manualshive.com logo in svg

NETGEAR ProSAFE GS724Tv4, User Manual

The NETGEAR ProSAFE GS724Tv4 network switch is a reliable and high-performance solution for small to medium-sized businesses. With advanced features and easy-to-use interface, this product ensures seamless network connectivity. For convenient installation and setup, you can download the free Installation Manual from manualshive.com to get started effortlessly.

Share
Download
background image

2.6. Ensuring only known devices can use a network

Notice in creating these rules some fields were not used. They could be used to refine or narrow the
focus of the rule.

Finally the ACLscreated were bound to ports on the switch. This was done using the switch menu
sequence:

Security

ACL

Basic

MAC Binding Configuration

to bring up the

MAC Binding Configuration

screen. The ACL name

pinter-pc2

was selected

from the

ACL ID

pull down menu. The

Unit 1

tag of the

Port Selection Table

was clicked, then

the selection box under port 19 was clicked resulting in a tick mark being inserted. Then the

APPLY

button at the bottom of the screen was clicked. The ACL name

nac-pc1

was then selected from the

ACL ID

pull down menu and port 7 selected from the

Port Selection Table

before clicking the

APPLY

button. After each click of the

APPLY

button an entry was added under the heading

Interface

Binding Status

briefly describing the ACL to port binding.

The security design was then complete.

2.6.5

Testing

Testing was performed using ping. Before any ACLs were configured and applied, PC 1 and PC 2 could
ping all devices on the network of Figure 2.5. After application of the first ACL, PC 1 could ping all
devices of the network. PC 2 could only ping the printer (

d0:bf:9c:bd:4b:4d

. After application of

the second ACL, PC 1 could only ping the NAS (

28:c6:8e:d5:ed:08

and PC 2 only the printer. The

security design was working.

19

Summary of Contents for ProSAFE GS724Tv4

Page 1: ...Netgear GS724Tv4 Smart switch A Tutorial on Use Ross Maloney by 4 October 2015 ...

Page 2: ...tch configuration 6 1 7 Gateway from a simple network on the switch 6 1 7 1 Implementation 7 1 8 Warnings 7 2 Layer 2 8 2 1 All devices on the default VLAN 8 2 1 1 Implementation 9 2 1 2 Results from testing 9 2 2 A new VLAN holding all devices 9 2 2 1 Implementation 10 2 2 2 Results from testing 10 2 3 Two isolated LANs 10 2 3 1 Implementation 11 2 3 2 Results from testing 12 2 4 Dividing a LAN 1...

Page 3: ...6 3 Implementation Alternative 1 17 2 6 4 Implementation Alternative 2 18 2 6 5 Testing 19 3 Layer 3 20 3 1 Routing between LANs and to the Internet 20 3 1 1 Implementation 21 3 1 2 Testing 22 3 1 3 Removing Internet access 22 3 1 4 Important to note from this example 22 3 2 Securing the network 23 3 2 1 Implementation overview 23 3 2 2 Wireless and Internet 23 3 2 3 Allowing PC 1 access but with ...

Page 4: ...rther detail of the mechanics of performing setting of this switch is contained in the switch s manual The majority of the information contained here should also apply to the GS716Tv3 smart switch and maybe the GS748T5 although this has not been verified The reader is assumed to have access to the Netgear GS716Tv3 GS724Tv4 and GS748Tv5 Smart Switches Sofware Adminstration Manual available from www...

Page 5: ...ork mask But contrast the gateway address must be specified and is to where a TCP IP packet is to be sent if the destination to which the packet is addressed cannot be found 1 2 Switch hardware The small brown coloured Philips head machine screws supplied with the switch are for attaching the supplied mounting brackets to the switch housing Four screw holes threaded for those screws are provided a...

Page 6: ...ctory 23 244 dynamic 23 105 R 23 244 static 23 78 reset 23 244 static 23 78 I 23 244 static 23 78 factory 23 244 dynamic 23 105 R 23 2 static 23 78 reset 23 2 static 23 78 I 23 2 static 23 78 factory 23 244 dynamic 23 105 R gateway device 192 168 23 244 removed 23 2 static 23 78 reset 23 3 static 23 78 I 23 2 static 23 78 factory 0 0 0 0 dynamic 0 239 R 0 244 dynamic 0 239 reset 0 0 0 0 dynamic 0 ...

Page 7: ...k DAP 1650 wireless extender 192 168 8 240 c0 a0 bb f7 44 c0 Table 1 2 shows the details of the devices used in the examples The switch was set with address 192 168 14 155 placing it on the hardwired ethernet The netmask for each device was set to 255 255 0 0 That mask enabled devices on both networks to communicate This enabled that Mac mini with address 192 168 8 7 to act as controller for the s...

Page 8: ... devices 1 5 1 Access to the switch Control of the switch is menu base accessed through a web browser This menu system is only accessible after logging into the switch The menu sequence System IP Configuration enables the address of the switch its network mask and gateway can be reset Assume the network address was assigned here to 192 168 8 155 replacing the default switch address The network mas...

Page 9: ...f the switch is required to configure the switch It is a good idea to have the switch address laying on one of the LANs the switch is handling To change the switch address log into the switch and then use the switch command sequence System Management IP Configuration to bring up the page containing the current network settings of the switch It is a good idea to have the switch of a fixed address S...

Page 10: ...the PC the gateway address was set as 192 168 8 244 and then the PC restarted From the PC Internet connection could be demonstrated An alternate to the above procedure might be to change the gateway address of the switch and leave the gateway address of the PC pointing somewhere else The switch gateway was set to 192 168 8 244 using the System Management IP Configuration command menu sequence on t...

Page 11: ...ith another device on the LAN on which it is located The Virtual LAN VLAN also has those properties For a device to communicate across a LAN or VLAN a network link or OSI Layer 3 connection is required In the following two networks are used The behaviour of two networks was taken as being able to be generalized to many networks implemeneted on a switch 2 1 All devices on the default VLAN The five ...

Page 12: ...5 0 255 255 0 0 g1 255 255 255 0 g2 255 255 255 0 g7 255 255 255 0 x x g1 255 255 0 0 g2 255 255 0 0 g7 255 255 0 0 x x g23 255 255 255 0 g19 255 255 255 0 x x g23 255 255 0 0 g19 255 255 0 0 x x Each device was set to have a network mask of 255 255 255 0 then 255 255 0 0 With each net work mask setting pings between the PCs and devices were exchanged In this switch network configuration an unsecu...

Page 13: ...rom port 19 and plugged into port 13 to control the switch From the VLAN Membership screen the ID 12 of the new VLAN was selected from the selection available on the VLAN ID window The screen for VLAN ID 12 which resulted had blank in all the port boxes For each of the port boxes 1 2 7 19 and 24 a U was set into the box by repeated clicking the box until the U appeared Then the APPLY button in the...

Page 14: ... the other VLAN was created The two new VLANs appear in the VLAN Configuration tabulation Next the devices connected through the ports of the switch were assigned to each VLAN The PC on port 19 was moved to port 13 of the switch to act as the control The menu sequence Switching VLAN Advnaced VLAN Membership gave the screen which enabled such assignments First VLAN 1 was called up on screen using t...

Page 15: ...successful ping and a x indicates a successful ping of the test PC itself Symmetry can be seen in the behaviours of the pings The top two left hand groupings in Table 2 2 show similar behaviour to the botton two right hand groupings In those two groupings the PC sending the ping g7 and g19 respectively were in the VLAN represented by the group In particular the behaviour of the g19 and g1 is noted...

Page 16: ...VLAN Basic VLAN Configuration resulted in the VLAN Configuration screen Into the VLAN ID field the value 12 was typed and then VLAN A 12 into the VLAN Name field The ADD button at the bottom of the screen was then clicked to create the VLAN The switch menu sequence Switching VLAN Advnaced VLAN Membership was used to bring up the VLAN Membership screen The value 12 was typed into the VLAN ID field ...

Page 17: ...e VLAN ID the value 22 was typed then the value VLAN B 22 in the VLAN Name field before clicking the add button The switch menu sequence Switching VLAN Advnaced VLAN Membership was used to bring up the VLAN Membership screen The value 12 was typed into the VLAN ID field The ports 19 and 23 were removed from this list and the APPLY button clicked The value 22 was typed into the VLAN ID field and po...

Page 18: ...one VLAN could not access the other Any device connected to the switch could be shared by one or more VLANs on a switch by following the above configuration appoach The problem with this technique of sharing is there is no control over access any device on either VLAN can access the shared device or devices This contrasts to using ACL which can be applied to routing VLANs as described in Section T...

Page 19: ...e for protecting such devices on this network The switch can provide protection to devices network connected to it 2 6 1 Security designed to give specific devices access to given devices The secturity protection design aim for the network of Figure 2 5 was PC 1 only was allowed access to the NAS and PC 2 only was allowed access to the printer The specific hardware devices PC 1 PC 2 the NAS and th...

Page 20: ...r creation of the ACL When a ACL is applied to a port on a VLAN that port is automaticly denied access to all other devices connected to that VLAN So if a port is to only access one device the ACL should indicated the address of that device with the action of permit The starting point with each alternative was the switch configured to provide the network shown in Figure 2 5 The VLAN was named VLAN...

Page 21: ...een Into the Name field of the MAC ACL Table on that screen the text nas pc1 was typed This was to be the title for the PC 1 to NAS rule The ADD button at the bottom of the screen was then clicked to register this title The text printer pc2 was then typed into the Name field and the ADD key clicked to register this title as that of the PC 2 to printer rule After pressing the ADD key the new title ...

