Page 1
NETGEAR Managed Switches Software Administration Manual, Release 8.0 NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10515-01 October 2009...
Page 2
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Tested to Comply with FCC Standards FOR HOME OR OFFICE USE Modifications made to the product, unless expressly approved by NETGEAR, Inc., could void the user's right to operate the equipment. Canadian Department of Communications Radio Interference Regulations This digital apparatus (7000 Series Managed Switch) does not exceed the Class A limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.
Contents About This Manual Conventions, Formats, Scope, and Audience ..............xii Additional Documentation ....................xiii How to Print This Manual ....................xiv Revision History ......................xiv Chapter 1 Getting Started In-band and Out-of-band Connectivity ................1-1 Starting the Switch ......................1-4 Initial Configuration ......................1-4 Software Installation .......................1-5 Loading Firmware Using the Boot Menu ................1-9 Using Ezconfig for Switch Setup ..................1-10...
Page 5
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create a Protocol-Based VLAN ..................3-12 Virtual VLANs: Create an IP Subnet Based VLAN ............3-16 Voice VLAN ........................3-19 Chapter 4 Link Aggregation Create Two LAGs ......................4-2 Add the Ports to the LAGs ....................4-3 Enable Both LAGs ......................4-5...
Page 6
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 9 Proxy Address Resolution Protocol (ARP) Proxy ARP Examples .....................9-1 Chapter 10 Virtual Router Redundancy Protocol Configure VRRP on a Master Router ................10-2 Configure VRRP on a Backup Router ................10-4 Chapter 11 Access Control Lists (ACLs) MAC ACLs ........................11-1...
Page 7
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 14 IGMP Snooping and Querier Enable IGMP Snooping ....................14-1 Show igmpsnooping .....................14-2 Show mac-address-table igmpsnooping ..............14-3 Configure the Switch with an External Multicast Router ..........14-4 Configure the Switch with a Multicast Router Using VLAN ..........14-6 IGMP Querier .......................14-7...
Page 8
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Dual Image ........................17-8 Outbound Telnet ......................17-11 Chapter 18 Syslog Show Logging .......................18-2 Show Logging Buffered ....................18-5 Show Logging Traplogs ....................18-6 Show Logging Hosts .....................18-7 Log Port Configuration ....................18-8 Chapter 19 Managing Switch Stacks Understanding Switch Stacks ..................19-2...
Page 9
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 22 DHCP Server Configure a DHCP Server in Dynamic Mode ...............22-1 Configure a DHCP Reservation ..................22-3 Chapter 23 Double VLANs Enable a Double VLAN ....................23-2 Chapter 24 Private VLAN Groups Create a Private VLAN Group ..................24-1...
Page 10
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 32 Captive Portal Captive Portal Configuration ..................32-2 Enable Captive Portal ....................32-2 Client Access, Authentication, and Control ..............32-5 Block a Captive Portal Instance ..................32-5 Local Authorization User/Group Configuration .............32-6 Remote Authorization (RADIUS) User Configuration ...........32-8 SSL Certificates ......................32-10...
About This Manual The NETGEAR ® Managed Switches Software Administration Manual, Release 8.0 describes how to install, configure and troubleshoot the 7000 Series Managed Switch. The information in this manual is intended for readers with intermediate computer and Internet skills.
The NETGEAR installation guide for your switch • NETGEAR CLI Reference for the Prosafe 7X00 Series Managed Switch. Refer to the Command Line Reference for information for the command structure. There are three documents in this series; choose the appropriate one for your product.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 How to Print This Manual To print this manual, your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com.
Chapter 1 Getting Started Connect a terminal to the switch to begin configuration. In-band and Out-of-band Connectivity Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. Configuring for In-band Connectivity In-band connectivity allows you to access the switch from a remote workstation using the Ethernet network. To use in-band connectivity, you must configure the switch with IP information (IP address, subnet mask, and default gateway).
Page 15
NETGEAR Managed Switches Software Administration Manual, Release 8.0 When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for in-band connectivity over the network.
Page 16
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Subnet Subnet mask for the LAN. The default value is 255.255.255.0. gateway IP address of the default router, if the switch is a node outside the IP range of the LAN. To enable these changes to be retained during a reset of the switch, type Ctrl-Z to return to the main prompt, type save at the main menu prompt, and type y to confirm the changes.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Starting the Switch Make sure that the switch console port is connected to a VT100 terminal or VT100 terminal emulator via the RS-232 crossover cable. Locate an AC power receptacle. Deactivate the AC power receptacle.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Initial Configuration Procedure You can perform the initial configuration using the Easy Setup Wizard or by using the Command Line Interface (CLI). The Setup Wizard automatically starts when the switch configuration file is empty. You can exit the wizard at any point by entering [ctrl+z].
NETGEAR Managed Switches Software Administration Manual, Release 8.0 – Enter to show a list of commands that are available in the current mode. System Information and System Setup This section describes the commands you use to view system information and to setup the network device.
Page 20
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Table 1-1. Quick Start Commands (continued) Command Mode Description Global Allows the user to set passwords or change passwords users passwd Config needed to login. <username> A prompt appears after the command is entered requesting the users old password.
Page 21
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Table 1-1. Quick Start Commands (continued) Command Mode Description Privileged Starts the configuration file upload, displays the mode and copy nvram:startup- EXEC type of upload and confirms the upload is progressing. config The URL must be specified as: xmodem:<filepath>/<filename>...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Table 1-1. Quick Start Commands (continued) Command Mode Description Privileged Enter yes when the prompt asks if you want to save the copy system:running- EXEC configurations made to the networking device. config nvram:startup-...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The utility displays the following text when you enter the ezconfig command (FSM7352S) >ezconfig NETGEAR EZ Configuration Utility -------------------------------- Hello and Welcome! This utility will walk you through assigning the IP address for the switch management CPU.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 address of the switch. Assigning an IP address to your switch management Current IP Address Configuration -------------------------------- IP address: 0.0.0.0 Subnet mask: 0.0.0.0 Would you like to assign an IP address now (Y/N/Q)? IP Address: Ezconfig will display the current IP address and subnet mask.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 saved into the Flash (permanently storage). Enter to save the configuration. There are changes detected, do you wish to save the changes permanently (Y/N)? The configuration changes have been saved successfully. Please enter 'show running-config' to see the final configuration.
The guest may only view the settings and status of the network. As shipped from the factory, both users can log in without a password. Netgear strongly recommends that the network administrator creates a unique password for the administrative user before placing the switch into production.
Page 28
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The following screen shows an example of the PCC: Figure 1-2 The PCC Web interface has the following four significant features: Layout: The navigation pane has two rows of tabs, as shown in the following screen:...
Services to perform a firmware upgrade, to save the configuration, and to perform a backup of the configuration. Help Access to the NETGEAR product support website and documentation. Index Tthe site index that allows direct access to any of the pages under the main tabs and sub tabs.
Page 30
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter a new password in the Password field and then retype it in the Confirm Password field. Note: If SNMPv3 Authentication is to be used for this user, the password must be eight or more alphanumeric characters.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 2 Auto Install Configuration Auto Install is a software feature which provides for the configuration of a switch automatically when the device is initialized and no configuration file is found on the switch. The downloaded configuration file is not distributed across a stack.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • The IP address of a default gateway (option 3), if needed for IP communication. Some network configurations require the specification of a default gateway through which some IP communication can occur. The default gateway is specified by Option 3 of a BOOTP or DHCP response.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Obtaining a Config File After obtaining IP addresses for both the switch and the TFTP server, the Auto Install process attempts to download a configuration file. A host-specific configuration file is downloaded, if possible. Otherwise, a network configuration file is used as a bridge to get the final configuration.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 If the switch is unable to map its IP address to a hostname, Auto Install sends TFTP requests for the default configuration file router.cfg. The following table summarizes the config files that may be downloaded, and the order in which they are sought.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 When Auto Install has been successfully completed, an administrator can execute a show running-config command to validate the contents of configuration. Saving Configuration An administrator must explicitly save the downloaded configuration in non-volatile memory. Then a configuration will be available on the next reboot.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Logging A message is logged for each of the following events: The Auto Install component receiving a config file name and other options upon resolving an IP address by DHCP or BOOTP client. The boot options values are logged.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure Auto Install Stacking The downloaded configuration file is not distributed across a stack. When an administrator saves configuration, the config file is distributed across a stack. 192.168.0.1 192.168.0.2 TFTP Server DHCP Server 192.168.0.3...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Switch Configuration (Netgear Switch) #boot autoinstall auto-save Have the configuration file saved after download from TFTP server. (Netgear Switch) #boot autoinstall start Autoinstall starts and waiting for boot options turned by DHCP server.
Page 39
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Maintenance > Save Config >Auto Install Configuration. A screen similar to the following displays. Figure 2-2 2. Select Enable in the AutoInstall Mode field. 3. Select Enable in the AutoSave Mode field.
Chapter 3 Virtual LANs In this chapter, the following examples are provided: • “Create Two VLANs” on page 3-2 • “Assign Ports to VLAN2” on page 3-4 • “Assign Ports to VLAN3” on page 3-5 • “Assign VLAN3 as the Default VLAN for Port 1/0/2” on page 3-7 •...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 use to configure the switch as shown in the diagram. Layer 3 Switch Port 1/0/2 VLAN Port 1/0/3 VLAN Router Port 1/3/1 Router Port 1/3/2 192.150.3.1 192.150.4.1 Port 1/0/1 Layer 2 Layer 2...
Page 42
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create VLAN 2. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays. Figure 3-2 b. Enter the following information in the VLAN Configuration.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the VLAN Name field, enter VLAN3 • Select Static in the VLAN Type field. Click Add. Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2, specify that frames will always be transmitted tagged from all member ports, and that untagged frames will be rejected on receipt.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click the Unit 1. The Ports display. d. Click the gray box under port 1 and 2 until T displays. The T specifies that the egress packet is tagged for the port.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN> Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 3-7 b. Under PVID Configuration, scroll down to interface 1/0/4 and select the checkbox for that interface.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN >Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 3-8 b. Under PVID Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 48
NETGEAR Managed Switches Software Administration Manual, Release 8.0 MAC based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet. A MAC to VLAN mapping is defined by configuring an entry in the MAC to VLAN table. An entry is specified via a source MAC address and the desired VLAN ID.
Page 49
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface Procedure: Assigning a MAC-Based VLAN To use the Web interface to configure the managed switch, proceed as follows: Create VLAN 3. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays.
Page 50
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Select 3 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box before the Unit 1until U displays. Click Apply Assign VPID 3 to the port 1/0/23.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the MAC Based VLAN Configuration. • Enter 00:00:0A:00:00:02 in the MAC Address field. • Enter 3 in the PVID(1 to 4093) field. Click Add. Create a Protocol-Based VLAN Create two protocol vlan groups, one is for IPX and the other is for IP/ARP.
Page 52
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable protocol vlan group 1 and 2 on the interface. (Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 2 (Netgear Switch)(Interface 1/0/11)#exit...
Page 53
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN >Advanced > Protocol Based VLAN Group Configuration. A screen similar to the following displays. Figure 3-15 b. Enter the following information in the Protocol Based VLAN Group Configuration.
Page 54
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN >Advanced > Protocol Based VLAN Group Membership. A screen similar to the following displays Figure 3-17 b. Select the 1 in the Group ID field.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Virtual VLANs: Create an IP Subnet Based VLAN In an IP subnet based VLAN, all the end workstations in an IP subnet are classified to the same VLAN. In this VLAN, users can move their workstations without reconfiguring their network addresses. IP subnet VLANs are based on layer 3 information from packet headers.
Page 56
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create an IP subnet based VLAN 2000. (Netgear Switch) #config (Netgear Switch) (Config)#interface range 1/0/1-1/0/24 (Netgear Switch) (conf-if-range-1/0/1-1/0/24)# vlan participation include 2000 (Netgear Switch) (conf-if-range-1/0/1-1/0/24)#exit (Netgear Switch) (Config)# Have all the ports being member of the VLAN 2000.
Page 57
NETGEAR Managed Switches Software Administration Manual, Release 8.0 2. Assign all of the ports to VLAN 2000. a. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays. Figure 3-21 b. Select 2000 in the VLAN ID field.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Voice VLAN The voice VLAN feature enables switch ports to carry voice traffic with defined priority so as to enable separation of voice and data traffic coming onto the port. Voice VLAN is to ensure that sound quality of an IP phone could be safeguarded from deteriorating when the data traffic on the port is high.
