manualshive.com logo in svg

NETGEAR ProSAFE GS724Tv4, User Manual

The NETGEAR ProSAFE GS724Tv4 network switch is a reliable and high-performance solution for small to medium-sized businesses. With advanced features and easy-to-use interface, this product ensures seamless network connectivity. For convenient installation and setup, you can download the free Installation Manual from manualshive.com to get started effortlessly.

Share
Download
background image

2.6. Ensuring only known devices can use a network

Switching

VLAN

Advnaced

VLAN Membership

was used to show the

VLAN Membership

screen. The value 12 was typed into the

VLAN ID

field and

port 23 was added as an untagged member before the

APPLY

button was clicked.

wireless network

NAS

VLAN−B−22

g7

g2

VLAN−A−12

printer

g1

g19

PC 2

PC 1

192.168.8.7

Internet

gateway

switch

wireless extender

g23

192.168.8.240

192.168.8.9

192.168.8.107

192.168.8.31

Figure 2.4: Two VLANs dividing a LAN but sharing an Internet access

Because a new distribution of ports to VLANs had been introduced, the PVID of both VLANs needed
revision. The switch menu sequence:

Switching

VLAN

Advnaced

Port PVID Configuration

was used to bring up the

Port PVID Configuration

screen. First PVID 12 was applied to ports 1, 2,

7, and 23 before clicking the

APPLY

button. Then PVID 22 was applied to ports 19 and 23 (despite these

ports not having been changed on VLAN 22).

With URL

192.168.8.244

set in the configuration of the devices on both VLANs 12 and 22, all mem-

bers of each VLAN could access the Internet. However, members of one VLAN could not access the
other.

Any device connected to the switch could be shared by one or more VLANs on a switch by following
the above configuration appoach.

The problem with this technique of sharing is there is no control over access: any device on either
VLAN can access the shared device or devices. This contrasts to using ACL which can be applied to
routing VLANs as described in Section

??

. This is an advantage provided by the Layer 3 attributes of

the GS724Tv4 switch.

2.6

Ensuring only known devices can use a network

There is an opinion that only complex, or important, networks warrant the expense of network security
or network protection. But network security is available on a GS724Tv4 switch. This availability makes
assessment of what warrants securing an easier matter to decide. Small networks become candidates
for using network security.

Consider the network of Figure 2.5. It is a small network similar to that of Figure 2.1 but here all devices
having the same network address

192.169.14.0

on a single VLAN named

VLAN-FRED

. There is no

Internet connection. However, the existence of the wireless extender means the network is composed of
hardwired and wireless parts, i.e. wireless devices can connect onto the network as can devices which
plug into ports on the switch.

15

Summary of Contents for ProSAFE GS724Tv4

Page 1: ...Netgear GS724Tv4 Smart switch A Tutorial on Use Ross Maloney by 4 October 2015 ...

Page 2: ...tch configuration 6 1 7 Gateway from a simple network on the switch 6 1 7 1 Implementation 7 1 8 Warnings 7 2 Layer 2 8 2 1 All devices on the default VLAN 8 2 1 1 Implementation 9 2 1 2 Results from testing 9 2 2 A new VLAN holding all devices 9 2 2 1 Implementation 10 2 2 2 Results from testing 10 2 3 Two isolated LANs 10 2 3 1 Implementation 11 2 3 2 Results from testing 12 2 4 Dividing a LAN 1...

Page 3: ...6 3 Implementation Alternative 1 17 2 6 4 Implementation Alternative 2 18 2 6 5 Testing 19 3 Layer 3 20 3 1 Routing between LANs and to the Internet 20 3 1 1 Implementation 21 3 1 2 Testing 22 3 1 3 Removing Internet access 22 3 1 4 Important to note from this example 22 3 2 Securing the network 23 3 2 1 Implementation overview 23 3 2 2 Wireless and Internet 23 3 2 3 Allowing PC 1 access but with ...

Page 4: ...rther detail of the mechanics of performing setting of this switch is contained in the switch s manual The majority of the information contained here should also apply to the GS716Tv3 smart switch and maybe the GS748T5 although this has not been verified The reader is assumed to have access to the Netgear GS716Tv3 GS724Tv4 and GS748Tv5 Smart Switches Sofware Adminstration Manual available from www...

Page 5: ...ork mask But contrast the gateway address must be specified and is to where a TCP IP packet is to be sent if the destination to which the packet is addressed cannot be found 1 2 Switch hardware The small brown coloured Philips head machine screws supplied with the switch are for attaching the supplied mounting brackets to the switch housing Four screw holes threaded for those screws are provided a...

Page 6: ...ctory 23 244 dynamic 23 105 R 23 244 static 23 78 reset 23 244 static 23 78 I 23 244 static 23 78 factory 23 244 dynamic 23 105 R 23 2 static 23 78 reset 23 2 static 23 78 I 23 2 static 23 78 factory 23 244 dynamic 23 105 R gateway device 192 168 23 244 removed 23 2 static 23 78 reset 23 3 static 23 78 I 23 2 static 23 78 factory 0 0 0 0 dynamic 0 239 R 0 244 dynamic 0 239 reset 0 0 0 0 dynamic 0 ...

