Page 1 ProSafe 7000 Managed Switch Release 8.0.3 Software Administration Manual 350 East Plumeria Drive San Jose, CA 95134 November 2010 202-10515-04 v1.0...
Page 2: Technical Support
NETGEAR, Inc. Technical Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, or get support online, visit us at http://support.netgear.com.
Page 3: Table Of Contents
Table of Contents Chapter 1 Documentation Resources Chapter 2 VLANs Create Two VLANs......... . . 10 Assign Ports to VLAN2 .
Page 4 ProSafe 7000 Managed Switch Release 8.0.3 Inter-area Router ..........65 OSPF on a Border Router .
Page 5 ProSafe 7000 Managed Switch Release 8.0.3 External Multicast Router ........219 Multicast Router Using VLAN .
Page 6 ProSafe 7000 Managed Switch Release 8.0.3 The Stack Master and Stack Members ......303 Install and Power-up a Stack ........305 Switch Firmware.
Page 7 ProSafe 7000 Managed Switch Release 8.0.3 Chapter 26 PIM PIM-DM ..........373 PIM-SM.
Page 8: Chapter 1 Documentation Resources
Software Setup Guide • NETGEAR CLI Reference for the Prosafe 7X00 Series Managed Switch. Refer to the Command Line Reference for information about the command structure. There are different documents in this series; choose the appropriate one for your product.
Page 9: Chapter 2 Vlans
VLANs Virtual LANs This chapter provides the following examples: • Create Two VLANs on page 10 • Assign Ports to VLAN2 on page 12 • Assign Ports to VLAN3 on page 13 • Assign VLAN3 as the Default VLAN for Port 1/0/2 on page 15 •...
Page 10: Create Two Vlans
The example is shown as CLI commands and as a Web interface procedure. CLI: Create Two VLANS Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan 3 (Netgear Switch) (Vlan)#exit Web Interface: Create Two VLANS Create VLAN2.
Page 11 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 2. • In the VLAN Name field, enter VLAN2. •...
Page 12: Assign Ports To Vlan2
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#vlan port tagging all 2 (Netgear Switch) (Config)# Web Interface: Assign Ports to VLAN2 Assign ports to VLAN2. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays.
Page 13: Assign Ports To Vlan3
1/0/4. Note that port 1/0/2 belongs to both VLANs and that port 1/0/1 can never belong to VLAN 3. CLI: Assign Ports to VLAN3 (Netgear Switch) (Config)#interface range 1/0/2-1/0/4 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#vlan acceptframe all...
Page 14 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Assign Ports to VLAN3 Assign ports to VLAN3. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 3. c.
Page 15: Assign Vlan3 As The Default Vlan For Port 1/0/2
CLI: Assign VLAN3 as the Default VLAN for Port 1/0/2 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#vlan pvid 3 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Assign VLAN3 as the Default VLAN for Port 1/0/2 Assign VLAN3 as the default VLAN for port 1/0/2.
Page 16: Create A Mac-Based Vlan
CLI: Create a MAC-Based VLAN Create VLAN3 (Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 3 (Netgear Switch)(Vlan)#exit Add port 1/0/23 to VLAN3. (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/23 (Netgear Switch)(Interface 1/0/23)#vlan participation include 3 (Netgear Switch)(Interface 1/0/23)#vlan pvid 3 (Netgear Switch)(Interface 1/0/23)#exit 16 | Chapter 2. VLANs...
Page 17 ProSafe 7000 Managed Switch Release 8.0.3 Map MAC 00:00:0A:00:00:02 to VLAN3. (Netgear Switch)(Config)#exit (Netgear Switch)#vlan data (Netgear Switch)(Vlan)#vlan association mac 00:00:00A:00:00:02 3 (Netgear Switch)(Vlan)#exit Add all the ports to VLAN3. (Netgear Switch)#config (Netgear Switch)(Config)#interface range 1/0/1-1/0/28 (Netgear Switch)(conf-if-range-1/0/1-1/0/28)#vlan participation include 3...
Page 18 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 3. c. Click Unit 1. The ports display. d. Click the gray box before Unit 1 until U displays. e.
Page 19: Create A Protocol-Based Vlan
Create a VLAN protocol group vlan_ipx based on IPX protocol. (Netgear Switch)#config (Netgear Switch)(Config)#vlan protocol group vlan_ipx (Netgear Switch)(Config)#vlan protocol group add protocol 1 ipx Create a VLAN protocol group vlan_ipx based on IP/ARP protocol. (Netgear Switch)(Config)#vlan protocol group vlan_ip...
Page 20 Enable protocol VLAN group 1 and 2 on the interface. (Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 2 (Netgear Switch)(Interface 1/0/11)#exit Web Interface: Create a Protocol-Based VLAN Create the protocol-based VLAN group vlan_ipx.
Page 21: Virtual Vlans: Create An Ip Subnet-Based Vlan
ProSafe 7000 Managed Switch Release 8.0.3 • In the VLAN field, enter 5. c. Click Add. Add port 11 to the group vlan_ipx. a. Select Switching > VLAN > Advanced > Protocol Based VLAN Group Membership. A screen similar to the following displays. b.
Page 22 Figure 2. IP subnet–based VLAN CLI: Create an IP Subnet–Based VLAN (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#vlan association subnet 10.100.0.0 255.255.0.0 2000 (Netgear Switch) (Vlan)#exit Create an IP subnet–based VLAN 2000. (Netgear Switch) #config (Netgear Switch) (Config)#interface range 1/0/1-1/0/24...
Page 23 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Create an IP Subnet–Based VLAN Create VLAN 2000. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 2000. •...
Page 24: Voice Vlans
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > IP Subnet Based VLAN. A screen similar to the following displays. b. Enter the following information: • In the IP Address field, enter 10.100.0.0. • In the Subnet Mask field, enter 255.255.0.0. •...
Page 25 The script in this section shows how to configure Voice VLAN and prioritize the voice traffic. Here the Voice VLAN mode is in VLAN ID 10. CLI: Configure Voice VLAN and Prioritize Voice Traffic Create VLAN 10. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#exit Chapter 2. VLANs...
Page 26 ProSafe 7000 Managed Switch Release 8.0.3 Include the ports 1/0/1 and 1/0/2 in VLAN 10. (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan tagging 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit Configure Voice VLAN globally. (Netgear Switch) (Config)# voice vlan Configure Voice VLAN mode in the interface 1/0/2.
Page 27 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Voice VLAN and Prioritize Voice Traffic Create VLAN 10. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 10. c.
Page 28 ProSafe 7000 Managed Switch Release 8.0.3 c. Select Port 1 and Port 2 as tagged. A screen similar to the following displays. d. Click Apply. Configure Voice VLAN globally. a. Select Switching > VLAN > Advanced > Voice VLAN Configuration. A screen similar to the following displays.
Page 29 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Apply. A screen similar to the following displays. Configure Voice VLAN mode in interface 1/0/2. a. Select Switching > VLAN > Advanced > Voice VLAN Configuration. b. Select the 1/0/2 check box. c.
Page 30 ProSafe 7000 Managed Switch Release 8.0.3 c. In the Class Type list, select All. A screen similar to the following displays. d. Click Add. The Class Name screen displays, as shown in the next step in this procedure. Configure matching criteria for the class as VLAN 10. a.
Page 31 ProSafe 7000 Managed Switch Release 8.0.3 e. Click Apply. A screen similar to the following displays. Create the DiffServ policy PolicyVoiceVLAN. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Name field, enter PolicyVoiceVLAN. c.
Page 32 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Click the Policy PolicyVoiceVLAN. A screen similar to the following displays. c. In the field next to the Assign Queue radio button, select 3. A screen similar to the following displays.
Page 33 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. Select the check boxes for Interfaces 1/0/1 and 1/0/2. c. Set the Policy Name field as PolicyVoiceVLAN. A screen similar to the following displays.
Page 34: Link Aggregation Groups
LAGs Link Aggregation Groups This chapter provides the following examples: • Create Two LAGs on page 35 • Add Ports to LAGs on page 36 • Enable Both LAGs on page 38 Link aggregation allows the switch to treat multiple physical links between two end-points as a single logical link.
Page 35: Chapter 3 Lags
The example is shown as CLI commands and as a Web interface procedure. CLI: Create Two LAGs (Netgear Switch) #config (Netgear Switch) (Config)#port-channel lag_10 (Netgear Switch) (Config)#port-channel lag_20 (Netgear Switch) (Config)#exit Use the show port-channel all command to show the logical interface IDs you will use to identify the LAGs in subsequent commands.
Page 36: Add Ports To Lags
The example is shown as CLI commands and as a Web interface procedure. CLI: Add Ports to the LAGs (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear Switch) (Interface 0/2)#exit (Netgear Switch) (Config)#interface 0/3 (Netgear Switch) (Interface 0/3)#addport 1/1...
Page 37 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Add Ports to LAGs Add ports to lag_10. a. Select Switching > LAG > LAG Membership. A screen similar to the following displays. b. In the LAG ID list, select LAG 1. c.
Page 38: Enable Both Lags
ProSafe 7000 Managed Switch Release 8.0.3 Enable Both LAGs The example is shown as CLI commands and as a Web interface procedure. CLI: Enable Both LAGs By default, the system enables link trap notification. (Console) #config (Console) (Config)#port-channel adminmode all (Console) (Config)#exit At this point, the LAGs could be added to VLANs.
Page 39: Chapter 4 Port Routing
Port Routing This chapter provides the following sections: • Port Routing Configuration on page 40 • Enable Routing for the Switch on page 41 • Enable Routing for Ports on the Switch on page 41 • Add a Default Route on page 44 •...
Page 40: Port Routing Configuration
ProSafe 7000 Managed Switch Release 8.0.3 Port Routing Configuration The 7000 Series Managed Switch always supports Layer 2 bridging, but Layer 3 routing must be explicitly enabled, first for the 7000 Series Managed Switch as a whole, and then for each port that is to be part of the routed network.
Page 41: Enable Routing For The Switch
Use the following command to enable routing for the switch. Execution of the command enables IP forwarding by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Web Interface: Enable Routing for the Switch Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays.
Page 42 CLI: Enable Routing for Ports on the Switch (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 43 ProSafe 7000 Managed Switch Release 8.0.3 Assign IP address 192.150.3.1/24 to interface 1/0/3. a. Select Routing > IP> Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top.
Page 44: Add A Default Route
ProSafe 7000 Managed Switch Release 8.0.3 • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Add a Default Route When IP routing takes place on a switch, a routing table is needed for the switch to forward the packet based on the destination IP address.
Page 45: Add A Static Route
ProSafe 7000 Managed Switch Release 8.0.3 • The Preference field is optional. A value of 1 (highest) will be assigned by default if not specified. Click the Add button on the bottom of the screen. This creates the default route entry in the routing table.
Page 46 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Add a Static Route Select Routing > Routing Table > Basic > Route Configuration to display the Route Configuration screen. In the Route Type list, select Static. Fill in the Network Address field. Note that this field ishould have a network IP address, not a host IP address.
Page 47: Chapter 5 Vlan Routing
VLAN Routing This chapter provides the following examples: • Create Two VLANs on page 47 • Set Up VLAN Routing for the VLANs and the Switch on page 52 You can configure the 7000 Series Managed Switch with some ports supporting VLANs and some supporting routing.
Page 48 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#vlan participation include 20 (Netgear Switch) (Interface 1/0/3)#vlan pvid 20 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#exit 48 |...
Page 49 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Create Two VLANs Create VLAN 10 and VLAN20. a. Select Switching > VLAN > Advanced > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 10. c.
Page 50 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID field, select 10. c. Click the Unit 1. The ports display. d. Click the gray boxes under ports 1 and 2 until T displays. The T specifies that the egress packet is tagged for the port.
Page 51 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > Port PVID Configuraton. A screen similar to the following displays. b. Scroll down and select 1/0/1 and 1/0/2 check boxes. c. In the PVID (1 to 4093) field, enter 10. d.
Page 52: Set Up Vlan Routing For The Vlans And The Switch
The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface-vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface-vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface-vlan 20)#ip address 192.150.4.1 255.255.255.0...
Page 53 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Set Up VLAN Routing for the VLANs and the Switch Select Routing > VLAN> VLAN Routing. A screen similar to the following displays. Enter the following information: • In the VLAN ID (1 to 4093) list, select 10. •...
Page 54: Chapter 6 Rip
Routing Information Protocol This chapter provides the following examples: • Routing for the Switch on page 55 • Routing for Ports on page 56 • RIP for the Switch on page 57 • RIP for Ports 1/0/2 and 1/0/3 on page 58 •...
Page 55: Routing For The Switch
The example is shown as CLI commands and as a Web interface procedure. CLI: Enable Routing for the Switch (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Web Interface: Enable Routing for the Switch Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays.
Page 56: Routing For Ports
CLI: Enable Routing and Assigning IP Addresses for Ports 1/0/2 and 1/0/3 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 57: Rip For The Switch
RIP is enabled by default. CLI: Enable RIP on the Switch This sequence enables RIP for the switch. The route preference defaults to 15. (Netgear Switch) #config (Netgear Switch) (Config)#router rip (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#exit (Netgear Switch) (Config)#exit Chapter 6.
Page 58: Rip For Ports 1/0/2 And 1/0/3
RIPv1 and RIPv2 frames, but send only RIPv2-formatted frames. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip rip (Netgear Switch) (Interface 1/0/2)#ip rip receive version both (Netgear Switch) (Interface 1/0/2)#ip rip send version rip2 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3...
Page 59 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Enable RIP for Ports 1/0/2 and 1/0/3 Select Routing > RIP > Advanced > RIP Configuration. A screen similar to the following displays. Enter the following information: • In the Interface field, select 1/0/2. •...
Page 60: Vlan Routing With Rip
Configure VLAN routing with RIP support on a 7000 Series Managed Switch. (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10 (Netgear Switch) (Vlan)#vlan routing 20 (Netgear Switch) (Vlan)#exit (Netgear Switch) #conf 60 | Chapter 6.
Page 61 (Netgear Switch) (Interface 1/0/3)#vlan pvid 20 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip address 192.150.4.1 255.255.255.0 (Netgear Switch) (Interface vlan 20)#exit Enable RIP for the switch.
Page 62 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure VLAN Routing with RIP Support Configure a VLAN and include ports 1/0/2 in the VLAN: a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b.
Page 63 ProSafe 7000 Managed Switch Release 8.0.3 d. Click the gray box under port 3 until T displays. The T specifies that the egress packet is tagged for the port. Click Apply to save the VLAN that includes port 3. Enable RIP on the switch (you can skip this step since the RIP is enabled by default). a.
Page 64 OSPF Open Shortest Path First This chapter provides the following examples: • Inter-area Router on page 65 • OSPF on a Border Router on page 70 • Stub Areas on page 75 • nssa Areas on page 84 • VLAN Routing OSPF on page 93 •...
Page 65: Inter-Area Router
Area 3 Figure 9. Network segment with an inter-area router connecting areas 0.0.0.2 and 0.0.0.3 CLI: Configure an Inter-area Router Enable routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Chapter 7. OSPF | 65...
Page 66 Assign IP addresses to ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 67 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure an Inter-area Router Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 68 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. c.
Page 69 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Apply to save the settings. Enable OSPF on port 1/0/2. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Scroll downand select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top.
Page 70: Ospf On A Border Router
(Netgear Switch) (Config)#ip routing Enable routing and assign IPs for ports 1/0/2, 1/0/3, and 1/0/4. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.130.3.1 255.255.255.0...
Page 71 Enable OSPF for the ports, and set the OSPF priority and cost for the ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip ospf (Netgear Switch) (Interface 1/0/2)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface 1/0/2)#ip ospf priority 128 (Netgear Switch) (Interface 1/0/2)#ip ospf cost 32 (Netgear Switch) (Interface 1/0/2)#exit...
Page 72 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. c.
Page 73 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/4 check box. Now 1/0/4 appears in the Interface field at the top. c.
Page 74 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Apply to save the settings. Enable OSPF on the port 1/0/2. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top.
Page 75: Stub Areas