Page 59
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring Voice VLAN and Prioritizing Voice Traffic Create VLAN 10. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#exit Include the ports 1/0/1and 1/0/2 in the VLAN 10. (Netgear Switch) (Config)#interface range...
Page 60
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Map the Policy and Class and assign to the higher priority queue. (Netgear Switch) (Config-policy-map)#class ClassVoiceVLAN (Netgear Switch) (Config-policy-classmap)#assign-queue 3 (Netgear Switch) (Config-policy-classmap)#exit Assign it to the interfaces 1/0/1 and 1/0/2. (Netgear Switch) (Config)#interface range...
Page 61
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Add. At the end of this configuration a screen similar to the following displays. Figure 3-25 2. Include the ports 1/0/1 and 1/0/2 in the VLAN 10. From the main menu, select Switching > VLAN > Advanced -> VLAN Membership. A screen similar to the following displays.
Page 62
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Port 1 and Port 2 as Tagged. A screen similar to the following displays. Figure 3-27 d. Click Apply. Configure Voice VLAN globally. From the main menu, select Switching > VLAN > Advanced > Voice VLAN Configuration. A screen similar to the following displays.
Page 63
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. A screen similar to the following displays. Figure 3-29 Configure Voice VLAN Mode in the interface 1/0/2. From the main menu, select Switching > VLAN > Advanced -> Voice VLAN Configuration.
Page 64
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced > Class Configuration. A screen similar to the following displays. Figure 3-31 b. Enter Class Name as ClassVoiceVLAN. Select Class Type as All. A screen similar to the following displays.
Page 65
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Click the class ClassVoiceVLAN. A screen similar to the following displays. Figure 3-34 In the DiffServ Class Configuration table, select VLAN. d. Enter VLAN ID as 10. A screen similar to the following displays.
Page 66
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced > Policy Configuration. A screen similar to the following displays. Figure 3-37 b. Enter Policy Name as PolicyVoiceVLAN. Select Policy Type as In. d. Select Member Class as ClassVoiceVLAN. A screen similar to the following displays.
Page 67
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced > Policy Configuration. A screen similar to the following displays. Figure 3-39 b. Click the Policy PolicyVoiceVLAN. A screen similar to the following displays.
Page 68
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Assign Queue as 3. A screen similar to the following displays. Figure 3-41 d. Click Apply. 9. Assign it to the interfaces 1/0/1 and 1/0/2. From the main menu, select QoS > Advanced > Service Interface Configuration. A screen similar to the following displays.
Page 69
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Policy Name as PolicyVoiceVLAN. A screen similar to the following displays. Figure 3-43 d. Click Apply. A screen similar to the following displays. Figure 3-44 Virtual LANs 3-30 v1.0, October 2009...
Chapter 4 Link Aggregation This chapter includes instructions for configuring Link Aggregation (LAG). The following examples are provided: • “Create Two LAGs” on page 4-2 • “Add the Ports to the LAGs” on page 4-3 • “Enable Both LAGs” on page 4-5 Link Aggregation (LAG) allows the switch to treat multiple physical links between two end-points as a single logical link.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create Two LAGs The following figure shows the example network. Port 1/0/3 LAG_10 Subnet 3 Port 1/0/2 LAG_10 Server Layer 3 Switch Port 1/0/8 Port 1/0/9 LAG 20 LAG_20 Layer 2 Switch...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Creating Two LAGs To use the Web interface to configure the managed switch, proceed as follows: Create LAG lag_10. From the main menu, select Switching > LAG >LAG Configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply to save the settings. 2. Add ports to the lag_20. a. From the main menu, select Switching > LAG >LAG Membership. A screen similar to the following displays. Figure 4-5 b.
Page 75
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Enabling Both LAGs To use the Web interface to configure the switch, proceed as follows: From the main menu, select Switching > LAG >LAG Configuration. A screen similar to the following displays.
Chapter 5 Port Routing In this chapter, the following examples are provided: • “Enable Routing for the Switch” on page 5-2 • “Enable Routing for Ports on the Switch” on page 5-3 • “Adding a Default Route” on page 5-6 •...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • IP Forwarding, responsible for forwarding received IP packets. • ARP Mapping, responsible for maintaining the ARP Table used to correlate IP and MAC addresses. The table contains both static entries and entries dynamically updated based on information in received ARP frames.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Enabling Routing for the Switch Use the following command to enable routing for the switch. Execution of the command enables IP forwarding by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing...
Page 80
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the IP Address field, enter 192.150.2.1. • In the Subnet Mask field, enter 255.255.255.0. • Select Enable in Routing Mode field. d. Click Apply to save the settings. 2. Assign IP address 192.150.3.1/24 to the interface 1/0/3.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 5-5 b. Under IP Interface Configuration, scroll down to interface 1/0/5 and select the checkbox for that interface.
Page 82
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Add a Default Route (FSM7338S) (Config) #ip route default ? <nexthopip> Enter the IP Address of the next router. (FSM7328S) (Config)#ip route default 10.10.10.2 Note that IP subnet “10.10.10.0” should be configured via either Port Routing Configuration example either or VLAN Routing Configuration in the next chapter.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Adding a Static Route If your network switch has multiple routing interface that would allow different forwarding path to be taken for reaching the same destination, it may make sense to create static route to force the packet to take certain route (port) instead of the default route.
Page 84
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Static in the Route Type field. 3. Enter Network Address field. Noted this field is expecting a network IP address, not a host IP address. Do not put down something like “10,100.100.1”. The last number should always be zero.
Chapter 6 VLAN Routing In this chapter, the following examples are provided: • “Create Two VLANs” • “Set Up VLAN Routing for the VLANs and the Switch” on page 6-6 • “Click Add to save the settings.” on page 6-8 You can configure the 7000 Series Managed Switch with some ports supporting VLANs and some supporting routing.
Page 86
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The diagram in this section shows a Layer 3 switch configured for port routing. It connects two VLANs, with two ports participating in one VLAN, and one port in the other. The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the VLAN routing support shown in the diagram.
Page 87
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Creating Two VLANs To use the Web interface to configure the managed switch, proceed as follows: Create VLAN 10, VLAN20. From the main menu, select Switching > VLAN >Advanced > VLAN configuration. A screen similar to the following displays.
Page 88
NETGEAR Managed Switches Software Administration Manual, Release 8.0 h. In the VLAN Name field, enter VLAN20. Select Static in the VLAN Type field. Click Add. 2. Add ports to the VLAN10 and VLAN20. a. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 89
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select 20 in the VLAN ID field. h. Click the Unit 1. The Ports display. Click the gray box under port 3 until T displays. The T specifies that the egress packet is tagged for the port.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN> Advanced > Port PVID Configuraton. A screen similar to the following displays. Figure 6-7 Under PVID Configuration, scroll down to interface 1/0/3 and select the checkbox for 1/0/3.
Page 91
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable routing for the switch: (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports.
Page 92
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > VLAN> VLAN Routing > VLAN Routing Configuration. A screen similar to the following displays. Figure 6-9 5. Under the VLAN Routing Configuration, enter the following information.
Chapter 7 Routing Information Protocol In this chapter, the following examples are provided: • “Enable Routing for the Switch” on page 7-2 • “Enable Routing for Ports” on page 7-3 • “Enable RIP for the Switch” on page 7-5 • “Enable RIP for Ports 1/0/2 and 1/0/3”...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The configuration commands used in the following example enable RIP on ports 1/0/2 and 1/0/3 as shown in the network illustrated in Figure 7-1 Layer 3 Switch acting as a router Port 1/0/2 Port 1/0/5 192.150.2.2...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Basic >IP Configuration. A screen similar to the following displays. Figure 7-2 2. Next to the Routing Mode, select the Enable radio button. 3. Click Apply to save the settings.
Page 96
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 7-3 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 7-4 b. Under IP Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > RIP > Advanced>RIP Configuration. A screen similar to the following displays. Figure 7-7 5. Under the Interface Configuration, enter the following information. • Select 1/0/3 in the Interface field.
Page 101
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • RIPv2 defined in RFC 1723 – Route specification is extended to include subnet mask and gateway – The routing table is sent to a multicast address, reducing network traffic – An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP.
Page 102
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: VLAN Routing RIP Configuration Example of configuring VLAN Routing with RIP support on a 7000 Series Managed Switch. (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10...
Page 103
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable RIP for the VLAN router ports. Authentication will default to none, and no default route entry will be created. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip rip (Netgear Switch) (Interface vlan 10)#exit...
Page 104
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 7-10 b. Enter the following information in the VLAN Routing Wizard: •...
Page 105
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > RIP > Advanced>RIP Configuration. A screen similar to the following displays. Figure 7-12 b. Under the Interface Configuration, enter the following information. • Select 0/2/1 in the Interface field.
Chapter 8 OSPF In this chapter, the following examples are provided: • “Configure an Inter-Area Router” on page 8-2 • “Configure OSPF on a Border Router” on page 8-8 • “Configure Area 1 as a Stub Area” on page 8-15 •...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure an Inter-Area Router The examples in this section show you how to configure a 7000 Series Managed Switch first as an inter-area router and then as a border router. They show two areas, each with its own border router connected to one inter-area router.
Page 109
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable IP routing on the switch: From the main menu, select Routing > IP > IP Configuration. A screen similar to the following displays. Figure 8-2 b. Next to the Routing Mode, select the Enable radio button.
Page 110
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply to save the settings. 3. Assign IP address 192.150.3.1 to the port 1/0/3: a. From the main menu, select Routing > IP > Advanced> IP Interface Configuration. A screen similar to the following displays.
Page 111
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > OSPF > Advanced> OSPF Configuration. A screen similar to the following displays. Figure 8-5 b. Under the OSPF Configuration, enter the following information: • In the Router ID, enter 192.150.9.9.
Page 112
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 8-6 b. Under Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-7 b. Under Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface. Now 1/0/3 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.3.
Page 116
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-9 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 117
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IP Interface Configuration: • In the IP Address field, enter 192.130.3.1. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field.
Page 118
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-12 b. Under the OSPF Configuration, enter the following information: • In the Router ID, enter 192.130.1.1. • Select the Enable in the OSPF Admin Mode field. • Select the Disable in the RFC 1583 Compatibility field.
Page 119
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-15 b. Under Interface Configuration, scroll down to interface 1/0/4 and select the checkbox for that interface. Now 1/0/4 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2.
Page 121
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring Area 1 as a Stub Area on A1 Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Set the router id to 1.1.1.1. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id 1.1.1.1...
Page 122
NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State ---------------- ----------- ------------------- --------- 4.4.4.4 192.168.10.2 2/0/11 Full 2.2.2.2 192.168.20.2 2/0/19 Full (Netgear Switch) #show ip route Total Number of Routes......
Page 123
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-18 b. Under IP Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 124
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the IP Address field, enter 192.168.20.1. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field. d. Click Apply to save the settings. 4. Specify the Router ID and Enable OSPF for the switch.
Page 125
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.0.
Page 126
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the Sub Area Configuration. • In the Area ID field, enter 0.0.0.1. • Select Disable in the Import Summary LSA’s field. Click Add to save the settings.
Page 127
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring Area 1 as a Stub Area on A2 To use the Web interface to configure OSPF on the switch, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing > IP > IP Configuration. A screen similar to the following displays.
Page 128
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Select Enable in the Admin Mode field. d. Click Apply to save the settings. 3. Specify the Router ID and Enable OSPF for the switch From the main menu, select Routing > OSPF > Basic> OSPF Configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply to save the settings. 5. Configure area 0.0.0.1 as a stub area. From the main menu, select Routing > OSPF > Advanced> Stub Area Configuration. A screen similar to the following displays.
Page 130
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring Area 1 as a nssa Area Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config)#ip routing Configure area 0.0.0.1 as a nssa area. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id 1.1.1.1...
Page 131
NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Interface 2/0/19)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......2 Network Subnet Next Hop Next Hop Address Mask Protocol Intf IP Address --------------- --------------- ------------...
Page 132
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-31 b. Under IP Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 133
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the IP Address field, enter 192.168.20.1. • In the Subnet Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field. d. Click Apply to save the settings. 4. Specify the Router ID and Enable OSPF for the switch.
Page 134
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.0.
Page 135
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the NSSA Area Configuration. • In the Area ID field, enter 0.0.0.1. • Select the Disable in the Import Summary LSA’s field. Click Add to save the settings.
