 24 in the Network Prefix Length field Do not fill...

Page 393: ...client identifier 01 00 01 02 03 04 05 Note The unique identifier is a concatenation of the media type and MAC addresses For example the Microsoft client identifier for Ethernet address c8 19 24 88 f1...

Page 394: ...eate in the Pool Name field In the Pool Name field enter pool_manual Select Manual in the Type of Binding field In the Client Name field enter dhcpclient In the Hardware Address field enter 00 01 02 0...

Page 395: ...omer domain Custom VLAN IDs are preserved and a provider service VLAN ID is added to the traffic so that the traffic can pass the metro core in a simple and cost effective manner Double VLANs Pass cus...

Page 396: ...Switch Vlan vlan 200 Netgear Switch Vlan exit Add interface 1 0 24 to VLAN 200 add pvid 200 to the port Netgear Switch config Netgear Switch Config interface 1 0 24 Netgear Switch Interface 1 0 24 vl...

Page 397: ...A screen similar to the following displays Figure 21 2 b Under VLAN Configuration enter the following information and make the following selection In the VLAN ID field enter 200 In the VLAN Name field...

Page 398: ...der VLAN Membership select 200 in the VLAN ID field c Click Unit 1 The ports display Click the gray box under port 24 twice until U displays The U specifies that the egress packet is untagged for the...

Page 399: ...creen similar to the following displays Figure 21 4 b Under PVID Configuration scroll down to interface 1 0 24 and select the chechbox for that interface Now 1 0 24 appears in the Interface field at t...

Page 400: ...June 2010 screen similar to the following displays Figure 21 5 b Under DVLAN Configuration scroll down to interface 1 0 48 and select the chechbox for that interface Now 1 0 48 appears in the Interfa...

Page 401: ...ed or community When in isolated mode the member port in the group cannot forward its egress traffic to any other members in the same group By default the mode is community mode that each member port...

Page 402: ...participation pvid 200 Netgear Switch Interface 1 0 16 exit Netgear Switch Config interface 1 0 17 Netgear Switch Interface 1 0 17 vlan participation include 200 Netgear Switch Interface 1 0 17 vlan...

Page 403: ...witching VLAN Basic VLAN configuration A screen similar to the following displays Figure 22 2 b Enter the following information in the VLAN Configuration In the VLAN ID field enter 200 In the VLAN Nam...

Page 404: ...6 1 0 7 1 0 16 and 1 0 17 a From the main menu select Switching VLAN Advanced Port PVID Configuraton A screen similar to the following displays Figure 22 4 b Under PVID Configuration scroll down to i...

Page 405: ...enter 1 d Select community in the Group Mode field e Click Add 5 Add the port 6 7 to the group1 a From the main menu select Security Traffic Control Private Group VLAN Private Group Membership A scree...

Page 406: ...enter group2 c In the Group ID field enter 2 d Select isolated in the Group Mode field e Click Add 7 Add the port 16 17 to the group2 a From the main menu select Security Traffic Control Private Group...

Page 407: ...eroperate with legacy bridges on a per port basis This drops the benefits it introduces In Multiple Spanning Tree Protocol MSTP each Spanning Tree instance can contain several VLANs Each Spanning Tree...

Page 408: ...following displays Figure 23 1 b Enter the following information in the STP Configuration Next to the Spanning Tree Admin Mode select the Enable radio button Next to the Force Protocol Version select...

Page 409: ...mands and as a Web interface procedure CLI Configuring Rapid STP 802 1w Netgear switch Config spanning tree Netgear switch Config spanning tree forceversion 802 1w Netgear switch Interface 1 0 3 spann...

Page 410: ...ain menu select Switching STP CST Port Configuration A screen similar to the following displays Figure 23 4 b Under CST Port Configuration scroll down to interface 1 0 3 and select the checkbox for th...

Page 411: ...r switch Config spanning tree mst instance 2 Create a mst instance 2 Netgear switch Config spanning tree mst priority 2 4096 Netgear switch Config spanning tree mst vlan 2 11 Netgear switch Config spa...

Page 412: ...Configure MST Configuration a From the main menu select Switching STP MST Configuration A screen similar to the following displays Figure 23 6 b Configure MST ID 1 In the MST ID field enter 1 In the...

Page 413: ...STP MST Port Status A screen similar to the following displays Figure 23 7 4 Under MST Port Configuration scroll down to interface 1 0 3 and select the checkbox for that interface Now 1 0 3 appears in...

Page 414: ...rived from the 6to4 IPv6 address of the tunnel s nexthop It supports the functionality of a 6to4 border router that connects a 6to4 site to a 6to4 domain It sends receives tunneled traffic from router...

