Summary of Contents for NETGEAR GSM7252PS - ProSafe 52 Ports Gigabit Ethernet L2 Managed Stackable Switch
Page 1
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10515-03 June 2010 v1.0...
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Contents About This Manual Chapter 1 Virtual LANs Create Two VLANs ......................1-2 Assign Ports to VLAN2 ....................1-4 Assign Ports to VLAN3 ....................1-5 Assign VLAN3 as the Default VLAN for Port 1/0/2 ............1-7 Creating a MAC-based VLAN ..................1-8 Create a Protocol-Based VLAN ..................1-12 Virtual VLANs: Create an IP Subnet Based VLAN ............1-15 Voice VLAN ........................1-19 Chapter 2 Link Aggregation...
Page 4
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 VLAN Routing RIP Configuration ...................5-8 Chapter 6 OSPF Configure an Inter-Area Router ..................6-2 Configure OSPF on a Border Router ................6-8 Configure Area 1 as a Stub Area ..................6-15 Configure Area 1 as a nssa Area .................6-24 VLAN Routing OSPF Configuration ................6-35 OSPFv3 (Open Shortest Path First) ................6-40 Chapter 7 Proxy Address Resolution Protocol (ARP)
Page 5
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 DiffServ for VoIP Configuration ..................11-20 Auto VoIP Configuration .....................11-29 DiffServ for IPv6 Configuration Example ..............11-33 Color Conform Policy Configuration ................11-41 Chapter 12 IGMP Snooping and Querier Enable IGMP Snooping ....................12-1 Show igmpsnooping .....................12-2 Show mac-address-table igmpsnooping ..............12-3 Configure the Switch with an External Multicast Router ..........12-4 Configure the Switch with a Multicast Router Using VLAN ..........12-5...
Page 6
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Port Mirroring ........................15-6 Dual Image ........................15-8 Outbound Telnet ......................15-11 Chapter 16 Syslog Show Logging .......................16-2 Show Logging Buffered ....................16-5 Show Logging Traplogs ....................16-6 Show Logging Hosts .....................16-7 Log Port Configuration ....................16-8 Chapter 17 Managing Switch Stacks Understanding Switch Stacks ..................17-2 Switch Stack Software Compatibility Recommendations ..........17-7...
Page 7
Configure a DHCP L3 Relay ..................28-6 Chapter 29 MLD Configure MLD ......................29-1 MLD Snooping ......................29-19 Chapter 30 DVMRP Configure DVMRP on a NETGEAR Switch ..............30-1 Chapter 31 Captive Portal Captive Portal Configuration ..................31-2 Enable Captive Portal ....................31-2 Client Access, Authentication, and Control ..............31-5...
Page 8
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Block a Captive Portal Instance ..................31-5 Local Authorization User/Group Configuration .............31-6 Remote Authorization (RADIUS) User Configuration ...........31-8 SSL Certificates ......................31-10 Index v1.0, June 2010...
Software Setup Guide • NETGEAR CLI Reference for the Prosafe 7X00 Series Managed Switch. Refer to the Command Line Reference for information for the command structure. There are three documents in this series; choose the appropriate one for your product.
Page 10
Chapter 1 Virtual LANs In this chapter, the following examples are provided: • “Create Two VLANs” on page 1-2 • “Assign Ports to VLAN2” on page 1-4 • “Assign Ports to VLAN3” on page 1-5 • “Assign VLAN3 as the Default VLAN for Port 1/0/2” on page 1-7 •...
The example is shown as CLI commands and as a Web interface procedure. CLI: Creating Two VLANS Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan 3 (Netgear Switch) (Vlan)#exit...
Page 12
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create VLAN 2. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays. Figure 1-2 b. Enter the following information in the VLAN Configuration. •...
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#vlan port tagging all 2 (Netgear Switch) (Config)# Web Interface: Assigning Ports to VLAN2 To use the Web interface to configure the managed switch, proceed as follows: 1.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click the Unit 1. The Ports display. d. Click the gray box under port 1 and 2 until T displays. The T specifies that the egress packet is tagged for the port. Click Apply Specify that only tagged frames will be accepted on port 1/0/1 and 1/0/2.
CLI: Assigning VLAN3 as the Default VLAN for Port 1/0/2 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#vlan pvid 3 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Assigning VLAN3 as the Default VLAN for Port 1/0/2 To use the Web interface to configure the managed switch, proceed as follows: 1.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 1-8 b. Under PVID Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 18
(Netgear Switch)(Vlan)#vlan 3 (Netgear Switch)(Vlan)#exit Add the port 1/0/23 to the VLAN 3. (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/23 (Netgear Switch)(Interface 1/0/23)#vlan participation include 3 (Netgear Switch)(Interface 1/0/23)#vlan pvid 3 (Netgear Switch)(Interface 1/0/23)#exit Map the MAC 00:00:0A:00:00:02 to the VLAN 3. (Netgear Switch)(Config)#exit...
Page 19
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface Procedure: Assigning a MAC-Based VLAN To use the Web interface to configure the managed switch, proceed as follows: Create VLAN 3. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays.
Page 20
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Select 3 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box before the Unit 1until U displays. Click Apply Assign VPID 3 to the port 1/0/23. From the main menu, select Switching >...
Create a vlan protocol group vlan_ipx based on IPX protocol. (Netgear Switch)#config (Netgear Switch)(Config)#vlan protocol group vlan_ipx (Netgear Switch)(Config)#vlan protocol group add protocol 1 ipx Create a vlan protocol group vlan_ipx based on IP/ARP protocol. (Netgear Switch)(Config)#vlan protocol group vlan_ip...
Page 22
Enable protocol vlan group 1 and 2 on the interface. (Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 2 (Netgear Switch)(Interface 1/0/11)#exit Web Interface: Creating a Protocol-based VLAN To use the Web interface to configure the managed switch, proceed as follows: Create protocol based VLAN group vlan_ipx.
Page 23
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Advanced > Protocol Based VLAN Group Configuration. A screen similar to the following displays. Figure 1-15 b. Enter the following information in the Protocol Based VLAN Group Configuration. •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Advanced > Protocol Based VLAN Group Membership. A screen similar to the following displays Figure 1-17 b. Select the 2 in the Group ID field. Click on the gray box under port 11.
Page 25
Figure 1-18 CLI: Creating an IP Subnet Based VLAN (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#vlan association subnet 10.100.0.0 255.255.0.0 2000 (Netgear Switch) (Vlan)#exit Create an IP subnet based VLAN 2000. (Netgear Switch) #config (Netgear Switch) (Config)#interface range 1/0/1-1/0/24...
Page 26
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Creating an IP Subnet Based VLAN To use the Web interface to configure the IP subnet based VLAN, proceed as follows: Create VLAN 2000. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays.
Page 27
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays. Figure 1-20 b. Select 2000 in the VLAN ID field. Click the Unit 1. The Ports display. d.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Voice VLAN The voice VLAN feature enables switch ports to carry voice traffic with defined priority so as to enable separation of voice and data traffic coming onto the port. Voice VLAN is to ensure that sound quality of an IP phone could be safeguarded from deteriorating when the data traffic on the port is high.
Page 29
Configure Voice VLAN globally. (Netgear Switch) (Config)# voice vlan Configure Voice VLAN Mode in the interfce 1/0/2. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#voice vlan 10 (Netgear Switch) (Interface 1/0/2)#exit Create the DiffServ Class ClassVoiceVLAN. (Netgear Switch) (Config)#class-map match-all ClassVoiceVLAN Configure matching criteria for the class as VLAN 10.
Page 30
(Netgear Switch) (Config-policy-classmap)#exit Assign it to the interfaces 1/0/1 and 1/0/2. (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)# service-policy in PolicyVoiceVLAN Web Interface: Voice VLAN and Prioritizing Voice Traffic Create VLAN 10. From the main menu, select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays.
Page 31
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Add. At the end of this configuration a screen similar to the following displays. Figure 1-24 2. Include the ports 1/0/1 and 1/0/2 in the VLAN 10. From the main menu, select Switching > VLAN > Advanced -> VLAN Membership. A screen similar to the following displays.
Page 32
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Port 1 and Port 2 as Tagged. A screen similar to the following displays. Figure 1-26 d. Click Apply. Configure Voice VLAN globally. From the main menu, select Switching > VLAN > Advanced > Voice VLAN Configuration. A screen similar to the following displays.
Page 33
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. A screen similar to the following displays. Figure 1-28 Configure Voice VLAN Mode in the interface 1/0/2. From the main menu, select Switching > VLAN > Advanced -> Voice VLAN Configuration. b.
Page 34
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > Advanced > Class Configuration. A screen similar to the following displays. Figure 1-30 b. Enter Class Name as ClassVoiceVLAN. Select Class Type as All. A screen similar to the following displays. Figure 1-31 d.
Page 35
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Click the class ClassVoiceVLAN. A screen similar to the following displays. Figure 1-33 In the DiffServ Class Configuration table, select VLAN. d. Enter VLAN ID as 10. A screen similar to the following displays. Figure 1-34 Click Apply.
Page 36
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > Advanced > Policy Configuration. A screen similar to the following displays. Figure 1-36 b. Enter Policy Name as PolicyVoiceVLAN. Select Policy Type as In. d.
Page 37
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > Advanced > Policy Configuration. A screen similar to the following displays. Figure 1-38 b. Click the Policy PolicyVoiceVLAN. A screen similar to the following displays. Figure 1-39 1-28 Virtual LANs...
Page 38
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Assign Queue as 3. A screen similar to the following displays. Figure 1-40 d. Click Apply. 9. Assign it to the interfaces 1/0/1 and 1/0/2. From the main menu, select QoS > Advanced > Service Interface Configuration. A screen similar to the following displays.
Page 39
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Policy Name as PolicyVoiceVLAN. A screen similar to the following displays. Figure 1-42 d. Click Apply. A screen similar to the following displays. Figure 1-43 1-30 Virtual LANs v1.0, June 2010...
Page 40
Chapter 2 Link Aggregation This chapter includes instructions for configuring Link Aggregation (LAG). The following examples are provided: • “Create Two LAGs” on page 2-2 • “Add the Ports to the LAGs” on page 2-3 • “Enable Both LAGs” on page 2-5 Link Aggregation (LAG) allows the switch to treat multiple physical links between two end-points as a single logical link.
Subnet 3 Figure 2-1 CLI: Creating Two LAGs (Netgear Switch) #config (Netgear Switch) (Config)#port-channel lag_10 (Netgear Switch) (Config)#port-channel lag_20 (Netgear Switch) (Config)#exit Use the show port-channel all command to show the logical interface ids you will use to identify the LAGs in subsequent commands.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Creating Two LAGs To use the Web interface to configure the managed switch, proceed as follows: Create LAG lag_10. From the main menu, select Switching > LAG >LAG Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply to save the settings. 2. Add ports to the lag_20. From the main menu, select Switching > LAG >LAG Membership. A screen similar to the following displays. Figure 2-5 b.
Page 45
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Enabling Both LAGs To use the Web interface to configure the switch, proceed as follows: From the main menu, select Switching > LAG >LAG Configuration. A screen similar to the following displays.
Chapter 3 Port Routing In this chapter, the following examples are provided: • “Enable Routing for the Switch” on page 3-2 • “Enable Routing for Ports on the Switch” on page 3-3 • “Adding a Default Route” on page 3-6 •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • IP Forwarding, responsible for forwarding received IP packets. • ARP Mapping, responsible for maintaining the ARP Table used to correlate IP and MAC addresses. The table contains both static entries and entries dynamically updated based on information in received ARP frames.
Use the following command to enable routing for the switch. Execution of the command enables IP forwarding by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Web Interface: Enabling Routing for the Switch To use the Web interface to configure the managed switch, proceed as follows: From the main menu, select Routing >...
Page 50
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the IP Address field, enter 192.150.2.1. • In the Subnet Mask field, enter 255.255.255.0. • Select Enable in Routing Mode field. d. Click Apply to save the settings. 2. Assign IP address 192.150.3.1/24 to the interface 1/0/3. From the main menu, select Routing >...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 3-5 b. Under IP Interface Configuration, scroll down to interface 1/0/5 and select the checkbox for that interface.
Page 52
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 CLI: Add a Default Route (FSM7338S) (Config) #ip route default ? <nexthopip> Enter the IP Address of the next router. (FSM7328S) (Config)#ip route default 10.10.10.2 Note that IP subnet “10.10.10.0” should be configured via either Port Routing Configuration example either or VLAN Routing Configuration in the next chapter.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Adding a Static Route If your network switch has multiple routing interface that would allow different forwarding path to be taken for reaching the same destination, it may make sense to create static route to force the packet to take certain route (port) instead of the default route.
Page 54
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Static in the Route Type field. Enter Network Address field. Noted this field is expecting a network IP address, not a host IP address. Do not put down something like “10,100.100.1”. The last number should always be zero. Enter Subnet Mask that matches the subnet range desired.
Chapter 4 VLAN Routing In this chapter, the following examples are provided: • “Create Two VLANs” • “Set Up VLAN Routing for the VLANs and the Switch” on page 4-6 • “Click Add to save the settings.” on page 4-8 You can configure the 7000 Series Managed Switch with some ports supporting VLANs and some supporting routing.
Page 57
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Creating Two VLANs To use the Web interface to configure the managed switch, proceed as follows: Create VLAN 10, VLAN20. From the main menu, select Switching > VLAN >Advanced > VLAN configuration. A screen similar to the following displays.
Page 58
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 h. In the VLAN Name field, enter VLAN20. Select Static in the VLAN Type field. Click Add. 2. Add ports to the VLAN10 and VLAN20. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 59
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select 20 in the VLAN ID field. h. Click the Unit 1. The Ports display. Click the gray box under port 3 until T displays. The T specifies that the egress packet is tagged for the port.
CLI: Setting Up VLAN Routing for the VLANs and the Switch The following code sequence shows how to enable routing for the VLANs: (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan routing 10 (Netgear Switch) (Vlan)#vlan routing 20 (Netgear Switch) (Vlan)#exit This returns the logical interface IDs that will be used instead of slot/port in subsequent routing commands.
Page 61
The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface-vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface-vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface-vlan 20)#ip address 192.150.4.1 255.255.255.0...
Page 62
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > VLAN> VLAN Routing > VLAN Routing Configuration. A screen similar to the following displays. Figure 4-9 Under the VLAN Routing Configuration, enter the following information. •...
Page 63
Chapter 5 Routing Information Protocol In this chapter, the following examples are provided: • “Enable Routing for the Switch” on page 5-2 • “Enable Routing for Ports” on page 5-3 • “Enable RIP for the Switch” on page 5-5 • “Enable RIP for Ports 1/0/2 and 1/0/3”...
CLI: Enabling Routing for the Switch The following sequence enables routing for the switch: (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Web Configuration: Enabling Routing for the Switch To use the Web interface to configure the managed switch, proceed as follows: Routing Information Protocol v1.0, June 2010...
Page 66
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 5-3 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 5-4 b. Under IP Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > RIP > Advanced>RIP Configuration. A screen similar to the following displays. Figure 5-7 Under the Interface Configuration, enter the following information. • Select 1/0/3 in the Interface field. •...
Page 71
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • RIPv2 defined in RFC 1723 – Route specification is extended to include subnet mask and gateway – The routing table is sent to a multicast address, reducing network traffic – An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP.
Page 73
Enable RIP for the VLAN router ports. Authentication will default to none, and no default route entry will be created. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip rip (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20...
Page 74
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 5-10 b. Enter the following information in the VLAN Routing Wizard: •...
Page 75
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > RIP > Advanced>RIP Configuration. A screen similar to the following displays. Figure 5-12 b. Under the Interface Configuration, enter the following information. • Select 0/2/1 in the Interface field. •...
Page 76
Chapter 6 OSPF In this chapter, the following examples are provided: • “Configure an Inter-Area Router” on page 6-2 • “Configure OSPF on a Border Router” on page 6-8 • “Configure Area 1 as a Stub Area” on page 6-15 •...
Page 79
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable IP routing on the switch: From the main menu, select Routing > IP > IP Configuration. A screen similar to the following displays. Figure 6-2 b. Next to the Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 80
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply to save the settings. 3. Assign IP address 192.150.3.1 to the port 1/0/3: From the main menu, select Routing > IP > Advanced> IP Interface Configuration. A screen similar to the following displays.
Page 81
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > OSPF > Advanced> OSPF Configuration. A screen similar to the following displays. Figure 6-5 b. Under the OSPF Configuration, enter the following information: • In the Router ID, enter 192.150.9.9.
Page 82
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 6-6 b. Under Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
The example is shown as CLI commands and as a Web interface procedure. For an OSPF example network, Figure 6-1 on page 6-2. CLI: Configuring OSPF on a Border Router Enable routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing OSPF v1.0, June 2010...
Page 86
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-9 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 87
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IP Interface Configuration: • In the IP Address field, enter 192.130.3.1. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field. d.
Page 88
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-12 b. Under the OSPF Configuration, enter the following information: • In the Router ID, enter 192.130.1.1. • Select the Enable in the OSPF Admin Mode field. • Select the Disable in the RFC 1583 Compatibility field. Click Apply to save the settings.
Page 89
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2. •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-15 b. Under Interface Configuration, scroll down to interface 1/0/4 and select the checkbox for that interface. Now 1/0/4 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2. •...
Page 91
Configure the area 0.0.0.1 as a stub area (Netgear Switch) (Config-router)#area 0.0.0.1 stub Switch A only inject a default route to the area 0.0.0.1. (Netgear Switch) (Config-router)#no area 0.0.0.1 stub summarylsa (Netgear Switch) (Config-router)#exit Enable OSPF area 0 on the 2/0/11.
Page 92
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State ---------------- ----------- ------------------- --------- 4.4.4.4 192.168.10.2 2/0/11 Full 2.2.2.2 192.168.20.2 2/0/19 Full (Netgear Switch) #show ip route Total Number of Routes......
Page 93
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-18 b. Under IP Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 94
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the IP Address field, enter 192.168.20.1. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field. d. Click Apply to save the settings. Specify the Router ID and Enable OSPF for the switch.
Page 95
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.0. •...
Page 97
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring Area 1 as a Stub Area on A2 To use the Web interface to configure OSPF on the switch, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >...
Page 98
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Select Enable in the Admin Mode field. d. Click Apply to save the settings. Specify the Router ID and Enable OSPF for the switch From the main menu, select Routing > OSPF > Basic> OSPF Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply to save the settings. Configure area 0.0.0.1 as a stub area. From the main menu, select Routing > OSPF > Advanced> Stub Area Configuration. A screen similar to the following displays. Figure 6-28 b.
Page 101
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Interface 2/0/19)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......2 Network Subnet Next Hop Next Hop Address Mask Protocol Intf IP Address --------------- --------------- ------------...
Page 102
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-31 b. Under IP Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 103
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the IP Address field, enter 192.168.20.1. • In the Subnet Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field. d. Click Apply to save the settings. Specify the Router ID and Enable OSPF for the switch.
Page 104
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.0. •...
Page 106
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Interface 1/0/15)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......6 Network Subnet Next Hop Next Hop Address Mask Protocol Intf IP Address --------------- --------------- ------------...
Page 107
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-38 b. Under IP Interface Configuration, scroll down to interface 1/0/11 and select the checkbox for that interface. Now 1/0/11 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 108
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IP Interface Configuration: • In the IP Address field, enter 192.168.20.2. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Routing Mode field. d.
Page 109
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable OSPF on the port 1/0/15. From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 6-42 b. Under IP Interface Configuration, scroll down to interface 1/0/15 and select the checkbox for that interface.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Redistribute the RIP routes into the OSPF area. From the main menu, select Routing > OSPF > Advanced>Route Redistribution. A screen similar to the following displays. Figure 6-44 b. In the Route Redistribution, select RIP in the Available Source field. Click Add to add a route redistribution.
Page 113
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Enter the following information in the VLAN Routing Wizard. • In the Vlan ID field, enter 10. • In the IP Address field, enter 192.150.3.1. • In the Network Mask field, enter 255.255.255.0. Click Unit 1.
Page 114
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-47 b. Next to the OSPF Admin Mode, select Enable Radio button. Enter 192.150.9.9 in the Router ID filed. d. Click Apply to save the setting. Enable OSPF on the VLAN 10. From the main menu, select Routing >...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable OSPF on the VLAN 20. From the main menu, select Routing > OSPF > Advanced>Interface Configuration. A screen similar to the following displays. Figure 6-49 b. Under the Interface Configuration, click the VLANS to show all the VLAN interfaces. Under IP Interface Configuration, scroll down to interface 0/2/2 and select the checkbox for that interface.
Page 116
(Netgear Switch) (Config-rtr)#exit Enable routing mode on the interface 1/0/1 and assign 2000::1 to IPv6 address. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ipv6 address 2000::1/64 (Netgear Switch) (Interface 1/0/1)#ipv6 enable OSPF 6-41 v1.0, June 2010...
Page 117
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable OSPFv3 on the interface 1/0/1, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (Interface 1/0/1)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor Router ID...
Page 118
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IPv6 > IPv6 Global Configuration. A screen similar to the following displays. Figure 6-51 Next to the IPv6 Unicast Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 119
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IPv6 > Advanced> IP Interface Configuration. A screen similar to the following displays. Figure 6-53 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for that interface.
Page 120
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IPv6 Interface Configuration: • In the IPv6 Prefix edit box, enter 2001::1. • In the Length edit box, enter 64. • Select Disable in the EUI64 field. •...
Page 121
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-56 To use the Web interface to configure OSPF on the switch A2, refer to the configuration of switch A1. 6-46 OSPF v1.0, June 2010...
ARP request arrived Proxy ARP Examples The following are examples of the commands used in the proxy ARP feature. CLI: show ip interface (Netgear Switch) #show ip interface ? <slot/port> Enter an interface in slot/port format. brief Display summary information about IP configuration settings for all ports.
Page 123
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 CLI: ip proxy-arp (Netgear Switch) (Interface 0/24)#ip proxy-arp ? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 0/24)#ip proxy-arp Web Interface: Configuring Proxy ARP on a Port To use the Web interface to configure proxy ARP on a port, proceed as follows: Configure proxy ARP.
Page 124
Chapter 8 Virtual Router Redundancy Protocol In this chapter, the following examples are provided: • “Configure VRRP on a Master Router” on page 8-2 • “Configure VRRP on a Backup Router” on page 8-4 When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network.
1/0/2 is the same as the port’s actual IP address, therefore this router will always be the VRRP master when it is active. And the priority default is 255. (Netgear Switch) (Interface 1/0/2)#ip vrrp 20 ip 192.150.2.1 Virtual Router Redundancy Protocol...
Page 126
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable VRRP on the port. (Netgear Switch) (Interface 1/0/2)#ip vrrp 20 mode (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Configuring VRRP on a Master Router To use the Web interface to configure VRRP on a master router on the switch, proceed as follows: Enable IP routing on the switch: From the main menu, select Routing >...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 128
4 is the same as Router 1’s port 1/0/2 actual IP address, this router will always be the VRRP backup when Router 1 is active. (Netgear Switch) (Interface 1/0/4)#ip vrrp 20 ip 192.150.2.1 Set the priority for the port. The default priority is 100.
Page 129
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring VRRP on a Backup Router To use the Web interface to configure VRRP on a backup router on the switch, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >...
Page 130
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the Network Mask field, enter 255.255.0.0. • Select Enablein the Admin Mode field. d. Click Apply to save the settings. Enable VRRP on the 1/0/4. From the main menu, select Routing > VRRP > Basic> VRRP Configuration. A screen similar to the following displays.
Chapter 9 Access Control Lists (ACLs) This chapter describes the Access Control Lists (ACLs) feature. The following examples are provided: • “Set up an IP ACL with Two Rules” on page 9-3 • “Configure a One-Way Access Using a TCP Flag in an ACL” on page 9-8 •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Ethertype – Secondary CoS (802.1p) – Secondary VLAN (or range of IDs) • L2 ACLs can apply to one or more interfaces • Multiple access lists can be applied to a single interface - sequence number determines the order of execution •...
(after the mask has been applied), that are carrying TCP traffic, and that are sent to the specified destination IP address. CLI Commands (Netgear Switch) #config (Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Access Control Lists (ACLs) v1.0, June 2010...
Page 134
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Define the second rule for ACL 101 to set similar conditions for UDP traffic as for TCP traffic. (Netgear Switch) (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted.
Page 135
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 following displays. Figure 9-3 b. Next to ACL ID, select 101. Click Add to create a new rule. Create a new ACL rule and add it to the ACL 101. a. After you click the Add button on the step 2, A screen similar to the following displays. Figure 9-4 Enter the following information in the Extended ACL Rule Configuration.
Page 136
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Select TCP in the Protocol Type field. • In the Source IP Address, enter 192.168.77.0. • In the Source IP Mask, enter 0.0.0.255. • In the Destination IP Address, enter 192.178.77.0. •...
Page 137
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 to the following displays. Figure 9-6 b. Enter the following information in the IP Binding Configuration. • Select 101 in the ACL ID field. • In the Sequence Number field, enter 1. Click the Unit 1.
Page 140
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create an ACL that denies all the packets with TCP flags +syn-ack. (Netgear Switch) (Config)#access-list 101 deny tcp any any flag +syn -ack Create an ACL that permits all the IP packets.
Page 142
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-8 b. Enter the following information in the VLAN Routing Wizard: •...
Page 143
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-9 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 100. • In the IP Address field, enter 192.168.100.1. • In the Network Mask field, enter 255.255.255.0. Click Unit 1.
Page 144
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-10 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 200. • In the IP Address field, enter 192.168.200.1. • In the Network Mask field, enter 255.255.255.0. Click Unit 1.
Page 145
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing. 5.
Page 146
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-13 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.50.0. •...
Page 147
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create an ACL with ID 102: From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-15 b. In the IP ACL ID field of the IP ACL Table, enter 102. Click Add.
Page 148
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Add. The Extended ACL Rule Configuration screen displays. Figure 9-17 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 149
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-18 b. Under IP Extended Rules, select 102 in the ACL ID field. Click Add. The Extended ACL Rule Configuration screen displays. Figure 9-19 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 150
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 11. Apply ACL 101 to port 44. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-20 b. Under Binding Configuration, make the following selection and enter the following information: •...
Page 151
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-21 b. Under Binding Configuration, make the following selection and enter the following information: • Select 102 in the ACL ID field. • In the Sequence Number field, enter 2. Click Unit 1.
Page 152
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 following displays. Figure 9-22 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 40. • In the IP Address field, enter 192.168.40.1. • In the Network Mask field, enter 255.255.255.0.
Page 153
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create VLAN 50 with IP address 192.168.50.1/24: From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-23 b. Enter the following information in the VLAN Routing Wizard: •...
Page 154
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-24 b. Enter the following information in the VLAN Routing Wizard: •...
Page 155
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-25 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.100.0. •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.30.0. • In the Subnet Mask field, enter 255.255.255.0. •...
Page 158
(Netgear Switch) (Config)#ip route default 10.100.5.252 Create ACL 101 to deny all traffic that has destination IP 192.168.24.0/24. (Netgear Switch) (Config)#access-list 101 deny ip any 192.168.24.0 0.0.0.255 Create ACL 102 to deny all traffic that has destination IP 192.168.48.0/24. (Netgear Switch) (Config)#access-list 102 deny ip any 192.168.48.0 0.0.0.255 Create ACL 103 to permit all other traffic.
Page 159
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring a One-Way Access Using a TCP Flag in an ACL To use the Web interface to isolate VLANs on a Layer 3 switch by using ACLs, proceed as follows: Create VLAN 24 with IP address 192.168.24.1: From the main menu, select Routing >...
Page 160
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-29 b. Enter the following information in the VLAN Routing Wizard: •...
Page 161
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-30 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 38. • In the IP Address field, enter 10.100.5.34. • In the Network Mask field, enter 255.255.255.0. Click Unit 1.
Page 162
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing. Create an ACL with ID 101: From the main menu, select Security >...
Page 163
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. In the IP ACL ID field of the IP ACL Table, enter 102. Click Add. Create an ACL with ID 103: From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays.
Page 164
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Add. The Extended ACL Rule Configuration screen displays. Figure 9-36 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 165
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-37 b. Under IP Extended Rules, select 102 in the ACL ID field. Click Add. The Extended ACL Rule Configuration screen displays. Figure 9-38 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 166
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 10. Add and configure an IP extended rule that is associated with ACL 103: From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays.
Page 167
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 11. Apply ACL 102 to port 24: From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-41 b. Under Binding Configuration, make the following selection and enter the following information: •...
Page 168
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-42 b. Under Binding Configuration, make the following selection and enter the following information: • Select 101 in the ACL ID field. • In the Sequence Number field, enter 1. Click Unit 1.
The example is shown as CLI commands and as a Web interface procedure. CLI: Setting up a MAC ACL with Two Rules Create a new MAC ACL acl_bpdu. (Netgear Switch) # (Netgear Switch) #config (Netgear Switch) (Config)#mac access-list extended acl_bpdu 9-39 Access Control Lists (ACLs) v1.0, June 2010...
Page 170
Apply the MAC ACL acl_bpdu to the port 1/0/2. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#mac access-group acl_bpdu in Web Interface: Setting up a MAC ACL with Two Rules To use the Web interface to configure MAC ACL on a port on the switch, proceed as follows: Create MAC ACL 101 on the switch: From the main menu, select Security >...
Page 171
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL >MAC ACL> MAC Rules. A screen similar to the following displays. Figure 9-45 Select acl_bpdu in the ACL Name field. b. Select Deny in the Action field. Enter the following information in the Rule Table.
Page 172
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select acl_bpdu in the ACL Name field. b. Enter the following information in the Rule Table. • In the ID field, enter 2. • Select the Permit in the Action field. Click theAdd button.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 ACL Mirroring This feature extends the existing port mirroring functionality by allowing to mirror a desired traffic stream in an interface. It helps to mirror the desired traffic stream rather mirroring entire traffic in an interface. It has been associated with ACL functionality.
Page 174
(Netgear Switch) (Config)# ip access-list monitorHost Define the rules to match the host 10.0.0.1 and to permit every other. (Netgear Switch) (Config-ipv4-acl)# permit ip 10.0.0.1 0.0.0.0 any mirror 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Bind the ACL with the interface 1/0/1.
Page 175
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring ACL Mirroring To use the Web interface to configure IP ACL on a port on the switch, proceed as follows: Create an IP access control list with the name monitorHost on the switch: From the main menu, select Security >...
Page 176
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 9-51 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays Figure 9-52 Enter Rule ID as 1.
Page 177
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays Figure 9-53 b. Click Add and a screen similar to the following displays. Figure 9-54 Enter the Rule ID as 2.
Page 178
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Bind the ACL with the interface 1/0/1. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-56 b. Enter Sequence Number as 1. Click Unit 1 in the Port Selection Table to display all the ports for the device.
Create a IP Access Control List with the name redirectHTTP. (Netgear Switch) (Config)#ip access-list redirectHTTP Define a rule to match the HTTP stream and define a rule to permit every other. (Netgear Switch) (Config-ipv4-acl)# permit tcp any any eq http redirect 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every 9-49 Access Control Lists (ACLs) v1.0, June 2010...
Page 180
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Bind the ACL with the interface 1/0/1. (Netgear Switch) (Interface 1/0/1)#ip access-group redirectHTTP in 1 View the configuration. (Netgear Switch) # show ip access-lists Current number of ACLs: 1 Maximum number of ACLs: 100...
Page 181
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-59 b. In the IP ACL filed enter redirectHTTP. Click Add to create the IP ACL redirectHTTP. At the end of this configuration a screen similar to the following displays.
Page 182
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 9-61 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays. Figure 9-62 Enter Rule ID as 1.
Page 183
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 9-63 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays. Figure 9-64 Enter Rule ID as 2.
Page 184
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 9-65 Bind the ACL with the interface 1/0/1. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 9-67 Configure IPv6 ACLs This feature extends the existing IPv4 ACL by providing support for IPv6 packet classification. IPv6 ACLs classify for Layer 3 IPv6 traffic.
Page 186
IPv6 Any other traffic Figure 9-68 CLI: Configuring an IPv6 ACL Create the Access Control List with the name ipv6-acl. (Netgear Switch) (Config)# ipv6 access-list ipv6-acl Define three rules to: • Permit ANY IPv6 traffic to the destination network 2001:DB8:C0AB:AC14::/64 from the source network 2001:DB8:C0AB:AC11::/64.
Page 187
(Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 2001:DB8:C0AB:AC13::/64 eq telnet (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 any eq http Apply rules the rule to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/1...
Page 188
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring an IPv6 ACL Create the Access Control List with the name ipv6-acl From the main menu, select Security > ACL > Advanced > IPv6 ACL. b. In the IPv6 ACL table, enter ipv6-acl in the IPv6 ACL field. A screen similar to the following displays.
Page 189
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IPv6 Rules. A screen similar to the following displays. Figure 9-71 b. Select the ACL Name as ipv6-acl. Click Add. d.
Page 190
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. 3. Add Rule 2. Enter Rule ID as 2. b. Select Action as Permit. Select Protocol Type as TCP. d. Enter Source Prefix as 2001:DB8:C0AB:AC11::. Enter Source Prefix Length as 64. Enter Destination Prefix as 2001:DB8:C0AB:AC13::.
Page 191
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Source L4 Port as http. A screen similar to the following displays. Figure 9-74 Click Apply. 5. Apply the rules to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted. From the main menu, select Security >...
Page 192
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 9-76 View the binding table. From the main menu, select Security > ACL > Advanced-> Binding Table. A screen similar to the following displays.
Page 193
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 9-63 Access Control Lists (ACLs) v1.0, June 2010...
Chapter 10 Class of Service (CoS) Queuing This section describes the Class of Service (CoS) Queue Mapping and Traffic Shaping features. In this chapter, the following examples are provided: • “Show classofservice Trust” on page 10-3 • “Set classofservice trust Mode” on page 10-3 •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Can only have one trust field at a time - per port. – 802.1p User Priority (default trust mode - Managed through Switching configuration) – IP Precedence – IP DiffServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header.
Traffic Shaping for an entire interface Show classofservice Trust CLI: Showing classofservice trust To use the CLI to show CoS trust mode, use these commands. (Netgear Switch) #show classofservice trust? <cr> Press Enter to execute the command. (Netgear Switch) #show classofservice trust...
Page 197
Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Config)#classofservice trust dot1p? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#classofservice trust dot1p Web Interface: Setting classofservice Trust Mode To use the Web interface to show CoS trust mode, proceed as follows: From the main menu, select QoS >...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Show classofservice ip-precedence Mapping The example is shown as CLI commands and as a Web interface procedure. CLI: Showing classofservice ip-precedence Mapping (Netgear Switch) #show classofservice ip-precedence-mapping IP Precedence Traffic Class -------------...
Enter the minimum bandwidth percentage for Queue 0. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict? <queue-id> Enter a Queue Id from 0 to 7.
Page 200
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > Advanced >Interface Queue Configuration. A screen similar to the following displays. Figure 10-4 b. Select the 0 in the Queue ID field. Under Interface Queue Configuration, scroll down to interface 1/0/2 and select the checkbox for 1/ 0/1.
Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p 10-8 Class of Service (CoS) Queuing v1.0, June 2010...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Note: The Traffic Class value range is <0-6> instead of <0-7> because queue 7 is reserved in a stacking build for stack control, and is therefore not configurable by the user. Web Interface: Setting CoS Trust Mode of an Interface To use the Web interface to set CoS trust mode of an interface, set Cos Trust Mode to dot1p of the interface 1/0/3:...
Page 203
CLI: Configuring traffic-shape (Netgear Switch) (Config)#traffic-shape? <bw> Enter the shaping bandwidth percentage from 0 to 100 in increments of 5. (Netgear Switch) (Config)#traffic-shape 70? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#traffic-shape 70 (Netgear Switch) (Config)# Web Interface: Configuring Traffic-shape To use the Web interface to configure traffic-shape, proceed as follows: Set the shaping bandwidth percentage to 70%.
Page 204
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under CoS Interface Configuration, scroll down to interface 1/0/3 and select the 1/0/3 checkbox. Now 1/0/3 appears in the Interface field at the top. In the Interface Shaping Rate(0 to 100) field, enter 70. d.
Chapter 11 Differentiated Services In this chapter, the following examples are provided: • “Differentiated Services” on page 11-2 • “DiffServ for VoIP Configuration” on page 11-20 • “Auto VoIP Configuration” on page 11-29 • “DiffServ for IPv6 Configuration Example” on page 11-33 •...
Page 206
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Policy. Defines the QoS attributes for one or more traffic classes. An example of an attribute is the ability to mark a packet at ingress. The 7000 Series Managed Switch supports a Traffic Conditions Policy.
Page 207
Create a DiffServ class of type “all” for each of the departments, and name them. Define the match criteria - - Source IP address -- for the new classes. (Netgear Switch) (Config)#class-map match-all finance_dept (Netgear Switch) (Config class-map)#match srcip 172.16.10.0 255.255.255.0 (Netgear Switch) (Config class-map)#exit (Netgear Switch) (Config)#class-map match-all marketing_dept (Netgear Switch) (Config class-map)#match srcip 172.16.20.0 255.255.255.0...
Page 208
It is presumed that the switch will forward this traffic to interface 1/0/5 based on a normal destination address lookup for internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit...
Page 209
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ >Basic >DiffServ Configuration. A screen similar to the following displays. Figure 11-2 b. Next to the Diffserv Admin Mode, select the Enable radio button. Click Apply to save the settings.
Page 210
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click the finance_dept to configure this class. Figure 11-4 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.10.0. • In the Source Mask field, enter 255.255.255.0. Click Apply.
Page 211
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Enter the following information in the Class Configuration • In the Class Name field, enter marketing_dept. • Select All in the Class Type field. Click Add to create a new class marketing_dept. d.
Page 212
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced >Class Configuration. A screen similar to the following displays. Figure 11-7 b. Enter the following information in the Class Configuration • In the Class Name field, enter test_dept.
Page 213
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.30.0. • In the Source Mask field, enter 255.255.255.0. Click Apply. Create class development_dept. From the main menu, select QoS >...
Page 214
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-10 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.40.0. • In the Source Mask field, enter 255.255.255.0. Click Apply. Create a policy named internet_access and add the class finance_dept into it.
Page 215
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Enter the following information in the Class Configuration • In the Policy Selector field, enter internet_access. • Select the finance_dept in the Member Class field. Click the Add to create a new policy internet_access. 7.
Page 216
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-13 b. Under Policy Configuration, scroll down to internet_access and select the checkbox for internet_access. Internet_access now appears in the Policy Selector field at the top. Select the test_dept in the Member Class field. d.
Page 217
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced >Policy Configuration. A screen similar to the following displays. Figure 11-15 b. Click the internet_access whose member class is finance_dept. another screen similar to the following displays.
Page 218
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 11-17 b. Click the internet_access whose member class is marketing_dept. another screen similar to the following displays.
Page 219
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced >Policy Configuration. A screen similar to the following displays. Figure 11-19 b. Click the internet_access whose member class is test_dept. another screen similar to the following displays.
Page 220
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 11-21 b. Click the internet_access whose member class is development_dept. another screen similar to the following displays.
Page 221
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > Advanced >Service Configuration. A screen similar to the following displays. Figure 11-23 b. Scroll down to interface 1/0/1 and select the checkbox for 1/0/1. Scroll down to interface 1/0/2 and select the checkbox for 1/0/2.
Page 222
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-24 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/0/5. 1/0/5 now appears in the Interface field at the top. Select the 1 in the Queue ID field d.
Page 223
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select the 2 in the Queue ID field d. In the Minimum Bandwidth field, enter 25. Click Apply. 17. Set the CoS queue 3 configuration for the interface 1/0/5. From the main menu, select QoS > CoS >Advanced >Interface Queue Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-27 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/0/5. 1/0/5 now appears in the Interface field at the top. Select the 4 in the Queue ID field d.
Page 225
The class type “match-all” indicates that all match criteria defined for the class must be satisfied in order for a packet to be considered a match. (Netgear Switch) (Config)#class-map match-all class_voip (Netgear Switch) (Config class-map)#match protocol udp (Netgear Switch) (Config class-map)#exit 11-21 Differentiated Services v1.0, June 2010...
Page 226
(DSCP) of 'EF' (expedited forwarding). This handles incoming traffic that was previously marked as expedited somewhere in the network. (Netgear Switch) (Config)#class-map match-all class_ef (Netgear Switch) (Config class-map)#match ip dscp ef (Netgear Switch) (Config class-map)#exit Create a DiffServ policy for inbound traffic named 'pol_voip', then add the previously created classes 'class_ef' and 'class_voip' as instances within this policy.
Page 227
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-29 b. Under Interface Queue Configuration, select all the interfaces. Select 5 in the Queue ID field. d. Select Strict in the Scheduler Type field. Click the Apply to save the settings. Enable the DiffServ From the main menu, select QoS >...
Page 228
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-31 b. In the Class Name, enter class_voip. Select All in the Class Type field. Click Add to create a new class. Click the class_voip, another screen similar to the following displays: Figure 11-32 Select UDP in the Protocol Type field.
Page 229
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced >DiffServ Configuration. A screen similar to the following displays. Figure 11-33 b. In the Class Name, enter class_ef. Select All in the Class Type field. Click the Add to create a new class.
Page 230
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply to create a new class. Create a policy pol_voip and add class_voip into this policy From the main menu, select QoS > DiffServ> Advanced > Policy Configuration. A screen similar to the following displays.
Page 231
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 For the Policy Attribute, click the Mark IP DSCP radio button and select ef in the Mark IP DSCP field. Click Apply to create a new policy. 6. Add class_ef into the policy pol_voip. From the main menu, select QoS >...
Page 232
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-38 Select the 5 in the Assign Queue field. Click Apply to create a new policy. 7. Attach the defined policy to the interface 1/0/2 in the inbound direction From the main menu, select QoS > DiffServ > Advanced > Service Configuration. A screen similar to the following displays.
Figure 11-40 This script in this section shows how to setup Auto VoIP system wide. CLI: Configuring Auto VoIP Enable Auto VoIP to all the interfaces in the device. (Netgear Switch) (Config)# auto-voip all 11-29 Differentiated Services v1.0, June 2010...
Page 234
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 View the Auto VoIP information: (Netgear Switch) # show auto-voip interface all Interface Auto VoIP Mode Traffic Class --------- -------------- ------------- 1/0/1 Enabled 1/0/2 Enabled 1/0/3 Enabled 1/0/4 Enabled 1/0/5 Enabled...
Page 235
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Auto VoIP. A screen similar to the following displays. Figure 11-41 b. Select the check box in the first row to select all the interfaces. Select Auto VoIP mode as Enabled.
Page 236
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-43 Differentiated Services 11-32 v1.0, June 2010...
Figure 11-44 This script in this section shows how to prioritize ICMPv6 traffic over other IPv6 traffic. CLI: Configuring DiffServ for IPv6 Create the IPv6 Class classicmpv6. (Netgear Switch) (Config)# class-map match-all classicmpv6 ipv6 11-33 Differentiated Services v1.0, June 2010...
Page 238
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Define matching criteria as protocol ICMPv6. (Netgear Switch) (Config-classmap) # match protocol 58 (Netgear Switch) (Config-classmap) # exit Create the policy policyicmpv6. (Netgear Switch) (Config)# policy-map policyicmpv6 in Associate the previously created class classicmpv6.
Page 239
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. Figure 11-45 b. Enter Class Name as classicmpv6. Select Class Type as All. A screen similar to the following displays. Figure 11-46 d.
Page 240
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. Figure 11-48 b. Click the class classicmpv6. A screen similar to the following displays. Figure 11-49 Differentiated Services 11-36...
Page 241
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 For the Protocol Type, select Other and enter 58. A screen similar to the following displays. Figure 11-50 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-51 Create the policy policyicmpv6 and associate the previously created class classicmpv6.
Page 242
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. Figure 11-52 b. Enter the Policy Name as policyicmpv6. For the Policy Type, select In. d.
Page 243
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. Figure 11-54 b. Click the Policy policyicmpv6 A screen similar to the following displays. Figure 11-55 11-39 Differentiated Services...
Page 244
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Assign Queue as 6.. Figure 11-56 d. Click Apply. 5. Attach the policy policyicmpv6 in the interface 1/0/1,1/0/2 and 1/0/3. From the main menu, select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Select Policy Name as policyicmpv6. Click the check box for the interfaces 1/0/1, 1/0/2 and 1/0/3. A screen similar to the following displays. Figure 11-58 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-59 Color Conform Policy Configuration This example shows how to create a policy to police the traffic to a committed rate and the packets with IP...
Page 247
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Apply this policy to port 1/0/13. (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#service-policy in policy_vlan (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#exit Web Interface: Configuring a Color Conform Policy Create a VLAN .
Page 248
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays. Figure 11-61 b. Select 5 in the VLAN ID field. Click Unit 1. The Ports display. d.
Page 249
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Enter the following information in the Class Configuration • In the Class Name field, enter class_vlan. • In the class Type field, select All. Click Add to create a new class class_vlan. d.
Page 250
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create a class class_color. From the main menu, select QoS > DiffServ >Advanced > Class Configuration. A screen similar to the following displays. Figure 11-65 b. Enter the following information in the Class Configuration •...
Page 251
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 After that, a screen similar to the following displays: Figure 11-67 Under the Diffserv Class Configuration page, select 7 from the Precedence Value field. Click Apply. Create a policy policy_vlan. 11-47 Differentiated Services v1.0, June 2010...
Page 252
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ >Advanced > Policy Configuration. A screen similar to the following displays. Figure 11-68 b. In the Policy Name field, enter policy_vlan. In the Policy Type field, Select In. d.
Page 253
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the Member Class field, enter class_vlan. d. Click Apply. Configure policy_vlan. From the main menu, select QoS > DiffServ >Advanced > Policy Configuration. Click the policy_vlan , a screen similar to the following displays. Figure 11-70 b.
Page 254
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ >Advanced > Service Interface Configuration. A screen similar to the following displays. Figure 11-71 b. Under Service Interface Configuration, scroll and select the checkbox for 1/0/13. In the Policy Name field, select policy_vlan.
The following are examples of the commands used in the IGMP Snooping feature. CLI: Enabling IGMP Snooping The following example shows how to enable IGMP snooping. (Netgear Switch) #config (Netgear Switch) (Config)#set ip igmp (Netgear Switch) (Config)#set igmp interfacemode (Netgear Switch) (Config)#exit Web Interface: Enabling IGMP Snooping To use the Web interface to configure the managed switch, proceed as follows: Configure the IGMP Snooping Configuration.
Click Apply. Show igmpsnooping The example is shown as CLI commands and as a Web interface procedure. CLI: Showing igmpsnooping (Netgear Switch) #show igmpsnooping Admin Mode........Disable Unknown Multicast Filtering....Disable Multicast Control Frame Count....0 Interfaces Enabled for IGMP Snooping... None VLANs enabled for IGMP snooping....
Figure 12-2 Show mac-address-table igmpsnooping The example is shown as CLI commands and as a Web interface procedure. CLI: Showing mac-address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? <cr> Press Enter to execute the command. (Netgear Switch) #show mac-address-table igmpsnooping...
This example configures the interface as the one the multicast router is attached to. All IGMP packets snooped by the switch will be forwarded to the multicast router reachable from this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter interface Web Interface: Configuring the Switch with an External Multicast Router...
CLI: Configure the Switch with a Multicast Router Using VLAN This example configures the interface to only forward the snooped IGMP packets that come from VLAN ID (<VLAN Id>) to the multicast router attached to this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter 2 12-5 IGMP Snooping and Querier...
Page 260
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring the Switch with a Multicast Router Using VLAN To use the Web interface to configure the managed switch, proceed as follows: From the main menu, select Switching > Multicast > Multicast Router VLAN Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 IGMP Querier When the switch is used in network applications where video services such as IPTV, video streaming, and gaming are deployed, the video traffic would normally be flooded to all connected ports because such traffic packets usually have multicast Ethernet addresses.
Page 262
(Netgear switch) (vlan)#exit (Netgear switch) #config (Netgear switch) (config)#set igmp querier (Netgear switch) (config)#set igmp querier address 10.10.10.1 (Netgear switch) (config)#exit Web Interface: Enabling IGMP Querier From the main menu, select Switching > Multicast >IGMP VLAN Configuration. A screen similar to the following displays.
Page 263
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > Multicast >IGMP Snooping > IGMP VLAN Configuration. A screen similar to the following displays. Figure 12-8 b. Enter the following information in the IGMP VLAN Configuration. •...
The example is shown as CLI commands and as a Web interface procedure. CLI: Showing IGMP Querier Status To see the IGMP querier status, use the following command. (Netgear Switch) #show igmpsnooping querier vlan 1 VLAN 1 : IGMP Snooping querier status ---------------------------------------------- IGMP Snooping Querier VLAN Mode....
Page 265
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Showing IGMP Querier Status From the main menu, select Switching > Multicast >IGMP Snooping Configuration. A screen similar to the following displays. Figure 12-11 Click Refresh. 12-11 IGMP Snooping and Querier v1.0, June 2010...
Chapter 13 Security Management In this chapter, exmples are provided for the following topics: • “Port Security” • “Protected Ports” on page 13-6 • “802.1x Port Security” on page 13-13 • “Create a Guest VLAN” on page 13-21 • “VLAN Assignment via RADIUS” on page 13-27 •...
Page 267
Enable port-security globally (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security Enable port-security on port 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security max-dynamic 10 Set the dynamic limit to 10 (Netgear Switch) (Interface 1/0/1)#port-security max-static 3 Set the static limit to 3...
Page 268
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-1 b. Under Port Security Configuration, next to the Port Security Mode, select Enable radio button. Click Apply to save the settings. Set dynamic and static limit on the port 1/0/1 From the main menu, select Security >...
Page 269
The example is shown as CLI commands and as a Web interface procedure. CLI: Converting the Dynamic Address Learned from 1/0/1 to the Static Address (Netgear Switch)(Interface 1/0/1)#port-security mac-address move Convert the dynamic address learned from 1/0/1 to the static address...
The example is shown as CLI commands and as a Web interface procedure. CLI: Creating a Static Address (Netgear Switch) (Interface 1/0/1)#port-security mac-address 00:13:00:01:02:03 Web Interface: Creating a Static Address To use the Web interface to create a static address, proceed as follows: From the main menu, select Security >...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Protected Ports This section describes how to set up protected ports on the switch. Some situations might require that traffic is prevented from being forwarded between any ports at Layer 2 so that one user cannot see the traffic of another user on the same switch.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Step 4: Enable IProuting and configure a default route. (Netgear Switch)(config)#ip routing (Netgear Switch)(config)#ip route 0.0.0.0 0.0.0.0 10.100.5.252 Step 5: Enable a protected port on 1/0/23 and 1/0/24. (Netgear Switch) (Config)#interface 1/0/23...
Page 274
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-6 b. Under DHCP Pool Configuration, enter the following information: • Select Create in the Pool Name field. • In the Pool Name field, enter pool-a. • Select Dynamic in the Type of Binding field. •...
Page 275
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Add. Configure a VLAN and include ports 1/0/23 and 1/0/24 in the VLAN: From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays.
Page 276
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-8 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 202. • In the IP Address field, enter 10.100.5.34. • In the Network Mask field, enter 255.255.255.0. Click Unit 1.
Page 277
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing. Configure default route for VLAN 202: From the main menu, select Routing >...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-11 b. Under Protected Ports Configuration, Click Unit 1. The ports display. • Click the gray box under ports 23. A flag appears in the box. • Click the gray box under ports 24. A flag appears in the box. Click Apply to activate ports 23 and 24 as protected ports.
Page 280
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Configure a RADIUS authentication server. (Netgear Switch) (Config)#radius server host auth 10.100.5.17 Configure the shared secret between the RADIUS client and the server. Netgear Switch) (Config)#radius server key auth 10.100.5.17 Enter secret (16 characters max):123456 Re-enter secret:123456 Configure the shared secret between the RADIUS client and the server.
Page 281
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Authenticating dot1x Users by a RADIUS Server Enable routing for the switch. From the main menu, select Routing > Basic >IP Configuration. A screen similar to the following displays. Figure 13-13 b.
Page 282
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-14 b. Under IP Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for that interface. Now 1/0/1 appears in the Interface field at the top. Under the IP Interface Configuration, enter the following information. •...
Page 283
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Select Enable in the Routing Mode field. d. Click Apply to save the settings. Create an authentication name list. From the main menu, select Security > Management Security > Login> Authentication List. A screen similar to the following displays.
Page 284
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Force Authorized in the Control Mode field. d. Click Apply to save settings. Enable dot1x on the switch. From the main menu, select Security > Port Authentication > Server Configuration. A screen similar to the following displays.
Page 285
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Yes in the Primary Server field. Select Enable in the Message Authenticator field. Click Add. Enable Accounting. From the main menu, select Security > Management Security > RADIUS> Radius Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Enable in the Accounting Mode field. d. Click Apply. Create a Guest VLAN The Guest VLAN feature allows a switch to provide a distinguished service to dot1x unaware clients (not rogue users who fail authentication).
Page 287
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/24)#exit Create a VLAN 2000 and have 1/0/1 and 1/0/24 being the member of VLAN 2000.
Page 288
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable guest vlan on port 1/0/1 and 1/0/24. (Netgear Switch) #show dot1x detail 1/0/1 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....Idle Quiet Period (secs)......
Page 289
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-23 b. In the VLAN ID field, enter 2000. Select Static in the VLAN Type field. d. Click Add. 2. Add ports to the VLAN 2000. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 290
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Setting force authorized mode on the port 1/0/6 and 1/0/12. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays. Figure 13-25 b.
Page 291
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Next to the Administrative Mode, select the Enable radio button. Click Apply to save settings. Configure dot1x authentication list. From the main menu, select Security > Management Security > Authentication List> Dot1x Authentication List.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. In the Radius Server IP Address field, enter 192.168.0.1. Select Yes in the Secret Configured field. d. In the Secret field, enter 12345. Click Add. Configure the Guest VLAN. a. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays.
Page 293
CLI: Configuration on the Switch (Netgear Switch) #network protocol none Changing protocol mode will reset ip configuration. Are you sure you want to continue? (y/n)y (Netgear Switch) #network parms 192.168.0.5 255.255.255.0 (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) #exit...
Page 294
Create a VLAN 2000 (Netgear Switch) (Config)#dot1x system-auth-control Enable dot1x authentication on the switch. (Netgear Switch) (Config)#aaa authentication dot1x default radius Use the radius as the authenticator. (Netgear Switch) (Config)#authorization network radius Enable the switch to accept VLAN assignment by the radius server.
Page 295
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Force the 1/0/6 to be authorized for it connects to the RADIUS server. (Netgear Switch) #show dot1x detail 1/0/5 Port........... 1/0/5 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....
Page 296
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-31 b. Next to the Current Network Configuration Protocol, select the None Radio button. In the IP Address, enter 192.168.0.5. d. In the Subnet Mask, enter 255.255.255.0. Click Apply. Create VLAN 2000. From the main menu, select Switching >...
Page 297
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Static in the VLAN Type field. d. Click Add. Setting force authorized mode on the port 1/0/6 and 1/0/12. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays.
Page 298
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-34 b. Next to the Administrative Mode, select the Enable radio button. Next to the VLAN Assignment Mode, select the Enable radio button. d. Click Apply to save settings. Configure dot1x authentication list. From the main menu, select Security >...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Management Security > Radius>Server Configuration. A screen similar to the following displays. Figure 13-36 b. In the Radius Server IP Address field, enter 192.168.0.1. Select Yes in the Secret Configured field.
Page 300
IP address: 192.168.10.1 HW address: 00:16:76:A7:88:CC Figure 13-37 This script in this section shows how to configure Dynamic ARP Inspection. CLI: Dynamic ARP Inspection Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Security Management 13-35 v1.0, June 2010...
Page 301
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 302
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. Figure 13-38 b. For the DHCP Snooping Mode, select Enable. Click Apply. At the end of this configuration a screen similar toFigure 13-38 displays.
Page 303
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the VLAN Configuration table, set DHCP Snooping Mode as Enable. A screen similar to the following displays. Figure 13-40 Configure the port through which DHCP server is reached as trusted. Here Interface 1/0/1 is trusted. From the main menu, select Security >...
Page 304
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 13-42 View the DHCP Snooping Binding table. From the main menu, select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays.
Page 305
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control > Dynamic ARP Inspection > DAI VLAN Configuration. A screen similar to the following displays. Figure 13-44 b. Set the VLAN ID as 1. Set the Dynamic ARP Inspection field as Enable.
Page 306
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 13-46 Now all the ARP packets received on the ports that are member of VLAN are copied to CPU for ARP inspection.
00:11:85:ee:54:e9 Configure ARP ACL used for the VLAN 1. (Netgear Switch) (Config)# ip arp inspection filter ArpFilter vlan 1 Now the ARP packets from the Static client will be through since it has an entry in the ARP ACL ARP packets from the DHCP client is also through since it has DHCP snooping entry.
Page 308
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Add. At the end of this configuration a screen similar to the following displays. Figure 13-48 2. Configure a rule to allow the static client. From the main menu, select Security > Control > Dynamic ARP Inspection > DAI ACL Rule Configuration.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 13-50 DHCP Snooping DHCP Snooping is a security feature that monitors DHCP messages between a DHCP clinet and DHCP server to filter harmful DHCP message and to build a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized.
Page 310
Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 311
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. A screen similar to the one in Figure 13-53 displays. Enable DHCP snooping in a VLAN. From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays.
Page 312
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control > DHCP Snooping Interface Configuration. A screen similar to the following displays. Figure 13-55 b. Select the checkbox for Interface 1/0/1. Select Trust Mode as Enable for Interface 1/0/1. d.
DHCP snooping brings down the interface. The user must do “no shutdown” on this interface to further work with that port. CLI: Configuring the Maximum Rate of DHCP Messages Control the maximum rate of DHCP messages. (Netgear Switch) (Interface 1/0/2)# ip dhcp snooping limit rate 5 Security Management 13-49 v1.0, June 2010...
Page 315
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 View the rate configured. (GSM7328S) #show ip dhcp snooping interfaces 1/0/2 Interface Trust State Rate Limit Burst Interval (pps) (seconds) ---------- ------------- ------------- --------------- 1/0/2 Web Interface: Configuring the Maxiumum Rate of DHCP Messages Control the maximum rate of DHCP messages.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 IP Source Guard IP Source Guard uses the DHCP snooping bindings database. When IP Source Guard is enabled, the switch drops incoming packets that do not match a binding in the bindings database. IP Source Guard can be configured to enforce just the source IP address or both the source IP address and source MAC address.
Page 317
Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 318
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. Figure 13-63 b. Select DHCP Snooping Mode as Enable. Click Apply. At the end of this configuration a screen similar to Figure 13-64 is displayed.
Page 319
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 13-65 Configure the port through which DHCP server is reached as trusted. Here interface 1/0/1 is trusted. From the main menu, select Security >...
Page 320
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 View the DHCP Snooping Binding table. From the main menu, select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Figure 13-68 Enable IP Source Guard in the interface 1/0/2. From the main menu, select Security >...
Page 321
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Add. At the end of this configuration a screen similar to the following displays. Figure 13-70 13-56 Security Management v1.0, June 2010...
SNTP client implemented over UDP which listens on port 123 Show SNTP (CLI Only) The following are examples of the commands used in the SNTP feature. show sntp (Netgear Switch Routing) #show sntp ? <cr> Press Enter to execute the command. client Display SNTP Client Information.
Page 324
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 CLI: Configuring SNTP NETGEAR switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
Page 325
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring SNTP To use the Web interface to configure SNTP, proceed as follows: Configure SNTP server From the main menu, select System > Management>Time>SNTP Server Configuration. A screen similar to the following displays. Figure 14-1 b.
(Netgear switch)(config)#clock timezone PST -8 Set Named SNTP Server The example is shown as CLI commands and as a Web interface procedure. CLI: Setting Named SNTP Server Netgear provides SNTP servers accessible by Netgear devices. Simple Network Time Protocol (SNTP) 14-5 v1.0, June 2010...
Page 327
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Because Netgear may change IP addresses assigned to its time servers, it is best to access a SNTP server by DNS name instead of using a hard-coded IP address. The public time servers available are time-a, time-b, and time-c.
Page 328
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the Version field, enter 4 Click Add. Configure the DNS server. From the main menu, select System > Management>DNS>DNS Configuration. A screen similar to the following displays. Figure 14-4 b.
In this example, the packet takes 16 hops to reach its destination. CLI:Traceroute (Netgear Switch) #traceroute? <ipaddr> Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? <cr> Press Enter to execute the command. <port> Enter port no. (Netgear Switch) #traceroute 216.109.118.74 15-1 v1.0, June 2010...
Page 330
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Tracing route over a maximum of 20 hops 10.254.24.1 40 ms 9 ms 10 ms 10.254.253.1 30 ms 49 ms 21 ms 63.237.23.33 29 ms 10 ms 10 ms 63.144.4.1 39 ms 63 ms 67 ms 63.144.1.141...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 APPLY button, the switch will send three traceroute packets each hop, and the results will be displayed in the result table. b. Enter the following information in the Traceroute. In the IP Address field, enter 216.109.118.74. Click Apply.
Page 332
3201 2 configuration script(s) found. 1020706 bytes free. (Netgear Switch) #script delete basic.scr Are you sure you want to delete the configuration script(s)? (y/n) y 1 configuration script(s) deleted. script apply running-config.scr (Netgear Switch) #script apply running-config.scr Are you sure you want to apply the configuration script? (y/n) y The system has unsaved changes.
On your PC, using Notepad create a banner.txt file that contains the banner to be displayed. Login Banner - Unauthorized access is punishable by law. Transfer the file from the PC to the switch using TFTP (Netgear Switch Routing) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode........... TFTP Set TFTP Server IP......192.168.77.52 TFTP Path........
Such cases will require user intervention to correct the problem, by using appropriate stacking commands. CLI: Downloading a Backup Image and Having It Active (Netgear Switch) #copy tftp://192.168.0.1/gsm73xxseps.stk image2 Mode........... TFTP Set Server IP........192.168.0.1 Path...........
Page 337
-------------------------------------------------------------------- 5.11.2.51 8.0.0.2 image1 image1 (Netgear Switch) #boot system image2 Activating image image2 .. (Netgear Switch) #show bootvar Image Descriptions image1 : default image image2 : Images currently available on Flash -------------------------------------------------------------------- unit image1 image2...
Page 338
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Download a backup image via tftp. From the main menu, select Maintenance > Download >File Download. A screen similar to the following displays. Figure 15-3 b. Select Archive in the File Type field. Select image2 in the Image Name field.
Server and user hosts do not maintain information about the characteristics of each other’s terminals and terminal handling conventions • Must use a valid IP address CLI: show network (Netgear Switch Routing) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch Routing) User:admin Password: (Netgear Switch Routing) >en...
Page 340
(Netgear Switch Routing) (Line)#transport output ? telnet Allow or disallow new telnet sessions. (Netgear Switch Routing) (Line)#transport output telnet ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Line)#transport output telnet (Netgear Switch Routing) (Line)#...
Page 341
Enter the following information in the Outbound Telnet. Next to the Admin Mode, select the Enable radio button. Click Apply CLI: session-limit and session-timeout (Netgear Switch Routing) (Line)#session-limit ? <0-5> Configure the maximum number of outbound telnet sessions allowed. (Netgear Switch Routing) (Line)#session-limit 5 (Netgear Switch Routing) (Line)#session-timeout ? <1-160>...
Page 342
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Access > Telnet. A screen similar to the following displays. Figure 15-6 Enter the following information in the Outbound Telnet. • In the Session Timeout field, enter 15. •...
Chapter 16 Syslog In this chapter, the following examples are provided: • “Show Logging” on page 16-2 • “Show Logging Buffered” on page 16-5 • “Show Logging Traplogs” on page 16-6 • “Show Logging Hosts” on page 16-7 • “Log Port Configuration” on page 16-8 The Syslog feature: •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Show Logging The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging (Netgear Switch Routing) #show logging Logging Client Local Port CLI Command Logging disabled...
Page 345
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Enter the following information in the Syslog Configuration. Next to the Admin Status, select the Enable radio button. Click Apply. Configure the Command Log From the main menu, select Monitoring > Logs >Command Log. Figure 16-3 b.
Page 346
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 16-4 b. Enter the following information in the Console Log Configuration. Next to the Admin Status, click the Disable radio button. Click Apply. Configure Buffer Logs. From the main menu, select Monitoring > Logs >Buffer Logs. A screen similar to the following displays.
Show Logging Buffered The example is shown as CLI commands and as a Web interface procedure. CLI: Showing Logging Buffered (Netgear Switch Routing) #show logging buffered ? <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging buffered...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 16-6 Show Logging Traplogs The example is shown as CLI commands and as a Web interface procedure. CLI: Showing Logging Traplogs (Netgear Switch Routing) #show logging traplogs <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging traplogs Number of Traps Since Last Reset....
Show Logging Hosts The example is shown as CLI commands and as a Web interface procedure. CLI: Showing Logging Hosts (Netgear Switch Routing) #show logging hosts ? <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging hosts...
(Netgear Switch Routing) (Config)#logging host ? <hostaddress> Enter Logging Host IP Address reconfigure Logging Host Reconfiguration remove Logging Host Removal (Netgear Switch Routing) (Config)#logging host 192.168.21.253 ? <cr> Press Enter to execute the command. <port> Enter Port Id Syslog 16-8...
Page 351
Press Enter to execute the command. <severitylevel> Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1 ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1...
Chapter 17 Managing Switch Stacks This chapter describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches running Release 4.x.x.x or newer. NETGEAR stackable managed switches include the following models: • FSM7226RS • FSM7250RS • FSM7328S •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • “Stack the Switches using 10G fiber” on page 17-20 Understanding Switch Stacks A switch stack is a set of up to eight Ethernet switches connected through their stacking ports. One of the switches controls the operation of the stack and is called the stack master.
Page 354
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 A standalone switch is a switch stack with one stack member that also operates as the stack master. You can connect one standalone switch to another to create a switch stack containing two stack members, with one of them being the stack master.
Page 355
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 use the regular Category 5 Ethernet 8 wire cable. Figure 17-1 Interconnect port 51 ports 51 and 52 as shown port 52 Figure 17-2 Stack Master Election and Re-Election The stack master is elected or re-elected based on one of these factors and in the order listed: The switch that is currently the stack master 17-4 Managing Switch Stacks...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 The switch with the highest stack member priority value Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Switch Stack Offline Configuration You can use the offline configuration feature to preconfigure (supply a configuration to) a new switch before it joins the switch stack. You can configure in advance the stack member number, the switch type, and the interfaces associated with a switch that is not currently part of the stack (see “Preconfiguration”...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Effects of Removing a Preconfigured Switch from a Switch Stack If you remove a preconfigured switch from the switch stack, the configuration associated with the removed stack member remains in the running configuration as configured information. To completely remove the configuration, use the no member unit_number (this is in the stacking configuration mode).
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • You can connect to the stack master through the console port of the stack master only. • You can connect to the stack master by using a Telnet connection to the IP address of the stack. Switch Stack Configuration Scenarios Table 17-2 provides switch stack configuration scenarios.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Stacking Recommendations The purpose of this section is to collect notes on recommended procedures and expected behavior of stacked managed switches. Procedures addressed initially are listed below. • Initial installation and power-up of a stack. •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Power on a second unit, making sure it is adjacent (next physical unit in the stack) to the unit already powered up. This will insure the second unit comes up as a member of the stack, and not a “Master” of a separate stack.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Replacing a Stack Member with a New Unit There are two possible situations here. First, if you replace a stack member of a certain model number with another unit of the same model, follow the process below: •...
Page 363
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Renumbering Stack Members To use the Web interface to renumber the stack number, proceed as follows: Renumbering the stacking member’s ID from 3 to 2. From the main menu, select System > Management > Basic > Stack Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Moving a Master to a Different Unit in the Stack This example is provided as CLI commands and a Web interface procedure. CLI: Moving a Master to a Different Unit in the Stack Using the movemanagement command, move the master to the desired unit number.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click the Apply. Note: If you move a master to a different unit, you may lose the connection to the switch because the IP address may be changed if the switch gets IP address using DHCP. Removing a Master Unit from an Operating Stack First, move the designated master to a different unit in the stack using “Moving a Master to a Different...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 4. After a unit type is preconfigured for a specific unit number, attaching a unit with different unit type for this unit number causes the switch to report an error. The show switch command indicates “config mismatch”...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Ports on the added unit should remain in the “detached” state. • A message should appear on the CLI indicating a code mismatch with the newly added unit. • To have the newly added unit to merge normally with the stack, code should be loaded to the newly added unit from the master using the copy command.
Page 368
(stack) Stack Stack Link Down (Netgear Switch) #config (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 ethernet (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #reload Are you sure you want to reload the stack? (y/n) y After Switch A reboots:...
Page 369
(Netgear Switch) (Config-stack)#stack-port 1/0/51 ethernet (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #reload Are you sure you want to reload the stack? (y/n) y After Switch B reboots: (Netgear Switch) #show port 2/0/28 Admin Physical Physical Link Link LACP...
Page 370
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Ethernet in the Configured Stack Mode. d. Click Apply to save the settings. Reboot the switch. From the main menu, select maintenance > Reset > Device Reboot . A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select maintenance > Reset > Device Reboot . A screen similar to the following displays. Figure 17-11 b. Select 1 for Reboot Unit No. Click Apply. Stack the Switches using 10G fiber This example shows how to make two switches stack together in different buildings at long distance using 10G fiber.
Page 372
Ethernet Ethernet Link Down Since 2/0/28 is Ethernet mode, it must be changed to stack mode. (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 stack (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config) Reboot Switch B. (Netgear Switch) #reload Management switch has unsaved changes.
Page 373
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 On Switch A, you will see the following: (Netgear Switch) #show switch Management Standby Preconfig Plugged-in Switch Code Switch Status Model ID Model ID Status Version --- ---------- -------- ----------- -----------...
Page 374
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply to save the settings. Reboot the switch. From the main menu, select maintenance > Reset > Device Reboot . A screen similar to the following displays. Figure 17-15 b.
The example is shown as CLI commands and as a Web interface procedure. CLI: Adding a New Community (Netgear switch) #config (Netgear switch) (Config)#snmp-server community rw public@4 Web Interface: Adding a New Community To use the Web interface to add a new community, proceed as follows: From the main menu, select System >...
CLI: Enabling SNMP Trap This example shows how to send SNMP trap to the SNMP server. (Netgear switch) #config (Netgear switch) (Config)# snmptrap public 10.100.5.17 Enable send trap to SNMP server 10.100.5.17 (Netgear switch) (Config)#snmp-server traps linkmode Enable send link status to the SNMP server when link status changes.
Configure SNMP V3 The example is shown as CLI commands and as a Web interface procedure. CLI: Configuring SNMP V3 This example shows how to configure SNMP v3 on the NETGEAR switches. (Netgear Switch) #config (Netgear Switch) (Config)#users passwd admin...
Page 378
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring SNMP V3 Change the user password. If you set the authentication mode to md5, you must make the length of password longer than 8 characters. From the main menu, select Security > Management Security > User Configuration >User Management.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Select the admin in the User Name field. Next to Authentication Protocol, click the MD5 radio button. d. Next to the Encryption Protocol, click the DES radio button. In the Encryption Key field, enter 12345678. Click the Apply to save the settings.
Page 380
(Netgear Switch) (Config)# sflow receiver 1 ip 192.168.10.2 Configure the sFlow receiver timeout. Here sFlow samples will be sent to this receiver for the duration of 31536000 seconds. That is approximately one year. (Netgear Switch) (Config)# sflow receiver 1 owner NetMonitor timeout 31536000 SNMP 18-6...
Page 382
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter Receiver Address as 192.168.10.2. A screen similar to the following displays. Figure 18-7 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 18-8 Configure sampling ports sFlow receiver index, sampling rate, sampling max header size.
Configure sampling ports sFlow receiver index, polling interval. It has to be repeated for all the ports to be polled. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow poller 1 (Netgear Switch) (Interface 1/0/1)# sflow poller interval View the polling port configurations.
Page 384
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the Poller Interval as 300. A screen similar to the following displays. Figure 18-11 d. Click Apply. SNMP 18-10 v1.0, June 2010...
CLI: Specifying Two DNS Servers To use the CLI to specify two DNS servers, enter the following CLI commands: (Netgear Switch)#config (Netgear Switch) (Config)#ip name-server 12.7.210.170 219.141.140.10 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#exit (Netgear Switch)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.46...
CLI Example: Manually Adding a Host Name and an IP Address To use the CLI to manually add a host name and an IP address, enter the following CLI commands: (Netgear Switch)#config (Netgear Switch) (Config)#ip host www.netgear.com 206.82.202.46 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.46...
Page 387
Figure 19-2 Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www.netgear.com. • In the IP Address field, enter 206.82.202.46. Click Add. The host name and IP address now show in the DNS Host Configuration table.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 20 DHCP Server This section describes the DHCP server configuration. When a client sends a request to a DHCP server, the DHCP server assigns the IP address from address pools that are specified on the switch. The network in the DHCP pool must belong to the same subnet.
Page 390
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. In the VLAN Configuration, VLAN ID field, enter 200. Click Add. 2. Add port 1/0/1 to VLAN 200. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 391
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN> Advanced > Port PVID Configuraton. A screen similar to the following displays. Figure 20-4 b. Under Port PVID Configuration, scroll down and select the checkbox for 1/0/1. In the PVID Configuration, PVID (1 to 4093) field, enter 200.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 20-6 Under DHCP Pool Configuration, enter the following information: •...
Page 393
To use the CLI to create a DHCP server with a with a manual pool, enter the following CLI commands: (Netgear Switch)#config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config)#ip dhcp pool pool_manual (Netgear Switch) (Config)#client-name dhcpclient (Netgear Switch) (Config)#hardware-address 00:01:02:03:04:05 (Netgear Switch) (Config)#host 192.168.200.1 255.255.255.0...
Page 394
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 20-8 Under DHCP Pool Configuration, enter the following information: •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 21 Double VLANs This section describes how to configure the Double VLAN (DVLAN) feature on the switch. A DVLAN is a way to pass traffic of customers who have multiple VLANs from one customer domain to another customer domain.
2 switch connecting all these devices in your domain. The layer 2 switch tags the packet going to the NETGEAR switch port 1/0/24. The example is shown as CLI commands and as a Web interface procedure. The two NETGEAR switches have the same configuration.
Page 397
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. Figure 21-2 b. Under VLAN Configuration, enter the following information and make the following selection: •...
Page 398
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 similar to the following displays. Figure 21-3 b. Under VLAN Membership, select 200 in the VLAN ID field. Click Unit 1. The ports display: • Click the gray box under port 24 twice until U displays. The U specifies that the egress packet is untagged for the port.
Page 399
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Change the Port VLAN ID (PVID) of port 24 to 200: From the main menu, select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 21-4 b.
Page 400
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 screen similar to the following displays. Figure 21-5 b. Under DVLAN Configuration, scroll down to interface 1/0/48 and select the chechbox for that interface. Now 1/0/48 appears in the Interface field at the top. Select Enable in the Admin Mode field.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 22 Private VLAN Groups The private VLAN Group allows network administrator to create groups of users within a VLAN that cannot communicate with members in different groups but only within the same group. There are two modes for the private group.
Page 403
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Creating a Private VLAN Group To use the Web interface, proceed as follows: Create a VLAN 200. From the main menu, select Switching > VLAN > Basic > VLAN configuration. A screen similar to the following displays.
Page 404
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. In the VLAN Membership, select 200 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box under port 6 , 7, 16 and 17 until U displays. The U specifies that the egress packet is untagged for the port.
Page 405
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 VLAN > Private Group Configuration. A screen similar to the following displays. Figure 22-5 b. In the Group Name field, enter group1. In the Group ID field, enter 1. d. Select community in the Group Mode field. Click Add.
Page 406
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Traffic Control >Private Group VLAN > Private Group Configuration. A screen similar to the following displays. Figure 22-7 b. In the Group Name field, enter group2. In the Group ID field, enter 2.
CLI: Configuring Classic STP (802.1d) (Netgear Switch) (Config)# spanning-tree (Netgear Switch) (Config)# spanning-tree forceversion 802.1d (Netgear switch) (Interface 1/0/3)# spanning-tree port mode Web Interface:Configuring Classic STP (802.1d) To use the Web interface to configure the managed switch, proceed as follows: Enable 802.1d on the switch.
Page 408
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > STP > STP Configuration. A screen similar to the following displays. Figure 23-1 b. Enter the following information in the STP Configuration. • Next to the Spanning Tree Admin Mode, select the Enable radio button. •...
CLI: Configuring Rapid STP (802.1w) (Netgear switch) (Config)# spanning-tree (Netgear switch) (Config)# spanning-tree forceversion 802.1w (Netgear switch) (Interface 1/0/3)# spanning-tree port mode Web Interface: Configuring Rapid STP (802.1w) To use the Web interface to configure the managed switch, proceed as follows: Enable the 802.1w on the switch...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Next to the Force Protocol Version, select the IEEE 802.1w radio button. Click Apply. Configure CST Port Configuration. From the main menu, select Switching -> STP -> CST Port Configuration. A screen similar to the following displays.
Page 411
(Netgear switch) (Config)# spanning-tree mst vlan 2 12 Associate the mst instance 2 with the VLAN 11 and 12 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 port-priority 128 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 cost 0 Web Interface: Configuring Multiple STP (802.1s) To use the Web interface to configure the managed switch, proceed as follows: Enable 802.1s on the switch.
Page 412
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Next to the Spanning Tree Admin Mode, select the Enable radio button. • Next to the Force Protocol Version, select the IEEE 802.1s radio button. Click Apply. Configure MST Configuration. From the main menu, select Switching >...
Page 413
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Configure MST Port. From the main menu, select Switching > STP > MST Port Status. A screen similar to the following displays. Figure 23-7 Under MST Port Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 417
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IPv6 >Basic>Global Configuration. A screen similar to the following displays. Figure 24-3 b. Next to the IPv6 Unicast Routing, select the Enable Radio button. Next to the IPv6 Forwarding, select the Enable Radio button.
Page 418
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create a 6-in-4 tunnel interface. From the main menu, select Routing > IPv6 >Advanced>Tunnel Configuration. A screen similar to the following displays. Figure 24-5 b. Select 0 in Tunnel Id field. Select 6-in-4-configured in the Mode field.
Page 419
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the IPv6 Prefix field, enter 2000::1. d. In the Length field, enter 64. Select Disable in EUI64 field. Click Add. On GSM7328S_2 To use the Web interface to create a tunnel, proceed as follows: Enable IP routing on the switch.
Page 420
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IPv6 >Basic>Global Configuration. A screen similar to the following displays. Figure 24-8 b. Next to the IPv6 Unicast Routing, select the Enable Radio button. Next to the IPv6 Forwarding, select the Enable Radio button.
Page 421
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IPv6 >Advanced>Tunnel Configuration. A screen similar to the following displays. Figure 24-10 b. Select 0 in the Tunnel Id field. Select 6-in-4-configured in the Mode field. d.
Page 422
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the IPv6 Prefix field, enter 2000::2. d. In the Length field, enter 64. Select Disable in the EUI64 field. Click Add. Tunnel 24-9 v1.0, June 2010...
Page 425
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Next to the IPv6 Forwarding, select the Enable Radio button. d. Click Apply. Enable IPv6 routing on the interface 1/0/1 From the main menu, select Routing > IPv6 >Advanced>Interface Configuration. A screen similar to the following displays.
To access the switch over an IPv6 network you must first configure it with IPv6 information (IPv6 prefix, prefix length, and default gateway). CLI: Configure the IPv6 Network Interface (Netgear Switch) #network ipv6 enable (Netgear Switch) #network ipv6 address 2001:1::1/64 (Netgear Switch) #network ipv6 gateway 2001:1::2 (Netgear Switch) #show network Interface Status....... Always Up IP Address........
Page 427
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 25-4 b. Next to the Admin Mode, select the Enable Radio button. In the IPv6 Prefix/Prefix Length field, enter 2001:1::1/64. d. Select False in the EUI64 field. Click Add. 2. Add an IPv6 gateway to the network interface. From the main menu, select System >...
Page 430
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. In the VLAN ID field, enter 500. Select Static in the VLAN Type field. d. Click Add. 2. Add ports to the VLAN 500. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 431
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under PVID Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. In the PVID Configuration enter 500 in the PVID(1 to 4093) field. d. Click Apply to save the settings. Enable IPv6 forwarding and unicast routing on the switch.
Page 432
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Click the tag VLANS, then logical VLAN interface 0/4/2 will be displayed. Select the checkbox for 0/4/2, and in the IPv6 Interface Configuration, select Enable in the IPv6 Mode field. d.
Chapter 26 In this chapter, the following examples are provided: • “PIM-DM Configuration” • “PIM-SM Configuration” on page 26-27 Note: The PIM protocol can be configured to operate on IPv4 and IPv6 networks. Separate configuration CLI commands are provided for IPv4 and IPv6 operation; however, most configuration options are common to both protocols.
Page 434
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 versions of PIM-DM. Version 2 does not use IGMP messages; instead, it uses a message that is encapsulated in IP packets with protocol number 103. In Version 2, the Hello message is introduced in place of the query message.
Page 435
Enable ip multicast forwarding on the switch. (Netgear Switch) (Config)#ip multicast Enable RIP to build unicst IP routing table. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#ip rip Enable PIM-DM on the interface.
Page 438
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (C) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ----------- --------- -------- --------- --------------- 192.168.1.1 225.1.1.1 PIMDM 1/0/21 (D) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing...
Page 439
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 similar to the following displays. Figure 26-3 b. Under IP Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. 1/0/1 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 440
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under IP Interface Configuration, scroll down to interface 1/0/9 and select the checkbox for 1/0/9. 1/0/9 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration. •...
Page 441
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing >RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-6 b. Select 1/0/1 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button. d.
Page 442
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-8 b. Select 1/0/13 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button. d.
Page 443
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 26-10 b. Next to the Admin Mode, select the Enable radio button. Click Apply. 10.
Page 444
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. Then select 1/0/9 and 1/0/13. In the PIM-DM Interface Configuration, select Enable in the Admin Mode field. d.
Page 445
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-13 b. Under IP Interface Configuration, scroll down to interface 1/0/10 and select the checkbox for 1/0/ 10. Now 1/0/10 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration. •...
Page 446
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings. Enable rip on the interface 1/0/10. From the main menu, select Routing >RIP >Advanced > Interface Configuration. A screen similar to the following displays.
Page 447
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 26-17 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-DM globally.
Page 448
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-SM->Interface Configuration. A screen similar to the following displays. Figure 26-19 b. Under PIM-SM Interface Configuration, scroll down to interface 1/0/10 and select the checkbox for 1/0/10.
Page 449
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-20 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 450
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 26-22 b. Under IP Interface Configuration, scroll down to interface 1/0/22 and select the checkbox for 1/0/22.
Page 451
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable rip on the interface 1/0/22. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-24 b. Select 1/0/22 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 452
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 26-26 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-DM on the interface 1/0/21 and 1/0/22.
Page 453
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 On Switch D: To use the Web interface to config PIM-DM, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays.
Page 454
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.2.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d.
Page 455
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-31 b. Under IP Interface Configuration, scroll down to interface 1/0/24 and select the checkbox for 1/0/ 24. 1/0/24 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration. •...
Page 456
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-33 b. Select 1/0/22 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button. d.
Page 457
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 26-35 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-DM globally.
Page 458
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-DM->Interface Configuration. A screen similar to the following displays. Figure 26-37 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >IGMP->Interface Configuration. A screen similar to the following displays. Figure 26-39 b. Under IGMP Routing Interface Configuration, scroll down to interface 1/0/24and select the checkbox for 1/0/24.
Page 460
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Source IP 192.168.1.1 Port 1/0/13 Port1/0/9 Port 1/0/10 Switch A Switch B Subnet 192.168.3.0/24 Port Port 1/0/1 1/0/11 Port Port 1/0/21 1/0/21 Port 1/0/22 Port 1/0/22 Switch D Switch C Subnet 192.168.6.0/24 Port 1/0/24 Host...
Page 461
Enable ip multicast forwarding on the switch. (Netgear Switch) (Config)#ip multicast Enable RIP to build unicast IP routing table (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#ip rip (Netgear Switch) (Interface 1/0/1)#ip pimsm...
Page 462
(Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimsm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip pimsm rp-candidate interface 1/0/11 225.1.1.1 255.255.255.0 Enable the switch to announce its candidacy as a bootstrap router (BSR). (Netgear Switch) (Config)#ip pimsm bsr-candidate interface 1/0/10 30...
Page 464
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (A) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ----------- --------- --------- --------- --------------- 192.168.1.1 225.1.1.1 PIMSM 1/0/13 1/0/1 (B) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing...
Page 465
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-41 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/1 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 466
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 26-43 b. Under IP Interface Configuration, scroll down to interface 1/0/9 and select teh checkbox for 1/0/9. Now 1/0/9 appears in the Interface field at the top.
Page 467
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-44 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the checkbox for 1/0/ 13. 1/0/13 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration. •...
Page 468
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable rip on the interface 1/0/9. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-46 b. Select 1/0/9 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 469
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 26-48 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-SM globally.
Page 470
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-SM->Interface Configuration. A screen similar to the following displays. Figure 26-50 b. Under PIM-SM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 471
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-51 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/10 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 472
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 26-53 b. Under IP Interface Configuration, scroll down to interface 1/0/11 and select the checkbox for 1/0/ 11.
Page 473
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable rip on the interface 1/0/11. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-55 b. Select 1/0/11 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 474
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 26-57 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-SM on the interface 1/0/10 and 1/0/11.
Page 475
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the PIM-SM Interface Configuration, select Enable in the Admin Mode field. d. Click Apply to save the settings. Candidate RP Configuration. From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays.
Page 476
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-60 b. Select the 1/0/10 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 7. Click Apply. On Switch C: To use the Web interface to config PIM-SM, proceed as follows: Enable IP routing on the switch.
Page 477
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-61 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 478
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 26-63 b. Under IP Interface Configuration, scroll down to interface 1/0/22 and select the checkbox for 1/0/ 22.
Page 479
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable rip on the interface 1/0/22. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-65 b. Select 1/0/22 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 480
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 26-67 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-SM on the interface 1/0/21 and 1/0/22.
Page 481
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays. Figure 26-69 b. Select 1/0/22 in the Interface field. In the Group IP, enter 225.1.1.1. d.
Page 482
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-70 b. Select the 1/0/21 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 5. Click Apply. On Switch D: To use the Web interface to config PIM-SM, proceed as follows: Enable IP routing on the switch.
Page 483
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-71 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 484
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 26-73 b. Under IP Interface Configuration, scroll down to interface 1/0/22and select the checkbox for 1/0/ 22.
Page 485
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.4.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d.
Page 486
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply. Enable rip on the interface 1/0/24. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-77 b. Select 1/0/24 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 487
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable PIM-SM globally. From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 26-79 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 488
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 11. Candidate RP Configuration. From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays. Figure 26-81 b. Select 1/0/22 in the Interface field. In the Group IP, enter 225.1.1.1.
Page 489
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-82 b. Select 1/0/22 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 3. Click Apply. 13. Enable IGMP globally. From the main menu, select Routing > Multicast >IGMP->Global Configuration. A screen similar to the following displays.
Page 490
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 14. Enable IGMP on the interface 1/0/24. From the main menu, select Routing > Multicast >IGMP->Interface Configuration. A screen similar to the following displays. Figure 26-84 b. Under IGMP Routing Interface Configuration, scroll down to interface 1/0/24and select the checkbox for 1/0/24.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 27 DHCP L2 Relay DHCP Relay Agents eliminate the necessity of having a DHCP server on each physical network. Relay Agents populate the giaddr field and also append the Relay Agent Information option to the DHCP messages.
Enable Option 82 Circuit ID field. (Netgear Switch) (Config)#dhcp l2relay circuit-id vlan 200 Enable Option 82 Remote ID field. (Netgear Switch) (Config)#dhcp l2relay remote-id rem_id vlan 200 Enable DHCP L2relay on the port 1/0/4. (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)# dhcp l2relay...
Page 493
Trust packets with option 82 received on port 1/0/6. (Netgear Switch) (Interface 1/0/6)# dhcp l2relay trust (Netgear Switch) (Interface 1/0/6)# vlan pvid 200 (Netgear Switch) (Interface 1/0/6)# vlan participation include 200 (Netgear Switch) (Interface 1/0/6)# exit Web Interface: DHCP L2 Relay To use the Web interface to create a guest VLAN, proceed as follows: Create VLAN 200.
Page 494
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 27-3 b. Select 200 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box under port 4, port 5 and port 6 until U displays. The U specifies that the egress packet is untagged for the port.
Page 495
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply to save the settings. Enable DHCP L2 Relay on VLAN 200. From the main menu, select System > Services> DHCP L2 Relay > DHCP L2 Relay Configuration. A screen similar to the following displays. Figure 27-5 b.
Page 496
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 27-6 b. Under DHCP L2 Relay Configuration, scroll down to interface 1/0/4 and select the 1/0/4 checkbox. Next select the checkboxes for 1/0/5 and 1/0/6. Select Enable in the Admin Mode field. d.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 28 DHCP L3 Relay This example shows how to configure a DHCP l3 Relay on Netgear management switch and how to configure DHCP pool to assign IP addresses to DHCP client via DHCP L3 Relay.
Create a routing interface and enable rip on it so that DHCP server learns the route 10.200.1.0/24 from DHCP L3 Relay. (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 10.100.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/3)#ip rip (Netgear Switch) (Interface 1/0/3)#exit Create a DHCP pool.
Page 499
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Basic > IP Configuration. A screen similar to the following displays. Figure 28-2 b. For the Routing Mode filed, select the Enable radio button. Click Apply.
Page 500
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing >RIP >Advanced >Interface Configuration. A screen similar to the following displays. Figure 28-4 b. Select 1/0/3 from the Interface field. Next to the RIP Admin Mode, select the Enable radio button. d.
Page 501
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 28-6 b. Under DHCP Pool Configuration, enter the following information: •...
Create a routing interface and enable RIP on it. (Netgear Switch) (Config)# (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#routing (Netgear Switch) (Interface 1/0/4)#ip address 10.100.1.2 255.255.255.0 (Netgear Switch) (Interface 1/0/4)#ip rip (Netgear Switch) (Interface 1/0/4)#exit Create a routing interface connecting to the client.
Page 503
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Basic > IP Configuration. A screen similar to the following displays. Figure 28-7 b. Next to the Routing Mode filed, select the Enable radio button. Click Apply.
Page 504
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable RIP on interface 1/0/4. From the main menu, select Routing >RIP >Advanced >Interface Configuration. A screen similar to the following displays. Figure 28-9 b. Select 1/0/4 from Interface drop-down list. Next to the RIP Admin Mode, select the Enable radio button.
Page 505
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Redistribute connected routes to RIP. From the main menu, select Routing >RIP >Advanced > Route Redistribution. A screen similar to the following displays. Figure 28-11 b. Next to the Source field, select Connected. Next to Redistribute Mode field, select Enable.
Page 506
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select System >Services >UDP Relay . A screen similar to the following displays. Figure 28-13 b. In the Server Address field , enter 10.100.1.1. In the UDP port field, enter dhcp. d.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 29 In this chapter, the following examples are provided: • “Configure MLD” on page 32-2 • “MLD Snooping” on page 32-5 Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover the presence of multicast listeners, the nodes who wish to receive the multicast data packets, on its directly-attached interfaces.
Page 511
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 29-2 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Enable IPv6 Unicast routing on the switch.
Page 512
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Interface Configuration. A screen similar to the following displays. Figure 29-4 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/ 1.
Page 513
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 29-5 b. Under IPv6 Interface Selection, select 1/0/1 in the Interface field. Enter the following information in the IP Interface Configuration.
Page 514
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 29-6 b. Under IPv6 Interface Selection, select the 1/0/13 in the Interface field. Enter the following information in the IP Interface Configuration.
Page 515
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable OSPFv3 on the interface 1/0/1 and 1/0/13. From the main menu, select Routing > OSPFv3 >Advanced > Interface Configuration. A screen similar to the following displays. Figure 29-8 b. Under OSPFv3 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 516
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-DM globally. From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 29-10 b.
Page 517
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-DM->Interface Configuration. A screen similar to the following displays. Figure 29-11 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 518
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 29-12 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Enable IPv6 Unicast routing on the switch.
Page 519
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Interface Configuration. A screen similar to the following displays. Figure 29-14 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
Page 520
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 29-15 b. Under IPv6 Interface Selection, select 1/0/21 in the Interface field. Enter the following information in the IP Interface Configuration.
Page 521
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 29-16 b. Under IPv6 Interface Selection, select 1/0/24 in the Interface field. Enter the following information in the IP Interface Configuration.
Page 522
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable OSPFv3 on the interface 1/0/21 and 1/0/24. From the main menu, select Routing > OSPFv3 >Advanced > Interface Configuration. A screen similar to the following displays. Figure 29-18 b. Under OSPFv3 Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
Page 523
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 29-20 b. Next to the Admin Mode, select the Enable radio button. Click Apply. 10.
Page 524
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the PIM-DM Interface Configuration, select Enable in the Admin Mode field. d. Click Apply to save the settings. 11. Enable MLD on the switch. From the main menu, select Routing >Multicast >MLD >Global configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the MLD Routing Interface Configuration, select Enable in the Admin Mode field. d. Click Apply. MLD Snooping In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast address.
Page 527
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays. Figure 29-24 b. In the VLAN Configuration, VLAN ID field, enter 300 Click Add.
Page 528
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply 3. Assign PVID to port 1/0/1 and 1/0/24. From the main menu, select Switching > VLAN> Advanced > Port PVID Configuraton. A screen similar to the following displays. Figure 29-26 b.
Page 529
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. Enable MLD Snooping on the VLAN 300. From the main menu, select Routing > Multicast >MLD Snooping > MLD VLAN Configuration. A screen similar to the following displays. Figure 29-28 b.
The delivery tree, which is spanning to all the members in the multicast group, is constructed. Configure DVMRP on a NETGEAR Switch In this example, DVMRP is running on the switch A,B and C. IGMP is also running on the Switch C which is connected to the host directly.
Page 532
More Entries or quit(q) Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP...
Page 534
Minor Version ......... 255 Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP...
Page 536
More Entries or quit(q) Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP...
Page 537
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 30-2 b. Next to the Routing Mode, select the Enable radio button. Click Apply.
Page 538
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Select Enable in the Routing Mode field. d. Click Apply to save the settings. Configure 1/0/13 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 539
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 30-5 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the checkbox for 1/0/ 13.
Page 540
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable DVMRP on the switch. From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays. Figure 30-7 b.
Page 541
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under DVMRP Interface Configuration, scroll down to interface 1/0/1 and select the 1/0/1 checkbox. Select the 1/0/13 checkbox and the 1/0/21 checkbox. Select Enable in the Interface Mode field. d. Click Apply to save the settings. On Switch B To use the Web interface to config DVMRP, proceed as follows: Enable IP routing on the switch.
Page 542
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 30-10 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the 1/0/13 checkbox. Now 1/0/13 appears in the Interface field at the top.
Page 543
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.4.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d.
Page 544
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays. Figure 30-13 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable DVMRP on the interface.
Page 545
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 On Switch C: To use the Web interface to config DVMRP, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays.
Page 546
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings. Configure 1/0/3 as a routing port and assign IP address to it. From the main menu, select Routing >...
Page 547
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 30-18 b. Under IP Interface Configuration, scroll down to interface 1/0/24 and select the 1/0/24 checkbox. Now 1/0/24 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration. •...
Page 548
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays. Figure 30-20 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable DVMRP on the interface.
Page 549
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Enable in the Interface Mode field. d. Click Apply to save the settings. Enable IGMP on the switch. From the main menu, select Routing > Multicast >IGMP>Global Configuration. A screen similar to the following displays.
8.0 can contain up to 10 Captive Portal configurations. Enable Captive Portal CLI: Enabling Captive Portal Enable captive portal on the switch. (Netgear Switch) (config)#captive-portal (Netgear Switch) (Config-CP)#enable Enable captive portal instance 1. (Netgear Switch) (Config-CP)#configuration 1 (Netgear Switch) (Config-CP 1)#enable 31-2 Captive Portal v1.0, June 2010...
Page 552
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable captive portal instance 1 on port 1/0/1. (Netgear Switch) (Config-CP 1)#interface 1/0/1 Web Interface: Enabling Captive Portal To use the Web interface to configure the Captive Portal, proceed as follows: Enable Captive Portal on the switch.
Page 553
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control >Captive Portal> CP Configuration. A screen similar to the following displays. Figure 31-2 b. Under Captive Portal Configuration, scroll down to CP ID 1 and select the CP 1 checkbox. Now CP 1appears in the CP ID field at the top.
Block a Captive Portal Instance CLI: Blocking a Captive Portal Instance (Netgear Switch )(Config-CP 1)#block Web Interface: Blocking a Captive Portal Instance To use the Web interface to block a captive portal instance, proceed as follows: From the main menu, select Security > Control >Captive Portal> CP Configuration. A screen similar to the following displays.
CLI: Creating Users and Groups Create a group whose group ID is 2. (Netgear Switch) #config (Netgear Switch) (config)#captive-portal (Netgear Switch )(Config-CP)# user group 2 Create a user whose name is user1. (Netgear Switch) (Config-CP)#user 2 name user1 Configure the user’s password.
Page 556
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control >Captive Portal > CP Group Configuration. A screen similar to the following displays. Figure 31-5 b. Enter the following information in the CP Group Configuration. •...
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the User ID Field, enter 2. • In the User Name field, enter user1. • In the Password field, enter 12345678. • In the Confirm Password field, enter 12345678. •...
Page 558
CLI: Configuring RADIUS as the Verification Mode (Netgear Switch ) (Config-CP 1)#radius-auth-server Default-RADIUS-Server (Netgear Switch ) (Config-CP 1)#verification radius Web Interface: Configuring RADIUS as the Verification Mode From the main menu, select Security > Control >Captive Portal> CP Configuration. A screen similar to the following displays.
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 SSL Certificates A Captive Portal instance can be configured to use the HTTPS protocol during its user verification process. The connection method for HTTPS uses the Secure Sockets Layer (SSL) protocol which requires a certificate to provide encryption.