Page 136
NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) (Interface 1/0/15)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......6 Network Subnet Next Hop Next Hop Address Mask Protocol Intf IP Address --------------- --------------- ------------...
Page 137
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-38 b. Under IP Interface Configuration, scroll down to interface 1/0/11 and select the checkbox for that interface. Now 1/0/11 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 138
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IP Interface Configuration: • In the IP Address field, enter 192.168.20.2. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Routing Mode field.
Page 139
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable OSPF on the port 1/0/15. From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 8-42 b. Under IP Interface Configuration, scroll down to interface 1/0/15 and select the checkbox for that interface.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Redistribute the RIP routes into the OSPF area. From the main menu, select Routing > OSPF > Advanced>Route Redistribution. A screen similar to the following displays. Figure 8-44 b. In the Route Redistribution, select RIP in the Available Source field.
Page 141
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: VLAN Routing OSPF Configuration This example adds support for OSPF to the configuration created in the base VLAN routing example in Figure 6-1 on page 6-2. The script shows the commands you would use to configure the 7000 Series Managed Switch as an inter-area router.
Page 143
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the VLAN Routing Wizard. • In the Vlan ID field, enter 10. • In the IP Address field, enter 192.150.3.1. • In the Network Mask field, enter 255.255.255.0.
Page 144
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-47 b. Next to the OSPF Admin Mode, select Enable Radio button. Enter 192.150.9.9 in the Router ID filed. d. Click Apply to save the setting. 4. Enable OSPF on the VLAN 10.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable OSPF on the VLAN 20. From the main menu, select Routing > OSPF > Advanced>Interface Configuration. A screen similar to the following displays. Figure 8-49 b. Under the Interface Configuration, click the VLANS to show all the VLAN interfaces.
Page 146
NETGEAR Managed Switches Software Administration Manual, Release 8.0 enable operation over tunnels. It is possible to enable OSPF and OSPFv3 at the same time. OSPF works with IPv4 and OSPFv3 works with IPv6. The following example shows how to configure OSPFv3 on a IPv6 network.
Page 147
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable OSPFv3 on the interface 1/0/1, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (Interface 1/0/1)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor...
Page 148
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IPv6 > IPv6 Global Configuration. A screen similar to the following displays. Figure 8-51 Next to the IPv6 Unicast Routing Mode, select the Enable radio button.
Page 149
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IPv6 > Advanced> IP Interface Configuration. A screen similar to the following displays. Figure 8-53 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for that interface.
Page 150
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IPv6 Interface Configuration: • In the IPv6 Prefix edit box, enter 2001::1. • In the Length edit box, enter 64. • Select Disable in the EUI64 field.
Page 151
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 8-56 To use the Web interface to configure OSPF on the switch A2, refer to the configuration of switch A1. OSPF 8-46 v1.0, October 2009...
ARP request arrived Proxy ARP Examples The following are examples of the commands used in the proxy ARP feature. CLI: show ip interface (Netgear Switch) #show ip interface ? <slot/port> Enter an interface in slot/port format. brief Display summary information about IP configuration settings for all ports.
Page 153
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: ip proxy-arp (Netgear Switch) (Interface 0/24)#ip proxy-arp ? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 0/24)#ip proxy-arp Web Interface: Configuring Proxy ARP on a Port To use the Web interface to configure proxy ARP on a port, proceed as follows: Configure proxy ARP.
Chapter 10 Virtual Router Redundancy Protocol In this chapter, the following examples are provided: • “Configure VRRP on a Master Router” on page 10-2 • “Configure VRRP on a Backup Router” on page 10-4 When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure VRRP on a Master Router This example shows how to configure the 7000 Series Managed Switch to support VRRP. Router 1 will be the default master router for the virtual route, and Router 2 will be the backup router.
Page 156
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable VRRP on the port. (Netgear Switch) (Interface 1/0/2)#ip vrrp 20 mode (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Configuring VRRP on a Master Router To use the Web interface to configure VRRP on a master router on the switch, proceed as follows: Enable IP routing on the switch: From the main menu, select Routing >...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 158
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring VRRP on a Backup Router The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the backup router: Enable routing for the switch. IP forwarding will then be enabled by default.
Page 159
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring VRRP on a Backup Router To use the Web interface to configure VRRP on a backup router on the switch, proceed as follows: Enable IP routing on the switch.
Page 160
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the Network Mask field, enter 255.255.0.0. • Select Enablein the Admin Mode field. d. Click Apply to save the settings. 3. Enable VRRP on the 1/0/4. From the main menu, select Routing > VRRP > Basic> VRRP Configuration. A screen similar to the following displays.
Chapter 11 Access Control Lists (ACLs) This chapter describes the Access Control Lists (ACLs) feature. The following examples are provided: • “Set up an IP ACL with Two Rules” on page 11-3 • “Configure a One-Way Access Using a TCP Flag in an ACL” on page 11-8 •...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Ethertype – Secondary CoS (802.1p) – Secondary VLAN (or range of IDs) • L2 ACLs can apply to one or more interfaces • Multiple access lists can be applied to a single interface - sequence number determines the order of execution •...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Set up an IP ACL with Two Rules This section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will only be accepted by the 7000 Series Managed Switch if the source and destination stations have IP addresses within the defined sets.
Page 164
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Define the second rule for ACL 101 to set similar conditions for UDP traffic as for TCP traffic. (Netgear Switch) (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted.
Page 165
NETGEAR Managed Switches Software Administration Manual, Release 8.0 following displays. Figure 11-3 b. Next to ACL ID, select 101. Click Add to create a new rule. 3. Create a new ACL rule and add it to the ACL 101. a. After you click the Add button on the step 2, A screen similar to the following displays.
Page 166
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Select TCP in the Protocol Type field. • In the Source IP Address, enter 192.168.77.0. • In the Source IP Mask, enter 0.0.0.255. • In the Destination IP Address, enter 192.178.77.0.
Page 167
NETGEAR Managed Switches Software Administration Manual, Release 8.0 to the following displays. Figure 11-6 b. Enter the following information in the IP Binding Configuration. • Select 101 in the ACL ID field. • In the Sequence Number field, enter 1.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure a One-Way Access Using a TCP Flag in an ACL This example shows how to set up one-way web access using a TCP flag in an ACL. PC1 can access FTP server1 and FTP server2 but PC2 only access FTP server2.
Page 170
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create an ACL that denies all the packets with TCP flags +syn-ack. (Netgear Switch) (Config)#access-list 101 deny tcp any any flag +syn -ack Create an ACL that permits all the IP packets.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create VLAN 50 with port 1/0/25 and assign IP address 192.168.50.1/24. (Netgear Switch)(Config)#exit (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 50 (Netgear Switch) (Vlan)#vlan routing 50 (Netgear Switch) (Vlan)#exit (Netgear Switch) #configure...
Page 172
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 11-8 b. Enter the following information in the VLAN Routing Wizard: •...
Page 173
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-9 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 100. • In the IP Address field, enter 192.168.100.1. • In the Network Mask field, enter 255.255.255.0.
Page 174
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-10 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 200. • In the IP Address field, enter 192.168.200.1. • In the Network Mask field, enter 255.255.255.0.
Page 175
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing.
Page 176
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-13 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.50.0. •...
Page 177
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create an ACL with ID 102: From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 11-15 b. In the IP ACL ID field of the IP ACL Table, enter 102.
Page 178
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Add. The Extended ACL Rule Configuration screen displays. Figure 11-17 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1.
Page 179
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-18 b. Under IP Extended Rules, select 102 in the ACL ID field. Click Add. The Extended ACL Rule Configuration screen displays. Figure 11-19 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 180
NETGEAR Managed Switches Software Administration Manual, Release 8.0 11. Apply ACL 101 to port 44. a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 11-20 b. Under Binding Configuration, make the following selection and enter the following information: •...
Page 181
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-21 b. Under Binding Configuration, make the following selection and enter the following information: • Select 102 in the ACL ID field. • In the Sequence Number field, enter 2. Click Unit 1. The ports display.
Page 182
NETGEAR Managed Switches Software Administration Manual, Release 8.0 following displays. Figure 11-22 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 40. • In the IP Address field, enter 192.168.40.1. • In the Network Mask field, enter 255.255.255.0.
Page 183
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create VLAN 50 with IP address 192.168.50.1/24: From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 11-23 b. Enter the following information in the VLAN Routing Wizard: •...
Page 184
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 11-24 b. Enter the following information in the VLAN Routing Wizard: •...
Page 185
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-25 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.100.0. •...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.30.0. • In the Subnet Mask field, enter 255.255.255.0.
Page 187
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring a One-Way Access Using a TCP Flag in an ACL Commands To use the CLI to isolate VLANs on a Layer 3 switch by using ACLs, enter the following CLI commands.
Page 188
(Netgear Switch) (Config)#ip route default 10.100.5.252 Create ACL 101 to deny all traffic that has destination IP 192.168.24.0/24. (Netgear Switch) (Config)#access-list 101 deny ip any 192.168.24.0 0.0.0.255 Create ACL 102 to deny all traffic that has destination IP 192.168.48.0/24. (Netgear Switch) (Config)#access-list 102 deny ip any 192.168.48.0 0.0.0.255 Create ACL 103 to permit all other traffic.
Page 189
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring a One-Way Access Using a TCP Flag in an ACL To use the Web interface to isolate VLANs on a Layer 3 switch by using ACLs, proceed as follows: Create VLAN 24 with IP address 192.168.24.1:...
Page 190
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 11-29 b. Enter the following information in the VLAN Routing Wizard: •...
Page 191
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-30 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 38. • In the IP Address field, enter 10.100.5.34. • In the Network Mask field, enter 255.255.255.0.
Page 192
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing.
Page 193
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. In the IP ACL ID field of the IP ACL Table, enter 102. Click Add. 7. Create an ACL with ID 103: From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays.
Page 194
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Add. The Extended ACL Rule Configuration screen displays. Figure 11-36 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1.
Page 195
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-37 b. Under IP Extended Rules, select 102 in the ACL ID field. Click Add. The Extended ACL Rule Configuration screen displays. Figure 11-38 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 196
NETGEAR Managed Switches Software Administration Manual, Release 8.0 10. Add and configure an IP extended rule that is associated with ACL 103: a. From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays.
Page 197
NETGEAR Managed Switches Software Administration Manual, Release 8.0 11. Apply ACL 102 to port 24: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 11-41 b. Under Binding Configuration, make the following selection and enter the following information: •...
Page 198
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-42 b. Under Binding Configuration, make the following selection and enter the following information: • Select 101 in the ACL ID field. • In the Sequence Number field, enter 1. Click Unit 1. The ports display.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 11-43 b. Under Binding Configuration, make the following selection and enter the following information: • Select 103 in the ACL ID field. • In the Sequence Number field, enter 2. Click Unit 1. The ports display. Configure the following ports: •...
Page 200
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Deny all the traffic which has destination MAC 01:80:c2:xx:xx:xx. (Netgear Switch) (Config-mac-access-list)#deny any 01:80:c2:00:00:00 00:00:00:ff:ff:ff Permit all the other traffic. (Netgear Switch) (Config-mac-access-list)#permit any (Netgear Switch) (Config-mac-access-list)#exit Apply the MAC ACL acl_bpdu to the port 1/0/2.
Page 201
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL >MAC ACL> MAC Rules. A screen similar to the following displays. Figure 11-45 Select acl_bpdu in the ACL Name field. b. Select Deny in the Action field.
Page 202
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select acl_bpdu in the ACL Name field. b. Enter the following information in the Rule Table. • In the ID field, enter 2. • Select the Permit in the Action field. Click theAdd button.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 ACL Mirroring This feature extends the existing port mirroring functionality by allowing to mirror a desired traffic stream in an interface. It helps to mirror the desired traffic stream rather mirroring entire traffic in an interface. It has been associated with ACL functionality.
Page 204
(Netgear Switch) (Config)# ip access-list monitorHost Define the rules to match the host 10.0.0.1 and to permit every other. (Netgear Switch) (Config-ipv4-acl)# permit ip 10.0.0.1 0.0.0.0 any mirror 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Bind the ACL with the interface 1/0/1.
Page 205
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring ACL Mirroring To use the Web interface to configure IP ACL on a port on the switch, proceed as follows: Create an IP access control list with the name monitorHost on the switch: From the main menu, select Security >...