Page 7: ...k DAP 1650 wireless extender 192 168 8 240 c0 a0 bb f7 44 c0 Table 1 2 shows the details of the devices used in the examples The switch was set with address 192 168 14 155 placing it on the hardwired ethernet The netmask for each device was set to 255 255 0 0 That mask enabled devices on both networks to communicate This enabled that Mac mini with address 192 168 8 7 to act as controller for the s...

Page 8: ... devices 1 5 1 Access to the switch Control of the switch is menu base accessed through a web browser This menu system is only accessible after logging into the switch The menu sequence System IP Configuration enables the address of the switch its network mask and gateway can be reset Assume the network address was assigned here to 192 168 8 155 replacing the default switch address The network mas...

Page 9: ...f the switch is required to configure the switch It is a good idea to have the switch address laying on one of the LANs the switch is handling To change the switch address log into the switch and then use the switch command sequence System Management IP Configuration to bring up the page containing the current network settings of the switch It is a good idea to have the switch of a fixed address S...

Page 10: ...the PC the gateway address was set as 192 168 8 244 and then the PC restarted From the PC Internet connection could be demonstrated An alternate to the above procedure might be to change the gateway address of the switch and leave the gateway address of the PC pointing somewhere else The switch gateway was set to 192 168 8 244 using the System Management IP Configuration command menu sequence on t...

Page 11: ...ith another device on the LAN on which it is located The Virtual LAN VLAN also has those properties For a device to communicate across a LAN or VLAN a network link or OSI Layer 3 connection is required In the following two networks are used The behaviour of two networks was taken as being able to be generalized to many networks implemeneted on a switch 2 1 All devices on the default VLAN The five ...

Page 12: ...5 0 255 255 0 0 g1 255 255 255 0 g2 255 255 255 0 g7 255 255 255 0 x x g1 255 255 0 0 g2 255 255 0 0 g7 255 255 0 0 x x g23 255 255 255 0 g19 255 255 255 0 x x g23 255 255 0 0 g19 255 255 0 0 x x Each device was set to have a network mask of 255 255 255 0 then 255 255 0 0 With each net work mask setting pings between the PCs and devices were exchanged In this switch network configuration an unsecu...

Page 13: ...rom port 19 and plugged into port 13 to control the switch From the VLAN Membership screen the ID 12 of the new VLAN was selected from the selection available on the VLAN ID window The screen for VLAN ID 12 which resulted had blank in all the port boxes For each of the port boxes 1 2 7 19 and 24 a U was set into the box by repeated clicking the box until the U appeared Then the APPLY button in the...

Page 14: ... the other VLAN was created The two new VLANs appear in the VLAN Configuration tabulation Next the devices connected through the ports of the switch were assigned to each VLAN The PC on port 19 was moved to port 13 of the switch to act as the control The menu sequence Switching VLAN Advnaced VLAN Membership gave the screen which enabled such assignments First VLAN 1 was called up on screen using t...

Page 15: ...successful ping and a x indicates a successful ping of the test PC itself Symmetry can be seen in the behaviours of the pings The top two left hand groupings in Table 2 2 show similar behaviour to the botton two right hand groupings In those two groupings the PC sending the ping g7 and g19 respectively were in the VLAN represented by the group In particular the behaviour of the g19 and g1 is noted...

Page 16: ...VLAN Basic VLAN Configuration resulted in the VLAN Configuration screen Into the VLAN ID field the value 12 was typed and then VLAN A 12 into the VLAN Name field The ADD button at the bottom of the screen was then clicked to create the VLAN The switch menu sequence Switching VLAN Advnaced VLAN Membership was used to bring up the VLAN Membership screen The value 12 was typed into the VLAN ID field ...

Page 17: ...e VLAN ID the value 22 was typed then the value VLAN B 22 in the VLAN Name field before clicking the add button The switch menu sequence Switching VLAN Advnaced VLAN Membership was used to bring up the VLAN Membership screen The value 12 was typed into the VLAN ID field The ports 19 and 23 were removed from this list and the APPLY button clicked The value 22 was typed into the VLAN ID field and po...

Page 18: ...one VLAN could not access the other Any device connected to the switch could be shared by one or more VLANs on a switch by following the above configuration appoach The problem with this technique of sharing is there is no control over access any device on either VLAN can access the shared device or devices This contrasts to using ACL which can be applied to routing VLANs as described in Section T...

Page 19: ...e for protecting such devices on this network The switch can provide protection to devices network connected to it 2 6 1 Security designed to give specific devices access to given devices The secturity protection design aim for the network of Figure 2 5 was PC 1 only was allowed access to the NAS and PC 2 only was allowed access to the printer The specific hardware devices PC 1 PC 2 the NAS and th...

Page 20: ...r creation of the ACL When a ACL is applied to a port on a VLAN that port is automaticly denied access to all other devices connected to that VLAN So if a port is to only access one device the ACL should indicated the address of that device with the action of permit The starting point with each alternative was the switch configured to provide the network shown in Figure 2 5 The VLAN was named VLAN...

