Page 1 NETGEAR Managed Switches Software Administration Manual, Release 8.0 NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10515-01 October 2009...
Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3: Canadian Department Of Communications Radio Interference Regulations
Tested to Comply with FCC Standards FOR HOME OR OFFICE USE Modifications made to the product, unless expressly approved by NETGEAR, Inc., could void the user's right to operate the equipment. Canadian Department of Communications Radio Interference Regulations This digital apparatus (7000 Series Managed Switch) does not exceed the Class A limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.
Page 4: Table Of Contents
Contents About This Manual Conventions, Formats, Scope, and Audience ..............xii Additional Documentation ....................xiii How to Print This Manual ....................xiv Revision History ......................xiv Chapter 1 Getting Started In-band and Out-of-band Connectivity ................1-1 Starting the Switch ......................1-4 Initial Configuration ......................1-4 Software Installation .......................1-5 Loading Firmware Using the Boot Menu ................1-9 Using Ezconfig for Switch Setup ..................1-10...
Page 5 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create a Protocol-Based VLAN ..................3-12 Virtual VLANs: Create an IP Subnet Based VLAN ............3-16 Voice VLAN ........................3-19 Chapter 4 Link Aggregation Create Two LAGs ......................4-2 Add the Ports to the LAGs ....................4-3 Enable Both LAGs ......................4-5...
Page 6 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 9 Proxy Address Resolution Protocol (ARP) Proxy ARP Examples .....................9-1 Chapter 10 Virtual Router Redundancy Protocol Configure VRRP on a Master Router ................10-2 Configure VRRP on a Backup Router ................10-4 Chapter 11 Access Control Lists (ACLs) MAC ACLs ........................11-1...
Page 7 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 14 IGMP Snooping and Querier Enable IGMP Snooping ....................14-1 Show igmpsnooping .....................14-2 Show mac-address-table igmpsnooping ..............14-3 Configure the Switch with an External Multicast Router ..........14-4 Configure the Switch with a Multicast Router Using VLAN ..........14-6 IGMP Querier .......................14-7...
Page 8 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Dual Image ........................17-8 Outbound Telnet ......................17-11 Chapter 18 Syslog Show Logging .......................18-2 Show Logging Buffered ....................18-5 Show Logging Traplogs ....................18-6 Show Logging Hosts .....................18-7 Log Port Configuration ....................18-8 Chapter 19 Managing Switch Stacks Understanding Switch Stacks ..................19-2...
Page 9 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 22 DHCP Server Configure a DHCP Server in Dynamic Mode ...............22-1 Configure a DHCP Reservation ..................22-3 Chapter 23 Double VLANs Enable a Double VLAN ....................23-2 Chapter 24 Private VLAN Groups Create a Private VLAN Group ..................24-1...
Page 10 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 32 Captive Portal Captive Portal Configuration ..................32-2 Enable Captive Portal ....................32-2 Client Access, Authentication, and Control ..............32-5 Block a Captive Portal Instance ..................32-5 Local Authorization User/Group Configuration .............32-6 Remote Authorization (RADIUS) User Configuration ...........32-8 SSL Certificates ......................32-10...
Page 11: About This Manual
About This Manual The NETGEAR ® Managed Switches Software Administration Manual, Release 8.0 describes how to install, configure and troubleshoot the 7000 Series Managed Switch. The information in this manual is intended for readers with intermediate computer and Internet skills.
Page 12: Additional Documentation
The NETGEAR installation guide for your switch • NETGEAR CLI Reference for the Prosafe 7X00 Series Managed Switch. Refer to the Command Line Reference for information for the command structure. There are three documents in this series; choose the appropriate one for your product.
Page 13: How To Print This Manual
NETGEAR Managed Switches Software Administration Manual, Release 8.0 How to Print This Manual To print this manual, your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com.
Page 14: Getting Started
Chapter 1 Getting Started Connect a terminal to the switch to begin configuration. In-band and Out-of-band Connectivity Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. Configuring for In-band Connectivity In-band connectivity allows you to access the switch from a remote workstation using the Ethernet network. To use in-band connectivity, you must configure the switch with IP information (IP address, subnet mask, and default gateway).
Page 15 NETGEAR Managed Switches Software Administration Manual, Release 8.0 When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for in-band connectivity over the network.
Page 16 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Subnet Subnet mask for the LAN. The default value is 255.255.255.0. gateway IP address of the default router, if the switch is a node outside the IP range of the LAN. To enable these changes to be retained during a reset of the switch, type Ctrl-Z to return to the main prompt, type save at the main menu prompt, and type y to confirm the changes.
Page 17: Starting The Switch
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Starting the Switch Make sure that the switch console port is connected to a VT100 terminal or VT100 terminal emulator via the RS-232 crossover cable. Locate an AC power receptacle. Deactivate the AC power receptacle.
Page 18: Software Installation
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Initial Configuration Procedure You can perform the initial configuration using the Easy Setup Wizard or by using the Command Line Interface (CLI). The Setup Wizard automatically starts when the switch configuration file is empty. You can exit the wizard at any point by entering [ctrl+z].
Page 19: System Information And System Setup
NETGEAR Managed Switches Software Administration Manual, Release 8.0 – Enter to show a list of commands that are available in the current mode. System Information and System Setup This section describes the commands you use to view system information and to setup the network device.
Page 20 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Table 1-1. Quick Start Commands (continued) Command Mode Description Global Allows the user to set passwords or change passwords users passwd Config needed to login. <username> A prompt appears after the command is entered requesting the users old password.
Page 21 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Table 1-1. Quick Start Commands (continued) Command Mode Description Privileged Starts the configuration file upload, displays the mode and copy nvram:startup- EXEC type of upload and confirms the upload is progressing. config The URL must be specified as: xmodem:<filepath>/<filename>...
Page 22: Loading Firmware Using The Boot Menu
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Table 1-1. Quick Start Commands (continued) Command Mode Description Privileged Enter yes when the prompt asks if you want to save the copy system:running- EXEC configurations made to the networking device. config nvram:startup-...
Page 23: Using Ezconfig For Switch Setup
NETGEAR Managed Switches Software Administration Manual, Release 8.0 - Change baud rate - Retrieve event log using XMODEM - Load new operational code using XMODEM - Load new operational code using USB - Display operational code vital product data - Run flash diagnostics...
Page 24: Changing The Password
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The utility displays the following text when you enter the ezconfig command (FSM7352S) >ezconfig NETGEAR EZ Configuration Utility -------------------------------- Hello and Welcome! This utility will walk you through assigning the IP address for the switch management CPU.
Page 25: Assigning Switch Name And Location Information
NETGEAR Managed Switches Software Administration Manual, Release 8.0 address of the switch. Assigning an IP address to your switch management Current IP Address Configuration -------------------------------- IP address: 0.0.0.0 Subnet mask: 0.0.0.0 Would you like to assign an IP address now (Y/N/Q)? IP Address: Ezconfig will display the current IP address and subnet mask.
Page 26: Using The Web Interface
NETGEAR Managed Switches Software Administration Manual, Release 8.0 saved into the Flash (permanently storage). Enter to save the configuration. There are changes detected, do you wish to save the changes permanently (Y/N)? The configuration changes have been saved successfully. Please enter 'show running-config' to see the final configuration.
Page 27: Starting The Web Interface
The guest may only view the settings and status of the network. As shipped from the factory, both users can log in without a password. Netgear strongly recommends that the network administrator creates a unique password for the administrative user before placing the switch into production.
Page 28 NETGEAR Managed Switches Software Administration Manual, Release 8.0 The following screen shows an example of the PCC: Figure 1-2 The PCC Web interface has the following four significant features: Layout: The navigation pane has two rows of tabs, as shown in the following screen:...
Page 29: Configuring An Snmp V3 User Profile
Services to perform a firmware upgrade, to save the configuration, and to perform a backup of the configuration. Help Access to the NETGEAR product support website and documentation. Index Tthe site index that allows direct access to any of the pages under the main tabs and sub tabs.
Page 30 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter a new password in the Password field and then retype it in the Confirm Password field. Note: If SNMPv3 Authentication is to be used for this user, the password must be eight or more alphanumeric characters.
Page 31: Auto Install Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 2 Auto Install Configuration Auto Install is a software feature which provides for the configuration of a switch automatically when the device is initialized and no configuration file is found on the switch. The downloaded configuration file is not distributed across a stack.
Page 32: Assignment Of Other Dynamic Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • The IP address of a default gateway (option 3), if needed for IP communication. Some network configurations require the specification of a default gateway through which some IP communication can occur. The default gateway is specified by Option 3 of a BOOTP or DHCP response.
Page 33: Obtaining A Config File
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Obtaining a Config File After obtaining IP addresses for both the switch and the TFTP server, the Auto Install process attempts to download a configuration file. A host-specific configuration file is downloaded, if possible. Otherwise, a network configuration file is used as a bridge to get the final configuration.
Page 34: Monitoring And Completing The Auto Install Process
NETGEAR Managed Switches Software Administration Manual, Release 8.0 If the switch is unable to map its IP address to a hostname, Auto Install sends TFTP requests for the default configuration file router.cfg. The following table summarizes the config files that may be downloaded, and the order in which they are sought.
Page 35: Saving Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 When Auto Install has been successfully completed, an administrator can execute a show running-config command to validate the contents of configuration. Saving Configuration An administrator must explicitly save the downloaded configuration in non-volatile memory. Then a configuration will be available on the next reboot.
Page 36: Logging
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Logging A message is logged for each of the following events: The Auto Install component receiving a config file name and other options upon resolving an IP address by DHCP or BOOTP client. The boot options values are logged.
Page 37: Configure Auto Install
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure Auto Install Stacking The downloaded configuration file is not distributed across a stack. When an administrator saves configuration, the config file is distributed across a stack. 192.168.0.1 192.168.0.2 TFTP Server DHCP Server 192.168.0.3...
Page 38: Web Interface
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Switch Configuration (Netgear Switch) #boot autoinstall auto-save Have the configuration file saved after download from TFTP server. (Netgear Switch) #boot autoinstall start Autoinstall starts and waiting for boot options turned by DHCP server.
Page 39 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Maintenance > Save Config >Auto Install Configuration. A screen similar to the following displays. Figure 2-2 2. Select Enable in the AutoInstall Mode field. 3. Select Enable in the AutoSave Mode field.
Page 40: Virtual Lans
Chapter 3 Virtual LANs In this chapter, the following examples are provided: • “Create Two VLANs” on page 3-2 • “Assign Ports to VLAN2” on page 3-4 • “Assign Ports to VLAN3” on page 3-5 • “Assign VLAN3 as the Default VLAN for Port 1/0/2” on page 3-7 •...
Page 41: Create Two Vlans
NETGEAR Managed Switches Software Administration Manual, Release 8.0 use to configure the switch as shown in the diagram. Layer 3 Switch Port 1/0/2 VLAN Port 1/0/3 VLAN Router Port 1/3/1 Router Port 1/3/2 192.150.3.1 192.150.4.1 Port 1/0/1 Layer 2 Layer 2...
Page 42 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create VLAN 2. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays. Figure 3-2 b. Enter the following information in the VLAN Configuration.
Page 43: Assign Ports To Vlan2
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the VLAN Name field, enter VLAN3 • Select Static in the VLAN Type field. Click Add. Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2, specify that frames will always be transmitted tagged from all member ports, and that untagged frames will be rejected on receipt.
Page 44: Assign Ports To Vlan3
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click the Unit 1. The Ports display. d. Click the gray box under port 1 and 2 until T displays. The T specifies that the egress packet is tagged for the port.
Page 45 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Assigning Ports to VLAN3 (Netgear Switch) (Config)#interface range 1/0/2-1/0/4 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#vlan acceptframe all (Netgear Switch) (Interface 1/0/4)#exit...
Page 46: Assign Vlan3 As The Default Vlan For Port 1/0/2
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN> Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 3-7 b. Under PVID Configuration, scroll down to interface 1/0/4 and select the checkbox for that interface.
Page 47: Creating A Mac-Based Vlan
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN >Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 3-8 b. Under PVID Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 48 NETGEAR Managed Switches Software Administration Manual, Release 8.0 MAC based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet. A MAC to VLAN mapping is defined by configuring an entry in the MAC to VLAN table. An entry is specified via a source MAC address and the desired VLAN ID.
Page 49 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface Procedure: Assigning a MAC-Based VLAN To use the Web interface to configure the managed switch, proceed as follows: Create VLAN 3. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays.
Page 50 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Select 3 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box before the Unit 1until U displays. Click Apply Assign VPID 3 to the port 1/0/23.
Page 51: Create A Protocol-Based Vlan
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the MAC Based VLAN Configuration. • Enter 00:00:0A:00:00:02 in the MAC Address field. • Enter 3 in the PVID(1 to 4093) field. Click Add. Create a Protocol-Based VLAN Create two protocol vlan groups, one is for IPX and the other is for IP/ARP.
Page 52 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable protocol vlan group 1 and 2 on the interface. (Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 2 (Netgear Switch)(Interface 1/0/11)#exit...
Page 53 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN >Advanced > Protocol Based VLAN Group Configuration. A screen similar to the following displays. Figure 3-15 b. Enter the following information in the Protocol Based VLAN Group Configuration.
Page 54 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN >Advanced > Protocol Based VLAN Group Membership. A screen similar to the following displays Figure 3-17 b. Select the 1 in the Group ID field.
Page 55: Virtual Vlans: Create An Ip Subnet Based Vlan
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Virtual VLANs: Create an IP Subnet Based VLAN In an IP subnet based VLAN, all the end workstations in an IP subnet are classified to the same VLAN. In this VLAN, users can move their workstations without reconfiguring their network addresses. IP subnet VLANs are based on layer 3 information from packet headers.
Page 56 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create an IP subnet based VLAN 2000. (Netgear Switch) #config (Netgear Switch) (Config)#interface range 1/0/1-1/0/24 (Netgear Switch) (conf-if-range-1/0/1-1/0/24)# vlan participation include 2000 (Netgear Switch) (conf-if-range-1/0/1-1/0/24)#exit (Netgear Switch) (Config)# Have all the ports being member of the VLAN 2000.
Page 57 NETGEAR Managed Switches Software Administration Manual, Release 8.0 2. Assign all of the ports to VLAN 2000. a. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays. Figure 3-21 b. Select 2000 in the VLAN ID field.
Page 58: Voice Vlan
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Voice VLAN The voice VLAN feature enables switch ports to carry voice traffic with defined priority so as to enable separation of voice and data traffic coming onto the port. Voice VLAN is to ensure that sound quality of an IP phone could be safeguarded from deteriorating when the data traffic on the port is high.
Page 59 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring Voice VLAN and Prioritizing Voice Traffic Create VLAN 10. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#exit Include the ports 1/0/1and 1/0/2 in the VLAN 10. (Netgear Switch) (Config)#interface range...
Page 60 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Map the Policy and Class and assign to the higher priority queue. (Netgear Switch) (Config-policy-map)#class ClassVoiceVLAN (Netgear Switch) (Config-policy-classmap)#assign-queue 3 (Netgear Switch) (Config-policy-classmap)#exit Assign it to the interfaces 1/0/1 and 1/0/2. (Netgear Switch) (Config)#interface range...
Page 61 NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Add. At the end of this configuration a screen similar to the following displays. Figure 3-25 2. Include the ports 1/0/1 and 1/0/2 in the VLAN 10. From the main menu, select Switching > VLAN > Advanced -> VLAN Membership. A screen similar to the following displays.
Page 62 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Port 1 and Port 2 as Tagged. A screen similar to the following displays. Figure 3-27 d. Click Apply. Configure Voice VLAN globally. From the main menu, select Switching > VLAN > Advanced > Voice VLAN Configuration. A screen similar to the following displays.
Page 63 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. A screen similar to the following displays. Figure 3-29 Configure Voice VLAN Mode in the interface 1/0/2. From the main menu, select Switching > VLAN > Advanced -> Voice VLAN Configuration.
Page 64 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced > Class Configuration. A screen similar to the following displays. Figure 3-31 b. Enter Class Name as ClassVoiceVLAN. Select Class Type as All. A screen similar to the following displays.
Page 65 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Click the class ClassVoiceVLAN. A screen similar to the following displays. Figure 3-34 In the DiffServ Class Configuration table, select VLAN. d. Enter VLAN ID as 10. A screen similar to the following displays.
Page 66 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced > Policy Configuration. A screen similar to the following displays. Figure 3-37 b. Enter Policy Name as PolicyVoiceVLAN. Select Policy Type as In. d. Select Member Class as ClassVoiceVLAN. A screen similar to the following displays.
Page 67 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced > Policy Configuration. A screen similar to the following displays. Figure 3-39 b. Click the Policy PolicyVoiceVLAN. A screen similar to the following displays.