Page 206
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 11-51 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays Figure 11-52 Enter Rule ID as 1.
Page 207
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays Figure 11-53 b. Click Add and a screen similar to the following displays.
Page 208
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Bind the ACL with the interface 1/0/1. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 11-56 b. Enter Sequence Number as 1.
(Netgear Switch) (Config)#ip access-list redirectHTTP Define a rule to match the HTTP stream and define a rule to permit every other. (Netgear Switch) (Config-ipv4-acl)# permit tcp any any eq http redirect 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Access Control Lists (ACLs) 11-49 v1.0, October 2009...
Page 210
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Bind the ACL with the interface 1/0/1. (Netgear Switch) (Interface 1/0/1)#ip access-group redirectHTTP in 1 View the configuration. (Netgear Switch) # show ip access-lists Current number of ACLs: 1 Maximum number of ACLs: 100...
Page 211
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 11-59 b. In the IP ACL filed enter redirectHTTP. Click Add to create the IP ACL redirectHTTP. At the end of this configuration a screen similar to the following displays.
Page 212
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 11-61 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays.
Page 213
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 11-63 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays.
Page 214
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-65 Bind the ACL with the interface 1/0/1. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-67 Configure IPv6 ACLs This feature extends the existing IPv4 ACL by providing support for IPv6 packet classification. IPv6 ACLs classify for Layer 3 IPv6 traffic.
Page 216
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Interface 1/0/1 GSM73xxS 2001:0DB8:c0ab:ac11::/64 2001:0DB8:c0ab:ac14::/64 2001:0DB8:c0ab:ac13::/64 2001:0DB8:c0ab:ac12::/64 IPv6 HTTP traffic IPv6 Telnet traffic IPv6 Any other traffic Figure 11-68 CLI: Configuring an IPv6 ACL Create the Access Control List with the name ipv6-acl.
Page 217
(Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 2001:DB8:C0AB:AC13::/64 eq telnet (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 any eq http Apply rules the rule to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/1...
Page 218
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring an IPv6 ACL Create the Access Control List with the name ipv6-acl From the main menu, select Security > ACL > Advanced > IPv6 ACL. b. In the IPv6 ACL table, enter ipv6-acl in the IPv6 ACL field. A screen similar to the following displays.
Page 219
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > ACL > Advanced > IPv6 Rules. A screen similar to the following displays. Figure 11-71 b. Select the ACL Name as ipv6-acl. Click Add. d. Enter Rule ID as 1.
Page 220
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. 3. Add Rule 2. Enter Rule ID as 2. b. Select Action as Permit. Select Protocol Type as TCP. d. Enter Source Prefix as 2001:DB8:C0AB:AC11::. Enter Source Prefix Length as 64.
Page 221
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Source L4 Port as http. A screen similar to the following displays. Figure 11-74 Click Apply. 5. Apply the rules to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted.
Page 222
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-76 View the binding table. From the main menu, select Security > ACL > Advanced-> Binding Table. A screen similar to the following displays.
Chapter 12 Class of Service (CoS) Queuing This section describes the Class of Service (CoS) Queue Mapping and Traffic Shaping features. In this chapter, the following examples are provided: • “Show classofservice Trust” on page 12-3 • “Set classofservice trust Mode” on page 12-3 •...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Can only have one trust field at a time - per port. – 802.1p User Priority (default trust mode - Managed through Switching configuration) – IP Precedence – IP DiffServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Tail Drop parameters, Threshold Per-Interface Basis • Queue management type, Tail Drop vs. WRED Only if per queue config is not supported • WRED Decay Exponent • Traffic Shaping for an entire interface...
Page 226
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Setting classofservice Trust Mode (Netgear Switch) (Config)#classofservice? dot1p-mapping Configure dot1p priority mapping. ip-dscp-mapping Maps an IP DSCP value to an internal traffic class. trust Sets the Class of Service Trust Mode of an Interface.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Show classofservice ip-precedence Mapping The example is shown as CLI commands and as a Web interface procedure. CLI: Showing classofservice ip-precedence Mapping (Netgear Switch) #show classofservice ip-precedence-mapping IP Precedence Traffic Class -------------...
Enter the minimum bandwidth percentage for Queue 0. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict? <queue-id> Enter a Queue Id from 0 to 7.
Page 229
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced >Interface Queue Configuration. A screen similar to the following displays. Figure 12-4 b. Select the 0 in the Queue ID field. Under Interface Queue Configuration, scroll down to interface 1/0/2 and select the checkbox for 1/ 0/1.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced >Interface Queue Configuration. A screen similar to the following displays. Figure 12-5 b. Select the 1 in the Queue ID field. Under Interface Queue Configuration, scroll down to interface 1/0/2 and select the checkbox for 1/ 0/2.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Note: The Traffic Class value range is <0-6> instead of <0-7> because queue 7 is reserved in a stacking build for stack control, and is therefore not configurable by the user. Web Interface: Setting CoS Trust Mode of an Interface...
Page 232
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The <bw> value is a percentage that ranges from 0 to 100 in increments of 5. The default bandwidth value is 0, meaning no upper limit is enforced, which allows the interface to transmit up to its maximum line rate.
Page 233
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under CoS Interface Configuration, scroll down to interface 1/0/3 and select the 1/0/3 checkbox. Now 1/0/3 appears in the Interface field at the top. In the Interface Shaping Rate(0 to 100) field, enter 70.
Chapter 13 Differentiated Services In this chapter, the following examples are provided: • “Differentiated Services” on page 13-2 • “DiffServ for VoIP Configuration” on page 13-20 • “Auto VoIP Configuration” on page 13-29 • “DiffServ for IPv6 Configuration Example” on page 13-33 Differentiated Services (DiffServ) is one technique for implementing Quality of Service (QoS) policies.
Page 235
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Policy. Defines the QoS attributes for one or more traffic classes. An example of an attribute is the ability to mark a packet at ingress. The 7000 Series Managed Switch supports a Traffic Conditions Policy.
Page 236
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Ensure DiffServ operation is enabled for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#diffserv Create a DiffServ class of type “all” for each of the departments, and name them. Define the match criteria - - Source IP address -- for the new classes.
Page 237
It is presumed that the switch will forward this traffic to interface 1/0/5 based on a normal destination address lookup for internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit...
Page 238
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ >Basic >DiffServ Configuration. A screen similar to the following displays. Figure 13-2 b. Next to the Diffserv Admin Mode, select the Enable radio button.
Page 239
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click the finance_dept to configure this class. Figure 13-4 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.10.0. • In the Source Mask field, enter 255.255.255.0.
Page 240
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the Class Configuration • In the Class Name field, enter marketing_dept. • Select All in the Class Type field. Click Add to create a new class marketing_dept.
Page 241
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced >Class Configuration. A screen similar to the following displays. Figure 13-7 b. Enter the following information in the Class Configuration • In the Class Name field, enter test_dept.
Page 242
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.30.0. • In the Source Mask field, enter 255.255.255.0. Click Apply. Create class development_dept.
Page 243
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-10 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.40.0. • In the Source Mask field, enter 255.255.255.0. Click Apply. Create a policy named internet_access and add the class finance_dept into it.
Page 244
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the Class Configuration • In the Policy Selector field, enter internet_access. • Select the finance_dept in the Member Class field. Click the Add to create a new policy internet_access.
Page 245
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-13 b. Under Policy Configuration, scroll down to internet_access and select the checkbox for internet_access. Internet_access now appears in the Policy Selector field at the top. Select the test_dept in the Member Class field.
Page 246
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced >Policy Configuration. A screen similar to the following displays. Figure 13-15 b. Click the internet_access whose member class is finance_dept. another screen similar to the following displays.
Page 247
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 13-17 b. Click the internet_access whose member class is marketing_dept. another screen similar to the following displays.
Page 248
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced >Policy Configuration. A screen similar to the following displays. Figure 13-19 b. Click the internet_access whose member class is test_dept. another screen similar to the following displays.
Page 249
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 13-21 b. Click the internet_access whose member class is development_dept. another screen similar to the following displays.
Page 250
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > Advanced >Service Configuration. A screen similar to the following displays. Figure 13-23 b. Scroll down to interface 1/0/1 and select the checkbox for 1/0/1. Scroll down to interface 1/0/2 and select the checkbox for 1/0/2.
Page 251
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-24 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/0/5. 1/0/5 now appears in the Interface field at the top. Select the 1 in the Queue ID field d.
Page 252
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select the 2 in the Queue ID field d. In the Minimum Bandwidth field, enter 25. Click Apply. 17. Set the CoS queue 3 configuration for the interface 1/0/5. From the main menu, select QoS > CoS >Advanced >Interface Queue Configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-27 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/0/5. 1/0/5 now appears in the Interface field at the top. Select the 4 in the Queue ID field d.
Page 254
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Port 1/0/2 Layer 3 Switch operating as Router 1 Port 1/0/3 Internet Layer 3 Switch operating as Router 2 Figure 13-28 CLI: DiffServ for VoIP The following example configures DiffServ VoIP support: Enter Global Config mode.
Page 255
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create a second DiffServ classifier named 'class_ef' and define a single match criterion to detect a DiffServ code point (DSCP) of 'EF' (expedited forwarding). This handles incoming traffic that was previously marked as expedited somewhere in the network.
Page 256
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-29 b. Under Interface Queue Configuration, select all the interfaces. Select 5 in the Queue ID field. d. Select Strict in the Scheduler Type field. Click the Apply to save the settings.
Page 257
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-31 b. In the Class Name, enter class_voip. Select All in the Class Type field. Click Add to create a new class. Click the class_voip, another screen similar to the following displays: Figure 13-32 Select UDP in the Protocol Type field.
Page 258
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced >DiffServ Configuration. A screen similar to the following displays. Figure 13-33 b. In the Class Name, enter class_ef. Select All in the Class Type field.
Page 259
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply to create a new class. 5. Create a policy pol_voip and add class_voip into this policy From the main menu, select QoS > DiffServ> Advanced > Policy Configuration. A screen similar to the following displays.
Page 260
NETGEAR Managed Switches Software Administration Manual, Release 8.0 For the Policy Attribute, click the Mark IP DSCP radio button and select ef in the Mark IP DSCP field. Click Apply to create a new policy. 6. Add class_ef into the policy pol_voip.
Page 261
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 13-38 Select the 5 in the Assign Queue field. Click Apply to create a new policy. 7. Attach the defined policy to the interface 1/0/2 in the inbound direction a. From the main menu, select QoS > DiffServ > Advanced > Service Configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Auto VoIP Configuration The Auto-VoIP feature is intended to provide ease of use for the user in setting up VoIP for IP phones on a switch. This functionality copies VoIP signaling packets to the CPU to get the source and destination IP Address and Layer 4 Port of the current session.
Page 263
NETGEAR Managed Switches Software Administration Manual, Release 8.0 View the Auto VoIP information: (Netgear Switch) # show auto-voip interface all Interface Auto VoIP Mode Traffic Class --------- -------------- ------------- 1/0/1 Enabled 1/0/2 Enabled 1/0/3 Enabled 1/0/4 Enabled 1/0/5 Enabled 1/0/6...
Page 264
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Auto VoIP. A screen similar to the following displays. Figure 13-41 b. Select the check box in the first row to select all the interfaces.
Page 265
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 13-43 Differentiated Services 13-32 v1.0, October 2009...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 DiffServ for IPv6 Configuration Example This feature extends the existing QoS ACL and DiffServ functionality by providing support for IPv6 packet classification. Internet Interface 1/0/3 Interface 1/0/1 GSM73xxS Interface 1/0/2 IPv6 IPv6...
Page 267
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Define matching criteria as protocol ICMPv6. (Netgear Switch) (Config-classmap) # match protocol 58 (Netgear Switch) (Config-classmap) # exit Create the policy policyicmpv6. (Netgear Switch) (Config)# policy-map policyicmpv6 in Associate the previously created class classicmpv6.
Page 268
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. Figure 13-45 b. Enter Class Name as classicmpv6. Select Class Type as All. A screen similar to the following displays.
Page 269
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. Figure 13-48 b. Click the class classicmpv6. A screen similar to the following displays.
Page 270
NETGEAR Managed Switches Software Administration Manual, Release 8.0 For the Protocol Type, select Other and enter 58. A screen similar to the following displays. Figure 13-50 d. Click Apply. At the end of this configuration a screen similar to the following displays.