Page 415: ...1 16 exit Netgear Switch show interfacet tunnel 0 Interface Link Status Up IPv6 is enabled IPv6 Prefix is FE80 C0A8 101 128 2000 1 64 MTU size 1280 bytes show interface tunnel TunnelId Interface Tunne...

Page 416: ...ce tunnel TunnelId Interface TunnelMode SourceAddress DestinationAddress 0 tunnel 0 6 in 4 Configured 192 168 1 2 192 168 1 1 ProSafe 7000 Managed Switch Software Administration Manual Release 8 0 3 T...

Page 417: ...the Enable Radio button d Click Apply 3 Create a routing interface and assign IP address to it a From the main menu select Routing IP Advanced IP Interface Configuration A screen similar to the follow...

Page 418: ...he following displays Figure 24 5 b Select 0 in Tunnel Id field c Select 6 in 4 configured in the Mode field d In the Source Address field enter 192 168 1 1 e In the Destination Address field enter 19...

Page 419: ...in EUI64 field f Click Add On GSM7328S_2 To use the Web interface to create a tunnel proceed as follows 1 Enable IP routing on the switch a From the main menu select Routing IP Basic IP Configuration...

Page 420: ...utton d Click Apply 3 Create a routing interface and assign IP address to it a From the main menu select Routing IP Advanced IP Interface Configuration A screen similar to the following displays Figur...

Page 421: ...s Figure 24 10 b Select 0 in the Tunnel Id field c Select 6 in 4 configured in the Mode field d In the Source Address field enter 192 168 1 2 e In the Destination Address field enter 192 168 1 1 f Cli...

Page 422: ...000 Managed Switch Software Administration Manual Release 8 0 3 Tunnel 24 9 v1 0 June 2010 c In the IPv6 Prefix field enter 2000 2 d In the Length field enter 64 e Select Disable in the EUI64 field f...

Page 423: ...e switch Netgear Switch Config ipv6 forwarding Netgear Switch Config ipv6 unicast routing Assign IPv6 address to interface 1 0 1 Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 ip...

Page 424: ...nt Other Config Flag Disabled Router Advertisement Suppress Flag Disabled IPv6 Destination Unreachables Enabled Prefix 2000 2 64 Preferred Lifetime 604800 Valid Lifetime 2592000 Onlink Flag Enabled Au...

Page 425: ...Figure 25 2 b Under IPv6 Interface Configuration scroll down to interface 1 0 1 and select the checkbox for 1 0 1 Now 1 0 1appears in the Interface field at the top c In the IPv6 Interface Configurati...

Page 426: ...ch network ipv6 enable Netgear Switch network ipv6 address 2001 1 1 64 Netgear Switch network ipv6 gateway 2001 1 2 Netgear Switch show network Interface Status Always Up IP Address 0 0 0 0 Subnet Mas...

Page 427: ...able Radio button c In the IPv6 Prefix Prefix Length field enter 2001 1 1 64 d Select False in the EUI64 field e Click Add 2 Add an IPv6 gateway to the network interface a From the main menu select Sy...

Page 428: ...ace 1 0 1 exit Netgear Switch Config interface vlan 0 4 1 Netgear Switch Interface 0 4 1 routing Netgear Switch Interface 0 4 1 ipv6 enable Netgear Switch Interface 0 4 1 ipv6 address 2000 1 64 Netgea...

Page 429: ...ement Interval 600 Router Advertisement Managed Config Flag Disabled Router Advertisement Other Config Flag Disabled Router Advertisement Suppress Flag Disabled IPv6 Destination Unreachables Enabled P...

Page 430: ...elect Switching VLAN Advanced VLAN Membership A screen similar to the following displays Figure 25 7 b Select 500 in the VLAN ID field c Click the Unit 1 The Ports display d Click the gray box under p...

Page 431: ...the settings 4 Enable IPv6 forwarding and unicast routing on the switch a From the main menu select Routing IPv6 Basic Global Configuration A screen similar to the following displays Figure 25 9 b Ne...

Page 432: ...4 2 and in the IPv6 Interface Configuration select Enable in the IPv6 Mode field d Click Apply 6 Assign an IPv6 address to the routing VLAN a From the main menu select Routing IPv6 Advanced Prefix Co...

Page 433: ...tree as PIM SM can PIM DM assumes that when a sender starts sending data all downstream routers and hosts want to receive a multicast datagram PIM DM initially floods multicast traffic throughout the...

Page 434: ...Densely distributed receivers A ratio of few senders to many receivers due to frequent flooding High volume of multicast traffic Constant stream of traffic The following example describes how to conf...

Page 435: ...1 ip address 192 168 2 2 255 255 255 0 Netgear Switch Interface 1 0 1 ip rip Enable PIM DM on the interface Netgear Switch Interface 1 0 1 ip pimdm Netgear Switch Interface 1 0 1 exit Netgear Switch...

