Table of Contents
Advertisement
Advertisement
Table of Contents
Related Manuals for NETGEAR GS724Tv4
Summary of Contents for NETGEAR GS724Tv4
- Page 1 Netgear GS724Tv4 Smart switch A Tutorial on Use Ross Maloney 4 October 2015...
-
Page 2: Table Of Contents
Contents 1 First steps Necessary networking background ....... . Switch hardware ......... . Buttons to reset the switch . - Page 3 CONTENTS Divided LAN sharing one Internet connection ......Ensuring only known devices can use a network ......2.6.1 Security designed to give specific devices access to given devices .
-
Page 4: First Steps
Chapter First steps This document is not a definative User Guide for the Netgear GS724Tv4 smart switch. It grow out of the observed lack of a User Guide as opposed to a number of good Reference Manuals. Those manuals showed how to perform operations on the switch but not the reason why they could be performed. The why is approached here by posing a problem, or an example situation, and then configuring the switch... -
Page 5: Switch Hardware
But each network protocol addressing scheme needs to be converted to, and from, a MAC address. The GS724Tv4 switch uses TCP/IP network addressing. In this work IPv4 network addressing only will be used. The same techniques shown here also apply to IPv6. - Page 6 1.3. Buttons to reset the switch To determine the actual behaviour of the Reset and Factory Defaults buttons, a series of trials were performed. The results of those trial are contained in Table 1.1. Important to note: The address of the switch does not answer a ping. Trials were performed with firmware version 6 3 1 9 on the switch.
-
Page 7: Environment Used In Switch Configuration Examples
Table 1.2: Summary of devices connected to switch of the examples Port Description of device IP address assigned MAC address HP Color Laserjet Pro M252dw printer 192.168.14.31 d0:bf:9c:bd:4b:4d Netgear ReadyNAS 316 192.168.14.107 28:c6:8e:d5:ed:08 Mac Pro server Linux 192.168.14.9 00:3e:e1:c1:74:b3 Mac mini server Linux 192.168.8.7... -
Page 8: Basic Control Of The Switch Itself
1.5 Basic control of the switch itself The Netgear GS724Tv4 switch has network parameters which can be reset from their default values. Values selected for these parameters influence access to the switch and behaviour of the network formed using the switch. -
Page 9: Initial Switch Configuration
1.7. Gateway from a simple network on the switch removes the connection. Once the connection type is selected, the Apply button in the bottom right hand corner of the screen is clicked to have the switch perform the change. The port to VLAN connection types are: trunk carrying traffic for more than one VLAN untagged... -
Page 10: Implementation
1.8. Warnings switch 192.168.8.7 192.168.8.240 wireless extender Figure 1.2: Switch forming a LAN with an internet gateway 1.7.1 Implementation Only a standard network is required with the switch only performing the function of a plug-board into which the network components are physically connected. The simple rule (which cna be broken as shown in Section!2.1.2) is on a LAN, the network address of all connected devices should be the same. -
Page 11: Layer 2
Chapter Layer 2 Layer 2 configuration of the switch uses MAC addresses of the attached network devices. This layer enables the 24 ports on the switch to be grouped into virtual logical area networks (VLANs). Such VLANs can a connected together using functions of the switch enabling data to move between these VLANs. -
Page 12: Implementation
2.2. A new VLAN holding all devices 2.1.1 Implementation In the default switch configuration, all ports on the switch are linked to the VLAN with VLAN ID 1. This association on the switch is viewed using the switch menu sequence: Switching VLAN VLAN Membership... -
Page 13: Implementation
2.3. Two isolated LANs 2.2.1 Implementation A new VLAN was created on the switch by the switch menu sequence: Switching VLAN VLAN Configuration In the screen resulting, 12 was typed into the VLAN ID box, and VLAN-A-12 into the VLAN Name box. The VLAN Type was set to Static. -
Page 14: Implementation
2.3. Two isolated LANs contained only one network address while the other contained two. This is the ideal situation for using two VLANs. Multiple VLANs can be setup on the switch. 2.3.1 Implementation Figure 2.2 shows the implementation of the required two LANs. Each LAN is implemented as a separate VLAN. -
Page 15: Results From Testing
IP address. In its default, or initial configuration a GS724Tv4 switch implements a single LAN in the default VLAN, ID 1. All ports of the switch are initially members of VLAN 1. It is good practise not to use VLAN 1 as... -
Page 16: A Single Network
2.4. Dividing a LAN an operational VLAN. VLAN−B−22 VLAN−A−12 switch 192.168.8.7 192.168.8.31 192.168.8.107 192.168.8.9 192.168.8.240 wireless extender PC 1 PC 2 printer Internet gateway wireless network Figure 2.3: Two VLANs dividing a single LAN into two unconnected parts The LAN devices were plugged into ports 1, 2, 7, 19, and 23 of the switch. This forms a LAN using VLAN 1 as its container. -