Page 271
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. Figure 13-52 b. Enter the Policy Name as policyicmpv6. For the Policy Type, select In.
Page 272
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. Figure 13-54 b. Click the Policy policyicmpv6 A screen similar to the following displays.
Page 273
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Assign Queue as 6.. Figure 13-56 d. Click Apply. 5. Attach the policy policyicmpv6 in the interface 1/0/1,1/0/2 and 1/0/3. From the main menu, select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays.
Page 274
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Select Policy Name as policyicmpv6. Click the check box for the interfaces 1/0/1, 1/0/2 and 1/0/3. A screen similar to the following displays. Figure 13-58 d. Click Apply. At the end of this configuration a screen similar to the following displays.
The following example shows how to enable IGMP snooping. (Netgear Switch) #config (Netgear Switch) (Config)#ip igmpsnooping (Netgear Switch) (Config)#ip igmpsnooping interfacemode (Netgear Switch) (Config)#exit Web Interface: Enabling IGMP Snooping To use the Web interface to configure the managed switch, proceed as follows: Configure the IGMP Snooping Configuration.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > Multicast > IGMP Snooping Configuration. A screen similar to the following displays. Figure 14-1 b. Enter the following information in the IGMP Snooping Configuration. Next to the Admin mode field, select the Enable radio button.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) #show igmpsnooping Admin Mode....... Enable Multicast Control Frame Count.... Interfaces Enabled for IGMP Snooping..1/0/10 Vlans enabled for IGMP snooping..Web Interface: Showing igmpsnooping To use the Web interface to configure the managed switch, proceed as follows: Configure the IGMP Snooping Configuration.
Page 279
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring the Switch with an External Multicast Router This example configures the interface as the one the multicast router is attached to. All IGMP packets snooped by the switch will be forwarded to the multicast router reachable from this interface.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure the Switch with a Multicast Router Using VLAN The example is shown as CLI commands and as a Web interface procedure. CLI: Configure the Switch with a Multicast Router Using VLAN This example configures the interface to only forward the snooped IGMP packets that come from VLAN ID (<VLAN Id>) to the multicast router attached to this interface.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Under Multicast Router VLAN Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface. Now 1/0/3 appears in the Interface field at the top. 3. Enter the following information in the Multicast Router VLAN Configuration.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Since the IGMP querier is designed to work with IGMP snooping, it is necessary to enable IGMP snooping when using it.The following figure shows a network application for video streaming service using the IGMP querier feature.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IGMP VLAN Configuration. • In the VLAN ID field, enter 1. • Select Enable in the Query Mode field. • In the Querier Interval field, enter 60.
Chapter 15 Security Management In this chapter, exmples are provided for the following topics: • “Port Security” • “Protected Ports” on page 15-6 • “802.1x Port Security” on page 15-13 • “Create a Guest VLAN” on page 15-20 • “VLAN Assignment via RADIUS” on page 15-26 •...
Page 286
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • When link goes down, all dynamically locked addresses are ‘freed’ • If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets with a MAC address matching the MAC address in the static list •...
Page 287
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-1 b. Under Port Security Configuration, next to the Port Security Mode, select Enable radio button. Click Apply to save the settings. 2. Set dynamic and static limit on the port 1/0/1 From the main menu, select Security >...
Page 288
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Convert the Dynamic Address Learned from 1/0/1 to the Static Address The example is shown as CLI commands and as a Web interface procedure. CLI: Converting the Dynamic Address Learned from 1/0/1 to the Static...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply to save the settings. Create a Static Address The example is shown as CLI commands and as a Web interface procedure. CLI: Creating a Static Address (Netgear Switch) (Interface 1/0/1)#port-security mac-address 00:13:00:01:02:03...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Protected Ports This section describes how to set up protected ports on the switch. Some situations might require that traffic is prevented from being forwarded between any ports at Layer 2 so that one user cannot see the traffic of another user on the same switch.
Page 292
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Step 4: Enable IProuting and configure a default route. (Netgear Switch)(config)#ip routing (Netgear Switch)(config)#ip route 0.0.0.0 0.0.0.0 10.100.5.252 Step 5: Enable a protected port on 1/0/23 and 1/0/24. (Netgear Switch) (Config)#interface 1/0/23...
Page 293
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-6 b. Under DHCP Pool Configuration, enter the following information: • Select Create in the Pool Name field. • In the Pool Name field, enter pool-a. • Select Dynamic in the Type of Binding field.
Page 294
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Add. 2. Configure a VLAN and include ports 1/0/23 and 1/0/24 in the VLAN: From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays.
Page 295
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-8 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 202. • In the IP Address field, enter 10.100.5.34. • In the Network Mask field, enter 255.255.255.0.
Page 296
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-11 b. Under Protected Ports Configuration, Click Unit 1. The ports display. • Click the gray box under ports 23. A flag appears in the box. • Click the gray box under ports 24. A flag appears in the box.
Page 298
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Layer 2 Switch RADIUS Server Layer 2 Switch PC 1 PC 2 Figure 15-12 The following example shows how to authenticate the dot1x users by a RADIUS server. The management IP address is 10.100.5.33/24. The example is shown as CLI commands and as a Web interface procedure.
Page 299
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Netgear Switch) (Config)#radius server key auth 10.100.5.17 Enter secret (16 characters max):123456 Re-enter secret:123456 To configure the shared secret between the RADIUS client and the server. (Netgear Switch) (Config)#radius server msgauth 10.100.5.17 (Netgear Switch) (Config)# radius server primary 10.100.5.17...
Page 300
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-14 b. Under IP Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for that interface. Now 1/0/1 appears in the Interface field at the top. Under the IP Interface Configuration, enter the following information.
Page 301
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Select Enable in the Routing Mode field. d. Click Apply to save the settings. 4. Create an authentication name list. From the main menu, select Security > Management Security > Login> Authentication List. A screen similar to the following displays.
Page 302
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Force Authorized in the Control Mode field. d. Click Apply to save settings. 6. Enable dot1x on the switch. From the main menu, select Security > Port Authentication > Server Configuration. A screen similar to the following displays.
Page 303
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Yes in the Primary Server field. Select Enable in the Message Authenticator field. Click Add. 8. Enable Accounting. From the main menu, select Security > Management Security > RADIUS> Radius Configuration.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Enable in the Accounting Mode field. d. Click Apply. Create a Guest VLAN The Guest VLAN feature allows a switch to provide a distinguished service to dot1x unaware clients (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach external network with no ability to surf internal LAN.
Page 305
NETGEAR Managed Switches Software Administration Manual, Release 8.0 authenticated and associated with the guest VLAN. This ensures that traffic from the client is accepted and switched through the guest vlan.. In this example, dot1x is enabled on all the ports so that all the hosts that are authorized are assigned VLAN 1.
Page 306
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable guest vlan on port 1/0/1 and 1/0/24. (Netgear Switch) #show dot1x detail 1/0/1 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....Idle Quiet Period (secs)......60 Transmit Period (secs)......
Page 307
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-23 b. In the VLAN ID field, enter 2000. Select Static in the VLAN Type field. d. Click Add. 2. Add ports to the VLAN 2000. a. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 308
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Setting force authorized mode on the port 1/0/6 and 1/0/12. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays. Figure 15-25 b. Under Port Authentication, scroll down to interface 1/0/6 and 1/0/12, select the checkbox for that interface.
Page 309
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Next to the Administrative Mode, select the Enable radio button. Click Apply to save settings. 5. Configure dot1x authentication list. From the main menu, select Security > Management Security > Authentication List> Dot1x Authentication List.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. In the Radius Server IP Address field, enter 192.168.0.1. Select Yes in the Secret Configured field. d. In the Secret field, enter 12345. Click Add. Configure the Guest VLAN. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays.
Page 311
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • If the VLAN assignment is enabled in the RADIUS server then as part of the response message the RADIUS server sends the VLAN id the client is supposed to be in the 802.1x tunnel attributes. This attribute indicates the tunneling protocol to be used or the tunneling protocol in use at the authenticator.
Page 312
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create a VLAN 2000 (Netgear Switch) (Config)#dot1x system-auth-control Enable dot1x authentication on the switch. (Netgear Switch) (Config)#aaa authentication dot1x default radius Use the radius as the authenticator. (Netgear Switch) (Config)#authorization network radius Enable the switch to accept VLAN assignment by the radius server.
Page 313
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Force the 1/0/6 to be authorized for it connects to the RADIUS server. (Netgear Switch) #show dot1x detail 1/0/5 Port........... 1/0/5 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....
Page 314
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-31 b. Next to the Current Network Configuration Protocol, select the None Radio button. In the IP Address, enter 192.168.0.5. d. In the Subnet Mask, enter 255.255.255.0. Click Apply. Create VLAN 2000.
Page 315
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Static in the VLAN Type field. d. Click Add. 3. Setting force authorized mode on the port 1/0/6 and 1/0/12. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays.
Page 316
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 15-34 b. Next to the Administrative Mode, select the Enable radio button. Next to the VLAN Assignment Mode, select the Enable radio button. d. Click Apply to save settings. 5. Configure dot1x authentication list.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Management Security > Radius>Server Configuration. A screen similar to the following displays. Figure 15-36 b. In the Radius Server IP Address field, enter 192.168.0.1. Select Yes in the Secret Configured field.
Page 318
NETGEAR Managed Switches Software Administration Manual, Release 8.0 When Dynamic ARP Inspection is enabled, the switch drops ARP packet whose sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database. However it can be overcome through Static mappings.
Page 319
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 320
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. Figure 15-38 b. For the DHCP Snooping Mode, select Enable. Click Apply. At the end of this configuration a screen similar toFigure 15-38 displays.
Page 321
NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the VLAN Configuration table, set DHCP Snooping Mode as Enable. A screen similar to the following displays. Figure 15-40 3. Configure the port through which DHCP server is reached as trusted. Here Interface 1/0/1 is trusted.
Page 322
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 15-42 View the DHCP Snooping Binding table. From the main menu, select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays.
Page 323
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control > Dynamic ARP Inspection > DAI VLAN Configuration. A screen similar to the following displays. Figure 15-44 b. Set the VLAN ID as 1.
Page 324
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 15-46 Now all the ARP packets received on the ports that are member of VLAN are copied to CPU for ARP inspection.
00:11:85:ee:54:e9 Configure ARP ACL used for the VLAN 1. (Netgear Switch) (Config)# ip arp inspection filter ArpFilter vlan 1 Now the ARP packets from the Static client will be through since it has an entry in the ARP ACL ARP packets from the DHCP client is also through since it has DHCP snooping entry.
Page 326
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Add. At the end of this configuration a screen similar to the following displays. Figure 15-48 2. Configure a rule to allow the static client. From the main menu, select Security > Control > Dynamic ARP Inspection > DAI ACL Rule Configuration.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 15-50 DHCP Snooping DHCP Snooping is a security feature that monitors DHCP messages between a DHCP clinet and DHCP server to filter harmful DHCP message and to build a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized.
Page 328
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring DHCP Snooping Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted.
Page 329
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. A screen similar to the one in Figure 15-53 displays. Enable DHCP snooping in a VLAN. From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays.
Page 330
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control > DHCP Snooping Interface Configuration. A screen similar to the following displays. Figure 15-55 b. Select the checkbox for Interface 1/0/1. Select Trust Mode as Enable for Interface 1/0/1.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Figure 15-57 Enter Static Binding into the Binding Database The administrator can also enter the static binding into the binding database. This script in this section shows how to enter the static binding in the binding database.
DHCP snooping brings down the interface. The user must do “no shutdown” on this interface to further work with that port. CLI: Configuring the Maximum Rate of DHCP Messages Control the maximum rate of DHCP messages. (Netgear Switch) (Interface 1/0/2)# ip dhcp snooping limit rate 5 15-48 Security Management v1.0, October 2009...
Page 333
NETGEAR Managed Switches Software Administration Manual, Release 8.0 View the rate configured. (GSM7328S) #show ip dhcp snooping interfaces 1/0/2 Interface Trust State Rate Limit Burst Interval (pps) (seconds) ---------- ------------- ------------- --------------- 1/0/2 Web Interface: Configuring the Maxiumum Rate of DHCP Messages Control the maximum rate of DHCP messages.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 IP Source Guard IP Source Guard uses the DHCP snooping bindings database. When IP Source Guard is enabled, the switch drops incoming packets that do not match a binding in the bindings database. IP Source Guard can be configured to enforce just the source IP address or both the source IP address and source MAC address.
