NETGEAR, Inc. Technical Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, or get support online, visit us at http://support.netgear.com.
Page 6
ProSafe 7000 Managed Switch Release 8.0.3 The Stack Master and Stack Members ......303 Install and Power-up a Stack ........305 Switch Firmware.
Software Setup Guide • NETGEAR CLI Reference for the Prosafe 7X00 Series Managed Switch. Refer to the Command Line Reference for information about the command structure. There are different documents in this series; choose the appropriate one for your product.
VLANs Virtual LANs This chapter provides the following examples: • Create Two VLANs on page 10 • Assign Ports to VLAN2 on page 12 • Assign Ports to VLAN3 on page 13 • Assign VLAN3 as the Default VLAN for Port 1/0/2 on page 15 •...
The example is shown as CLI commands and as a Web interface procedure. CLI: Create Two VLANS Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan 3 (Netgear Switch) (Vlan)#exit Web Interface: Create Two VLANS Create VLAN2.
Page 11
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 2. • In the VLAN Name field, enter VLAN2. •...
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#vlan port tagging all 2 (Netgear Switch) (Config)# Web Interface: Assign Ports to VLAN2 Assign ports to VLAN2. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays.
1/0/4. Note that port 1/0/2 belongs to both VLANs and that port 1/0/1 can never belong to VLAN 3. CLI: Assign Ports to VLAN3 (Netgear Switch) (Config)#interface range 1/0/2-1/0/4 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#vlan acceptframe all...
Page 14
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Assign Ports to VLAN3 Assign ports to VLAN3. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 3. c.
CLI: Assign VLAN3 as the Default VLAN for Port 1/0/2 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#vlan pvid 3 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Assign VLAN3 as the Default VLAN for Port 1/0/2 Assign VLAN3 as the default VLAN for port 1/0/2.
Page 17
ProSafe 7000 Managed Switch Release 8.0.3 Map MAC 00:00:0A:00:00:02 to VLAN3. (Netgear Switch)(Config)#exit (Netgear Switch)#vlan data (Netgear Switch)(Vlan)#vlan association mac 00:00:00A:00:00:02 3 (Netgear Switch)(Vlan)#exit Add all the ports to VLAN3. (Netgear Switch)#config (Netgear Switch)(Config)#interface range 1/0/1-1/0/28 (Netgear Switch)(conf-if-range-1/0/1-1/0/28)#vlan participation include 3...
Page 18
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 3. c. Click Unit 1. The ports display. d. Click the gray box before Unit 1 until U displays. e.
Create a VLAN protocol group vlan_ipx based on IPX protocol. (Netgear Switch)#config (Netgear Switch)(Config)#vlan protocol group vlan_ipx (Netgear Switch)(Config)#vlan protocol group add protocol 1 ipx Create a VLAN protocol group vlan_ipx based on IP/ARP protocol. (Netgear Switch)(Config)#vlan protocol group vlan_ip...
Page 20
Enable protocol VLAN group 1 and 2 on the interface. (Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 2 (Netgear Switch)(Interface 1/0/11)#exit Web Interface: Create a Protocol-Based VLAN Create the protocol-based VLAN group vlan_ipx.
ProSafe 7000 Managed Switch Release 8.0.3 • In the VLAN field, enter 5. c. Click Add. Add port 11 to the group vlan_ipx. a. Select Switching > VLAN > Advanced > Protocol Based VLAN Group Membership. A screen similar to the following displays. b.
Page 22
Figure 2. IP subnet–based VLAN CLI: Create an IP Subnet–Based VLAN (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#vlan association subnet 10.100.0.0 255.255.0.0 2000 (Netgear Switch) (Vlan)#exit Create an IP subnet–based VLAN 2000. (Netgear Switch) #config (Netgear Switch) (Config)#interface range 1/0/1-1/0/24...
Page 23
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Create an IP Subnet–Based VLAN Create VLAN 2000. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 2000. •...
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > IP Subnet Based VLAN. A screen similar to the following displays. b. Enter the following information: • In the IP Address field, enter 10.100.0.0. • In the Subnet Mask field, enter 255.255.0.0. •...
Page 25
The script in this section shows how to configure Voice VLAN and prioritize the voice traffic. Here the Voice VLAN mode is in VLAN ID 10. CLI: Configure Voice VLAN and Prioritize Voice Traffic Create VLAN 10. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#exit Chapter 2. VLANs...
Page 26
ProSafe 7000 Managed Switch Release 8.0.3 Include the ports 1/0/1 and 1/0/2 in VLAN 10. (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan tagging 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit Configure Voice VLAN globally. (Netgear Switch) (Config)# voice vlan Configure Voice VLAN mode in the interface 1/0/2.
Page 27
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Voice VLAN and Prioritize Voice Traffic Create VLAN 10. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 10. c.
Page 28
ProSafe 7000 Managed Switch Release 8.0.3 c. Select Port 1 and Port 2 as tagged. A screen similar to the following displays. d. Click Apply. Configure Voice VLAN globally. a. Select Switching > VLAN > Advanced > Voice VLAN Configuration. A screen similar to the following displays.
Page 29
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Apply. A screen similar to the following displays. Configure Voice VLAN mode in interface 1/0/2. a. Select Switching > VLAN > Advanced > Voice VLAN Configuration. b. Select the 1/0/2 check box. c.
Page 30
ProSafe 7000 Managed Switch Release 8.0.3 c. In the Class Type list, select All. A screen similar to the following displays. d. Click Add. The Class Name screen displays, as shown in the next step in this procedure. Configure matching criteria for the class as VLAN 10. a.
Page 31
ProSafe 7000 Managed Switch Release 8.0.3 e. Click Apply. A screen similar to the following displays. Create the DiffServ policy PolicyVoiceVLAN. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Name field, enter PolicyVoiceVLAN. c.
Page 32
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Click the Policy PolicyVoiceVLAN. A screen similar to the following displays. c. In the field next to the Assign Queue radio button, select 3. A screen similar to the following displays.
Page 33
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. Select the check boxes for Interfaces 1/0/1 and 1/0/2. c. Set the Policy Name field as PolicyVoiceVLAN. A screen similar to the following displays.
LAGs Link Aggregation Groups This chapter provides the following examples: • Create Two LAGs on page 35 • Add Ports to LAGs on page 36 • Enable Both LAGs on page 38 Link aggregation allows the switch to treat multiple physical links between two end-points as a single logical link.
The example is shown as CLI commands and as a Web interface procedure. CLI: Create Two LAGs (Netgear Switch) #config (Netgear Switch) (Config)#port-channel lag_10 (Netgear Switch) (Config)#port-channel lag_20 (Netgear Switch) (Config)#exit Use the show port-channel all command to show the logical interface IDs you will use to identify the LAGs in subsequent commands.
The example is shown as CLI commands and as a Web interface procedure. CLI: Add Ports to the LAGs (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear Switch) (Interface 0/2)#exit (Netgear Switch) (Config)#interface 0/3 (Netgear Switch) (Interface 0/3)#addport 1/1...
Page 37
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Add Ports to LAGs Add ports to lag_10. a. Select Switching > LAG > LAG Membership. A screen similar to the following displays. b. In the LAG ID list, select LAG 1. c.
ProSafe 7000 Managed Switch Release 8.0.3 Enable Both LAGs The example is shown as CLI commands and as a Web interface procedure. CLI: Enable Both LAGs By default, the system enables link trap notification. (Console) #config (Console) (Config)#port-channel adminmode all (Console) (Config)#exit At this point, the LAGs could be added to VLANs.
Port Routing This chapter provides the following sections: • Port Routing Configuration on page 40 • Enable Routing for the Switch on page 41 • Enable Routing for Ports on the Switch on page 41 • Add a Default Route on page 44 •...
ProSafe 7000 Managed Switch Release 8.0.3 Port Routing Configuration The 7000 Series Managed Switch always supports Layer 2 bridging, but Layer 3 routing must be explicitly enabled, first for the 7000 Series Managed Switch as a whole, and then for each port that is to be part of the routed network.
Use the following command to enable routing for the switch. Execution of the command enables IP forwarding by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Web Interface: Enable Routing for the Switch Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays.
Page 43
ProSafe 7000 Managed Switch Release 8.0.3 Assign IP address 192.150.3.1/24 to interface 1/0/3. a. Select Routing > IP> Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top.
ProSafe 7000 Managed Switch Release 8.0.3 • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Add a Default Route When IP routing takes place on a switch, a routing table is needed for the switch to forward the packet based on the destination IP address.
ProSafe 7000 Managed Switch Release 8.0.3 • The Preference field is optional. A value of 1 (highest) will be assigned by default if not specified. Click the Add button on the bottom of the screen. This creates the default route entry in the routing table.
Page 46
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Add a Static Route Select Routing > Routing Table > Basic > Route Configuration to display the Route Configuration screen. In the Route Type list, select Static. Fill in the Network Address field. Note that this field ishould have a network IP address, not a host IP address.
VLAN Routing This chapter provides the following examples: • Create Two VLANs on page 47 • Set Up VLAN Routing for the VLANs and the Switch on page 52 You can configure the 7000 Series Managed Switch with some ports supporting VLANs and some supporting routing.
Page 49
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Create Two VLANs Create VLAN 10 and VLAN20. a. Select Switching > VLAN > Advanced > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 10. c.
Page 50
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID field, select 10. c. Click the Unit 1. The ports display. d. Click the gray boxes under ports 1 and 2 until T displays. The T specifies that the egress packet is tagged for the port.
Page 51
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > Port PVID Configuraton. A screen similar to the following displays. b. Scroll down and select 1/0/1 and 1/0/2 check boxes. c. In the PVID (1 to 4093) field, enter 10. d.
The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface-vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface-vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface-vlan 20)#ip address 192.150.4.1 255.255.255.0...
Page 53
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Set Up VLAN Routing for the VLANs and the Switch Select Routing > VLAN> VLAN Routing. A screen similar to the following displays. Enter the following information: • In the VLAN ID (1 to 4093) list, select 10. •...
Routing Information Protocol This chapter provides the following examples: • Routing for the Switch on page 55 • Routing for Ports on page 56 • RIP for the Switch on page 57 • RIP for Ports 1/0/2 and 1/0/3 on page 58 •...
The example is shown as CLI commands and as a Web interface procedure. CLI: Enable Routing for the Switch (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Web Interface: Enable Routing for the Switch Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays.
RIP is enabled by default. CLI: Enable RIP on the Switch This sequence enables RIP for the switch. The route preference defaults to 15. (Netgear Switch) #config (Netgear Switch) (Config)#router rip (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#exit (Netgear Switch) (Config)#exit Chapter 6.
RIPv1 and RIPv2 frames, but send only RIPv2-formatted frames. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip rip (Netgear Switch) (Interface 1/0/2)#ip rip receive version both (Netgear Switch) (Interface 1/0/2)#ip rip send version rip2 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3...
Page 59
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Enable RIP for Ports 1/0/2 and 1/0/3 Select Routing > RIP > Advanced > RIP Configuration. A screen similar to the following displays. Enter the following information: • In the Interface field, select 1/0/2. •...
Page 62
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure VLAN Routing with RIP Support Configure a VLAN and include ports 1/0/2 in the VLAN: a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b.