ProSafe 7000 Managed Switch Release 8.0.3 • In the Priority field, enter 255. • In the Metric Cost field, enter 64. c. Click Apply to save the settings. Enable OSPF on port 1/0/4. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays.
Page 76 Configure area 0.0.0.1 as a stub area (Netgear Switch) (Config-router)#area 0.0.0.1 stub Switch A injects a default route only to area 0.0.0.1. (Netgear Switch) (Config-router)#no area 0.0.0.1 stub summarylsa (Netgear Switch) (Config-router)#exit Enable OSPF area 0 on ports 2/0/11. (Netgear Switch) (Config)#interface 2/0/11 (Netgear Switch) (Interface 2/0/11)#routing (Netgear Switch) (Interface 2/0/11)#ip address 192.168.10.1 255.255.255.0...
Page 77 ProSafe 7000 Managed Switch Release 8.0.3 (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State ---------------- ----------- ------------------- --------- 4.4.4.4 192.168.10.2 2/0/11 Full 2.2.2.2 192.168.20.2 2/0/19 Full (Netgear Switch) #show ip route Total Number of Routes......
Page 78 ProSafe 7000 Managed Switch Release 8.0.3 b. Scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.10.1. • In the Network Mask field, enter 255.255.255.0.
Page 79 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top. •...
Page 80 Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#router ospf Set the router ID to 2.2.2.2. (Netgear Switch) (Config-router)#router-id 2.2.2.2 Configure area 0.0.0.1 as a stub area. (Netgear Switch) (Config-router)#area 0.0.0.1 stub 80 | Chapter 7. OSPF...
Page 81 (Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address 192.168.20.2 255.255.255.0 (Netgear Switch) (Interface 1/0/15)#ip ospf (Netgear Switch) (Interface 1/0/15)#ip ospf areaid 0.0.0.1 (Netgear Switch) (Interface 1/0/15)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......2...
Page 82 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. c.
Page 83 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. •...
Page 84: Nssa Areas
(Netgear Switch) (Config)#ip routing Configure area 0.0.0.1 as an nssa area. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id 1.1.1.1 (Netgear Switch) (Config-router)#area 0.0.0.1 nssa Stop importing summary LSAs to area 0.0.0.1. (Netgear Switch) (Config-router)#area 0.0.0.1 nssa no-summary 84 | Chapter 7. OSPF...
Page 85 Enable area 0.0.0.1 on port 2/0/19. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 2/0/11 (Netgear Switch) (Interface 2/0/11)#routing (Netgear Switch) (Interface 2/0/11)#ip address 192.168.10.1 255.255.255.0 (Netgear Switch) (Interface 2/0/11)#ip ospf (Netgear Switch) (Interface 2/0/11)#exit (Netgear Switch) (Config)#interface 2/0/19 (Netgear Switch) (Interface 2/0/19)#routing (Netgear Switch) (Interface 2/0/19)#ip address 192.168.20.1 255.255.255.0...
Page 86 ProSafe 7000 Managed Switch Release 8.0.3 Assign IP address 192.168.10.1 to port 2/0/11. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top.
Page 87 ProSafe 7000 Managed Switch Release 8.0.3 Specify the router ID, and enable OSPF for the switch. a. Select Routing > OSPF > Basic > OSPF Configuration. A screen similar to the following displays. b. Under OSPF Configuration, in the Router ID field, enter 2.2.2.2. c.
Page 88 In the Import Summary LSA’s field, select Disable. c. Click Add to save the settings. CLI: Configure Area 1 as an nssa Area on A2 Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#router ospf 88 | Chapter 7. OSPF...
Page 89 Enable OSPF area 0.0.0.1 on port 1/0/15. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#routing (Netgear Switch) (Interface 1/0/11)#ip address 192.168.30.1 255.255.255.0 (Netgear Switch) (Interface 1/0/11)#ip rip (Netgear Switch) (Interface 1/0/11)#exit (Netgear Switch) (Config)#interface 1/0/15 (Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address 192.168.20.2...
Page 90 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Area 1 as an nssa Area on A2 Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b.
Page 91 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Under Configuration, scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. c.
Page 92 ProSafe 7000 Managed Switch Release 8.0.3 b. Enter the following information: • In the Interface field, select 1/0/11. • For RIP Admin Mode, select the Enable radio button. c. Click Apply to save the settings. Enable OSPF on port 1/0/15. a.
Page 93: Vlan Routing Ospf
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPF > Advanced > Route Redistribution. A screen similar to the following displays. b. Under Route Redistribution, in the Available Source list, select RIP. c. Click Add to add a route redistribution. VLAN Routing OSPF For larger networks Open Shortest Path First (OSPF) is generally used in preference to RIP.
Page 94 (Netgear Switch) (Interface 1/0/3)#vlan pvid 20 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip address 192.150.4.1 255.255.255.0 (Netgear Switch) (Interface vlan 20)#exit Specify the router ID and enable OSPF for the switch.
Page 95 ProSafe 7000 Managed Switch Release 8.0.3 Enable OSPF for the VLAN and physical router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface vlan 10)#ip ospf (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip ospf areaid 0.0.0.3...
Page 96 ProSafe 7000 Managed Switch Release 8.0.3 Click the gray box under port 2 until T displays. The T specifies that the egress packet is tagged for the port. Click Apply to save the VLAN that includes ports 2. Configure a VLAN, and include port 1/0/3 in the VLAN. a.
Page 97 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, click VLANS to show all the VLAN interfaces. c. Scroll down and select the interface 0/2/1 check box. Now 0/2/1 appears in the Interface field at the top.
Page 98: Ospfv3
IPv4, and OSPFv3 works with IPv6. The following example shows how to configure OSPFv3 on a IPv6 network. Switch A1 Switch A2 Area 0 Figure 12. OSPFv3 Protocol for IPv6 CLI: Configure OSPFv3 On A1, enable IPv6 unitcast routing on the switch. (Netgear Switch) (Config)#ipv6 unicast-routing 98 | Chapter 7. OSPF...
Page 99 (Netgear Switch) (Interface 1/0/1)#ipv6 enable Enable OSPFv3 on the interface 1/0/1, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (Interface 1/0/1)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor Router ID Priority...
Page 100 ProSafe 7000 Managed Switch Release 8.0.3 Enable OSPFv3 on interface 1/0/13, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/13)#ipv6 ospf (Netgear Switch) (Interface 1/0/13)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor Router ID Priority...
Page 101 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. c.
Page 102 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPFv3 > Advanced > Interface Configuration. A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. •...
Page 103: Chapter 8 Arp
IP address is an address configured on the interface where the ARP request arrived. Proxy ARP Examples The following are examples of the commands used in the proxy ARP feature. CLI: show ip interface (Netgear Switch) #show ip interface ? <slot/port> Enter an interface in slot/port format. brief Display summary information about IP configuration settings for all ports.
Page 104 ProSafe 7000 Managed Switch Release 8.0.3 CLI: ip proxy-arp (Netgear Switch) (Interface 0/24)#ip proxy-arp ? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 0/24)#ip proxy-arp Web Interface: Configure Proxy ARP on a Port Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 105: Virtual Router Redundancy Protocol
VRRP Virtual Router Redundancy Protocol This chapter provides the following examples: • VRRP on a Master Router on page 106 • VRRP on a Backup Router on page 108 When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network.
Page 106: Chapter 9 Vrrp
1/0/2 is the same as the port’s actual IP address therefore, this router will always be the VRRP master when it is active. The default priority is 255. (Netgear Switch) (Interface 1/0/2)#ip vrrp 20 ip 192.150.2.1 Enable VRRP on the port.
Page 107 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure VRRP on a Master Router Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 108: Vrrp On A Backup Router
Configure the IP addresses and subnet masks for the port that will participate in the protocol. (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#routing (Netgear Switch) (Interface 1/0/4)#ip address 192.150.4.1 255.255.0.0 (Netgear Switch) (Interface 1/0/4)#exit 108 | Chapter 9. VRRP...
Page 109 1/0/4 is the same as Router 1’s port 1/0/2 actual IP address, this router will always be the VRRP backup when Router 1 is active. (Netgear Switch) (Interface 1/0/4)#ip vrrp 20 ip 192.150.2.1 Set the priority for the port. The default priority is 100.
Page 110 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/4 check box. Now 1/0/4 appears in the Interface field at the top. c.
Page 111: Chapter 10 Acls
ACLs Access Control Lists This chapter describes the Access Control Lists (ACLs) feature. The following examples are provided: • MAC ACLs on page 112 • Set Up an IP ACL with Two Rules on page 113 • One-Way Access Using a TCP Flag in an ACL on page 117 •...
Page 112: Mac Acls
ProSafe 7000 Managed Switch Release 8.0.3 MAC ACLs MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet (limited by platform): • Source MAC address with mask. • Destination MAC address with mask. •...
Page 113: Set Up An Ip Acl With Two Rules
IP address (after the mask has been applied), that are carrying TCP traffic, and that are sent to the specified destination IP address. Enter these commands: (Netgear Switch) #config (Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Chapter 10. ACLs | 113...
Page 114 Define the second rule for ACL 101 to set conditions for UDP traffic similar to those for TCP traffic. (Netgear Switch) (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted.
Page 115 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add to create a new rule. Create a new ACL rule and add it to ACL 101. a. After you click the Add button in step 2, A screen similar to the following displays. a.
Page 116 ProSafe 7000 Managed Switch Release 8.0.3 a. After you click the Add button in step 3, a screen similar to the following displays. b. Under Extended ACL Rule Configuration, enter the following information: • In the Rule ID (1 to 23) field, enter 22. •...
Page 117: One-Way Access Using A Tcp Flag In An Acl
ProSafe 7000 Managed Switch Release 8.0.3 • In the ACL ID list, select 10. • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d. Click the gray box under port 2. A check mark displays in the box. e.
Page 118 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/35 (Netgear Switch) (Interface 0/35)#vlan pvid 30 (Netgear Switch) (Interface 0/35)#vlan participation include 30 (Netgear Switch) (Interface 0/35)#exit (Netgear Switch) (Config)#interface vlan 30 (Netgear Switch) (Interface-vlan 30)#routing (Netgear Switch) (Interface-vlan 30)#ip address 192.168.30.1 255.255.255.0...
Page 119 (Netgear Switch) (Config)#ip route 192.168.50.0 255.255.255.0 192.168.200.2 Create an ACL that denies all the packets with TCP flags +syn-ack. (Netgear Switch) (Config)#access-list 101 deny tcp any flag +syn -ack Create an ACL that permits all the IP packets. (Netgear Switch) (Config)#access-list 102 permit ip any Apply ACLs 101 and 102 to port 0/44;...
Page 120 (Netgear Switch) (Vlan)#vlan routing 40 (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan pvid 40 (Netgear Switch) (Interface 1/0/24)#vlan participation include 40 (Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch) (Config)#interface vlan 40 (Netgear Switch) (Interface-vlan 40)#routing (Netgear Switch) (Interface-vlan 40)#ip address 192.168.40.1 255.255.255.0 (Netgear Switch) (Interface-vlan 40)#exit Create VLAN 50 with port 1/0/25 and assign IP address 192.168.50.1/24.
Page 121: Configuring The Switch
(Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#vlan routing 200 (Netgear Switch) (Config)#interface 1/0/48 (Netgear Switch) (Interface 1/0/48)#vlan pvid 200 (Netgear Switch) (Interface 1/0/48)#vlan participation include 200 (Netgear Switch) (Interface 1/0/48)#exit (Netgear Switch) #interface vlan 200 (Netgear Switch) (Interface-vlan 200)#routing (Netgear Switch) (Interface-vlan 200)#ip address 192.168.200.2 255.255.255.0...
Page 122 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays.n the VLAN Routing Wizard, b. In the VLAN Routing Wizard, enter the following information: • In the Vlan ID field, enter 30. •...
Page 123 ProSafe 7000 Managed Switch Release 8.0.3 • In the IP Address field, enter 192.168.100.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 13 twice until U displays. The U specifies that the egress packet is untagged for the port.
Page 124 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. Under IP Configuration, make the following selections: • For Routing Mode, select the Enable radio button. •...
Page 125 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b. Under Configure Routes, make the following selection and enter the following information: • In the Route Type list, select Static. •...
Page 126 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL Table, in the IP ACL ID field, enter 102. c. Click Add. Add and configure an IP extended rule that is associated with ACL 101.
Page 127 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 128 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 129 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Unit 1. The ports display. d. Click the gray box under port 44. A check mark displays in the box. e. Click Apply to save the settings. Apply ACL 102 to port 44. a.
Page 130 ProSafe 7000 Managed Switch Release 8.0.3 • In the IP Address field, enter 192.168.40.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 24 twice until U displays. The U specifies that the egress packet is untagged for the port.
Page 131 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 200. • In the IP Address field, enter 192.168.200.2. •...
Page 132: Use Acls To Configure Isolated Vlans On A Layer 3 Switch
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. Create a static route with IP address 192.168.30.0/24: a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b. Under Configure Routes, make the following selection and enter the following information: •...
Page 133 (Netgear Switch) (Vlan)#vlan routing 24 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 24 (Netgear Switch) (Interface 1/0/24)#vlan pvid 24 (Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch) (Config)#interface vlan 24 (Netgear Switch) (Interface-vlan 24)#routing (Netgear Switch) (Interface-vlan 24)#ip address 192.168.24.1 255.255.255.0...
Page 134: Default Route
(Netgear Switch) (Vlan)#vlan routing 48 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/48 (Netgear Switch) (Interface 1/0/48)#vlan participation include 48 (Netgear Switch) (Interface 1/0/48)#vlan pvid 48 (Netgear Switch) (Interface 1/0/48)#exit (Netgear Switch) (Config)#vlan interface vlan 48 (Netgear Switch) (Interface-vlan 48)#routing (Netgear Switch) (Interface-vlan 48)#ip address 192.168.48.1 255.255.255.0...
Page 135 ProSafe 7000 Managed Switch Release 8.0.3 Create ACL 101 to deny all traffic that has the destination IP address 192.168.24.0/24. (Netgear Switch) (Config)#access-list 101 deny ip any 192.168.24.0 0.0.0.255 Create ACL 102 to deny all traffic that has the destination IP address 192.168.48.0/24.
Page 136 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 24. • In the IP Address field, enter 192.168.24.1. •...
Page 137 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Unit 1. The ports display. d. Click the gray box under port 48 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 48. Create VLAN 38 with IP address 10.100.5.34.
Page 138 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Apply to enable IP routing. Create an ACL with ID 101. a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL Table, in the IP ACL ID field, enter 101. c.
Page 139 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL ID field of the IP ACL Table, enter 103. c. Click Add. Add and configure an IP extended rule that is associated with ACL 101: a.
Page 140 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 141 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 142 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 143 ProSafe 7000 Managed Switch Release 8.0.3 • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d. Click the gray box under port 24. A check mark displays in the box. e. Click Apply to save the settings. Apply ACL 101 to port 48: a.
Page 144: Set Up A Mac Acl With Two Rules
CLI: Set up a MAC ACL with Two Rules Create a new MAC ACL acl_bpdu. (Netgear Switch) # (Netgear Switch) #config (Netgear Switch) (Config)#mac access-list extended acl_bpdu Deny all the traffic that has destination MAC 01:80:c2:xx:xx:xx. (Netgear Switch) (Config-mac-access-list)#deny any 01:80:c2:00:00:00 00:00:00:ff:ff:ff 144 |...
Page 145 (Netgear Switch) (Config-mac-access-list)#exit Apply the MAC ACL acl_bpdu to port 1/0/2. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#mac access-group acl_bpdu in Web Interface: Set up a MAC ACL with Two Rules Create MAC ACL 101 on the switch. a. Select Security > ACL > MAC ACL. A screen similar to the following displays.
Page 146 ProSafe 7000 Managed Switch Release 8.0.3 c. Enter the following information in the Rule Table. • In the ID field, enter 1. • In the Destination MAC field, enter 01:80:c2:00:00:00. • In the Destination MAC Mask field, enter 00:00:00:ff:ff:ff. d. Click the Add button. Create a another rule associated with the ACL acl_bpdu.
Page 147: Acl Mirroring
ProSafe 7000 Managed Switch Release 8.0.3 • In the Sequence Number field, enter 1. c. Click the Unit 1. The ports display. d. Click the gray box under port 2. A check mark displays in the box. e. Click Apply to save the settings. ACL Mirroring This feature extends the existing port mirroring functionality by allowing you to mirror a designated traffic stream in an interface using ACL rules.
