Page 1 M5300, M6100, and M7100 Series ProSAFE Managed Switches Sof tware A dm inistration Ma nua l Sof tware Version 1 1.0.0 March 2015 202-11527-01 350 East Plumeria Drive San Jose, CA 95134...
Page 2 For regulatory compliance information, visit http://www.netgear.com/about/regulatory. See the regulatory compliance document before connecting the power supply. Trademarks © NETGEAR, Inc. NETGEAR and the NETGEAR Logo are trademarks of NETGEAR, Inc. Any non-NETGEAR trademarks are used for reference purposes only. Revision History...
Page 3 Managed Switches 202-11331-01 September 2013 Added the following chapters: • Chapter 4, MLAGs • Chapter 19, MAB Added or revised the following sections: • Configure GARP VLAN Registration Protocol • Configure a Management ACL • Authorization Accounting • Auto VoIP •...
Page 4: Table Of Contents
Table of Contents Chapter 1 Documentation Resources Chapter 2 VLANs VLAN Concepts ........... . . 21 Create Two VLANs.
Page 5 Managed Switches Configure Private-VLAN Association ........58 CLI: Configure Private-VLAN Association .
Page 6 Managed Switches CLI: Enable Routing for the Switch ........104 Web Interface: Enable Routing for the Switch .
Page 7 Managed Switches CLI: Configure OSPF on a Border Router......140 Web Interface: Configure OSPF on a Border Router ....141 Stub Areas.
Page 8 Managed Switches PBR Processing Logic ..........200 PBR Configurations .
Page 9 Managed Switches Configure a Management ACL........261 Example 1: Permit Any Host to Access the Switch Through Telnet or HTTP: .
Page 10 Managed Switches DiffServ for IPv6........... 310 CLI: Configure DiffServ for IPv6 .
Page 11 Managed Switches CLI: Set the Dynamic and Static Limit on Port 1/0/1 ....353 Web Interface: Set the Dynamic and Static Limit on Port 1/0/1 ..353 Convert the Dynamic Address Learned from 1/0/1 to a Static Address .
Page 12 Managed Switches CLI: Configure Exec Command Authorization by a TACACS+ Server ..402 Accounting ............402 CLI: Configure Telnet Command Accounting by a TACACS+ Server .
Page 13 Account aaaa@netgear.com ........
Page 14 Managed Switches Chassis Members ..........467 Chassis Firmware .
Page 15 Managed Switches Web Interface: Move the Stack Master to a Different Unit ... . . 494 Chapter 25 SNMP Add a New Community ..........496 CLI: Add a New Community.
Page 16 Managed Switches Web Interface: Configure a Stateless DHCPv6 Server ....523 Configure a Stateful DHCPv6 Server ........526 CLI: Configure a Stateful DHCPv6 Server.
Page 17 Managed Switches CLI: Configure DHCPv6 mode on routing interface....592 Web Interface: Configure DHCPv6 mode on routing interface ..593 Chapter 33 PIM Protocol Independent Multicast Concepts.
Page 18 Chapter 40 NETGEAR SFP Connect with NETGEAR SFP AGM731F....... . 716...
Page 19: Chapter 1 Documentation Resources
Note: Firmware updates with new features and bug fixes are made available from time to time on downloadcenter.netgear.com. Some products can regularly check the site and download new firmware, or you can check for and download new firmware manually. If the features or behavior of your product do not match what is described in this guide, you might need to update your firmware.
Page 20: Chapter 2 Vlans
VLANs V ir tu a l L A N s This chapter includes the following sections: • VLAN Concepts • Create Two VLANs • Assign Ports to VLAN 2 • Create Three VLANs • Assign Ports to VLAN 3 • Assign VLAN 3 as the Default VLAN for Port 1/0/2 •...
Page 21: Vlan Concepts
Managed Switches VLAN Concepts Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast. Like a router, it partitions the network into logical segments, which provides better administration, security, and management of multicast traffic.
Page 22: Create Two Vlans
The example is shown as CLI commands and as a web interface procedure. CLI: Create Two VLANs Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan 3 (Netgear Switch) (Vlan)#exit Web Interface: Create Two VLANs Create VLAN2.
Page 23: Assign Ports To Vlan 2
CLI: Assign Ports to VLAN 2 (Netgear Switch) #config (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#vlan port tagging all 2 (Netgear Switch) (Config)# VLANs...
Page 24: Web Interface: Assign Ports To Vlan 2
Managed Switches Web Interface: Assign Ports to VLAN 2 Assign ports to VLAN2. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 2. c. Click Unit 1. The ports display. d.