Page 63
ProSafe 7000 Managed Switch Release 8.0.3 d. Click the gray box under port 3 until T displays. The T specifies that the egress packet is tagged for the port. Click Apply to save the VLAN that includes port 3. Enable RIP on the switch (you can skip this step since the RIP is enabled by default). a.
Page 64
OSPF Open Shortest Path First This chapter provides the following examples: • Inter-area Router on page 65 • OSPF on a Border Router on page 70 • Stub Areas on page 75 • nssa Areas on page 84 • VLAN Routing OSPF on page 93 •...
Area 3 Figure 9. Network segment with an inter-area router connecting areas 0.0.0.2 and 0.0.0.3 CLI: Configure an Inter-area Router Enable routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Chapter 7. OSPF | 65...
Page 67
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure an Inter-area Router Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 68
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. c.
Page 69
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Apply to save the settings. Enable OSPF on port 1/0/2. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Scroll downand select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top.
Page 71
Enable OSPF for the ports, and set the OSPF priority and cost for the ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip ospf (Netgear Switch) (Interface 1/0/2)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface 1/0/2)#ip ospf priority 128 (Netgear Switch) (Interface 1/0/2)#ip ospf cost 32 (Netgear Switch) (Interface 1/0/2)#exit...
Page 72
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. c.
Page 73
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/4 check box. Now 1/0/4 appears in the Interface field at the top. c.
Page 74
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Apply to save the settings. Enable OSPF on the port 1/0/2. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top.
ProSafe 7000 Managed Switch Release 8.0.3 • In the Priority field, enter 255. • In the Metric Cost field, enter 64. c. Click Apply to save the settings. Enable OSPF on port 1/0/4. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays.
Page 76
Configure area 0.0.0.1 as a stub area (Netgear Switch) (Config-router)#area 0.0.0.1 stub Switch A injects a default route only to area 0.0.0.1. (Netgear Switch) (Config-router)#no area 0.0.0.1 stub summarylsa (Netgear Switch) (Config-router)#exit Enable OSPF area 0 on ports 2/0/11. (Netgear Switch) (Config)#interface 2/0/11 (Netgear Switch) (Interface 2/0/11)#routing (Netgear Switch) (Interface 2/0/11)#ip address 192.168.10.1 255.255.255.0...
Page 77
ProSafe 7000 Managed Switch Release 8.0.3 (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State ---------------- ----------- ------------------- --------- 4.4.4.4 192.168.10.2 2/0/11 Full 2.2.2.2 192.168.20.2 2/0/19 Full (Netgear Switch) #show ip route Total Number of Routes......
Page 78
ProSafe 7000 Managed Switch Release 8.0.3 b. Scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.10.1. • In the Network Mask field, enter 255.255.255.0.
Page 79
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top. •...
Page 80
Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#router ospf Set the router ID to 2.2.2.2. (Netgear Switch) (Config-router)#router-id 2.2.2.2 Configure area 0.0.0.1 as a stub area. (Netgear Switch) (Config-router)#area 0.0.0.1 stub 80 | Chapter 7. OSPF...
Page 82
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. c.
Page 83
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. •...
Page 86
ProSafe 7000 Managed Switch Release 8.0.3 Assign IP address 192.168.10.1 to port 2/0/11. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top.
Page 87
ProSafe 7000 Managed Switch Release 8.0.3 Specify the router ID, and enable OSPF for the switch. a. Select Routing > OSPF > Basic > OSPF Configuration. A screen similar to the following displays. b. Under OSPF Configuration, in the Router ID field, enter 2.2.2.2. c.
Page 88
In the Import Summary LSA’s field, select Disable. c. Click Add to save the settings. CLI: Configure Area 1 as an nssa Area on A2 Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#router ospf 88 | Chapter 7. OSPF...
Page 90
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Area 1 as an nssa Area on A2 Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b.
Page 91
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Under Configuration, scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. c.
Page 92
ProSafe 7000 Managed Switch Release 8.0.3 b. Enter the following information: • In the Interface field, select 1/0/11. • For RIP Admin Mode, select the Enable radio button. c. Click Apply to save the settings. Enable OSPF on port 1/0/15. a.
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPF > Advanced > Route Redistribution. A screen similar to the following displays. b. Under Route Redistribution, in the Available Source list, select RIP. c. Click Add to add a route redistribution. VLAN Routing OSPF For larger networks Open Shortest Path First (OSPF) is generally used in preference to RIP.
Page 96
ProSafe 7000 Managed Switch Release 8.0.3 Click the gray box under port 2 until T displays. The T specifies that the egress packet is tagged for the port. Click Apply to save the VLAN that includes ports 2. Configure a VLAN, and include port 1/0/3 in the VLAN. a.
Page 97
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, click VLANS to show all the VLAN interfaces. c. Scroll down and select the interface 0/2/1 check box. Now 0/2/1 appears in the Interface field at the top.
IPv4, and OSPFv3 works with IPv6. The following example shows how to configure OSPFv3 on a IPv6 network. Switch A1 Switch A2 Area 0 Figure 12. OSPFv3 Protocol for IPv6 CLI: Configure OSPFv3 On A1, enable IPv6 unitcast routing on the switch. (Netgear Switch) (Config)#ipv6 unicast-routing 98 | Chapter 7. OSPF...
Page 99
(Netgear Switch) (Interface 1/0/1)#ipv6 enable Enable OSPFv3 on the interface 1/0/1, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (Interface 1/0/1)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor Router ID Priority...
Page 100
ProSafe 7000 Managed Switch Release 8.0.3 Enable OSPFv3 on interface 1/0/13, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/13)#ipv6 ospf (Netgear Switch) (Interface 1/0/13)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor Router ID Priority...
Page 101
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. c.
Page 102
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPFv3 > Advanced > Interface Configuration. A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. •...
IP address is an address configured on the interface where the ARP request arrived. Proxy ARP Examples The following are examples of the commands used in the proxy ARP feature. CLI: show ip interface (Netgear Switch) #show ip interface ? <slot/port> Enter an interface in slot/port format. brief Display summary information about IP configuration settings for all ports.
Page 104
ProSafe 7000 Managed Switch Release 8.0.3 CLI: ip proxy-arp (Netgear Switch) (Interface 0/24)#ip proxy-arp ? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 0/24)#ip proxy-arp Web Interface: Configure Proxy ARP on a Port Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays.
VRRP Virtual Router Redundancy Protocol This chapter provides the following examples: • VRRP on a Master Router on page 106 • VRRP on a Backup Router on page 108 When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network.
1/0/2 is the same as the port’s actual IP address therefore, this router will always be the VRRP master when it is active. The default priority is 255. (Netgear Switch) (Interface 1/0/2)#ip vrrp 20 ip 192.150.2.1 Enable VRRP on the port.
Page 107
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure VRRP on a Master Router Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. Click Apply to save the settings.
Configure the IP addresses and subnet masks for the port that will participate in the protocol. (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#routing (Netgear Switch) (Interface 1/0/4)#ip address 192.150.4.1 255.255.0.0 (Netgear Switch) (Interface 1/0/4)#exit 108 | Chapter 9. VRRP...
Page 109
1/0/4 is the same as Router 1’s port 1/0/2 actual IP address, this router will always be the VRRP backup when Router 1 is active. (Netgear Switch) (Interface 1/0/4)#ip vrrp 20 ip 192.150.2.1 Set the priority for the port. The default priority is 100.
Page 110
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/4 check box. Now 1/0/4 appears in the Interface field at the top. c.
ACLs Access Control Lists This chapter describes the Access Control Lists (ACLs) feature. The following examples are provided: • MAC ACLs on page 112 • Set Up an IP ACL with Two Rules on page 113 • One-Way Access Using a TCP Flag in an ACL on page 117 •...
ProSafe 7000 Managed Switch Release 8.0.3 MAC ACLs MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet (limited by platform): • Source MAC address with mask. • Destination MAC address with mask. •...
IP address (after the mask has been applied), that are carrying TCP traffic, and that are sent to the specified destination IP address. Enter these commands: (Netgear Switch) #config (Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Chapter 10. ACLs | 113...
Page 114
Define the second rule for ACL 101 to set conditions for UDP traffic similar to those for TCP traffic. (Netgear Switch) (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted.
Page 115
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add to create a new rule. Create a new ACL rule and add it to ACL 101. a. After you click the Add button in step 2, A screen similar to the following displays. a.
Page 116
ProSafe 7000 Managed Switch Release 8.0.3 a. After you click the Add button in step 3, a screen similar to the following displays. b. Under Extended ACL Rule Configuration, enter the following information: • In the Rule ID (1 to 23) field, enter 22. •...
ProSafe 7000 Managed Switch Release 8.0.3 • In the ACL ID list, select 10. • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d. Click the gray box under port 2. A check mark displays in the box. e.
Page 119
(Netgear Switch) (Config)#ip route 192.168.50.0 255.255.255.0 192.168.200.2 Create an ACL that denies all the packets with TCP flags +syn-ack. (Netgear Switch) (Config)#access-list 101 deny tcp any flag +syn -ack Create an ACL that permits all the IP packets. (Netgear Switch) (Config)#access-list 102 permit ip any Apply ACLs 101 and 102 to port 0/44;...
Page 122
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays.n the VLAN Routing Wizard, b. In the VLAN Routing Wizard, enter the following information: • In the Vlan ID field, enter 30. •...
Page 123
ProSafe 7000 Managed Switch Release 8.0.3 • In the IP Address field, enter 192.168.100.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 13 twice until U displays. The U specifies that the egress packet is untagged for the port.
Page 124
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. Under IP Configuration, make the following selections: • For Routing Mode, select the Enable radio button. •...
Page 125
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b. Under Configure Routes, make the following selection and enter the following information: • In the Route Type list, select Static. •...
Page 126
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL Table, in the IP ACL ID field, enter 102. c. Click Add. Add and configure an IP extended rule that is associated with ACL 101.
Page 127
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 128
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 129
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Unit 1. The ports display. d. Click the gray box under port 44. A check mark displays in the box. e. Click Apply to save the settings. Apply ACL 102 to port 44. a.
Page 130
ProSafe 7000 Managed Switch Release 8.0.3 • In the IP Address field, enter 192.168.40.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 24 twice until U displays. The U specifies that the egress packet is untagged for the port.
Page 131
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 200. • In the IP Address field, enter 192.168.200.2. •...
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. Create a static route with IP address 192.168.30.0/24: a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b. Under Configure Routes, make the following selection and enter the following information: •...
Page 135
ProSafe 7000 Managed Switch Release 8.0.3 Create ACL 101 to deny all traffic that has the destination IP address 192.168.24.0/24. (Netgear Switch) (Config)#access-list 101 deny ip any 192.168.24.0 0.0.0.255 Create ACL 102 to deny all traffic that has the destination IP address 192.168.48.0/24.
Page 136
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 24. • In the IP Address field, enter 192.168.24.1. •...
Page 137
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Unit 1. The ports display. d. Click the gray box under port 48 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 48. Create VLAN 38 with IP address 10.100.5.34.
Page 138
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Apply to enable IP routing. Create an ACL with ID 101. a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL Table, in the IP ACL ID field, enter 101. c.
Page 139
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL ID field of the IP ACL Table, enter 103. c. Click Add. Add and configure an IP extended rule that is associated with ACL 101: a.