Page 436: ...Switch Interface 1 0 11 ip pimdm Netgear Switch Interface 1 0 11 exit On Switch C Netgear Switch configure Netgear Switch Config ip routing Netgear Switch Config ip pimdm Netgear Switch Config ip mult...

Page 437: ...re Administration Manual Release 8 0 3 26 5 PIM v1 0 June 2010 Enable igmp on the 1 0 24 Netgear Switch Config interface 1 0 24 Netgear Switch Interface 1 0 24 routing Netgear Switch Interface 1 0 24...

Page 438: ...aged Switch Software Administration Manual Release 8 0 3 PIM 26 6 v1 0 June 2010 Web Interface Configuring PIM DM To use the Web interface to config PIM DM proceed as follows On Switch A 1 Enable IP r...

Page 439: ...appears in the Interface field at the top c Enter the following information in the IP Interface Configuration In the IP address enter 192 168 2 2 In the Subnet Mask enter 255 255 255 0 Select Enable i...

Page 440: ...field d Click Apply 4 Configure 1 0 13 as a routing port and assign IP address to it a From the main menu select Routing IP Advanced IP Interface Configuration A screen similar to the following displ...

Page 441: ...b Select 1 0 1 in the Interface field c Next to the RIP Admin Mode select the Enable radio button d Click Apply 6 Enable rip on the interface 1 0 9 a From the main menu select Routing RIP Advanced Int...

Page 442: ...he following displays Figure 26 8 b Select 1 0 13 in the Interface field c Next to the RIP Admin Mode select the Enable radio button d Click Apply 8 Enable multicast globally a From the main menu sele...

Page 443: ...PIM DM Global Configuration A screen similar to the following displays Figure 26 10 b Next to the Admin Mode select the Enable radio button c Click Apply 10 Enable PIM DM on the interface 1 0 1 1 0 9...

Page 444: ...lick Apply to save the settings On Switch B To use the Web interface to config PIM DM proceed as follows 1 Enable IP routing on the switch a From the main menu select Routing IP Basic IP configuration...

Page 445: ...3 2 In the Subnet Mask enter 255 255 255 0 Select Enable in the Routing Mode d Click Apply to save the settings 3 Configure 1 0 11 as a routing port and assign IP address to it a From the main menu se...

Page 446: ...nterface Configuration A screen similar to the following displays Figure 26 15 b Select 1 0 10 in the Interface field c Next to the RIP Admin Mode select the Enable radio button d Click Apply 5 Enable...

Page 447: ...o the following displays Figure 26 17 b Next to the Admin Mode select the Enable radio button c Click Apply 7 Enable PIM DM globally a From the main menu select Routing Multicast PIM DM Global Configu...

Page 448: ...nterface Configuration scroll down to interface 1 0 10 and select the checkbox for 1 0 10 Then select the interface 1 0 11 c In the PIM SM Interface Configuration select Enable in the Admin Mode field...

Page 449: ...Configuration A screen similar to the following displays Figure 26 21 b Under IP Interface Configuration scroll down to interface 1 0 21 and select the checkbox for 1 0 21 1 0 21 now appears in the I...

Page 450: ...2 appears in the Interface field at the top c Enter the following information in the IP Interface Configuration In the IP address enter 192 168 6 1 In the Subnet Mask enter 255 255 255 0 Select Enable...

Page 451: ...creen similar to the following displays Figure 26 24 b Select 1 0 22 in the Interface field c Next to the RIP Admin Mode select the Enable radio button d Click Apply 6 Enable mulicast globally a From...

Page 452: ...ble radio button c Click Apply 8 Enable PIM DM on the interface 1 0 21 and 1 0 22 a From the main menu select Routing Multicast PIM DM Interface Configuration A screen similar to the following display...

Page 453: ...en similar to the following displays Figure 26 28 b Next to the Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 21 as a routing port and assign IP address to it a From the ma...

Page 454: ...nterface Configuration A screen similar to the following displays Figure 26 30 b Under IP Interface Configuration scroll down to interface 1 0 22and select the checkbox for 1 0 22 1 0 22 now appears i...

Page 455: ...in the IP Interface Configuration In the IP address enter 192 168 4 1 In the Subnet Mask enter 255 255 255 0 Select Enable in the Routing Mode field d Click Apply to save the settings 5 Enable rip on...

Page 456: ...33 b Select 1 0 22 in the Interface field c Next to the RIP Admin Mode select the Enable radio button d Click Apply 7 Enable rip on the interface 1 0 24 a From the main menu select Routing RIP Advanc...

Page 457: ...e following displays Figure 26 35 b Next to the Admin Mode select the Enable radio button c Click Apply 9 Enable PIM DM globally a From the main menu select Routing Multicast PIM DM Global Configurati...