Page 335
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring Dynamic ARP Inspection Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted.
Page 336
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. Figure 15-63 b. Select DHCP Snooping Mode as Enable. Click Apply. At the end of this configuration a screen similar to Figure 15-64 is displayed.
Page 337
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 15-65 Configure the port through which DHCP server is reached as trusted. Here interface 1/0/1 is trusted.
Page 338
NETGEAR Managed Switches Software Administration Manual, Release 8.0 View the DHCP Snooping Binding table. From the main menu, select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Figure 15-68 5. Enable IP Source Guard in the interface 1/0/2.
Page 339
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Add. At the end of this configuration a screen similar to the following displays. Figure 15-70 Security Management 15-55 v1.0, October 2009...
SNTP client implemented over UDP which listens on port 123 Show SNTP (CLI Only) The following are examples of the commands used in the SNTP feature. show sntp (Netgear Switch Routing) #show sntp ? <cr> Press Enter to execute the command. client Display SNTP Client Information.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 show sntp client (Netgear Switch Routing) #show sntp client Client Supported Modes: unicast broadcast SNTP Version: Port: Client Mode: unicast Unicast Poll Interval: Poll Timeout (seconds): Poll Retry: show sntp server (Netgear Switch Routing) #show sntp server Server IP Address: 81.169.155.234...
Page 342
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring SNTP NETGEAR switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
Page 343
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring SNTP To use the Web interface to configure SNTP, proceed as follows: Configure SNTP server From the main menu, select System > Management>Time>SNTP Server Configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 16-2 b. Enter the following information in the SNTP Global Configuration. • Next to the Client Mode, Select the Unicast radio button • In the Time Zone Name field, enter PST •...
Page 345
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Because Netgear may change IP addresses assigned to its time servers, it is best to access a SNTP server by DNS name instead of using a hard-coded IP address. The public time servers available are time-a, time-b, and time-c.
Page 346
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the Version field, enter 4 Click Add. 2. Configure the DNS server. From the main menu, select System > Management>DNS>DNS Configuration. A screen similar to the following displays. Figure 16-4 b.
In this example, the packet takes 16 hops to reach its destination. CLI:Traceroute (Netgear Switch) #traceroute? <ipaddr> Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? <cr> Press Enter to execute the command. <port> Enter port no. (Netgear Switch) #traceroute 216.109.118.74 17-1 v1.0, October 2009...
Page 348
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Tracing route over a maximum of 20 hops 10.254.24.1 40 ms 9 ms 10 ms 10.254.253.1 30 ms 49 ms 21 ms 63.237.23.33 29 ms 10 ms 10 ms 63.144.4.1 39 ms...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 APPLY button, the switch will send three traceroute packets each hop, and the results will be displayed in the result table. b. Enter the following information in the Traceroute. In the IP Address field, enter 216.109.118.74.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 script (Netgear Switch) #script ? apply Applies configuration script to the switch. delete Deletes a configuration script file from the switch. list Lists all configuration script files present on the switch. show Displays the contents of configuration script.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 To create a Pre-Login Banner, follow these steps: On your PC, using Notepad create a banner.txt file that contains the banner to be displayed. Login Banner - Unauthorized access is punishable by law.
Page 353
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The example is shown as CLI commands and as a Web interface procedure. CLI: Specifying the Source (Mirrored) Ports and Destination (Probe) (Netgear Switch)#config (Netgear Switch)(Config)#monitor session 1 mode Enable mirror (Netgear Switch)(Config)#monitor session 1 source interface 1/0/2 Specify the source interface.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Dual Image Traditionally switches contained a single image in the permanent-storage. This image is loaded into memory every time there is a reboot. Dual Image feature allows switches to have two images in the permanent storage.
Page 356
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Download a backup image via tftp. From the main menu, select Maintenance > Download >File Download. A screen similar to the following displays. Figure 17-3 b. Select Archive in the File Type field.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under Dual Image Configuration, scroll down to image 2, select the checkbox for that image. The image2 now appears in the Image name field at the top. Select TRUE in the Active Image field.
Page 358
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: show telnet (Netgear Switch Routing)#show telnet Outbound Telnet Login Timeout (minutes)..5 Maximum Number of Outbound Telnet Sessions..5 Allow New Outbound Telnet Sessions..... Yes CLI: transport output telnet (Netgear Switch Routing) (Config)#lineconfig ? <cr>...
Page 359
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Access > Telnet. A screen similar to the following displays. Figure 17-5 2. Enter the following information in the Outbound Telnet. 3. Next to the Admin Mode, select the Enable radio button.
Page 360
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Access > Telnet. A screen similar to the following displays. Figure 17-6 2. Enter the following information in the Outbound Telnet. • In the Session Timeout field, enter 15.
Chapter 18 Syslog In this chapter, the following examples are provided: • “Show Logging” on page 18-2 • “Show Logging Buffered” on page 18-5 • “Show Logging Traplogs” on page 18-6 • “Show Logging Hosts” on page 18-7 • “Log Port Configuration” on page 18-8 The Syslog feature: •...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Show Logging The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging (Netgear Switch Routing) #show logging Logging Client Local Port CLI Command Logging disabled Console Logging...
Page 363
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the Syslog Configuration. Next to the Admin Status, select the Enable radio button. Click Apply. Configure the Command Log From the main menu, select Monitoring > Logs >Command Log.
Page 364
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 18-4 b. Enter the following information in the Console Log Configuration. Next to the Admin Status, click the Disable radio button. Click Apply. Configure Buffer Logs. From the main menu, select Monitoring > Logs >Buffer Logs. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Enter the following information in the Buffer Logs. Next to the Admin Status, click the Enable radio button. Click Apply. Show Logging Buffered The example is shown as CLI commands and as a Web interface procedure.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 18-6 Show Logging Traplogs The example is shown as CLI commands and as a Web interface procedure. CLI: Showing Logging Traplogs (Netgear Switch Routing) #show logging traplogs <cr> Press Enter to execute the command.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Showing Logging Trap Logs From the main menu, select Monitoring –> Logs->Trap Logs. A screen similar to the following displays. Figure 18-7 Show Logging Hosts The example is shown as CLI commands and as a Web interface procedure.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 18-8 Log Port Configuration The example is shown as CLI commands and as a Web interface procedure. CLI: Logging Port Configuration (Netgear Switch Routing) #config (Netgear Switch Routing) (Config)#logging ? buffered Buffered (In-Memory) Logging Configuration.
Page 369
Press Enter to execute the command. <severitylevel> Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1 ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1...
Chapter 19 Managing Switch Stacks This chapter describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches running Release 4.x.x.x or newer. NETGEAR stackable managed switches include the following models: • FSM7226RS • FSM7250RS • FSM7328S •...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Understanding Switch Stacks A switch stack is a set of up to eight Ethernet switches connected through their stacking ports. One of the switches controls the operation of the stack and is called the stack master. The stack master and the other switches in the stack are stack members.
Page 372
NETGEAR Managed Switches Software Administration Manual, Release 8.0 A standalone switch is a switch stack with one stack member that also operates as the stack master. You can connect one standalone switch to another to create a switch stack containing two stack members, with one of them being the stack master.
Page 373
NETGEAR Managed Switches Software Administration Manual, Release 8.0 use the regular Category 5 Ethernet 8 wire cable. Figure 19-1 Interconnect port 51 ports 51 and 52 as shown port 52 Figure 19-2 Stack Master Election and Re-Election The stack master is elected or re-elected based on one of these factors and in the order listed:...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The switch with the highest stack member priority value Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Switch Stack Offline Configuration You can use the offline configuration feature to preconfigure (supply a configuration to) a new switch before it joins the switch stack. You can configure in advance the stack member number, the switch type, and the interfaces associated with a switch that is not currently part of the stack (see “Preconfiguration”...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Effects of Removing a Preconfigured Switch from a Switch Stack If you remove a preconfigured switch from the switch stack, the configuration associated with the removed stack member remains in the running configuration as configured information. To completely remove the configuration, use the no member unit_number (this is in the stacking configuration mode).
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • You can connect to the stack master through the console port of the stack master only. • You can connect to the stack master by using a Telnet connection to the IP address of the stack.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Stacking Recommendations The purpose of this section is to collect notes on recommended procedures and expected behavior of stacked managed switches. Procedures addressed initially are listed below. • Initial installation and power-up of a stack.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Power on a second unit, making sure it is adjacent (next physical unit in the stack) to the unit already powered up. This will insure the second unit comes up as a member of the stack, and not a “Master” of a separate stack.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Replacing a Stack Member with a New Unit There are two possible situations here. First, if you replace a stack member of a certain model number with another unit of the same model, follow the process below: •...
Page 381
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Renumbering Stack Members To use the Web interface to renumber the stack number, proceed as follows: Renumbering the stacking member’s ID from 3 to 2. From the main menu, select System > Management > Basic > Stack Configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Moving a Master to a Different Unit in the Stack This example is provided as CLI commands and a Web interface procedure. CLI: Moving a Master to a Different Unit in the Stack Using the movemanagement command, move the master to the desired unit number.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click the Apply. Note: If you move a master to a different unit, you may lose the connection to the switch because the IP address may be changed if the switch gets IP address using DHCP.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 4. After a unit type is preconfigured for a specific unit number, attaching a unit with different unit type for this unit number causes the switch to report an error. The show switch command indicates “config mismatch”...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Ports on the added unit should remain in the “detached” state. • A message should appear on the CLI indicating a code mismatch with the newly added unit. • To have the newly added unit to merge normally with the stack, code should be loaded to the newly added unit from the master using the copy command.
The example is shown as CLI commands and as a Web interface procedure. CLI: Adding a New Community (Netgear switch) #config (Netgear switch) (Config)#snmp-server community rw public@4 Web Interface: Adding a New Community To use the Web interface to add a new community, proceed as follows: From the main menu, select System >...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the Client Address field, enter 0.0.0.0. 4. In the Client IP Mask field, enter 0.0.0.0. 5. Select the Read/Write in the Access Mode field. 6. Select the Enable in the Status field.
Configure SNMP V3 The example is shown as CLI commands and as a Web interface procedure. CLI: Configuring SNMP V3 This example shows how to configure SNMP v3 on the NETGEAR switches. (Netgear Switch) #config (Netgear Switch) (Config)#users passwd admin...
Page 389
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Configuring SNMP V3 Change the user password. If you set the authentication mode to md5, you must make the length of password longer than 8 characters. From the main menu, select Security > Management Security > User Configuration >User Management.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Select the admin in the User Name field. Next to Authentication Protocol, click the MD5 radio button. d. Next to the Encryption Protocol, click the DES radio button. In the Encryption Key field, enter 12345678.
Page 391
(Netgear Switch) (Config)# sflow receiver 1 ip 192.168.10.2 Configure the sFlow receiver timeout. Here sFlow samples will be sent to this receiver for the duration of 31536000 seconds. That is approximately one year. (Netgear Switch) (Config)# sflow receiver 1 owner NetMonitor timeout 31536000 SNMP 20-6...
Page 392
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Here the max datagram size is default 1400. It can be modified to a value between 200 to 9116 using the command sflow receiver 1 maxdatagram <size>. (GSM7328S) #show sflow receivers Receiver Owner...
Page 393
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter Receiver Address as 192.168.10.2. A screen similar to the following displays. Figure 20-7 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 20-8 Configure sampling ports sFlow receiver index, sampling rate, sampling max header size.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 20-10 Configure Time-Based Sampling of Counters with sFlow CLI: Configuring Time-Based Sampling of Counters with sFlow Configure sampling ports sFlow receiver index, polling interval.
Page 395
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the Poller Interval as 300. A screen similar to the following displays. Figure 20-11 d. Click Apply. SNMP 20-10 v1.0, October 2009...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 21 In this chapter, the following examples are provided: • “Specify Two DNS Servers” • “Manually Add a Host Name and an IP Address” on page 21-2 This section describes the Domain Name System (DNS) feature. The DNS protocol maps a host name to an IP address, allowing you to replace the IP address with the host name for IP commands such as a ping and a traceroute, and for features such as RADIUS, DHCP Relay, SNTP, SNMP, TFTP, SYSLOG, and UDP Relay.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select System > Management > DNS > DNS Configuration. A screen similar to the following displays. Figure 21-1 2. Under DNS Server Configuration, in the DNS Server field, enter 12.7.210.170.