Page 140
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 141
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 142
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 143
ProSafe 7000 Managed Switch Release 8.0.3 • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d. Click the gray box under port 24. A check mark displays in the box. e. Click Apply to save the settings. Apply ACL 101 to port 48: a.
CLI: Set up a MAC ACL with Two Rules Create a new MAC ACL acl_bpdu. (Netgear Switch) # (Netgear Switch) #config (Netgear Switch) (Config)#mac access-list extended acl_bpdu Deny all the traffic that has destination MAC 01:80:c2:xx:xx:xx. (Netgear Switch) (Config-mac-access-list)#deny any 01:80:c2:00:00:00 00:00:00:ff:ff:ff 144 |...
Page 145
(Netgear Switch) (Config-mac-access-list)#exit Apply the MAC ACL acl_bpdu to port 1/0/2. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#mac access-group acl_bpdu in Web Interface: Set up a MAC ACL with Two Rules Create MAC ACL 101 on the switch. a. Select Security > ACL > MAC ACL. A screen similar to the following displays.
Page 146
ProSafe 7000 Managed Switch Release 8.0.3 c. Enter the following information in the Rule Table. • In the ID field, enter 1. • In the Destination MAC field, enter 01:80:c2:00:00:00. • In the Destination MAC Mask field, enter 00:00:00:ff:ff:ff. d. Click the Add button. Create a another rule associated with the ACL acl_bpdu.
ProSafe 7000 Managed Switch Release 8.0.3 • In the Sequence Number field, enter 1. c. Click the Unit 1. The ports display. d. Click the gray box under port 2. A check mark displays in the box. e. Click Apply to save the settings. ACL Mirroring This feature extends the existing port mirroring functionality by allowing you to mirror a designated traffic stream in an interface using ACL rules.
Page 148
Create an IP access control list with the name monitorHost. (Netgear Switch) (Config)# ip access-list monitorHost Define the rules to match host 10.0.0.1 and to permit all others. (Netgear Switch) (Config-ipv4-acl)# permit ip 10.0.0.1 0.0.0.0 any mirror 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Bind the ACL with interface 1/0/1.
Page 149
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL ID field, enter monitorHost. c. Click Add to create ACL monitorHost, and the following screen displays: Create a rule to match host 10.0.0.1 in the ACL monitorHost.
Page 150
ProSafe 7000 Managed Switch Release 8.0.3 b. Click Add, and the Extended ACL Rule Configuration screen displays. c. In the Rule ID field, enter 1. d. For Action, select the Permit radio button. e. In the Mirror Interface list, select 1/0/19. f.
Page 151
ProSafe 7000 Managed Switch Release 8.0.3 b. Click Add, and a screen similar to the following displays. c. In the Rule ID field, enter 2. d. Select the Permit radio button. e. In the Match Every field, select True. f. Click Apply. At the end of this configuration a screen similar to the following displays.
ProSafe 7000 Managed Switch Release 8.0.3 e. Click Apply. A screen similar to the following displays. ACL Redirect This feature redirects a specified traffic stream to a specified interface. Other network 1/0/1 1/0/19 GSM73xxS HTTP packets Workstation Web server Workstation Other packets Figure 18.
Page 153
(Netgear Switch) (Config)#ip access-list redirectHTTP Define a rule to match the HTTP stream and define a rule to permit all others. (Netgear Switch) (Config-ipv4-acl)# permit tcp any any eq http redirect 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Bind the ACL with interface 1/0/1.
Page 154
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL field, enter redirectHTTP. c. Click Add to create the IP ACL redirectHTTP. A screen similar to the following displays.
Page 155
ProSafe 7000 Managed Switch Release 8.0.3 b. Click Add, and the Extended ACL Rule Configuration screen displays. c. In the Rule ID field, enter 1. d. For Action, select the Permit radio button. e. In the Redirect Interface list, select 1/0/19. f.
Page 156
ProSafe 7000 Managed Switch Release 8.0.3 b. Click Add, and the Extended ACL Rule Configuration screen displays. c. In the Rule ID field, enter 2. d. For Action, select the Permit radio button. e. In the Match Every field, select True. f.
ProSafe 7000 Managed Switch Release 8.0.3 d. Select the check box below Port 1. e. Click Apply. At the end of this configuration a screen similar to the following displays. Configure IPv6 ACLs This feature extends the existing IPv4 ACL by providing support for IPv6 packet classification.
Page 158
Rule-3. Permits IPv6 HTTP traffic to any destination. CLI: Configure an IPv6 ACL Create the access control list with the name ipv6-acl. (Netgear Switch) (Config)# ipv6 access-list ipv6-acl Define three rules to: • Permit any IPv6 traffic to the destination network 2001:DB8:C0AB:AC14::/64 from the source network 2001:DB8:C0AB:AC11::/64.
Page 159
2001:DB8:C0AB:AC14::/64 (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 2001:DB8:C0AB:AC13::/64 eq telnet (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 any eq http Apply the rules to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/1...
Page 160
ProSafe 7000 Managed Switch Release 8.0.3 Rule Number: 3 Action......... permit Protocol........6(tcp) Source IP Address......2001:DB8:C0AB:AC11::/64 Destination L4 Port Keyword....80(www/http) Web Interface: Configure an IPv6 ACL Create the access control list with the name ipv6-acl a. Select Security > ACL > Advanced > IPv6 ACL. b.
Page 161
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. d. In the Rule ID field, enter 1. e. For Action, select the Permit radio button. f. In the Source Prefix field, enter 2001:DB8:C0AB:AC11::. g. In the Source Prefix Length field, enter 64. h.
Page 162
ProSafe 7000 Managed Switch Release 8.0.3 h. In the Destination L4 Port list, select telnet. A screen similar to the following displays. Click Apply. Add Rule 3. a. In the Rule ID field, enter 3. b. For Action, select the Permit radio button. c.
Page 163
ProSafe 7000 Managed Switch Release 8.0.3 b. In the ACL ID list, select ipv6-acl. c. In the Sequence Number list, select 1. d. Click Unit 1. e. Select Port 1. A screen similar to the following displays. f. Click Apply. A screen similar to the following displays. View the binding table.
CoS Queuing Class of Service Queuing This chapter describes Class of Service (CoS) queue mapping, CoS Configuration, and traffic shaping features. This chapter provides the following examples: • Show classofservice Trust on page 166 • Set classofservice Trust Mode on page 167 •...
ProSafe 7000 Managed Switch Release 8.0.3 CoS Queue Mapping CoS queue mapping uses trusted and untrusted ports. Trusted Ports • The system takes at face value certain priority designations for arriving packets. • Trust applies only to packets that have that trust information. •...
The example is shown as CLI commands and as a Web interface procedure. CLI: Show classofservice Trust To use the CLI to show CoS trust mode, use these commands: (Netgear Switch) #show classofservice trust? <cr> Press Enter to execute the command.
Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Config)#classofservice trust dot1p? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#classofservice trust dot1p Web Interface: Set classofservice Trust Mode Select QoS >...
In the Global Trust Mode list, select trust dot1p. Click Apply to save the settings. Show classofservice IP-Precedence Mapping The example is shown as CLI commands and as a Web interface procedure. CLI: Show classofservice IP-Precedence Mapping (Netgear Switch) #show classofservice ip-precedence-mapping IP Precedence Traffic Class ------------- ------------- Web Interface: Show classofservice ip-precedence Mapping Select QoS >...
Enter the minimum bandwidth percentage for Queue 0. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict? <queue-id> Enter a Queue Id from 0 to 7.
ProSafe 7000 Managed Switch Release 8.0.3 c. Under Interface Queue Configuration, scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. d. Enter the following information: • In the Minimum Bandwidth field, enter 15. •...
Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p Note: The traffic class value range is 0–-6 instead of 0–-7 because queue...
Page 172
CLI: Configure traffic-shape (Netgear Switch) (Config)#traffic-shape? <bw> Enter the shaping bandwidth percentage from 0 to 100 in increments of 5. (Netgear Switch) (Config)#traffic-shape 70? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#traffic-shape 70 (Netgear Switch) (Config)# Web Interface: Configure Traffic Shaping Set the shaping bandwidth percentage to 70 percent.
DiffServ D iff er en tia ted Se rv ices This chapter provides the following examples: • DiffServ on page 174 • DiffServ for VoIP on page 190 • Auto VoIP on page 197 • DiffServ for IPv6 on page 201 •...
ProSafe 7000 Managed Switch Release 8.0.3 • Class. A class consists of a set of rules that identify which packets belong to the class. Inbound traffic is separated into traffic classes based on Layer 3 and Layer 4 header data and the VLAN ID, and marked with a corresponding DSCP value.
Page 175
Create a DiffServ class of type all for each of the departments, and name them. Define the match criteria of source IP address for the new classes. (Netgear Switch) (Config)#class-map match-all finance_dept (Netgear Switch) (Config class-map)#match srcip 172.16.10.0 255.255.255.0 (Netgear Switch) (Config class-map)#exit (Netgear Switch) (Config)#class-map match-all marketing_dept (Netgear Switch) (Config class-map)#match srcip 172.16.20.0 255.255.255.0...
Page 176
(Netgear Switch) (Config policy-map)#exit Attach the defined policy to interfaces 1/0/1 through 1/0/4 in the inbound direction. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#service-policy in internet_access (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#service-policy in internet_access...
Page 177
It is presumed that the switch will forward this traffic to interface 1/0/5 based on a normal destination address lookup for Internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit Web Interface: Configure DiffServ Enable Diffserv.
Page 178
ProSafe 7000 Managed Switch Release 8.0.3 d. Click the finance_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.10.0. • In the Source Mask field, enter 255.255.255.0. f.
Page 179
ProSafe 7000 Managed Switch Release 8.0.3 d. Click marketing_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.20.0. • In the Source Mask field, enter 255.255.255.0. f. Click Apply. Create the class test_dept: a.
Page 180
ProSafe 7000 Managed Switch Release 8.0.3 d. Click test_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.30.0. • In the Source Mask field, enter 255.255.255.0. f. Click Apply. Create class development_dept.
Page 181
ProSafe 7000 Managed Switch Release 8.0.3 d. Click development_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.40.0. • In the Source Mask field, enter 255.255.255.0. f. Click Apply. Create a policy named internet_access and add the class finance_dept to it.
Page 182
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the internet_access check box. internet_access now appears in the Policy Selector field at the top. c.
Page 183
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the internet_access check box. Now internet_access appears in the Policy Selector field at the top. c.
Page 184
ProSafe 7000 Managed Switch Release 8.0.3 b. Click the internet_access check box for the member class finance_dept. A screen similar to the following displays. c. In the Assign Queue list, select 1. d. Click Apply. Assign queue 2 to marketing_dept. a.
Page 185
ProSafe 7000 Managed Switch Release 8.0.3 b. Click the internet_access check box for marketing_dept. A screen similar to the following displays. c. In the Assign Queue list, select 2. d. Click Apply. Assign queue 3 to test_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays.
Page 186
ProSafe 7000 Managed Switch Release 8.0.3 b. Click the internet_access check mark for test_dept. A screen similar to the following displays. c. In the Assign Queue list, select 3. d. Click Apply. Assign queue 4 to development_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays.
Page 187
ProSafe 7000 Managed Switch Release 8.0.3 b. Click the internet_access check mark for development_dept. A screen similar to the following displays. c. In the Assign Queue list, select 4. d. Click Apply. Attach the defined policy to interfaces 1/0/1 through 1/0/4 in the inbound direction. a.