Page 458: ...erface 1 0 21 and select the checkbox for 1 0 21 Then select the 1 0 22 and 1 0 24 c Enter the following information in the PIM DM Interface Configuration Select Enable in the Admin Mode field d Click...

Page 459: ...source traffic is relayed to the receivers Senders first send the multicast data to the RP which in turn sends the data down the shared tree to the receivers Shared trees centered on an RP do not nece...

Page 460: ...4 Subnet 192 168 2 0 24 Subnet 192 168 5 0 24 Subnet 192 168 4 0 24 Host IP 192 168 4 2 Port 1 0 10 Port 1 0 11 Port 1 0 21 Port 1 0 22 Switch A Switch D Switch B Switch C Port 1 0 22 Port 1 0 24 Port...

Page 461: ...itch Interface 1 0 1 ip address 192 168 2 2 255 255 255 0 Netgear Switch Interface 1 0 1 ip rip Netgear Switch Interface 1 0 1 ip pimsm Netgear Switch Interface 1 0 1 exit Netgear Switch Config interf...

Page 462: ...h Interface 1 0 10 ip rip Netgear Switch Interface 1 0 10 ip pimsm Netgear Switch Interface 1 0 10 exit Netgear Switch Config interface 1 0 11 Netgear Switch Interface 1 0 11 routing Netgear Switch In...

Page 463: ...1 routing Netgear Switch Interface 1 0 21 ip address 192 168 2 1 255 255 255 0 Netgear Switch Interface 1 0 21 ip rip Netgear Switch Interface 1 0 21 ip pimsm Netgear Switch Interface 1 0 21 exit Netg...

Page 464: ...Protocol Interface Interface List 225 1 1 1 PIMSM 1 0 22 192 168 1 1 225 1 1 1 PIMSM 1 0 21 D show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol I...

Page 465: ...e Configuration A screen similar to the following displays Figure 26 42 b Under IP Interface Configuration scroll down to interface 1 0 1 and select the checkbox for 1 0 1 1 0 1 now appears in the Int...

Page 466: ...nterface 1 0 9 and select teh checkbox for 1 0 9 Now 1 0 9 appears in the Interface field at the top c Enter the following information in the IP Interface Configuration In the IP address enter 192 168...

Page 467: ...llowing information in the IP Interface Configuration In the IP address enter 192 168 1 2 In the Subnet Mask enter 255 255 255 0 Select Enable in the Routing Mode field d Click Apply to save the setti...

Page 468: ...displays Figure 26 46 b Select 1 0 9 in the Interface field c Next to the RIP Admin Mode select the Enable radio button d Click Apply 7 Enable rip on the interface 1 0 13 a From the main menu select R...

Page 469: ...he following displays Figure 26 48 b Next to the Admin Mode select the Enable radio button c Click Apply 9 Enable PIM SM globally a From the main menu select Routing Multicast PIM SM Global Configurat...

Page 470: ...Interface Configuration scroll down to interface 1 0 1 and select the checkbox for 1 0 1 Then select the 1 0 9 and 1 0 13 c In the PIM SM Interface Configuration select Enable in the Admin Mode field...

Page 471: ...Configuration A screen similar to the following displays Figure 26 52 b Under IP Interface Configuration scroll down to interface 1 0 10 and select the checkbox for 1 0 10 1 0 10 now appears in the I...

Page 472: ...w appears in the Interface field at the top c Enter the following information in the IP Interface Configuration In the IP address enter 192 168 5 1 In the Subnet Mask enter 255 255 255 0 Select Enable...

Page 473: ...creen similar to the following displays Figure 26 55 b Select 1 0 11 in the Interface field c Next to the RIP Admin Mode select the Enable radio button d Click Apply 6 Enable multicast globally a From...

Page 474: ...lays Figure 26 57 b Next to the Admin Mode select the Enable radio button c Click Apply 8 Enable PIM SM on the interface 1 0 10 and 1 0 11 a From the main menu select Routing Multicast PIM SM Interfac...

Page 475: ...nfiguration a From the main menu select Routing Multicast PIM SM Candidate RP Configuration A screen similar to the following displays Figure 26 59 b Select 1 0 11 in the Interface field c In the Grou...

Page 476: ...0 10 in the Interface field c In the Hash Mask Length field enter 30 d In the Priority field enter 7 e Click Apply On Switch C To use the Web interface to config PIM SM proceed as follows 1 Enable IP...

Page 477: ...Configuration A screen similar to the following displays Figure 26 62 b Under IP Interface Configuration scroll down to interface 1 0 21 and select the checkbox for 1 0 21 1 0 21 now appears in the I...

Page 478: ...w appears in the Interface field at the top c Enter the following information in the IP Interface Configuration In the IP address enter 192 168 6 1 In the Subnet Mask enter 255 255 255 0 Select Enable...