Page 25: Create Three Vlans
The example is shown as CLI commands and as a web interface procedure. CLI: Create Three VLANs Use the following commands to create three VLANs and to assign the VLAN IDs while leaving the names blank. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 100 (Netgear Switch) (Vlan)#vlan 101 (Netgear Switch) (Vlan)#vlan 102...
Page 26 Managed Switches Create VLAN101. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 101. • In the VLAN Name field, enter VLAN101. c.
Page 27: Assign Ports To Vlan3
1/0/1 can never belong to VLAN 3. CLI: Assign Ports to VLAN 3 (Netgear Switch) (Config)#interface range 1/0/2-1/0/4 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#vlan acceptframe all...
Page 28: Assign Vlan 3 As The Default Vlan For Port 1/0/2
This example shows how to assign VLAN 3 as the default VLAN for port 1/0/2. CLI: Assign VLAN 3 as the Default VLAN for Port 1/0/2 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#vlan pvid 3 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit VLANs...
Page 29: Web Interface: Assign Vlan 3 As The Default Vlan For Port 1/0/2
Managed Switches Web Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2 Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. Under PVID Configuration, scroll down and select the Interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top.
Page 30: Cli: Create A Mac-Based Vlan
(Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 3 (Netgear Switch)(Vlan)#exit Add port 1/0/23 to VLAN3. (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/23 (Netgear Switch)(Interface 1/0/23)#vlan participation include 3 (Netgear Switch)(Interface 1/0/23)#vlan pvid 3 (Netgear Switch)(Interface 1/0/23)#exit Map MAC 00:00:0A:00:00:02 to VLAN3. (Netgear Switch)(Config)#exit (Netgear Switch)#vlan data...
Page 31: Web Interface: Assign A Mac-Based Vlan
Managed Switches Web Interface: Assign a MAC-Based VLAN Create VLAN3. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 3. •...
Page 32 Managed Switches d. Click the gray box before Unit 1 until U displays. e. Click Apply. Assign VPID3 to port 1/0/23. a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b. Scroll down and select the 1/0/23 check box. c.
Page 33: Create A Protocol-Based Vlan
(Netgear Switch)#config (Netgear Switch)(Config)#vlan protocol group 1 (Netgear Switch)(Config)#vlan protocol group name 1 "vlan_ipx" (Netgear Switch)(Config)#vlan protocol group add protocol 1 ethertype ipx Create a VLAN protocol group vlan_ipx based on IP/ARP protocol. (Netgear Switch)(Config)#vlan protocol group 2 (Netgear Switch)(Config)#vlan protocol group name 2 "vlan_ip"...
Page 34: Web Interface: Create A Protocol-Based Vlan
Managed Switches Web Interface: Create a Protocol-Based VLAN Create VLAN4 and VLAN5. Create VLAN4. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: In the VLAN ID field, enter 4. In the VLAN Name field, enter VLAN4.
Page 35 Managed Switches b. Enter the following information: In the VLAN ID field, enter 5. In the VLAN Name field, enter VLAN5. In the VLAN Type list, select Static. c. Click Add. Create the protocol-based VLAN group vlan_ipx. a. Select Switching > VLAN > Advanced > Protocol Based VLAN Group Configuration.
Page 36 Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Group ID field, enter 2. • In the Group Name field, enter vlan_ip. • In the Protocol list, select IP and ARP while holding down the Ctrl key. •...
Page 37: Virtual Vlans: Create An Ip Subnet-Based Vlan
Managed Switches Add port 11 to the group vlan_ip. a. Select Switching > VLAN > Advanced > Protocol Based VLAN Group Membership. A screen similar to the following displays. b. In the Group ID list, select 2. c. Click the gray box under port 11. A check mark displays in the box. d.
Page 38: Cli: Create An Ip Subnet-Based Vlan
Figure 2. IP subnet–based VLAN CLI: Create an IP Subnet–Based VLAN (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#vlan association subnet 10.100.0.0 255.255.0.0 2000 (Netgear Switch) (Vlan)#exit Create an IP subnet–based VLAN 2000. (Netgear Switch) #config (Netgear Switch) (Config)#interface range 1/0/1-1/0/24...
Page 39: Web Interface: Create An Ip Subnet-Based Vlan
Managed Switches Web Interface: Create an IP Subnet–Based VLAN Create VLAN 2000. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 2000. •...
Page 40: Voice Vlans
Managed Switches e. Click Apply. Associate the IP subnet with VLAN 2000. a. Select Switching > VLAN > Advanced > IP Subnet Based VLAN. A screen similar to the following displays. b. Enter the following information: • In the IP Address field, enter 10.100.0.0. •...