Page 188
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > CoS > Advanced > Interface Queue Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/5 check box. Now 1/0/5 appears in the Interface field at the top. c.
Page 189
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > CoS > Advanced > Interface Queue Configuration. A screen similar to the following displays. b. Under Interface Queue Configuration, scroll down and select the interface 1/0/5 check box. Now 1/0/5 appears in the Interface field at the top. c.
Enter Global configuration mode. Set queue 5 on all ports to use strict priority mode. This queue will be used for all VoIP packets. Activate DiffServ for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#cos-queue strict 5 (Netgear Switch) (Config)#diffserv 190 |...
Page 191
(Netgear Switch) (Config)#class-map match-all class_ef (Netgear Switch) (Config class-map)#match ip dscp ef (Netgear Switch) (Config class-map)#exit Create a DiffServ policy for inbound traffic named pol_voip, then add the previously created classes class_ef and class_voip as instances within this policy.
Page 192
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Diffserv for VoIP Set queue 5 on all interfaces to use strict mode. a. Select QoS > CoS > Advanced > CoS Interface Configuration. A screen similar to the following displays. b. Under Interface Queue Configuration, select all the interfaces. c.
Page 193
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > DiffServ Configuration. A screen similar to the following displays. b. In the Class Name field, enter class_voip. c. In the Class Type list, select All. Click Add to create a new class. e.
Page 194
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > DiffServ Configuration. A screen similar to the following displays. b. In the Class Name field, enter class_ef. c. In the Class Type list, select All. Click Add to create a new class. e.
Page 195
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Selector field, enter pol_voip. c. In the Member Class list, select class_voip. d. Click Add to create a new policy. e.
Page 196
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the pol_voip check box. Pol_voip now appears in the Policy Selector field at the top. c.
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Service Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. c.
Page 198
The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Auto VoIP This script in this section shows how to set up auto VoIP system-wide. Enable auto VoIP on all the interfaces in the device. (Netgear Switch) (Config)# auto-voip all 198 | Chapter 12. DiffServ...
Page 199
ProSafe 7000 Managed Switch Release 8.0.3 View the auto VoIP information: (Netgear Switch) # show auto-voip interface all Interface Auto VoIP Mode Traffic Class --------- -------------- ------------- 1/0/1 Enabled 1/0/2 Enabled 1/0/3 Enabled 1/0/4 Enabled 1/0/5 Enabled 1/0/6 Enabled 1/0/7...
Page 200
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Auto-VoIP Enable auto VoIP for all the interfaces in the device. a. Select QoS > DiffServ > Auto VoIP. A screen similar to the following displays. b. Select the check box in the first row to select all the interfaces. c.
The example is shown as CLI commands and as a Web interface procedure. CLI: Configure DiffServ for IPv6 The script in this section shows how to prioritize ICMPv6 traffic over other IPv6 traffic. Create the IPv6 class classicmpv6. (Netgear Switch) (Config)# class-map match-all classicmpv6 ipv6 Chapter 12. DiffServ | 201...
Page 202
ProSafe 7000 Managed Switch Release 8.0.3 Define matching criteria as protocol ICMPv6. (Netgear Switch) (Config-classmap) # match protocol 58 (Netgear Switch) (Config-classmap) # exit Create the policy policyicmpv6. (Netgear Switch) (Config)# policy-map policyicmpv6 in Associate the previously created class classicmpv6.
Page 203
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. b. In the Class Name field, enter classicmpv6. c. In the Class Type list, select All. A screen similar to the following displays. d.
Page 204
ProSafe 7000 Managed Switch Release 8.0.3 b. Click the class classicmpv6. A screen similar to the following displays. c. Select the Protocol Type radio button, select Other, and enter 58. A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. Create the policy policyicmpv6, and associate the previously created class classicmpv6.
Page 205
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Name field, enter policyicmpv6. c. In the Policy Type list, select In. d. In the Member Class list, select classicmpv6. A screen similar to the following displays.
Page 206
ProSafe 7000 Managed Switch Release 8.0.3 b. Click the policy policyicmpv6. A screen similar to the following displays. c. In the Assign Queue list, select 6. d. Click Apply. Attach the policy policyicmpv6 to interfaces 1/0/1,1/0/2 and 1/0/3. 206 | Chapter 12.
Page 207
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. In the Policy Name list, select policyicmpv6. c. Select the Interface 1/0/1, 1/0/2, and 1/0/3 check boxes. A screen similar to the following displays.
Page 209
(Netgear Switch) (Config)#policy-map policy_vlan in (Netgear Switch) (Config-policy-map)#class class_vlan (Netgear Switch) (Config-policy-classmap)#police-simple 1000 64 conform-action transmit violate-action drop (Netgear Switch) (Config-policy-classmap)#conform-color class_color (Netgear Switch) (Config-policy-classmap)#exit (Netgear Switch) (Config-policy-map)#exit Apply this policy to port 1/0/13.
Page 210
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 5. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 13 and 25 until T displays. The T specifies that the egress packet is tagged for the port.
Page 211
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add to create a new class class_vlan. d. Click class_vlan to configure this class. A screen similar to the following displays: e. Under Diffserv Class Configuration, in the VLAN field, enter 5. f.
Page 212
ProSafe 7000 Managed Switch Release 8.0.3 b. Enter the following information: • In the Class Name field, enter class_color. • In the Class Type list, select All. c. Click Add to create a new class class_color. d. Click class_color to configure this class. A screen similar to the following displays: e.
Page 213
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Name field, enter policy_vlan. c. In the Policy Type list, select In. d. Click Add. Associate policy_vlan with class_vlan.
Page 214
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Policy Configuration. Click policy_vlan. A screen similar to the following displays. b. Select the Simple Policy radio button. c. In the Color Mode list, select Color Aware. d.
Page 215
ProSafe 7000 Managed Switch Release 8.0.3 a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. Under Service Interface Configuration, scroll down and select the Interface 1/0/13 check box. c. In the Policy Name list, select policy_vlan. d.
The following are examples of the commands used in the IGMP snooping feature. CLI: Enable IGMP Snooping The following example shows how to enable IGMP snooping. (Netgear Switch) #config (Netgear Switch) (Config)#set ip igmp (Netgear Switch) (Config)#set igmp interfacemode (Netgear Switch) (Config)#exit Chapter 13. IGMP Snooping and Querier...
Click Apply. Show igmpsnooping The example is shown as CLI commands and as a Web interface procedure. CLI: Show igmpsnooping (Netgear Switch) #show igmpsnooping Admin Mode........Disable Unknown Multicast Filtering....Disable Multicast Control Frame Count....0 Interfaces Enabled for IGMP Snooping... None VLANs enabled for IGMP snooping....
Show mac-address-table igmpsnooping The example is shown as CLI commands and as a Web interface procedure. CLI: Show mac-address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? <cr> Press Enter to execute the command. (Netgear Switch) #show mac-address-table igmpsnooping...
This example configures the interface as the one the multicast router is attached to. All IGMP packets snooped by the switch is forwarded to the multicast router reachable from this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter interface Chapter 13. IGMP Snooping and Querier | 219...
This example configures the interface to forward only the snooped IGMP packets that come from VLAN ID (<VLAN Id>) to the multicast router attached to this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter 2 220 | Chapter 13. IGMP Snooping and Querier...
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure the Switch with a Multicast Router Using VLAN Select Switching > Multicast > Multicast Router VLAN Configuration. A screen similar to the following displays. Under Multicast Router VLAN Configuration, scroll down and select the Interface 1/0/3 check box.
ProSafe 7000 Managed Switch Release 8.0.3 respond. With the built-in IGMP querier feature inside the switch, such an external device is no longer needed. Figure 24. IGMP querier Since the IGMP querier is designed to work with IGMP snooping, it is necessary to enable IGMP snooping when using it.
Page 223
(Netgear switch) (vlan)#set igmp querier 1 (Netgear switch) (vlan)#exit (Netgear switch) #config (Netgear switch) (config)#set igmp querier (Netgear switch) (config)#set igmp querier address 10.10.10.1 (Netgear switch) (config)#exit Web Interface: Enable IGMP Querier Select Switching > Multicast > IGMP VLAN Configuration. A screen similar to the following displays.
Page 224
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. Enable the IGMP snooping querier globally. a. Select Switching > Multicast > IGMP Snooping > IGMP VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • For Querier Admin Mode, select the Enable radio button.
The example is shown as CLI commands and as a Web interface procedure. CLI: Show IGMP Querier Status To see the IGMP querier status, use the following command. (Netgear Switch) #show igmpsnooping querier vlan 1 VLAN 1 : IGMP Snooping querier status ---------------------------------------------- IGMP Snooping Querier VLAN Mode....
Security Management In this chapter, examples are provided for the following topics: • Port Security • Set the Dynamic and Static Limit on Port 1/0/1 on page 227 • Convert the Dynamic Address Learned from 1/0/1 to a Static Address on page 229 •...
Enable port-security globally (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security Enable port-security on port 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security max-dynamic 10 Set the dynamic limit to 10 (Netgear Switch) (Interface 1/0/1)#port-security max-static 3 Set the static limit to 3...
Page 228
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Set the Dynamic and Static Limit on Port 1/0/1 Select Security > Traffic Control > Port Security >Port Administrator. A screen similar to the following displays. c. Under Port Security Configuration, next to Port Security Mode, select the Enable radio button.
The example is shown as CLI commands and as a Web interface procedure. CLI: Convert the Dynamic Address Learned from 1/0/1 to the Static Address (Netgear Switch)(Interface 1/0/1)#port-security mac-address move Convert the dynamic address learned from 1/0/1 to the static address (Netgear Switch)(Interface 1/0/1)#exit...
The example is shown as CLI commands and as a Web interface procedure. CLI: Create a Static Address (Netgear Switch) (Interface 1/0/1)#port-security mac-address 00:13:00:01:02:03 Web Interface: Create a Static Address Select Security > Traffic Control > Port Security > Static MAC address. A screen similar to the following displays.
Page 232
(Netgear Switch) (Vlan)#exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/48 (Netgear Switch) (Interface 1/0/48)#vlan pvid 202 (Netgear Switch) (Interface 1/0/48)#vlan participation include 202 (Netgear Switch) (Interface 1/0/48)#exit (Netgear Switch) (Config)#interface vlan 202 (Netgear Switch) (Interface-vlan 202)#routing (Netgear Switch) (Interface-vlan 202)ip address 10.100.5.34 255.255.255.0 (Netgear Switch) (Interface-vlan 202)#exit Create a DHCP pool to allocated IP addresses to PCs.
Page 233
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure a Protected Port to Isolate Ports on the Switch Create a DHCP pool: Note: This example assumes that the DHCP service is enabled. For information about how to enable the DHCP service, see the Web interface procedure in Configure a DHCP Server in Dynamic Mode on page 333.
Page 234
ProSafe 7000 Managed Switch Release 8.0.3 • In the Network Number field, enter 192.168.1.0. • In the Network Mask field, enter 255.255.255.0. • In the Days field, enter 1. • Click Default Router Addresses. The DNS server address fields display. In the first Router Address field, enter 192.168.1.254.
Page 235
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 202. • In the IP Address field, enter 10.100.5.34. •...