Page 398
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Manually Adding a Host Name and an IP Address To use the Web interface to manually add a host name and an IP address, proceed as follows: From the main menu, select System > Management > DNS > Host Configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 22 DHCP Server This section describes the DHCP server configuration. When a client sends a request to a DHCP server, the DHCP server assigns the IP address from address pools that are specified on the switch. The network in the DHCP pool must belong to the same subnet.
Page 400
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. Figure 22-1 2. Next to Admin Mode, select the Enable radio button.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 22-2 Under DHCP Pool Configuration, enter the following information: • Select Create in the Pool Name field. • In the Pool Name field, enter pool_dynamic. • Select Dynamic in the Type of Binding field.
Page 402
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring a DHCP Reservation To use the CLI to create a DHCP server with a with a manual pool, enter the following CLI commands: (Netgear Switch)#config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config)#ip dhcp pool pool_manual...
Page 403
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 22-4 5. Under DHCP Pool Configuration, enter the following information: •...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 23 Double VLANs This section describes how to configure the Double VLAN (DVLAN) feature on the switch. A DVLAN is a way to pass traffic of customers who have multiple VLANs from one customer domain to another customer domain.
2 switch connecting all these devices in your domain. The layer 2 switch tags the packet going to the NETGEAR switch port 1/0/24. The example is shown as CLI commands and as a Web interface procedure. The two NETGEAR switches have the same configuration.
Page 406
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. Figure 23-2 b. Under VLAN Configuration, enter the following information and make the following selection: •...
Page 407
NETGEAR Managed Switches Software Administration Manual, Release 8.0 similar to the following displays. Figure 23-3 b. Under VLAN Membership, select 200 in the VLAN ID field. Click Unit 1. The ports display: • Click the gray box under port 24 twice until U displays. The U specifies that the egress packet is untagged for the port.
Page 408
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Change the Port VLAN ID (PVID) of port 24 to 200: From the main menu, select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays.
Page 409
NETGEAR Managed Switches Software Administration Manual, Release 8.0 screen similar to the following displays. Figure 23-5 b. Under DVLAN Configuration, scroll down to interface 1/0/48 and select the chechbox for that interface. Now 1/0/48 appears in the Interface field at the top.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 24 Private VLAN Groups The private VLAN Group allows network administrator to create groups of users within a VLAN that cannot communicate with members in different groups but only within the same group. There are two modes for the private group.
Page 412
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Web Interface: Creating a Private VLAN Group To use the Web interface, proceed as follows: Create a VLAN 200. From the main menu, select Switching > VLAN > Basic > VLAN configuration. A screen similar to the following displays.
Page 413
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. In the VLAN Membership, select 200 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box under port 6 , 7, 16 and 17 until U displays. The U specifies that the egress packet is untagged for the port.
Page 414
NETGEAR Managed Switches Software Administration Manual, Release 8.0 VLAN > Private Group Configuration. A screen similar to the following displays. Figure 24-5 b. In the Group Name field, enter group1. In the Group ID field, enter 1. d. Select community in the Group Mode field.
Page 415
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Traffic Control >Private Group VLAN > Private Group Configuration. A screen similar to the following displays. Figure 24-7 b. In the Group Name field, enter group2.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 25 Spanning Tree Protocol In this chapter, the following examples are provided: • “Configure Classic STP (802.1d)” • “Configure Rapid STP (802.1w)” on page 25-3 • “Configure Multiple STP (802.1s)” on page 25-4 The purpose of spanning tree is to eliminate the loops in the switch system.
Page 417
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > STP > STP Configuration. A screen similar to the following displays. Figure 25-1 b. Enter the following information in the STP Configuration. • Next to the Spanning Tree Admin Mode, select the Enable radio button.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under CST Port Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface. Now 1/0/3 appears in the Interface field at the top. In the CST Port Configuration, select Enable in the Port Mode field.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Next to the Force Protocol Version, select the IEEE 802.1w radio button. Click Apply. 2. Configure CST Port Configuration. From the main menu, select Switching -> STP -> CST Port Configuration. A screen similar to the following displays.
Page 420
(Netgear switch) (Config)# spanning-tree mst vlan 2 12 Associate the mst instance 2 with the VLAN 11 and 12 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 port-priority 128 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 cost 0 Web Interface: Configuring Multiple STP (802.1s) To use the Web interface to configure the managed switch, proceed as follows: Enable 802.1s on the switch.
Page 421
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Next to the Spanning Tree Admin Mode, select the Enable radio button. • Next to the Force Protocol Version, select the IEEE 802.1s radio button. Click Apply. Configure MST Configuration. From the main menu, select Switching > STP > MST Configuration. A screen similar to the following displays.
Page 422
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Configure MST Port. From the main menu, select Switching > STP > MST Port Status. A screen similar to the following displays. Figure 25-7 4. Under MST Port Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 426
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IPv6 >Basic>Global Configuration. A screen similar to the following displays. Figure 26-3 b. Next to the IPv6 Unicast Routing, select the Enable Radio button. Next to the IPv6 Forwarding, select the Enable Radio button.
Page 427
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Create a 6-in-4 tunnel interface. From the main menu, select Routing > IPv6 >Advanced>Tunnel Configuration. A screen similar to the following displays. Figure 26-5 b. Select 0 in Tunnel Id field. Select 6-in-4-configured in the Mode field.
Page 428
NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the IPv6 Prefix field, enter 2000::1. d. In the Length field, enter 64. Select Disable in EUI64 field. Click Add. On GSM7328S_2 To use the Web interface to create a tunnel, proceed as follows: Enable IP routing on the switch.
Page 429
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IPv6 >Basic>Global Configuration. A screen similar to the following displays. Figure 26-8 b. Next to the IPv6 Unicast Routing, select the Enable Radio button. Next to the IPv6 Forwarding, select the Enable Radio button.
Page 430
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IPv6 >Advanced>Tunnel Configuration. A screen similar to the following displays. Figure 26-10 b. Select 0 in the Tunnel Id field. Select 6-in-4-configured in the Mode field.
Page 431
NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the IPv6 Prefix field, enter 2000::2. d. In the Length field, enter 64. Select Disable in the EUI64 field. Click Add. Tunnel 26-9 v1.0, October 2009...
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 27 IPv6 Interface Configuration In this chapter, the following examples are provided: • “Creating an IPv6 Routing Interface” • “Create an IPv6 Network Interface” on page 27-4 • “Create an IPv6 Routing VLAN” on page 27-6...
Page 434
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Next to the IPv6 Forwarding, select the Enable Radio button. d. Click Apply. Enable IPv6 routing on the interface 1/0/1 From the main menu, select Routing > IPv6 >Advanced>Interface Configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Disable in the EUI64 field. Click Add. Create an IPv6 Network Interface The IPv6 network interface is the logical interface used for in-band connectivity with the switch via any of the switch’s front panel ports. The configuration parameters associated with the switch’s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
Page 436
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 27-4 b. Next to the Admin Mode, select the Enable Radio button. In the IPv6 Prefix/Prefix Length field, enter 2001:1::1/64. d. Select False in the EUI64 field. Click Add. 2. Add an IPv6 gateway to the network interface.
Page 439
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. In the VLAN ID field, enter 500. Select Static in the VLAN Type field. d. Click Add. 2. Add ports to the VLAN 500. a. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 440
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under PVID Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. In the PVID Configuration enter 500 in the PVID(1 to 4093) field. d. Click Apply to save the settings.
Page 441
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Click the tag VLANS, then logical VLAN interface 0/4/2 will be displayed. Select the checkbox for 0/4/2, and in the IPv6 Interface Configuration, select Enable in the IPv6 Mode field. d. Click Apply.
Chapter 28 In this chapter, the following examples are provided: • “PIM-DM Configuration” • “PIM-SM Configuration” on page 28-27 Note: The PIM protocol can be configured to operate on IPv4 and IPv6 networks. Separate configuration CLI commands are provided for IPv4 and IPv6 operation; however, most configuration options are common to both protocols.
Page 443
NETGEAR Managed Switches Software Administration Manual, Release 8.0 versions of PIM-DM. Version 2 does not use IGMP messages; instead, it uses a message that is encapsulated in IP packets with protocol number 103. In Version 2, the Hello message is introduced in place of the query message.
Page 444
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring PIM-DM On Switch A Enable IP routing on the switch. (Netgear Switch) #configure (Netgear Switch) (Config)#ip routing Enable pimdm on the switch. (Netgear Switch) (Config)#ip pimdm Enable ip multicast forwarding on the switch.
Page 447
NETGEAR Managed Switches Software Administration Manual, Release 8.0 (C) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ----------- --------- -------- --------- --------------- 192.168.1.1 225.1.1.1 PIMDM 1/0/21 (D) #show ip mcast mroute summary...
Page 448
NETGEAR Managed Switches Software Administration Manual, Release 8.0 similar to the following displays. Figure 28-3 b. Under IP Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. 1/0/1 now appears in the Interface field at the top.
Page 449
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under IP Interface Configuration, scroll down to interface 1/0/9 and select the checkbox for 1/0/9. 1/0/9 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 450
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing >RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-6 b. Select 1/0/1 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 451
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-8 b. Select 1/0/13 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 452
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 28-10 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 453
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. Then select 1/0/9 and 1/0/13. In the PIM-DM Interface Configuration, select Enable in the Admin Mode field.
Page 454
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-13 b. Under IP Interface Configuration, scroll down to interface 1/0/10 and select the checkbox for 1/0/ 10. Now 1/0/10 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 455
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings. Enable rip on the interface 1/0/10. From the main menu, select Routing >RIP >Advanced > Interface Configuration. A screen similar to the following displays.
Page 456
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 28-17 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 457
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-SM->Interface Configuration. A screen similar to the following displays. Figure 28-19 b. Under PIM-SM Interface Configuration, scroll down to interface 1/0/10 and select the checkbox for 1/0/10.
Page 458
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-20 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 459
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 28-22 b. Under IP Interface Configuration, scroll down to interface 1/0/22 and select the checkbox for 1/0/22.
Page 460
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable rip on the interface 1/0/22. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-24 b. Select 1/0/22 in the Interface field.
Page 461
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 28-26 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 462
NETGEAR Managed Switches Software Administration Manual, Release 8.0 On Switch D: To use the Web interface to config PIM-DM, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays.
Page 463
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.2.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings.
Page 464
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-31 b. Under IP Interface Configuration, scroll down to interface 1/0/24 and select the checkbox for 1/0/ 24. 1/0/24 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 465
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-33 b. Select 1/0/22 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 466
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 28-35 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 467
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-DM->Interface Configuration. A screen similar to the following displays. Figure 28-37 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >IGMP->Interface Configuration. A screen similar to the following displays. Figure 28-39 b. Under IGMP Routing Interface Configuration, scroll down to interface 1/0/24and select the checkbox for 1/0/24.
Page 469
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Source IP 192.168.1.1 Port 1/0/13 Port1/0/9 Port 1/0/10 Switch A Switch B Subnet 192.168.3.0/24 Port Port 1/0/1 1/0/11 Port Port 1/0/21 1/0/21 Port 1/0/22 Port 1/0/22 Switch D Switch C Subnet 192.168.6.0/24...
Page 470
NETGEAR Managed Switches Software Administration Manual, Release 8.0 CLI: Configuring PIM-SM On Switch A Enable ip routing on the switch. (Netgear Switch)#configure (Netgear Switch) (Config)#ip routing Enable pim-sm on the switch. (Netgear Switch) (Config)#ip pimsm Enable ip multicast forwarding on the switch.
Page 471
NETGEAR Managed Switches Software Administration Manual, Release 8.0 On Switch B Enable the switch to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR). (Netgear Switch)#configure (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimsm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip pimsm rp-candidate interface 1/0/11 225.1.1.1...
Page 473
NETGEAR Managed Switches Software Administration Manual, Release 8.0 (A) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ----------- --------- --------- --------- --------------- 192.168.1.1 225.1.1.1 PIMSM 1/0/13 1/0/1 (B) #show ip mcast mroute summary...
Page 474
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-41 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/1 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 475
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 28-43 b. Under IP Interface Configuration, scroll down to interface 1/0/9 and select teh checkbox for 1/0/9.
Page 476
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-44 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the checkbox for 1/0/ 13. 1/0/13 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 477
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable rip on the interface 1/0/9. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-46 b. Select 1/0/9 in the Interface field.