Page 22: ...t the bottom of the screen was clicked The ACL name nac pc1 was then selected from the ACL ID pull down menu and port 7 selected from the Port Selection Table before clicking the APPLY button After each click of the APPLY button an entry was added under the heading Interface Binding Status briefly describing the ACL to port binding The security design was then complete 2 6 5 Testing Testing was pe...

Page 23: ...the devices on their LAN and also the other LAN Each of those LANs is to be implemented as a VLAN on the switch Further all members of each LAN are to have Internet access through a router on one of those VLANs In effect the two LANs are to be joined into one LAN wireless network PC 1 192 168 8 7 wireless extender g23 Internet gateway printer 192 168 14 31 g19 g1 g2 192 168 14 107 g7 PC 2 NAS swit...

Page 24: ...9 and 23 were assigned as Untagged members of this VLAN The APPLY button was again clicked Routing between VLANs 12 and 22 had now been setup The routing configured was displayed using the menu sequence Routing Routing table which brought up the Route Configuration display The Route Status part of that display showed to routing which had been setup The Internet access was setup as the default gate...

Page 25: ... members from VLANs could then access the Internet The alternate but more drastic method method is to remove the wireless range extender from VLAN 22 of the network of Figure 3 1 This removed the wireless network from being accessed by the switch This was done by removing VLAN 22 since individual ports cannot be removed from a VLAN The switch menu sequence Switching VLAN produced the VLAN Configur...

Page 26: ... Implementation overview A combination of IP and MAC address based ACLs provided switch configuration solutions to the design requirements Because the configuration of the wireless network established by the Internet gateway of Figure 3 1 a wireless device needed to have an IP address of the form 192 168 8 x This wireless network entered the switch through the wireless extender at port 23 An ACL b...

Page 27: ...n Source IPv4 was selected resulting in a acl based on source ipv4 screen being displayed Into this set of entry windows the value 10 was typed into the Rule ID window Permit from the Action pull down menu False from the Match Every pull down menu 192 168 78 90 was typed into the Source IP Adress window and 255 255 255 255 into the Source IP Mask window This ACL was then assigned to port 23 of the...

Page 28: ...tered into the Source MAC Mask window and the vale 22 into the VLAN window The Unit 1 tag was clicked and the small box under port 19 was clicked resulting in a tick mark appearing in that box Then the APPLY button at the bottom of the screen was clicked 3 2 4 Allow PC 2 to access PC 1 This condition was enabled by the original routing configuration To access anything PC 2 presented network packet...

Reviews:

No comments

Related manuals for ProSAFE GS724Tv4

F5 WANJet 500 Quick Start Card preview
WANJet 500
Brand: F5 Pages: 2
F5 ARX-500 Hardware Reference Manual preview
ARX-500
Brand: F5 Pages: 90
F5 ARX-4000 Parts Replacement Manual preview
ARX-4000
Brand: F5 Pages: 47
Ubiquiti ER-4 Quick Start Manuals preview
ER-4
Brand: Ubiquiti Pages: 22
Ubiquiti UniFi UAP-AC-LR Quick Start Manual preview
UniFi UAP-AC-LR
Brand: Ubiquiti Pages: 28
NetComm 3GM1WN Quick Start Manual preview
3GM1WN
Brand: NetComm Pages: 3
Usr USR4504 Installation Manual preview
USR4504
Brand: Usr Pages: 2
IBM totalstorage 200 Hardware Installation Manual preview
totalstorage 200
Brand: IBM Pages: 152
Paradyne Hotwire 6341 Installation Instructions Manual preview
Hotwire 6341
Brand: Paradyne Pages: 23
Draytek Vigor 2760 Series Quick Start Manual preview
Vigor 2760 Series
Brand: Draytek Pages: 54
SyChip WLAN6065SD User Manual preview
WLAN6065SD
Brand: SyChip Pages: 24
B-G Instruments DataPlot CB1224 Manual preview
DataPlot CB1224
Brand: B-G Instruments Pages: 4
Patton DiamondLink 3201 Quick Start Manual preview
DiamondLink 3201
Brand: Patton Pages: 12
Fastech Ezi-SERVOII EtherCAT TO User Manual preview
Ezi-SERVOII EtherCAT TO
Brand: Fastech Pages: 108
Global411 MS41p1 Quick Installation Manual preview
MS41p1
Brand: Global411 Pages: 15
Dataprobe iBoot Instruction Manual preview
iBoot
Brand: Dataprobe Pages: 16
Premio FlacheSAN2-D5 Quick Manual preview
FlacheSAN2-D5
Brand: Premio Pages: 2
N-Tron 104TX Specification Sheet preview
104TX
Brand: N-Tron Pages: 2

Brands by name

Popular brands

Load more brands