Page 479: ...creen similar to the following displays Figure 26 65 b Select 1 0 22 in the Interface field c Next to the RIP Admin Mode select the Enable radio button d Click Apply 6 Enable multicast globally a From...

Page 480: ...on c Click Apply 8 Enable PIM SM on the interface 1 0 21 and 1 0 22 a From the main menu select Routing Multicast PIM SM Interface Configuration A screen similar to the following displays Figure 26 68...

Page 481: ...ate RP Configuration A screen similar to the following displays Figure 26 69 b Select 1 0 22 in the Interface field c In the Group IP enter 225 1 1 1 d In the Group Mask enter 255 255 255 0 e Click Ad...

Page 482: ...0 21 in the Interface field c In the Hash Mask Length field enter 30 d In the Priority field enter 5 e Click Apply On Switch D To use the Web interface to config PIM SM proceed as follows 1 Enable IP...

Page 483: ...Configuration A screen similar to the following displays Figure 26 72 b Under IP Interface Configuration scroll down to interface 1 0 21 and select the checkbox for 1 0 21 1 0 21 now appears in the I...

Page 484: ...he top c Enter the following information in the IP Interface Configuration In the IP address enter 192 168 6 2 In the Subnet Mask enter 255 255 255 0 Select Enable in the Routing Mode field d Click Ap...

Page 485: ...n the interface 1 0 21 a From the main menu select Routing RIP Advanced Interface Configuration A screen similar to the following displays Figure 26 75 b Select 1 0 21 in the Interface field c Next to...

Page 486: ...e Configuration A screen similar to the following displays Figure 26 77 b Select 1 0 24 in the Interface field c Next to the RIP Admin Mode select the Enable radio button d Click Apply 8 Enable multic...

Page 487: ...the Enable radio button c Click Apply 10 Enable PIM SM on the interface 1 0 21 1 0 22 and 1 0 24 a From the main menu select Routing Multicast PIM SM Interface Configuration A screen similar to the f...

Page 488: ...t PIM SM Candidate RP Configuration A screen similar to the following displays Figure 26 81 b Select 1 0 22 in the Interface field c In the Group IP enter 225 1 1 1 d In the Group Mask enter 255 255 2...

Page 489: ...the Interface field c In the Hash Mask Length field enter 30 d In the Priority field enter 3 e Click Apply 13 Enable IGMP globally a From the main menu select Routing Multicast IGMP Global Configurat...

Page 490: ...ain menu select Routing Multicast IGMP Interface Configuration A screen similar to the following displays Figure 26 84 b Under IGMP Routing Interface Configuration scroll down to interface 1 0 24and s...

Page 491: ...rred as Layer 3 Relay Agents In some network configurations there is a need for Layer 2 devices to append the Relay Agent Information option as they are closer to the end hosts These Layer 2 devices a...

Page 492: ...field Enable Option 82 Remote ID field Netgear Switch Config dhcp l2relay remote id rem_id vlan 200 Enable DHCP L2relay on the port 1 0 4 Netgear Switch Config interface 1 0 4 Netgear Switch Interface...

Page 493: ...pvid 200 Netgear Switch Interface 1 0 6 vlan participation include 200 Netgear Switch Interface 1 0 6 exit Web Interface DHCP L2 Relay To use the Web interface to create a guest VLAN proceed as follow...

Page 494: ...he U specifies that the egress packet is untagged for the port e Click Apply 3 Specify that PVID on port 1 0 4 1 0 5 and 1 0 6 a From the main menu select Switching VLAN Advanced Port PVID Configurati...

Page 495: ...t to the Admin Mode c Under DHCP L2 Relay VLAN Configuration scroll down to VLAN ID 200 and select the checkbox for VLAN 200 d Enter the following information in the DHCP L2 Relay VLAN Configuration S...

Page 496: ...0 6 c Select Enable in the Admin Mode field d Click Apply to save the settings 6 Enable DHCP L2 Relay Trust on interface 1 0 6 a From the main menu select System Services DHCP L2 Relay DHCP L2 Relay I...

Page 497: ...P L3 Relay v1 0 June 2010 Chapter 28 DHCP L3 Relay This example shows how to configure a DHCP l3 Relay on Netgear management switch and how to configure DHCP pool to assign IP addresses to DHCP client...

Page 498: ...h Interface 1 0 3 routing Netgear Switch Interface 1 0 3 ip address 10 100 1 1 255 255 255 0 Netgear Switch Interface 1 0 3 ip rip Netgear Switch Interface 1 0 3 exit Create a DHCP pool Netgear Switch...

Page 499: ...c Click Apply 2 Create a routing interface and assign 10 100 1 1 24 to it a From the main menu select Routing IP Advanced IP Interface Configuration A screen similar to the following displays Figure 2...

Page 500: ...field c Next to the RIP Admin Mode select the Enable radio button d Click Apply to save the settings 4 Set up the DHCP global configuration a From the main menu select System Services DHCP Server DHCP...