Page 148 Create an IP access control list with the name monitorHost. (Netgear Switch) (Config)# ip access-list monitorHost Define the rules to match host 10.0.0.1 and to permit all others. (Netgear Switch) (Config-ipv4-acl)# permit ip 10.0.0.1 0.0.0.0 any mirror 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Bind the ACL with interface 1/0/1.
Page 149 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL ID field, enter monitorHost. c. Click Add to create ACL monitorHost, and the following screen displays: Create a rule to match host 10.0.0.1 in the ACL monitorHost.
Page 150 ProSafe 7000 Managed Switch Release 8.0.3 b. Click Add, and the Extended ACL Rule Configuration screen displays. c. In the Rule ID field, enter 1. d. For Action, select the Permit radio button. e. In the Mirror Interface list, select 1/0/19. f.
Page 151 ProSafe 7000 Managed Switch Release 8.0.3 b. Click Add, and a screen similar to the following displays. c. In the Rule ID field, enter 2. d. Select the Permit radio button. e. In the Match Every field, select True. f. Click Apply. At the end of this configuration a screen similar to the following displays.
Page 152: Acl Redirect
ProSafe 7000 Managed Switch Release 8.0.3 e. Click Apply. A screen similar to the following displays. ACL Redirect This feature redirects a specified traffic stream to a specified interface. Other network 1/0/1 1/0/19 GSM73xxS HTTP packets Workstation Web server Workstation Other packets Figure 18.
Page 153 (Netgear Switch) (Config)#ip access-list redirectHTTP Define a rule to match the HTTP stream and define a rule to permit all others. (Netgear Switch) (Config-ipv4-acl)# permit tcp any any eq http redirect 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Bind the ACL with interface 1/0/1.
Page 154 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL field, enter redirectHTTP. c. Click Add to create the IP ACL redirectHTTP. A screen similar to the following displays.
Page 155 ProSafe 7000 Managed Switch Release 8.0.3 b. Click Add, and the Extended ACL Rule Configuration screen displays. c. In the Rule ID field, enter 1. d. For Action, select the Permit radio button. e. In the Redirect Interface list, select 1/0/19. f.
Page 156 ProSafe 7000 Managed Switch Release 8.0.3 b. Click Add, and the Extended ACL Rule Configuration screen displays. c. In the Rule ID field, enter 2. d. For Action, select the Permit radio button. e. In the Match Every field, select True. f.
Page 157: Configure Ipv6 Acls
ProSafe 7000 Managed Switch Release 8.0.3 d. Select the check box below Port 1. e. Click Apply. At the end of this configuration a screen similar to the following displays. Configure IPv6 ACLs This feature extends the existing IPv4 ACL by providing support for IPv6 packet classification.
Page 158 Rule-3. Permits IPv6 HTTP traffic to any destination. CLI: Configure an IPv6 ACL Create the access control list with the name ipv6-acl. (Netgear Switch) (Config)# ipv6 access-list ipv6-acl Define three rules to: • Permit any IPv6 traffic to the destination network 2001:DB8:C0AB:AC14::/64 from the source network 2001:DB8:C0AB:AC11::/64.
Page 159 2001:DB8:C0AB:AC14::/64 (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 2001:DB8:C0AB:AC13::/64 eq telnet (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 any eq http Apply the rules to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/1...
Page 160 ProSafe 7000 Managed Switch Release 8.0.3 Rule Number: 3 Action......... permit Protocol........6(tcp) Source IP Address......2001:DB8:C0AB:AC11::/64 Destination L4 Port Keyword....80(www/http) Web Interface: Configure an IPv6 ACL Create the access control list with the name ipv6-acl a. Select Security > ACL > Advanced > IPv6 ACL. b.
Page 161 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. d. In the Rule ID field, enter 1. e. For Action, select the Permit radio button. f. In the Source Prefix field, enter 2001:DB8:C0AB:AC11::. g. In the Source Prefix Length field, enter 64. h.
Page 162 ProSafe 7000 Managed Switch Release 8.0.3 h. In the Destination L4 Port list, select telnet. A screen similar to the following displays. Click Apply. Add Rule 3. a. In the Rule ID field, enter 3. b. For Action, select the Permit radio button. c.
Page 163 ProSafe 7000 Managed Switch Release 8.0.3 b. In the ACL ID list, select ipv6-acl. c. In the Sequence Number list, select 1. d. Click Unit 1. e. Select Port 1. A screen similar to the following displays. f. Click Apply. A screen similar to the following displays. View the binding table.
Page 164: Chapter 11 Cos Queuing
CoS Queuing Class of Service Queuing This chapter describes Class of Service (CoS) queue mapping, CoS Configuration, and traffic shaping features. This chapter provides the following examples: • Show classofservice Trust on page 166 • Set classofservice Trust Mode on page 167 •...
Page 165: Cos Queue Mapping
ProSafe 7000 Managed Switch Release 8.0.3 CoS Queue Mapping CoS queue mapping uses trusted and untrusted ports. Trusted Ports • The system takes at face value certain priority designations for arriving packets. • Trust applies only to packets that have that trust information. •...
Page 166: Cos Queue Configuration
The example is shown as CLI commands and as a Web interface procedure. CLI: Show classofservice Trust To use the CLI to show CoS trust mode, use these commands: (Netgear Switch) #show classofservice trust? <cr> Press Enter to execute the command.
Page 167: Set Classofservice Trust Mode
Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Config)#classofservice trust dot1p? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#classofservice trust dot1p Web Interface: Set classofservice Trust Mode Select QoS >...
Page 168: Show Classofservice Ip-Precedence Mapping
In the Global Trust Mode list, select trust dot1p. Click Apply to save the settings. Show classofservice IP-Precedence Mapping The example is shown as CLI commands and as a Web interface procedure. CLI: Show classofservice IP-Precedence Mapping (Netgear Switch) #show classofservice ip-precedence-mapping IP Precedence Traffic Class ------------- ------------- Web Interface: Show classofservice ip-precedence Mapping Select QoS >...
Page 169: Configure Cos-Queue Min-Bandwidth And Strict Priority Scheduler Mode169
Enter the minimum bandwidth percentage for Queue 0. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict? <queue-id> Enter a Queue Id from 0 to 7.
Page 170: Set Cos Trust Mode For An Interface
ProSafe 7000 Managed Switch Release 8.0.3 c. Under Interface Queue Configuration, scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. d. Enter the following information: • In the Minimum Bandwidth field, enter 15. •...
Page 171: Configure Traffic Shaping
Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p Note: The traffic class value range is 0–-6 instead of 0–-7 because queue...
Page 172 CLI: Configure traffic-shape (Netgear Switch) (Config)#traffic-shape? <bw> Enter the shaping bandwidth percentage from 0 to 100 in increments of 5. (Netgear Switch) (Config)#traffic-shape 70? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#traffic-shape 70 (Netgear Switch) (Config)# Web Interface: Configure Traffic Shaping Set the shaping bandwidth percentage to 70 percent.
Page 173: Chapter 12 Diffserv
DiffServ D iff er en tia ted Se rv ices This chapter provides the following examples: • DiffServ on page 174 • DiffServ for VoIP on page 190 • Auto VoIP on page 197 • DiffServ for IPv6 on page 201 •...
Page 174: Diffserv
ProSafe 7000 Managed Switch Release 8.0.3 • Class. A class consists of a set of rules that identify which packets belong to the class. Inbound traffic is separated into traffic classes based on Layer 3 and Layer 4 header data and the VLAN ID, and marked with a corresponding DSCP value.
Page 175 Create a DiffServ class of type all for each of the departments, and name them. Define the match criteria of source IP address for the new classes. (Netgear Switch) (Config)#class-map match-all finance_dept (Netgear Switch) (Config class-map)#match srcip 172.16.10.0 255.255.255.0 (Netgear Switch) (Config class-map)#exit (Netgear Switch) (Config)#class-map match-all marketing_dept (Netgear Switch) (Config class-map)#match srcip 172.16.20.0 255.255.255.0...
Page 176 (Netgear Switch) (Config policy-map)#exit Attach the defined policy to interfaces 1/0/1 through 1/0/4 in the inbound direction. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#service-policy in internet_access (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#service-policy in internet_access...
Page 177 It is presumed that the switch will forward this traffic to interface 1/0/5 based on a normal destination address lookup for Internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit Web Interface: Configure DiffServ Enable Diffserv.
Page 178 ProSafe 7000 Managed Switch Release 8.0.3 d. Click the finance_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.10.0. • In the Source Mask field, enter 255.255.255.0. f.
Page 179 ProSafe 7000 Managed Switch Release 8.0.3 d. Click marketing_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.20.0. • In the Source Mask field, enter 255.255.255.0. f. Click Apply. Create the class test_dept: a.
Page 180 ProSafe 7000 Managed Switch Release 8.0.3 d. Click test_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.30.0. • In the Source Mask field, enter 255.255.255.0. f. Click Apply. Create class development_dept.
Page 181 ProSafe 7000 Managed Switch Release 8.0.3 d. Click development_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.40.0. • In the Source Mask field, enter 255.255.255.0. f. Click Apply. Create a policy named internet_access and add the class finance_dept to it.
Page 182 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the internet_access check box. internet_access now appears in the Policy Selector field at the top. c.
Page 183 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the internet_access check box. Now internet_access appears in the Policy Selector field at the top. c.
Page 184 ProSafe 7000 Managed Switch Release 8.0.3 b. Click the internet_access check box for the member class finance_dept. A screen similar to the following displays. c. In the Assign Queue list, select 1. d. Click Apply. Assign queue 2 to marketing_dept. a.
Page 185 ProSafe 7000 Managed Switch Release 8.0.3 b. Click the internet_access check box for marketing_dept. A screen similar to the following displays. c. In the Assign Queue list, select 2. d. Click Apply. Assign queue 3 to test_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays.
Page 186 ProSafe 7000 Managed Switch Release 8.0.3 b. Click the internet_access check mark for test_dept. A screen similar to the following displays. c. In the Assign Queue list, select 3. d. Click Apply. Assign queue 4 to development_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays.
Page 187 ProSafe 7000 Managed Switch Release 8.0.3 b. Click the internet_access check mark for development_dept. A screen similar to the following displays. c. In the Assign Queue list, select 4. d. Click Apply. Attach the defined policy to interfaces 1/0/1 through 1/0/4 in the inbound direction. a.
Page 188 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > CoS > Advanced > Interface Queue Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/5 check box. Now 1/0/5 appears in the Interface field at the top. c.
Page 189 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > CoS > Advanced > Interface Queue Configuration. A screen similar to the following displays. b. Under Interface Queue Configuration, scroll down and select the interface 1/0/5 check box. Now 1/0/5 appears in the Interface field at the top. c.
Page 190: Diffserv For Voip
Enter Global configuration mode. Set queue 5 on all ports to use strict priority mode. This queue will be used for all VoIP packets. Activate DiffServ for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#cos-queue strict 5 (Netgear Switch) (Config)#diffserv 190 |...
Page 191 (Netgear Switch) (Config)#class-map match-all class_ef (Netgear Switch) (Config class-map)#match ip dscp ef (Netgear Switch) (Config class-map)#exit Create a DiffServ policy for inbound traffic named pol_voip, then add the previously created classes class_ef and class_voip as instances within this policy.
Page 192 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Diffserv for VoIP Set queue 5 on all interfaces to use strict mode. a. Select QoS > CoS > Advanced > CoS Interface Configuration. A screen similar to the following displays. b. Under Interface Queue Configuration, select all the interfaces. c.
Page 193 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > DiffServ Configuration. A screen similar to the following displays. b. In the Class Name field, enter class_voip. c. In the Class Type list, select All. Click Add to create a new class. e.
Page 194 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > DiffServ Configuration. A screen similar to the following displays. b. In the Class Name field, enter class_ef. c. In the Class Type list, select All. Click Add to create a new class. e.
Page 195 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Selector field, enter pol_voip. c. In the Member Class list, select class_voip. d. Click Add to create a new policy. e.
Page 196 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the pol_voip check box. Pol_voip now appears in the Policy Selector field at the top. c.
Page 197: Auto Voip
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Service Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. c.
Page 198 The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Auto VoIP This script in this section shows how to set up auto VoIP system-wide. Enable auto VoIP on all the interfaces in the device. (Netgear Switch) (Config)# auto-voip all 198 | Chapter 12. DiffServ...
Page 199 ProSafe 7000 Managed Switch Release 8.0.3 View the auto VoIP information: (Netgear Switch) # show auto-voip interface all Interface Auto VoIP Mode Traffic Class --------- -------------- ------------- 1/0/1 Enabled 1/0/2 Enabled 1/0/3 Enabled 1/0/4 Enabled 1/0/5 Enabled 1/0/6 Enabled 1/0/7...
Page 200 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Auto-VoIP Enable auto VoIP for all the interfaces in the device. a. Select QoS > DiffServ > Auto VoIP. A screen similar to the following displays. b. Select the check box in the first row to select all the interfaces. c.
Page 201: Diffserv For Ipv6
The example is shown as CLI commands and as a Web interface procedure. CLI: Configure DiffServ for IPv6 The script in this section shows how to prioritize ICMPv6 traffic over other IPv6 traffic. Create the IPv6 class classicmpv6. (Netgear Switch) (Config)# class-map match-all classicmpv6 ipv6 Chapter 12. DiffServ | 201...
Page 202 ProSafe 7000 Managed Switch Release 8.0.3 Define matching criteria as protocol ICMPv6. (Netgear Switch) (Config-classmap) # match protocol 58 (Netgear Switch) (Config-classmap) # exit Create the policy policyicmpv6. (Netgear Switch) (Config)# policy-map policyicmpv6 in Associate the previously created class classicmpv6.
Page 203 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. b. In the Class Name field, enter classicmpv6. c. In the Class Type list, select All. A screen similar to the following displays. d.
Page 204 ProSafe 7000 Managed Switch Release 8.0.3 b. Click the class classicmpv6. A screen similar to the following displays. c. Select the Protocol Type radio button, select Other, and enter 58. A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. Create the policy policyicmpv6, and associate the previously created class classicmpv6.
Page 205 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Name field, enter policyicmpv6. c. In the Policy Type list, select In. d. In the Member Class list, select classicmpv6. A screen similar to the following displays.
Page 206 ProSafe 7000 Managed Switch Release 8.0.3 b. Click the policy policyicmpv6. A screen similar to the following displays. c. In the Assign Queue list, select 6. d. Click Apply. Attach the policy policyicmpv6 to interfaces 1/0/1,1/0/2 and 1/0/3. 206 | Chapter 12.
Page 207 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. In the Policy Name list, select policyicmpv6. c. Select the Interface 1/0/1, 1/0/2, and 1/0/3 check boxes. A screen similar to the following displays.
Page 208: Color Conform Policy
(Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#vlan participation include 5 (Netgear Switch) (Interface 1/0/13)#vlan tagging 5 (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface 1/0/25 (Netgear Switch) (Interface 1/0/25)#vlan participation include 5...
Page 209 (Netgear Switch) (Config)#policy-map policy_vlan in (Netgear Switch) (Config-policy-map)#class class_vlan (Netgear Switch) (Config-policy-classmap)#police-simple 1000 64 conform-action transmit violate-action drop (Netgear Switch) (Config-policy-classmap)#conform-color class_color (Netgear Switch) (Config-policy-classmap)#exit (Netgear Switch) (Config-policy-map)#exit Apply this policy to port 1/0/13.
Page 210 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 5. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 13 and 25 until T displays. The T specifies that the egress packet is tagged for the port.
Page 211 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add to create a new class class_vlan. d. Click class_vlan to configure this class. A screen similar to the following displays: e. Under Diffserv Class Configuration, in the VLAN field, enter 5. f.
Page 212 ProSafe 7000 Managed Switch Release 8.0.3 b. Enter the following information: • In the Class Name field, enter class_color. • In the Class Type list, select All. c. Click Add to create a new class class_color. d. Click class_color to configure this class. A screen similar to the following displays: e.
Page 213 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Name field, enter policy_vlan. c. In the Policy Type list, select In. d. Click Add. Associate policy_vlan with class_vlan.