Page 236
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b. Under Configure Routes, in the Route Type list, select Default Route. c. In the Next Hop IP Address field, enter 10.100.5.252. d.
Page 238
ProSafe 7000 Managed Switch Release 8.0.3 Use RADIUS to authenticate the dot1x users. (Netgear Switch) (Config)#aaa authentication dot1x default radius Configure a RADIUS authentication server. (Netgear Switch) (Config)#radius server host auth 10.100.5.17 Configure the shared secret between the RADIUS client and the server.
Page 239
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply to save the settings. Assign IP address 192.168.1.1/24 to the interface 1/0/1. a.
Page 240
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/19 check box. Now 1/0/19 appears in the Interface field at the top. c.
Page 241
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Port Authentication > Advanced > Port Authentication. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/19 check box. Now 1/0/19 appears in the Interface field at the top. c.
Page 242
ProSafe 7000 Managed Switch Release 8.0.3 c. In the Secret Configured field, select Yes. d. In the Secret field, enter 123456. e. In the Primary Server field, select Yes. f. In the Message Authenticator field, select Enable. g. Click Add. Enable accounting.
ProSafe 7000 Managed Switch Release 8.0.3 Create a Guest VLAN The guest VLAN feature allows a switch to provide a distinguished service to dot1x unaware clients (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach an external network with no ability to surf the internal LAN Guest 1 RADIUS server...
Page 244
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/24)#exit Create VLAN 2000, and have 1/0/1 and 1/0/24 as members of VLAN 2000.
ProSafe 7000 Managed Switch Release 8.0.3 Enable the guest VLAN on ports 1/0/1 and 1/0/24. (Netgear Switch) #show dot1x detail 1/0/1 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....Idle Quiet Period (secs)......60 Transmit Period (secs)......
Page 246
ProSafe 7000 Managed Switch Release 8.0.3 c. In the VLAN Type field, select Static. d. Click Add. Add ports to VLAN 2000. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 2000 . c.
Page 247
ProSafe 7000 Managed Switch Release 8.0.3 Make sure that 1/0/12 and 1/0/6 are configured as force authorized before you do this step; otherwise you cannot access the switch through the Web Interface. a. Select Security > Port Authentication > Basic > 802.1x Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Management Security > Radius > Server Configuration. A screen similar to the following displays. b. In the Radius Server IP Address field, enter 192.168.0.1. c. In the Secret Configured field, select Yes. d.
Page 249
Create VLAN 2000. (Netgear Switch) #network protocol none Changing protocol mode will reset ip configuration. Are you sure you want to continue? (y/n) y (Netgear Switch) #network parms 192.168.0.5 255.255.255.0 (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) #exit Chapter 14.
Page 250
Enable dot1x authentication on the switch (Netgear Switch) (Config)#dot1x system-auth-control Use the RADIUS as the authenticator. (Netgear Switch) (Config)#aaa authentication dot1x default radius Enable the switch to accept VLAN assignment by the RADIUS server. (Netgear Switch) (Config)#authorization network radius Set the RADIUS server IP address.
Page 251
ProSafe 7000 Managed Switch Release 8.0.3 Show the dot1x detail for 1/0/5. (Netgear Switch) #show dot1x detail 1/0/5 Port........... 1/0/5 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....Idle Quiet Period (secs)......60 Transmit Period (secs)......
Page 252
ProSafe 7000 Managed Switch Release 8.0.3 b. For Current Network Configuration Protocol, select the None radio button. c. In the IP Address field, enter 192.168.0.5. d. In the Subnet Mask field, enter 255.255.255.0. e. Click Apply. Create VLAN 2000. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays.
Page 253
ProSafe 7000 Managed Switch Release 8.0.3 Enable dot1x on the switch. Make sure that 1/0/12 and 1/0/6 are configured as force authorized before you do this step; otherwise, you cannot access the switch through the Web Management Interface. a. Select Security > Port Authentication > Basic > 802.1x Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Management Security > Radius > Server Configuration. A screen similar to the following displays. b. In the Radius Server IP Address field, enter 192.168.0.1. c. In the Secret Configured field, select Yes. d.
Page 255
Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust Chapter 14.
Page 256
86400 Enable ARP inspection in VLAN 1. (Netgear Switch) (Config)# ip arp inspection vlan 1 Now all ARP packets received on ports that are members of the VLAN are copied to the CPU for ARP inspection. If there are trusted ports, you can configure them as trusted in the next step.
Page 257
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 1. c. In the the DHCP Snooping Mode field, select Enable. A screen similar to the following displays.
Page 258
ProSafe 7000 Managed Switch Release 8.0.3 d. Click Apply. A screen similar to the following displays. View the DHCP Snooping Binding table. a. Select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Enable ARP Inspection in VLAN 1. a.
Page 259
ProSafe 7000 Managed Switch Release 8.0.3 c. In the Dynamic ARP Inspection field, select Enable. A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. Now all the ARP packets received on the ports that are member of the VLAN are copied to the CPU for ARP inspection.
00:11:85:ee:54:e9 Configure ARP ACL used for VLAN 1. (Netgear Switch) (Config)# ip arp inspection filter ArpFilter vlan 1 Now the ARP packets from the static client will go through since it has an entry in the ARP. ACL ARP packets from the DHCP client is also through since it has a DHCP snooping entry.
Page 261
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Static Mapping Create an ARP ACL. a. Select Security > Control > Dynamic ARP Inspection > DAI ACL Configuration. b. In the Name field, enter ArpFilter. c. Click Add. A screen similar to the following displays. Configure a rule to allow the static client.
DHCP server DHCP client Figure 30. DHCP Snooping The example is shown as CLI commands and as a Web interface procedure. CLI: Configure DHCP Snooping Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping 262 | Chapter 14. Security Management...
Page 263
ProSafe 7000 Managed Switch Release 8.0.3 Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 264
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b. In the VLAN ID list, select 1. c. For DHCP Snooping Mode, select the Enable radio button. A screen similar to the following displays.
You can also enter the static binding into the binding database. CLI: Enter Static Binding into the Binding Database Enter the DHCP snooping static binding. (Netgear Switch) (Config)# ip dhcp snooping binding 00:11:11:11:11:11 vlan 1 192.168.10 .1 interface 1/0/2 Chapter 14. Security Management...
ProSafe 7000 Managed Switch Release 8.0.3 Check to make sure the binding database has the static entry. (GSM7328S) #show ip dhcp snooping binding Total number of bindings: MAC Address IP Address VLAN Interface Type Lease (Secs) ------------------------ --------------- -------- ----------- ------- ----------- 00:11:11:11:11:11 192.168.10.1...
Page 267
ProSafe 7000 Managed Switch Release 8.0.3 CLI: Configure the Maximum Rate of DHCP Messages Control the maximum rate of DHCP messages. (Netgear Switch) (Interface 1/0/2)# ip dhcp snooping limit rate 5 View the rate configured. (GSM7328S) #show ip dhcp snooping interfaces 1/0/2...
HW address: 00:16:76:A7:88:CC Figure 31. IP Source Guard The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Dynamic ARP Inspection Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping 268 | Chapter 14. Security Management...
Page 269
ProSafe 7000 Managed Switch Release 8.0.3 Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 270
ProSafe 7000 Managed Switch Release 8.0.3 b. For DHCP Snooping Mode, select the Enable radio button. c. Click Apply. Enable DHCP snooping in a VLAN. a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b.
Page 271
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Control > DHCP Snooping Interface Configuration. A screen similar to the following displays. b. Select Interface 1/0/1 check box. c. For interface 1/0/1, in the Trust Mode field, select Enable. d.
Page 272
ProSafe 7000 Managed Switch Release 8.0.3 d. Click Apply. A screen similar to the following displays. Set up IP source guard static binding. a. Select Security > Control > IP Source Guard > Binding Configuration. b. Select the Interface 1/0/2 check box. c.
It supports SNTP client implemented over UDP, which listens on port 123. Show SNTP (CLI Only) The following are examples of the commands used in the SNTP feature. show sntp (Netgear Switch Routing) #show sntp? <cr> Press Enter to execute the command. client Display SNTP Client Information.
The example is shown as CLI commands and as a Web interface procedure. CLI: Configure SNTP NETGEAR switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
Page 276
ProSafe 7000 Managed Switch Release 8.0.3 command to confirm that the time has been received. The time will be used in all logging messages. (Netgear Switch) #show sntp server Server IP Address: 208.14.208.19 Server Type: ipv4 Server Stratum: Server Reference Id: NTP Srv: 208.14.208.3...
Pacific Standard Time (PST), which is 8 hours behind GMT/UTC. (Netgear switch)(config)#clock timezone PST -8 Set the Named SNTP Server The example is shown as CLI commands and as a Web interface procedure.
Page 278
ProSafe 7000 Managed Switch Release 8.0.3 CLI: Set the Named SNTP Server NETGEAR provides SNTP servers accessible by NETGEAR devices. Because NETGEAR might change IP addresses assigned to its time servers, it is best to access an SNTP server by DNS name instead of using a hard-coded IP address. The public time servers available are time-a, time-b, and time-c.
Page 279
ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Management > DNS > DNS Configuration. A screen similar to the following displays. b. Enter the following information: • For DNS Status, select the Enable radio button • In the DNS Server field, enter 192.168.1.1. c.
Tools This chapter provides the following examples: • Traceroute • Configuration Scripting on page 282 • Pre-Login Banner on page 285 • Port Mirroring on page 286 • Dual Image on page 287 • Outbound Telnet on page 290 Traceroute This section describes the traceroute feature.
Page 281
ProSafe 7000 Managed Switch Release 8.0.3 CLI: Traceroute (Netgear Switch) #traceroute? <ipaddr> Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? <cr> Press Enter to execute the command. <port> Enter port no. (Netgear Switch) #traceroute 216.109.118.74 racing route over a maximum of 20 hops 10.254.24.1...
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Traceroute Select Maintenance > Troubleshooting > Traceroute. A screen similar to the following displays. Use this screen to tell the switch to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. Once you click the Apply button, the switch will send three traceroute packets each hop, and the results will be displayed in the result table.
Page 283
Configuration Script Name Size(Bytes) ------------------------- ----------- basic.scr running-config.scr 3201 2 configuration script(s) found. 1020706 bytes free. (Netgear Switch) #script delete basic.scr Are you sure you want to delete the configuration script(s)? (y/n) y 1 configuration script(s) deleted. Chapter 16. Tools | 283...
Page 284
Configuration Script Name Size(Bytes) ------------------------- ---------- running-config.scr 3201 1 configuration script(s) found. 1020799 bytes free. Upload a Configuration Script (Netgear Switch) #copy nvram: script running-config.scr tftp://192.168.77.52/running-config.scr Mode......TFTP Set TFTP Server IP... 192.168.77.52 TFTP Path....TFTP Filename....running-config.scr Data Type....
On your PC, using Notepad create a banner.txt file that contains the banner to be displayed. Login Banner - Unauthorized access is punishable by law. Transfer the file from the PC to the switch using TFTP. (Netgear Switch Routing) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode........... TFTP Set TFTP Server IP......192.168.77.52 TFTP Path......../ TFTP Filename........
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Specify the Source (Mirrored) Ports and Destination (Probe) Select Monitoring > Mirroring > Port Mirroring. A screen similar to the following displays. Scroll down and select the Source Port 1/0/2 check box. The value 1/0/2 now appears in the Interface field at the top.