Page 68 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Assign Queue as 3. A screen similar to the following displays. Figure 3-41 d. Click Apply. 9. Assign it to the interfaces 1/0/1 and 1/0/2. From the main menu, select QoS > Advanced > Service Interface Configuration. A screen similar to the following displays.
Page 69 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Policy Name as PolicyVoiceVLAN. A screen similar to the following displays. Figure 3-43 d. Click Apply. A screen similar to the following displays. Figure 3-44 Virtual LANs 3-30 v1.0, October 2009...
Page 70: Link Aggregation
Chapter 4 Link Aggregation This chapter includes instructions for configuring Link Aggregation (LAG). The following examples are provided: • “Create Two LAGs” on page 4-2 • “Add the Ports to the LAGs” on page 4-3 • “Enable Both LAGs” on page 4-5 Link Aggregation (LAG) allows the switch to treat multiple physical links between two end-points as a single logical link.
Page 71: Create Two Lags
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create Two LAGs The following figure shows the example network. Port 1/0/3 LAG_10 Subnet 3 Port 1/0/2 LAG_10 Server Layer 3 Switch Port 1/0/8 Port 1/0/9 LAG 20 LAG_20 Layer 2 Switch...
Page 72: Add The Ports To The Lags
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Creating Two LAGs To use the Web interface to configure the managed switch, proceed as follows: Create LAG lag_10. From the main menu, select Switching > LAG >LAG Configuration. A screen similar to the following displays.
Page 73 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Adding the Ports to the LAGs (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear Switch) (Interface 0/2)#exit (Netgear Switch) (Config)#interface 0/3 (Netgear Switch) (Interface 0/3)#addport 1/1...
Page 74: Enable Both Lags
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply to save the settings. 2. Add ports to the lag_20. a. From the main menu, select Switching > LAG >LAG Membership. A screen similar to the following displays. Figure 4-5 b.
Page 75 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Enabling Both LAGs To use the Web interface to configure the switch, proceed as follows: From the main menu, select Switching > LAG >LAG Configuration. A screen similar to the following displays.
Page 76: Port Routing
Chapter 5 Port Routing In this chapter, the following examples are provided: • “Enable Routing for the Switch” on page 5-2 • “Enable Routing for Ports on the Switch” on page 5-3 • “Adding a Default Route” on page 5-6 •...
Page 77: Enable Routing For The Switch
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • IP Forwarding, responsible for forwarding received IP packets. • ARP Mapping, responsible for maintaining the ARP Table used to correlate IP and MAC addresses. The table contains both static entries and entries dynamically updated based on information in received ARP frames.
Page 78: Enable Routing For Ports On The Switch
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Enabling Routing for the Switch Use the following command to enable routing for the switch. Execution of the command enables IP forwarding by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing...
Page 79 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Enabling Routing for Ports on the Switch (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 80 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the IP Address field, enter 192.150.2.1. • In the Subnet Mask field, enter 255.255.255.0. • Select Enable in Routing Mode field. d. Click Apply to save the settings. 2. Assign IP address 192.150.3.1/24 to the interface 1/0/3.
Page 81: Adding A Default Route
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 5-5 b. Under IP Interface Configuration, scroll down to interface 1/0/5 and select the checkbox for that interface.
Page 82 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Add a Default Route (FSM7338S) (Config) #ip route default ? <nexthopip> Enter the IP Address of the next router. (FSM7328S) (Config)#ip route default 10.10.10.2 Note that IP subnet “10.10.10.0” should be configured via either Port Routing Configuration example either or VLAN Routing Configuration in the next chapter.
Page 83: Adding A Static Route
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Adding a Static Route If your network switch has multiple routing interface that would allow different forwarding path to be taken for reaching the same destination, it may make sense to create static route to force the packet to take certain route (port) instead of the default route.
Page 84 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Static in the Route Type field. 3. Enter Network Address field. Noted this field is expecting a network IP address, not a host IP address. Do not put down something like “10,100.100.1”. The last number should always be zero.
Page 85: Vlan Routing
Chapter 6 VLAN Routing In this chapter, the following examples are provided: • “Create Two VLANs” • “Set Up VLAN Routing for the VLANs and the Switch” on page 6-6 • “Click Add to save the settings.” on page 6-8 You can configure the 7000 Series Managed Switch with some ports supporting VLANs and some supporting routing.
Page 86 NETGEAR Managed Switches Software Administration Manual, Release 8.0 The diagram in this section shows a Layer 3 switch configured for port routing. It connects two VLANs, with two ports participating in one VLAN, and one port in the other. The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the VLAN routing support shown in the diagram.
Page 87 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Creating Two VLANs To use the Web interface to configure the managed switch, proceed as follows: Create VLAN 10, VLAN20. From the main menu, select Switching > VLAN >Advanced > VLAN configuration. A screen similar to the following displays.
Page 88 NETGEAR Managed Switches Software Administration Manual, Release 8.0 h. In the VLAN Name field, enter VLAN20. Select Static in the VLAN Type field. Click Add. 2. Add ports to the VLAN10 and VLAN20. a. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 89 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select 20 in the VLAN ID field. h. Click the Unit 1. The Ports display. Click the gray box under port 3 until T displays. The T specifies that the egress packet is tagged for the port.
Page 90: Set Up Vlan Routing For The Vlans And The Switch
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN> Advanced > Port PVID Configuraton. A screen similar to the following displays. Figure 6-7 Under PVID Configuration, scroll down to interface 1/0/3 and select the checkbox for 1/0/3.
Page 91 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable routing for the switch: (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports.
Page 92 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > VLAN> VLAN Routing > VLAN Routing Configuration. A screen similar to the following displays. Figure 6-9 5. Under the VLAN Routing Configuration, enter the following information.
Page 93: Routing Information Protocol
Chapter 7 Routing Information Protocol In this chapter, the following examples are provided: • “Enable Routing for the Switch” on page 7-2 • “Enable Routing for Ports” on page 7-3 • “Enable RIP for the Switch” on page 7-5 • “Enable RIP for Ports 1/0/2 and 1/0/3”...
Page 94: Enable Routing For The Switch
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The configuration commands used in the following example enable RIP on ports 1/0/2 and 1/0/3 as shown in the network illustrated in Figure 7-1 Layer 3 Switch acting as a router Port 1/0/2 Port 1/0/5 192.150.2.2...
Page 95: Enable Routing For Ports
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Basic >IP Configuration. A screen similar to the following displays. Figure 7-2 2. Next to the Routing Mode, select the Enable radio button. 3. Click Apply to save the settings.
Page 96 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 7-3 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 97: Enable Rip For The Switch
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 7-4 b. Under IP Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 98: Enable Rip For Ports 1/0/2 And 1/0/3
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Enabling RIP for the Switch The next sequence enables RIP for the switch. the route preference defaults to 15. (Netgear Switch) #config (Netgear Switch) (Config)#router rip (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#exit...
Page 99 NETGEAR Managed Switches Software Administration Manual, Release 8.0 but send only RIPv2 formatted frames. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip rip (Netgear Switch) (Interface 1/0/2)#ip rip receive version both (Netgear Switch) (Interface 1/0/2)#ip rip send version rip2...
Page 100: Vlan Routing Rip Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > RIP > Advanced>RIP Configuration. A screen similar to the following displays. Figure 7-7 5. Under the Interface Configuration, enter the following information. • Select 1/0/3 in the Interface field.
Page 101 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • RIPv2 defined in RFC 1723 – Route specification is extended to include subnet mask and gateway – The routing table is sent to a multicast address, reducing network traffic – An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP.
Page 102 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: VLAN Routing RIP Configuration Example of configuring VLAN Routing with RIP support on a 7000 Series Managed Switch. (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10...
Page 103 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable RIP for the VLAN router ports. Authentication will default to none, and no default route entry will be created. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip rip (Netgear Switch) (Interface vlan 10)#exit...
Page 104 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 7-10 b. Enter the following information in the VLAN Routing Wizard: •...
Page 105 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > RIP > Advanced>RIP Configuration. A screen similar to the following displays. Figure 7-12 b. Under the Interface Configuration, enter the following information. • Select 0/2/1 in the Interface field.
Page 106: Ospf
Chapter 8 OSPF In this chapter, the following examples are provided: • “Configure an Inter-Area Router” on page 8-2 • “Configure OSPF on a Border Router” on page 8-8 • “Configure Area 1 as a Stub Area” on page 8-15 •...
Page 107: Configure An Inter-Area Router
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure an Inter-Area Router The examples in this section show you how to configure a 7000 Series Managed Switch first as an inter-area router and then as a border router. They show two areas, each with its own border router connected to one inter-area router.
Page 108 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Step 2: Assign IP addresses for ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 109 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable IP routing on the switch: From the main menu, select Routing > IP > IP Configuration. A screen similar to the following displays. Figure 8-2 b. Next to the Routing Mode, select the Enable radio button.
Page 110 NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply to save the settings. 3. Assign IP address 192.150.3.1 to the port 1/0/3: a. From the main menu, select Routing > IP > Advanced> IP Interface Configuration. A screen similar to the following displays.
Page 111 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > OSPF > Advanced> OSPF Configuration. A screen similar to the following displays. Figure 8-5 b. Under the OSPF Configuration, enter the following information: • In the Router ID, enter 192.150.9.9.
Page 112 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 8-6 b. Under Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 113: Configure Ospf On A Border Router
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-7 b. Under Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface. Now 1/0/3 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.3.
Page 114 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable routing & assign IP for ports 1/0/2, 1/0/3 and 1/0/4. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.130.3.1 255.255.255.0...
Page 115 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#ip ospf (Netgear Switch) (Interface 1/0/4)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface 1/0/4)#ip ospf priority 255 (Netgear Switch) (Interface 1/0/4)#ip ospf cost 64 (Netgear Switch) (Interface 1/0/4)#exit...
Page 116 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-9 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 117 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IP Interface Configuration: • In the IP Address field, enter 192.130.3.1. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field.
Page 118 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-12 b. Under the OSPF Configuration, enter the following information: • In the Router ID, enter 192.130.1.1. • Select the Enable in the OSPF Admin Mode field. • Select the Disable in the RFC 1583 Compatibility field.
Page 119 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2.
Page 120: Configure Area 1 As A Stub Area
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-15 b. Under Interface Configuration, scroll down to interface 1/0/4 and select the checkbox for that interface. Now 1/0/4 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2.
Page 121 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring Area 1 as a Stub Area on A1 Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Set the router id to 1.1.1.1. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id 1.1.1.1...
Page 122 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State ---------------- ----------- ------------------- --------- 4.4.4.4 192.168.10.2 2/0/11 Full 2.2.2.2 192.168.20.2 2/0/19 Full (Netgear Switch) #show ip route Total Number of Routes......
Page 123 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-18 b. Under IP Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 124 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the IP Address field, enter 192.168.20.1. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field. d. Click Apply to save the settings. 4. Specify the Router ID and Enable OSPF for the switch.
Page 125 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.0.
Page 126 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the Sub Area Configuration. • In the Area ID field, enter 0.0.0.1. • Select Disable in the Import Summary LSA’s field. Click Add to save the settings.
Page 127 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring Area 1 as a Stub Area on A2 To use the Web interface to configure OSPF on the switch, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing > IP > IP Configuration. A screen similar to the following displays.
Page 128 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Select Enable in the Admin Mode field. d. Click Apply to save the settings. 3. Specify the Router ID and Enable OSPF for the switch From the main menu, select Routing > OSPF > Basic> OSPF Configuration. A screen similar to the following displays.
Page 129: Configure Area 1 As A Nssa Area
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply to save the settings. 5. Configure area 0.0.0.1 as a stub area. From the main menu, select Routing > OSPF > Advanced> Stub Area Configuration. A screen similar to the following displays.
Page 130 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring Area 1 as a nssa Area Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config)#ip routing Configure area 0.0.0.1 as a nssa area. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id 1.1.1.1...
Page 131 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Interface 2/0/19)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......2 Network Subnet Next Hop Next Hop Address Mask Protocol Intf IP Address --------------- --------------- ------------...
Page 132 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-31 b. Under IP Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 133 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the IP Address field, enter 192.168.20.1. • In the Subnet Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field. d. Click Apply to save the settings. 4. Specify the Router ID and Enable OSPF for the switch.
Page 134 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.0.
Page 135 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the NSSA Area Configuration. • In the Area ID field, enter 0.0.0.1. • Select the Disable in the Import Summary LSA’s field. Click Add to save the settings.
Page 136 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Interface 1/0/15)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......6 Network Subnet Next Hop Next Hop Address Mask Protocol Intf IP Address --------------- --------------- ------------...
Page 137 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-38 b. Under IP Interface Configuration, scroll down to interface 1/0/11 and select the checkbox for that interface. Now 1/0/11 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 138 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IP Interface Configuration: • In the IP Address field, enter 192.168.20.2. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Routing Mode field.
Page 139 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable OSPF on the port 1/0/15. From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 8-42 b. Under IP Interface Configuration, scroll down to interface 1/0/15 and select the checkbox for that interface.
Page 140: Vlan Routing Ospf Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Redistribute the RIP routes into the OSPF area. From the main menu, select Routing > OSPF > Advanced>Route Redistribution. A screen similar to the following displays. Figure 8-44 b. In the Route Redistribution, select RIP in the Available Source field.
Page 141 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: VLAN Routing OSPF Configuration This example adds support for OSPF to the configuration created in the base VLAN routing example in Figure 6-1 on page 6-2. The script shows the commands you would use to configure the 7000 Series Managed Switch as an inter-area router.
Page 142 NETGEAR Managed Switches Software Administration Manual, Release 8.0 nable OSPF for the VLAN and physical router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface vlan 10)#ip ospf (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip ospf areaid 0.0.0.3...
Page 143 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the VLAN Routing Wizard. • In the Vlan ID field, enter 10. • In the IP Address field, enter 192.150.3.1. • In the Network Mask field, enter 255.255.255.0.
Page 144 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-47 b. Next to the OSPF Admin Mode, select Enable Radio button. Enter 192.150.9.9 in the Router ID filed. d. Click Apply to save the setting. 4. Enable OSPF on the VLAN 10.
Page 145: Ospfv3 (Open Shortest Path First)
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable OSPF on the VLAN 20. From the main menu, select Routing > OSPF > Advanced>Interface Configuration. A screen similar to the following displays. Figure 8-49 b. Under the Interface Configuration, click the VLANS to show all the VLAN interfaces.
Page 146 NETGEAR Managed Switches Software Administration Manual, Release 8.0 enable operation over tunnels. It is possible to enable OSPF and OSPFv3 at the same time. OSPF works with IPv4 and OSPFv3 works with IPv6. The following example shows how to configure OSPFv3 on a IPv6 network.
Page 147 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable OSPFv3 on the interface 1/0/1, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (Interface 1/0/1)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor...
Page 148 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IPv6 > IPv6 Global Configuration. A screen similar to the following displays. Figure 8-51 Next to the IPv6 Unicast Routing Mode, select the Enable radio button.
Page 149 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IPv6 > Advanced> IP Interface Configuration. A screen similar to the following displays. Figure 8-53 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for that interface.
Page 150 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IPv6 Interface Configuration: • In the IPv6 Prefix edit box, enter 2001::1. • In the Length edit box, enter 64. • Select Disable in the EUI64 field.
Page 151 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-56 To use the Web interface to configure OSPF on the switch A2, refer to the configuration of switch A1. OSPF 8-46 v1.0, October 2009...
Page 152: Proxy Address Resolution Protocol (Arp)
ARP request arrived Proxy ARP Examples The following are examples of the commands used in the proxy ARP feature. CLI: show ip interface (Netgear Switch) #show ip interface ? <slot/port> Enter an interface in slot/port format. brief Display summary information about IP configuration settings for all ports.
Page 153 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: ip proxy-arp (Netgear Switch) (Interface 0/24)#ip proxy-arp ? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 0/24)#ip proxy-arp Web Interface: Configuring Proxy ARP on a Port To use the Web interface to configure proxy ARP on a port, proceed as follows: Configure proxy ARP.