Page 41: Cli: Configure Voice Vlan And Prioritize Voice Traffic
The script in this section shows how to configure Voice VLAN and prioritize the voice traffic. Here the Voice VLAN mode is in VLAN ID 10. CLI: Configure Voice VLAN and Prioritize Voice Traffic Create VLAN 10. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#exit VLANs...
Page 42 Managed Switches Include the ports 1/0/1 and 1/0/2 in VLAN 10. (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan tagging 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit Configure Voice VLAN globally. (Netgear Switch) (Config)# voice vlan Configure Voice VLAN mode in the interface 1/0/2.
Page 43: Web Interface: Configure Voice Vlan And Prioritize Voice Traffic
Managed Switches Web Interface: Configure Voice VLAN and Prioritize Voice Traffic Create VLAN 10. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 10. c. In the VLAN Name field, enter Voice VLAN. d.
Page 44 Managed Switches Configure Voice VLAN globally. a. Select Switching > VLAN > Advanced > Voice VLAN Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Configure Voice VLAN mode in the interface 1/0/2. a.
Page 45 Managed Switches Create the DiffServ class ClassVoiceVLAN. a. Select QoS > Advanced > DiffServ > Class Configuration. A screen similar to the following displays. b. In the Class Name field, enter ClassVoiceVLAN. c. In the Class Type list, select All. d.
Page 46 Managed Switches A screen similar to the following displays. e. Click Apply. Create the DiffServ policy PolicyVoiceVLAN. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Name field, enter PolicyVoiceVLAN. c.
Page 47 Managed Switches A screen similar to the following displays. b. Click the Policy PolicyVoiceVLAN. A screen similar to the following displays. c. In the field next to the Assign Queue radio button, select 3. d. Click Apply. Assign it to interfaces 1/0/1 and 1/0/2. a.
Page 48: Configure Garp Vlan Registration Protocol
Managed Switches A screen similar to the following displays. b. Select the check boxes for Interfaces 1/0/1 and 1/0/2. c. Set the Policy Name field as PolicyVoiceVLAN. d. Click Apply. Configure GARP VLAN Registration Protocol Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q-tagged ports.
Page 49: Cli: Enable Gvrp
(Netgear Switch) (Vlan)#vlan 1000,2000,3000 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 1000 (Netgear Switch) (Interface 1/0/24)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/24)#vlan participation include 3000 (Netgear Switch) (Interface 1/0/24)#vlan tagging 1000,2000,3000 On Switch A, enable GVRP.
Page 50 ------- -------------------------------- ------------------- default Default Auto VoIP AUTO VoIP 1000 Dynamic (GVRP) 2000 Dynamic (GVRP) 3000 Dynamic (GVRP) (Netgear Switch) #show vlan 1000 VLAN ID: 1000 VLAN Name: VLAN Type: Dynamic (GVRP) Interface Current Configured Tagging ---------- -------- ----------- --------...
Page 51: Web Interface: Configure Gvrp On Switch A
Managed Switches Web Interface: Configure GVRP on switch A On Switch A, create VLANs 1000, 2000, and 3000: a. Select Switching > VLAN > Advanced > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 1000. c.
Page 52 Managed Switches T specifies that the switch tags egress packets for port 24. d. Click Apply. Enable GVRP globally: a. Select Switching > VLAN > Advanced > GARP Switch Configuration. A screen similar to the following displays. b. Next to GVRP Mode, select the Enable radio button. c.
Page 53: Web Interface: Configure Gvrp On Switch B
Managed Switches c. From the Port GVRP Mode menu, select Enable. d. Click Apply. Web Interface: Configure GVRP on Switch B Enable GVRP globally: a. Select Switching > VLAN > Advanced > GARP Switch Configuration. A screen similar to the following displays. b.
Page 54: Private Vlans
Managed Switches b. Scroll down and select the check box that corresponds to interface 1/0/11. The Interface field in the table heading displays 1/0/11. c. From the Port GVRP Mode menu, select Enable. d. Click Apply. Private VLANs The Private VLANs feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN.
Page 55 Managed Switches Figure 5. Private VLANs The following figure illustrates the private VLAN traffic flow. Five ports A, B, C, D, and E make up a private VLAN. Port A is a promiscuous port which is associated with the primary VLAN 100.
Page 56: Assign Private-Vlan Types (Primary, Isolated, Community)
Use the following commands to assign VLAN 100 to primary VLAN, VLAN 101 to isolated VLAN, and VLAN 102 to community VLAN. (Netgear Switch) #config (Netgear Switch) (Config)#vlan 100 (Netgear Switch) (Config)(Vlan) #private-vlan primary (Netgear Switch) (Config)(Vlan) #exit (Netgear Switch) (Config)#vlan 101 (Netgear Switch) (Config)(Vlan) #private-vlan isolated...