Page 17: Dividing The Network Into Two Parts
2.5. Divided LAN sharing one Internet connection g1, g2, g7, g19, and g23 were clicked and then 12 entered in the Configured PVID field. The APPLY button at the bottom of the screen was cliked to finish the configuration. At this point the switch supported a single LAN in a signe VLAN. All devices could be pinged. If 192. 168.8.244 which was the modem on the wireless past of the network produced by 192.168.8.240 (port 23), and the url 192.168.8.244 was specified in the configuration of a device, then that device could access the Internet. -
Page 18: Ensuring Only Known Devices Can Use A Network
There is an opinion that only complex, or important, networks warrant the expense of network security or network protection. But network security is available on a GS724Tv4 switch. This availability makes assessment of what warrants securing an easier matter to decide. Small networks become candidates for using network security. -
Page 19: Security Designed To Give Specific Devices Access To Given Devices
2.6. Ensuring only known devices can use a network switch 192.168.14.9 192.168.14.7 192.168.14.240 192.168.14.31 192.168.14.107 PC 2 PC 1 wireless extender printer Figure 2.5: Two VLANs dividing a private LAN Are parts of the network of Figure 2.5 worth protecting so as not to allow access by everybody? Every- body on the network should be able to print using the printer. -
Page 20: Implementation Alternative 1
2.6. Ensuring only known devices can use a network Configuration of protection by the switch is via it’s Security tab. With respect to the GS724Tv4 switch: Actions are implemented by rules A rule can either allow an incoming network packet access or deny access to a device Rules are executed in the numerical order of the order number assigned when the rule was created until one is satisfied... -
Page 21: Implementation Alternative 2
2.6. Ensuring only known devices can use a network The switch menu sequence: Security Basic MAC Rules could be used to check the ACL. In the resulting MAC Rules screen the switch assigned name ACL Wizard MAC 0 appeared in the ACL Name pull down menu. The Rule Table part of the screen showed details of the ACL entered. -
Page 22: Testing
2.6. Ensuring only known devices can use a network Notice in creating these rules some fields were not used. They could be used to refine or narrow the focus of the rule. Finally the ACLscreated were bound to ports on the switch. This was done using the switch menu sequence: Security Basic... -
Page 23: Layer 3
Chapter Layer 3 The Netgear GS724Tv4 smart switch is level 3 device. In the ISO stack, level 3 is the Network Layer which is concerned with movement of network data between networks. To do this, the networks, which are VLANs on the GS724 switch, are assigned TCP/IP addresses just like the individual devices con- nected to the ports which from the VLANs. -
Page 24: Implementation
192.168.10.60 which was not on the VLANs which were to be created. Routing VLANs are setup using a different mechanism on the GS724Tv4 switch than that used to setup standard VLANs. The switch menu sequwnce:... -
Page 25: Testing
3.1. Routing between LANs and to the Internet 3.1.2 Testing PCs g7 and g19 could ping devices on their own VLAN. Each could ping the VLAN gateway addresses 192.168.14.1 and 192.168.8.1. Each PC running the Firefox web browser could brows the Inter- net. -
Page 26: Securing The Network
3.2. Securing the network 3.2 Securing the network Consider the network of Figure 3.1 where the switch is used to route between two VLANs. Routing allows all devices on each network to access all other devices, i.e devices on one routing VLAN can access all devices on it’s routing VLAN partner. -
Page 27: Allowing Pc 1 Access But With Limitation
3.2. Securing the network Source IP Adress window, and 0.0.0.255 into the Source IP Mask window. This ACL was then assigned to port 23 of the switch using the Binding Configuration part of the screen. By clicking the Unit 1 label port selection was shown. Clicking the small box under port 23 resulted in a tick mark appearing in that box. -
Page 28: Allow Pc 2 To Access Pc
3.2. Securing the network The ACL Based on Source MAC was selected from the ACL Type pull down menu on this ACL Type Selection screen, which brought up the ACL Based on Source MAC screen. The value 3 was typed into the Rule ID window, Permit was selected from the Action pull down menu, c8:2a:14:56:3c:a2 was entered into the Source MAC window, 00:00:00:00:00:00 entered into the Source MAC Mask window, and the vale 22 into the VLAN window.
Need help?
Do you have a question about the GS724Tv4 and is the answer not in the manual?
Questions and answers