Page 214 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. Click policy_vlan. A screen similar to the following displays. b. Select the Simple Policy radio button. c. In the Color Mode list, select Color Aware. d.
Page 215 ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. Under Service Interface Configuration, scroll down and select the Interface 1/0/13 check box. c. In the Policy Name list, select policy_vlan. d.
Page 216: Chapter 13 Igmp Snooping And Querier
The following are examples of the commands used in the IGMP snooping feature. CLI: Enable IGMP Snooping The following example shows how to enable IGMP snooping. (Netgear Switch) #config (Netgear Switch) (Config)#set ip igmp (Netgear Switch) (Config)#set igmp interfacemode (Netgear Switch) (Config)#exit Chapter 13. IGMP Snooping and Querier...
Page 217: Show Igmpsnooping
Click Apply. Show igmpsnooping The example is shown as CLI commands and as a Web interface procedure. CLI: Show igmpsnooping (Netgear Switch) #show igmpsnooping Admin Mode........Disable Unknown Multicast Filtering....Disable Multicast Control Frame Count....0 Interfaces Enabled for IGMP Snooping... None VLANs enabled for IGMP snooping....
Page 218: Show Mac-Address-Table Igmpsnooping
Show mac-address-table igmpsnooping The example is shown as CLI commands and as a Web interface procedure. CLI: Show mac-address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? <cr> Press Enter to execute the command. (Netgear Switch) #show mac-address-table igmpsnooping...
Page 219: External Multicast Router
This example configures the interface as the one the multicast router is attached to. All IGMP packets snooped by the switch is forwarded to the multicast router reachable from this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter interface Chapter 13. IGMP Snooping and Querier | 219...
Page 220: Multicast Router Using Vlan
This example configures the interface to forward only the snooped IGMP packets that come from VLAN ID (<VLAN Id>) to the multicast router attached to this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter 2 220 | Chapter 13. IGMP Snooping and Querier...
Page 221: Igmp Querier
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure the Switch with a Multicast Router Using VLAN Select Switching > Multicast > Multicast Router VLAN Configuration. A screen similar to the following displays. Under Multicast Router VLAN Configuration, scroll down and select the Interface 1/0/3 check box.
Page 222: Enable Igmp Querier
ProSafe 7000 Managed Switch Release 8.0.3 respond. With the built-in IGMP querier feature inside the switch, such an external device is no longer needed. Figure 24. IGMP querier Since the IGMP querier is designed to work with IGMP snooping, it is necessary to enable IGMP snooping when using it.
Page 223 (Netgear switch) (vlan)#set igmp querier 1 (Netgear switch) (vlan)#exit (Netgear switch) #config (Netgear switch) (config)#set igmp querier (Netgear switch) (config)#set igmp querier address 10.10.10.1 (Netgear switch) (config)#exit Web Interface: Enable IGMP Querier Select Switching > Multicast > IGMP VLAN Configuration. A screen similar to the following displays.
Page 224 ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. Enable the IGMP snooping querier globally. a. Select Switching > Multicast > IGMP Snooping > IGMP VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • For Querier Admin Mode, select the Enable radio button.
Page 225: Show Igmp Querier Status
The example is shown as CLI commands and as a Web interface procedure. CLI: Show IGMP Querier Status To see the IGMP querier status, use the following command. (Netgear Switch) #show igmpsnooping querier vlan 1 VLAN 1 : IGMP Snooping querier status ---------------------------------------------- IGMP Snooping Querier VLAN Mode....
Page 226: Chapter 14 Security Management
Security Management In this chapter, examples are provided for the following topics: • Port Security • Set the Dynamic and Static Limit on Port 1/0/1 on page 227 • Convert the Dynamic Address Learned from 1/0/1 to a Static Address on page 229 •...
Page 227: Set The Dynamic And Static Limit On Port 1/0/1
Enable port-security globally (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security Enable port-security on port 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security max-dynamic 10 Set the dynamic limit to 10 (Netgear Switch) (Interface 1/0/1)#port-security max-static 3 Set the static limit to 3...
Page 228 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Set the Dynamic and Static Limit on Port 1/0/1 Select Security > Traffic Control > Port Security >Port Administrator. A screen similar to the following displays. c. Under Port Security Configuration, next to Port Security Mode, select the Enable radio button.
Page 229: Convert The Dynamic Address Learned From 1/0/1 To A Static Address
The example is shown as CLI commands and as a Web interface procedure. CLI: Convert the Dynamic Address Learned from 1/0/1 to the Static Address (Netgear Switch)(Interface 1/0/1)#port-security mac-address move Convert the dynamic address learned from 1/0/1 to the static address (Netgear Switch)(Interface 1/0/1)#exit...
Page 230: Create A Static Address
The example is shown as CLI commands and as a Web interface procedure. CLI: Create a Static Address (Netgear Switch) (Interface 1/0/1)#port-security mac-address 00:13:00:01:02:03 Web Interface: Create a Static Address Select Security > Traffic Control > Port Security > Static MAC address. A screen similar to the following displays.
Page 231 (Netgear Switch) #exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/23 (Netgear Switch) (Interface 1/0/23)#vlan pvid 192 (Netgear Switch) (Interface 1/0/23)#vlan participation include 192 (Netgear Switch) (Interface 1/0/23)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan pvid 192 (Netgear Switch) (Interface 1/0/24)#vlan participation include 192...
Page 232 (Netgear Switch) (Vlan)#exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/48 (Netgear Switch) (Interface 1/0/48)#vlan pvid 202 (Netgear Switch) (Interface 1/0/48)#vlan participation include 202 (Netgear Switch) (Interface 1/0/48)#exit (Netgear Switch) (Config)#interface vlan 202 (Netgear Switch) (Interface-vlan 202)#routing (Netgear Switch) (Interface-vlan 202)ip address 10.100.5.34 255.255.255.0 (Netgear Switch) (Interface-vlan 202)#exit Create a DHCP pool to allocated IP addresses to PCs.
Page 233 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure a Protected Port to Isolate Ports on the Switch Create a DHCP pool: Note: This example assumes that the DHCP service is enabled. For information about how to enable the DHCP service, see the Web interface procedure in Configure a DHCP Server in Dynamic Mode on page 333.
Page 234 ProSafe 7000 Managed Switch Release 8.0.3 • In the Network Number field, enter 192.168.1.0. • In the Network Mask field, enter 255.255.255.0. • In the Days field, enter 1. • Click Default Router Addresses. The DNS server address fields display. In the first Router Address field, enter 192.168.1.254.
Page 235 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 202. • In the IP Address field, enter 10.100.5.34. •...
Page 236 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b. Under Configure Routes, in the Route Type list, select Default Route. c. In the Next Hop IP Address field, enter 10.100.5.252. d.
Page 237: 802.1X Port Security
(Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Config)#dot1x system-auth-control (Netgear Switch) (Config)#interface 1/0/19 (Netgear Switch) (Interface 1/0/19)#routing (Netgear Switch) (Interface 1/0/19)#ip address 10.100.5.33 255.255.255.0 (Netgear Switch) (Interface 1/0/19)#dot1x port-control force-authorized Chapter 14.
Page 238 ProSafe 7000 Managed Switch Release 8.0.3 Use RADIUS to authenticate the dot1x users. (Netgear Switch) (Config)#aaa authentication dot1x default radius Configure a RADIUS authentication server. (Netgear Switch) (Config)#radius server host auth 10.100.5.17 Configure the shared secret between the RADIUS client and the server.
Page 239 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply to save the settings. Assign IP address 192.168.1.1/24 to the interface 1/0/1. a.
Page 240 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/19 check box. Now 1/0/19 appears in the Interface field at the top. c.
Page 241 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Port Authentication > Advanced > Port Authentication. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/19 check box. Now 1/0/19 appears in the Interface field at the top. c.
Page 242 ProSafe 7000 Managed Switch Release 8.0.3 c. In the Secret Configured field, select Yes. d. In the Secret field, enter 123456. e. In the Primary Server field, select Yes. f. In the Message Authenticator field, select Enable. g. Click Add. Enable accounting.
Page 243: Create A Guest Vlan
ProSafe 7000 Managed Switch Release 8.0.3 Create a Guest VLAN The guest VLAN feature allows a switch to provide a distinguished service to dot1x unaware clients (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach an external network with no ability to surf the internal LAN Guest 1 RADIUS server...
Page 244 (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/24)#exit Create VLAN 2000, and have 1/0/1 and 1/0/24 as members of VLAN 2000.
Page 245: Create Vlan
ProSafe 7000 Managed Switch Release 8.0.3 Enable the guest VLAN on ports 1/0/1 and 1/0/24. (Netgear Switch) #show dot1x detail 1/0/1 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....Idle Quiet Period (secs)......60 Transmit Period (secs)......
Page 246 ProSafe 7000 Managed Switch Release 8.0.3 c. In the VLAN Type field, select Static. d. Click Add. Add ports to VLAN 2000. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 2000 . c.
Page 247 ProSafe 7000 Managed Switch Release 8.0.3 Make sure that 1/0/12 and 1/0/6 are configured as force authorized before you do this step; otherwise you cannot access the switch through the Web Interface. a. Select Security > Port Authentication > Basic > 802.1x Configuration. A screen similar to the following displays.
Page 248: Assign Vlans Using Radius
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Management Security > Radius > Server Configuration. A screen similar to the following displays. b. In the Radius Server IP Address field, enter 192.168.0.1. c. In the Secret Configured field, select Yes. d.
Page 249 Create VLAN 2000. (Netgear Switch) #network protocol none Changing protocol mode will reset ip configuration. Are you sure you want to continue? (y/n) y (Netgear Switch) #network parms 192.168.0.5 255.255.255.0 (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) #exit Chapter 14.
Page 250 Enable dot1x authentication on the switch (Netgear Switch) (Config)#dot1x system-auth-control Use the RADIUS as the authenticator. (Netgear Switch) (Config)#aaa authentication dot1x default radius Enable the switch to accept VLAN assignment by the RADIUS server. (Netgear Switch) (Config)#authorization network radius Set the RADIUS server IP address.
Page 251 ProSafe 7000 Managed Switch Release 8.0.3 Show the dot1x detail for 1/0/5. (Netgear Switch) #show dot1x detail 1/0/5 Port........... 1/0/5 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....Idle Quiet Period (secs)......60 Transmit Period (secs)......
Page 252 ProSafe 7000 Managed Switch Release 8.0.3 b. For Current Network Configuration Protocol, select the None radio button. c. In the IP Address field, enter 192.168.0.5. d. In the Subnet Mask field, enter 255.255.255.0. e. Click Apply. Create VLAN 2000. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays.
Page 253 ProSafe 7000 Managed Switch Release 8.0.3 Enable dot1x on the switch. Make sure that 1/0/12 and 1/0/6 are configured as force authorized before you do this step; otherwise, you cannot access the switch through the Web Management Interface. a. Select Security > Port Authentication > Basic > 802.1x Configuration. A screen similar to the following displays.
Page 254: Dynamic Arp Inspection
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Management Security > Radius > Server Configuration. A screen similar to the following displays. b. In the Radius Server IP Address field, enter 192.168.0.1. c. In the Secret Configured field, select Yes. d.
Page 255 Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust Chapter 14.
Page 256 86400 Enable ARP inspection in VLAN 1. (Netgear Switch) (Config)# ip arp inspection vlan 1 Now all ARP packets received on ports that are members of the VLAN are copied to the CPU for ARP inspection. If there are trusted ports, you can configure them as trusted in the next step.
Page 257 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 1. c. In the the DHCP Snooping Mode field, select Enable. A screen similar to the following displays.
Page 258 ProSafe 7000 Managed Switch Release 8.0.3 d. Click Apply. A screen similar to the following displays. View the DHCP Snooping Binding table. a. Select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Enable ARP Inspection in VLAN 1. a.
Page 259 ProSafe 7000 Managed Switch Release 8.0.3 c. In the Dynamic ARP Inspection field, select Enable. A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. Now all the ARP packets received on the ports that are member of the VLAN are copied to the CPU for ARP inspection.
Page 260: Static Mapping
00:11:85:ee:54:e9 Configure ARP ACL used for VLAN 1. (Netgear Switch) (Config)# ip arp inspection filter ArpFilter vlan 1 Now the ARP packets from the static client will go through since it has an entry in the ARP. ACL ARP packets from the DHCP client is also through since it has a DHCP snooping entry.
Page 261 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Static Mapping Create an ARP ACL. a. Select Security > Control > Dynamic ARP Inspection > DAI ACL Configuration. b. In the Name field, enter ArpFilter. c. Click Add. A screen similar to the following displays. Configure a rule to allow the static client.
Page 262: Dhcp Snooping
DHCP server DHCP client Figure 30. DHCP Snooping The example is shown as CLI commands and as a Web interface procedure. CLI: Configure DHCP Snooping Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping 262 | Chapter 14. Security Management...
Page 263 ProSafe 7000 Managed Switch Release 8.0.3 Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 264 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b. In the VLAN ID list, select 1. c. For DHCP Snooping Mode, select the Enable radio button. A screen similar to the following displays.
Page 265: Enter Static Binding Into The Binding Database
You can also enter the static binding into the binding database. CLI: Enter Static Binding into the Binding Database Enter the DHCP snooping static binding. (Netgear Switch) (Config)# ip dhcp snooping binding 00:11:11:11:11:11 vlan 1 192.168.10 .1 interface 1/0/2 Chapter 14. Security Management...
Page 266: Maximum Rate Of Dhcp Messages
ProSafe 7000 Managed Switch Release 8.0.3 Check to make sure the binding database has the static entry. (GSM7328S) #show ip dhcp snooping binding Total number of bindings: MAC Address IP Address VLAN Interface Type Lease (Secs) ------------------------ --------------- -------- ----------- ------- ----------- 00:11:11:11:11:11 192.168.10.1...
Page 267 ProSafe 7000 Managed Switch Release 8.0.3 CLI: Configure the Maximum Rate of DHCP Messages Control the maximum rate of DHCP messages. (Netgear Switch) (Interface 1/0/2)# ip dhcp snooping limit rate 5 View the rate configured. (GSM7328S) #show ip dhcp snooping interfaces 1/0/2...
Page 268: Ip Source Guard
HW address: 00:16:76:A7:88:CC Figure 31. IP Source Guard The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Dynamic ARP Inspection Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping 268 | Chapter 14. Security Management...
Page 269 ProSafe 7000 Managed Switch Release 8.0.3 Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 270 ProSafe 7000 Managed Switch Release 8.0.3 b. For DHCP Snooping Mode, select the Enable radio button. c. Click Apply. Enable DHCP snooping in a VLAN. a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b.
Page 271 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Control > DHCP Snooping Interface Configuration. A screen similar to the following displays. b. Select Interface 1/0/1 check box. c. For interface 1/0/1, in the Trust Mode field, select Enable. d.
Page 272 ProSafe 7000 Managed Switch Release 8.0.3 d. Click Apply. A screen similar to the following displays. Set up IP source guard static binding. a. Select Security > Control > IP Source Guard > Binding Configuration. b. Select the Interface 1/0/2 check box. c.
Page 273: Chapter 15 Sntp
It supports SNTP client implemented over UDP, which listens on port 123. Show SNTP (CLI Only) The following are examples of the commands used in the SNTP feature. show sntp (Netgear Switch Routing) #show sntp? <cr> Press Enter to execute the command. client Display SNTP Client Information.
Page 274: Show Sntp Client
ProSafe 7000 Managed Switch Release 8.0.3 show sntp client (Netgear Switch Routing) #show sntp client Client Supported Modes: unicast broadcast SNTP Version: Port: Client Mode: unicast Unicast Poll Interval: Poll Timeout (seconds): Poll Retry: show sntp server (Netgear Switch Routing) #show sntp server Server IP Address: 81.169.155.234...
Page 275: Configure Sntp
The example is shown as CLI commands and as a Web interface procedure. CLI: Configure SNTP NETGEAR switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
Page 276 ProSafe 7000 Managed Switch Release 8.0.3 command to confirm that the time has been received. The time will be used in all logging messages. (Netgear Switch) #show sntp server Server IP Address: 208.14.208.19 Server Type: ipv4 Server Stratum: Server Reference Id: NTP Srv: 208.14.208.3...
Page 277: Set The Time Zone (Cli Only)