Page 288
Such cases will require user intervention to correct the problem, by using appropriate stacking commands. CLI: Download a Backup Image and Make It Active (Netgear Switch) #copy tftp://192.168.0.1/gsm73xxseps.stk image2 Mode........... TFTP Set Server IP........192.168.0.1 Path...........
Page 289
-------------------------------------------------------------------- 5.11.2.51 8.0.0.2 image1 image1 (Netgear Switch) #boot system image2 Activating image image2 .. (Netgear Switch) #show bootvar Image Descriptions image1 : default image image2 : Images currently available on Flash -------------------------------------------------------------------- unit image1 image2...
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Maintenance > File Management > Dual Image Configuration. A screen similar to the following displays. b. Under Dual Image Configuration, scroll down and select the Image 2 check box. The image2 now appears in the Image name field at the top. c.
Syslog This chapter provides the following examples: • Show Logging on page 295 • Show Logging Buffered on page 297 • Show Logging Traplogs on page 298 • Show Logging Hosts on page 299 • Configure Logging for a Port on page 300 The syslog feature: •...
ProSafe 7000 Managed Switch Release 8.0.3 Show Logging The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging (Netgear Switch Routing) #show logging Logging Client Local Port CLI Command Logging disabled Console Logging disabled...
Page 296
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Monitoring > Logs > Command Log. b. Under Command Log, for Admin Status, select the Disable radio button. c. Click Apply. Configure the console log. a. Select Monitoring > Logs > Console Log. b.
Show Logging Buffered The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging Buffered (Netgear Switch Routing) #show logging buffered ? <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging buffered...
Select Monitoring > Logs > Buffer Logs. A screen similar to the following displays. Show Logging Traplogs The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging Traplogs (Netgear Switch Routing) #show logging traplogs <cr> Press Enter to execute the command.
Show Logging Hosts The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging Hosts (Netgear Switch Routing) #show logging hosts ? <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging hosts...
Switch Stacks This chapter describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches running release 4.x.x.x or newer. This chapter includes the following topics: • Switch Stack Management and Connectivity • The Stack Master and Stack Members on page 303 •...
ProSafe 7000 Managed Switch Release 8.0.3 The Stack Master and Stack Members A switch stack is a set of up to 8 switches connected through their stacking ports. The switch that controls the operation of the stack is the stack master. The stack master and the other switches in the stack are stack members.
The switch with the highest stack member priority value. Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs.
Many switch models such as the GSM7200PS and GSM7300S series have a Hardware Installation Guide that includes additional information about rack mounting and stack cabling. Compatible Switch Models NETGEAR stackable managed switches include the following models: • FSM7226RS • FSM7250RS •...
ProSafe 7000 Managed Switch Release 8.0.3 Install a Switch Stack Note: Many models of switches have a Hardware Installation Guide that includes additional information about rack mounting and switch stack cabling. Install the switches in a rack. Install all stacking cables, including the redundant stack link. It is highly recommended that a redundant link be installed.
NETGEAR recommends that you schedule the firmware upgrade when there is no excessive network traffic (such as a broadcast event). Download new firmware using TFTP or xmodem to the master switch using the copy command.
ProSafe 7000 Managed Switch Release 8.0.3 Continue with the boot of operational code. Once the stack is up, download the saved configuration back to the master. This configuration should then be automatically propagated to all members of the stack. Copy Master Firmware to a Stack Member (Web Interface) Select System >...
Page 309
(stack) Stack Stack Link Down (Netgear Switch) #config (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 ethernet (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #reload Are you sure you want to reload the stack? (y/n) y After Switch A reboots:...
Page 310
ProSafe 7000 Managed Switch Release 8.0.3 After Switch B reboots: (Netgear Switch) #show port 2/0/28 Admin Physical Physical Link Link LACP Actor Intf Type Mode Mode Status Status Trap Mode Timeout ------ ----- ------- -------- --------- ------ ------- ------ ------...
ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Stacking > Advanced > Stack Port Configuration. A screen similar to the following displays. b. Under Stack Port Configuration, scroll down and select the 1/0/51 check box. c. In the Configured Stack Mode list, select Ethernet. d.
Page 312
Ethernet Ethernet Link Down Since 2/0/28 is in Ethernet mode, it must be changed to stack mode. (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 stack (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config) Reboot Switch B. (Netgear Switch) #reload Management switch has unsaved changes.
Page 313
ProSafe 7000 Managed Switch Release 8.0.3 On Switch A, you see the following: (Netgear Switch) #show switch Management Standby Preconfig Plugged-in Switch Code Switch Status Model ID Model ID Status Version --- ---------- -------- ----------- ----------- --------- ----------- Mgmt Sw...
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Maintenance > Reset > Device Reboot. A screen similar to the following displays. b. In the Reboot Unit No. list, select 2. c. Click Apply. Add, Remove, or Replace a Stack Member Add Switches to an Operating Stack Make sure the redundant stack connection is in place and functional.
Page 315
ProSafe 7000 Managed Switch Release 8.0.3 Connect this cable to the new switch, following the established order of stack-up to stack-down connections. Power up the new switches one by one. Verify, by monitoring the master switch console port, that the new switch joins the stack by issuing the show switch command. The new switch should join as a member (never as master;...
ProSafe 7000 Managed Switch Release 8.0.3 Install the new switch in the rack: • If you are installing the same model switch, put it in the same position in the stack as the one that you just removed. • If you are installing a different model switch you can either put it in the same position as the previous switch, or at the bottom of the stack.
ProSafe 7000 Managed Switch Release 8.0.3 Table 1. Switch Stack Master Scenarios (Continued) Scenario Action Result Stack master election specifically Assuming that both stack members The stack member with the higher determined by the MAC address. have the same priority value and MAC address is elected stack firmware image, restart both stack master.
• If specific numbering is required, NETGEAR recommends that you assign stack members their numbers when they are first installed and configured in the stack, if possible. •...
Page 319
If you need to reassign multiple existing stack unit numbers, the configuration could become mismatched. To avoid this situation, NETGEAR recommends that you power down all switches except the master, and then add them back one at a time using the...
Make sure that you can log in on the console attached to the new master. Use the show switch command to verify that all units rejoined the stack. NETGEAR recommends that you rest the stack with the reload command after moving the master.
Time-Based Sampling of Counters with sFlow on page 329 Add a New Community The example is shown as CLI commands and as a Web interface procedure. CLI: Add a New Community (Netgear switch) #config (Netgear switch) (Config)#snmp-server community rw public@4 Chapter 19. SNMP | 321...
CLI: Enable SNMP Trap This example shows how to send SNMP trap to the SNMP server. (Netgear switch) #config (Netgear switch) (Config)# snmptrap public 10.100.5.17 Enable send trap to SNMP server 10.100.5.17 (Netgear switch) (Config)#snmp-server traps linkmode Enable send link status to the SNMP server when link status changes.
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Enable SNMP Trap Enable SNMP trap for the server 10.100.5.17. a. Select System > SNMP > SNMP V1/V2 > Trap Configuration. A screen similar to the following displays. b. In the Community Name field, enter public. c.
Page 324
“12345678” (Netgear Switch) (Config)#users snmpv3 authentication admin md5 Set the authentication mode to md5 (Netgear Switch) (Config)#users snmpv3 encryption admin des 12345678 Set the encryption mode to des and the key is “12345678” Web Interface: Configure SNMP V3 Change the user password.
ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Management > User Configuration. A screen similar to the following displays. b. In the User Name field, select the admin. c. For Authentication Protocol, select the MD5 radio button. d. For Encryption Protocol, select the DES radio button. e.
Page 326
Configure the sFlow receiver timeout. Here sFlow samples will be sent to this receiver for the duration of 31536000 seconds. That is approximately 1 year. (Netgear Switch) (Config)# sflow receiver 1 owner NetMonitor timeout 31536000 326 | Chapter 19. SNMP...
Page 327
You need to repeat these for all the ports to be sampled. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow sampler 1 (Netgear Switch) (Interface 1/0/1)# sflow sampler rate 1024 (Netgear Switch) (Interface 1/0/1)# sflow sampler maxheadersize 64 View the sampling port configurations.
Page 328
ProSafe 7000 Managed Switch Release 8.0.3 In the Receiver Address field, enter 192.168.10.2. A screen similar to the following displays. f. Click Apply. A screen similar to the following displays. Configure the sampling ports sFlow receiver index, sampling rate, and sampling maximum header size.
Configure the sampling port sFlow receiver index, and polling interval. You need to repeat this for all the ports to be polled. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow poller 1 (Netgear Switch) (Interface 1/0/1)# sflow poller interval View the polling port configurations.
DNS servers) and to resolve an IP address using the DNS server. The example is shown as CLI commands and as a Web interface procedure. CLI: Specify Two DNS Servers (Netgear Switch)#config (Netgear Switch) (Config)#ip name-server 12.7.210.170 219.141.140.10 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#exit (Netgear Switch)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.46...
IP address. The example is shown as CLI commands and as a Web interface procedure. CLI: Manually Add a Host Name and an IP Address (Netgear Switch)#config (Netgear Switch) (Config)#ip host www.netgear.com 206.82.202.46 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.46 Chapter 20.
Page 332
Select System > Management > DNS > Host Configuration. A screen similar to the following displays. Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www.netgear.com. • In the IP Address field, enter 206.82.202.46. Click Add.
Page 334
ProSafe 7000 Managed Switch Release 8.0.3 Note: If there is no DHCP L3 relay between client PC and DHCP server, there must be an active route whose subnet is the same as the DHCP dynamic pool’s subnet. Web Interface: Configure a DHCP Server in Dynamic Mode Create VLAN 200.
Page 335
ProSafe 7000 Managed Switch Release 8.0.3 d. Click the gray boxes under ports 1 and 24 until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply. Assign PVID to the VLAN 200. a.
ProSafe 7000 Managed Switch Release 8.0.3 d. Select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. e. Under DHCP Pool Configuration, enter the following information: • In the Pool Name list, select Create. •...
Page 338
ProSafe 7000 Managed Switch Release 8.0.3 Select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Under DHCP Pool Configuration, enter the following information: • In the Pool Name list, select Create. •...
Double VLANs and Private VLAN Groups This chapter includes the following examples: • Double VLANs • Private VLAN Groups on page 343 Double VLANs This section describes how to enable the double DVLAN feature. Double VLANs pass traffic from one customer domain to another through the metro core. Custom VLAN IDs are preserved and a provider service VLAN ID is added to the traffic so the traffic can pass the metro core in a simple and cost-effective manner.
Page 340
1/0/24. This example assumes there is a Layer 2 switch connecting all these devices in your domain. The Layer 2 switch tags the packet going to the NETGEAR switch port 1/0/24. The example is shown as CLI commands and as a Web interface procedure.
Page 341
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Under VLAN Configuration, enter the following information: • In the VLAN ID field, enter 200. • In the VLAN Name field, enter vlan200.
Page 342
ProSafe 7000 Managed Switch Release 8.0.3 • Click the gray box under port 48 once until T displays. The T specifies that the egress packet is tagged for the port. d. Click Apply to save the settings. Change the port VLAN ID (PVID) of port 24 to 200: a.
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > Port DVLAN Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/48 check box. Now 1/0/48 appears in the Interface field at the top. c.