Page 501: ...the following information Select Create in the Pool Name field In the Pool Name field enter dhcp_server Select Dynamic in the Type of Binding field In the Network Number field enter 10 200 1 0 In the...

Page 502: ...Switch Interface 1 0 4 exit Create a routing interface connecting to the client Netgear Switch Config interface 1 0 15 Netgear Switch Interface 1 0 15 routing Netgear Switch Interface 1 0 15 ip addre...

Page 503: ...able radio button c Click Apply 2 Create a routing interface and assign 10 100 1 2 24 to it a From the main menu select Routing IP Advanced IP Interface Configuration A screen similar to the following...

Page 504: ...min Mode select the Enable radio button d Click Apply to save the settings 4 Create a routing interface and assign 10 200 1 1 24 to it a From the main menu select Routing IP Advanced IP Interface Conf...

Page 505: ...to the following displays Figure 28 11 b Next to the Source field select Connected c Next to Redistribute Mode field select Enable d Click Apply to save the settings 6 Enable DHCP L3 Relay a From the...

Page 506: ...8 0 3 DHCP L3 Relay 28 10 v1 0 June 2010 a From the main menu select System Services UDP Relay A screen similar to the following displays Figure 28 13 b In the Server Address field enter 10 100 1 1 c...

Page 507: ...f multicast data packets The Multicast router sends General Queries periodically to request multicast address listeners information from systems on an attached network These queries are used to build...

Page 508: ...Netgear Switch Config ipv6 pimdm Netgear Switch Config ip routing Netgear Switch Config ip multicast Netgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 routing Netgear Switch Interf...

Page 509: ...ast routing Enable ipv6 MLD on the switch Netgear Switch Config ipv6 mld router Enable ipv6 PIM DM on the switch Netgear Switch Config ipv6 pimdm Enable ip multicast forwarding on the switch Netgear S...

Page 510: ...information on switch B B show ipv6 mld groups ff32 1 Interface 71 1 24 Group Address FF32 1 Last Reporter FE80 200 4FF FEE8 5EFC Up Time hh mm ss 00 00 18 Expiry Time hh mm ss Filter Mode Include Ver...

Page 511: ...displays Figure 29 2 b Next to the Routing Mode select the Enable radio button c Click Apply 2 Enable IPv6 Unicast routing on the switch a From the main menu select Routing IPv6 Basic Global configur...

Page 512: ...isplays Figure 29 4 b Under IPv6 Interface Configuration scroll down to interface 1 0 1 and select the checkbox for 1 0 1 then select the checkbox for 1 0 13 c Enter the following information in the I...

Page 513: ...ration A screen similar to the following displays Figure 29 5 b Under IPv6 Interface Selection select 1 0 1 in the Interface field c Enter the following information in the IP Interface Configuration I...

Page 514: ...Interface field c Enter the following information in the IP Interface Configuration In the IPv6 Prefix enter 2001 2 1 In the Prefix Length enter 64 Select Disable in the EUI64 field d Click Add to sa...

Page 515: ...to the following displays Figure 29 8 b Under OSPFv3 Interface Configuration scroll down to interface 1 0 1 and select the checkbox for 1 0 1 Then select the checkbox for 1 0 13 c In the OSPFv3 Interf...

Page 516: ...e select the Enable radio button c Click Apply 9 Enable PIM DM globally a From the main menu select Routing Multicast PIM DM Global Configuration A screen similar to the following displays Figure 29 1...

Page 517: ...the following displays Figure 29 11 b Under PIM DM Interface Configuration scroll down to interface 1 0 1 and select the checkbox for 1 0 1 Then select the checkbox for 1 0 13 c In the PIM DM Interfa...

Page 518: ...displays Figure 29 12 b Next to the Routing Mode select the Enable radio button c Click Apply 2 Enable IPv6 Unicast routing on the switch a From the main menu select Routing IPv6 Basic Global configur...

Page 519: ...plays Figure 29 14 b Under IPv6 Interface Configuration scroll down to interface 1 0 21 and select the checkbox for 1 0 21 Then select the checkbox for 1 0 24 c Enter the following information in the...

Page 520: ...ration A screen similar to the following displays Figure 29 15 b Under IPv6 Interface Selection select 1 0 21 in the Interface field c Enter the following information in the IP Interface Configuration...

Page 521: ...nterface field c Enter the following information in the IP Interface Configuration In the IPv6 Prefix enter 2001 3 1 In the Prefix Length enter 64 Select Disable in the EUI64 field d Click Add to save...

Page 522: ...PFv3 Interface Configuration scroll down to interface 1 0 21 and select the checkbox for 1 0 21 Then select the checkbox for 1 0 24 c In the OSPFv3 Interface Configuration select Enable in the Admin M...