Page 478
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 28-48 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 479
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-SM->Interface Configuration. A screen similar to the following displays. Figure 28-50 b. Under PIM-SM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 480
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-51 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/10 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 481
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 28-53 b. Under IP Interface Configuration, scroll down to interface 1/0/11 and select the checkbox for 1/0/ 11.
Page 482
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable rip on the interface 1/0/11. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-55 b. Select 1/0/11 in the Interface field.
Page 483
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 28-57 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 484
NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the PIM-SM Interface Configuration, select Enable in the Admin Mode field. d. Click Apply to save the settings. Candidate RP Configuration. From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays.
Page 485
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-60 b. Select the 1/0/10 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 7. Click Apply. On Switch C: To use the Web interface to config PIM-SM, proceed as follows: Enable IP routing on the switch.
Page 486
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-61 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 487
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 28-63 b. Under IP Interface Configuration, scroll down to interface 1/0/22 and select the checkbox for 1/0/ 22.
Page 488
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable rip on the interface 1/0/22. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-65 b. Select 1/0/22 in the Interface field.
Page 489
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 28-67 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 490
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays. Figure 28-69 b. Select 1/0/22 in the Interface field. In the Group IP, enter 225.1.1.1.
Page 491
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-70 b. Select the 1/0/21 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 5. Click Apply. On Switch D: To use the Web interface to config PIM-SM, proceed as follows: Enable IP routing on the switch.
Page 492
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-71 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 493
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 28-73 b. Under IP Interface Configuration, scroll down to interface 1/0/22and select the checkbox for 1/0/ 22.
Page 494
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.4.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings.
Page 495
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply. Enable rip on the interface 1/0/24. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 28-77 b. Select 1/0/24 in the Interface field.
Page 496
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable PIM-SM globally. From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 28-79 b. Next to the Admin Mode, select the Enable radio button.
Page 497
NETGEAR Managed Switches Software Administration Manual, Release 8.0 11. Candidate RP Configuration. From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays. Figure 28-81 b. Select 1/0/22 in the Interface field. In the Group IP, enter 225.1.1.1.
Page 498
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 28-82 b. Select 1/0/22 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 3. Click Apply. 13. Enable IGMP globally. From the main menu, select Routing > Multicast >IGMP->Global Configuration. A screen similar to the following displays.
Page 499
NETGEAR Managed Switches Software Administration Manual, Release 8.0 14. Enable IGMP on the interface 1/0/24. From the main menu, select Routing > Multicast >IGMP->Interface Configuration. A screen similar to the following displays. Figure 28-84 b. Under IGMP Routing Interface Configuration, scroll down to interface 1/0/24and select the checkbox for 1/0/24.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 29 DHCP L2 Relay DHCP Relay Agents eliminate the necessity of having a DHCP server on each physical network. Relay Agents populate the giaddr field and also append the Relay Agent Information option to the DHCP messages.
Page 502
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Trust packets with option 82 received on port 1/0/6. (Netgear Switch) (Interface 1/0/6)# dhcp l2relay trust (Netgear Switch) (Interface 1/0/6)# vlan pvid 200 (Netgear Switch) (Interface 1/0/6)# vlan participation include 200 (Netgear Switch) (Interface 1/0/6)# exit...
Page 503
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 29-3 b. Select 200 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box under port 4, port 5 and port 6 until U displays. The U specifies that the egress packet is untagged for the port.
Page 504
NETGEAR Managed Switches Software Administration Manual, Release 8.0 d. Click Apply to save the settings. 4. Enable DHCP L2 Relay on VLAN 200. From the main menu, select System > Services> DHCP L2 Relay > DHCP L2 Relay Configuration. A screen similar to the following displays.
Page 505
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 29-6 b. Under DHCP L2 Relay Configuration, scroll down to interface 1/0/4 and select the 1/0/4 checkbox. Next select the checkboxes for 1/0/5 and 1/0/6. Select Enable in the Admin Mode field.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 30 In this chapter, the following examples are provided: • “Configure MLD” on page 32-2 • “MLD Snooping” on page 32-5 Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover the presence of multicast listeners, the nodes who wish to receive the multicast data packets, on its directly-attached interfaces.
Page 507
NETGEAR Managed Switches Software Administration Manual, Release 8.0 IPv6 multicast source 2001:2::/65 Port 1/0/13 Switch A Port 1/0/1 2001:1::/64 Port 1/0/21 Switch B Port 1/0/24 2001:3::/64 Host Figure 30-1 CLI: Configuring MLD On Switch A (Netgear Switch)#configure (Netgear Switch) (Config)#ipv6 router ospf (Netgear Switch) (Config-rtr)#router-id 1.1.1.1...
Page 510
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 30-2 b. Next to the Routing Mode, select the Enable radio button. Click Apply.
Page 511
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Interface Configuration. A screen similar to the following displays. Figure 30-4 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/ 1.
Page 512
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 30-5 b. Under IPv6 Interface Selection, select 1/0/1 in the Interface field.
Page 513
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 30-6 b. Under IPv6 Interface Selection, select the 1/0/13 in the Interface field.
Page 514
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable OSPFv3 on the interface 1/0/1 and 1/0/13. From the main menu, select Routing > OSPFv3 >Advanced > Interface Configuration. A screen similar to the following displays. Figure 30-8 b. Under OSPFv3 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 515
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-DM globally. From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays.
Page 516
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-DM->Interface Configuration. A screen similar to the following displays. Figure 30-11 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 517
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 30-12 b. Next to the Routing Mode, select the Enable radio button. Click Apply.
Page 518
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Interface Configuration. A screen similar to the following displays. Figure 30-14 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
Page 519
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 30-15 b. Under IPv6 Interface Selection, select 1/0/21 in the Interface field.
Page 520
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 30-16 b. Under IPv6 Interface Selection, select 1/0/24 in the Interface field.
Page 521
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable OSPFv3 on the interface 1/0/21 and 1/0/24. From the main menu, select Routing > OSPFv3 >Advanced > Interface Configuration. A screen similar to the following displays. Figure 30-18 b. Under OSPFv3 Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
Page 522
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 30-20 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 523
NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the PIM-DM Interface Configuration, select Enable in the Admin Mode field. d. Click Apply to save the settings. 11. Enable MLD on the switch. From the main menu, select Routing >Multicast >MLD >Global configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 In the MLD Routing Interface Configuration, select Enable in the Admin Mode field. d. Click Apply. MLD Snooping In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast address.
Page 526
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays. Figure 30-24 b. In the VLAN Configuration, VLAN ID field, enter 300 Click Add.
Page 527
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply 3. Assign PVID to port 1/0/1 and 1/0/24. a. From the main menu, select Switching > VLAN> Advanced > Port PVID Configuraton. A screen similar to the following displays. Figure 30-26 b.
Page 528
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Click Apply. Enable MLD Snooping on the VLAN 300. From the main menu, select Routing > Multicast >MLD Snooping > MLD VLAN Configuration. A screen similar to the following displays. Figure 30-28 b.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 31 DVMRP The Distance Vector Multicast Routing Protocol (DVMRP) is used for multicasting over IP networks without routing protocols to support multicast. The DVMRP is based on the RIP protocol but more complicated than RIP.
Page 530
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Multicast Resource 192.168.1.0/24 192.168.4.0/24 Switch A 1/0/1 1/0/13 1/0/21 1/0/13 Switch B 1/0/20 Host 1/0/11 1/0/24 1/0/3 Switch C 192.168.5.0/24 192.168.4.0/24 Figure 31-1 CLI: Configuring DVMRP On Switch A: Create routing interface 1/0/1,1/0/13 and 1/0/21.
Page 531
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable DVMRP protocol on the switch. (Netgear Switch) (Config)#ip dvmrp Enable DVMRP mode on the interface 1/0/1,1/0/13 and 1/0/21. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#ip dvmrp (Netgear Switch) (Interface 1/0/1)#exit...
Page 532
NETGEAR Managed Switches Software Administration Manual, Release 8.0 On Switch B Create the routing port 1/0/13 and 1/0/20. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface 1/0/13)#ip address 192.168.2.2 255.255.255.0...
Page 533
NETGEAR Managed Switches Software Administration Manual, Release 8.0 (Netgear Switch) #show ip dvmrp neighbor Interface ........1/0/13 Neighbor IP Address ......192.168.2.1 State ......... Active Up Time (hh:mm:ss) ......00:02:26 Expiry Time (hh:mm:ss) ......00:00:20 Generation ID ......... 88091 Major Version ......... 3 Minor Version .........
Page 535
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable IGMP mode on the interface 1/0/24. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch) #show ip dvmrp neighbor Interface ........1/0/11 Neighbor IP Address ......192.168.3.2 State .........
Page 536
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 31-2 b. Next to the Routing Mode, select the Enable radio button.
Page 537
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • Select Enable in the Routing Mode field. d. Click Apply to save the settings. 3. Configure 1/0/13 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 538
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 31-5 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the checkbox for 1/0/ 13.
Page 539
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable DVMRP on the switch. From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays.
Page 540
NETGEAR Managed Switches Software Administration Manual, Release 8.0 b. Under DVMRP Interface Configuration, scroll down to interface 1/0/1 and select the 1/0/1 checkbox. Select the 1/0/13 checkbox and the 1/0/21 checkbox. Select Enable in the Interface Mode field. d. Click Apply to save the settings.
Page 541
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 31-10 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the 1/0/13 checkbox.
Page 542
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.4.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings.
Page 543
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays. Figure 31-13 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 544
NETGEAR Managed Switches Software Administration Manual, Release 8.0 On Switch C: To use the Web interface to config DVMRP, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays.
Page 545
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings. 3. Configure 1/0/3 as a routing port and assign IP address to it.
Page 546
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Figure 31-18 b. Under IP Interface Configuration, scroll down to interface 1/0/24 and select the 1/0/24 checkbox. Now 1/0/24 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 547
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays. Figure 31-20 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 548
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Select Enable in the Interface Mode field. d. Click Apply to save the settings. 8. Enable IGMP on the switch. From the main menu, select Routing > Multicast >IGMP>Global Configuration. A screen similar to the following displays.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 The clients connecting to the Captive Portal interface have three states; the "Unknown State", the "Unauthenticated State", and the "Authenticated" state. In the unknown state the CP doesn't redirect HTTP/ S traffic to the switch, but instead asks the switch whether the client is authenticated or unauthenticated. In the Unauthenticated state the CP directs the HTTP/S traffic to the switch so that the client can authenticate with the switch.
Page 551
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Enable captive portal instance 1 on port 1/0/1. (Netgear Switch) (Config-CP 1)#interface 1/0/1 Web Interface: Enabling Captive Portal To use the Web interface to configure the Captive Portal, proceed as follows: Enable Captive Portal on the switch.
Page 552
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control >Captive Portal> CP Configuration. A screen similar to the following displays. Figure 32-2 b. Under Captive Portal Configuration, scroll down to CP ID 1 and select the CP 1 checkbox. Now CP 1appears in the CP ID field at the top.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Client Access, Authentication, and Control User verification can be configured to allow access for guest users; users that do not have assigned user names and passwords. User verification can also be configured to allow access for authenticated users.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Local Authorization User/Group Configuration When using Local authentication, the administrator provides user identities for Captive Portal by adding unique user names and passwords to the Local User Database. This configuration is global to the captive portal component and can contain up to 128 user entries (a RADIUS server should be used if more users are required).
Page 555
NETGEAR Managed Switches Software Administration Manual, Release 8.0 From the main menu, select Security > Control >Captive Portal > CP Group Configuration. A screen similar to the following displays. Figure 32-5 b. Enter the following information in the CP Group Configuration.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 • In the User ID Field, enter 2. • In the User Name field, enter user1. • In the Password field, enter 12345678. • In the Confirm Password field, enter 12345678. •...
Page 557
NETGEAR Managed Switches Software Administration Manual, Release 8.0 Table 32-1. RADIUS Attributes for Configuring Captive Portal Users (continued) RADIUS Attribute No. Description Range Usage Default WISPr-Max- 14122, Maximum client transmit rate (b/s). Integer Optional Bandwidth-Up Limits the bandwidth at which the client can send data into the network.
NETGEAR Managed Switches Software Administration Manual, Release 8.0 SSL Certificates A Captive Portal instance can be configured to use the HTTPS protocol during its user verification process. The connection method for HTTPS uses the Secure Sockets Layer (SSL) protocol which requires a certificate to provide encryption.