Page 57 Managed Switches b. Under Private VLAN Type Configuration, select the VLAN ID 100 check box. Now 100 appears in the interface field at the top. c. In the Private VLAN Type field, select Primary from the pull-down menu. d. Click Apply to save the settings Assign VLAN 101 as an isolated VLAN.
Page 58: Configure Private-Vlan Association
The example is shown as CLI commands and as a web interface procedure. CLI: Configure Private-VLAN Association Use the following commands to associate VLAN 101-102 (secondary VLAN) to VLAN 100 (primary VLAN). (Netgear Switch) #config (Netgear Switch) (Config)#vlan 100 (Netgear Switch)
Page 59: Configure Private-Vlan Port Mode (Promiscuous, Host)
The example is shown as CLI commands and as a web interface procedure. CLI: Configure Private-VLAN Port Mode (Promiscuous, Host) Use the following commands to assign port 1/0/1 to promiscuous port mode and ports 1/0/2-1/0/5 to host port mode. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/1...
Page 60: Configure Private-Vlan Host Ports
The example is shown as CLI commands and as a web interface procedure. CLI: Configure Private-VLAN Host Ports Use the following commands to associate isolated ports 1/0/2-1/0/3 to a private-VLAN (primary=100, secondary=101). Community ports 1/0/4-1/0/5 to a private-VLAN (primary= 100, secondary=102). (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2-1/0/3 (Netgear Switch)
Page 61: Web Interface: Assign Private-Vlan Port Host Ports
Managed Switches Web Interface: Assign Private-VLAN Port Host Ports Associate isolated ports 1/0/2-1/0/3 to a private-VLAN (primary=100, secondary=101). a. Select Security > Traffic Control > Private VLAN > Private VLAN Host Interface Configuration. A screen similar to the following displays. b.
Page 62: Map Private-Vlan Promiscuous Port
The example is shown as CLI commands and as a web interface procedure. CLI: Map Private-VLAN Promiscuous Port Use the following commands to map private-VLAN promiscuous port 1/0/1 to a primary VLAN (100) and to secondary VLANs (101-102). (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/1...
Page 63: Vlan Access Ports And Trunk Ports
• General mode. In general mode, the following rules apply to switch ports: By default, all ports are designated as general mode ports and belong to the default VLAN. Ports conform to NETGEAR legacy switch behavior for switch ports. VLANs...
Page 64: Cli: Configure A Vlan Trunk
(Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#exit Configure port 1/0/1 as an access port. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#switchport mode access (Netgear Switch) (Interface 1/0/1)#switchport access vlan 1000 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)# VLANs...
Page 65: Web Interface: Configure A Vlan Trunk
Configure port 1/0/3 as a trunk port. (Netgear Switch) (Interface 1/0/3)#switchport mode trunk (Netgear Switch) (Interface 1/0/3)#switchport trunk allowed vlan 1000,2000 Configure all incoming untagged packets to be tagged with the native VLAN ID. (Netgear Switch) (Interface 1/0/3)#switchport trunk native vlan 1000...
Page 66 Managed Switches a. Select Switching > VLAN > Advanced > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 2000. c. Click Add. Configure port 1/0/1 as an access port in VLAN 1000. a.
Page 67 Managed Switches b. Select the check box that corresponds to interface 1/0/1. The Interface field in the table heading displays 1/0/1. c. In the Switchport Mode field, select Access. d. In the Access VLAN ID field, select 1000. e. Click Apply. Configure port 1/0/2 as an access port in VLAN 2000.
Page 68 Managed Switches b. Select the check box that corresponds to interface 1/0/3. The Interface field in the table heading displays 1/0/3. c. In the Switchport Mode field, select Trunk. d. In the Native VLAN ID field, select 2000. Note: In this step, you configure incoming untagged packets to be tagged with VLAN ID 2000.
Page 69: Chapter 3 Lags
LAGs L i n k A gg re ga t i on G roup s This chapter includes the following sections: • Link Aggregation Concepts • Add Ports to LAGs...
Page 70: Link Aggregation Concepts
Managed Switches Link Aggregation Concepts Link aggregation allows the switch to treat multiple physical links between two endpoints as a single logical link. All the physical links in a given LAG must operate in full-duplex mode at the same speed. LAGs can be used to directly connect two switches when the traffic between them requires high bandwidth and reliability, or to provide a higher-bandwidth connection to a public network.