Page 523: ...ys Figure 29 20 b Next to the Admin Mode select the Enable radio button c Click Apply 10 Enable PIM DM on the interface 1 0 21and 1 0 24 a From the main menu select Routing Multicast PIM DM Interface...

Page 524: ...Global configuration A screen similar to the following displays Figure 29 22 b Next to the Admin Mode select the Enable radio button c Click Apply 12 Enable MLD on the interface 1 0 24 a From the mai...

Page 525: ...his list is constructed by snooping IPv6 multicast control packets MLD is a protocol used by IPv6 multicast routers to discover the presence of multicast listeners nodes wishing to receive IPv6 multic...

Page 526: ...ear Switch Interface 1 0 24 vlan participation include 300 Netgear Switch Interface 1 0 24 vlan pvid 300 Netgear Switch Interface 1 0 24 exit Netgear Switch Config exit Netgear Switch Config set mld N...

Page 527: ...4 b In the VLAN Configuration VLAN ID field enter 300 c Click Add 2 Assign all of the ports to VLAN 300 a From the main menu select Switching VLAN Advanced VLAN Membership A screen similar to the foll...

Page 528: ...PVID Configuration scroll down to interface 1 0 1 and select the checkbox for 1 0 1 Then scroll down to the interface 1 0 24 and select the checkbox for 1 0 24 c In the PVID Configuration PVID 1 to 4...

Page 529: ...able MLD Snooping on the VLAN 300 a From the main menu select Routing Multicast MLD Snooping MLD VLAN Configuration A screen similar to the following displays Figure 29 28 b Enter the following inform...

Page 530: ...entire multicast network with respect to the time to live TTL of the packet TTL restricts the area to be flooded by the message All the leaf routers that do not have members on directly attached subn...

Page 531: ...etgear Switch Config interface 1 0 1 Netgear Switch Interface 1 0 1 routing Netgear Switch Interface 1 0 1 ip address 192 168 1 1 255 255 255 0 Netgear Switch Interface 1 0 1 exit Netgear Switch Confi...

Page 532: ...how ip dvmrp neighbor Interface 1 0 13 Neighbor IP Address 192 168 2 2 State Active Up Time hh mm ss 00 02 40 Expiry Time hh mm ss 00 00 25 Generation ID 1116347719 Major Version 3 Minor Version 255 C...

Page 533: ...etgear Switch Interface 1 0 20 routing Netgear Switch Interface 1 0 20 ip address 192 l 168 4 1 255 255 255 0 Netgear Switch Interface 1 0 20 exit Netgear Switch Config exit Enable ip multicast forwar...

Page 534: ...IP Address 192 168 4 2 State Active Up Time hh mm ss 00 01 44 Expiry Time hh mm ss 00 00 29 Generation ID 1116595033 Major Version 3 Minor Version 255 Capabilities Prune GenID Missing 11441 Received R...

Page 535: ...Switch Config interface 1 0 24 Netgear Switch Interface 1 0 24 routing Netgear Switch Interface 1 0 24 ip address 192 168 5 1 255 255 255 0 Netgear Switch Interface 1 0 24 exit Enable ip multicast for...

Page 536: ...e GenID Missing 11441 Received Routes 0 Received Bad Packets 0 Received Bad Routes 0 Interface 1 0 3 Neighbor IP Address 192 168 4 1 State Active Up Time hh mm ss 00 01 17 Expiry Time hh mm ss 00 00 2...

Page 537: ...on c Click Apply 2 Configure 1 0 1 as a routing port and assign IP address to it a From the main menu select Routing IP Advanced IP Interface Configuration A screen similar to the following displays F...

Page 538: ...figuration A screen similar to the following displays Figure 30 4 b Under IP Interface Configuration scroll down to interface 1 0 13 and select the checkbox for 1 0 13 1 0 13 now appears in the Interf...

Page 539: ...interface 1 0 13 and select the checkbox for 1 0 13 Now 1 0 13 appears in the Interface field at the top c Enter the following information in the IP Interface Configuration In the IP address enter 192...

Page 540: ...VMRP on the switch a From the main menu select Routing Multicast DVMRP Global Configuration A screen similar to the following displays Figure 30 7 b Next to the Admin Mode select the Enable radio butt...

Page 541: ...ckbox c Select Enable in the Interface Mode field d Click Apply to save the settings On Switch B To use the Web interface to config DVMRP proceed as follows 1 Enable IP routing on the switch a From th...

Page 542: ...he top c Enter the following information in the IP Interface Configuration In the IP address enter 192 168 2 2 In the Subnet Mask enter 255 255 255 0 Select Enable in the Routing Mode field d Click Ap...

Page 543: ...ter 192 168 4 1 In the Subnet Mask enter 255 255 255 0 Select Enable in the Routing Mode field d Click Apply to save the settings 4 Enable IP multicast on the switch a From the main menu select Routin...