Pacific Standard Time (PST), which is 8 hours behind GMT/UTC. (Netgear switch)(config)#clock timezone PST -8 Set the Named SNTP Server The example is shown as CLI commands and as a Web interface procedure.
Page 278 ProSafe 7000 Managed Switch Release 8.0.3 CLI: Set the Named SNTP Server NETGEAR provides SNTP servers accessible by NETGEAR devices. Because NETGEAR might change IP addresses assigned to its time servers, it is best to access an SNTP server by DNS name instead of using a hard-coded IP address. The public time servers available are time-a, time-b, and time-c.
Page 279 ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Management > DNS > DNS Configuration. A screen similar to the following displays. b. Enter the following information: • For DNS Status, select the Enable radio button • In the DNS Server field, enter 192.168.1.1. c.
Page 280: Chapter 16 Tools
Tools This chapter provides the following examples: • Traceroute • Configuration Scripting on page 282 • Pre-Login Banner on page 285 • Port Mirroring on page 286 • Dual Image on page 287 • Outbound Telnet on page 290 Traceroute This section describes the traceroute feature.
Page 281 ProSafe 7000 Managed Switch Release 8.0.3 CLI: Traceroute (Netgear Switch) #traceroute? <ipaddr> Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? <cr> Press Enter to execute the command. <port> Enter port no. (Netgear Switch) #traceroute 216.109.118.74 racing route over a maximum of 20 hops 10.254.24.1...
Page 282: Configuration Scripting
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Traceroute Select Maintenance > Troubleshooting > Traceroute. A screen similar to the following displays. Use this screen to tell the switch to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. Once you click the Apply button, the switch will send three traceroute packets each hop, and the results will be displayed in the result table.
Page 283 Configuration Script Name Size(Bytes) ------------------------- ----------- basic.scr running-config.scr 3201 2 configuration script(s) found. 1020706 bytes free. (Netgear Switch) #script delete basic.scr Are you sure you want to delete the configuration script(s)? (y/n) y 1 configuration script(s) deleted. Chapter 16. Tools | 283...
Page 284 Configuration Script Name Size(Bytes) ------------------------- ---------- running-config.scr 3201 1 configuration script(s) found. 1020799 bytes free. Upload a Configuration Script (Netgear Switch) #copy nvram: script running-config.scr tftp://192.168.77.52/running-config.scr Mode......TFTP Set TFTP Server IP... 192.168.77.52 TFTP Path....TFTP Filename....running-config.scr Data Type....
Page 285: Pre-Login Banner
On your PC, using Notepad create a banner.txt file that contains the banner to be displayed. Login Banner - Unauthorized access is punishable by law. Transfer the file from the PC to the switch using TFTP. (Netgear Switch Routing) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode........... TFTP Set TFTP Server IP......192.168.77.52 TFTP Path......../ TFTP Filename........
Page 286: Port Mirroring
CLI: Specify the Source (Mirrored) Ports and Destination (Probe) (Netgear Switch)#config (Netgear Switch)(Config)#monitor session 1 mode Enable mirror (Netgear Switch)(Config)#monitor session 1 source interface 1/0/2 Specify the source interface. (Netgear Switch)(Config)#monitor session 1 destination interface 1/0/3 Specify the destination interface. (Netgear Switch)(Config)#exit...
Page 287: Dual Image
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Specify the Source (Mirrored) Ports and Destination (Probe) Select Monitoring > Mirroring > Port Mirroring. A screen similar to the following displays. Scroll down and select the Source Port 1/0/2 check box. The value 1/0/2 now appears in the Interface field at the top.
Page 288 Such cases will require user intervention to correct the problem, by using appropriate stacking commands. CLI: Download a Backup Image and Make It Active (Netgear Switch) #copy tftp://192.168.0.1/gsm73xxseps.stk image2 Mode........... TFTP Set Server IP........192.168.0.1 Path...........
Page 289 -------------------------------------------------------------------- 5.11.2.51 8.0.0.2 image1 image1 (Netgear Switch) #boot system image2 Activating image image2 .. (Netgear Switch) #show bootvar Image Descriptions image1 : default image image2 : Images currently available on Flash -------------------------------------------------------------------- unit image1 image2...
Page 290: Outbound Telnet
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Maintenance > File Management > Dual Image Configuration. A screen similar to the following displays. b. Under Dual Image Configuration, scroll down and select the Image 2 check box. The image2 now appears in the Image name field at the top. c.
Page 291 ProSafe 7000 Managed Switch Release 8.0.3 CLI: show network (Netgear Switch Routing) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch Routing) User:admin Password: (Netgear Switch Routing) >en Password: (Netgear Switch Routing) #show network IP Address....... 192.168.77.151 Subnet Mask......255.255.255.0 Default Gateway......192.168.77.127 Burned In MAC Address....
Page 292 (Netgear Switch Routing) (Line)#transport output ? telnet Allow or disallow new telnet sessions. (Netgear Switch Routing) (Line)#transport output telnet ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Line)#transport output telnet (Netgear Switch Routing) (Line)# Web Interface: Configure Telnet Select Security >...
Page 293 ProSafe 7000 Managed Switch Release 8.0.3 Under Outbound Telnet, for Admin Mode, select the Enable radio button. Click Apply. CLI: Configure the session-limit and session-timeout (Netgear Switch Routing) (Line)#session-limit ? <0-5> Configure the maximum number of outbound telnet sessions allowed. (Netgear Switch Routing) (Line)#session-limit 5 (Netgear Switch Routing) (Line)#session-timeout ? <1-160>...
Page 294: Chapter 17 Syslog
Syslog This chapter provides the following examples: • Show Logging on page 295 • Show Logging Buffered on page 297 • Show Logging Traplogs on page 298 • Show Logging Hosts on page 299 • Configure Logging for a Port on page 300 The syslog feature: •...
Page 295: Show Logging
ProSafe 7000 Managed Switch Release 8.0.3 Show Logging The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging (Netgear Switch Routing) #show logging Logging Client Local Port CLI Command Logging disabled Console Logging disabled...
Page 296 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Monitoring > Logs > Command Log. b. Under Command Log, for Admin Status, select the Disable radio button. c. Click Apply. Configure the console log. a. Select Monitoring > Logs > Console Log. b.
Page 297: Show Logging Buffered
Show Logging Buffered The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging Buffered (Netgear Switch Routing) #show logging buffered ? <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging buffered...
Page 298: Show Logging Traplogs
Select Monitoring > Logs > Buffer Logs. A screen similar to the following displays. Show Logging Traplogs The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging Traplogs (Netgear Switch Routing) #show logging traplogs <cr> Press Enter to execute the command.
Page 299: Show Logging Hosts
Show Logging Hosts The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging Hosts (Netgear Switch Routing) #show logging hosts ? <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging hosts...
Page 300: Configure Logging For A Port
(Netgear Switch Routing) (Config)#logging host ? <hostaddress> Enter Logging Host IP Address reconfigure Logging Host Reconfiguration remove Logging Host Removal (Netgear Switch Routing) (Config)#logging host 192.168.21.253 ? <cr> Press Enter to execute the command. <port> Enter Port Id 300 | Chapter 17. Syslog...
Page 301 Press Enter to execute the command. <severitylevel> Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1 ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1...
Page 302: Chapter 18 Switch Stacks
Switch Stacks This chapter describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches running release 4.x.x.x or newer. This chapter includes the following topics: • Switch Stack Management and Connectivity • The Stack Master and Stack Members on page 303 •...
Page 303: The Stack Master And Stack Members
ProSafe 7000 Managed Switch Release 8.0.3 The Stack Master and Stack Members A switch stack is a set of up to 8 switches connected through their stacking ports. The switch that controls the operation of the stack is the stack master. The stack master and the other switches in the stack are stack members.
Page 304: Stack Members
The switch with the highest stack member priority value. Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs.
Page 305: Install And Power-Up A Stack
Many switch models such as the GSM7200PS and GSM7300S series have a Hardware Installation Guide that includes additional information about rack mounting and stack cabling. Compatible Switch Models NETGEAR stackable managed switches include the following models: • FSM7226RS • FSM7250RS •...
Page 306: Switch Firmware
ProSafe 7000 Managed Switch Release 8.0.3 Install a Switch Stack Note: Many models of switches have a Hardware Installation Guide that includes additional information about rack mounting and switch stack cabling. Install the switches in a rack. Install all stacking cables, including the redundant stack link. It is highly recommended that a redundant link be installed.
Page 307: Code Mismatch
NETGEAR recommends that you schedule the firmware upgrade when there is no excessive network traffic (such as a broadcast event). Download new firmware using TFTP or xmodem to the master switch using the copy command.
Page 308: Configure A Stacking Port As An Ethernet Port
ProSafe 7000 Managed Switch Release 8.0.3 Continue with the boot of operational code. Once the stack is up, download the saved configuration back to the master. This configuration should then be automatically propagated to all members of the stack. Copy Master Firmware to a Stack Member (Web Interface) Select System >...
Page 309 (stack) Stack Stack Link Down (Netgear Switch) #config (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 ethernet (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #reload Are you sure you want to reload the stack? (y/n) y After Switch A reboots:...
Page 310 ProSafe 7000 Managed Switch Release 8.0.3 After Switch B reboots: (Netgear Switch) #show port 2/0/28 Admin Physical Physical Link Link LACP Actor Intf Type Mode Mode Status Status Trap Mode Timeout ------ ----- ------- -------- --------- ------ ------- ------ ------...
Page 311: Stack Switches Using 10G Fiber
ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Stacking > Advanced > Stack Port Configuration. A screen similar to the following displays. b. Under Stack Port Configuration, scroll down and select the 1/0/51 check box. c. In the Configured Stack Mode list, select Ethernet. d.
Page 312 Ethernet Ethernet Link Down Since 2/0/28 is in Ethernet mode, it must be changed to stack mode. (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 stack (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config) Reboot Switch B. (Netgear Switch) #reload Management switch has unsaved changes.
Page 313 ProSafe 7000 Managed Switch Release 8.0.3 On Switch A, you see the following: (Netgear Switch) #show switch Management Standby Preconfig Plugged-in Switch Code Switch Status Model ID Model ID Status Version --- ---------- -------- ----------- ----------- --------- ----------- Mgmt Sw...
Page 314: Add, Remove, Or Replace A Stack Member
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Maintenance > Reset > Device Reboot. A screen similar to the following displays. b. In the Reboot Unit No. list, select 2. c. Click Apply. Add, Remove, or Replace a Stack Member Add Switches to an Operating Stack Make sure the redundant stack connection is in place and functional.
Page 315 ProSafe 7000 Managed Switch Release 8.0.3 Connect this cable to the new switch, following the established order of stack-up to stack-down connections. Power up the new switches one by one. Verify, by monitoring the master switch console port, that the new switch joins the stack by issuing the show switch command. The new switch should join as a member (never as master;...
Page 316: Switch Stack Configuration Files
ProSafe 7000 Managed Switch Release 8.0.3 Install the new switch in the rack: • If you are installing the same model switch, put it in the same position in the stack as the one that you just removed. • If you are installing a different model switch you can either put it in the same position as the previous switch, or at the bottom of the stack.
Page 317: Preconfigure A Switch
ProSafe 7000 Managed Switch Release 8.0.3 Table 1. Switch Stack Master Scenarios (Continued) Scenario Action Result Stack master election specifically Assuming that both stack members The stack member with the higher determined by the MAC address. have the same priority value and MAC address is elected stack firmware image, restart both stack master.
Page 318: Renumber Stack Members
• If specific numbering is required, NETGEAR recommends that you assign stack members their numbers when they are first installed and configured in the stack, if possible. •...
Page 319 If you need to reassign multiple existing stack unit numbers, the configuration could become mismatched. To avoid this situation, NETGEAR recommends that you power down all switches except the master, and then add them back one at a time using the...
Page 320: Move The Stack Master To A Different Unit
Make sure that you can log in on the console attached to the new master. Use the show switch command to verify that all units rejoined the stack. NETGEAR recommends that you rest the stack with the reload command after moving the master.
Page 321: Chapter 19 Snmp
Time-Based Sampling of Counters with sFlow on page 329 Add a New Community The example is shown as CLI commands and as a Web interface procedure. CLI: Add a New Community (Netgear switch) #config (Netgear switch) (Config)#snmp-server community rw public@4 Chapter 19. SNMP | 321...
Page 322: Enable Snmp Trap
CLI: Enable SNMP Trap This example shows how to send SNMP trap to the SNMP server. (Netgear switch) #config (Netgear switch) (Config)# snmptrap public 10.100.5.17 Enable send trap to SNMP server 10.100.5.17 (Netgear switch) (Config)#snmp-server traps linkmode Enable send link status to the SNMP server when link status changes.
Page 323: Snmp V3
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Enable SNMP Trap Enable SNMP trap for the server 10.100.5.17. a. Select System > SNMP > SNMP V1/V2 > Trap Configuration. A screen similar to the following displays. b. In the Community Name field, enter public. c.
Page 324 “12345678” (Netgear Switch) (Config)#users snmpv3 authentication admin md5 Set the authentication mode to md5 (Netgear Switch) (Config)#users snmpv3 encryption admin des 12345678 Set the encryption mode to des and the key is “12345678” Web Interface: Configure SNMP V3 Change the user password.
Page 325: Sflow
ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Management > User Configuration. A screen similar to the following displays. b. In the User Name field, select the admin. c. For Authentication Protocol, select the MD5 radio button. d. For Encryption Protocol, select the DES radio button. e.
Page 326 Configure the sFlow receiver timeout. Here sFlow samples will be sent to this receiver for the duration of 31536000 seconds. That is approximately 1 year. (Netgear Switch) (Config)# sflow receiver 1 owner NetMonitor timeout 31536000 326 | Chapter 19. SNMP...
Page 327 You need to repeat these for all the ports to be sampled. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow sampler 1 (Netgear Switch) (Interface 1/0/1)# sflow sampler rate 1024 (Netgear Switch) (Interface 1/0/1)# sflow sampler maxheadersize 64 View the sampling port configurations.
Page 328 ProSafe 7000 Managed Switch Release 8.0.3 In the Receiver Address field, enter 192.168.10.2. A screen similar to the following displays. f. Click Apply. A screen similar to the following displays. Configure the sampling ports sFlow receiver index, sampling rate, and sampling maximum header size.
Page 329: Time-Based Sampling Of Counters With Sflow
Configure the sampling port sFlow receiver index, and polling interval. You need to repeat this for all the ports to be polled. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow poller 1 (Netgear Switch) (Interface 1/0/1)# sflow poller interval View the polling port configurations.
Page 330: Chapter 20 Dns
DNS servers) and to resolve an IP address using the DNS server. The example is shown as CLI commands and as a Web interface procedure. CLI: Specify Two DNS Servers (Netgear Switch)#config (Netgear Switch) (Config)#ip name-server 12.7.210.170 219.141.140.10 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#exit (Netgear Switch)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.46...
Page 331: Manually Add A Host Name And An Ip Address
IP address. The example is shown as CLI commands and as a Web interface procedure. CLI: Manually Add a Host Name and an IP Address (Netgear Switch)#config (Netgear Switch) (Config)#ip host www.netgear.com 206.82.202.46 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.46 Chapter 20.
Page 332 Select System > Management > DNS > Host Configuration. A screen similar to the following displays. Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www.netgear.com. • In the IP Address field, enter 206.82.202.46. Click Add.
Page 333: Chapter 21 Dhcp Server
(Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#vlan routing 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 200 (Netgear Switch) (Interface 1/0/1)#vlan pvid 200 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface vlan 200 (Netgear Switch) (Interface-vlan 200)#routing (Netgear Switch) (Interface-vlan 200)#ip address 192.168.100.1 255.255.255.0...
Page 334 ProSafe 7000 Managed Switch Release 8.0.3 Note: If there is no DHCP L3 relay between client PC and DHCP server, there must be an active route whose subnet is the same as the DHCP dynamic pool’s subnet. Web Interface: Configure a DHCP Server in Dynamic Mode Create VLAN 200.
Page 335 ProSafe 7000 Managed Switch Release 8.0.3 d. Click the gray boxes under ports 1 and 24 until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply. Assign PVID to the VLAN 200. a.
Page 336: Configure A Dhcp Reservation
ProSafe 7000 Managed Switch Release 8.0.3 d. Select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. e. Under DHCP Pool Configuration, enter the following information: • In the Pool Name list, select Create. •...
Page 337 ProSafe 7000 Managed Switch Release 8.0.3 CLI: Configure a DHCP Reservation (Netgear Switch)#config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config)#ip dhcp pool pool_manual (Netgear Switch) (Config)#client-name dhcpclient (Netgear Switch) (Config)#hardware-address 00:01:02:03:04:05 (Netgear Switch) (Config)#host 192.168.200.1 255.255.255.0 (Netgear Switch) (Config)#client-identifier 01:00:01:02:03:04:05...
Page 338 ProSafe 7000 Managed Switch Release 8.0.3 Select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Under DHCP Pool Configuration, enter the following information: • In the Pool Name list, select Create. •...
Page 339: Chapter 22 Double Vlans And Private Vlan Groups
Double VLANs and Private VLAN Groups This chapter includes the following examples: • Double VLANs • Private VLAN Groups on page 343 Double VLANs This section describes how to enable the double DVLAN feature. Double VLANs pass traffic from one customer domain to another through the metro core. Custom VLAN IDs are preserved and a provider service VLAN ID is added to the traffic so the traffic can pass the metro core in a simple and cost-effective manner.
Page 340 1/0/24. This example assumes there is a Layer 2 switch connecting all these devices in your domain. The Layer 2 switch tags the packet going to the NETGEAR switch port 1/0/24. The example is shown as CLI commands and as a Web interface procedure.
Page 341 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Under VLAN Configuration, enter the following information: • In the VLAN ID field, enter 200. • In the VLAN Name field, enter vlan200.
Page 342 ProSafe 7000 Managed Switch Release 8.0.3 • Click the gray box under port 48 once until T displays. The T specifies that the egress packet is tagged for the port. d. Click Apply to save the settings. Change the port VLAN ID (PVID) of port 24 to 200: a.
Page 343: Private Vlan Groups
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > Port DVLAN Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/48 check box. Now 1/0/48 appears in the Interface field at the top. c.
Page 344 ProSafe 7000 Managed Switch Release 8.0.3 The following example creates two groups. Group 1 is in community mode, and Group 2 is in isolated mode. Internet Port 1/0/13 Layer 2 Switch Port 1/0/6 Port 1/0/17 Port 1/0/7 Port 1/0/16 Group 1 Group 2 Figure 2.
Page 345 (Netgear Switch) (Interface 1/0/17)#exit Create a VLAN 200 and include 1/0/6,1/0/7, 1/0/16, and 1/0/17. (Netgear Switch) (Config)# (Netgear Switch) (Config)#private-group name group1 1 mode community Create a private group in community mode. (Netgear Switch) (Config)#private-group name group2 2 mode isolated Create a private group in isolated mode.
Page 346 ProSafe 7000 Managed Switch Release 8.0.3 Add 1/0/16 and 1/0/7 to the private group 1. (Netgear Switch) (Config)#interface range 1/0/16-1/0/17 (Netgear Switch) (conf-if-range-1/0/16-1/0/17)#switchport private-group 2 Add 1/0/16 and 1/0/7 to the private group 2. (Netgear Switch) (conf-if-range-1/0/16-1/0/17)#exit Web Interface: Create a Private VLAN Group Create VLAN 200.
Page 347 ProSafe 7000 Managed Switch Release 8.0.3 b. Under VLAN Membership, in the VLAN ID list, select 200. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 6, 7, 16 and 17 until U displays. The U specifies that the egress packet is untagged for the port.
Page 348 ProSafe 7000 Managed Switch Release 8.0.3 e. Click Add. Add port 6 and 7 to group1. a. Select Security > Traffic Control > Private Group VLAN >Private Group Membership. A screen similar to the following displays. b. In the Group ID list, select 1. c.
Page 349 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Traffic Control > Private Group VLAN > Private Group VLAN > Private Group Membership. A screen similar to the following displays. b. In the Group ID list, select 2. c. Click Unit 2. The ports display. d.
Page 350: Chapter 23 Spanning Tree Protocol
The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Classic STP (802.1d) (Netgear Switch) (Config)# spanning-tree (Netgear Switch) (Config)# spanning-tree forceversion 802.1d (Netgear switch) (Interface 1/0/3)# spanning-tree port mode Chapter 23. Spanning Tree Protocol | 350...
Page 351 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Classic STP (802.1d) Enable 802.1d on the switch. a. Select Switching > STP > STP Configuration. A screen similar to the following displays. b. Enter the following information: • For Spanning Tree Admin Mode, select the Enable radio button. •...
Page 352: Configure Rapid Stp (802.1W)
CLI: Configure Rapid STP (802.1w) (Netgear switch) (Config)# spanning-tree (Netgear switch) (Config)# spanning-tree forceversion 802.1w (Netgear switch) (Interface 1/0/3)# spanning-tree port mode Web Interface: Configure Rapid STP (802.1w) Enable 802.1w on the switch: a. Select Switching > STP > STP Configuration. A screen similar to the following displays.
Page 353: Configure Multiple Stp (802.1S)
(Netgear switch) (Config)# spanning-tree mst vlan 2 12 Associate the mst instance 2 with the VLAN 11 and 12 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 port-priority 128 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 cost 0 Chapter 23. Spanning Tree Protocol...
Page 354 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Multiple STP (802.1s) Enable 802.1s on the switch. a. Select Switching > STP > STP Configuration. A screen similar to the following displays. b. Enter the following information: • For Spanning Tree Admin Mode, select the Enable radio button. •...
Page 355 ProSafe 7000 Managed Switch Release 8.0.3 • In the VLAN Id field, enter 2. • Click Add. • In the VLAN Id field, enter 3. • Click Apply. c. Configure MST ID 2. • In the MST ID field, enter 2. •...
Page 356: Chapter 24 Tunnel
Tunnel There are two methods for Pv6 sites to communicate with each other over the IPv4 network: 6in4 tunnel and 6to4 tunnel. The 6in4 tunnel encapsulates IPv6 traffic over an explicitly configured IPv4 destination or end port of the tunnel with the IP protocol number set to 41. The 6to4 tunnel IPv6 prefix is constructed by prepending 2002 (hex) to the global IPv4 address.
Page 357: Cli: Create A Tunnel
(Netgear Switch) (Config)#ipv6 forwarding (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#ipv6 address 2000::1/64 (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip (Netgear Switch) (Interface tunnel 0)#tunnel source 192.168.1.1...
Page 358 (Netgear Switch) (Config)#ipv6 forwarding (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface 1/0/13)#ip address 192.168.1.2 255.255.255.0 (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#ipv6 address 2000::2/64 (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip (Netgear Switch) (Interface tunnel 0)#tunnel source 192.168.1.2...
Page 359: Web Interface: Create A Tunnel
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Create a Tunnel Configure Switch GSM7328S_1 Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 360 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Port 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. •...
Page 361 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. In the Interface list, select 0/7/1. c. In the IPv6 Prefix field, enter 2000::1. d. In the Length field, enter 64. e.
Page 362 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Basic > Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. For IPv6 Forwarding, select the Enable radio button. d.
Page 363 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Tunnel Configuration. A screen similar to the following displays. b. In the Tunnel Id list, select 0. c. In the Mode list, select 6-in-4-configured. d. In the Source Address field, enter 192.168.1.2. e.
Page 364: Chapter 25 Ipv6 Interface Configuration
(Netgear Switch) (Config)#ipv6 unicast-routing Assign an IPv6 address to interface 1/0/1. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#ipv6 enable (Netgear Switch) (Interface 1/0/1)#ipv6 address 2000::2/64 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) #ping ipv6 2000::2 Send count=3, Receive count=3 from 2000::2 Average round trip time = 1.00 ms...
Page 365 ProSafe 7000 Managed Switch Release 8.0.3 (Netgear Switch) #show ipv6 interface 1/0/1 IPv6 is enabled IPv6 Prefix is ........ FE80::21E:2AFF:FED9:249B/128 2000::2/64 [TENT] Routing Mode........Enabled Administrative Mode......Enabled IPv6 Routing Operational Mode....Enabled Bandwidth........1000000 kbps Interface Maximum Transmit Unit....1500 Router Duplicate Address Detection Transmits...
Page 366: Create An Ipv6 Network Interface
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Interface Configuration. A screen similar to the following displays. b. Under IPv6 Interface Configuration, scroll down and select the Interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. c.
Page 367 To access the switch over an IPv6 network you must first configure it with IPv6 information (IPv6 prefix, prefix length, and default gateway). CLI: Configure the IPv6 Network Interface (Netgear Switch) #network ipv6 enable (Netgear Switch) #network ipv6 address 2001:1::1/64 (Netgear Switch) #network ipv6 gateway 2001:1::2 (Netgear Switch) #show network Interface Status....... Always Up IP Address........
Page 368: Create An Ipv6 Routing Vlan
(Netgear Switch) (Vlan)#exit Add interface 1/0/1 to VLAN 500. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 500 (Netgear Switch) (Interface 1/0/1)#vlan participation pvid 500 (Netgear Switch) (Interface 1/0/1)#exit 368 | Chapter 25. IPv6 Interface Configuration...
Page 369 Assign IPv6 address 2000::1/64 to VLAN 500 and enable IPv6 routing. (Netgear Switch) (Config)#interface vlan 0/4/1 (Netgear Switch) (Interface 0/4/1)#routing (Netgear Switch) (Interface 0/4/1)#ipv6 enable (Netgear Switch) (Interface 0/4/1)#ipv6 address 2000::1/64 (Netgear Switch) (Interface 0/4/1)#exit Enable IPV6 forwarding and unicast routing on the switch. (Netgear Switch) (Config)#ipv6 forwarding...
Page 370 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Create an IPv6 VLAN Routing Interface Create VLAN 500. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 500. c.
Page 371 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b. Under PVID Configuration, scroll down and select the Interface 1/0/1 check box. c. In the PVID (1 to 4093) field, enter 500. d.
Page 372 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Interface Configuration. A screen similar to the following displays. b. Click VLANS. The logical VLAN interface 0/4/2 displays. c. Select the 0/4/2 check box. d. Under IPv6 Interface Configuration, in the IPv6 Mode field, select Enable. e.
Page 373: Chapter 26 Pim
Protocol-Independent-Multicast This chapter provides the following examples: • PIM-DM • PIM-SM on page 397 Note: The PIM protocol can be configured to operate on IPv4 and IPv6 networks. Separate CLI commands are provided for IPv4 and IPv6 operation; however, most configuration options are common to both protocols.
Page 374 ProSafe 7000 Managed Switch Release 8.0.3 Source IP 192.168.1.1 Port 1/0/13 Port 1/0/9 Port 1/0/10 Switch A Switch B Subnet 192.168.3.0/24 Port Port 1/0/1 1/0/11 Port Port 1/0/21 1/0/21 Subnet 192.168.6.0/24 Switch D Switch C Port 1/0/22 Port 1/0/22 Port 1/0/24 Host IP 192.168.4.2...
Page 375 Enable IP multicast forwarding on the switch. (Netgear Switch) (Config)#ip multicast Enable RIP to build the unicast IP routing table. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#ip rip Chapter 26. PIM | 375...
Page 376 (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimdm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/10 (Netgear Switch) (Interface 1/0/10)#routing (Netgear Switch) (Interface 1/0/10)#ip address 192.168.3.2 255.255.255.0 (Netgear Switch) (Interface 1/0/10)#ip rip (Netgear Switch) (Interface 1/0/10)#ip pimdm (Netgear Switch) (Interface 1/0/10)#exit...
Page 377 (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimdm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.5.2 255.255.255.0 (Netgear Switch) (Interface 1/0/21)#ip rip (Netgear Switch) (Interface 1/0/21)#ip pimdm (Netgear Switch) (Interface 1/0/21)#exit...
Page 378 (Netgear Switch) (Interface 1/0/24)#routing (Netgear Switch) (Interface 1/0/24)#ip pimdm (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#ip rip (Netgear Switch) (Interface 1/0/24)#ip address 192.168.4.1 255.255.255.0 (Netgear Switch) (Interface 1/0/24)#exit PIM-DM builds the multicast routes table on each switch. (A) #show ip mcast mroute summary...
Page 379 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure PIM-DM PIM-DM on Switch A Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 380 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/9 check box. Now 1/0/9 appears in the Port field at the top.
Page 381 ProSafe 7000 Managed Switch Release 8.0.3 • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Enable RIP on the interface 1/0/1. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays.
Page 382 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/13 . c. For RIP Admin Mode, select the Enable radio button. d.
Page 383 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM on interfaces 1/0/1,1/0/9, and 1/0/13. Select Routing >...
Page 384 ProSafe 7000 Managed Switch Release 8.0.3 PIM-SM on Switch B: Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 385 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Port 1/0/11 check box. Now 1/0/11 appears in the Port field at the top. c.
Page 386 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/11. c. For RIP Admin Mode, select the Enable radio button. d.
Page 387 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. Click Apply. Enable PIM-SM on interfaces 1/0/10 and 1/0/11. a.
Page 388 ProSafe 7000 Managed Switch Release 8.0.3 PIM-SM on Switch C Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 389 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/22 appears in the Port field at the top.
Page 390 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. For RIP Admin Mode, select the Enable radio button. d.
Page 391 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM on interfaces 1/0/21 and 1/0/22. a.
Page 392 ProSafe 7000 Managed Switch Release 8.0.3 PIM-DM on Switch D: Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 393 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/22 appears in the Interface field at the top. c.
Page 394 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select t 1/0/21. c. For RIP Admin Mode, select the Enable radio button. d.
Page 395 ProSafe 7000 Managed Switch Release 8.0.3 d. Click Apply. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM globally. a.
Page 396 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21, 1/0/22, and 1/0/24 check boxes. c. In the Admin Mode field, select Enable. d.
Page 397: Pim-Sm
ProSafe 7000 Managed Switch Release 8.0.3 b. Scroll down and select the interface 1/0/24 check box. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. PIM-SM Protocol-independent multicast sparse mode (PIM-SM) is used to efficiently route multicast traffic to multicast groups that can span wide area networks where bandwidth is a constraint.
Page 398 Enable IP multicast forwarding on the switch. (Netgear Switch) (Config)#ip multicast Enable RIP to build a unicast IP routing table (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#ip rip 398 | Chapter 26. PIM...
Page 399 (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimsm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip pimsm rp-candidate interface 1/0/11 225.1.1.1 255.255.255.0 Enable the switch to announce its candidacy as a bootstrap router (BSR). (Netgear Switch) (Config)#ip pimsm bsr-candidate interface 1/0/10 30...
Page 400 (Netgear Switch)#configure (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimsm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip pimsm rp-candidate interface 1/0/22 225.1.1.1 255.255.255.0 (Netgear Switch) (Config)#ip pimsm bsr-candidate interface 1/0/21 (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.5.2...
Page 401 ProSafe 7000 Managed Switch Release 8.0.3 (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#routing (Netgear Switch) (Interface 1/0/24)#ip address 192.168.4.1 255.255.255.0 (Netgear Switch) (Interface 1/0/24)#ip rip (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#ip pimsm (Netgear Switch) (Interface 1/0/24)#exit PIM-SM builds the multicast route table on each switch.
Page 402 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure PIM-SM PIM-SM on Switch A Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 403 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/9 check box. Now 1/0/9 appears in the Interface field at the top. c.
Page 404 ProSafe 7000 Managed Switch Release 8.0.3 • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Enable RIP on interface 1/0/1. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays.
Page 405 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. Select 1/0/13 in the Interface field. c. For RIP Admin Mode, select the Enable radio button. d.
Page 406 ProSafe 7000 Managed Switch Release 8.0.3 b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-SM on interfaces 1/0/1,1/0/9, and 1/0/13. a. Select Routing > Multicast > PIM-SM > Interface Configuration. A screen similar to the following displays. b.