Page 71: Add Ports To Lags
The example is shown as CLI commands and as a web interface procedure. CLI: Add Ports to the LAGs (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear Switch) (Interface 0/2)#exit (Netgear Switch) (Config)#interface 0/3 (Netgear Switch) (Interface 0/3)#addport 1/1...
Page 72 Managed Switches Two check marks display in the box. e. Click the Apply button to save the settings. Add ports to lag_20. a. Select Switching > LAG > LAG Membership. A screen similar to the following displays. b. Under LAG Membership, in the LAG ID list, select LAG 2. c.
Page 73: Chapter 4 Mlags
MLAGs M u l t i c ha ssis Li n k A ggreg a t i o n G ro ups This chapter includes the following sections: • Multichassis Link Aggregation Concepts • Create an MLAG • Enable Static Routing on MLAG Interfaces •...
Page 74: Multichassis Link Aggregation Concepts
Managed Switches Multichassis Link Aggregation Concepts In a Layer 2 network, Spanning Tree Protocol (STP) is deployed to avoid network loops. With STP running, ports can either be in forwarding or in blocked state. When a topology change occurs, STP reconverges the network to a new stable loop-free network. STP is successful in managing Layer 2 networks and mitigating loops in the network.
Page 75 Managed Switches LAG 1 MLAG 3 MLAG 3 (LAG 4) (LAG 4) LAG 1(P21, P22, P23, P24) LAG 1 (S21, S22, S23, S24) Peer link MLAG 1 MLAG 1 MLAG 2 (LAG 2) (LAG 2) (LAG 3) MLAG 2 (LAG 3) LAG 1 LAG 1 Figure 9.
Page 76 Managed Switches STP Bridge Protocol Data Units (BPDUs) and Link Aggregation Control Protocol Data Units (LACPDUs) that are received on secondary MLAG member ports are forwarded to the primary MLAG component over the peer link. Interface events that are related to the MLAG interface and its member ports and that occur on the secondary device are transferred over the peer link to the primary device for handling.
Page 77: Create An Mlag
• Enable egress tagging on the peer link. • NETGEAR recommends that you use dynamic LAGs as port channels. • NETGEAR recommends that you configure Unidirectional Link Detection (UDLD) to detect and shut down any unidirectional links. MLAGs...
Page 78 Managed Switches (Switch P or S) (Config)#interface lag 1 (Switch P or S) (Interface lag 1)#vpc peer-link (Switch P or S) (Config)#exit Disable STP on the peer link (LAG1). This step is mandatory. (Switch P or S) (Config)#interface lag 1 (Switch P or S) (Interface lag 1)#no spanning-tree port mode Enable UDLD on the member of LAG 1 (peer link).
Page 79 Managed Switches Check the status of VPC1, VPC2, and VPC3. (Switch P or S) #show vpc 1 VPC id# 1 ----------------- Config mode........Enabled Operational mode....... Enabled Port channel........lag 2 Self member ports Status ----------------- --------- 0/11 Peer member ports Status ----------------- --------- 0/11 (Switch P or S) #show vpc 2...
Page 80: Web Interface: Create An Mlag On Lag2, Lag3, And Lag4
Managed Switches Web Interface: Create an MLAG on LAG2, LAG3, and LAG4. Enable MLAG and configure LAG1 as the peer link. a. Select Switching > MLAG > Basic > VPC Global Configuration. A screen similar to the following displays. b. For VPC Mode, select the Enable radio button. c.
Page 81 Managed Switches b. Scroll down and select the interface lag1 check box. The Interface field in the table heading displays lag1. c. In the Port Mode field, select Disable. d. Click Apply. Enable UDLD on the members of LAG1. The web management interface does not support UDLD so you need to use the CLI. For more information, see CLI: Create an MLAG on LAG2 and LAG3 on page 77.
Page 82 Managed Switches A screen similar to the following displays. b. From the LAG Interface menu, select lag 3. c. In the VPC Identifier field, enter 2. d. Click Add. Create MLAG on LAG4. a. Select Switching > MLAG > Advanced > VPC Interface Configuration. A screen similar to the following displays.
Page 83: Enable Static Routing On Mlag Interfaces
Managed Switches Enable Static Routing on MLAG Interfaces You can make MLAG interfaces members of VLAN routing interfaces. Static routing is supported on these VLAN interfaces. Routing interfaces that have MLAG interfaces as members do nor support routing protocols such as OSPF and RIP. You need to configure VRRP on these routing interfaces to provide redundancy for virtual IP addresses and virtual MAC addresses.