Page 344
ProSafe 7000 Managed Switch Release 8.0.3 The following example creates two groups. Group 1 is in community mode, and Group 2 is in isolated mode. Internet Port 1/0/13 Layer 2 Switch Port 1/0/6 Port 1/0/17 Port 1/0/7 Port 1/0/16 Group 1 Group 2 Figure 2.
Page 345
(Netgear Switch) (Interface 1/0/17)#exit Create a VLAN 200 and include 1/0/6,1/0/7, 1/0/16, and 1/0/17. (Netgear Switch) (Config)# (Netgear Switch) (Config)#private-group name group1 1 mode community Create a private group in community mode. (Netgear Switch) (Config)#private-group name group2 2 mode isolated Create a private group in isolated mode.
Page 346
ProSafe 7000 Managed Switch Release 8.0.3 Add 1/0/16 and 1/0/7 to the private group 1. (Netgear Switch) (Config)#interface range 1/0/16-1/0/17 (Netgear Switch) (conf-if-range-1/0/16-1/0/17)#switchport private-group 2 Add 1/0/16 and 1/0/7 to the private group 2. (Netgear Switch) (conf-if-range-1/0/16-1/0/17)#exit Web Interface: Create a Private VLAN Group Create VLAN 200.
Page 347
ProSafe 7000 Managed Switch Release 8.0.3 b. Under VLAN Membership, in the VLAN ID list, select 200. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 6, 7, 16 and 17 until U displays. The U specifies that the egress packet is untagged for the port.
Page 348
ProSafe 7000 Managed Switch Release 8.0.3 e. Click Add. Add port 6 and 7 to group1. a. Select Security > Traffic Control > Private Group VLAN >Private Group Membership. A screen similar to the following displays. b. In the Group ID list, select 1. c.
Page 349
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Traffic Control > Private Group VLAN > Private Group VLAN > Private Group Membership. A screen similar to the following displays. b. In the Group ID list, select 2. c. Click Unit 2. The ports display. d.
The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Classic STP (802.1d) (Netgear Switch) (Config)# spanning-tree (Netgear Switch) (Config)# spanning-tree forceversion 802.1d (Netgear switch) (Interface 1/0/3)# spanning-tree port mode Chapter 23. Spanning Tree Protocol | 350...
Page 351
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Classic STP (802.1d) Enable 802.1d on the switch. a. Select Switching > STP > STP Configuration. A screen similar to the following displays. b. Enter the following information: • For Spanning Tree Admin Mode, select the Enable radio button. •...
CLI: Configure Rapid STP (802.1w) (Netgear switch) (Config)# spanning-tree (Netgear switch) (Config)# spanning-tree forceversion 802.1w (Netgear switch) (Interface 1/0/3)# spanning-tree port mode Web Interface: Configure Rapid STP (802.1w) Enable 802.1w on the switch: a. Select Switching > STP > STP Configuration. A screen similar to the following displays.
(Netgear switch) (Config)# spanning-tree mst vlan 2 12 Associate the mst instance 2 with the VLAN 11 and 12 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 port-priority 128 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 cost 0 Chapter 23. Spanning Tree Protocol...
Page 354
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure Multiple STP (802.1s) Enable 802.1s on the switch. a. Select Switching > STP > STP Configuration. A screen similar to the following displays. b. Enter the following information: • For Spanning Tree Admin Mode, select the Enable radio button. •...
Page 355
ProSafe 7000 Managed Switch Release 8.0.3 • In the VLAN Id field, enter 2. • Click Add. • In the VLAN Id field, enter 3. • Click Apply. c. Configure MST ID 2. • In the MST ID field, enter 2. •...
Tunnel There are two methods for Pv6 sites to communicate with each other over the IPv4 network: 6in4 tunnel and 6to4 tunnel. The 6in4 tunnel encapsulates IPv6 traffic over an explicitly configured IPv4 destination or end port of the tunnel with the IP protocol number set to 41. The 6to4 tunnel IPv6 prefix is constructed by prepending 2002 (hex) to the global IPv4 address.
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Create a Tunnel Configure Switch GSM7328S_1 Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 360
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Port 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. •...
Page 361
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. In the Interface list, select 0/7/1. c. In the IPv6 Prefix field, enter 2000::1. d. In the Length field, enter 64. e.
Page 362
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Basic > Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. For IPv6 Forwarding, select the Enable radio button. d.
Page 363
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Tunnel Configuration. A screen similar to the following displays. b. In the Tunnel Id list, select 0. c. In the Mode list, select 6-in-4-configured. d. In the Source Address field, enter 192.168.1.2. e.
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Interface Configuration. A screen similar to the following displays. b. Under IPv6 Interface Configuration, scroll down and select the Interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. c.
Page 367
To access the switch over an IPv6 network you must first configure it with IPv6 information (IPv6 prefix, prefix length, and default gateway). CLI: Configure the IPv6 Network Interface (Netgear Switch) #network ipv6 enable (Netgear Switch) #network ipv6 address 2001:1::1/64 (Netgear Switch) #network ipv6 gateway 2001:1::2 (Netgear Switch) #show network Interface Status....... Always Up IP Address........
Page 369
Assign IPv6 address 2000::1/64 to VLAN 500 and enable IPv6 routing. (Netgear Switch) (Config)#interface vlan 0/4/1 (Netgear Switch) (Interface 0/4/1)#routing (Netgear Switch) (Interface 0/4/1)#ipv6 enable (Netgear Switch) (Interface 0/4/1)#ipv6 address 2000::1/64 (Netgear Switch) (Interface 0/4/1)#exit Enable IPV6 forwarding and unicast routing on the switch. (Netgear Switch) (Config)#ipv6 forwarding...
Page 370
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Create an IPv6 VLAN Routing Interface Create VLAN 500. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 500. c.
Page 371
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b. Under PVID Configuration, scroll down and select the Interface 1/0/1 check box. c. In the PVID (1 to 4093) field, enter 500. d.
Page 372
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Interface Configuration. A screen similar to the following displays. b. Click VLANS. The logical VLAN interface 0/4/2 displays. c. Select the 0/4/2 check box. d. Under IPv6 Interface Configuration, in the IPv6 Mode field, select Enable. e.
Protocol-Independent-Multicast This chapter provides the following examples: • PIM-DM • PIM-SM on page 397 Note: The PIM protocol can be configured to operate on IPv4 and IPv6 networks. Separate CLI commands are provided for IPv4 and IPv6 operation; however, most configuration options are common to both protocols.
Page 374
ProSafe 7000 Managed Switch Release 8.0.3 Source IP 192.168.1.1 Port 1/0/13 Port 1/0/9 Port 1/0/10 Switch A Switch B Subnet 192.168.3.0/24 Port Port 1/0/1 1/0/11 Port Port 1/0/21 1/0/21 Subnet 192.168.6.0/24 Switch D Switch C Port 1/0/22 Port 1/0/22 Port 1/0/24 Host IP 192.168.4.2...
Page 375
Enable IP multicast forwarding on the switch. (Netgear Switch) (Config)#ip multicast Enable RIP to build the unicast IP routing table. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#ip rip Chapter 26. PIM | 375...
Page 379
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure PIM-DM PIM-DM on Switch A Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 380
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/9 check box. Now 1/0/9 appears in the Port field at the top.
Page 381
ProSafe 7000 Managed Switch Release 8.0.3 • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Enable RIP on the interface 1/0/1. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays.
Page 382
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/13 . c. For RIP Admin Mode, select the Enable radio button. d.
Page 383
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM on interfaces 1/0/1,1/0/9, and 1/0/13. Select Routing >...
Page 384
ProSafe 7000 Managed Switch Release 8.0.3 PIM-SM on Switch B: Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 385
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Port 1/0/11 check box. Now 1/0/11 appears in the Port field at the top. c.
Page 386
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/11. c. For RIP Admin Mode, select the Enable radio button. d.
Page 387
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. Click Apply. Enable PIM-SM on interfaces 1/0/10 and 1/0/11. a.
Page 388
ProSafe 7000 Managed Switch Release 8.0.3 PIM-SM on Switch C Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 389
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/22 appears in the Port field at the top.
Page 390
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. For RIP Admin Mode, select the Enable radio button. d.
Page 391
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM on interfaces 1/0/21 and 1/0/22. a.
Page 392
ProSafe 7000 Managed Switch Release 8.0.3 PIM-DM on Switch D: Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 393
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/22 appears in the Interface field at the top. c.
Page 394
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select t 1/0/21. c. For RIP Admin Mode, select the Enable radio button. d.
Page 395
ProSafe 7000 Managed Switch Release 8.0.3 d. Click Apply. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM globally. a.
Page 396
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21, 1/0/22, and 1/0/24 check boxes. c. In the Admin Mode field, select Enable. d.
ProSafe 7000 Managed Switch Release 8.0.3 b. Scroll down and select the interface 1/0/24 check box. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. PIM-SM Protocol-independent multicast sparse mode (PIM-SM) is used to efficiently route multicast traffic to multicast groups that can span wide area networks where bandwidth is a constraint.
Page 398
Enable IP multicast forwarding on the switch. (Netgear Switch) (Config)#ip multicast Enable RIP to build a unicast IP routing table (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#ip rip 398 | Chapter 26. PIM...
Page 399
(Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimsm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip pimsm rp-candidate interface 1/0/11 225.1.1.1 255.255.255.0 Enable the switch to announce its candidacy as a bootstrap router (BSR). (Netgear Switch) (Config)#ip pimsm bsr-candidate interface 1/0/10 30...
Page 402
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure PIM-SM PIM-SM on Switch A Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 403
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/9 check box. Now 1/0/9 appears in the Interface field at the top. c.
Page 404
ProSafe 7000 Managed Switch Release 8.0.3 • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Enable RIP on interface 1/0/1. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays.
Page 405
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. Select 1/0/13 in the Interface field. c. For RIP Admin Mode, select the Enable radio button. d.
Page 406
ProSafe 7000 Managed Switch Release 8.0.3 b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-SM on interfaces 1/0/1,1/0/9, and 1/0/13. a. Select Routing > Multicast > PIM-SM > Interface Configuration. A screen similar to the following displays. b.
Page 407
ProSafe 7000 Managed Switch Release 8.0.3 PIM-SM on Switch B: Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 408
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/11 check box. Now 1/0/11 appears in the Port field at the top.
Page 409
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/11. c. For RIP Admin Mode, select the Enable radio button. d.
Page 410
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-SM on interfaces 1/0/10 and 1/0/11. a.
Page 411
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > Candidate RP Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/11. c. In the Group IP field, enter 225.1.1.1. d. In the Group Mask field, enter 255.255.255.0. Click Add.
Page 412
ProSafe 7000 Managed Switch Release 8.0.3 PIM-SM on Switch C: Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 413
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the 1/0/22 check box. Now 1/0/22 appears in the Interface field at the top. c.
Page 414
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. For RIP Admin Mode, select the Enable radio button. d.
Page 415
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-SM on interfaces 1/0/21 and 1/0/22. a.
Page 416
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > Candidate RP Configuration. A screen similar to the following displays. b. In the Interface list, welect 1/0/22. c. In the Group IP field, enter 225.1.1.1. d. In the Group Mask field, enter 255.255.255.0. e.
Page 417
ProSafe 7000 Managed Switch Release 8.0.3 e. Click Apply. PIM-SM on Switch D Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 418
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/22 appears in the Port field at the top.