Page 21: ...een Into the Name field of the MAC ACL Table on that screen the text nas pc1 was typed This was to be the title for the PC 1 to NAS rule The ADD button at the bottom of the screen was then clicked to register this title The text printer pc2 was then typed into the Name field and the ADD key clicked to register this title as that of the PC 2 to printer rule After pressing the ADD key the new title ...

Page 22: ...t the bottom of the screen was clicked The ACL name nac pc1 was then selected from the ACL ID pull down menu and port 7 selected from the Port Selection Table before clicking the APPLY button After each click of the APPLY button an entry was added under the heading Interface Binding Status briefly describing the ACL to port binding The security design was then complete 2 6 5 Testing Testing was pe...

Page 23: ...the devices on their LAN and also the other LAN Each of those LANs is to be implemented as a VLAN on the switch Further all members of each LAN are to have Internet access through a router on one of those VLANs In effect the two LANs are to be joined into one LAN wireless network PC 1 192 168 8 7 wireless extender g23 Internet gateway printer 192 168 14 31 g19 g1 g2 192 168 14 107 g7 PC 2 NAS swit...

Page 24: ...9 and 23 were assigned as Untagged members of this VLAN The APPLY button was again clicked Routing between VLANs 12 and 22 had now been setup The routing configured was displayed using the menu sequence Routing Routing table which brought up the Route Configuration display The Route Status part of that display showed to routing which had been setup The Internet access was setup as the default gate...

Page 25: ... members from VLANs could then access the Internet The alternate but more drastic method method is to remove the wireless range extender from VLAN 22 of the network of Figure 3 1 This removed the wireless network from being accessed by the switch This was done by removing VLAN 22 since individual ports cannot be removed from a VLAN The switch menu sequence Switching VLAN produced the VLAN Configur...

Page 26: ... Implementation overview A combination of IP and MAC address based ACLs provided switch configuration solutions to the design requirements Because the configuration of the wireless network established by the Internet gateway of Figure 3 1 a wireless device needed to have an IP address of the form 192 168 8 x This wireless network entered the switch through the wireless extender at port 23 An ACL b...

Page 27: ...n Source IPv4 was selected resulting in a acl based on source ipv4 screen being displayed Into this set of entry windows the value 10 was typed into the Rule ID window Permit from the Action pull down menu False from the Match Every pull down menu 192 168 78 90 was typed into the Source IP Adress window and 255 255 255 255 into the Source IP Mask window This ACL was then assigned to port 23 of the...

Page 28: ...tered into the Source MAC Mask window and the vale 22 into the VLAN window The Unit 1 tag was clicked and the small box under port 19 was clicked resulting in a tick mark appearing in that box Then the APPLY button at the bottom of the screen was clicked 3 2 4 Allow PC 2 to access PC 1 This condition was enabled by the original routing configuration To access anything PC 2 presented network packet...

Reviews:

No comments

Related manuals for ProSAFE GS724Tv4

Paradyne 4300 Installation Instructions Manual preview
4300
Brand: Paradyne Pages: 22
LaCie 5big Network 2 Datasheet preview
5big Network 2
Brand: LaCie Pages: 4
LaCie d2 Network 2 Datasheet preview
d2 Network 2
Brand: LaCie Pages: 4
LaCie 2big Network 2 Datasheet preview
2big Network 2
Brand: LaCie Pages: 4
Valcom VIP-822 Manual preview
VIP-822
Brand: Valcom Pages: 3
Valcom VIP-814 User Manual preview
VIP-814
Brand: Valcom Pages: 4
Draytek Vigor 2710e Quick Start Manual preview
Vigor 2710e
Brand: Draytek Pages: 8
STONEFLY DR365V-2404 Setup Manual preview
DR365V-2404
Brand: STONEFLY Pages: 48
Oracle Talari E1000 Installation Manual preview
Talari E1000
Brand: Oracle Pages: 24
Allied Telesis AT-8000C Declaration Of Conformity preview
AT-8000C
Brand: Allied Telesis Pages: 1
American Megatrends StorTrends 1312-P Specifications preview
StorTrends 1312-P
Brand: American Megatrends Pages: 2
Schrack Technik HSERG245GS Instruction Sheet preview
HSERG245GS
Brand: Schrack Technik Pages: 2
Lanner FW-7551 User Manual preview
FW-7551
Brand: Lanner Pages: 38
Allied Telesis AT-BSTACK1 Quick Install Manual preview
AT-BSTACK1
Brand: Allied Telesis Pages: 34
2N Telekomunikace ATEUS STARGATE User Manual preview
ATEUS STARGATE
Brand: 2N Telekomunikace Pages: 67
Ubiquiti EdgePoint EP-R8 Quick Start Manual preview
EdgePoint EP-R8
Brand: Ubiquiti Pages: 22
Valcom VIP-814 Installation Manual preview
VIP-814
Brand: Valcom Pages: 3
3Com OfficeConnect 3CXSH654B User Manual preview
OfficeConnect 3CXSH654B
Brand: 3Com Pages: 52

Brands by name

Popular brands

Load more brands