Page 84 Managed Switches Configure the IP address and VRRP IP address on VLAN 100. (Switch P) # configure (Switch P) (config)# interface vlan 100 (Switch P) (Interface vlan 100)#routing (Switch P) (Interface vlan 100)ip address 192.168.100.1 255.255.255.0 (Switch P) (Interface vlan 100)ip vrrp 1 (Switch P) (Interface vlan 100)ip vrrp 1 mode (Switch P) (Interface vlan 100)ip vrrp 1 ip 192.168.100.3 (Switch P) (Interface vlan 100)exit...
Page 85 Managed Switches Configure the IP address and VRRP IP address on VLAN 200. (Switch P) # configure (Switch P) (config)# interface vlan 200 (Switch P) (Interface vlan 200)#routing (Switch P) (Interface vlan 200)ip address 192.168.102.1 255.255.255.0 (Switch P) (Interface vlan 200)ip vrrp 1 (Switch P) (Interface vlan 200)ip vrrp 1 mode (Switch P) (Interface vlan 200)ip vrrp 1 ip 192.168.102.3 (Switch P) (Interface vlan 200)exit...
Page 86 Managed Switches Configure the IP address and VRRP IP address on VLAN 300. (Switch P) # configure (Switch P) (config)#interface vlan 300 (Switch P) (Interface vlan 300)routing (Switch P) (Interface vlan300)ip address 192.168.103.1 255.255.255.0 (Switch P) (Interface vlan 300)ip vrrp 1 (Switch P) (Interface vlan 300)ip vrrp 1 mode (Switch P) (Interface vlan 300)ip vrrp 1 ip 192.168.103.3 (Switch P) (Interface vlan 300)exit...
Page 87 Managed Switches Configure Switch S Note: For information about switch S, see Figure 9 on page 75 and the description following the figure. Add LAG2 in VLAN100, LAG3 in VLAN 300, and LAG1 in both VLAN 100 and VLAN 300. For information about how to add a LAG to a VLAN, see Chapter 2, VLANs.
Page 88 Managed Switches (Switch S) #show ip vrrp interface vlan 100 1 Primary IP address......192.168.100.3 VMAC Address........00:00:5e:00:01:01 Authentication Type......None Priority........100 Configured Priority......100 Advertisement Interval (secs)....1 Pre-empt Mode........Enable Administrative Mode......Enable Accept Mode........Disable State.......... Master Track Interface State DecrementPriority --------------- ----- ------------------ No interfaces are tracked for this vrid and interface combination...
Page 89 Managed Switches (Switch S) #show ip vrrp interface vlan 200 1 Primary IP address......192.168.102.3 VMAC Address........00:00:5e:00:01:01 Authentication Type......None Priority........1 Configured Priority......1 Advertisement Interval (secs)....1 Pre-empt Mode........Enable Administrative Mode......Enable Accept Mode........Disable State.......... Master Track Interface State DecrementPriority --------------- ----- ------------------ No interfaces are tracked for this vrid and interface combination...
Page 90: Web Interface: Enable Routing On Mlag Interfaces
Managed Switches (Switch S) #show ip vrrp interface vlan 300 1 Primary IP address......192.168.103.3 VMAC Address........00:00:5e:00:01:01 Authentication Type......None Priority........100 Configured Priority......100 Advertisement Interval (secs)....1 Pre-empt Mode........Enable Administrative Mode......Enable Accept Mode........Disable State.......... Master Track Interface State DecrementPriority --------------- ----- ------------------ No interfaces are tracked for this vrid and interface combination...
Page 91 Managed Switches A screen similar to the following displays. b. Under Global Configuration, next to the Admin Mode, select the Enable radio button. c. For the VRRP configuration, enter the following information: • In the VRID (1 to 255) field, enter 1. •...
Page 92 Managed Switches c. For the VRRP configuration, enter the following information: • In the VRID (1 to 255) field, enter 1. • From the Interface menu, select VLAN 200. • In the Primary IP Address field, enter 192.168.102.3. • From the Mode menu, select Active. d.
Page 93 Managed Switches Configure VRRP on VLAN 100 on switch S. a. Select Routing > VRRP > Basic > VRRP Configuration. A screen similar to the following displays. b. Under Global Configuration, next to the Admin Mode, select the Enable radio button.
Page 94: Enable Dcpdp On Mlag Interfaces
Managed Switches c. For the VRRP configuration, enter the following information: • In the VRID (1 to 255) field, enter 1. • From the Interface mode, select VLAN 200. • In the Primary IP Address field, enter 192.168.102.3. • From the Mode menu, select Active. d.