Page 154: Virtual Router Redundancy Protocol
Chapter 10 Virtual Router Redundancy Protocol In this chapter, the following examples are provided: • “Configure VRRP on a Master Router” on page 10-2 • “Configure VRRP on a Backup Router” on page 10-4 When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network.
Page 155: Configure Vrrp On A Master Router
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure VRRP on a Master Router This example shows how to configure the 7000 Series Managed Switch to support VRRP. Router 1 will be the default master router for the virtual route, and Router 2 will be the backup router.
Page 156 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable VRRP on the port. (Netgear Switch) (Interface 1/0/2)#ip vrrp 20 mode (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Configuring VRRP on a Master Router To use the Web interface to configure VRRP on a master router on the switch, proceed as follows: Enable IP routing on the switch: From the main menu, select Routing >...
Page 157: Configure Vrrp On A Backup Router
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 158 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring VRRP on a Backup Router The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the backup router: Enable routing for the switch. IP forwarding will then be enabled by default.
Page 159 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring VRRP on a Backup Router To use the Web interface to configure VRRP on a backup router on the switch, proceed as follows: Enable IP routing on the switch.
Page 160 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the Network Mask field, enter 255.255.0.0. • Select Enablein the Admin Mode field. d. Click Apply to save the settings. 3. Enable VRRP on the 1/0/4. From the main menu, select Routing > VRRP > Basic> VRRP Configuration. A screen similar to the following displays.
Page 161: Access Control Lists (Acls)
Chapter 11 Access Control Lists (ACLs) This chapter describes the Access Control Lists (ACLs) feature. The following examples are provided: • “Set up an IP ACL with Two Rules” on page 11-3 • “Configure a One-Way Access Using a TCP Flag in an ACL” on page 11-8 •...
Page 162: Configuring Ip Acls
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Ethertype – Secondary CoS (802.1p) – Secondary VLAN (or range of IDs) • L2 ACLs can apply to one or more interfaces • Multiple access lists can be applied to a single interface - sequence number determines the order of execution •...
Page 163: Set Up An Ip Acl With Two Rules
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Set up an IP ACL with Two Rules This section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will only be accepted by the 7000 Series Managed Switch if the source and destination stations have IP addresses within the defined sets.
Page 164 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Define the second rule for ACL 101 to set similar conditions for UDP traffic as for TCP traffic. (Netgear Switch) (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted.
Page 165 NETGEAR Managed Switches Software Administration Manual, Release 8.0 following displays. Figure 11-3 b. Next to ACL ID, select 101. Click Add to create a new rule. 3. Create a new ACL rule and add it to the ACL 101. a. After you click the Add button on the step 2, A screen similar to the following displays.
Page 166 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Select TCP in the Protocol Type field. • In the Source IP Address, enter 192.168.77.0. • In the Source IP Mask, enter 0.0.0.255. • In the Destination IP Address, enter 192.178.77.0.
Page 167 NETGEAR Managed Switches Software Administration Manual, Release 8.0 to the following displays. Figure 11-6 b. Enter the following information in the IP Binding Configuration. • Select 101 in the ACL ID field. • In the Sequence Number field, enter 1.
Page 168: Configure A One-Way Access Using A Tcp Flag In An Acl
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure a One-Way Access Using a TCP Flag in an ACL This example shows how to set up one-way web access using a TCP flag in an ACL. PC1 can access FTP server1 and FTP server2 but PC2 only access FTP server2.
Page 169 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Config)#interface vlan 30 (Netgear Switch) (Interface-vlan 30)#routing (Netgear Switch) (Interface-vlan 30)#ip address 192.168.30.1 255.255.255.0 (Netgear Switch) (Interface-vlan 30)#exit (Netgear Switch) (Config)#exit Create VLAN 100 with port 0/13 and assign IP address 192.168.100.1/24.
Page 170 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create an ACL that denies all the packets with TCP flags +syn-ack. (Netgear Switch) (Config)#access-list 101 deny tcp any any flag +syn -ack Create an ACL that permits all the IP packets.
Page 171: Configuring The Switch
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create VLAN 50 with port 1/0/25 and assign IP address 192.168.50.1/24. (Netgear Switch)(Config)#exit (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 50 (Netgear Switch) (Vlan)#vlan routing 50 (Netgear Switch) (Vlan)#exit (Netgear Switch) #configure...
Page 172 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 11-8 b. Enter the following information in the VLAN Routing Wizard: •...
Page 173 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-9 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 100. • In the IP Address field, enter 192.168.100.1. • In the Network Mask field, enter 255.255.255.0.
Page 174 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-10 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 200. • In the IP Address field, enter 192.168.200.1. • In the Network Mask field, enter 255.255.255.0.
Page 175 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing.
Page 176 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-13 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.50.0. •...
Page 177 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create an ACL with ID 102: From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 11-15 b. In the IP ACL ID field of the IP ACL Table, enter 102.
Page 178 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Add. The Extended ACL Rule Configuration screen displays. Figure 11-17 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1.
Page 179 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-18 b. Under IP Extended Rules, select 102 in the ACL ID field. Click Add. The Extended ACL Rule Configuration screen displays. Figure 11-19 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 180 NETGEAR Managed Switches Software Administration Manual, Release 8.0 11. Apply ACL 101 to port 44. a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 11-20 b. Under Binding Configuration, make the following selection and enter the following information: •...
Page 181 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-21 b. Under Binding Configuration, make the following selection and enter the following information: • Select 102 in the ACL ID field. • In the Sequence Number field, enter 2. Click Unit 1. The ports display.
Page 182 NETGEAR Managed Switches Software Administration Manual, Release 8.0 following displays. Figure 11-22 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 40. • In the IP Address field, enter 192.168.40.1. • In the Network Mask field, enter 255.255.255.0.
Page 183 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create VLAN 50 with IP address 192.168.50.1/24: From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 11-23 b. Enter the following information in the VLAN Routing Wizard: •...
Page 184 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 11-24 b. Enter the following information in the VLAN Routing Wizard: •...
Page 185 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-25 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.100.0. •...
Page 186: Configure Isolated Vlans On A Layer 3 Switch By Using Acls
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.30.0. • In the Subnet Mask field, enter 255.255.255.0.
Page 187 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring a One-Way Access Using a TCP Flag in an ACL Commands To use the CLI to isolate VLANs on a Layer 3 switch by using ACLs, enter the following CLI commands.
Page 188 (Netgear Switch) (Config)#ip route default 10.100.5.252 Create ACL 101 to deny all traffic that has destination IP 192.168.24.0/24. (Netgear Switch) (Config)#access-list 101 deny ip any 192.168.24.0 0.0.0.255 Create ACL 102 to deny all traffic that has destination IP 192.168.48.0/24. (Netgear Switch) (Config)#access-list 102 deny ip any 192.168.48.0 0.0.0.255 Create ACL 103 to permit all other traffic.
Page 189 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring a One-Way Access Using a TCP Flag in an ACL To use the Web interface to isolate VLANs on a Layer 3 switch by using ACLs, proceed as follows: Create VLAN 24 with IP address 192.168.24.1:...
Page 190 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 11-29 b. Enter the following information in the VLAN Routing Wizard: •...
Page 191 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-30 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 38. • In the IP Address field, enter 10.100.5.34. • In the Network Mask field, enter 255.255.255.0.
Page 192 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing.
Page 193 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. In the IP ACL ID field of the IP ACL Table, enter 102. Click Add. 7. Create an ACL with ID 103: From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays.
Page 194 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Add. The Extended ACL Rule Configuration screen displays. Figure 11-36 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1.
Page 195 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-37 b. Under IP Extended Rules, select 102 in the ACL ID field. Click Add. The Extended ACL Rule Configuration screen displays. Figure 11-38 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 196 NETGEAR Managed Switches Software Administration Manual, Release 8.0 10. Add and configure an IP extended rule that is associated with ACL 103: a. From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays.
Page 197 NETGEAR Managed Switches Software Administration Manual, Release 8.0 11. Apply ACL 102 to port 24: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 11-41 b. Under Binding Configuration, make the following selection and enter the following information: •...
Page 198 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-42 b. Under Binding Configuration, make the following selection and enter the following information: • Select 101 in the ACL ID field. • In the Sequence Number field, enter 1. Click Unit 1. The ports display.
Page 199: Set Up A Mac Acl With Two Rules
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-43 b. Under Binding Configuration, make the following selection and enter the following information: • Select 103 in the ACL ID field. • In the Sequence Number field, enter 2. Click Unit 1. The ports display. Configure the following ports: •...
Page 200 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Deny all the traffic which has destination MAC 01:80:c2:xx:xx:xx. (Netgear Switch) (Config-mac-access-list)#deny any 01:80:c2:00:00:00 00:00:00:ff:ff:ff Permit all the other traffic. (Netgear Switch) (Config-mac-access-list)#permit any (Netgear Switch) (Config-mac-access-list)#exit Apply the MAC ACL acl_bpdu to the port 1/0/2.
Page 201 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL >MAC ACL> MAC Rules. A screen similar to the following displays. Figure 11-45 Select acl_bpdu in the ACL Name field. b. Select Deny in the Action field.
Page 202 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select acl_bpdu in the ACL Name field. b. Enter the following information in the Rule Table. • In the ID field, enter 2. • Select the Permit in the Action field. Click theAdd button.
Page 203: Acl Mirroring
NETGEAR Managed Switches Software Administration Manual, Release 8.0 ACL Mirroring This feature extends the existing port mirroring functionality by allowing to mirror a desired traffic stream in an interface. It helps to mirror the desired traffic stream rather mirroring entire traffic in an interface. It has been associated with ACL functionality.
Page 204 (Netgear Switch) (Config)# ip access-list monitorHost Define the rules to match the host 10.0.0.1 and to permit every other. (Netgear Switch) (Config-ipv4-acl)# permit ip 10.0.0.1 0.0.0.0 any mirror 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Bind the ACL with the interface 1/0/1.
Page 205 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring ACL Mirroring To use the Web interface to configure IP ACL on a port on the switch, proceed as follows: Create an IP access control list with the name monitorHost on the switch: From the main menu, select Security >...
Page 206 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 11-51 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays Figure 11-52 Enter Rule ID as 1.
Page 207 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays Figure 11-53 b. Click Add and a screen similar to the following displays.
Page 208 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Bind the ACL with the interface 1/0/1. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 11-56 b. Enter Sequence Number as 1.
Page 209: Acl Redirect
(Netgear Switch) (Config)#ip access-list redirectHTTP Define a rule to match the HTTP stream and define a rule to permit every other. (Netgear Switch) (Config-ipv4-acl)# permit tcp any any eq http redirect 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Access Control Lists (ACLs) 11-49 v1.0, October 2009...
Page 210 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Bind the ACL with the interface 1/0/1. (Netgear Switch) (Interface 1/0/1)#ip access-group redirectHTTP in 1 View the configuration. (Netgear Switch) # show ip access-lists Current number of ACLs: 1 Maximum number of ACLs: 100...
Page 211 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 11-59 b. In the IP ACL filed enter redirectHTTP. Click Add to create the IP ACL redirectHTTP. At the end of this configuration a screen similar to the following displays.
Page 212 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 11-61 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays.
Page 213 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 11-63 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays.
Page 214 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-65 Bind the ACL with the interface 1/0/1. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays.
Page 215: Configure Ipv6 Acls
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-67 Configure IPv6 ACLs This feature extends the existing IPv4 ACL by providing support for IPv6 packet classification. IPv6 ACLs classify for Layer 3 IPv6 traffic.
Page 216 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Interface 1/0/1 GSM73xxS 2001:0DB8:c0ab:ac11::/64 2001:0DB8:c0ab:ac14::/64 2001:0DB8:c0ab:ac13::/64 2001:0DB8:c0ab:ac12::/64 IPv6 HTTP traffic IPv6 Telnet traffic IPv6 Any other traffic Figure 11-68 CLI: Configuring an IPv6 ACL Create the Access Control List with the name ipv6-acl.
Page 217 (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 2001:DB8:C0AB:AC13::/64 eq telnet (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 any eq http Apply rules the rule to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/1...
Page 218 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring an IPv6 ACL Create the Access Control List with the name ipv6-acl From the main menu, select Security > ACL > Advanced > IPv6 ACL. b. In the IPv6 ACL table, enter ipv6-acl in the IPv6 ACL field. A screen similar to the following displays.
Page 219 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IPv6 Rules. A screen similar to the following displays. Figure 11-71 b. Select the ACL Name as ipv6-acl. Click Add. d. Enter Rule ID as 1.
Page 220 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. 3. Add Rule 2. Enter Rule ID as 2. b. Select Action as Permit. Select Protocol Type as TCP. d. Enter Source Prefix as 2001:DB8:C0AB:AC11::. Enter Source Prefix Length as 64.
Page 221 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Source L4 Port as http. A screen similar to the following displays. Figure 11-74 Click Apply. 5. Apply the rules to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted.
Page 222 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-76 View the binding table. From the main menu, select Security > ACL > Advanced-> Binding Table. A screen similar to the following displays.
Page 223: Class Of Service (Cos) Queuing
Chapter 12 Class of Service (CoS) Queuing This section describes the Class of Service (CoS) Queue Mapping and Traffic Shaping features. In this chapter, the following examples are provided: • “Show classofservice Trust” on page 12-3 • “Set classofservice trust Mode” on page 12-3 •...
Page 224: Cos Queue Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Can only have one trust field at a time - per port. – 802.1p User Priority (default trust mode - Managed through Switching configuration) – IP Precedence – IP DiffServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header.
Page 225: Show Classofservice Trust
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Tail Drop parameters, Threshold Per-Interface Basis • Queue management type, Tail Drop vs. WRED Only if per queue config is not supported • WRED Decay Exponent • Traffic Shaping for an entire interface...
Page 226 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Setting classofservice Trust Mode (Netgear Switch) (Config)#classofservice? dot1p-mapping Configure dot1p priority mapping. ip-dscp-mapping Maps an IP DSCP value to an internal traffic class. trust Sets the Class of Service Trust Mode of an Interface.
Page 227: Show Classofservice Ip-Precedence Mapping
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Show classofservice ip-precedence Mapping The example is shown as CLI commands and as a Web interface procedure. CLI: Showing classofservice ip-precedence Mapping (Netgear Switch) #show classofservice ip-precedence-mapping IP Precedence Traffic Class -------------...
Page 228: Configure Cos-Queue Min-Bandwidth And Strict Priority Scheduler Mode
Enter the minimum bandwidth percentage for Queue 0. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict? <queue-id> Enter a Queue Id from 0 to 7.
Page 229 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced >Interface Queue Configuration. A screen similar to the following displays. Figure 12-4 b. Select the 0 in the Queue ID field. Under Interface Queue Configuration, scroll down to interface 1/0/2 and select the checkbox for 1/ 0/1.
Page 230: Set Cos Trust Mode Of An Interface
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced >Interface Queue Configuration. A screen similar to the following displays. Figure 12-5 b. Select the 1 in the Queue ID field. Under Interface Queue Configuration, scroll down to interface 1/0/2 and select the checkbox for 1/ 0/2.
Page 231: Configure Traffic Shaping
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Note: The Traffic Class value range is <0-6> instead of <0-7> because queue 7 is reserved in a stacking build for stack control, and is therefore not configurable by the user. Web Interface: Setting CoS Trust Mode of an Interface...
Page 232 NETGEAR Managed Switches Software Administration Manual, Release 8.0 The <bw> value is a percentage that ranges from 0 to 100 in increments of 5. The default bandwidth value is 0, meaning no upper limit is enforced, which allows the interface to transmit up to its maximum line rate.
Page 233 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under CoS Interface Configuration, scroll down to interface 1/0/3 and select the 1/0/3 checkbox. Now 1/0/3 appears in the Interface field at the top. In the Interface Shaping Rate(0 to 100) field, enter 70.
Page 234: Differentiated Services
Chapter 13 Differentiated Services In this chapter, the following examples are provided: • “Differentiated Services” on page 13-2 • “DiffServ for VoIP Configuration” on page 13-20 • “Auto VoIP Configuration” on page 13-29 • “DiffServ for IPv6 Configuration Example” on page 13-33 Differentiated Services (DiffServ) is one technique for implementing Quality of Service (QoS) policies.
Page 235 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Policy. Defines the QoS attributes for one or more traffic classes. An example of an attribute is the ability to mark a packet at ingress. The 7000 Series Managed Switch supports a Traffic Conditions Policy.
Page 236 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Ensure DiffServ operation is enabled for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#diffserv Create a DiffServ class of type “all” for each of the departments, and name them. Define the match criteria - - Source IP address -- for the new classes.
Page 237 It is presumed that the switch will forward this traffic to interface 1/0/5 based on a normal destination address lookup for internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit...
Page 238 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ >Basic >DiffServ Configuration. A screen similar to the following displays. Figure 13-2 b. Next to the Diffserv Admin Mode, select the Enable radio button.
Page 239 NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click the finance_dept to configure this class. Figure 13-4 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.10.0. • In the Source Mask field, enter 255.255.255.0.
Page 240 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the Class Configuration • In the Class Name field, enter marketing_dept. • Select All in the Class Type field. Click Add to create a new class marketing_dept.
Page 241 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced >Class Configuration. A screen similar to the following displays. Figure 13-7 b. Enter the following information in the Class Configuration • In the Class Name field, enter test_dept.
Page 242 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.30.0. • In the Source Mask field, enter 255.255.255.0. Click Apply. Create class development_dept.
Page 243 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-10 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.40.0. • In the Source Mask field, enter 255.255.255.0. Click Apply. Create a policy named internet_access and add the class finance_dept into it.
Page 244 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the Class Configuration • In the Policy Selector field, enter internet_access. • Select the finance_dept in the Member Class field. Click the Add to create a new policy internet_access.
Page 245 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-13 b. Under Policy Configuration, scroll down to internet_access and select the checkbox for internet_access. Internet_access now appears in the Policy Selector field at the top. Select the test_dept in the Member Class field.
Page 246 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced >Policy Configuration. A screen similar to the following displays. Figure 13-15 b. Click the internet_access whose member class is finance_dept. another screen similar to the following displays.
Page 247 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 13-17 b. Click the internet_access whose member class is marketing_dept. another screen similar to the following displays.
Page 248 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced >Policy Configuration. A screen similar to the following displays. Figure 13-19 b. Click the internet_access whose member class is test_dept. another screen similar to the following displays.
Page 249 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 13-21 b. Click the internet_access whose member class is development_dept. another screen similar to the following displays.
Page 250 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced >Service Configuration. A screen similar to the following displays. Figure 13-23 b. Scroll down to interface 1/0/1 and select the checkbox for 1/0/1. Scroll down to interface 1/0/2 and select the checkbox for 1/0/2.
Page 251 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-24 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/0/5. 1/0/5 now appears in the Interface field at the top. Select the 1 in the Queue ID field d.
Page 252 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select the 2 in the Queue ID field d. In the Minimum Bandwidth field, enter 25. Click Apply. 17. Set the CoS queue 3 configuration for the interface 1/0/5. From the main menu, select QoS > CoS >Advanced >Interface Queue Configuration. A screen similar to the following displays.
Page 253: Diffserv For Voip Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-27 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/0/5. 1/0/5 now appears in the Interface field at the top. Select the 4 in the Queue ID field d.
Page 254 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Port 1/0/2 Layer 3 Switch operating as Router 1 Port 1/0/3 Internet Layer 3 Switch operating as Router 2 Figure 13-28 CLI: DiffServ for VoIP The following example configures DiffServ VoIP support: Enter Global Config mode.
Page 255 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create a second DiffServ classifier named 'class_ef' and define a single match criterion to detect a DiffServ code point (DSCP) of 'EF' (expedited forwarding). This handles incoming traffic that was previously marked as expedited somewhere in the network.
Page 256 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-29 b. Under Interface Queue Configuration, select all the interfaces. Select 5 in the Queue ID field. d. Select Strict in the Scheduler Type field. Click the Apply to save the settings.
Page 257 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-31 b. In the Class Name, enter class_voip. Select All in the Class Type field. Click Add to create a new class. Click the class_voip, another screen similar to the following displays: Figure 13-32 Select UDP in the Protocol Type field.
Page 258 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced >DiffServ Configuration. A screen similar to the following displays. Figure 13-33 b. In the Class Name, enter class_ef. Select All in the Class Type field.
Page 259 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply to create a new class. 5. Create a policy pol_voip and add class_voip into this policy From the main menu, select QoS > DiffServ> Advanced > Policy Configuration. A screen similar to the following displays.
Page 260 NETGEAR Managed Switches Software Administration Manual, Release 8.0 For the Policy Attribute, click the Mark IP DSCP radio button and select ef in the Mark IP DSCP field. Click Apply to create a new policy. 6. Add class_ef into the policy pol_voip.
Page 261 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-38 Select the 5 in the Assign Queue field. Click Apply to create a new policy. 7. Attach the defined policy to the interface 1/0/2 in the inbound direction a. From the main menu, select QoS > DiffServ > Advanced > Service Configuration. A screen similar to the following displays.
Page 262: Auto Voip Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Auto VoIP Configuration The Auto-VoIP feature is intended to provide ease of use for the user in setting up VoIP for IP phones on a switch. This functionality copies VoIP signaling packets to the CPU to get the source and destination IP Address and Layer 4 Port of the current session.
Page 263 NETGEAR Managed Switches Software Administration Manual, Release 8.0 View the Auto VoIP information: (Netgear Switch) # show auto-voip interface all Interface Auto VoIP Mode Traffic Class --------- -------------- ------------- 1/0/1 Enabled 1/0/2 Enabled 1/0/3 Enabled 1/0/4 Enabled 1/0/5 Enabled 1/0/6...
Page 264 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Auto VoIP. A screen similar to the following displays. Figure 13-41 b. Select the check box in the first row to select all the interfaces.
Page 265 NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 13-43 Differentiated Services 13-32 v1.0, October 2009...
Page 266: Diffserv For Ipv6 Configuration Example
NETGEAR Managed Switches Software Administration Manual, Release 8.0 DiffServ for IPv6 Configuration Example This feature extends the existing QoS ACL and DiffServ functionality by providing support for IPv6 packet classification. Internet Interface 1/0/3 Interface 1/0/1 GSM73xxS Interface 1/0/2 IPv6 IPv6...
Page 267 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Define matching criteria as protocol ICMPv6. (Netgear Switch) (Config-classmap) # match protocol 58 (Netgear Switch) (Config-classmap) # exit Create the policy policyicmpv6. (Netgear Switch) (Config)# policy-map policyicmpv6 in Associate the previously created class classicmpv6.
Page 268 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. Figure 13-45 b. Enter Class Name as classicmpv6. Select Class Type as All. A screen similar to the following displays.
Page 269 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. Figure 13-48 b. Click the class classicmpv6. A screen similar to the following displays.
Page 270 NETGEAR Managed Switches Software Administration Manual, Release 8.0 For the Protocol Type, select Other and enter 58. A screen similar to the following displays. Figure 13-50 d. Click Apply. At the end of this configuration a screen similar to the following displays.
Page 271 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. Figure 13-52 b. Enter the Policy Name as policyicmpv6. For the Policy Type, select In.
Page 272 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. Figure 13-54 b. Click the Policy policyicmpv6 A screen similar to the following displays.
Page 273 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Assign Queue as 6.. Figure 13-56 d. Click Apply. 5. Attach the policy policyicmpv6 in the interface 1/0/1,1/0/2 and 1/0/3. From the main menu, select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays.
Page 274 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Select Policy Name as policyicmpv6. Click the check box for the interfaces 1/0/1, 1/0/2 and 1/0/3. A screen similar to the following displays. Figure 13-58 d. Click Apply. At the end of this configuration a screen similar to the following displays.
Page 275: Igmp Snooping And Querier
The following example shows how to enable IGMP snooping. (Netgear Switch) #config (Netgear Switch) (Config)#ip igmpsnooping (Netgear Switch) (Config)#ip igmpsnooping interfacemode (Netgear Switch) (Config)#exit Web Interface: Enabling IGMP Snooping To use the Web interface to configure the managed switch, proceed as follows: Configure the IGMP Snooping Configuration.
Page 276: Show Igmpsnooping
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > Multicast > IGMP Snooping Configuration. A screen similar to the following displays. Figure 14-1 b. Enter the following information in the IGMP Snooping Configuration. Next to the Admin mode field, select the Enable radio button.
Page 277: Show Mac-Address-Table Igmpsnooping
NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) #show igmpsnooping Admin Mode....... Enable Multicast Control Frame Count.... Interfaces Enabled for IGMP Snooping..1/0/10 Vlans enabled for IGMP snooping..Web Interface: Showing igmpsnooping To use the Web interface to configure the managed switch, proceed as follows: Configure the IGMP Snooping Configuration.
Page 278: Configure The Switch With An External Multicast Router
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Showing mac-address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? <cr> Press Enter to execute the command. (Netgear Switch) #show mac-address-table igmpsnooping Type Description Interfaces ----------------------- ------- -------------- ----------- 00:01:01:00:5E:00:01:16 Dynamic Network Assist...
Page 279 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring the Switch with an External Multicast Router This example configures the interface as the one the multicast router is attached to. All IGMP packets snooped by the switch will be forwarded to the multicast router reachable from this interface.
Page 280: Configure The Switch With A Multicast Router Using Vlan
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure the Switch with a Multicast Router Using VLAN The example is shown as CLI commands and as a Web interface procedure. CLI: Configure the Switch with a Multicast Router Using VLAN This example configures the interface to only forward the snooped IGMP packets that come from VLAN ID (<VLAN Id>) to the multicast router attached to this interface.
Page 281: Igmp Querier
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Under Multicast Router VLAN Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface. Now 1/0/3 appears in the Interface field at the top. 3. Enter the following information in the Multicast Router VLAN Configuration.
Page 282: Enable Igmp Querier
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Since the IGMP querier is designed to work with IGMP snooping, it is necessary to enable IGMP snooping when using it.The following figure shows a network application for video streaming service using the IGMP querier feature.
Page 283: Show Igmp Querier Status
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IGMP VLAN Configuration. • In the VLAN ID field, enter 1. • Select Enable in the Query Mode field. • In the Querier Interval field, enter 60.
Page 284 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 14-8 Click Refresh. 14-10 IGMP Snooping and Querier v1.0, October 2009...
Page 285: Security Management
Chapter 15 Security Management In this chapter, exmples are provided for the following topics: • “Port Security” • “Protected Ports” on page 15-6 • “802.1x Port Security” on page 15-13 • “Create a Guest VLAN” on page 15-20 • “VLAN Assignment via RADIUS” on page 15-26 •...
Page 286 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • When link goes down, all dynamically locked addresses are ‘freed’ • If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets with a MAC address matching the MAC address in the static list •...
Page 287 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-1 b. Under Port Security Configuration, next to the Port Security Mode, select Enable radio button. Click Apply to save the settings. 2. Set dynamic and static limit on the port 1/0/1 From the main menu, select Security >...
Page 288 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Convert the Dynamic Address Learned from 1/0/1 to the Static Address The example is shown as CLI commands and as a Web interface procedure. CLI: Converting the Dynamic Address Learned from 1/0/1 to the Static...
Page 289: Create A Static Address
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply to save the settings. Create a Static Address The example is shown as CLI commands and as a Web interface procedure. CLI: Creating a Static Address (Netgear Switch) (Interface 1/0/1)#port-security mac-address 00:13:00:01:02:03...
Page 290: Protected Ports
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Protected Ports This section describes how to set up protected ports on the switch. Some situations might require that traffic is prevented from being forwarded between any ports at Layer 2 so that one user cannot see the traffic of another user on the same switch.
Page 291 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Step 1: Create one VLAN 192 including PC1 and PC2. (Netgear Switch) #vlan database (Netgear Switch) #vlan 192 (Netgear Switch) #vlan routing 192 (Netgear Switch) #exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/23...
Page 292 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Step 4: Enable IProuting and configure a default route. (Netgear Switch)(config)#ip routing (Netgear Switch)(config)#ip route 0.0.0.0 0.0.0.0 10.100.5.252 Step 5: Enable a protected port on 1/0/23 and 1/0/24. (Netgear Switch) (Config)#interface 1/0/23...
Page 293 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-6 b. Under DHCP Pool Configuration, enter the following information: • Select Create in the Pool Name field. • In the Pool Name field, enter pool-a. • Select Dynamic in the Type of Binding field.
Page 294 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Add. 2. Configure a VLAN and include ports 1/0/23 and 1/0/24 in the VLAN: From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays.
Page 295 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-8 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 202. • In the IP Address field, enter 10.100.5.34. • In the Network Mask field, enter 255.255.255.0.
Page 296 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing.
Page 297: 802.1X Port Security
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-11 b. Under Protected Ports Configuration, Click Unit 1. The ports display. • Click the gray box under ports 23. A flag appears in the box. • Click the gray box under ports 24. A flag appears in the box.
Page 298 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Layer 2 Switch RADIUS Server Layer 2 Switch PC 1 PC 2 Figure 15-12 The following example shows how to authenticate the dot1x users by a RADIUS server. The management IP address is 10.100.5.33/24. The example is shown as CLI commands and as a Web interface procedure.
Page 299 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Netgear Switch) (Config)#radius server key auth 10.100.5.17 Enter secret (16 characters max):123456 Re-enter secret:123456 To configure the shared secret between the RADIUS client and the server. (Netgear Switch) (Config)#radius server msgauth 10.100.5.17 (Netgear Switch) (Config)# radius server primary 10.100.5.17...
Page 300 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-14 b. Under IP Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for that interface. Now 1/0/1 appears in the Interface field at the top. Under the IP Interface Configuration, enter the following information.
Page 301 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Select Enable in the Routing Mode field. d. Click Apply to save the settings. 4. Create an authentication name list. From the main menu, select Security > Management Security > Login> Authentication List. A screen similar to the following displays.
Page 302 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Force Authorized in the Control Mode field. d. Click Apply to save settings. 6. Enable dot1x on the switch. From the main menu, select Security > Port Authentication > Server Configuration. A screen similar to the following displays.
Page 303 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Yes in the Primary Server field. Select Enable in the Message Authenticator field. Click Add. 8. Enable Accounting. From the main menu, select Security > Management Security > RADIUS> Radius Configuration.
Page 304: Create A Guest Vlan
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Enable in the Accounting Mode field. d. Click Apply. Create a Guest VLAN The Guest VLAN feature allows a switch to provide a distinguished service to dot1x unaware clients (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach external network with no ability to surf internal LAN.
Page 305 NETGEAR Managed Switches Software Administration Manual, Release 8.0 authenticated and associated with the guest VLAN. This ensures that traffic from the client is accepted and switched through the guest vlan.. In this example, dot1x is enabled on all the ports so that all the hosts that are authorized are assigned VLAN 1.
Page 306 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable guest vlan on port 1/0/1 and 1/0/24. (Netgear Switch) #show dot1x detail 1/0/1 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....Idle Quiet Period (secs)......60 Transmit Period (secs)......
Page 307 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-23 b. In the VLAN ID field, enter 2000. Select Static in the VLAN Type field. d. Click Add. 2. Add ports to the VLAN 2000. a. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 308 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Setting force authorized mode on the port 1/0/6 and 1/0/12. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays. Figure 15-25 b. Under Port Authentication, scroll down to interface 1/0/6 and 1/0/12, select the checkbox for that interface.
Page 309 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Next to the Administrative Mode, select the Enable radio button. Click Apply to save settings. 5. Configure dot1x authentication list. From the main menu, select Security > Management Security > Authentication List> Dot1x Authentication List.
Page 310: Vlan Assignment Via Radius
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. In the Radius Server IP Address field, enter 192.168.0.1. Select Yes in the Secret Configured field. d. In the Secret field, enter 12345. Click Add. Configure the Guest VLAN. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays.
Page 311 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • If the VLAN assignment is enabled in the RADIUS server then as part of the response message the RADIUS server sends the VLAN id the client is supposed to be in the 802.1x tunnel attributes. This attribute indicates the tunneling protocol to be used or the tunneling protocol in use at the authenticator.
Page 312 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create a VLAN 2000 (Netgear Switch) (Config)#dot1x system-auth-control Enable dot1x authentication on the switch. (Netgear Switch) (Config)#aaa authentication dot1x default radius Use the radius as the authenticator. (Netgear Switch) (Config)#authorization network radius Enable the switch to accept VLAN assignment by the radius server.
Page 313 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Force the 1/0/6 to be authorized for it connects to the RADIUS server. (Netgear Switch) #show dot1x detail 1/0/5 Port........... 1/0/5 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....
Page 314 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-31 b. Next to the Current Network Configuration Protocol, select the None Radio button. In the IP Address, enter 192.168.0.5. d. In the Subnet Mask, enter 255.255.255.0. Click Apply. Create VLAN 2000.
Page 315 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Static in the VLAN Type field. d. Click Add. 3. Setting force authorized mode on the port 1/0/6 and 1/0/12. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays.
Page 316 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-34 b. Next to the Administrative Mode, select the Enable radio button. Next to the VLAN Assignment Mode, select the Enable radio button. d. Click Apply to save settings. 5. Configure dot1x authentication list.
Page 317: Dynamic Arp Inspection
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Management Security > Radius>Server Configuration. A screen similar to the following displays. Figure 15-36 b. In the Radius Server IP Address field, enter 192.168.0.1. Select Yes in the Secret Configured field.
Page 318 NETGEAR Managed Switches Software Administration Manual, Release 8.0 When Dynamic ARP Inspection is enabled, the switch drops ARP packet whose sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database. However it can be overcome through Static mappings.
Page 319 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 320 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. Figure 15-38 b. For the DHCP Snooping Mode, select Enable. Click Apply. At the end of this configuration a screen similar toFigure 15-38 displays.
Page 321 NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the VLAN Configuration table, set DHCP Snooping Mode as Enable. A screen similar to the following displays. Figure 15-40 3. Configure the port through which DHCP server is reached as trusted. Here Interface 1/0/1 is trusted.
Page 322 NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 15-42 View the DHCP Snooping Binding table. From the main menu, select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays.
Page 323 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control > Dynamic ARP Inspection > DAI VLAN Configuration. A screen similar to the following displays. Figure 15-44 b. Set the VLAN ID as 1.
Page 324 NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 15-46 Now all the ARP packets received on the ports that are member of VLAN are copied to CPU for ARP inspection.
Page 325: Configuring Static Mapping
00:11:85:ee:54:e9 Configure ARP ACL used for the VLAN 1. (Netgear Switch) (Config)# ip arp inspection filter ArpFilter vlan 1 Now the ARP packets from the Static client will be through since it has an entry in the ARP ACL ARP packets from the DHCP client is also through since it has DHCP snooping entry.
Page 326 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Add. At the end of this configuration a screen similar to the following displays. Figure 15-48 2. Configure a rule to allow the static client. From the main menu, select Security > Control > Dynamic ARP Inspection > DAI ACL Rule Configuration.
Page 327: Dhcp Snooping
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 15-50 DHCP Snooping DHCP Snooping is a security feature that monitors DHCP messages between a DHCP clinet and DHCP server to filter harmful DHCP message and to build a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized.
Page 328 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring DHCP Snooping Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted.
Page 329 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. A screen similar to the one in Figure 15-53 displays. Enable DHCP snooping in a VLAN. From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays.
Page 330 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control > DHCP Snooping Interface Configuration. A screen similar to the following displays. Figure 15-55 b. Select the checkbox for Interface 1/0/1. Select Trust Mode as Enable for Interface 1/0/1.
Page 331: Enter Static Binding Into The Binding Database
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Figure 15-57 Enter Static Binding into the Binding Database The administrator can also enter the static binding into the binding database. This script in this section shows how to enter the static binding in the binding database.
Page 332: Configure The Maximum Rate Of Dhcp Messages
DHCP snooping brings down the interface. The user must do “no shutdown” on this interface to further work with that port. CLI: Configuring the Maximum Rate of DHCP Messages Control the maximum rate of DHCP messages. (Netgear Switch) (Interface 1/0/2)# ip dhcp snooping limit rate 5 15-48 Security Management v1.0, October 2009...
Page 333 NETGEAR Managed Switches Software Administration Manual, Release 8.0 View the rate configured. (GSM7328S) #show ip dhcp snooping interfaces 1/0/2 Interface Trust State Rate Limit Burst Interval (pps) (seconds) ---------- ------------- ------------- --------------- 1/0/2 Web Interface: Configuring the Maxiumum Rate of DHCP Messages Control the maximum rate of DHCP messages.
Page 334: Ip Source Guard
NETGEAR Managed Switches Software Administration Manual, Release 8.0 IP Source Guard IP Source Guard uses the DHCP snooping bindings database. When IP Source Guard is enabled, the switch drops incoming packets that do not match a binding in the bindings database. IP Source Guard can be configured to enforce just the source IP address or both the source IP address and source MAC address.
Page 335 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring Dynamic ARP Inspection Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted.
Page 336 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. Figure 15-63 b. Select DHCP Snooping Mode as Enable. Click Apply. At the end of this configuration a screen similar to Figure 15-64 is displayed.
Page 337 NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 15-65 Configure the port through which DHCP server is reached as trusted. Here interface 1/0/1 is trusted.
Page 338 NETGEAR Managed Switches Software Administration Manual, Release 8.0 View the DHCP Snooping Binding table. From the main menu, select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Figure 15-68 5. Enable IP Source Guard in the interface 1/0/2.
Page 339 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Add. At the end of this configuration a screen similar to the following displays. Figure 15-70 Security Management 15-55 v1.0, October 2009...
Page 340: Simple Network Time Protocol (Sntp)
SNTP client implemented over UDP which listens on port 123 Show SNTP (CLI Only) The following are examples of the commands used in the SNTP feature. show sntp (Netgear Switch Routing) #show sntp ? <cr> Press Enter to execute the command. client Display SNTP Client Information.
Page 341: Configure Sntp
NETGEAR Managed Switches Software Administration Manual, Release 8.0 show sntp client (Netgear Switch Routing) #show sntp client Client Supported Modes: unicast broadcast SNTP Version: Port: Client Mode: unicast Unicast Poll Interval: Poll Timeout (seconds): Poll Retry: show sntp server (Netgear Switch Routing) #show sntp server Server IP Address: 81.169.155.234...
Page 342 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring SNTP NETGEAR switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
Page 343 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring SNTP To use the Web interface to configure SNTP, proceed as follows: Configure SNTP server From the main menu, select System > Management>Time>SNTP Server Configuration. A screen similar to the following displays.
Page 344: Set The Time Zone (Cli Only)
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 16-2 b. Enter the following information in the SNTP Global Configuration. • Next to the Client Mode, Select the Unicast radio button • In the Time Zone Name field, enter PST •...
Page 345 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Because Netgear may change IP addresses assigned to its time servers, it is best to access a SNTP server by DNS name instead of using a hard-coded IP address. The public time servers available are time-a, time-b, and time-c.
Page 346 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the Version field, enter 4 Click Add. 2. Configure the DNS server. From the main menu, select System > Management>DNS>DNS Configuration. A screen similar to the following displays. Figure 16-4 b.
Page 347: Traceroute
In this example, the packet takes 16 hops to reach its destination. CLI:Traceroute (Netgear Switch) #traceroute? <ipaddr> Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? <cr> Press Enter to execute the command. <port> Enter port no. (Netgear Switch) #traceroute 216.109.118.74 17-1 v1.0, October 2009...
Page 348 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Tracing route over a maximum of 20 hops 10.254.24.1 40 ms 9 ms 10 ms 10.254.253.1 30 ms 49 ms 21 ms 63.237.23.33 29 ms 10 ms 10 ms 63.144.4.1 39 ms...
Page 349: Configuration Scripting
NETGEAR Managed Switches Software Administration Manual, Release 8.0 APPLY button, the switch will send three traceroute packets each hop, and the results will be displayed in the result table. b. Enter the following information in the Traceroute. In the IP Address field, enter 216.109.118.74.
Page 350: Script List And Script Delete
NETGEAR Managed Switches Software Administration Manual, Release 8.0 script (Netgear Switch) #script ? apply Applies configuration script to the switch. delete Deletes a configuration script file from the switch. list Lists all configuration script files present on the switch. show Displays the contents of configuration script.
Page 351: Pre-Login Banner
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create a Configuration Script (Netgear Switch) #show running-config running-config.scr Config script created successfully. (Netgear Switch) #script list Configuration Script Name Size(Bytes) ------------------------- ---------- running-config.scr 3201 1 configuration script(s) found. 1020799 bytes free.
Page 352: Port Mirroring
NETGEAR Managed Switches Software Administration Manual, Release 8.0 To create a Pre-Login Banner, follow these steps: On your PC, using Notepad create a banner.txt file that contains the banner to be displayed. Login Banner - Unauthorized access is punishable by law.
Page 353 NETGEAR Managed Switches Software Administration Manual, Release 8.0 The example is shown as CLI commands and as a Web interface procedure. CLI: Specifying the Source (Mirrored) Ports and Destination (Probe) (Netgear Switch)#config (Netgear Switch)(Config)#monitor session 1 mode Enable mirror (Netgear Switch)(Config)#monitor session 1 source interface 1/0/2 Specify the source interface.
Page 354: Dual Image
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Dual Image Traditionally switches contained a single image in the permanent-storage. This image is loaded into memory every time there is a reboot. Dual Image feature allows switches to have two images in the permanent storage.
Page 355 NETGEAR Managed Switches Software Administration Manual, Release 8.0 TFTP code transfer starting 101888 bytes transferred...277504 bytes transferred...410112 bytes transferred...628224 bytes transferred...803328 bytes transferred...978944 bytes transferred...1154560 bytes transferred...1330176 bytes transferred...1505280 bytes transferred...1680896 bytes transferred...1861632 bytes transferred...2040320 bytes transferred...2215936 bytes transferred...2391040 bytes transferred...2566656 bytes transferred...2741760 bytes transferred...2916864 bytes transferred...3092992 bytes...
Page 356 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Download a backup image via tftp. From the main menu, select Maintenance > Download >File Download. A screen similar to the following displays. Figure 17-3 b. Select Archive in the File Type field.
Page 357: Outbound Telnet
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under Dual Image Configuration, scroll down to image 2, select the checkbox for that image. The image2 now appears in the Image name field at the top. Select TRUE in the Active Image field.
Page 358 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: show telnet (Netgear Switch Routing)#show telnet Outbound Telnet Login Timeout (minutes)..5 Maximum Number of Outbound Telnet Sessions..5 Allow New Outbound Telnet Sessions..... Yes CLI: transport output telnet (Netgear Switch Routing) (Config)#lineconfig ? <cr>...
Page 359 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Access > Telnet. A screen similar to the following displays. Figure 17-5 2. Enter the following information in the Outbound Telnet. 3. Next to the Admin Mode, select the Enable radio button.
Page 360 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Access > Telnet. A screen similar to the following displays. Figure 17-6 2. Enter the following information in the Outbound Telnet. • In the Session Timeout field, enter 15.
Page 361: Syslog
Chapter 18 Syslog In this chapter, the following examples are provided: • “Show Logging” on page 18-2 • “Show Logging Buffered” on page 18-5 • “Show Logging Traplogs” on page 18-6 • “Show Logging Hosts” on page 18-7 • “Log Port Configuration” on page 18-8 The Syslog feature: •...
Page 362: Show Logging
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Show Logging The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging (Netgear Switch Routing) #show logging Logging Client Local Port CLI Command Logging disabled Console Logging...
Page 363 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the Syslog Configuration. Next to the Admin Status, select the Enable radio button. Click Apply. Configure the Command Log From the main menu, select Monitoring > Logs >Command Log.
Page 364 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 18-4 b. Enter the following information in the Console Log Configuration. Next to the Admin Status, click the Disable radio button. Click Apply. Configure Buffer Logs. From the main menu, select Monitoring > Logs >Buffer Logs. A screen similar to the following displays.
Page 365: Show Logging Buffered
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the Buffer Logs. Next to the Admin Status, click the Enable radio button. Click Apply. Show Logging Buffered The example is shown as CLI commands and as a Web interface procedure.
Page 366: Show Logging Traplogs
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 18-6 Show Logging Traplogs The example is shown as CLI commands and as a Web interface procedure. CLI: Showing Logging Traplogs (Netgear Switch Routing) #show logging traplogs <cr> Press Enter to execute the command.
Page 367: Show Logging Hosts
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Showing Logging Trap Logs From the main menu, select Monitoring –> Logs->Trap Logs. A screen similar to the following displays. Figure 18-7 Show Logging Hosts The example is shown as CLI commands and as a Web interface procedure.
Page 368: Log Port Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 18-8 Log Port Configuration The example is shown as CLI commands and as a Web interface procedure. CLI: Logging Port Configuration (Netgear Switch Routing) #config (Netgear Switch Routing) (Config)#logging ? buffered Buffered (In-Memory) Logging Configuration.
Page 369 Press Enter to execute the command. <severitylevel> Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1 ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1...
Page 370: Managing Switch Stacks
Chapter 19 Managing Switch Stacks This chapter describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches running Release 4.x.x.x or newer. NETGEAR stackable managed switches include the following models: • FSM7226RS • FSM7250RS • FSM7328S •...
Page 371: Understanding Switch Stacks
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Understanding Switch Stacks A switch stack is a set of up to eight Ethernet switches connected through their stacking ports. One of the switches controls the operation of the stack and is called the stack master. The stack master and the other switches in the stack are stack members.
Page 372 NETGEAR Managed Switches Software Administration Manual, Release 8.0 A standalone switch is a switch stack with one stack member that also operates as the stack master. You can connect one standalone switch to another to create a switch stack containing two stack members, with one of them being the stack master.
Page 373 NETGEAR Managed Switches Software Administration Manual, Release 8.0 use the regular Category 5 Ethernet 8 wire cable. Figure 19-1 Interconnect port 51 ports 51 and 52 as shown port 52 Figure 19-2 Stack Master Election and Re-Election The stack master is elected or re-elected based on one of these factors and in the order listed:...
Page 374: Stack Member Numbers
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The switch with the highest stack member priority value Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs.
Page 375: Switch Stack Offline Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Switch Stack Offline Configuration You can use the offline configuration feature to preconfigure (supply a configuration to) a new switch before it joins the switch stack. You can configure in advance the stack member number, the switch type, and the interfaces associated with a switch that is not currently part of the stack (see “Preconfiguration”...
Page 376: Switch Stack Software Compatibility Recommendations
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Effects of Removing a Preconfigured Switch from a Switch Stack If you remove a preconfigured switch from the switch stack, the configuration associated with the removed stack member remains in the running configuration as configured information. To completely remove the configuration, use the no member unit_number (this is in the stacking configuration mode).
Page 377: Switch Stack Configuration Scenarios
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • You can connect to the stack master through the console port of the stack master only. • You can connect to the stack master by using a Telnet connection to the IP address of the stack.
Page 378: Stacking Recommendations
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Stacking Recommendations The purpose of this section is to collect notes on recommended procedures and expected behavior of stacked managed switches. Procedures addressed initially are listed below. • Initial installation and power-up of a stack.
Page 379: Removing A Unit From The Stack
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Power on a second unit, making sure it is adjacent (next physical unit in the stack) to the unit already powered up. This will insure the second unit comes up as a member of the stack, and not a “Master” of a separate stack.
Page 380: Renumber Stack Members
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Replacing a Stack Member with a New Unit There are two possible situations here. First, if you replace a stack member of a certain model number with another unit of the same model, follow the process below: •...
Page 381 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Renumbering Stack Members To use the Web interface to renumber the stack number, proceed as follows: Renumbering the stacking member’s ID from 3 to 2. From the main menu, select System > Management > Basic > Stack Configuration. A screen similar to the following displays.
Page 382: Moving A Master To A Different Unit In The Stack
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Moving a Master to a Different Unit in the Stack This example is provided as CLI commands and a Web interface procedure. CLI: Moving a Master to a Different Unit in the Stack Using the movemanagement command, move the master to the desired unit number.
Page 383: Removing A Master Unit From An Operating Stack
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click the Apply. Note: If you move a master to a different unit, you may lose the connection to the switch because the IP address may be changed if the switch gets IP address using DHCP.
Page 384: Upgrading Firmware
NETGEAR Managed Switches Software Administration Manual, Release 8.0 4. After a unit type is preconfigured for a specific unit number, attaching a unit with different unit type for this unit number causes the switch to report an error. The show switch command indicates “config mismatch”...
Page 385: Web Interface: Upgrading Firmware
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Ports on the added unit should remain in the “detached” state. • A message should appear on the CLI indicating a code mismatch with the newly added unit. • To have the newly added unit to merge normally with the stack, code should be loaded to the newly added unit from the master using the copy command.
Page 386: Add A New Community
The example is shown as CLI commands and as a Web interface procedure. CLI: Adding a New Community (Netgear switch) #config (Netgear switch) (Config)#snmp-server community rw public@4 Web Interface: Adding a New Community To use the Web interface to add a new community, proceed as follows: From the main menu, select System >...
Page 387: Enable Snmp Trap
NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the Client Address field, enter 0.0.0.0. 4. In the Client IP Mask field, enter 0.0.0.0. 5. Select the Read/Write in the Access Mode field. 6. Select the Enable in the Status field.
Page 388: Configure Snmp V3
Configure SNMP V3 The example is shown as CLI commands and as a Web interface procedure. CLI: Configuring SNMP V3 This example shows how to configure SNMP v3 on the NETGEAR switches. (Netgear Switch) #config (Netgear Switch) (Config)#users passwd admin...
Page 389 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring SNMP V3 Change the user password. If you set the authentication mode to md5, you must make the length of password longer than 8 characters. From the main menu, select Security > Management Security > User Configuration >User Management.
Page 390: Sflow
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Select the admin in the User Name field. Next to Authentication Protocol, click the MD5 radio button. d. Next to the Encryption Protocol, click the DES radio button. In the Encryption Key field, enter 12345678.
Page 391 (Netgear Switch) (Config)# sflow receiver 1 ip 192.168.10.2 Configure the sFlow receiver timeout. Here sFlow samples will be sent to this receiver for the duration of 31536000 seconds. That is approximately one year. (Netgear Switch) (Config)# sflow receiver 1 owner NetMonitor timeout 31536000 SNMP 20-6...
Page 392 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Here the max datagram size is default 1400. It can be modified to a value between 200 to 9116 using the command sflow receiver 1 maxdatagram <size>. (GSM7328S) #show sflow receivers Receiver Owner...
Page 393 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter Receiver Address as 192.168.10.2. A screen similar to the following displays. Figure 20-7 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 20-8 Configure sampling ports sFlow receiver index, sampling rate, sampling max header size.
Page 394: Configure Time-Based Sampling Of Counters With Sflow
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 20-10 Configure Time-Based Sampling of Counters with sFlow CLI: Configuring Time-Based Sampling of Counters with sFlow Configure sampling ports sFlow receiver index, polling interval.
Page 395 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the Poller Interval as 300. A screen similar to the following displays. Figure 20-11 d. Click Apply. SNMP 20-10 v1.0, October 2009...
Page 396: Specify Two Dns Servers
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 21 In this chapter, the following examples are provided: • “Specify Two DNS Servers” • “Manually Add a Host Name and an IP Address” on page 21-2 This section describes the Domain Name System (DNS) feature. The DNS protocol maps a host name to an IP address, allowing you to replace the IP address with the host name for IP commands such as a ping and a traceroute, and for features such as RADIUS, DHCP Relay, SNTP, SNMP, TFTP, SYSLOG, and UDP Relay.
Page 397: Manually Add A Host Name And An Ip Address
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select System > Management > DNS > DNS Configuration. A screen similar to the following displays. Figure 21-1 2. Under DNS Server Configuration, in the DNS Server field, enter 12.7.210.170.
Page 398 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Manually Adding a Host Name and an IP Address To use the Web interface to manually add a host name and an IP address, proceed as follows: From the main menu, select System > Management > DNS > Host Configuration. A screen similar to the following displays.
Page 399: Dhcp Server
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 22 DHCP Server This section describes the DHCP server configuration. When a client sends a request to a DHCP server, the DHCP server assigns the IP address from address pools that are specified on the switch. The network in the DHCP pool must belong to the same subnet.
Page 400 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. Figure 22-1 2. Next to Admin Mode, select the Enable radio button.
Page 401: Configure A Dhcp Reservation
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 22-2 Under DHCP Pool Configuration, enter the following information: • Select Create in the Pool Name field. • In the Pool Name field, enter pool_dynamic. • Select Dynamic in the Type of Binding field.
Page 402 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring a DHCP Reservation To use the CLI to create a DHCP server with a with a manual pool, enter the following CLI commands: (Netgear Switch)#config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config)#ip dhcp pool pool_manual...
Page 403 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 22-4 5. Under DHCP Pool Configuration, enter the following information: •...
Page 404: Double Vlans
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 23 Double VLANs This section describes how to configure the Double VLAN (DVLAN) feature on the switch. A DVLAN is a way to pass traffic of customers who have multiple VLANs from one customer domain to another customer domain.
Page 405: Enable A Double Vlan
2 switch connecting all these devices in your domain. The layer 2 switch tags the packet going to the NETGEAR switch port 1/0/24. The example is shown as CLI commands and as a Web interface procedure. The two NETGEAR switches have the same configuration.
Page 406 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. Figure 23-2 b. Under VLAN Configuration, enter the following information and make the following selection: •...
Page 407 NETGEAR Managed Switches Software Administration Manual, Release 8.0 similar to the following displays. Figure 23-3 b. Under VLAN Membership, select 200 in the VLAN ID field. Click Unit 1. The ports display: • Click the gray box under port 24 twice until U displays. The U specifies that the egress packet is untagged for the port.
Page 408 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Change the Port VLAN ID (PVID) of port 24 to 200: From the main menu, select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays.
Page 409 NETGEAR Managed Switches Software Administration Manual, Release 8.0 screen similar to the following displays. Figure 23-5 b. Under DVLAN Configuration, scroll down to interface 1/0/48 and select the chechbox for that interface. Now 1/0/48 appears in the Interface field at the top.
Page 410: Private Vlan Groups
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 24 Private VLAN Groups The private VLAN Group allows network administrator to create groups of users within a VLAN that cannot communicate with members in different groups but only within the same group. There are two modes for the private group.
Page 411 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Creating a Private VLAN Group (Netgear Switch) # (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/6 (Netgear Switch) (Interface 1/0/6)#vlan participation include 200...
Page 412 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Creating a Private VLAN Group To use the Web interface, proceed as follows: Create a VLAN 200. From the main menu, select Switching > VLAN > Basic > VLAN configuration. A screen similar to the following displays.
Page 413 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. In the VLAN Membership, select 200 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box under port 6 , 7, 16 and 17 until U displays. The U specifies that the egress packet is untagged for the port.
Page 414 NETGEAR Managed Switches Software Administration Manual, Release 8.0 VLAN > Private Group Configuration. A screen similar to the following displays. Figure 24-5 b. In the Group Name field, enter group1. In the Group ID field, enter 1. d. Select community in the Group Mode field.
Page 415 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Traffic Control >Private Group VLAN > Private Group Configuration. A screen similar to the following displays. Figure 24-7 b. In the Group Name field, enter group2.
Page 416: Spanning Tree Protocol
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 25 Spanning Tree Protocol In this chapter, the following examples are provided: • “Configure Classic STP (802.1d)” • “Configure Rapid STP (802.1w)” on page 25-3 • “Configure Multiple STP (802.1s)” on page 25-4 The purpose of spanning tree is to eliminate the loops in the switch system.
Page 417 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > STP > STP Configuration. A screen similar to the following displays. Figure 25-1 b. Enter the following information in the STP Configuration. • Next to the Spanning Tree Admin Mode, select the Enable radio button.
Page 418: Configure Rapid Stp (802.1W)
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under CST Port Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface. Now 1/0/3 appears in the Interface field at the top. In the CST Port Configuration, select Enable in the Port Mode field.
Page 419: Configure Multiple Stp (802.1S)
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Next to the Force Protocol Version, select the IEEE 802.1w radio button. Click Apply. 2. Configure CST Port Configuration. From the main menu, select Switching -> STP -> CST Port Configuration. A screen similar to the following displays.
Page 420 (Netgear switch) (Config)# spanning-tree mst vlan 2 12 Associate the mst instance 2 with the VLAN 11 and 12 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 port-priority 128 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 cost 0 Web Interface: Configuring Multiple STP (802.1s) To use the Web interface to configure the managed switch, proceed as follows: Enable 802.1s on the switch.
Page 421 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Next to the Spanning Tree Admin Mode, select the Enable radio button. • Next to the Force Protocol Version, select the IEEE 802.1s radio button. Click Apply. Configure MST Configuration. From the main menu, select Switching > STP > MST Configuration. A screen similar to the following displays.
Page 422 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure MST Port. From the main menu, select Switching > STP > MST Port Status. A screen similar to the following displays. Figure 25-7 4. Under MST Port Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 423: Tunnel
On GSM7328S_1 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ipv6 forwarding (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#exit 26-1 v1.0, October 2009...
Page 424 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#ipv6 address 2000::1/64 (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip (Netgear Switch) (Interface tunnel 0)#tunnel source 192.168.1.1 (Netgear Switch) (Interface tunnel 0)#tunnel destination 192.1.168.1.2...
Page 425 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#ipv6 address 2000::2/64 (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip (Netgear Switch) (Interface tunnel 0)#tunnel source 192.168.1.2 (Netgear Switch) (Interface tunnel 0)#tunnel destination 192.168.1.1...
Page 426 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IPv6 >Basic>Global Configuration. A screen similar to the following displays. Figure 26-3 b. Next to the IPv6 Unicast Routing, select the Enable Radio button. Next to the IPv6 Forwarding, select the Enable Radio button.
Page 427 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create a 6-in-4 tunnel interface. From the main menu, select Routing > IPv6 >Advanced>Tunnel Configuration. A screen similar to the following displays. Figure 26-5 b. Select 0 in Tunnel Id field. Select 6-in-4-configured in the Mode field.
Page 428 NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the IPv6 Prefix field, enter 2000::1. d. In the Length field, enter 64. Select Disable in EUI64 field. Click Add. On GSM7328S_2 To use the Web interface to create a tunnel, proceed as follows: Enable IP routing on the switch.
Page 429 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IPv6 >Basic>Global Configuration. A screen similar to the following displays. Figure 26-8 b. Next to the IPv6 Unicast Routing, select the Enable Radio button. Next to the IPv6 Forwarding, select the Enable Radio button.
Page 430 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IPv6 >Advanced>Tunnel Configuration. A screen similar to the following displays. Figure 26-10 b. Select 0 in the Tunnel Id field. Select 6-in-4-configured in the Mode field.
Page 431 NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the IPv6 Prefix field, enter 2000::2. d. In the Length field, enter 64. Select Disable in the EUI64 field. Click Add. Tunnel 26-9 v1.0, October 2009...
Page 432: Ipv6 Interface Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 27 IPv6 Interface Configuration In this chapter, the following examples are provided: • “Creating an IPv6 Routing Interface” • “Create an IPv6 Network Interface” on page 27-4 • “Create an IPv6 Routing VLAN” on page 27-6...
Page 433 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) #show ipv6 interface 1/0/1 IPv6 is enabled IPv6 Prefix is ........ FE80::21E:2AFF:FED9:249B/128 2000::2/64 [TENT] Routing Mode........Enabled Administrative Mode......Enabled IPv6 Routing Operational Mode....Enabled Bandwidth........1000000 kbps Interface Maximum Transmit Unit....1500 Router Duplicate Address Detection Transmits...
Page 434 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Next to the IPv6 Forwarding, select the Enable Radio button. d. Click Apply. Enable IPv6 routing on the interface 1/0/1 From the main menu, select Routing > IPv6 >Advanced>Interface Configuration. A screen similar to the following displays.
Page 435: Create An Ipv6 Network Interface
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Disable in the EUI64 field. Click Add. Create an IPv6 Network Interface The IPv6 network interface is the logical interface used for in-band connectivity with the switch via any of the switch’s front panel ports. The configuration parameters associated with the switch’s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
Page 436 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 27-4 b. Next to the Admin Mode, select the Enable Radio button. In the IPv6 Prefix/Prefix Length field, enter 2001:1::1/64. d. Select False in the EUI64 field. Click Add. 2. Add an IPv6 gateway to the network interface.
Page 437: Create An Ipv6 Routing Vlan
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create an IPv6 Routing VLAN CLI: Creating an IPv6 Routing VLAN Create a routing VLAN with VLAN ID 500. Netgear Switch) (Vlan)#vlan 500 (Netgear Switch) (Vlan)#vlan routing 500 (Netgear Switch) (Vlan)#exit Add the interface 1/0/1 to VLAN 500.
Page 438 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) #show ipv6 interface 0/4/1 IPv6 is enabled IPv6 Prefix is ........ FE80::21E:2AFF:FED9:249B/128 2000::1/64 Routing Mode........Enabled Administrative Mode......Enabled IPv6 Routing Operational Mode....Enabled Bandwidth........10000 kbps Interface Maximum Transmit Unit....1500 Router Duplicate Address Detection Transmits...
Page 439 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. In the VLAN ID field, enter 500. Select Static in the VLAN Type field. d. Click Add. 2. Add ports to the VLAN 500. a. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 440 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under PVID Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. In the PVID Configuration enter 500 in the PVID(1 to 4093) field. d. Click Apply to save the settings.
Page 441 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Click the tag VLANS, then logical VLAN interface 0/4/2 will be displayed. Select the checkbox for 0/4/2, and in the IPv6 Interface Configuration, select Enable in the IPv6 Mode field. d. Click Apply.
Page 442: Pim
Chapter 28 In this chapter, the following examples are provided: • “PIM-DM Configuration” • “PIM-SM Configuration” on page 28-27 Note: The PIM protocol can be configured to operate on IPv4 and IPv6 networks. Separate configuration CLI commands are provided for IPv4 and IPv6 operation; however, most configuration options are common to both protocols.
Page 443 NETGEAR Managed Switches Software Administration Manual, Release 8.0 versions of PIM-DM. Version 2 does not use IGMP messages; instead, it uses a message that is encapsulated in IP packets with protocol number 103. In Version 2, the Hello message is introduced in place of the query message.
Page 444 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring PIM-DM On Switch A Enable IP routing on the switch. (Netgear Switch) #configure (Netgear Switch) (Config)#ip routing Enable pimdm on the switch. (Netgear Switch) (Config)#ip pimdm Enable ip multicast forwarding on the switch.
Page 445 NETGEAR Managed Switches Software Administration Manual, Release 8.0 On Switch B (Netgear Switch) #configure (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimdm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/10 (Netgear Switch) (Interface 1/0/10)#routing (Netgear Switch) (Interface 1/0/10)#ip address 192.168.3.2 255.255.255.0...
Page 446 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/21)#ip rip (Netgear Switch) (Interface 1/0/21)#ip pimdm (Netgear Switch) (Interface 1/0/21)#exit...
Page 447 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (C) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ----------- --------- -------- --------- --------------- 192.168.1.1 225.1.1.1 PIMDM 1/0/21 (D) #show ip mcast mroute summary...
Page 448 NETGEAR Managed Switches Software Administration Manual, Release 8.0 similar to the following displays. Figure 28-3 b. Under IP Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. 1/0/1 now appears in the Interface field at the top.
Page 449 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under IP Interface Configuration, scroll down to interface 1/0/9 and select the checkbox for 1/0/9. 1/0/9 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 450 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing >RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-6 b. Select 1/0/1 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 451 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-8 b. Select 1/0/13 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 452 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 28-10 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 453 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. Then select 1/0/9 and 1/0/13. In the PIM-DM Interface Configuration, select Enable in the Admin Mode field.
Page 454 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-13 b. Under IP Interface Configuration, scroll down to interface 1/0/10 and select the checkbox for 1/0/ 10. Now 1/0/10 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 455 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings. Enable rip on the interface 1/0/10. From the main menu, select Routing >RIP >Advanced > Interface Configuration. A screen similar to the following displays.
Page 456 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 28-17 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 457 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-SM->Interface Configuration. A screen similar to the following displays. Figure 28-19 b. Under PIM-SM Interface Configuration, scroll down to interface 1/0/10 and select the checkbox for 1/0/10.
Page 458 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-20 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 459 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 28-22 b. Under IP Interface Configuration, scroll down to interface 1/0/22 and select the checkbox for 1/0/22.
Page 460 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable rip on the interface 1/0/22. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-24 b. Select 1/0/22 in the Interface field.
Page 461 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 28-26 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 462 NETGEAR Managed Switches Software Administration Manual, Release 8.0 On Switch D: To use the Web interface to config PIM-DM, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays.
Page 463 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.2.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings.
Page 464 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-31 b. Under IP Interface Configuration, scroll down to interface 1/0/24 and select the checkbox for 1/0/ 24. 1/0/24 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 465 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-33 b. Select 1/0/22 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 466 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 28-35 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 467 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-DM->Interface Configuration. A screen similar to the following displays. Figure 28-37 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
Page 468: Pim-Sm Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >IGMP->Interface Configuration. A screen similar to the following displays. Figure 28-39 b. Under IGMP Routing Interface Configuration, scroll down to interface 1/0/24and select the checkbox for 1/0/24.
Page 469 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Source IP 192.168.1.1 Port 1/0/13 Port1/0/9 Port 1/0/10 Switch A Switch B Subnet 192.168.3.0/24 Port Port 1/0/1 1/0/11 Port Port 1/0/21 1/0/21 Port 1/0/22 Port 1/0/22 Switch D Switch C Subnet 192.168.6.0/24...
Page 470 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring PIM-SM On Switch A Enable ip routing on the switch. (Netgear Switch)#configure (Netgear Switch) (Config)#ip routing Enable pim-sm on the switch. (Netgear Switch) (Config)#ip pimsm Enable ip multicast forwarding on the switch.
Page 471 NETGEAR Managed Switches Software Administration Manual, Release 8.0 On Switch B Enable the switch to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR). (Netgear Switch)#configure (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimsm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip pimsm rp-candidate interface 1/0/11 225.1.1.1...
Page 472 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Config)#interface 1/0/22 (Netgear Switch) (Interface 1/0/22)#routing (Netgear Switch) (Interface 1/0/22)#ip address 192.168.6.1 255.255.255.0 (Netgear Switch) (Interface 1/0/22)#ip rip (Netgear Switch) (Interface 1/0/22)#ip pimsm (Netgear Switch) (Interface 1/0/22)#exit On Switch D...
Page 473 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (A) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ----------- --------- --------- --------- --------------- 192.168.1.1 225.1.1.1 PIMSM 1/0/13 1/0/1 (B) #show ip mcast mroute summary...
Page 474 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-41 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/1 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 475 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 28-43 b. Under IP Interface Configuration, scroll down to interface 1/0/9 and select teh checkbox for 1/0/9.
Page 476 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-44 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the checkbox for 1/0/ 13. 1/0/13 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 477 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable rip on the interface 1/0/9. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-46 b. Select 1/0/9 in the Interface field.
Page 478 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 28-48 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 479 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-SM->Interface Configuration. A screen similar to the following displays. Figure 28-50 b. Under PIM-SM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 480 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-51 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/10 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 481 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 28-53 b. Under IP Interface Configuration, scroll down to interface 1/0/11 and select the checkbox for 1/0/ 11.
Page 482 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable rip on the interface 1/0/11. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-55 b. Select 1/0/11 in the Interface field.
Page 483 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 28-57 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 484 NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the PIM-SM Interface Configuration, select Enable in the Admin Mode field. d. Click Apply to save the settings. Candidate RP Configuration. From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays.
Page 485 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-60 b. Select the 1/0/10 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 7. Click Apply. On Switch C: To use the Web interface to config PIM-SM, proceed as follows: Enable IP routing on the switch.
Page 486 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-61 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 487 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 28-63 b. Under IP Interface Configuration, scroll down to interface 1/0/22 and select the checkbox for 1/0/ 22.
Page 488 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable rip on the interface 1/0/22. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-65 b. Select 1/0/22 in the Interface field.
Page 489 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 28-67 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 490 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays. Figure 28-69 b. Select 1/0/22 in the Interface field. In the Group IP, enter 225.1.1.1.
Page 491 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-70 b. Select the 1/0/21 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 5. Click Apply. On Switch D: To use the Web interface to config PIM-SM, proceed as follows: Enable IP routing on the switch.
Page 492 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-71 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 493 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 28-73 b. Under IP Interface Configuration, scroll down to interface 1/0/22and select the checkbox for 1/0/ 22.
Page 494 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.4.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings.
Page 495 NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply. Enable rip on the interface 1/0/24. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-77 b. Select 1/0/24 in the Interface field.
Page 496 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable PIM-SM globally. From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 28-79 b. Next to the Admin Mode, select the Enable radio button.
Page 497 NETGEAR Managed Switches Software Administration Manual, Release 8.0 11. Candidate RP Configuration. From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays. Figure 28-81 b. Select 1/0/22 in the Interface field. In the Group IP, enter 225.1.1.1.
Page 498 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-82 b. Select 1/0/22 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 3. Click Apply. 13. Enable IGMP globally. From the main menu, select Routing > Multicast >IGMP->Global Configuration. A screen similar to the following displays.
Page 499 NETGEAR Managed Switches Software Administration Manual, Release 8.0 14. Enable IGMP on the interface 1/0/24. From the main menu, select Routing > Multicast >IGMP->Interface Configuration. A screen similar to the following displays. Figure 28-84 b. Under IGMP Routing Interface Configuration, scroll down to interface 1/0/24and select the checkbox for 1/0/24.
Page 500: Chapter 29 Dhcp L2 Relay
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 29 DHCP L2 Relay DHCP Relay Agents eliminate the necessity of having a DHCP server on each physical network. Relay Agents populate the giaddr field and also append the Relay Agent Information option to the DHCP messages.
Page 501 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: DHCP L2 Relay (Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 200 (Netgear Switch)(Vlan)#exit Enable DHCP L2relay on the switch. (Netgear Switch) (Config)#dhcp l2relay (Netgear Switch) (Config)#dhcp l2relay vlan 200 Enable Option 82 Circuit ID field.
Page 502 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Trust packets with option 82 received on port 1/0/6. (Netgear Switch) (Interface 1/0/6)# dhcp l2relay trust (Netgear Switch) (Interface 1/0/6)# vlan pvid 200 (Netgear Switch) (Interface 1/0/6)# vlan participation include 200 (Netgear Switch) (Interface 1/0/6)# exit...
Page 503 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 29-3 b. Select 200 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box under port 4, port 5 and port 6 until U displays. The U specifies that the egress packet is untagged for the port.
Page 504 NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply to save the settings. 4. Enable DHCP L2 Relay on VLAN 200. From the main menu, select System > Services> DHCP L2 Relay > DHCP L2 Relay Configuration. A screen similar to the following displays.
Page 505 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 29-6 b. Under DHCP L2 Relay Configuration, scroll down to interface 1/0/4 and select the 1/0/4 checkbox. Next select the checkboxes for 1/0/5 and 1/0/6. Select Enable in the Admin Mode field.
Page 506: Mld
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 30 In this chapter, the following examples are provided: • “Configure MLD” on page 32-2 • “MLD Snooping” on page 32-5 Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover the presence of multicast listeners, the nodes who wish to receive the multicast data packets, on its directly-attached interfaces.
Page 507 NETGEAR Managed Switches Software Administration Manual, Release 8.0 IPv6 multicast source 2001:2::/65 Port 1/0/13 Switch A Port 1/0/1 2001:1::/64 Port 1/0/21 Switch B Port 1/0/24 2001:3::/64 Host Figure 30-1 CLI: Configuring MLD On Switch A (Netgear Switch)#configure (Netgear Switch) (Config)#ipv6 router ospf (Netgear Switch) (Config-rtr)#router-id 1.1.1.1...
Page 508 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface 1/0/13)#ipv6 address 2001:2::1/64 (Netgear Switch) (Interface 1/0/13)#ipv6 enable (Netgear Switch) (Interface 1/0/13)#ipv6 pimdm (Netgear Switch) (Interface 1/0/13)#ipv6 ospf (Netgear Switch) (Interface 1/0/13)#exit On Switch B Enable OSPFv3 to build unicast route table.
Page 509 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable MLD on the 1/0/24. (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ipv6 address 2001:1::2/64 (Netgear Switch) (Interface 1/0/21)#ipv6 enable (Netgear Switch) (Interface 1/0/21)#ipv6 pimdm (Netgear Switch) (Interface 1/0/21)#ipv6 ospf...
Page 510 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 30-2 b. Next to the Routing Mode, select the Enable radio button. Click Apply.
Page 511 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Interface Configuration. A screen similar to the following displays. Figure 30-4 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/ 1.
Page 512 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 30-5 b. Under IPv6 Interface Selection, select 1/0/1 in the Interface field.
Page 513 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 30-6 b. Under IPv6 Interface Selection, select the 1/0/13 in the Interface field.
Page 514 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable OSPFv3 on the interface 1/0/1 and 1/0/13. From the main menu, select Routing > OSPFv3 >Advanced > Interface Configuration. A screen similar to the following displays. Figure 30-8 b. Under OSPFv3 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 515 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-DM globally. From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays.
Page 516 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-DM->Interface Configuration. A screen similar to the following displays. Figure 30-11 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 517 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 30-12 b. Next to the Routing Mode, select the Enable radio button. Click Apply.
Page 518 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Interface Configuration. A screen similar to the following displays. Figure 30-14 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
Page 519 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 30-15 b. Under IPv6 Interface Selection, select 1/0/21 in the Interface field.
Page 520 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 30-16 b. Under IPv6 Interface Selection, select 1/0/24 in the Interface field.
Page 521 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable OSPFv3 on the interface 1/0/21 and 1/0/24. From the main menu, select Routing > OSPFv3 >Advanced > Interface Configuration. A screen similar to the following displays. Figure 30-18 b. Under OSPFv3 Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
Page 522 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 30-20 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 523 NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the PIM-DM Interface Configuration, select Enable in the Admin Mode field. d. Click Apply to save the settings. 11. Enable MLD on the switch. From the main menu, select Routing >Multicast >MLD >Global configuration. A screen similar to the following displays.
Page 524: Mld Snooping
NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the MLD Routing Interface Configuration, select Enable in the Admin Mode field. d. Click Apply. MLD Snooping In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast address.
Page 525 NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: MLD Snooping (Netgear Switch) #vlan da (Netgear Switch) (Vlan)#vlan 300 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 300 (Netgear Switch) (Interface 1/0/1)#vlan pvid 300...
Page 526 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays. Figure 30-24 b. In the VLAN Configuration, VLAN ID field, enter 300 Click Add.
Page 527 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply 3. Assign PVID to port 1/0/1 and 1/0/24. a. From the main menu, select Switching > VLAN> Advanced > Port PVID Configuraton. A screen similar to the following displays. Figure 30-26 b.
Page 528 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. Enable MLD Snooping on the VLAN 300. From the main menu, select Routing > Multicast >MLD Snooping > MLD VLAN Configuration. A screen similar to the following displays. Figure 30-28 b.
Page 529: Dvmrp
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 31 DVMRP The Distance Vector Multicast Routing Protocol (DVMRP) is used for multicasting over IP networks without routing protocols to support multicast. The DVMRP is based on the RIP protocol but more complicated than RIP.
Page 530 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Multicast Resource 192.168.1.0/24 192.168.4.0/24 Switch A 1/0/1 1/0/13 1/0/21 1/0/13 Switch B 1/0/20 Host 1/0/11 1/0/24 1/0/3 Switch C 192.168.5.0/24 192.168.4.0/24 Figure 31-1 CLI: Configuring DVMRP On Switch A: Create routing interface 1/0/1,1/0/13 and 1/0/21.
Page 531 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable DVMRP protocol on the switch. (Netgear Switch) (Config)#ip dvmrp Enable DVMRP mode on the interface 1/0/1,1/0/13 and 1/0/21. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#ip dvmrp (Netgear Switch) (Interface 1/0/1)#exit...
Page 532 NETGEAR Managed Switches Software Administration Manual, Release 8.0 On Switch B Create the routing port 1/0/13 and 1/0/20. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface 1/0/13)#ip address 192.168.2.2 255.255.255.0...
Page 533 NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) #show ip dvmrp neighbor Interface ........1/0/13 Neighbor IP Address ......192.168.2.1 State ......... Active Up Time (hh:mm:ss) ......00:02:26 Expiry Time (hh:mm:ss) ......00:00:20 Generation ID ......... 88091 Major Version ......... 3 Minor Version .........
Page 534 NETGEAR Managed Switches Software Administration Manual, Release 8.0 On Switch C: Create the routing interface 1/0/11,1/0/3 and 1/0/24. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#ip routing (Netgear Switch) (Interface 1/0/11)#ip address 192.168.3.1 255.255.255.0...
Page 535 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable IGMP mode on the interface 1/0/24. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch) #show ip dvmrp neighbor Interface ........1/0/11 Neighbor IP Address ......192.168.3.2 State .........
Page 536 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 31-2 b. Next to the Routing Mode, select the Enable radio button.
Page 537 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Select Enable in the Routing Mode field. d. Click Apply to save the settings. 3. Configure 1/0/13 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 538 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 31-5 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the checkbox for 1/0/ 13.
Page 539 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable DVMRP on the switch. From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays.
Page 540 NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under DVMRP Interface Configuration, scroll down to interface 1/0/1 and select the 1/0/1 checkbox. Select the 1/0/13 checkbox and the 1/0/21 checkbox. Select Enable in the Interface Mode field. d. Click Apply to save the settings.
Page 541 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 31-10 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the 1/0/13 checkbox.
Page 542 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.4.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings.
Page 543 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays. Figure 31-13 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 544 NETGEAR Managed Switches Software Administration Manual, Release 8.0 On Switch C: To use the Web interface to config DVMRP, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays.
Page 545 NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings. 3. Configure 1/0/3 as a routing port and assign IP address to it.
Page 546 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 31-18 b. Under IP Interface Configuration, scroll down to interface 1/0/24 and select the 1/0/24 checkbox. Now 1/0/24 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 547 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays. Figure 31-20 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 548 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Enable in the Interface Mode field. d. Click Apply to save the settings. 8. Enable IGMP on the switch. From the main menu, select Routing > Multicast >IGMP>Global Configuration. A screen similar to the following displays.
Page 549: Captive Portal
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 32 Captive Portal This chapter includes the following sections: • “Captive Portal Configuration” on page 32-2 • “Enable Captive Portal” on page 32-2 • “Client Access, Authentication, and Control” on page 32-5 •...
Page 550: Captive Portal Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The clients connecting to the Captive Portal interface have three states; the "Unknown State", the "Unauthenticated State", and the "Authenticated" state. In the unknown state the CP doesn't redirect HTTP/ S traffic to the switch, but instead asks the switch whether the client is authenticated or unauthenticated. In the Unauthenticated state the CP directs the HTTP/S traffic to the switch so that the client can authenticate with the switch.
Page 551 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable captive portal instance 1 on port 1/0/1. (Netgear Switch) (Config-CP 1)#interface 1/0/1 Web Interface: Enabling Captive Portal To use the Web interface to configure the Captive Portal, proceed as follows: Enable Captive Portal on the switch.
Page 552 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control >Captive Portal> CP Configuration. A screen similar to the following displays. Figure 32-2 b. Under Captive Portal Configuration, scroll down to CP ID 1 and select the CP 1 checkbox. Now CP 1appears in the CP ID field at the top.
Page 553: Client Access, Authentication, And Control
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Client Access, Authentication, and Control User verification can be configured to allow access for guest users; users that do not have assigned user names and passwords. User verification can also be configured to allow access for authenticated users.
Page 554: Local Authorization User/Group Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Local Authorization User/Group Configuration When using Local authentication, the administrator provides user identities for Captive Portal by adding unique user names and passwords to the Local User Database. This configuration is global to the captive portal component and can contain up to 128 user entries (a RADIUS server should be used if more users are required).
Page 555 NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control >Captive Portal > CP Group Configuration. A screen similar to the following displays. Figure 32-5 b. Enter the following information in the CP Group Configuration.
Page 556: Remote Authorization (Radius) User Configuration
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the User ID Field, enter 2. • In the User Name field, enter user1. • In the Password field, enter 12345678. • In the Confirm Password field, enter 12345678. •...
Page 557 NETGEAR Managed Switches Software Administration Manual, Release 8.0 Table 32-1. RADIUS Attributes for Configuring Captive Portal Users (continued) RADIUS Attribute No. Description Range Usage Default WISPr-Max- 14122, Maximum client transmit rate (b/s). Integer Optional Bandwidth-Up Limits the bandwidth at which the client can send data into the network.
Page 558: Ssl Certificates
NETGEAR Managed Switches Software Administration Manual, Release 8.0 SSL Certificates A Captive Portal instance can be configured to use the HTTPS protocol during its user verification process. The connection method for HTTPS uses the Secure Sockets Layer (SSL) protocol which requires a certificate to provide encryption.
Page 559: Index
Index Numerics queue configuration 12-2 queue mapping 12-1 802.1x port security 15-13 set classofservice trust mode 12-3, 12-4 setting Trust Mode 12-8 show classofservice ip-precedence mapping 12-5 show classofservice trust 12-3 ACL mirroring 11-43 traffic shaping 12-9 ACL redirect 11-49 CoS queueing 12-1 ACLs...
Page 560 NETGEAR Managed Switches Software Administration Manual, Release 8.0 MLD Snooping 30-19 IGMP querier 14-7, 14-8 status 14-9 IGMP snooping 14-1, 14-8 17-11 14-2 external multicast router 14-4 multicast router using VLAN 14-6 show mac-address-table 14-3 OSPF 5-2, 8-1, 8-35 show mac-address-table igmpsnooping...
Page 561 NETGEAR Managed Switches Software Administration Manual, Release 8.0 membership 19-2 offline configuration 19-6 sFlow 20-5 software compatibility 19-7 show logging 18-2 stacking recommendations 19-9 upgrading firmware 19-15 show logging buffered 18-5 syslog 18-1 show logging hosts 18-7 show logging traplogs...

This manual is also suitable for:

Fsm726v3 - prosafe fast ethernet l2 managed switch Gsm7224v2 - layer 2 managed gigabit switch Gsm7248v2 - prosafe 48 port layer 2 gigabit l2 ethernet switch Gsm7328sv1 - prosafe 24+4 gigabit ethernet l3 managed stackable switch Gsm7328sv2 - prosafe 24+4 gigabit ethernet l3 managed stackable switch Gsm7352sv1 - prosafe 48+4 gigabit ethernet l3 managed stackable switch ... Show all

NETGEAR FSM7328SNA Administration Manual

About this Manual

Chapter 1 Getting Started

Chapter 2 Auto Install Configuration

Chapter 3 Virtual Lans

Chapter 4 Link Aggregation

Chapter 5 Port Routing

Chapter 6 VLAN Routing

Chapter 7 Routing Information Protocol

Chapter 8 OSPF

Chapter 9 Proxy Address Resolution Protocol (ARP)

Chapter 10 Virtual Router Redundancy Protocol

Chapter 11 Access Control Lists (Acls)

Chapter 12 Class of Service (Cos) Queuing

Chapter 13 Differentiated Services

Chapter 14 IGMP Snooping and Querier

Chapter 15 Security Management

Chapter 16 Simple Network Time Protocol (SNTP)

Chapter 17 Tools

Chapter 18 Syslog

Chapter 19 Managing Switch Stacks

Chapter 20 SNMP

Chapter 21 DNS

Chapter 22 DHCP Server

Chapter 23 Double Vlans

Chapter 24 Private VLAN Groups

Chapter 25 Spanning Tree Protocol

Chapter 26

Tunnel

Chapter 27 Ipv6 Interface Configuration

Chapter 28 PIM

Chapter 29 DHCP L2 Relay

Chapter 30 MLD

Chapter 31 DVMRP

Chapter 32 Captive Portal

Index

Quick Links

Related Manuals for NETGEAR FSM7328SNA

Summary of Contents for NETGEAR FSM7328SNA