Page 407 ProSafe 7000 Managed Switch Release 8.0.3 PIM-SM on Switch B: Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 408 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/11 check box. Now 1/0/11 appears in the Port field at the top.
Page 409 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/11. c. For RIP Admin Mode, select the Enable radio button. d.
Page 410 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-SM on interfaces 1/0/10 and 1/0/11. a.
Page 411 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > Candidate RP Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/11. c. In the Group IP field, enter 225.1.1.1. d. In the Group Mask field, enter 255.255.255.0. Click Add.
Page 412 ProSafe 7000 Managed Switch Release 8.0.3 PIM-SM on Switch C: Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 413 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the 1/0/22 check box. Now 1/0/22 appears in the Interface field at the top. c.
Page 414 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. For RIP Admin Mode, select the Enable radio button. d.
Page 415 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-SM on interfaces 1/0/21 and 1/0/22. a.
Page 416 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > Candidate RP Configuration. A screen similar to the following displays. b. In the Interface list, welect 1/0/22. c. In the Group IP field, enter 225.1.1.1. d. In the Group Mask field, enter 255.255.255.0. e.
Page 417 ProSafe 7000 Managed Switch Release 8.0.3 e. Click Apply. PIM-SM on Switch D Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 418 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/22 appears in the Port field at the top.
Page 419 ProSafe 7000 Managed Switch Release 8.0.3 Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/21. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. Enable RIP on interface 1/0/22.
Page 420 ProSafe 7000 Managed Switch Release 8.0.3 d. Click Apply. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-SM globally. a.
Page 421 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21, 1/0/22, and 1/0/24 check boxes. c. In the Admin Mode field, select Enable. d.
Page 422 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > BSR Candidate Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. In the Hash Mask Length field, enter 30. d.
Page 423 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > IGMP > Interface Configuration. A screen similar to the following displays. b. Under IGMP Routing Interface Configuration, scroll down and select the Interface 1/0/24 check box. c. In the Admin Mode field, select Enable. d.
Page 424: Chapter 27 Dhcp L2 Relay And L3 Relay
DHCP L2 Relay and L3 Relay This chapter includes the following sections: • DHCP L2 Relay • DHCP L3 Relay on page 430 • Confige a DHCP L3 Relay on page 434 DHCP L2 Relay DHCP relay agents eliminate the need to have a DHCP server on each physical network. Relay agents populate the giaddr field and also append the Relay Agent Information option to the DHCP messages.
Page 425 Enable the Option 82 Circuit ID field. (Netgear Switch) (Config)#dhcp l2relay circuit-id vlan 200 Enable the Option 82 Remote ID field. (Netgear Switch) (Config)#dhcp l2relay remote-id rem_id vlan 200 Enable DHCP L2 relay on port 1/0/4. (Netgear Switch) (Config)#interface 1/0/4...
Page 426 (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)# dhcp l2relay (Netgear Switch) (Interface 1/0/5)# vlan pvid 200 (Netgear Switch) (Interface 1/0/5)# vlan participation include 200 (Netgear Switch) (Interface 1/0/5)# exit Enable DHCP L2 relay on port 1/0/6. (Netgear Switch) (Config)#interface 1/0/6 (Netgear Switch) (Interface 1/0/6)# dhcp l2relay Trust packets with option 82 received on port 1/0/6.
Page 427 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID field, select 200. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 4, 5, and 6 until U displays. The U specifies that the egress packet is untagged for the port.
Page 428 ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Services > DHCP L2 Relay > DHCP L2 Relay Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Scroll down and select the VLAN ID 200 check box. d.
Page 429 ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Services > DHCP L2 Relay > DHCP L2 Relay Interface Configuration. A screen similar to the following displays. b. Under DHCP L2 Relay Configuration, scroll down and select the Interface 1/0/6 check box.
Page 430: Dhcp L3 Relay
ProSafe 7000 Managed Switch Release 8.0.3 DHCP L3 Relay This example shows how to configure a DHCP L3 relay on a NETGEAR switch and how to configure DHCP pool to assign IP addresses to DHCP clients using DHCP L3 relay.
Page 431 Create a routing interface and enable RIP on it so that the DHCP server learns the route 10.200.1.0/24 from the DHCP L3 relay. (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 10.100.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/3)#ip rip (Netgear Switch) (Interface 1/0/3)#exit Create a DHCP pool.
Page 432 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the 1/0/3 check box. c. In the IP Address field, enter 10.100.1.1. d.
Page 433 ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. In the IP Range From field, enter 10.200.1.1. d.
Page 434: Confige A Dhcp L3 Relay
Create a routing interface and enable RIP on it. (Netgear Switch) (Config)# (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#routing (Netgear Switch) (Interface 1/0/4)#ip address 10.100.1.2 255.255.255.0 (Netgear Switch) (Interface 1/0/4)#ip rip (Netgear Switch) (Interface 1/0/4)#exit Create a routing interface connecting to the client.
Page 435 ProSafe 7000 Managed Switch Release 8.0.3 Redistribute 10.200.1.0/24 to the RIP such that RIP adviertises this route to the DHCP server. (Netgear Switch) (Config)# (Netgear Switch) (Config)#router rip (Netgear Switch) (Config-router)#redistribute connected (Netgear Switch) (Config-router)#exit Web Interface: Configure a DHCP L3 Relay Enable routing mode on the switch.
Page 436 ProSafe 7000 Managed Switch Release 8.0.3 f. Click Apply to save the settings. Enable RIP on interface 1/0/4. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/4. c.
Page 437 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Route Redistribution. A screen similar to the following displays. b. In the Source field, select Connected. c. In the Redistribute Mode field, select Enable. d. Click Apply to save the settings. Enable DHCP L3 relay.
Page 438: Chapter 28 Mld
Multicast Listener Discovery This chapter provides the following examples: • Configure MLD on page 439 • MLD Snooping on page 452 Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover multicast listeners, the nodes that are configured to receive multicast data packets, on its directly attached interfaces.
Page 439: Configure Mld
2001:1::/64 Port 1/0/21 Switch B Port 1/0/24 2001:3::/64 Host Figure 1. Configure MLD CLI: Configure MLD MLD on Switch A (Netgear Switch) #configure (Netgear Switch) (Config)#ipv6 router ospf (Netgear Switch) (Config-rtr)#router-id 1.1.1.1 (Netgear Switch) (Config)#exit Chapter 28. MLD | 439...
Page 440 (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ipv6 address 2001:1::1/64 (Netgear Switch) (Interface 1/0/1)#ipv6 enable (Netgear Switch) (Interface 1/0/1)#ipv6 pimdm (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (Interface 1/0/1)#exit...
Page 441 (Netgear Switch) (Config)#ip multicast Enable MLD on interface 1/0/24. (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ipv6 address 2001:1::2/64 (Netgear Switch) (Interface 1/0/21)#ipv6 enable (Netgear Switch) (Interface 1/0/21)#ipv6 pimdm (Netgear Switch) (Interface 1/0/21)#ipv6 ospf (Netgear Switch) (Interface 1/0/21)#exit...
Page 442 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. Enable IPv6 unicast routing on the switch. a.
Page 443 ProSafe 7000 Managed Switch Release 8.0.3 b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. Enter the following information: • In the IPv6 Mode field, select Enable. • In the Routing Mode field, select Enable. • In the Admin Mode field, select Enable.
Page 444 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. Select Interface 1/0/13. c. Enter the following information: • In the IPv6 Prefix field, enter 2001:2::1. •...
Page 445 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPFv3 > Advanced > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. In the Admin Mode field, select Enable. d.
Page 446 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM on interfaces 1/0/1 and 1/0/13. a.
Page 447 ProSafe 7000 Managed Switch Release 8.0.3 d. Click Apply to save the settings. MLD on Switch B Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b.
Page 448 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21 and 1/0/24 check boxes. c. Enter the following information: •...
Page 449 ProSafe 7000 Managed Switch Release 8.0.3 Assign an IPv6 address to 1/0/24. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. Under IPv6 Interface Selection, in the Interface field, select 1/0/24 . c.
Page 450 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPFv3 > Advanced > Interface Configuration. A screen similar to the following displays. b. Under OSPFv3 Interface Configuration, scroll down and select the Interface 1/0/21 and 1/0/24 check boxes. c. In the OSPFv3 Interface Configuration, in the Admin Mode field, select Enable. d.
Page 451 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM on interfaces 1/0/21 and 1/0/24. a.
Page 452: Mld Snooping
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > MLD > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable MLD on interface 1/0/24. a.
Page 453 (Netgear Switch) (Vlan)#vlan 300 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 300 (Netgear Switch) (Interface 1/0/1)#vlan pvid 300 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 300...
Page 454 ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure MLD Snooping Create VLAN 300. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 300. c. Click Add. Assign all of the ports to VLAN 300.
Page 455 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 and 1/0/24 check boxes. c. In the PVID (1 to 4093) field, enter 300. d.
Page 456 ProSafe 7000 Managed Switch Release 8.0.3 b. Enter the following information: • In the VLAN ID field, enter 300. • In the Admin Mode field, select Enable. Click Add. 456 | Chapter 28. MLD...
Page 457: Chapter 29 Dvmrp
DVMRP Distance Vector Multicast Routing Protocol The DVMRP is used for multicasting over IP networks without routing protocols to support multicast. The DVMRP is based on the RIP protocol but more complicated than RIP. DVRMP maintains a link-state database to keep track of the return paths to the source of multicast packages.
Page 458: Cli: Configure Dvmrp
(Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface 1/0/13)#ip address 192.168.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.3.2 255.255.255.0 (Netgear Switch)(Interface 1/0/21)#exit Enable IP multicast forwarding on the switch.
Page 459 (Netgear Switch) (Interface 1/0/13)#ip dvmrp (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#ip dvmrp (Netgear Switch) (Interface 1/0/21)#exit (Netgear Switch) #show ip dvmrp neighbor Interface ........1/0/13 Neighbor IP Address ......192.168.2.2 State ......... Active Up Time (hh:mm:ss) ......00:02:40 Expiry Time (hh:mm:ss) ......
Page 460 ProSafe 7000 Managed Switch Release 8.0.3 (Netgear Switch) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ------------- ------------ ---------- --------- --------------- 192.168.1.2 225.0.0.1 DVMRP 1/0/1 1/0/21 DVRMP on Switch B Create routing ports 1/0/13 and 1/0/20.
Page 461 Minor Version ......... 255 Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP...
Page 462 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#ip routing (Netgear Switch) (Interface 1/0/11)#ip address 192.168.3.1 255.255.255.0 (Netgear Switch) (Interface 1/0/11)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.168.4.2 255.255.255.0...
Page 463 More Entries or quit(q) Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP...
Page 464: Web Interface: Configure Dvmrp
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure DVMRP DVMRP on Switch A Enable IP routing on the switch. a. Select Routing > IP > Basic >IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 465 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/13 check box. Now 1/0/13 appears in the Port field at the top.
Page 466 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP > Global Configuration. A screen similar to the following displays.
Page 467 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > DVMRP > Interface Configuration. A screen similar to the following displays. b. Scroll down select the Interface 1/0/1, 1/0/13, and 1/0/21 check boxes. c. In the Interface Mode field, select 300. d.
Page 468 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/13 check box. Now 1/0/13 appears in the Port field at the top.
Page 469 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP> Global Configuration. A screen similar to the following displays.
Page 470 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > DVMRP > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/13 and 1/0/20 check boxes. c. In the Interface Mode field, select Enable. d.
Page 471 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/11 check box. Now 1/0/11 appears in the Port field at the top.
Page 472 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/24 check box. Now 1/0/24 appears in the Port field at the top.
Page 473 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > DVMRP > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable DVMRP on the interface. a.
Page 474 ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > IGMP > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable IGMP on the interface. a.
Page 475: Chapter 30 Captive Portal
Captive Portal This chapter includes the following sections: • Captive Portal Configuration on page 476 • Enable Captive Portal on page 476 • Client Access, Authentication, and Control on page 478 • Block a Captive Portal Instance on page 479 •...
Page 476: Captive Portal Configuration
An interface can only be a physical port on the switch. Software release 8.0 and newer versions can contain up to 10 captive portal configurations. Enable Captive Portal CLI: Enable Captive Portal Enable captive portal on the switch. (Netgear Switch) (config)#captive-portal (Netgear Switch) (Config-CP)#enable 476 | Chapter 30. Captive Portal...
Page 477 (Netgear Switch) (Config-CP)#configuration 1 (Netgear Switch) (Config-CP 1)#enable Enable captive portal instance 1 on port 1/0/1. (Netgear Switch) (Config-CP 1)#interface 1/0/1 Web Interface: Enable Captive Portal Enable captive portal on the switch. a. Select Security > Control > Captive Portal > CP Global Configuration. A screen similar to the following displays.
Page 478: Client Access, Authentication, And Control
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Control > Captive Portal > CP Configuration. A screen similar to the following displays. b. Scroll down and select the CP 1 check box. Now CP 1 appears in the CP ID field at the top.
Page 479: Block A Captive Portal Instance
Block a Captive Portal Instance CLI: Block a Captive Portal Instance (Netgear Switch)(Config-CP 1)#block Web Interface: Block a Captive Portal Instance Select Security > Control > Captive Portal > CP Configuration. A screen similar to the following displays.
Page 480 (Netgear Switch) #config (Netgear Switch) (config)#captive-portal (Netgear Switch)(Config-CP)# user group 2 Create a user whose name is user1. (Netgear Switch) (Config-CP)#user 2 name user1 Configure the user’s password. (Netgear Switch) (Config-CP)#user 2 password Enter password (8 to 64 characters): 12345678 Re-enter password: 12345678 Add the user to the group.
Page 481: Remote Authorization (Radius) User Configuration
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. Create a user. a. Select Security > Control > Captive Portal > CP User Configuration. A screen similar to the following displays. b. Enter the following information: • In the User ID Field, enter 2. •...
Page 482 If the attribute is 0 or not present, then use the value configured for the captive portal. CLI: Configure RADIUS as the Verification Mode (Netgear Switch) (Config-CP 1)#radius-auth-server Default-RADIUS-Server (Netgear Switch) (Config-CP 1)#verification radius 482 | Chapter 30. Captive Portal...
Page 483: Ssl Certificates
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure RADIUS as the Verification Mode Select Security > Control > Captive Portal > CP Configuration. A screen similar to the following displays. Scroll down and select the CP 1 check box. Now CP 1 appears in the CP ID field at the top. Enter the following information: •...
Page 484: Index
Index Numerics CoS queueing 6to4 tunnels 802.1x port security default VLAN DHCP L2 relay DHCP L3 relay ACL mirroring DHCP messages, maximum rate ACL redirect DHCP reservation, configuring ACLs DHCP server, dynamic mode IP ACL configuration DHCP snooping IPv6 isolated VLANs on a Layer 3 switch DiffServ MAC ACLs Auto VoIP...
Page 485 ProSafe 7000 Managed Switch Release 8.0.3 IGMP querier stub area configuration enable VLAN routing status OSPFv3 IGMP snooping outbound Telnet external multicast router multicast router using VLAN show igmpsnooping show ignpsnooping PIM-DM show mac-address-table PIM-SM show mac-address-table igmpsnooping port mirroring IGMPv3 activate backup image interpreting log files...
Page 486 ProSafe 7000 Managed Switch Release 8.0.3 802.1x port security upgrading firmware DHCP messages, maxiumum rate Syslog DHCP snooping show logging IP source guard show logging buffered protected ports syslog static binding static mapping sFlow sFlow, time-based sampling of counters technical support show logging Telnet show logging buffered...

This manual is also suitable for:

Gsm7328sna - prosafe 24 port gigabit l3 managed stackable switch Prosafe 7000

NETGEAR GSM7228PS Software Administration Manual

Chapter 1 Documentation Resources

Chapter 2 Vlans

Chapter 3 Lags

Chapter 4 Port Routing

Chapter 5 VLAN Routing

Chapter 6 RIP

Chapter 7 Ospfv3

Chapter 8 ARP

Chapter 9 VRRP

Chapter 10 Acls

Chapter 11 Cos Queuing

Chapter 12 Diffserv

Chapter 13 IGMP Snooping and Querier

Chapter 14 Security Management

Chapter 15 SNTP

Chapter 16 Tools

Chapter 17 Syslog

Chapter 18 Switch Stacks

Chapter 19 SNMP

Chapter 20 DNS

Chapter 21 DHCP Server

Chapter 22 Double Vlans and Private VLAN Groups

Chapter 23 Spanning Tree Protocol

Chapter 24 Tunnel

Chapter 25 Ipv6 Interface Configuration

Chapter 26 PIM

Chapter 27 DHCP L2 Relay and L3 Relay

Chapter 28 MLD

Chapter 29 DVMRP

Chapter 30 Captive Portal

Index

Quick Links

Related Manuals for NETGEAR GSM7228PS

Summary of Contents for NETGEAR GSM7228PS