Page 95: Cli: Configure The Dcpdp On The Mlag Interfaces
Managed Switches resolve a configuration with two primary devices by identifying the presence of another peer and taking appropriate action. You must configure the DCPDP on an IP interface that none of the MLAG interfaces share. After you have enabled DCPDP, it sends a control plane detection message to the peer once every second.
Page 96: Web Interface: Configure The Dcpdp On Mlag Interfaces
Managed Switches Configure the destination and source IP addresses of the peer on switch S. (Switch S) (Config)#vpc domain 1 (Switch S) (Config-VPC 1)#peer-keepalive destination 192.168.105.1 source 192.168.104.1 Check the status of the DCPDP peer. (M7100-24X) #show vpc peer-keepalive Peer IP address........ 192.168.105.1 Source IP address......
Page 97 Managed Switches d. Click Apply. Configure DCPDP on switch S. For information about switch S, see Figure 9 on page 75 and the description following the figure. a. Select Routing > VRRP > Basic > VRRP Configuration. A screen similar to the following displays. b.
Page 98: Troubleshoot The Mlag Configuration
If an MLAG is not created correctly, either the physical port link is not up or the configuration is inconsistent between two peers. First, check the peer link. Then, check the status of the MLAG interface. (Netgear Switch) #show vpc 1 VPC id# 1 ----------------- Config mode........
Page 99 Managed Switches If the LAG is up, check if the peer link is enabled on the LAG by entering the show vpc role command. Check if STP is disabled on peer link. Step 2: Check the MLAG Interface Status Check if the MLAG has member ports. Check the status of the members of the MLAG.
Page 100: Traffic Through An Mlag Is Not Forwarded Normally
It should be enabled before you ping the VRRP virtual IP address. CLI: Check the Accept Mode Check the accept mode. (Netgear Switch) #show ip vrrp interface vlan 100 1 Primary IP address......192.168.100.3 VMAC Address........00:00:5e:00:01:01 Authentication Type......None Priority........
Page 101: The Vrrp Is Not In The Master State On The Primary Or Secondary Device
Managed Switches Web Interface: Check the Accept Mode Select Routing > VRRP > Advanced > VRRP Configuration. A screen similar to the following displays. Under Global Configuration, next to Accept Mode, select the Enable radio button. Click Apply. The VRRP Is Not in the Master State on the Primary or Secondary Device If the state of VRRP is Initialize (for example, the VRRP on VLAN 300), check the following: Check if the peer link is up.
Page 102: Chapter 5 Port Routing
Port Routing Por t ro u t ing , d efau lt ro ute s, a nd stat i c ro u tes This chapter includes the following sections: • Port Routing Concepts • Port Routing Configuration • Enable Routing for the Switch •...
Page 103: Port Routing Concepts
Managed Switches Port Routing Concepts The first networks were small enough for the end stations to communicate directly. As networks grew, Layer 2 bridging was used to segregate traffic, a technology that worked well for unicast traffic, but had problems coping with large quantities of multicast packets. The next major development was routing, where packets were examined and redirected at Layer 3.
Page 104: Enable Routing For The Switch
Figure 10, Layer 3 switch configured for port routing on page 104. Use the following command to enable routing for the switch. Execution of the command enables IP forwarding by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Port Routing...
Page 105: Web Interface: Enable Routing For The Switch
Managed Switches Web Interface: Enable Routing for the Switch Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. For Routing Mode, select the Enable radio button. Click Apply to save the settings. Enable Routing for Ports on the Switch Use the following commands or the web interface to enable routing for ports on the switch.
Page 106: Cli: Enable Routing For Ports On The Switch
CLI: Enable Routing for Ports on the Switch (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 107 Managed Switches • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Assign IP address 192.150.3.1/24 to interface 1/0/3. a. Select Routing > IP> Advanced > IP Interface Configuration. A screen similar to the following displays. b.
Page 108: Add A Default Route
Managed Switches b. Scroll down and select the interface 1/0/5 check box. Now 1/0/5 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.150.5.1. • In the Subnet Mask field, enter 255.255.255.0. •...
Page 109: Web Interface: Add A Default Route
Managed Switches Web Interface: Add a Default Route Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. In the Route Type list, select DefaultRoute. In the Next Hop IP Address field, enter one of the routing interface’s IP addresses. •...
Page 110: Cli: Add A Static Route
Managed Switches CLI: Add a Static Route The following commands assume that the switch already has a defined a routing interface with a network address of 10.10.10.0, and is configured so that all packets destined for network 10.10.100.0 take the path of routing port. (FSM7328S) #show ip route Total Number of Routes......1 Network...