Page 544: ...the Admin Mode select the Enable radio button c Click Apply 6 Enable DVMRP on the interface a From the main menu select Routing Multicast DVMRP Interface Configuration A screen similar to the followin...

Page 545: ...b Next to the Routing Mode select the Enable radio button c Click Apply 2 Configure 1 0 11 as a routing port and assign IP address to it a From the main menu select Routing IP Advanced IP Interface C...

Page 546: ...llowing displays Figure 30 17 b Under IP Interface Configuration scroll down to interface 1 0 3 and select the 1 0 3 checkbox Now 1 0 3 appears in the Interface field at the top c Enter the following...

Page 547: ...r the following information in the IP Interface Configuration In the IP address enter 192 168 5 1 In the Subnet Mask enter 255 255 255 0 Select Enable in the Routing Mode field d Click Apply to save t...

Page 548: ...displays Figure 30 20 b Next to the Admin Mode select the Enable radio button c Click Apply 7 Enable DVMRP on the interface a From the main menu select Routing Multicast DVMRP Interface Configuration...

Page 549: ...e following displays Figure 30 22 b Next to the Admin Mode select the Enable radio button c Click Apply 9 Enable IGMP on the interface a From the main menu select Routing Multicast IGMP Routing INterf...

Page 550: ...a Captive Portal mechanism before the client is given access to the network When a wired physical port is enabled for Captive Portal then the port would be set in captive portal enabled state such tha...

Page 551: ...aptive Portal It explains what configurations are visible to the network administrator and enumerates the events All of the configurations included in this section are managed using the standard manag...

Page 552: ...terface Enabling Captive Portal To use the Web interface to configure the Captive Portal proceed as follows 1 Enable Captive Portal on the switch a From the main menu select Security Control Captive P...

Page 553: ...o CP ID 1 and select the CP 1 checkbox Now CP 1appears in the CP ID field at the top c In the Captive Portal Configuration select Enable in the Admin Mode field d Click Apply to save the settings 3 En...

Page 554: ...nstance is blocked no client traffic is allowed through any interfaces associated with that captive portal configuration Blocking a captive portal instance is a temporary command executed by the admin...

Page 555: ...s are also assigned to the Default group The administrator can create new groups and modify the user group association to only allow a subset of users access to a specific captive portal instance Netw...

Page 556: ...lar to the following displays Figure 31 5 b Enter the following information in the CP Group Configuration Select 2 from the Group ID field Enter Group2 in the Group Name field c Click Add 2 Create an...

Page 557: ...tal configuration and no RADIUS servers are assigned the captive portal activation status will indicate the instance is disabled with an appropriate reason code The following table indicates the RADIU...

Page 558: ...wing information in the Captive Portal Configuration Select RADIUS from the Verification field In the Radius Auth Server field enter the radius server name Default RADIUS Server 4 Click Apply WISPr Ma...

Page 559: ...protocol which requires a certificate to provide encryption The certificate is presented to the user at connection time The Captive Portal uses the same certificate that is used by 8 0 for Secure HTTP...

Page 560: ...tting Trust Mode 10 8 show classofservice ip precedence mapping 10 5 show classofservice trust 10 3 traffic shaping 10 9 CoS queueing 10 1 D DHCP L2 relay 27 1 28 1 DHCP messages configuring the maxim...

Page 561: ...stub area configuration 6 15 VLAN routing 6 35 OSPFv3 6 40 outbound Telnet 15 11 P PIM 26 1 PIM SM 26 27 port mirroring 15 6 port routing adding a default route 3 6 adding a static route 3 8 port sec...

Page 562: ...priority values 17 5 membership 17 2 offline configuration 17 6 software compatibility 17 7 stacking recommendations 17 9 upgrading firmware 17 15 syslog 16 1 T time set the time zone CLI only 14 5 tr...

Reviews:

No comments

Related manuals for ProSafe 7000

Brand: Gavita Pages: 12

Brand: Raritan Pages: 4

Brand: Hansen Pages: 4

DXS-3410 Series

Brand: D-Link Pages: 54

AVS-OP-1616-340

Brand: AMX Pages: 1

Brand: INFLUX MEASUREMENTS Pages: 6

Brand: Erbe Pages: 118

Brand: F&G Pages: 6

INTEGRAL Series

Brand: DAS AUDIO Pages: 45

Brand: Vega Pages: 36

Brand: ATEN Pages: 2

Brand: Pulse-Eight Pages: 9

Brand: LevelOne Pages: 76

Brand: ABM Pages: 8

Brand: Planet Pages: 2

Brand: HighSecLabs Pages: 2

Brand: TLS Electronics Pages: 12

Brand: Konig Pages: 52

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands