Page 1 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 202-10515-03 June 2010 v1.0...
Page 2: Statement Of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3: Table Of Contents
Contents About This Manual Chapter 1 Virtual LANs Create Two VLANs ......................1-2 Assign Ports to VLAN2 ....................1-4 Assign Ports to VLAN3 ....................1-5 Assign VLAN3 as the Default VLAN for Port 1/0/2 ............1-7 Creating a MAC-based VLAN ..................1-8 Create a Protocol-Based VLAN ..................1-12 Virtual VLANs: Create an IP Subnet Based VLAN ............1-15 Voice VLAN ........................1-19 Chapter 2 Link Aggregation...
Page 4 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 VLAN Routing RIP Configuration ...................5-8 Chapter 6 OSPF Configure an Inter-Area Router ..................6-2 Configure OSPF on a Border Router ................6-8 Configure Area 1 as a Stub Area ..................6-15 Configure Area 1 as a nssa Area .................6-24 VLAN Routing OSPF Configuration ................6-35 OSPFv3 (Open Shortest Path First) ................6-40 Chapter 7 Proxy Address Resolution Protocol (ARP)
Page 5 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 DiffServ for VoIP Configuration ..................11-20 Auto VoIP Configuration .....................11-29 DiffServ for IPv6 Configuration Example ..............11-33 Color Conform Policy Configuration ................11-41 Chapter 12 IGMP Snooping and Querier Enable IGMP Snooping ....................12-1 Show igmpsnooping .....................12-2 Show mac-address-table igmpsnooping ..............12-3 Configure the Switch with an External Multicast Router ..........12-4 Configure the Switch with a Multicast Router Using VLAN ..........12-5...
Page 6 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Port Mirroring ........................15-6 Dual Image ........................15-8 Outbound Telnet ......................15-11 Chapter 16 Syslog Show Logging .......................16-2 Show Logging Buffered ....................16-5 Show Logging Traplogs ....................16-6 Show Logging Hosts .....................16-7 Log Port Configuration ....................16-8 Chapter 17 Managing Switch Stacks Understanding Switch Stacks ..................17-2 Switch Stack Software Compatibility Recommendations ..........17-7...
Page 7 Configure a DHCP L3 Relay ..................28-6 Chapter 29 MLD Configure MLD ......................29-1 MLD Snooping ......................29-19 Chapter 30 DVMRP Configure DVMRP on a NETGEAR Switch ..............30-1 Chapter 31 Captive Portal Captive Portal Configuration ..................31-2 Enable Captive Portal ....................31-2 Client Access, Authentication, and Control ..............31-5...
Page 8 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Block a Captive Portal Instance ..................31-5 Local Authorization User/Group Configuration .............31-6 Remote Authorization (RADIUS) User Configuration ...........31-8 SSL Certificates ......................31-10 Index v1.0, June 2010...
Page 9: About This Manual
Software Setup Guide • NETGEAR CLI Reference for the Prosafe 7X00 Series Managed Switch. Refer to the Command Line Reference for information for the command structure. There are three documents in this series; choose the appropriate one for your product.
Page 10 Chapter 1 Virtual LANs In this chapter, the following examples are provided: • “Create Two VLANs” on page 1-2 • “Assign Ports to VLAN2” on page 1-4 • “Assign Ports to VLAN3” on page 1-5 • “Assign VLAN3 as the Default VLAN for Port 1/0/2” on page 1-7 •...
Page 11: Create Two Vlans
The example is shown as CLI commands and as a Web interface procedure. CLI: Creating Two VLANS Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan 3 (Netgear Switch) (Vlan)#exit...
Page 12 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create VLAN 2. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays. Figure 1-2 b. Enter the following information in the VLAN Configuration. •...
Page 13: Assign Ports To Vlan2
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#vlan port tagging all 2 (Netgear Switch) (Config)# Web Interface: Assigning Ports to VLAN2 To use the Web interface to configure the managed switch, proceed as follows: 1.
Page 14: Assign Ports To Vlan3
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click the Unit 1. The Ports display. d. Click the gray box under port 1 and 2 until T displays. The T specifies that the egress packet is tagged for the port. Click Apply Specify that only tagged frames will be accepted on port 1/0/1 and 1/0/2.
Page 15 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 CLI: Assigning Ports to VLAN3 (Netgear Switch) (Config)#interface range 1/0/2-1/0/4 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#vlan acceptframe all (Netgear Switch) (Interface 1/0/4)#exit...
Page 16: Assign Vlan3 As The Default Vlan For Port 1/0/2
CLI: Assigning VLAN3 as the Default VLAN for Port 1/0/2 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#vlan pvid 3 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Assigning VLAN3 as the Default VLAN for Port 1/0/2 To use the Web interface to configure the managed switch, proceed as follows: 1.
Page 17: Creating A Mac-Based Vlan
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 1-8 b. Under PVID Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 18 (Netgear Switch)(Vlan)#vlan 3 (Netgear Switch)(Vlan)#exit Add the port 1/0/23 to the VLAN 3. (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/23 (Netgear Switch)(Interface 1/0/23)#vlan participation include 3 (Netgear Switch)(Interface 1/0/23)#vlan pvid 3 (Netgear Switch)(Interface 1/0/23)#exit Map the MAC 00:00:0A:00:00:02 to the VLAN 3. (Netgear Switch)(Config)#exit...
Page 19 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface Procedure: Assigning a MAC-Based VLAN To use the Web interface to configure the managed switch, proceed as follows: Create VLAN 3. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays.
Page 20 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Select 3 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box before the Unit 1until U displays. Click Apply Assign VPID 3 to the port 1/0/23. From the main menu, select Switching >...
Page 21: Create A Protocol-Based Vlan
Create a vlan protocol group vlan_ipx based on IPX protocol. (Netgear Switch)#config (Netgear Switch)(Config)#vlan protocol group vlan_ipx (Netgear Switch)(Config)#vlan protocol group add protocol 1 ipx Create a vlan protocol group vlan_ipx based on IP/ARP protocol. (Netgear Switch)(Config)#vlan protocol group vlan_ip...
Page 22 Enable protocol vlan group 1 and 2 on the interface. (Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 2 (Netgear Switch)(Interface 1/0/11)#exit Web Interface: Creating a Protocol-based VLAN To use the Web interface to configure the managed switch, proceed as follows: Create protocol based VLAN group vlan_ipx.
Page 23 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Advanced > Protocol Based VLAN Group Configuration. A screen similar to the following displays. Figure 1-15 b. Enter the following information in the Protocol Based VLAN Group Configuration. •...
Page 24: Virtual Vlans: Create An Ip Subnet Based Vlan
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Advanced > Protocol Based VLAN Group Membership. A screen similar to the following displays Figure 1-17 b. Select the 2 in the Group ID field. Click on the gray box under port 11.
Page 25 Figure 1-18 CLI: Creating an IP Subnet Based VLAN (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#vlan association subnet 10.100.0.0 255.255.0.0 2000 (Netgear Switch) (Vlan)#exit Create an IP subnet based VLAN 2000. (Netgear Switch) #config (Netgear Switch) (Config)#interface range 1/0/1-1/0/24...
Page 26 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Creating an IP Subnet Based VLAN To use the Web interface to configure the IP subnet based VLAN, proceed as follows: Create VLAN 2000. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays.
Page 27 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays. Figure 1-20 b. Select 2000 in the VLAN ID field. Click the Unit 1. The Ports display. d.
Page 28: Voice Vlan
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Voice VLAN The voice VLAN feature enables switch ports to carry voice traffic with defined priority so as to enable separation of voice and data traffic coming onto the port. Voice VLAN is to ensure that sound quality of an IP phone could be safeguarded from deteriorating when the data traffic on the port is high.
Page 29 Configure Voice VLAN globally. (Netgear Switch) (Config)# voice vlan Configure Voice VLAN Mode in the interfce 1/0/2. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#voice vlan 10 (Netgear Switch) (Interface 1/0/2)#exit Create the DiffServ Class ClassVoiceVLAN. (Netgear Switch) (Config)#class-map match-all ClassVoiceVLAN Configure matching criteria for the class as VLAN 10.
Page 30 (Netgear Switch) (Config-policy-classmap)#exit Assign it to the interfaces 1/0/1 and 1/0/2. (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)# service-policy in PolicyVoiceVLAN Web Interface: Voice VLAN and Prioritizing Voice Traffic Create VLAN 10. From the main menu, select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays.
Page 31 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Add. At the end of this configuration a screen similar to the following displays. Figure 1-24 2. Include the ports 1/0/1 and 1/0/2 in the VLAN 10. From the main menu, select Switching > VLAN > Advanced -> VLAN Membership. A screen similar to the following displays.
Page 32 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Port 1 and Port 2 as Tagged. A screen similar to the following displays. Figure 1-26 d. Click Apply. Configure Voice VLAN globally. From the main menu, select Switching > VLAN > Advanced > Voice VLAN Configuration. A screen similar to the following displays.
Page 33 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. A screen similar to the following displays. Figure 1-28 Configure Voice VLAN Mode in the interface 1/0/2. From the main menu, select Switching > VLAN > Advanced -> Voice VLAN Configuration. b.
Page 34 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > Advanced > Class Configuration. A screen similar to the following displays. Figure 1-30 b. Enter Class Name as ClassVoiceVLAN. Select Class Type as All. A screen similar to the following displays. Figure 1-31 d.
Page 35 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Click the class ClassVoiceVLAN. A screen similar to the following displays. Figure 1-33 In the DiffServ Class Configuration table, select VLAN. d. Enter VLAN ID as 10. A screen similar to the following displays. Figure 1-34 Click Apply.
Page 36 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > Advanced > Policy Configuration. A screen similar to the following displays. Figure 1-36 b. Enter Policy Name as PolicyVoiceVLAN. Select Policy Type as In. d.
Page 37 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > Advanced > Policy Configuration. A screen similar to the following displays. Figure 1-38 b. Click the Policy PolicyVoiceVLAN. A screen similar to the following displays. Figure 1-39 1-28 Virtual LANs...
Page 38 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Assign Queue as 3. A screen similar to the following displays. Figure 1-40 d. Click Apply. 9. Assign it to the interfaces 1/0/1 and 1/0/2. From the main menu, select QoS > Advanced > Service Interface Configuration. A screen similar to the following displays.
Page 39 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Policy Name as PolicyVoiceVLAN. A screen similar to the following displays. Figure 1-42 d. Click Apply. A screen similar to the following displays. Figure 1-43 1-30 Virtual LANs v1.0, June 2010...
Page 40 Chapter 2 Link Aggregation This chapter includes instructions for configuring Link Aggregation (LAG). The following examples are provided: • “Create Two LAGs” on page 2-2 • “Add the Ports to the LAGs” on page 2-3 • “Enable Both LAGs” on page 2-5 Link Aggregation (LAG) allows the switch to treat multiple physical links between two end-points as a single logical link.
Page 41: Create Two Lags
Subnet 3 Figure 2-1 CLI: Creating Two LAGs (Netgear Switch) #config (Netgear Switch) (Config)#port-channel lag_10 (Netgear Switch) (Config)#port-channel lag_20 (Netgear Switch) (Config)#exit Use the show port-channel all command to show the logical interface ids you will use to identify the LAGs in subsequent commands.
Page 42: Add The Ports To The Lags
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Creating Two LAGs To use the Web interface to configure the managed switch, proceed as follows: Create LAG lag_10. From the main menu, select Switching > LAG >LAG Configuration. A screen similar to the following displays.
Page 43 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 CLI: Adding the Ports to the LAGs (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear Switch) (Interface 0/2)#exit (Netgear Switch) (Config)#interface 0/3 (Netgear Switch) (Interface 0/3)#addport 1/1...
Page 44: Enable Both Lags
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply to save the settings. 2. Add ports to the lag_20. From the main menu, select Switching > LAG >LAG Membership. A screen similar to the following displays. Figure 2-5 b.
Page 45 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Enabling Both LAGs To use the Web interface to configure the switch, proceed as follows: From the main menu, select Switching > LAG >LAG Configuration. A screen similar to the following displays.
Page 46: Chapter 3 Port Routing
Chapter 3 Port Routing In this chapter, the following examples are provided: • “Enable Routing for the Switch” on page 3-2 • “Enable Routing for Ports on the Switch” on page 3-3 • “Adding a Default Route” on page 3-6 •...
Page 47: Enable Routing For The Switch
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • IP Forwarding, responsible for forwarding received IP packets. • ARP Mapping, responsible for maintaining the ARP Table used to correlate IP and MAC addresses. The table contains both static entries and entries dynamically updated based on information in received ARP frames.
Page 48: Enable Routing For Ports On The Switch
Use the following command to enable routing for the switch. Execution of the command enables IP forwarding by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Web Interface: Enabling Routing for the Switch To use the Web interface to configure the managed switch, proceed as follows: From the main menu, select Routing >...
Page 49 CLI: Enabling Routing for Ports on the Switch (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 50 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the IP Address field, enter 192.150.2.1. • In the Subnet Mask field, enter 255.255.255.0. • Select Enable in Routing Mode field. d. Click Apply to save the settings. 2. Assign IP address 192.150.3.1/24 to the interface 1/0/3. From the main menu, select Routing >...
Page 51: Adding A Default Route
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 3-5 b. Under IP Interface Configuration, scroll down to interface 1/0/5 and select the checkbox for that interface.
Page 52 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 CLI: Add a Default Route (FSM7338S) (Config) #ip route default ? <nexthopip> Enter the IP Address of the next router. (FSM7328S) (Config)#ip route default 10.10.10.2 Note that IP subnet “10.10.10.0” should be configured via either Port Routing Configuration example either or VLAN Routing Configuration in the next chapter.
Page 53: Adding A Static Route
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Adding a Static Route If your network switch has multiple routing interface that would allow different forwarding path to be taken for reaching the same destination, it may make sense to create static route to force the packet to take certain route (port) instead of the default route.
Page 54 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Static in the Route Type field. Enter Network Address field. Noted this field is expecting a network IP address, not a host IP address. Do not put down something like “10,100.100.1”. The last number should always be zero. Enter Subnet Mask that matches the subnet range desired.
Page 55: Chapter 4 Vlan Routing
Chapter 4 VLAN Routing In this chapter, the following examples are provided: • “Create Two VLANs” • “Set Up VLAN Routing for the VLANs and the Switch” on page 4-6 • “Click Add to save the settings.” on page 4-8 You can configure the 7000 Series Managed Switch with some ports supporting VLANs and some supporting routing.
Page 56 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#vlan participation include 20 (Netgear Switch) (Interface 1/0/3)#vlan pvid 20 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#exit VLAN Routing...
Page 57 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Creating Two VLANs To use the Web interface to configure the managed switch, proceed as follows: Create VLAN 10, VLAN20. From the main menu, select Switching > VLAN >Advanced > VLAN configuration. A screen similar to the following displays.
Page 58 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 h. In the VLAN Name field, enter VLAN20. Select Static in the VLAN Type field. Click Add. 2. Add ports to the VLAN10 and VLAN20. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 59 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select 20 in the VLAN ID field. h. Click the Unit 1. The Ports display. Click the gray box under port 3 until T displays. The T specifies that the egress packet is tagged for the port.
Page 60: Set Up Vlan Routing For The Vlans And The Switch
CLI: Setting Up VLAN Routing for the VLANs and the Switch The following code sequence shows how to enable routing for the VLANs: (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan routing 10 (Netgear Switch) (Vlan)#vlan routing 20 (Netgear Switch) (Vlan)#exit This returns the logical interface IDs that will be used instead of slot/port in subsequent routing commands.
Page 61 The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface-vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface-vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface-vlan 20)#ip address 192.150.4.1 255.255.255.0...
Page 62 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > VLAN> VLAN Routing > VLAN Routing Configuration. A screen similar to the following displays. Figure 4-9 Under the VLAN Routing Configuration, enter the following information. •...
Page 63 Chapter 5 Routing Information Protocol In this chapter, the following examples are provided: • “Enable Routing for the Switch” on page 5-2 • “Enable Routing for Ports” on page 5-3 • “Enable RIP for the Switch” on page 5-5 • “Enable RIP for Ports 1/0/2 and 1/0/3”...
Page 64: Enable Routing For The Switch
CLI: Enabling Routing for the Switch The following sequence enables routing for the switch: (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Web Configuration: Enabling Routing for the Switch To use the Web interface to configure the managed switch, proceed as follows: Routing Information Protocol v1.0, June 2010...
Page 65: Enable Routing For Ports
Enable routing and assigns IP addresses for ports 1/0/2 and 1/0/3. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 66 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 5-3 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 67: Enable Rip For The Switch
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 5-4 b. Under IP Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 68: Enable Rip For Ports 1/0/2 And 1/0/3
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 CLI: Enabling RIP for the Switch The next sequence enables RIP for the switch. the route preference defaults to 15. (Netgear Switch) #config (Netgear Switch) (Config)#router rip (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#exit (Netgear Switch) (Config)#exit...
Page 69 RIPv2 formatted frames. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip rip (Netgear Switch) (Interface 1/0/2)#ip rip receive version both (Netgear Switch) (Interface 1/0/2)#ip rip send version rip2 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3...
Page 70: Vlan Routing Rip Configuration
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > RIP > Advanced>RIP Configuration. A screen similar to the following displays. Figure 5-7 Under the Interface Configuration, enter the following information. • Select 1/0/3 in the Interface field. •...
Page 71 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • RIPv2 defined in RFC 1723 – Route specification is extended to include subnet mask and gateway – The routing table is sent to a multicast address, reducing network traffic – An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP.
Page 72: Routing Information Protocol
(Netgear Switch) (Interface 1/0/3)#vlan pvid 20 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip address 192.150.4.1 255.255.255.0 (Netgear Switch) (Interface vlan 20)#exit Enable RIP for the switch.
Page 73 Enable RIP for the VLAN router ports. Authentication will default to none, and no default route entry will be created. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip rip (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20...
Page 74 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 5-10 b. Enter the following information in the VLAN Routing Wizard: •...
Page 75 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > RIP > Advanced>RIP Configuration. A screen similar to the following displays. Figure 5-12 b. Under the Interface Configuration, enter the following information. • Select 0/2/1 in the Interface field. •...
Page 76 Chapter 6 OSPF In this chapter, the following examples are provided: • “Configure an Inter-Area Router” on page 6-2 • “Configure OSPF on a Border Router” on page 6-8 • “Configure Area 1 as a Stub Area” on page 6-15 •...
Page 77: Configure An Inter-Area Router
Port 1/0/3 192.150.2.1 192.150.3.1 Border Border Router Router Area 2 Area 3 Figure 6-1 CLI: Configuring an Inter-Area Router Step 1: Enable Routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit OSPF v1.0, June 2010...
Page 78 Step 2: Assign IP addresses for ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 79 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable IP routing on the switch: From the main menu, select Routing > IP > IP Configuration. A screen similar to the following displays. Figure 6-2 b. Next to the Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 80 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply to save the settings. 3. Assign IP address 192.150.3.1 to the port 1/0/3: From the main menu, select Routing > IP > Advanced> IP Interface Configuration. A screen similar to the following displays.
Page 81 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > OSPF > Advanced> OSPF Configuration. A screen similar to the following displays. Figure 6-5 b. Under the OSPF Configuration, enter the following information: • In the Router ID, enter 192.150.9.9.
Page 82 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 6-6 b. Under Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 83: Configure Ospf On A Border Router
The example is shown as CLI commands and as a Web interface procedure. For an OSPF example network, Figure 6-1 on page 6-2. CLI: Configuring OSPF on a Border Router Enable routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing OSPF v1.0, June 2010...
Page 84 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable routing & assign IP for ports 1/0/2, 1/0/3 and 1/0/4. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.130.3.1 255.255.255.0...
Page 85 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#ip ospf (Netgear Switch) (Interface 1/0/4)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface 1/0/4)#ip ospf priority 255 (Netgear Switch) (Interface 1/0/4)#ip ospf cost 64 (Netgear Switch) (Interface 1/0/4)#exit...
Page 86 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-9 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 87 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IP Interface Configuration: • In the IP Address field, enter 192.130.3.1. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field. d.
Page 88 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-12 b. Under the OSPF Configuration, enter the following information: • In the Router ID, enter 192.130.1.1. • Select the Enable in the OSPF Admin Mode field. • Select the Disable in the RFC 1583 Compatibility field. Click Apply to save the settings.
Page 89 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2. •...
Page 90: Configure Area 1 As A Stub Area
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-15 b. Under Interface Configuration, scroll down to interface 1/0/4 and select the checkbox for that interface. Now 1/0/4 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2. •...
Page 91 Configure the area 0.0.0.1 as a stub area (Netgear Switch) (Config-router)#area 0.0.0.1 stub Switch A only inject a default route to the area 0.0.0.1. (Netgear Switch) (Config-router)#no area 0.0.0.1 stub summarylsa (Netgear Switch) (Config-router)#exit Enable OSPF area 0 on the 2/0/11.
Page 92 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State ---------------- ----------- ------------------- --------- 4.4.4.4 192.168.10.2 2/0/11 Full 2.2.2.2 192.168.20.2 2/0/19 Full (Netgear Switch) #show ip route Total Number of Routes......
Page 93 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-18 b. Under IP Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 94 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the IP Address field, enter 192.168.20.1. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field. d. Click Apply to save the settings. Specify the Router ID and Enable OSPF for the switch.
Page 95 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.0. •...
Page 96 (Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address 192.168.20.2 255.255.255.0 (Netgear Switch) (Interface 1/0/15)#ip ospf (Netgear Switch) (Interface 1/0/15)#ip ospf areaid 0.0.0.1 (Netgear Switch) (Interface 1/0/15)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......2...
Page 97 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring Area 1 as a Stub Area on A2 To use the Web interface to configure OSPF on the switch, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >...
Page 98 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Select Enable in the Admin Mode field. d. Click Apply to save the settings. Specify the Router ID and Enable OSPF for the switch From the main menu, select Routing > OSPF > Basic> OSPF Configuration. A screen similar to the following displays.
Page 99: Configure Area 1 As A Nssa Area
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply to save the settings. Configure area 0.0.0.1 as a stub area. From the main menu, select Routing > OSPF > Advanced> Stub Area Configuration. A screen similar to the following displays. Figure 6-28 b.
Page 100 Enable area 0.0.0.1 on the 2/0/19. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 2/0/11 (Netgear Switch) (Interface 2/0/11)#routing (Netgear Switch) (Interface 2/0/11)#ip address 192.168.10.1 255.255.255.0 (Netgear Switch) (Interface 2/0/11)#ip ospf (Netgear Switch) (Interface 2/0/11)#exit (Netgear Switch) (Config)#interface 2/0/19 (Netgear Switch) (Interface 2/0/19)#routing (Netgear Switch) (Interface 2/0/19)#ip address 192.168.20.1 255.255.255.0...
Page 101 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Interface 2/0/19)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......2 Network Subnet Next Hop Next Hop Address Mask Protocol Intf IP Address --------------- --------------- ------------...
Page 102 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-31 b. Under IP Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 103 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the IP Address field, enter 192.168.20.1. • In the Subnet Mask field, enter 255.255.255.0. • Select Enable in the Admin Mode field. d. Click Apply to save the settings. Specify the Router ID and Enable OSPF for the switch.
Page 104 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface. 2/0/11 now appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.0. •...
Page 105 Enable OSPF area 0.0.0.1 on the 1/0/15. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#routing (Netgear Switch) (Interface 1/0/11)#ip address 192.168.30.1 255.255.255.0 (Netgear Switch) (Interface 1/0/11)#ip rip (Netgear Switch) (Interface 1/0/11)#exit (Netgear Switch) (Config)#interface 1/0/15 (Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address 192.168.20.2...
Page 106 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Interface 1/0/15)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......6 Network Subnet Next Hop Next Hop Address Mask Protocol Intf IP Address --------------- --------------- ------------...
Page 107 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-38 b. Under IP Interface Configuration, scroll down to interface 1/0/11 and select the checkbox for that interface. Now 1/0/11 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 108 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IP Interface Configuration: • In the IP Address field, enter 192.168.20.2. • In the Network Mask field, enter 255.255.255.0. • Select Enable in the Routing Mode field. d.
Page 109 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable OSPF on the port 1/0/15. From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 6-42 b. Under IP Interface Configuration, scroll down to interface 1/0/15 and select the checkbox for that interface.
Page 110: Vlan Routing Ospf Configuration
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Redistribute the RIP routes into the OSPF area. From the main menu, select Routing > OSPF > Advanced>Route Redistribution. A screen similar to the following displays. Figure 6-44 b. In the Route Redistribution, select RIP in the Available Source field. Click Add to add a route redistribution.
Page 111 (Netgear Switch) (Interface 1/0/3)#vlan pvid 20 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip address 192.150.4.1 255.255.255.0 (Netgear Switch) (Interface vlan 20)#exit Specify the router ID and enable OSPF for the switch.
Page 112 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 nable OSPF for the VLAN and physical router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface vlan 10)#ip ospf (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip ospf areaid 0.0.0.3...
Page 113 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Enter the following information in the VLAN Routing Wizard. • In the Vlan ID field, enter 10. • In the IP Address field, enter 192.150.3.1. • In the Network Mask field, enter 255.255.255.0. Click Unit 1.
Page 114 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-47 b. Next to the OSPF Admin Mode, select Enable Radio button. Enter 192.150.9.9 in the Router ID filed. d. Click Apply to save the setting. Enable OSPF on the VLAN 10. From the main menu, select Routing >...
Page 115: Ospfv3 (Open Shortest Path First)
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable OSPF on the VLAN 20. From the main menu, select Routing > OSPF > Advanced>Interface Configuration. A screen similar to the following displays. Figure 6-49 b. Under the Interface Configuration, click the VLANS to show all the VLAN interfaces. Under IP Interface Configuration, scroll down to interface 0/2/2 and select the checkbox for that interface.
Page 116 (Netgear Switch) (Config-rtr)#exit Enable routing mode on the interface 1/0/1 and assign 2000::1 to IPv6 address. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ipv6 address 2000::1/64 (Netgear Switch) (Interface 1/0/1)#ipv6 enable OSPF 6-41 v1.0, June 2010...
Page 117 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable OSPFv3 on the interface 1/0/1, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (Interface 1/0/1)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor Router ID...
Page 118 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IPv6 > IPv6 Global Configuration. A screen similar to the following displays. Figure 6-51 Next to the IPv6 Unicast Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 119 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IPv6 > Advanced> IP Interface Configuration. A screen similar to the following displays. Figure 6-53 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for that interface.
Page 120 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IPv6 Interface Configuration: • In the IPv6 Prefix edit box, enter 2001::1. • In the Length edit box, enter 64. • Select Disable in the EUI64 field. •...
Page 121 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 6-56 To use the Web interface to configure OSPF on the switch A2, refer to the configuration of switch A1. 6-46 OSPF v1.0, June 2010...
Page 122: Proxy Arp Examples
ARP request arrived Proxy ARP Examples The following are examples of the commands used in the proxy ARP feature. CLI: show ip interface (Netgear Switch) #show ip interface ? <slot/port> Enter an interface in slot/port format. brief Display summary information about IP configuration settings for all ports.
Page 123 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 CLI: ip proxy-arp (Netgear Switch) (Interface 0/24)#ip proxy-arp ? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 0/24)#ip proxy-arp Web Interface: Configuring Proxy ARP on a Port To use the Web interface to configure proxy ARP on a port, proceed as follows: Configure proxy ARP.
Page 124 Chapter 8 Virtual Router Redundancy Protocol In this chapter, the following examples are provided: • “Configure VRRP on a Master Router” on page 8-2 • “Configure VRRP on a Backup Router” on page 8-4 When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network.
Page 125: Configure Vrrp On A Master Router
1/0/2 is the same as the port’s actual IP address, therefore this router will always be the VRRP master when it is active. And the priority default is 255. (Netgear Switch) (Interface 1/0/2)#ip vrrp 20 ip 192.150.2.1 Virtual Router Redundancy Protocol...
Page 126 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable VRRP on the port. (Netgear Switch) (Interface 1/0/2)#ip vrrp 20 mode (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Configuring VRRP on a Master Router To use the Web interface to configure VRRP on a master router on the switch, proceed as follows: Enable IP routing on the switch: From the main menu, select Routing >...
Page 127: Configure Vrrp On A Backup Router
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. Now 1/0/2 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 128 4 is the same as Router 1’s port 1/0/2 actual IP address, this router will always be the VRRP backup when Router 1 is active. (Netgear Switch) (Interface 1/0/4)#ip vrrp 20 ip 192.150.2.1 Set the priority for the port. The default priority is 100.
Page 129 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring VRRP on a Backup Router To use the Web interface to configure VRRP on a backup router on the switch, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >...
Page 130 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the Network Mask field, enter 255.255.0.0. • Select Enablein the Admin Mode field. d. Click Apply to save the settings. Enable VRRP on the 1/0/4. From the main menu, select Routing > VRRP > Basic> VRRP Configuration. A screen similar to the following displays.
Page 131: Mac Acls
Chapter 9 Access Control Lists (ACLs) This chapter describes the Access Control Lists (ACLs) feature. The following examples are provided: • “Set up an IP ACL with Two Rules” on page 9-3 • “Configure a One-Way Access Using a TCP Flag in an ACL” on page 9-8 •...
Page 132: Configuring Ip Acls
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Ethertype – Secondary CoS (802.1p) – Secondary VLAN (or range of IDs) • L2 ACLs can apply to one or more interfaces • Multiple access lists can be applied to a single interface - sequence number determines the order of execution •...
Page 133: Set Up An Ip Acl With Two Rules
(after the mask has been applied), that are carrying TCP traffic, and that are sent to the specified destination IP address. CLI Commands (Netgear Switch) #config (Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Access Control Lists (ACLs) v1.0, June 2010...
Page 134 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Define the second rule for ACL 101 to set similar conditions for UDP traffic as for TCP traffic. (Netgear Switch) (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted.
Page 135 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 following displays. Figure 9-3 b. Next to ACL ID, select 101. Click Add to create a new rule. Create a new ACL rule and add it to the ACL 101. a. After you click the Add button on the step 2, A screen similar to the following displays. Figure 9-4 Enter the following information in the Extended ACL Rule Configuration.
Page 136 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Select TCP in the Protocol Type field. • In the Source IP Address, enter 192.168.77.0. • In the Source IP Mask, enter 0.0.0.255. • In the Destination IP Address, enter 192.178.77.0. •...
Page 137 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 to the following displays. Figure 9-6 b. Enter the following information in the IP Binding Configuration. • Select 101 in the ACL ID field. • In the Sequence Number field, enter 1. Click the Unit 1.
Page 138: Configure A One-Way Access Using A Tcp Flag In An Acl
(Netgear Switch) (Vlan)#vlan 30 (Netgear Switch) (Vlan)#vlan routing 30 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/35 (Netgear Switch) (Interface 0/35)#vlan pvid 30 (Netgear Switch) (Interface 0/35)#vlan participation include 30 (Netgear Switch) (Interface 0/35)#exit Access Control Lists (ACLs) v1.0, June 2010...
Page 139 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Config)#interface vlan 30 (Netgear Switch) (Interface-vlan 30)#routing (Netgear Switch) (Interface-vlan 30)#ip address 192.168.30.1 255.255.255.0 (Netgear Switch) (Interface-vlan 30)#exit (Netgear Switch) (Config)#exit Create VLAN 100 with port 0/13 and assign IP address 192.168.100.1/24.
Page 140 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create an ACL that denies all the packets with TCP flags +syn-ack. (Netgear Switch) (Config)#access-list 101 deny tcp any any flag +syn -ack Create an ACL that permits all the IP packets.
Page 141: Configuring The Switch
(Netgear Switch) (Vlan)#exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/25 (Netgear Switch) (Interface 1/0/25)#vlan pvid 50 (Netgear Switch) (Interface 1/0/25)#vlan participation include 50 (Netgear Switch) (Interface 1/0/25)#exit (Netgear Switch) (Config)#interface vlan 50 (Netgear Switch) (Interface-vlan 50)#routing (Netgear Switch) (Interface-vlan 50)#ip address 192.168.50.1 255.255.255.0...
Page 142 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-8 b. Enter the following information in the VLAN Routing Wizard: •...
Page 143 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-9 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 100. • In the IP Address field, enter 192.168.100.1. • In the Network Mask field, enter 255.255.255.0. Click Unit 1.
Page 144 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-10 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 200. • In the IP Address field, enter 192.168.200.1. • In the Network Mask field, enter 255.255.255.0. Click Unit 1.
Page 145 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing. 5.
Page 146 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-13 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.50.0. •...
Page 147 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create an ACL with ID 102: From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-15 b. In the IP ACL ID field of the IP ACL Table, enter 102. Click Add.
Page 148 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Add. The Extended ACL Rule Configuration screen displays. Figure 9-17 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 149 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-18 b. Under IP Extended Rules, select 102 in the ACL ID field. Click Add. The Extended ACL Rule Configuration screen displays. Figure 9-19 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 150 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 11. Apply ACL 101 to port 44. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-20 b. Under Binding Configuration, make the following selection and enter the following information: •...
Page 151 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-21 b. Under Binding Configuration, make the following selection and enter the following information: • Select 102 in the ACL ID field. • In the Sequence Number field, enter 2. Click Unit 1.
Page 152 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 following displays. Figure 9-22 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 40. • In the IP Address field, enter 192.168.40.1. • In the Network Mask field, enter 255.255.255.0.
Page 153 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create VLAN 50 with IP address 192.168.50.1/24: From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-23 b. Enter the following information in the VLAN Routing Wizard: •...
Page 154 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-24 b. Enter the following information in the VLAN Routing Wizard: •...
Page 155 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-25 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.100.0. •...
Page 156: Configure Isolated Vlans On A Layer 3 Switch By Using Acls
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under Configure Routes, make the following selection and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.30.0. • In the Subnet Mask field, enter 255.255.255.0. •...
Page 157 (Netgear Switch) (Vlan)#vlan routing 24 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 24 (Netgear Switch) (Interface 1/0/24)#vlan pvid 24 (Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch) (Config)#interface vlan 24 (Netgear Switch) (Interface-vlan 24)#routing (Netgear Switch) (Interface-vlan 24)#ip address 192.168.24.1 255.255.255.0...
Page 158 (Netgear Switch) (Config)#ip route default 10.100.5.252 Create ACL 101 to deny all traffic that has destination IP 192.168.24.0/24. (Netgear Switch) (Config)#access-list 101 deny ip any 192.168.24.0 0.0.0.255 Create ACL 102 to deny all traffic that has destination IP 192.168.48.0/24. (Netgear Switch) (Config)#access-list 102 deny ip any 192.168.48.0 0.0.0.255 Create ACL 103 to permit all other traffic.
Page 159 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring a One-Way Access Using a TCP Flag in an ACL To use the Web interface to isolate VLANs on a Layer 3 switch by using ACLs, proceed as follows: Create VLAN 24 with IP address 192.168.24.1: From the main menu, select Routing >...
Page 160 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-29 b. Enter the following information in the VLAN Routing Wizard: •...
Page 161 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-30 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 38. • In the IP Address field, enter 10.100.5.34. • In the Network Mask field, enter 255.255.255.0. Click Unit 1.
Page 162 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing. Create an ACL with ID 101: From the main menu, select Security >...
Page 163 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. In the IP ACL ID field of the IP ACL Table, enter 102. Click Add. Create an ACL with ID 103: From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays.
Page 164 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Add. The Extended ACL Rule Configuration screen displays. Figure 9-36 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. •...
Page 165 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-37 b. Under IP Extended Rules, select 102 in the ACL ID field. Click Add. The Extended ACL Rule Configuration screen displays. Figure 9-38 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 166 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 10. Add and configure an IP extended rule that is associated with ACL 103: From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays.
Page 167 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 11. Apply ACL 102 to port 24: From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-41 b. Under Binding Configuration, make the following selection and enter the following information: •...
Page 168 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 9-42 b. Under Binding Configuration, make the following selection and enter the following information: • Select 101 in the ACL ID field. • In the Sequence Number field, enter 1. Click Unit 1.
Page 169: Set Up A Mac Acl With Two Rules
The example is shown as CLI commands and as a Web interface procedure. CLI: Setting up a MAC ACL with Two Rules Create a new MAC ACL acl_bpdu. (Netgear Switch) # (Netgear Switch) #config (Netgear Switch) (Config)#mac access-list extended acl_bpdu 9-39 Access Control Lists (ACLs) v1.0, June 2010...
Page 170 Apply the MAC ACL acl_bpdu to the port 1/0/2. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#mac access-group acl_bpdu in Web Interface: Setting up a MAC ACL with Two Rules To use the Web interface to configure MAC ACL on a port on the switch, proceed as follows: Create MAC ACL 101 on the switch: From the main menu, select Security >...
Page 171 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL >MAC ACL> MAC Rules. A screen similar to the following displays. Figure 9-45 Select acl_bpdu in the ACL Name field. b. Select Deny in the Action field. Enter the following information in the Rule Table.
Page 172 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select acl_bpdu in the ACL Name field. b. Enter the following information in the Rule Table. • In the ID field, enter 2. • Select the Permit in the Action field. Click theAdd button.
Page 173: Acl Mirroring
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 ACL Mirroring This feature extends the existing port mirroring functionality by allowing to mirror a desired traffic stream in an interface. It helps to mirror the desired traffic stream rather mirroring entire traffic in an interface. It has been associated with ACL functionality.
Page 174 (Netgear Switch) (Config)# ip access-list monitorHost Define the rules to match the host 10.0.0.1 and to permit every other. (Netgear Switch) (Config-ipv4-acl)# permit ip 10.0.0.1 0.0.0.0 any mirror 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Bind the ACL with the interface 1/0/1.
Page 175 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring ACL Mirroring To use the Web interface to configure IP ACL on a port on the switch, proceed as follows: Create an IP access control list with the name monitorHost on the switch: From the main menu, select Security >...
Page 176 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 9-51 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays Figure 9-52 Enter Rule ID as 1.
Page 177 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays Figure 9-53 b. Click Add and a screen similar to the following displays. Figure 9-54 Enter the Rule ID as 2.
Page 178 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Bind the ACL with the interface 1/0/1. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-56 b. Enter Sequence Number as 1. Click Unit 1 in the Port Selection Table to display all the ports for the device.
Page 179: Acl Redirect
Create a IP Access Control List with the name redirectHTTP. (Netgear Switch) (Config)#ip access-list redirectHTTP Define a rule to match the HTTP stream and define a rule to permit every other. (Netgear Switch) (Config-ipv4-acl)# permit tcp any any eq http redirect 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every 9-49 Access Control Lists (ACLs) v1.0, June 2010...
Page 180 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Bind the ACL with the interface 1/0/1. (Netgear Switch) (Interface 1/0/1)#ip access-group redirectHTTP in 1 View the configuration. (Netgear Switch) # show ip access-lists Current number of ACLs: 1 Maximum number of ACLs: 100...
Page 181 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-59 b. In the IP ACL filed enter redirectHTTP. Click Add to create the IP ACL redirectHTTP. At the end of this configuration a screen similar to the following displays.
Page 182 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 9-61 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays. Figure 9-62 Enter Rule ID as 1.
Page 183 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 9-63 b. Click Add to take the Extended ACL Rule Configuration screen similar to the following displays. Figure 9-64 Enter Rule ID as 2.
Page 184 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 9-65 Bind the ACL with the interface 1/0/1. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays.
Page 185: Configure Ipv6 Acls
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 9-67 Configure IPv6 ACLs This feature extends the existing IPv4 ACL by providing support for IPv6 packet classification. IPv6 ACLs classify for Layer 3 IPv6 traffic.
Page 186 IPv6 Any other traffic Figure 9-68 CLI: Configuring an IPv6 ACL Create the Access Control List with the name ipv6-acl. (Netgear Switch) (Config)# ipv6 access-list ipv6-acl Define three rules to: • Permit ANY IPv6 traffic to the destination network 2001:DB8:C0AB:AC14::/64 from the source network 2001:DB8:C0AB:AC11::/64.
Page 187 (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 2001:DB8:C0AB:AC13::/64 eq telnet (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 any eq http Apply rules the rule to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/1...
Page 188 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring an IPv6 ACL Create the Access Control List with the name ipv6-acl From the main menu, select Security > ACL > Advanced > IPv6 ACL. b. In the IPv6 ACL table, enter ipv6-acl in the IPv6 ACL field. A screen similar to the following displays.
Page 189 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > ACL > Advanced > IPv6 Rules. A screen similar to the following displays. Figure 9-71 b. Select the ACL Name as ipv6-acl. Click Add. d.
Page 190 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. 3. Add Rule 2. Enter Rule ID as 2. b. Select Action as Permit. Select Protocol Type as TCP. d. Enter Source Prefix as 2001:DB8:C0AB:AC11::. Enter Source Prefix Length as 64. Enter Destination Prefix as 2001:DB8:C0AB:AC13::.
Page 191 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Source L4 Port as http. A screen similar to the following displays. Figure 9-74 Click Apply. 5. Apply the rules to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted. From the main menu, select Security >...
Page 192 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 9-76 View the binding table. From the main menu, select Security > ACL > Advanced-> Binding Table. A screen similar to the following displays.
Page 193 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 9-63 Access Control Lists (ACLs) v1.0, June 2010...
Page 194: Chapter 10 Class Of Service (Cos) Queuing
Chapter 10 Class of Service (CoS) Queuing This section describes the Class of Service (CoS) Queue Mapping and Traffic Shaping features. In this chapter, the following examples are provided: • “Show classofservice Trust” on page 10-3 • “Set classofservice trust Mode” on page 10-3 •...
Page 195: Cos Queue Configuration
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Can only have one trust field at a time - per port. – 802.1p User Priority (default trust mode - Managed through Switching configuration) – IP Precedence – IP DiffServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header.
Page 196: Show Classofservice Trust
Traffic Shaping for an entire interface Show classofservice Trust CLI: Showing classofservice trust To use the CLI to show CoS trust mode, use these commands. (Netgear Switch) #show classofservice trust? <cr> Press Enter to execute the command. (Netgear Switch) #show classofservice trust...
Page 197 Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Config)#classofservice trust dot1p? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#classofservice trust dot1p Web Interface: Setting classofservice Trust Mode To use the Web interface to show CoS trust mode, proceed as follows: From the main menu, select QoS >...
Page 198: Show Classofservice Ip-Precedence Mapping
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Show classofservice ip-precedence Mapping The example is shown as CLI commands and as a Web interface procedure. CLI: Showing classofservice ip-precedence Mapping (Netgear Switch) #show classofservice ip-precedence-mapping IP Precedence Traffic Class -------------...
Page 199: Configure Cos-Queue Min-Bandwidth And Strict Priority Scheduler Mode
Enter the minimum bandwidth percentage for Queue 0. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict? <queue-id> Enter a Queue Id from 0 to 7.
Page 200 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > Advanced >Interface Queue Configuration. A screen similar to the following displays. Figure 10-4 b. Select the 0 in the Queue ID field. Under Interface Queue Configuration, scroll down to interface 1/0/2 and select the checkbox for 1/ 0/1.
Page 201: Set Cos Trust Mode Of An Interface
Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p 10-8 Class of Service (CoS) Queuing v1.0, June 2010...
Page 202: Configure Traffic Shaping
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Note: The Traffic Class value range is <0-6> instead of <0-7> because queue 7 is reserved in a stacking build for stack control, and is therefore not configurable by the user. Web Interface: Setting CoS Trust Mode of an Interface To use the Web interface to set CoS trust mode of an interface, set Cos Trust Mode to dot1p of the interface 1/0/3:...
Page 203 CLI: Configuring traffic-shape (Netgear Switch) (Config)#traffic-shape? <bw> Enter the shaping bandwidth percentage from 0 to 100 in increments of 5. (Netgear Switch) (Config)#traffic-shape 70? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#traffic-shape 70 (Netgear Switch) (Config)# Web Interface: Configuring Traffic-shape To use the Web interface to configure traffic-shape, proceed as follows: Set the shaping bandwidth percentage to 70%.
Page 204 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under CoS Interface Configuration, scroll down to interface 1/0/3 and select the 1/0/3 checkbox. Now 1/0/3 appears in the Interface field at the top. In the Interface Shaping Rate(0 to 100) field, enter 70. d.
Page 205: Chapter 11 Differentiated Services
Chapter 11 Differentiated Services In this chapter, the following examples are provided: • “Differentiated Services” on page 11-2 • “DiffServ for VoIP Configuration” on page 11-20 • “Auto VoIP Configuration” on page 11-29 • “DiffServ for IPv6 Configuration Example” on page 11-33 •...
Page 206 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Policy. Defines the QoS attributes for one or more traffic classes. An example of an attribute is the ability to mark a packet at ingress. The 7000 Series Managed Switch supports a Traffic Conditions Policy.
Page 207 Create a DiffServ class of type “all” for each of the departments, and name them. Define the match criteria - - Source IP address -- for the new classes. (Netgear Switch) (Config)#class-map match-all finance_dept (Netgear Switch) (Config class-map)#match srcip 172.16.10.0 255.255.255.0 (Netgear Switch) (Config class-map)#exit (Netgear Switch) (Config)#class-map match-all marketing_dept (Netgear Switch) (Config class-map)#match srcip 172.16.20.0 255.255.255.0...
Page 208 It is presumed that the switch will forward this traffic to interface 1/0/5 based on a normal destination address lookup for internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit...
Page 209 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ >Basic >DiffServ Configuration. A screen similar to the following displays. Figure 11-2 b. Next to the Diffserv Admin Mode, select the Enable radio button. Click Apply to save the settings.
Page 210 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click the finance_dept to configure this class. Figure 11-4 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.10.0. • In the Source Mask field, enter 255.255.255.0. Click Apply.
Page 211 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Enter the following information in the Class Configuration • In the Class Name field, enter marketing_dept. • Select All in the Class Type field. Click Add to create a new class marketing_dept. d.
Page 212 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced >Class Configuration. A screen similar to the following displays. Figure 11-7 b. Enter the following information in the Class Configuration • In the Class Name field, enter test_dept.
Page 213 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.30.0. • In the Source Mask field, enter 255.255.255.0. Click Apply. Create class development_dept. From the main menu, select QoS >...
Page 214 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-10 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.40.0. • In the Source Mask field, enter 255.255.255.0. Click Apply. Create a policy named internet_access and add the class finance_dept into it.
Page 215 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Enter the following information in the Class Configuration • In the Policy Selector field, enter internet_access. • Select the finance_dept in the Member Class field. Click the Add to create a new policy internet_access. 7.
Page 216 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-13 b. Under Policy Configuration, scroll down to internet_access and select the checkbox for internet_access. Internet_access now appears in the Policy Selector field at the top. Select the test_dept in the Member Class field. d.
Page 217 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced >Policy Configuration. A screen similar to the following displays. Figure 11-15 b. Click the internet_access whose member class is finance_dept. another screen similar to the following displays.
Page 218 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 11-17 b. Click the internet_access whose member class is marketing_dept. another screen similar to the following displays.
Page 219 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced >Policy Configuration. A screen similar to the following displays. Figure 11-19 b. Click the internet_access whose member class is test_dept. another screen similar to the following displays.
Page 220 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 11-21 b. Click the internet_access whose member class is development_dept. another screen similar to the following displays.
Page 221 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > Advanced >Service Configuration. A screen similar to the following displays. Figure 11-23 b. Scroll down to interface 1/0/1 and select the checkbox for 1/0/1. Scroll down to interface 1/0/2 and select the checkbox for 1/0/2.
Page 222 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-24 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/0/5. 1/0/5 now appears in the Interface field at the top. Select the 1 in the Queue ID field d.
Page 223 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select the 2 in the Queue ID field d. In the Minimum Bandwidth field, enter 25. Click Apply. 17. Set the CoS queue 3 configuration for the interface 1/0/5. From the main menu, select QoS > CoS >Advanced >Interface Queue Configuration. A screen similar to the following displays.
Page 224: Diffserv For Voip Configuration
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-27 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/0/5. 1/0/5 now appears in the Interface field at the top. Select the 4 in the Queue ID field d.
Page 225 The class type “match-all” indicates that all match criteria defined for the class must be satisfied in order for a packet to be considered a match. (Netgear Switch) (Config)#class-map match-all class_voip (Netgear Switch) (Config class-map)#match protocol udp (Netgear Switch) (Config class-map)#exit 11-21 Differentiated Services v1.0, June 2010...
Page 226 (DSCP) of 'EF' (expedited forwarding). This handles incoming traffic that was previously marked as expedited somewhere in the network. (Netgear Switch) (Config)#class-map match-all class_ef (Netgear Switch) (Config class-map)#match ip dscp ef (Netgear Switch) (Config class-map)#exit Create a DiffServ policy for inbound traffic named 'pol_voip', then add the previously created classes 'class_ef' and 'class_voip' as instances within this policy.
Page 227 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-29 b. Under Interface Queue Configuration, select all the interfaces. Select 5 in the Queue ID field. d. Select Strict in the Scheduler Type field. Click the Apply to save the settings. Enable the DiffServ From the main menu, select QoS >...
Page 228 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-31 b. In the Class Name, enter class_voip. Select All in the Class Type field. Click Add to create a new class. Click the class_voip, another screen similar to the following displays: Figure 11-32 Select UDP in the Protocol Type field.
Page 229 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced >DiffServ Configuration. A screen similar to the following displays. Figure 11-33 b. In the Class Name, enter class_ef. Select All in the Class Type field. Click the Add to create a new class.
Page 230 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply to create a new class. Create a policy pol_voip and add class_voip into this policy From the main menu, select QoS > DiffServ> Advanced > Policy Configuration. A screen similar to the following displays.
Page 231 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 For the Policy Attribute, click the Mark IP DSCP radio button and select ef in the Mark IP DSCP field. Click Apply to create a new policy. 6. Add class_ef into the policy pol_voip. From the main menu, select QoS >...
Page 232 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 11-38 Select the 5 in the Assign Queue field. Click Apply to create a new policy. 7. Attach the defined policy to the interface 1/0/2 in the inbound direction From the main menu, select QoS > DiffServ > Advanced > Service Configuration. A screen similar to the following displays.
Page 233: Auto Voip Configuration
Figure 11-40 This script in this section shows how to setup Auto VoIP system wide. CLI: Configuring Auto VoIP Enable Auto VoIP to all the interfaces in the device. (Netgear Switch) (Config)# auto-voip all 11-29 Differentiated Services v1.0, June 2010...
Page 234 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 View the Auto VoIP information: (Netgear Switch) # show auto-voip interface all Interface Auto VoIP Mode Traffic Class --------- -------------- ------------- 1/0/1 Enabled 1/0/2 Enabled 1/0/3 Enabled 1/0/4 Enabled 1/0/5 Enabled...
Page 235 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Auto VoIP. A screen similar to the following displays. Figure 11-41 b. Select the check box in the first row to select all the interfaces. Select Auto VoIP mode as Enabled.
Page 236 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-43 Differentiated Services 11-32 v1.0, June 2010...
Page 237: Diffserv For Ipv6 Configuration Example
Figure 11-44 This script in this section shows how to prioritize ICMPv6 traffic over other IPv6 traffic. CLI: Configuring DiffServ for IPv6 Create the IPv6 Class classicmpv6. (Netgear Switch) (Config)# class-map match-all classicmpv6 ipv6 11-33 Differentiated Services v1.0, June 2010...
Page 238 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Define matching criteria as protocol ICMPv6. (Netgear Switch) (Config-classmap) # match protocol 58 (Netgear Switch) (Config-classmap) # exit Create the policy policyicmpv6. (Netgear Switch) (Config)# policy-map policyicmpv6 in Associate the previously created class classicmpv6.
Page 239 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. Figure 11-45 b. Enter Class Name as classicmpv6. Select Class Type as All. A screen similar to the following displays. Figure 11-46 d.
Page 240 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. Figure 11-48 b. Click the class classicmpv6. A screen similar to the following displays. Figure 11-49 Differentiated Services 11-36...
Page 241 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 For the Protocol Type, select Other and enter 58. A screen similar to the following displays. Figure 11-50 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-51 Create the policy policyicmpv6 and associate the previously created class classicmpv6.
Page 242 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. Figure 11-52 b. Enter the Policy Name as policyicmpv6. For the Policy Type, select In. d.
Page 243 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. Figure 11-54 b. Click the Policy policyicmpv6 A screen similar to the following displays. Figure 11-55 11-39 Differentiated Services...
Page 244 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Assign Queue as 6.. Figure 11-56 d. Click Apply. 5. Attach the policy policyicmpv6 in the interface 1/0/1,1/0/2 and 1/0/3. From the main menu, select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays.
Page 245: Color Conform Policy Configuration
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Select Policy Name as policyicmpv6. Click the check box for the interfaces 1/0/1, 1/0/2 and 1/0/3. A screen similar to the following displays. Figure 11-58 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 11-59 Color Conform Policy Configuration This example shows how to create a policy to police the traffic to a committed rate and the packets with IP...
Page 246 (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#vlan participation include 5 (Netgear Switch) (Interface 1/0/13)#vlan tagging 5 (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface 1/0/25 (Netgear Switch) (Interface 1/0/25)#vlan participation include 5...
Page 247 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Apply this policy to port 1/0/13. (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#service-policy in policy_vlan (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#exit Web Interface: Configuring a Color Conform Policy Create a VLAN .
Page 248 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays. Figure 11-61 b. Select 5 in the VLAN ID field. Click Unit 1. The Ports display. d.
Page 249 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Enter the following information in the Class Configuration • In the Class Name field, enter class_vlan. • In the class Type field, select All. Click Add to create a new class class_vlan. d.
Page 250 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create a class class_color. From the main menu, select QoS > DiffServ >Advanced > Class Configuration. A screen similar to the following displays. Figure 11-65 b. Enter the following information in the Class Configuration •...
Page 251 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 After that, a screen similar to the following displays: Figure 11-67 Under the Diffserv Class Configuration page, select 7 from the Precedence Value field. Click Apply. Create a policy policy_vlan. 11-47 Differentiated Services v1.0, June 2010...
Page 252 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ >Advanced > Policy Configuration. A screen similar to the following displays. Figure 11-68 b. In the Policy Name field, enter policy_vlan. In the Policy Type field, Select In. d.
Page 253 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the Member Class field, enter class_vlan. d. Click Apply. Configure policy_vlan. From the main menu, select QoS > DiffServ >Advanced > Policy Configuration. Click the policy_vlan , a screen similar to the following displays. Figure 11-70 b.
Page 254 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select QoS > DiffServ >Advanced > Service Interface Configuration. A screen similar to the following displays. Figure 11-71 b. Under Service Interface Configuration, scroll and select the checkbox for 1/0/13. In the Policy Name field, select policy_vlan.
Page 255: Chapter 12 Igmp Snooping And Querier
The following are examples of the commands used in the IGMP Snooping feature. CLI: Enabling IGMP Snooping The following example shows how to enable IGMP snooping. (Netgear Switch) #config (Netgear Switch) (Config)#set ip igmp (Netgear Switch) (Config)#set igmp interfacemode (Netgear Switch) (Config)#exit Web Interface: Enabling IGMP Snooping To use the Web interface to configure the managed switch, proceed as follows: Configure the IGMP Snooping Configuration.
Page 256: Show Igmpsnooping
Click Apply. Show igmpsnooping The example is shown as CLI commands and as a Web interface procedure. CLI: Showing igmpsnooping (Netgear Switch) #show igmpsnooping Admin Mode........Disable Unknown Multicast Filtering....Disable Multicast Control Frame Count....0 Interfaces Enabled for IGMP Snooping... None VLANs enabled for IGMP snooping....
Page 257: Show Mac-Address-Table Igmpsnooping
Figure 12-2 Show mac-address-table igmpsnooping The example is shown as CLI commands and as a Web interface procedure. CLI: Showing mac-address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? <cr> Press Enter to execute the command. (Netgear Switch) #show mac-address-table igmpsnooping...
Page 258: Configure The Switch With An External Multicast Router
This example configures the interface as the one the multicast router is attached to. All IGMP packets snooped by the switch will be forwarded to the multicast router reachable from this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter interface Web Interface: Configuring the Switch with an External Multicast Router...
Page 259: Configure The Switch With A Multicast Router Using Vlan
CLI: Configure the Switch with a Multicast Router Using VLAN This example configures the interface to only forward the snooped IGMP packets that come from VLAN ID (<VLAN Id>) to the multicast router attached to this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter 2 12-5 IGMP Snooping and Querier...
Page 260 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring the Switch with a Multicast Router Using VLAN To use the Web interface to configure the managed switch, proceed as follows: From the main menu, select Switching > Multicast > Multicast Router VLAN Configuration. A screen similar to the following displays.
Page 261: Igmp Querier
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 IGMP Querier When the switch is used in network applications where video services such as IPTV, video streaming, and gaming are deployed, the video traffic would normally be flooded to all connected ports because such traffic packets usually have multicast Ethernet addresses.
Page 262 (Netgear switch) (vlan)#exit (Netgear switch) #config (Netgear switch) (config)#set igmp querier (Netgear switch) (config)#set igmp querier address 10.10.10.1 (Netgear switch) (config)#exit Web Interface: Enabling IGMP Querier From the main menu, select Switching > Multicast >IGMP VLAN Configuration. A screen similar to the following displays.
Page 263 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > Multicast >IGMP Snooping > IGMP VLAN Configuration. A screen similar to the following displays. Figure 12-8 b. Enter the following information in the IGMP VLAN Configuration. •...
Page 264: Show Igmp Querier Status
The example is shown as CLI commands and as a Web interface procedure. CLI: Showing IGMP Querier Status To see the IGMP querier status, use the following command. (Netgear Switch) #show igmpsnooping querier vlan 1 VLAN 1 : IGMP Snooping querier status ---------------------------------------------- IGMP Snooping Querier VLAN Mode....
Page 265 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Showing IGMP Querier Status From the main menu, select Switching > Multicast >IGMP Snooping Configuration. A screen similar to the following displays. Figure 12-11 Click Refresh. 12-11 IGMP Snooping and Querier v1.0, June 2010...
Page 266: Chapter 13 Security Management
Chapter 13 Security Management In this chapter, exmples are provided for the following topics: • “Port Security” • “Protected Ports” on page 13-6 • “802.1x Port Security” on page 13-13 • “Create a Guest VLAN” on page 13-21 • “VLAN Assignment via RADIUS” on page 13-27 •...
Page 267 Enable port-security globally (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security Enable port-security on port 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security max-dynamic 10 Set the dynamic limit to 10 (Netgear Switch) (Interface 1/0/1)#port-security max-static 3 Set the static limit to 3...
Page 268 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-1 b. Under Port Security Configuration, next to the Port Security Mode, select Enable radio button. Click Apply to save the settings. Set dynamic and static limit on the port 1/0/1 From the main menu, select Security >...
Page 269 The example is shown as CLI commands and as a Web interface procedure. CLI: Converting the Dynamic Address Learned from 1/0/1 to the Static Address (Netgear Switch)(Interface 1/0/1)#port-security mac-address move Convert the dynamic address learned from 1/0/1 to the static address...
Page 270: Create A Static Address
The example is shown as CLI commands and as a Web interface procedure. CLI: Creating a Static Address (Netgear Switch) (Interface 1/0/1)#port-security mac-address 00:13:00:01:02:03 Web Interface: Creating a Static Address To use the Web interface to create a static address, proceed as follows: From the main menu, select Security >...
Page 271: Protected Ports
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Protected Ports This section describes how to set up protected ports on the switch. Some situations might require that traffic is prevented from being forwarded between any ports at Layer 2 so that one user cannot see the traffic of another user on the same switch.
Page 272: Security Management
(Netgear Switch) #exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/23 (Netgear Switch) (Interface 1/0/23)#vlan pvid 192 (Netgear Switch) (Interface 1/0/23)#vlan participation include 192 (Netgear Switch) (Interface 1/0/23)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan pvid 192 (Netgear Switch) (Interface 1/0/24)#vlan participation include 192...
Page 273: Configure A Dhcp Server In Dynamic Mode
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Step 4: Enable IProuting and configure a default route. (Netgear Switch)(config)#ip routing (Netgear Switch)(config)#ip route 0.0.0.0 0.0.0.0 10.100.5.252 Step 5: Enable a protected port on 1/0/23 and 1/0/24. (Netgear Switch) (Config)#interface 1/0/23...
Page 274 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-6 b. Under DHCP Pool Configuration, enter the following information: • Select Create in the Pool Name field. • In the Pool Name field, enter pool-a. • Select Dynamic in the Type of Binding field. •...
Page 275 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Add. Configure a VLAN and include ports 1/0/23 and 1/0/24 in the VLAN: From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays.
Page 276 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-8 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 202. • In the IP Address field, enter 10.100.5.34. • In the Network Mask field, enter 255.255.255.0. Click Unit 1.
Page 277 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing. Configure default route for VLAN 202: From the main menu, select Routing >...
Page 278: 802.1X Port Security
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-11 b. Under Protected Ports Configuration, Click Unit 1. The ports display. • Click the gray box under ports 23. A flag appears in the box. • Click the gray box under ports 24. A flag appears in the box. Click Apply to activate ports 23 and 24 as protected ports.
Page 279 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Config)#dot1x system-auth-control (Netgear Switch) (Config)#interface 1/0/19 (Netgear Switch) (Interface 1/0/19)#routing (Netgear Switch) (Interface 1/0/19)#ip address 10.100.5.33 255.255.255.0 (Netgear Switch) (Interface 1/0/19)#dot1x port-control force-authorized Use radius to authenticate the dot1x users.
Page 280 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Configure a RADIUS authentication server. (Netgear Switch) (Config)#radius server host auth 10.100.5.17 Configure the shared secret between the RADIUS client and the server. Netgear Switch) (Config)#radius server key auth 10.100.5.17 Enter secret (16 characters max):123456 Re-enter secret:123456 Configure the shared secret between the RADIUS client and the server.
Page 281 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Authenticating dot1x Users by a RADIUS Server Enable routing for the switch. From the main menu, select Routing > Basic >IP Configuration. A screen similar to the following displays. Figure 13-13 b.
Page 282 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-14 b. Under IP Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for that interface. Now 1/0/1 appears in the Interface field at the top. Under the IP Interface Configuration, enter the following information. •...
Page 283 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Select Enable in the Routing Mode field. d. Click Apply to save the settings. Create an authentication name list. From the main menu, select Security > Management Security > Login> Authentication List. A screen similar to the following displays.
Page 284 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Force Authorized in the Control Mode field. d. Click Apply to save settings. Enable dot1x on the switch. From the main menu, select Security > Port Authentication > Server Configuration. A screen similar to the following displays.
Page 285 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Yes in the Primary Server field. Select Enable in the Message Authenticator field. Click Add. Enable Accounting. From the main menu, select Security > Management Security > RADIUS> Radius Configuration. A screen similar to the following displays.
Page 286: Create A Guest Vlan
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Enable in the Accounting Mode field. d. Click Apply. Create a Guest VLAN The Guest VLAN feature allows a switch to provide a distinguished service to dot1x unaware clients (not rogue users who fail authentication).
Page 287 (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/24)#exit Create a VLAN 2000 and have 1/0/1 and 1/0/24 being the member of VLAN 2000.
Page 288 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable guest vlan on port 1/0/1 and 1/0/24. (Netgear Switch) #show dot1x detail 1/0/1 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....Idle Quiet Period (secs)......
Page 289 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-23 b. In the VLAN ID field, enter 2000. Select Static in the VLAN Type field. d. Click Add. 2. Add ports to the VLAN 2000. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 290 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Setting force authorized mode on the port 1/0/6 and 1/0/12. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays. Figure 13-25 b.
Page 291 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Next to the Administrative Mode, select the Enable radio button. Click Apply to save settings. Configure dot1x authentication list. From the main menu, select Security > Management Security > Authentication List> Dot1x Authentication List.
Page 292: Vlan Assignment Via Radius
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. In the Radius Server IP Address field, enter 192.168.0.1. Select Yes in the Secret Configured field. d. In the Secret field, enter 12345. Click Add. Configure the Guest VLAN. a. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays.
Page 293 CLI: Configuration on the Switch (Netgear Switch) #network protocol none Changing protocol mode will reset ip configuration. Are you sure you want to continue? (y/n)y (Netgear Switch) #network parms 192.168.0.5 255.255.255.0 (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) #exit...
Page 294 Create a VLAN 2000 (Netgear Switch) (Config)#dot1x system-auth-control Enable dot1x authentication on the switch. (Netgear Switch) (Config)#aaa authentication dot1x default radius Use the radius as the authenticator. (Netgear Switch) (Config)#authorization network radius Enable the switch to accept VLAN assignment by the radius server.
Page 295 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Force the 1/0/6 to be authorized for it connects to the RADIUS server. (Netgear Switch) #show dot1x detail 1/0/5 Port........... 1/0/5 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....
Page 296 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-31 b. Next to the Current Network Configuration Protocol, select the None Radio button. In the IP Address, enter 192.168.0.5. d. In the Subnet Mask, enter 255.255.255.0. Click Apply. Create VLAN 2000. From the main menu, select Switching >...
Page 297 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Static in the VLAN Type field. d. Click Add. Setting force authorized mode on the port 1/0/6 and 1/0/12. From the main menu, select Security > Port Authentication > Advanced>Port Authentication. A screen similar to the following displays.
Page 298 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 13-34 b. Next to the Administrative Mode, select the Enable radio button. Next to the VLAN Assignment Mode, select the Enable radio button. d. Click Apply to save settings. Configure dot1x authentication list. From the main menu, select Security >...
Page 299: Dynamic Arp Inspection
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Management Security > Radius>Server Configuration. A screen similar to the following displays. Figure 13-36 b. In the Radius Server IP Address field, enter 192.168.0.1. Select Yes in the Secret Configured field.
Page 300 IP address: 192.168.10.1 HW address: 00:16:76:A7:88:CC Figure 13-37 This script in this section shows how to configure Dynamic ARP Inspection. CLI: Dynamic ARP Inspection Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Security Management 13-35 v1.0, June 2010...
Page 301 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 302 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. Figure 13-38 b. For the DHCP Snooping Mode, select Enable. Click Apply. At the end of this configuration a screen similar toFigure 13-38 displays.
Page 303 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the VLAN Configuration table, set DHCP Snooping Mode as Enable. A screen similar to the following displays. Figure 13-40 Configure the port through which DHCP server is reached as trusted. Here Interface 1/0/1 is trusted. From the main menu, select Security >...
Page 304 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 13-42 View the DHCP Snooping Binding table. From the main menu, select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays.
Page 305 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control > Dynamic ARP Inspection > DAI VLAN Configuration. A screen similar to the following displays. Figure 13-44 b. Set the VLAN ID as 1. Set the Dynamic ARP Inspection field as Enable.
Page 306 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 13-46 Now all the ARP packets received on the ports that are member of VLAN are copied to CPU for ARP inspection.
Page 307: Configuring Static Mapping
00:11:85:ee:54:e9 Configure ARP ACL used for the VLAN 1. (Netgear Switch) (Config)# ip arp inspection filter ArpFilter vlan 1 Now the ARP packets from the Static client will be through since it has an entry in the ARP ACL ARP packets from the DHCP client is also through since it has DHCP snooping entry.
Page 308 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Add. At the end of this configuration a screen similar to the following displays. Figure 13-48 2. Configure a rule to allow the static client. From the main menu, select Security > Control > Dynamic ARP Inspection > DAI ACL Rule Configuration.
Page 309: Dhcp Snooping
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 13-50 DHCP Snooping DHCP Snooping is a security feature that monitors DHCP messages between a DHCP clinet and DHCP server to filter harmful DHCP message and to build a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized.
Page 310 Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 311 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. A screen similar to the one in Figure 13-53 displays. Enable DHCP snooping in a VLAN. From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays.
Page 312 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control > DHCP Snooping Interface Configuration. A screen similar to the following displays. Figure 13-55 b. Select the checkbox for Interface 1/0/1. Select Trust Mode as Enable for Interface 1/0/1. d.
Page 313: Enter Static Binding Into The Binding Database
CLI: Entering Static Binding into the Binding Database DHCP Snooping Static Entry. (Netgear Switch) (Config)# ip dhcp snooping binding 00:11:11:11:11:11 vlan 1 192.168.10 .1 interface 1/0/2 View the binding database has the static entry.
Page 314: Configure The Maximum Rate Of Dhcp Messages
DHCP snooping brings down the interface. The user must do “no shutdown” on this interface to further work with that port. CLI: Configuring the Maximum Rate of DHCP Messages Control the maximum rate of DHCP messages. (Netgear Switch) (Interface 1/0/2)# ip dhcp snooping limit rate 5 Security Management 13-49 v1.0, June 2010...
Page 315 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 View the rate configured. (GSM7328S) #show ip dhcp snooping interfaces 1/0/2 Interface Trust State Rate Limit Burst Interval (pps) (seconds) ---------- ------------- ------------- --------------- 1/0/2 Web Interface: Configuring the Maxiumum Rate of DHCP Messages Control the maximum rate of DHCP messages.
Page 316: Ip Source Guard
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 IP Source Guard IP Source Guard uses the DHCP snooping bindings database. When IP Source Guard is enabled, the switch drops incoming packets that do not match a binding in the bindings database. IP Source Guard can be configured to enforce just the source IP address or both the source IP address and source MAC address.
Page 317 Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 318 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. Figure 13-63 b. Select DHCP Snooping Mode as Enable. Click Apply. At the end of this configuration a screen similar to Figure 13-64 is displayed.
Page 319 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply. At the end of this configuration a screen similar to the following displays. Figure 13-65 Configure the port through which DHCP server is reached as trusted. Here interface 1/0/1 is trusted. From the main menu, select Security >...
Page 320 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 View the DHCP Snooping Binding table. From the main menu, select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Figure 13-68 Enable IP Source Guard in the interface 1/0/2. From the main menu, select Security >...
Page 321 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Add. At the end of this configuration a screen similar to the following displays. Figure 13-70 13-56 Security Management v1.0, June 2010...
Page 322: Chapter 14 Simple Network Time Protocol (Sntp)
SNTP client implemented over UDP which listens on port 123 Show SNTP (CLI Only) The following are examples of the commands used in the SNTP feature. show sntp (Netgear Switch Routing) #show sntp ? <cr> Press Enter to execute the command. client Display SNTP Client Information.
Page 323: Configure Sntp
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 show sntp client (Netgear Switch Routing) #show sntp client Client Supported Modes: unicast broadcast SNTP Version: Port: Client Mode: unicast Unicast Poll Interval: Poll Timeout (seconds): Poll Retry: show sntp server...
Page 324 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 CLI: Configuring SNTP NETGEAR switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
Page 325 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring SNTP To use the Web interface to configure SNTP, proceed as follows: Configure SNTP server From the main menu, select System > Management>Time>SNTP Server Configuration. A screen similar to the following displays. Figure 14-1 b.
Page 326: Set The Time Zone (Cli Only)
(Netgear switch)(config)#clock timezone PST -8 Set Named SNTP Server The example is shown as CLI commands and as a Web interface procedure. CLI: Setting Named SNTP Server Netgear provides SNTP servers accessible by Netgear devices. Simple Network Time Protocol (SNTP) 14-5 v1.0, June 2010...
Page 327 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Because Netgear may change IP addresses assigned to its time servers, it is best to access a SNTP server by DNS name instead of using a hard-coded IP address. The public time servers available are time-a, time-b, and time-c.
Page 328 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the Version field, enter 4 Click Add. Configure the DNS server. From the main menu, select System > Management>DNS>DNS Configuration. A screen similar to the following displays. Figure 14-4 b.
Page 329: Chapter 15 Tools
In this example, the packet takes 16 hops to reach its destination. CLI:Traceroute (Netgear Switch) #traceroute? <ipaddr> Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? <cr> Press Enter to execute the command. <port> Enter port no. (Netgear Switch) #traceroute 216.109.118.74 15-1 v1.0, June 2010...
Page 330 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Tracing route over a maximum of 20 hops 10.254.24.1 40 ms 9 ms 10 ms 10.254.253.1 30 ms 49 ms 21 ms 63.237.23.33 29 ms 10 ms 10 ms 63.144.4.1 39 ms 63 ms 67 ms 63.144.1.141...
Page 331: Configuration Scripting
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 APPLY button, the switch will send three traceroute packets each hop, and the results will be displayed in the result table. b. Enter the following information in the Traceroute. In the IP Address field, enter 216.109.118.74. Click Apply.
Page 332 3201 2 configuration script(s) found. 1020706 bytes free. (Netgear Switch) #script delete basic.scr Are you sure you want to delete the configuration script(s)? (y/n) y 1 configuration script(s) deleted. script apply running-config.scr (Netgear Switch) #script apply running-config.scr Are you sure you want to apply the configuration script? (y/n) y The system has unsaved changes.
Page 333: Pre-Login Banner
Configuration Script Name Size(Bytes) ------------------------- ---------- running-config.scr 3201 1 configuration script(s) found. 1020799 bytes free. Upload a Configuration Script (Netgear Switch) #copy nvram: script running-config.scr tftp://192.168.77.52/running-config.scr Mode......TFTP Set TFTP Server IP... 192.168.77.52 TFTP Path....TFTP Filename....running-config.scr Data Type....
Page 334: Port Mirroring
On your PC, using Notepad create a banner.txt file that contains the banner to be displayed. Login Banner - Unauthorized access is punishable by law. Transfer the file from the PC to the switch using TFTP (Netgear Switch Routing) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode........... TFTP Set TFTP Server IP......192.168.77.52 TFTP Path........
Page 335 CLI: Specifying the Source (Mirrored) Ports and Destination (Probe) (Netgear Switch)#config (Netgear Switch)(Config)#monitor session 1 mode Enable mirror (Netgear Switch)(Config)#monitor session 1 source interface 1/0/2 Specify the source interface. (Netgear Switch)(Config)#monitor session 1 destination interface 1/0/3 Specify the destination interface.
Page 336: Dual Image
Such cases will require user intervention to correct the problem, by using appropriate stacking commands. CLI: Downloading a Backup Image and Having It Active (Netgear Switch) #copy tftp://192.168.0.1/gsm73xxseps.stk image2 Mode........... TFTP Set Server IP........192.168.0.1 Path...........
Page 337 -------------------------------------------------------------------- 5.11.2.51 8.0.0.2 image1 image1 (Netgear Switch) #boot system image2 Activating image image2 .. (Netgear Switch) #show bootvar Image Descriptions image1 : default image image2 : Images currently available on Flash -------------------------------------------------------------------- unit image1 image2...
Page 338 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Download a backup image via tftp. From the main menu, select Maintenance > Download >File Download. A screen similar to the following displays. Figure 15-3 b. Select Archive in the File Type field. Select image2 in the Image Name field.
Page 339: Outbound Telnet
Server and user hosts do not maintain information about the characteristics of each other’s terminals and terminal handling conventions • Must use a valid IP address CLI: show network (Netgear Switch Routing) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch Routing) User:admin Password: (Netgear Switch Routing) >en...
Page 340 (Netgear Switch Routing) (Line)#transport output ? telnet Allow or disallow new telnet sessions. (Netgear Switch Routing) (Line)#transport output telnet ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Line)#transport output telnet (Netgear Switch Routing) (Line)#...
Page 341 Enter the following information in the Outbound Telnet. Next to the Admin Mode, select the Enable radio button. Click Apply CLI: session-limit and session-timeout (Netgear Switch Routing) (Line)#session-limit ? <0-5> Configure the maximum number of outbound telnet sessions allowed. (Netgear Switch Routing) (Line)#session-limit 5 (Netgear Switch Routing) (Line)#session-timeout ? <1-160>...
Page 342 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Access > Telnet. A screen similar to the following displays. Figure 15-6 Enter the following information in the Outbound Telnet. • In the Session Timeout field, enter 15. •...
Page 343: Chapter 16 Syslog
Chapter 16 Syslog In this chapter, the following examples are provided: • “Show Logging” on page 16-2 • “Show Logging Buffered” on page 16-5 • “Show Logging Traplogs” on page 16-6 • “Show Logging Hosts” on page 16-7 • “Log Port Configuration” on page 16-8 The Syslog feature: •...
Page 344: Show Logging
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Show Logging The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging (Netgear Switch Routing) #show logging Logging Client Local Port CLI Command Logging disabled...
Page 345 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Enter the following information in the Syslog Configuration. Next to the Admin Status, select the Enable radio button. Click Apply. Configure the Command Log From the main menu, select Monitoring > Logs >Command Log. Figure 16-3 b.
Page 346 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 16-4 b. Enter the following information in the Console Log Configuration. Next to the Admin Status, click the Disable radio button. Click Apply. Configure Buffer Logs. From the main menu, select Monitoring > Logs >Buffer Logs. A screen similar to the following displays.
Page 347: Show Logging Buffered
Show Logging Buffered The example is shown as CLI commands and as a Web interface procedure. CLI: Showing Logging Buffered (Netgear Switch Routing) #show logging buffered ? <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging buffered...
Page 348: Show Logging Traplogs
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 16-6 Show Logging Traplogs The example is shown as CLI commands and as a Web interface procedure. CLI: Showing Logging Traplogs (Netgear Switch Routing) #show logging traplogs <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging traplogs Number of Traps Since Last Reset....
Page 349: Show Logging Hosts
Show Logging Hosts The example is shown as CLI commands and as a Web interface procedure. CLI: Showing Logging Hosts (Netgear Switch Routing) #show logging hosts ? <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging hosts...
Page 350: Log Port Configuration
(Netgear Switch Routing) (Config)#logging host ? <hostaddress> Enter Logging Host IP Address reconfigure Logging Host Reconfiguration remove Logging Host Removal (Netgear Switch Routing) (Config)#logging host 192.168.21.253 ? <cr> Press Enter to execute the command. <port> Enter Port Id Syslog 16-8...
Page 351 Press Enter to execute the command. <severitylevel> Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1 ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1...
Page 352: Chapter 17 Managing Switch Stacks
Chapter 17 Managing Switch Stacks This chapter describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches running Release 4.x.x.x or newer. NETGEAR stackable managed switches include the following models: • FSM7226RS • FSM7250RS • FSM7328S •...
Page 353: Understanding Switch Stacks
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • “Stack the Switches using 10G fiber” on page 17-20 Understanding Switch Stacks A switch stack is a set of up to eight Ethernet switches connected through their stacking ports. One of the switches controls the operation of the stack and is called the stack master.
Page 354 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 A standalone switch is a switch stack with one stack member that also operates as the stack master. You can connect one standalone switch to another to create a switch stack containing two stack members, with one of them being the stack master.
Page 355 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 use the regular Category 5 Ethernet 8 wire cable. Figure 17-1 Interconnect port 51 ports 51 and 52 as shown port 52 Figure 17-2 Stack Master Election and Re-Election The stack master is elected or re-elected based on one of these factors and in the order listed: The switch that is currently the stack master 17-4 Managing Switch Stacks...
Page 356: Stack Member Numbers
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 The switch with the highest stack member priority value Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs.
Page 357: Switch Stack Offline Configuration
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Switch Stack Offline Configuration You can use the offline configuration feature to preconfigure (supply a configuration to) a new switch before it joins the switch stack. You can configure in advance the stack member number, the switch type, and the interfaces associated with a switch that is not currently part of the stack (see “Preconfiguration”...
Page 358: Switch Stack Software Compatibility Recommendations
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Effects of Removing a Preconfigured Switch from a Switch Stack If you remove a preconfigured switch from the switch stack, the configuration associated with the removed stack member remains in the running configuration as configured information. To completely remove the configuration, use the no member unit_number (this is in the stacking configuration mode).
Page 359: Switch Stack Configuration Scenarios
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • You can connect to the stack master through the console port of the stack master only. • You can connect to the stack master by using a Telnet connection to the IP address of the stack. Switch Stack Configuration Scenarios Table 17-2 provides switch stack configuration scenarios.
Page 360: Stacking Recommendations
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Stacking Recommendations The purpose of this section is to collect notes on recommended procedures and expected behavior of stacked managed switches. Procedures addressed initially are listed below. • Initial installation and power-up of a stack. •...
Page 361: Removing A Unit From The Stack
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Power on a second unit, making sure it is adjacent (next physical unit in the stack) to the unit already powered up. This will insure the second unit comes up as a member of the stack, and not a “Master” of a separate stack.
Page 362: Renumber Stack Members
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Replacing a Stack Member with a New Unit There are two possible situations here. First, if you replace a stack member of a certain model number with another unit of the same model, follow the process below: •...
Page 363 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Renumbering Stack Members To use the Web interface to renumber the stack number, proceed as follows: Renumbering the stacking member’s ID from 3 to 2. From the main menu, select System > Management > Basic > Stack Configuration. A screen similar to the following displays.
Page 364: Moving A Master To A Different Unit In The Stack
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Moving a Master to a Different Unit in the Stack This example is provided as CLI commands and a Web interface procedure. CLI: Moving a Master to a Different Unit in the Stack Using the movemanagement command, move the master to the desired unit number.
Page 365: Removing A Master Unit From An Operating Stack
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click the Apply. Note: If you move a master to a different unit, you may lose the connection to the switch because the IP address may be changed if the switch gets IP address using DHCP. Removing a Master Unit from an Operating Stack First, move the designated master to a different unit in the stack using “Moving a Master to a Different...
Page 366: Upgrading Firmware
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 4. After a unit type is preconfigured for a specific unit number, attaching a unit with different unit type for this unit number causes the switch to report an error. The show switch command indicates “config mismatch”...
Page 367: Web Interface: Upgrading Firmware
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Ports on the added unit should remain in the “detached” state. • A message should appear on the CLI indicating a code mismatch with the newly added unit. • To have the newly added unit to merge normally with the stack, code should be loaded to the newly added unit from the master using the copy command.
Page 368 (stack) Stack Stack Link Down (Netgear Switch) #config (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 ethernet (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #reload Are you sure you want to reload the stack? (y/n) y After Switch A reboots:...
Page 369 (Netgear Switch) (Config-stack)#stack-port 1/0/51 ethernet (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #reload Are you sure you want to reload the stack? (y/n) y After Switch B reboots: (Netgear Switch) #show port 2/0/28 Admin Physical Physical Link Link LACP...
Page 370 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Ethernet in the Configured Stack Mode. d. Click Apply to save the settings. Reboot the switch. From the main menu, select maintenance > Reset > Device Reboot . A screen similar to the following displays.
Page 371: Stack The Switches Using 10G Fiber
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select maintenance > Reset > Device Reboot . A screen similar to the following displays. Figure 17-11 b. Select 1 for Reboot Unit No. Click Apply. Stack the Switches using 10G fiber This example shows how to make two switches stack together in different buildings at long distance using 10G fiber.
Page 372 Ethernet Ethernet Link Down Since 2/0/28 is Ethernet mode, it must be changed to stack mode. (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 stack (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config) Reboot Switch B. (Netgear Switch) #reload Management switch has unsaved changes.
Page 373 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 On Switch A, you will see the following: (Netgear Switch) #show switch Management Standby Preconfig Plugged-in Switch Code Switch Status Model ID Model ID Status Version --- ---------- -------- ----------- -----------...
Page 374 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply to save the settings. Reboot the switch. From the main menu, select maintenance > Reset > Device Reboot . A screen similar to the following displays. Figure 17-15 b.
Page 375: Chapter 18 Snmp
The example is shown as CLI commands and as a Web interface procedure. CLI: Adding a New Community (Netgear switch) #config (Netgear switch) (Config)#snmp-server community rw public@4 Web Interface: Adding a New Community To use the Web interface to add a new community, proceed as follows: From the main menu, select System >...
Page 376: Enable Snmp Trap
CLI: Enabling SNMP Trap This example shows how to send SNMP trap to the SNMP server. (Netgear switch) #config (Netgear switch) (Config)# snmptrap public 10.100.5.17 Enable send trap to SNMP server 10.100.5.17 (Netgear switch) (Config)#snmp-server traps linkmode Enable send link status to the SNMP server when link status changes.
Page 377: Configure Snmp V3
Configure SNMP V3 The example is shown as CLI commands and as a Web interface procedure. CLI: Configuring SNMP V3 This example shows how to configure SNMP v3 on the NETGEAR switches. (Netgear Switch) #config (Netgear Switch) (Config)#users passwd admin...
Page 378 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Configuring SNMP V3 Change the user password. If you set the authentication mode to md5, you must make the length of password longer than 8 characters. From the main menu, select Security > Management Security > User Configuration >User Management.
Page 379: Sflow
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Select the admin in the User Name field. Next to Authentication Protocol, click the MD5 radio button. d. Next to the Encryption Protocol, click the DES radio button. In the Encryption Key field, enter 12345678. Click the Apply to save the settings.
Page 380 (Netgear Switch) (Config)# sflow receiver 1 ip 192.168.10.2 Configure the sFlow receiver timeout. Here sFlow samples will be sent to this receiver for the duration of 31536000 seconds. That is approximately one year. (Netgear Switch) (Config)# sflow receiver 1 owner NetMonitor timeout 31536000 SNMP 18-6...
Page 381 (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow sampler 1 (Netgear Switch) (Interface 1/0/1)# sflow sampler rate 1024 (Netgear Switch) (Interface 1/0/1)# sflow sampler maxheadersize 64 View the sampling port configurations.
Page 382 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter Receiver Address as 192.168.10.2. A screen similar to the following displays. Figure 18-7 Click Apply. At the end of this configuration a screen similar to the following displays. Figure 18-8 Configure sampling ports sFlow receiver index, sampling rate, sampling max header size.
Page 383: Configure Time-Based Sampling Of Counters With Sflow
Configure sampling ports sFlow receiver index, polling interval. It has to be repeated for all the ports to be polled. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow poller 1 (Netgear Switch) (Interface 1/0/1)# sflow poller interval View the polling port configurations.
Page 384 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the Poller Interval as 300. A screen similar to the following displays. Figure 18-11 d. Click Apply. SNMP 18-10 v1.0, June 2010...
Page 385: Chapter 19 Dns
CLI: Specifying Two DNS Servers To use the CLI to specify two DNS servers, enter the following CLI commands: (Netgear Switch)#config (Netgear Switch) (Config)#ip name-server 12.7.210.170 219.141.140.10 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#exit (Netgear Switch)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.46...
Page 386: Manually Add A Host Name And An Ip Address
CLI Example: Manually Adding a Host Name and an IP Address To use the CLI to manually add a host name and an IP address, enter the following CLI commands: (Netgear Switch)#config (Netgear Switch) (Config)#ip host www.netgear.com 206.82.202.46 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.46...
Page 387 Figure 19-2 Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www.netgear.com. • In the IP Address field, enter 206.82.202.46. Click Add. The host name and IP address now show in the DNS Host Configuration table.
Page 388: Chapter 20 Dhcp Server
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 20 DHCP Server This section describes the DHCP server configuration. When a client sends a request to a DHCP server, the DHCP server assigns the IP address from address pools that are specified on the switch. The network in the DHCP pool must belong to the same subnet.
Page 389 (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#vlan routing 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 200 (Netgear Switch) (Interface 1/0/1)#vlan pvid 200 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface vlan 200 (Netgear Switch) (Interface-vlan 200)#routing (Netgear Switch) (Interface-vlan 200)#ip address 192.168.100.1 255.255.255.0...
Page 390 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. In the VLAN Configuration, VLAN ID field, enter 200. Click Add. 2. Add port 1/0/1 to VLAN 200. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 391 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN> Advanced > Port PVID Configuraton. A screen similar to the following displays. Figure 20-4 b. Under Port PVID Configuration, scroll down and select the checkbox for 1/0/1. In the PVID Configuration, PVID (1 to 4093) field, enter 200.
Page 392: Configure A Dhcp Reservation
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 20-6 Under DHCP Pool Configuration, enter the following information: •...
Page 393 To use the CLI to create a DHCP server with a with a manual pool, enter the following CLI commands: (Netgear Switch)#config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config)#ip dhcp pool pool_manual (Netgear Switch) (Config)#client-name dhcpclient (Netgear Switch) (Config)#hardware-address 00:01:02:03:04:05 (Netgear Switch) (Config)#host 192.168.200.1 255.255.255.0...
Page 394 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 20-8 Under DHCP Pool Configuration, enter the following information: •...
Page 395: Chapter 21 Double Vlans
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 21 Double VLANs This section describes how to configure the Double VLAN (DVLAN) feature on the switch. A DVLAN is a way to pass traffic of customers who have multiple VLANs from one customer domain to another customer domain.
Page 396: Enable A Double Vlan
2 switch connecting all these devices in your domain. The layer 2 switch tags the packet going to the NETGEAR switch port 1/0/24. The example is shown as CLI commands and as a Web interface procedure. The two NETGEAR switches have the same configuration.
Page 397 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. Figure 21-2 b. Under VLAN Configuration, enter the following information and make the following selection: •...
Page 398 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 similar to the following displays. Figure 21-3 b. Under VLAN Membership, select 200 in the VLAN ID field. Click Unit 1. The ports display: • Click the gray box under port 24 twice until U displays. The U specifies that the egress packet is untagged for the port.
Page 399 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Change the Port VLAN ID (PVID) of port 24 to 200: From the main menu, select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 21-4 b.
Page 400 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 screen similar to the following displays. Figure 21-5 b. Under DVLAN Configuration, scroll down to interface 1/0/48 and select the chechbox for that interface. Now 1/0/48 appears in the Interface field at the top. Select Enable in the Admin Mode field.
Page 401: Chapter 22 Private Vlan Groups
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 22 Private VLAN Groups The private VLAN Group allows network administrator to create groups of users within a VLAN that cannot communicate with members in different groups but only within the same group. There are two modes for the private group.
Page 402 (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/6 (Netgear Switch) (Interface 1/0/6)#vlan participation include 200 (Netgear Switch) (Interface 1/0/6)#vlan pvid 200 (Netgear Switch) (Interface 1/0/6)#exit (Netgear Switch) (Config)#interface 1/0/7 (Netgear Switch) (Interface 1/0/7)#vlan participation include 200...
Page 403 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Web Interface: Creating a Private VLAN Group To use the Web interface, proceed as follows: Create a VLAN 200. From the main menu, select Switching > VLAN > Basic > VLAN configuration. A screen similar to the following displays.
Page 404 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. In the VLAN Membership, select 200 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box under port 6 , 7, 16 and 17 until U displays. The U specifies that the egress packet is untagged for the port.
Page 405 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 VLAN > Private Group Configuration. A screen similar to the following displays. Figure 22-5 b. In the Group Name field, enter group1. In the Group ID field, enter 1. d. Select community in the Group Mode field. Click Add.
Page 406 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Traffic Control >Private Group VLAN > Private Group Configuration. A screen similar to the following displays. Figure 22-7 b. In the Group Name field, enter group2. In the Group ID field, enter 2.
Page 407: Chapter 23 Spanning Tree Protocol
CLI: Configuring Classic STP (802.1d) (Netgear Switch) (Config)# spanning-tree (Netgear Switch) (Config)# spanning-tree forceversion 802.1d (Netgear switch) (Interface 1/0/3)# spanning-tree port mode Web Interface:Configuring Classic STP (802.1d) To use the Web interface to configure the managed switch, proceed as follows: Enable 802.1d on the switch.
Page 408 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > STP > STP Configuration. A screen similar to the following displays. Figure 23-1 b. Enter the following information in the STP Configuration. • Next to the Spanning Tree Admin Mode, select the Enable radio button. •...
Page 409: Configure Rapid Stp (802.1W)
CLI: Configuring Rapid STP (802.1w) (Netgear switch) (Config)# spanning-tree (Netgear switch) (Config)# spanning-tree forceversion 802.1w (Netgear switch) (Interface 1/0/3)# spanning-tree port mode Web Interface: Configuring Rapid STP (802.1w) To use the Web interface to configure the managed switch, proceed as follows: Enable the 802.1w on the switch...
Page 410: Configure Multiple Stp (802.1S)
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Next to the Force Protocol Version, select the IEEE 802.1w radio button. Click Apply. Configure CST Port Configuration. From the main menu, select Switching -> STP -> CST Port Configuration. A screen similar to the following displays.
Page 411 (Netgear switch) (Config)# spanning-tree mst vlan 2 12 Associate the mst instance 2 with the VLAN 11 and 12 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 port-priority 128 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 cost 0 Web Interface: Configuring Multiple STP (802.1s) To use the Web interface to configure the managed switch, proceed as follows: Enable 802.1s on the switch.
Page 412 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Next to the Spanning Tree Admin Mode, select the Enable radio button. • Next to the Force Protocol Version, select the IEEE 802.1s radio button. Click Apply. Configure MST Configuration. From the main menu, select Switching >...
Page 413 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Configure MST Port. From the main menu, select Switching > STP > MST Port Status. A screen similar to the following displays. Figure 23-7 Under MST Port Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 414: Chapter 24 Tunnel
On GSM7328S_1 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ipv6 forwarding (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#exit 24-1 v1.0, June 2010...
Page 415 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#ipv6 address 2000::1/64 (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip (Netgear Switch) (Interface tunnel 0)#tunnel source 192.168.1.1 (Netgear Switch) (Interface tunnel 0)#tunnel destination 192.1.168.1.2...
Page 416 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#ipv6 address 2000::2/64 (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip (Netgear Switch) (Interface tunnel 0)#tunnel source 192.168.1.2 (Netgear Switch) (Interface tunnel 0)#tunnel destination 192.168.1.1...
Page 417 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IPv6 >Basic>Global Configuration. A screen similar to the following displays. Figure 24-3 b. Next to the IPv6 Unicast Routing, select the Enable Radio button. Next to the IPv6 Forwarding, select the Enable Radio button.
Page 418 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Create a 6-in-4 tunnel interface. From the main menu, select Routing > IPv6 >Advanced>Tunnel Configuration. A screen similar to the following displays. Figure 24-5 b. Select 0 in Tunnel Id field. Select 6-in-4-configured in the Mode field.
Page 419 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the IPv6 Prefix field, enter 2000::1. d. In the Length field, enter 64. Select Disable in EUI64 field. Click Add. On GSM7328S_2 To use the Web interface to create a tunnel, proceed as follows: Enable IP routing on the switch.
Page 420 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IPv6 >Basic>Global Configuration. A screen similar to the following displays. Figure 24-8 b. Next to the IPv6 Unicast Routing, select the Enable Radio button. Next to the IPv6 Forwarding, select the Enable Radio button.
Page 421 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IPv6 >Advanced>Tunnel Configuration. A screen similar to the following displays. Figure 24-10 b. Select 0 in the Tunnel Id field. Select 6-in-4-configured in the Mode field. d.
Page 422 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the IPv6 Prefix field, enter 2000::2. d. In the Length field, enter 64. Select Disable in the EUI64 field. Click Add. Tunnel 24-9 v1.0, June 2010...
Page 423: Chapter 25 Ipv6 Interface Configuration
(Netgear Switch) (Config)#ipv6 unicast-routing Assign IPv6 address to interface 1/0/1. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#ipv6 enable (Netgear Switch) (Interface 1/0/1)#ipv6 address 2000::2/64 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) #ping ipv6 2000::2 Send count=3, Receive count=3 from 2000::2 Average round trip time = 1.00 ms...
Page 424 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) #show ipv6 interface 1/0/1 IPv6 is enabled IPv6 Prefix is ........ FE80::21E:2AFF:FED9:249B/128 2000::2/64 [TENT] Routing Mode........Enabled Administrative Mode......Enabled IPv6 Routing Operational Mode....Enabled Bandwidth........1000000 kbps Interface Maximum Transmit Unit....1500 Router Duplicate Address Detection Transmits...
Page 425 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Next to the IPv6 Forwarding, select the Enable Radio button. d. Click Apply. Enable IPv6 routing on the interface 1/0/1 From the main menu, select Routing > IPv6 >Advanced>Interface Configuration. A screen similar to the following displays.
Page 426: Create An Ipv6 Network Interface
To access the switch over an IPv6 network you must first configure it with IPv6 information (IPv6 prefix, prefix length, and default gateway). CLI: Configure the IPv6 Network Interface (Netgear Switch) #network ipv6 enable (Netgear Switch) #network ipv6 address 2001:1::1/64 (Netgear Switch) #network ipv6 gateway 2001:1::2 (Netgear Switch) #show network Interface Status....... Always Up IP Address........
Page 427 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 25-4 b. Next to the Admin Mode, select the Enable Radio button. In the IPv6 Prefix/Prefix Length field, enter 2001:1::1/64. d. Select False in the EUI64 field. Click Add. 2. Add an IPv6 gateway to the network interface. From the main menu, select System >...
Page 428: Create An Ipv6 Routing Vlan
Add the interface 1/0/1 to VLAN 500. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 500 (Netgear Switch) (Interface 1/0/1)#vlan participation pvid 500 (Netgear Switch) (Interface 1/0/1)#exit Assign IPv6 Address 2000::1/64 to VLAN 500 and enable IPv6 routing.
Page 429: Ipv6 Interface Configuration
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) #show ipv6 interface 0/4/1 IPv6 is enabled IPv6 Prefix is ........ FE80::21E:2AFF:FED9:249B/128 2000::1/64 Routing Mode........Enabled Administrative Mode......Enabled IPv6 Routing Operational Mode....Enabled Bandwidth........10000 kbps Interface Maximum Transmit Unit....1500 Router Duplicate Address Detection Transmits...
Page 430 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. In the VLAN ID field, enter 500. Select Static in the VLAN Type field. d. Click Add. 2. Add ports to the VLAN 500. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 431 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under PVID Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. In the PVID Configuration enter 500 in the PVID(1 to 4093) field. d. Click Apply to save the settings. Enable IPv6 forwarding and unicast routing on the switch.
Page 432 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Click the tag VLANS, then logical VLAN interface 0/4/2 will be displayed. Select the checkbox for 0/4/2, and in the IPv6 Interface Configuration, select Enable in the IPv6 Mode field. d.
Page 433: Chapter 26 Pim
Chapter 26 In this chapter, the following examples are provided: • “PIM-DM Configuration” • “PIM-SM Configuration” on page 26-27 Note: The PIM protocol can be configured to operate on IPv4 and IPv6 networks. Separate configuration CLI commands are provided for IPv4 and IPv6 operation; however, most configuration options are common to both protocols.
Page 434 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 versions of PIM-DM. Version 2 does not use IGMP messages; instead, it uses a message that is encapsulated in IP packets with protocol number 103. In Version 2, the Hello message is introduced in place of the query message.
Page 435 Enable ip multicast forwarding on the switch. (Netgear Switch) (Config)#ip multicast Enable RIP to build unicst IP routing table. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#ip rip Enable PIM-DM on the interface.
Page 436 (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimdm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/10 (Netgear Switch) (Interface 1/0/10)#routing (Netgear Switch) (Interface 1/0/10)#ip address 192.168.3.2 255.255.255.0 (Netgear Switch) (Interface 1/0/10)#ip rip (Netgear Switch) (Interface 1/0/10)#ip pimdm (Netgear Switch) (Interface 1/0/10)#exit...
Page 437 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/21)#ip rip (Netgear Switch) (Interface 1/0/21)#ip pimdm (Netgear Switch) (Interface 1/0/21)#exit...
Page 438 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (C) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ----------- --------- -------- --------- --------------- 192.168.1.1 225.1.1.1 PIMDM 1/0/21 (D) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing...
Page 439 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 similar to the following displays. Figure 26-3 b. Under IP Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. 1/0/1 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration.
Page 440 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under IP Interface Configuration, scroll down to interface 1/0/9 and select the checkbox for 1/0/9. 1/0/9 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration. •...
Page 441 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing >RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-6 b. Select 1/0/1 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button. d.
Page 442 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-8 b. Select 1/0/13 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button. d.
Page 443 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 26-10 b. Next to the Admin Mode, select the Enable radio button. Click Apply. 10.
Page 444 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1. Then select 1/0/9 and 1/0/13. In the PIM-DM Interface Configuration, select Enable in the Admin Mode field. d.
Page 445 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-13 b. Under IP Interface Configuration, scroll down to interface 1/0/10 and select the checkbox for 1/0/ 10. Now 1/0/10 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration. •...
Page 446 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings. Enable rip on the interface 1/0/10. From the main menu, select Routing >RIP >Advanced > Interface Configuration. A screen similar to the following displays.
Page 447 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 26-17 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-DM globally.
Page 448 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-SM->Interface Configuration. A screen similar to the following displays. Figure 26-19 b. Under PIM-SM Interface Configuration, scroll down to interface 1/0/10 and select the checkbox for 1/0/10.
Page 449 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-20 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 450 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 26-22 b. Under IP Interface Configuration, scroll down to interface 1/0/22 and select the checkbox for 1/0/22.
Page 451 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable rip on the interface 1/0/22. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-24 b. Select 1/0/22 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 452 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 26-26 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-DM on the interface 1/0/21 and 1/0/22.
Page 453 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 On Switch D: To use the Web interface to config PIM-DM, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays.
Page 454 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.2.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d.
Page 455 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-31 b. Under IP Interface Configuration, scroll down to interface 1/0/24 and select the checkbox for 1/0/ 24. 1/0/24 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration. •...
Page 456 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-33 b. Select 1/0/22 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button. d.
Page 457 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 26-35 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-DM globally.
Page 458 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-DM->Interface Configuration. A screen similar to the following displays. Figure 26-37 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
Page 459: Pim-Sm Configuration
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >IGMP->Interface Configuration. A screen similar to the following displays. Figure 26-39 b. Under IGMP Routing Interface Configuration, scroll down to interface 1/0/24and select the checkbox for 1/0/24.
Page 460 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Source IP 192.168.1.1 Port 1/0/13 Port1/0/9 Port 1/0/10 Switch A Switch B Subnet 192.168.3.0/24 Port Port 1/0/1 1/0/11 Port Port 1/0/21 1/0/21 Port 1/0/22 Port 1/0/22 Switch D Switch C Subnet 192.168.6.0/24 Port 1/0/24 Host...
Page 461 Enable ip multicast forwarding on the switch. (Netgear Switch) (Config)#ip multicast Enable RIP to build unicast IP routing table (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#ip rip (Netgear Switch) (Interface 1/0/1)#ip pimsm...
Page 462 (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pimsm (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip pimsm rp-candidate interface 1/0/11 225.1.1.1 255.255.255.0 Enable the switch to announce its candidacy as a bootstrap router (BSR). (Netgear Switch) (Config)#ip pimsm bsr-candidate interface 1/0/10 30...
Page 463 (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip igmp (Netgear Switch) (Config)#ip pimsm (Netgear Switch) (Config)#ip pimsm rp-candidate interface 1/0/22 225.1.1.1 255.255.255.0 (Netgear Switch) (Config)#ip pimsm bsr-candidate interface 1/0/22 (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.2.1...
Page 464 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (A) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ----------- --------- --------- --------- --------------- 192.168.1.1 225.1.1.1 PIMSM 1/0/13 1/0/1 (B) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing...
Page 465 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-41 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/1 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 466 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 26-43 b. Under IP Interface Configuration, scroll down to interface 1/0/9 and select teh checkbox for 1/0/9. Now 1/0/9 appears in the Interface field at the top.
Page 467 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-44 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the checkbox for 1/0/ 13. 1/0/13 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration. •...
Page 468 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable rip on the interface 1/0/9. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-46 b. Select 1/0/9 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 469 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >Global Configuration. A screen similar to the following displays. Figure 26-48 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-SM globally.
Page 470 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-SM->Interface Configuration. A screen similar to the following displays. Figure 26-50 b. Under PIM-SM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 471 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-51 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/10 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 472 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 26-53 b. Under IP Interface Configuration, scroll down to interface 1/0/11 and select the checkbox for 1/0/ 11.
Page 473 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable rip on the interface 1/0/11. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-55 b. Select 1/0/11 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 474 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 26-57 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-SM on the interface 1/0/10 and 1/0/11.
Page 475 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the PIM-SM Interface Configuration, select Enable in the Admin Mode field. d. Click Apply to save the settings. Candidate RP Configuration. From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays.
Page 476 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-60 b. Select the 1/0/10 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 7. Click Apply. On Switch C: To use the Web interface to config PIM-SM, proceed as follows: Enable IP routing on the switch.
Page 477 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-61 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 478 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 26-63 b. Under IP Interface Configuration, scroll down to interface 1/0/22 and select the checkbox for 1/0/ 22.
Page 479 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable rip on the interface 1/0/22. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-65 b. Select 1/0/22 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 480 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 26-67 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-SM on the interface 1/0/21 and 1/0/22.
Page 481 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays. Figure 26-69 b. Select 1/0/22 in the Interface field. In the Group IP, enter 225.1.1.1. d.
Page 482 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-70 b. Select the 1/0/21 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 5. Click Apply. On Switch D: To use the Web interface to config PIM-SM, proceed as follows: Enable IP routing on the switch.
Page 483 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-71 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Configure 1/0/21 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 484 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 26-73 b. Under IP Interface Configuration, scroll down to interface 1/0/22and select the checkbox for 1/0/ 22.
Page 485 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.4.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d.
Page 486 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply. Enable rip on the interface 1/0/24. From the main menu, select Routing > RIP >Advanced > Interface Configuration. A screen similar to the following displays. Figure 26-77 b. Select 1/0/24 in the Interface field. Next to the RIP Admin Mode, select the Enable radio button.
Page 487 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable PIM-SM globally. From the main menu, select Routing > Multicast >PIM-SM->Global Configuration. A screen similar to the following displays. Figure 26-79 b. Next to the Admin Mode, select the Enable radio button. Click Apply.
Page 488 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 11. Candidate RP Configuration. From the main menu, select Routing > Multicast >PIM-SM->Candidate RP Configuration. A screen similar to the following displays. Figure 26-81 b. Select 1/0/22 in the Interface field. In the Group IP, enter 225.1.1.1.
Page 489 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 26-82 b. Select 1/0/22 in the Interface field. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 3. Click Apply. 13. Enable IGMP globally. From the main menu, select Routing > Multicast >IGMP->Global Configuration. A screen similar to the following displays.
Page 490 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 14. Enable IGMP on the interface 1/0/24. From the main menu, select Routing > Multicast >IGMP->Interface Configuration. A screen similar to the following displays. Figure 26-84 b. Under IGMP Routing Interface Configuration, scroll down to interface 1/0/24and select the checkbox for 1/0/24.
Page 491: Chapter 27 Dhcp L2 Relay
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 27 DHCP L2 Relay DHCP Relay Agents eliminate the necessity of having a DHCP server on each physical network. Relay Agents populate the giaddr field and also append the Relay Agent Information option to the DHCP messages.
Page 492: Enable Dhcp L2 Relay
Enable Option 82 Circuit ID field. (Netgear Switch) (Config)#dhcp l2relay circuit-id vlan 200 Enable Option 82 Remote ID field. (Netgear Switch) (Config)#dhcp l2relay remote-id rem_id vlan 200 Enable DHCP L2relay on the port 1/0/4. (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)# dhcp l2relay...
Page 493 Trust packets with option 82 received on port 1/0/6. (Netgear Switch) (Interface 1/0/6)# dhcp l2relay trust (Netgear Switch) (Interface 1/0/6)# vlan pvid 200 (Netgear Switch) (Interface 1/0/6)# vlan participation include 200 (Netgear Switch) (Interface 1/0/6)# exit Web Interface: DHCP L2 Relay To use the Web interface to create a guest VLAN, proceed as follows: Create VLAN 200.
Page 494 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 27-3 b. Select 200 in the VLAN ID field. Click the Unit 1. The Ports display. d. Click the gray box under port 4, port 5 and port 6 until U displays. The U specifies that the egress packet is untagged for the port.
Page 495 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 d. Click Apply to save the settings. Enable DHCP L2 Relay on VLAN 200. From the main menu, select System > Services> DHCP L2 Relay > DHCP L2 Relay Configuration. A screen similar to the following displays. Figure 27-5 b.
Page 496 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 27-6 b. Under DHCP L2 Relay Configuration, scroll down to interface 1/0/4 and select the 1/0/4 checkbox. Next select the checkboxes for 1/0/5 and 1/0/6. Select Enable in the Admin Mode field. d.
Page 497: Chapter 28 Dhcp L3 Relay
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 28 DHCP L3 Relay This example shows how to configure a DHCP l3 Relay on Netgear management switch and how to configure DHCP pool to assign IP addresses to DHCP client via DHCP L3 Relay.
Page 498: Configure A Dhcp Server
Create a routing interface and enable rip on it so that DHCP server learns the route 10.200.1.0/24 from DHCP L3 Relay. (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 10.100.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/3)#ip rip (Netgear Switch) (Interface 1/0/3)#exit Create a DHCP pool.
Page 499 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Basic > IP Configuration. A screen similar to the following displays. Figure 28-2 b. For the Routing Mode filed, select the Enable radio button. Click Apply.
Page 500 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing >RIP >Advanced >Interface Configuration. A screen similar to the following displays. Figure 28-4 b. Select 1/0/3 from the Interface field. Next to the RIP Admin Mode, select the Enable radio button. d.
Page 501 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 28-6 b. Under DHCP Pool Configuration, enter the following information: •...
Page 502: Configure A Dhcp L3 Relay
Create a routing interface and enable RIP on it. (Netgear Switch) (Config)# (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#routing (Netgear Switch) (Interface 1/0/4)#ip address 10.100.1.2 255.255.255.0 (Netgear Switch) (Interface 1/0/4)#ip rip (Netgear Switch) (Interface 1/0/4)#exit Create a routing interface connecting to the client.
Page 503 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Basic > IP Configuration. A screen similar to the following displays. Figure 28-7 b. Next to the Routing Mode filed, select the Enable radio button. Click Apply.
Page 504 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable RIP on interface 1/0/4. From the main menu, select Routing >RIP >Advanced >Interface Configuration. A screen similar to the following displays. Figure 28-9 b. Select 1/0/4 from Interface drop-down list. Next to the RIP Admin Mode, select the Enable radio button.
Page 505 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Redistribute connected routes to RIP. From the main menu, select Routing >RIP >Advanced > Route Redistribution. A screen similar to the following displays. Figure 28-11 b. Next to the Source field, select Connected. Next to Redistribute Mode field, select Enable.
Page 506 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select System >Services >UDP Relay . A screen similar to the following displays. Figure 28-13 b. In the Server Address field , enter 10.100.1.1. In the UDP port field, enter dhcp. d.
Page 507: Chapter 29 Mld
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 29 In this chapter, the following examples are provided: • “Configure MLD” on page 32-2 • “MLD Snooping” on page 32-5 Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover the presence of multicast listeners, the nodes who wish to receive the multicast data packets, on its directly-attached interfaces.
Page 508 (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ipv6 address 2001:1::1/64 (Netgear Switch) (Interface 1/0/1)#ipv6 enable (Netgear Switch) (Interface 1/0/1)#ipv6 pimdm (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (Interface 1/0/1)#exit 29-2 v1.0, June 2010...
Page 509 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface 1/0/13)#ipv6 address 2001:2::1/64 (Netgear Switch) (Interface 1/0/13)#ipv6 enable (Netgear Switch) (Interface 1/0/13)#ipv6 pimdm (Netgear Switch) (Interface 1/0/13)#ipv6 ospf (Netgear Switch) (Interface 1/0/13)#exit On Switch B Enable OSPFv3 to build unicast route table.
Page 510 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable MLD on the 1/0/24. (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ipv6 address 2001:1::2/64 (Netgear Switch) (Interface 1/0/21)#ipv6 enable (Netgear Switch) (Interface 1/0/21)#ipv6 pimdm (Netgear Switch) (Interface 1/0/21)#ipv6 ospf...
Page 511 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 29-2 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Enable IPv6 Unicast routing on the switch.
Page 512 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Interface Configuration. A screen similar to the following displays. Figure 29-4 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/ 1.
Page 513 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 29-5 b. Under IPv6 Interface Selection, select 1/0/1 in the Interface field. Enter the following information in the IP Interface Configuration.
Page 514 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 29-6 b. Under IPv6 Interface Selection, select the 1/0/13 in the Interface field. Enter the following information in the IP Interface Configuration.
Page 515 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable OSPFv3 on the interface 1/0/1 and 1/0/13. From the main menu, select Routing > OSPFv3 >Advanced > Interface Configuration. A screen similar to the following displays. Figure 29-8 b. Under OSPFv3 Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 516 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable PIM-DM globally. From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 29-10 b.
Page 517 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-DM->Interface Configuration. A screen similar to the following displays. Figure 29-11 b. Under PIM-DM Interface Configuration, scroll down to interface 1/0/1 and select the checkbox for 1/0/1.
Page 518 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 29-12 b. Next to the Routing Mode, select the Enable radio button. Click Apply. Enable IPv6 Unicast routing on the switch.
Page 519 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Interface Configuration. A screen similar to the following displays. Figure 29-14 b. Under IPv6 Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
Page 520 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 29-15 b. Under IPv6 Interface Selection, select 1/0/21 in the Interface field. Enter the following information in the IP Interface Configuration.
Page 521 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP v6>Advanced > Prefix Configuration. A screen similar to the following displays. Figure 29-16 b. Under IPv6 Interface Selection, select 1/0/24 in the Interface field. Enter the following information in the IP Interface Configuration.
Page 522 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable OSPFv3 on the interface 1/0/21 and 1/0/24. From the main menu, select Routing > OSPFv3 >Advanced > Interface Configuration. A screen similar to the following displays. Figure 29-18 b. Under OSPFv3 Interface Configuration, scroll down to interface 1/0/21 and select the checkbox for 1/0/21.
Page 523 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >PIM-DM->Global Configuration. A screen similar to the following displays. Figure 29-20 b. Next to the Admin Mode, select the Enable radio button. Click Apply. 10.
Page 524 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the PIM-DM Interface Configuration, select Enable in the Admin Mode field. d. Click Apply to save the settings. 11. Enable MLD on the switch. From the main menu, select Routing >Multicast >MLD >Global configuration. A screen similar to the following displays.
Page 525: Mld Snooping
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 In the MLD Routing Interface Configuration, select Enable in the Admin Mode field. d. Click Apply. MLD Snooping In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast address.
Page 526 (Netgear Switch) (Vlan)#vlan 300 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 300 (Netgear Switch) (Interface 1/0/1)#vlan pvid 300 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 300...
Page 527 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays. Figure 29-24 b. In the VLAN Configuration, VLAN ID field, enter 300 Click Add.
Page 528 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply 3. Assign PVID to port 1/0/1 and 1/0/24. From the main menu, select Switching > VLAN> Advanced > Port PVID Configuraton. A screen similar to the following displays. Figure 29-26 b.
Page 529 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Click Apply. Enable MLD Snooping on the VLAN 300. From the main menu, select Routing > Multicast >MLD Snooping > MLD VLAN Configuration. A screen similar to the following displays. Figure 29-28 b.
Page 530: Chapter 30 Dvmrp
The delivery tree, which is spanning to all the members in the multicast group, is constructed. Configure DVMRP on a NETGEAR Switch In this example, DVMRP is running on the switch A,B and C. IGMP is also running on the Switch C which is connected to the host directly.
Page 531 (Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface 1/0/13)#ip address 192.168.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.3.2 255.255.255.0 (Netgear Switch)(Interface 1/0/21)#exit Enable ip multicast forwarding on the switch.
Page 532 More Entries or quit(q) Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP...
Page 533 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface 1/0/13)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface 1/0/20 (Netgear Switch) (Interface 1/0/20)#routing (Netgear Switch) (Interface 1/0/20)#ip address 192.l.168.4.1 255.255.255.0...
Page 534 Minor Version ......... 255 Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP...
Page 535 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#ip routing (Netgear Switch) (Interface 1/0/11)#ip address 192.168.3.1 255.255.255.0 (Netgear Switch) (Interface 1/0/11)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.168.4.2 255.255.255.0...
Page 536 More Entries or quit(q) Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP...
Page 537 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays. Figure 30-2 b. Next to the Routing Mode, select the Enable radio button. Click Apply.
Page 538 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • Select Enable in the Routing Mode field. d. Click Apply to save the settings. Configure 1/0/13 as a routing port and assign IP address to it. From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 539 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 30-5 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the checkbox for 1/0/ 13.
Page 540 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable DVMRP on the switch. From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays. Figure 30-7 b.
Page 541 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 b. Under DVMRP Interface Configuration, scroll down to interface 1/0/1 and select the 1/0/1 checkbox. Select the 1/0/13 checkbox and the 1/0/21 checkbox. Select Enable in the Interface Mode field. d. Click Apply to save the settings. On Switch B To use the Web interface to config DVMRP, proceed as follows: Enable IP routing on the switch.
Page 542 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > IP >Advanced > IP Interface Configuration. A screen similar to the following displays. Figure 30-10 b. Under IP Interface Configuration, scroll down to interface 1/0/13 and select the 1/0/13 checkbox. Now 1/0/13 appears in the Interface field at the top.
Page 543 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enter the following information in the IP Interface Configuration. • In the IP address, enter 192.168.4.1. • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d.
Page 544 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays. Figure 30-13 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable DVMRP on the interface.
Page 545 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 On Switch C: To use the Web interface to config DVMRP, proceed as follows: Enable IP routing on the switch. From the main menu, select Routing >IP >Basic >IP configuration. A screen similar to the following displays.
Page 546 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the Subnet Mask, enter 255.255.255.0. • Select Enable in the Routing Mode field. d. Click Apply to save the settings. Configure 1/0/3 as a routing port and assign IP address to it. From the main menu, select Routing >...
Page 547 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Figure 30-18 b. Under IP Interface Configuration, scroll down to interface 1/0/24 and select the 1/0/24 checkbox. Now 1/0/24 appears in the Interface field at the top. Enter the following information in the IP Interface Configuration. •...
Page 548 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Routing > Multicast >DVMRP>Global Configuration. A screen similar to the following displays. Figure 30-20 b. Next to the Admin Mode, select the Enable radio button. Click Apply. Enable DVMRP on the interface.
Page 549 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Select Enable in the Interface Mode field. d. Click Apply to save the settings. Enable IGMP on the switch. From the main menu, select Routing > Multicast >IGMP>Global Configuration. A screen similar to the following displays.
Page 550: Chapter 31 Captive Portal
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 31 Captive Portal This chapter includes the following sections: • “Captive Portal Configuration” on page 31-2 • “Enable Captive Portal” on page 31-2 • “Client Access, Authentication, and Control” on page 31-5 •...
Page 551: Captive Portal Configuration
8.0 can contain up to 10 Captive Portal configurations. Enable Captive Portal CLI: Enabling Captive Portal Enable captive portal on the switch. (Netgear Switch) (config)#captive-portal (Netgear Switch) (Config-CP)#enable Enable captive portal instance 1. (Netgear Switch) (Config-CP)#configuration 1 (Netgear Switch) (Config-CP 1)#enable 31-2 Captive Portal v1.0, June 2010...
Page 552 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Enable captive portal instance 1 on port 1/0/1. (Netgear Switch) (Config-CP 1)#interface 1/0/1 Web Interface: Enabling Captive Portal To use the Web interface to configure the Captive Portal, proceed as follows: Enable Captive Portal on the switch.
Page 553 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control >Captive Portal> CP Configuration. A screen similar to the following displays. Figure 31-2 b. Under Captive Portal Configuration, scroll down to CP ID 1 and select the CP 1 checkbox. Now CP 1appears in the CP ID field at the top.
Page 554: Client Access, Authentication, And Control
Block a Captive Portal Instance CLI: Blocking a Captive Portal Instance (Netgear Switch )(Config-CP 1)#block Web Interface: Blocking a Captive Portal Instance To use the Web interface to block a captive portal instance, proceed as follows: From the main menu, select Security > Control >Captive Portal> CP Configuration. A screen similar to the following displays.
Page 555: Local Authorization User/Group Configuration
CLI: Creating Users and Groups Create a group whose group ID is 2. (Netgear Switch) #config (Netgear Switch) (config)#captive-portal (Netgear Switch )(Config-CP)# user group 2 Create a user whose name is user1. (Netgear Switch) (Config-CP)#user 2 name user1 Configure the user’s password.
Page 556 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 From the main menu, select Security > Control >Captive Portal > CP Group Configuration. A screen similar to the following displays. Figure 31-5 b. Enter the following information in the CP Group Configuration. •...
Page 557: Remote Authorization (Radius) User Configuration
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 • In the User ID Field, enter 2. • In the User Name field, enter user1. • In the Password field, enter 12345678. • In the Confirm Password field, enter 12345678. •...
Page 558 CLI: Configuring RADIUS as the Verification Mode (Netgear Switch ) (Config-CP 1)#radius-auth-server Default-RADIUS-Server (Netgear Switch ) (Config-CP 1)#verification radius Web Interface: Configuring RADIUS as the Verification Mode From the main menu, select Security > Control >Captive Portal> CP Configuration. A screen similar to the following displays.
Page 559: Ssl Certificates
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 SSL Certificates A Captive Portal instance can be configured to use the HTTPS protocol during its user verification process. The connection method for HTTPS uses the Secure Sockets Layer (SSL) protocol which requires a certificate to provide encryption.
Page 560: Index
Index Numerics 802.1x port security 13-13 DHCP L2 relay 27-1, 28-1 DHCP messages, configuring the maximum rate 13-49 DHCP reservation, configuring 20-5 DHCP server, dynamic mode 20-1 ACL mirroring 9-43 DiffServ ACL redirect 9-49 edge device 11-1 ACLs interior node 11-1 IP ACL configuration IPv6...
Page 561 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 port mirroring 15-6 port routing port routing adding a default route VLAN routing OSPF configuration 6-35 adding a static route VLAN routing RIP configuration port security 13-1 IP source guard 13-51 private edge VLAN IPTV 12-7...
Page 562 ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 multiple STP (802.1s) 23-4 master router switch FSM family of switches 17-1 GSM family of switches 17-1 WRED 10-1 switch priority 17-5 switch stack cabling 17-3 configuration files 17-7 configuration scenarios 17-8 management connectivity 17-7...

This manual is also suitable for:

Prosafe 7000

NETGEAR GSM7252PS - ProSafe 52 Ports Gigabit Ethernet L2 Managed Stackable Switch Software Administration Manual

About this Manual

Chapter 1 Virtual Lans

Chapter 2 Link Aggregation

Chapter 3 Port Routing

Chapter 4 VLAN Routing

Chapter 5 Routing Information Protocol

Chapter 6 OSPF

Chapter 7 Proxy Address Resolution Protocol (ARP)

Chapter 8 Virtual Router Redundancy Protocol

Chapter 9 Access Control Lists (Acls)

Chapter 10 Class of Service (Cos) Queuing

Chapter 11 Differentiated Services

Chapter 12 IGMP Snooping and Querier

Chapter 13 Security Management

Chapter 14 Simple Network Time Protocol (SNTP)

Chapter 15 Tools

Chapter 16 Syslog

Chapter 17 Managing Switch Stacks

Chapter 18 SNMP

Chapter 19 DNS

Chapter 20 DHCP Server

Chapter 21 Double Vlans

Chapter 22 Private VLAN Groups

Chapter 23 Spanning Tree Protocol

Chapter 24 Tunnel

Chapter 25 Ipv6 Interface Configuration

Chapter 26 PIM

Chapter 27 DHCP L2 Relay

Chapter 28 DHCP L3 Relay

Chapter 29 MLD

Chapter 30 DVMRP

Chapter 31 Captive Portal

Index

Quick Links

Related Manuals for NETGEAR GSM7252PS - ProSafe 52 Ports Gigabit Ethernet L2 Managed Stackable Switch

Summary of Contents for NETGEAR GSM7252PS - ProSafe 52 Ports Gigabit Ethernet L2 Managed Stackable Switch