Page 419
ProSafe 7000 Managed Switch Release 8.0.3 Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/21. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. Enable RIP on interface 1/0/22.
Page 420
ProSafe 7000 Managed Switch Release 8.0.3 d. Click Apply. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-SM globally. a.
Page 421
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21, 1/0/22, and 1/0/24 check boxes. c. In the Admin Mode field, select Enable. d.
Page 422
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-SM > BSR Candidate Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. In the Hash Mask Length field, enter 30. d.
Page 423
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > IGMP > Interface Configuration. A screen similar to the following displays. b. Under IGMP Routing Interface Configuration, scroll down and select the Interface 1/0/24 check box. c. In the Admin Mode field, select Enable. d.
DHCP L2 Relay and L3 Relay This chapter includes the following sections: • DHCP L2 Relay • DHCP L3 Relay on page 430 • Confige a DHCP L3 Relay on page 434 DHCP L2 Relay DHCP relay agents eliminate the need to have a DHCP server on each physical network. Relay agents populate the giaddr field and also append the Relay Agent Information option to the DHCP messages.
Page 425
Enable the Option 82 Circuit ID field. (Netgear Switch) (Config)#dhcp l2relay circuit-id vlan 200 Enable the Option 82 Remote ID field. (Netgear Switch) (Config)#dhcp l2relay remote-id rem_id vlan 200 Enable DHCP L2 relay on port 1/0/4. (Netgear Switch) (Config)#interface 1/0/4...
Page 426
(Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)# dhcp l2relay (Netgear Switch) (Interface 1/0/5)# vlan pvid 200 (Netgear Switch) (Interface 1/0/5)# vlan participation include 200 (Netgear Switch) (Interface 1/0/5)# exit Enable DHCP L2 relay on port 1/0/6. (Netgear Switch) (Config)#interface 1/0/6 (Netgear Switch) (Interface 1/0/6)# dhcp l2relay Trust packets with option 82 received on port 1/0/6.
Page 427
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID field, select 200. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 4, 5, and 6 until U displays. The U specifies that the egress packet is untagged for the port.
Page 428
ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Services > DHCP L2 Relay > DHCP L2 Relay Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Scroll down and select the VLAN ID 200 check box. d.
Page 429
ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Services > DHCP L2 Relay > DHCP L2 Relay Interface Configuration. A screen similar to the following displays. b. Under DHCP L2 Relay Configuration, scroll down and select the Interface 1/0/6 check box.
ProSafe 7000 Managed Switch Release 8.0.3 DHCP L3 Relay This example shows how to configure a DHCP L3 relay on a NETGEAR switch and how to configure DHCP pool to assign IP addresses to DHCP clients using DHCP L3 relay.
Page 431
Create a routing interface and enable RIP on it so that the DHCP server learns the route 10.200.1.0/24 from the DHCP L3 relay. (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 10.100.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/3)#ip rip (Netgear Switch) (Interface 1/0/3)#exit Create a DHCP pool.
Page 432
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the 1/0/3 check box. c. In the IP Address field, enter 10.100.1.1. d.
Page 433
ProSafe 7000 Managed Switch Release 8.0.3 a. Select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. In the IP Range From field, enter 10.200.1.1. d.
Create a routing interface and enable RIP on it. (Netgear Switch) (Config)# (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#routing (Netgear Switch) (Interface 1/0/4)#ip address 10.100.1.2 255.255.255.0 (Netgear Switch) (Interface 1/0/4)#ip rip (Netgear Switch) (Interface 1/0/4)#exit Create a routing interface connecting to the client.
Page 435
ProSafe 7000 Managed Switch Release 8.0.3 Redistribute 10.200.1.0/24 to the RIP such that RIP adviertises this route to the DHCP server. (Netgear Switch) (Config)# (Netgear Switch) (Config)#router rip (Netgear Switch) (Config-router)#redistribute connected (Netgear Switch) (Config-router)#exit Web Interface: Configure a DHCP L3 Relay Enable routing mode on the switch.
Page 436
ProSafe 7000 Managed Switch Release 8.0.3 f. Click Apply to save the settings. Enable RIP on interface 1/0/4. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/4. c.
Page 437
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > RIP > Advanced > Route Redistribution. A screen similar to the following displays. b. In the Source field, select Connected. c. In the Redistribute Mode field, select Enable. d. Click Apply to save the settings. Enable DHCP L3 relay.
Multicast Listener Discovery This chapter provides the following examples: • Configure MLD on page 439 • MLD Snooping on page 452 Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover multicast listeners, the nodes that are configured to receive multicast data packets, on its directly attached interfaces.
Page 442
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. Enable IPv6 unicast routing on the switch. a.
Page 443
ProSafe 7000 Managed Switch Release 8.0.3 b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. Enter the following information: • In the IPv6 Mode field, select Enable. • In the Routing Mode field, select Enable. • In the Admin Mode field, select Enable.
Page 444
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. Select Interface 1/0/13. c. Enter the following information: • In the IPv6 Prefix field, enter 2001:2::1. •...
Page 445
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPFv3 > Advanced > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. In the Admin Mode field, select Enable. d.
Page 446
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM on interfaces 1/0/1 and 1/0/13. a.
Page 447
ProSafe 7000 Managed Switch Release 8.0.3 d. Click Apply to save the settings. MLD on Switch B Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b.
Page 448
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IPv6 > Advanced > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21 and 1/0/24 check boxes. c. Enter the following information: •...
Page 449
ProSafe 7000 Managed Switch Release 8.0.3 Assign an IPv6 address to 1/0/24. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. Under IPv6 Interface Selection, in the Interface field, select 1/0/24 . c.
Page 450
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > OSPFv3 > Advanced > Interface Configuration. A screen similar to the following displays. b. Under OSPFv3 Interface Configuration, scroll down and select the Interface 1/0/21 and 1/0/24 check boxes. c. In the OSPFv3 Interface Configuration, in the Admin Mode field, select Enable. d.
Page 451
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > PIM-DM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM on interfaces 1/0/21 and 1/0/24. a.
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > MLD > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable MLD on interface 1/0/24. a.
Page 454
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure MLD Snooping Create VLAN 300. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 300. c. Click Add. Assign all of the ports to VLAN 300.
Page 455
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 and 1/0/24 check boxes. c. In the PVID (1 to 4093) field, enter 300. d.
Page 456
ProSafe 7000 Managed Switch Release 8.0.3 b. Enter the following information: • In the VLAN ID field, enter 300. • In the Admin Mode field, select Enable. Click Add. 456 | Chapter 28. MLD...
DVMRP Distance Vector Multicast Routing Protocol The DVMRP is used for multicasting over IP networks without routing protocols to support multicast. The DVMRP is based on the RIP protocol but more complicated than RIP. DVRMP maintains a link-state database to keep track of the return paths to the source of multicast packages.
Page 459
(Netgear Switch) (Interface 1/0/13)#ip dvmrp (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#ip dvmrp (Netgear Switch) (Interface 1/0/21)#exit (Netgear Switch) #show ip dvmrp neighbor Interface ........1/0/13 Neighbor IP Address ......192.168.2.2 State ......... Active Up Time (hh:mm:ss) ......00:02:40 Expiry Time (hh:mm:ss) ......
Page 460
ProSafe 7000 Managed Switch Release 8.0.3 (Netgear Switch) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ------------- ------------ ---------- --------- --------------- 192.168.1.2 225.0.0.1 DVMRP 1/0/1 1/0/21 DVRMP on Switch B Create routing ports 1/0/13 and 1/0/20.
Page 461
Minor Version ......... 255 Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP...
Page 463
More Entries or quit(q) Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP...
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure DVMRP DVMRP on Switch A Enable IP routing on the switch. a. Select Routing > IP > Basic >IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 465
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/13 check box. Now 1/0/13 appears in the Port field at the top.
Page 466
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP > Global Configuration. A screen similar to the following displays.
Page 467
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > DVMRP > Interface Configuration. A screen similar to the following displays. b. Scroll down select the Interface 1/0/1, 1/0/13, and 1/0/21 check boxes. c. In the Interface Mode field, select 300. d.
Page 468
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/13 check box. Now 1/0/13 appears in the Port field at the top.
Page 469
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP> Global Configuration. A screen similar to the following displays.
Page 470
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > DVMRP > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/13 and 1/0/20 check boxes. c. In the Interface Mode field, select Enable. d.
Page 471
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/11 check box. Now 1/0/11 appears in the Port field at the top.
Page 472
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/24 check box. Now 1/0/24 appears in the Port field at the top.
Page 473
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > DVMRP > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable DVMRP on the interface. a.
Page 474
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Routing > Multicast > IGMP > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable IGMP on the interface. a.
Captive Portal This chapter includes the following sections: • Captive Portal Configuration on page 476 • Enable Captive Portal on page 476 • Client Access, Authentication, and Control on page 478 • Block a Captive Portal Instance on page 479 •...
An interface can only be a physical port on the switch. Software release 8.0 and newer versions can contain up to 10 captive portal configurations. Enable Captive Portal CLI: Enable Captive Portal Enable captive portal on the switch. (Netgear Switch) (config)#captive-portal (Netgear Switch) (Config-CP)#enable 476 | Chapter 30. Captive Portal...
Page 477
(Netgear Switch) (Config-CP)#configuration 1 (Netgear Switch) (Config-CP 1)#enable Enable captive portal instance 1 on port 1/0/1. (Netgear Switch) (Config-CP 1)#interface 1/0/1 Web Interface: Enable Captive Portal Enable captive portal on the switch. a. Select Security > Control > Captive Portal > CP Global Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Release 8.0.3 a. Select Security > Control > Captive Portal > CP Configuration. A screen similar to the following displays. b. Scroll down and select the CP 1 check box. Now CP 1 appears in the CP ID field at the top.
Block a Captive Portal Instance CLI: Block a Captive Portal Instance (Netgear Switch)(Config-CP 1)#block Web Interface: Block a Captive Portal Instance Select Security > Control > Captive Portal > CP Configuration. A screen similar to the following displays.
Page 480
(Netgear Switch) #config (Netgear Switch) (config)#captive-portal (Netgear Switch)(Config-CP)# user group 2 Create a user whose name is user1. (Netgear Switch) (Config-CP)#user 2 name user1 Configure the user’s password. (Netgear Switch) (Config-CP)#user 2 password Enter password (8 to 64 characters): 12345678 Re-enter password: 12345678 Add the user to the group.
ProSafe 7000 Managed Switch Release 8.0.3 c. Click Add. Create a user. a. Select Security > Control > Captive Portal > CP User Configuration. A screen similar to the following displays. b. Enter the following information: • In the User ID Field, enter 2. •...
Page 482
If the attribute is 0 or not present, then use the value configured for the captive portal. CLI: Configure RADIUS as the Verification Mode (Netgear Switch) (Config-CP 1)#radius-auth-server Default-RADIUS-Server (Netgear Switch) (Config-CP 1)#verification radius 482 | Chapter 30. Captive Portal...
ProSafe 7000 Managed Switch Release 8.0.3 Web Interface: Configure RADIUS as the Verification Mode Select Security > Control > Captive Portal > CP Configuration. A screen similar to the following displays. Scroll down and select the CP 1 check box. Now CP 1 appears in the CP ID field at the top. Enter the following information: •...