Page 111 Managed Switches To remove a route entry, either static or default, select the check box to the left of the entry, and click the Delete button on the bottom of the screen. Port Routing...
Page 112: Chapter 6 Vlan Routing
VLAN Routing V L A N ro u t i n g fo r a V L A N and for th e s witch This chapter includes the following sections: • VLAN Routing Concepts • Create Two VLANs • Set Up VLAN Routing for the VLANs and the Switch...
Page 113: Vlan Routing Concepts
Managed Switches VLAN Routing Concepts You can configure the managed switch with some ports supporting VLANs and some supporting routing. You can also configure it to allow traffic on a VLAN to be treated as if the VLAN were a router port. When a port is enabled for bridging (the default) rather than routing, all normal bridge processing is performed for an inbound packet, which is then associated with a VLAN.
Page 114: Cli: Create Two Vlans
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#vlan participation include 20 (Netgear Switch) (Interface 1/0/3)#vlan pvid 20 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#exit VLAN Routing...
Page 115: Web Interface: Create Two Vlans
Managed Switches Web Interface: Create Two VLANs Create VLAN 10 and VLAN20. a. Select Switching > VLAN > Advanced > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 10. c. In the VLAN Name field, enter VLAN10. d.
Page 116 Managed Switches Add ports to the VLAN10 and VLAN20. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID field, select 10. c. Click the Unit 1. The ports display. d.
Page 117 Managed Switches Click Apply. Assign PVID to VLAN10 and VLAN20. a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b. Scroll down and select 1/0/1 and 1/0/2 check boxes. c. In the PVID (1 to 4093) field, enter 10. d.
Page 118: Set Up Vlan Routing For The Vlans And The Switch
The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface-vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface-vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface-vlan 20)#ip address 192.150.4.1 255.255.255.0...
Page 119: Web Interface: Set Up Vlan Routing For The Vlans And The Switch
Managed Switches Web Interface: Set Up VLAN Routing for the VLANs and the Switch Select Routing > VLAN> VLAN Routing. A screen similar to the following displays. Enter the following information: • In the VLAN ID (1 to 4093) list, select 10. •...
Page 120: Chapter 7 Rip
Ro u t i n g I nfor mat i on Pro toco l This chapter includes the following sections: • Routing Information Protocol Concepts • Enable Routing for the Switch • Enable Routing for Ports • Enable RIP on the Switch •...
Page 121: Routing Information Protocol Concepts
Managed Switches Routing Information Protocol Concepts Routing Information Protocol (RIP) is a protocol that routers can use to exchange network topology information. It is characterized as an interior gateway protocol, and is typically used in small to medium-sized networks. A router running RIP sends the contents of its routing table to each of its adjacent routers every 30 seconds.
Page 122: Enable Routing For The Switch
The example is shown as CLI commands and as a web interface procedure. CLI: Enable Routing for the Switch (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Web Interface: Enable Routing for the Switch Select Routing > IP > Basic > IP Configuration.
Page 123: Enable Routing For Ports
1/0/2 and 1/0/3 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 124 Managed Switches • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Assign IP address 192.150.3.1/24 to interface 1/0/3. a. Select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays.
Page 125: Enable Rip On The Switch
RIP is enabled by default. CLI: Enable RIP on the Switch This sequence enables RIP for the switch. The route preference defaults to 15. (Netgear Switch) #config (Netgear Switch) (Config)#router rip (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#exit (Netgear Switch) (Config)#exit Web Interface: Enable RIP on the Switch Select Routing >...
Page 126: Enable Rip For Ports 1/0/2 And 1/0/3
RIPv1 and RIPv2 frames, but send only RIPv2-formatted frames. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip rip (Netgear Switch) (Interface 1/0/2)#ip rip receive version both (Netgear Switch) (Interface 1/0/2)#ip rip send version rip2 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3...
Page 127: Configure Vlan Routing With Rip Support
CLI: Configure VLAN Routing with RIP Support Configure VLAN routing with RIP support on the managed switch. (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10 (Netgear Switch) (Vlan)#vlan routing 20 (Netgear Switch) (Vlan)#exit (Netgear Switch) #conf...
Page 128 (Netgear Switch) (Interface 1/0/3)#vlan pvid 20 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip address 192.150.4.1 255.255.255.0 (Netgear Switch) (Interface vlan 20)#exit Enable RIP for the switch.
Page 129: Web Interface: Configure Vlan Routing With Rip Support
Managed Switches Web Interface: Configure VLAN Routing with RIP Support Configure a VLAN and include ports 1/0/2 in the VLAN: a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: •...
Page 130 Managed Switches b. Enter the following information: • In the Vlan ID field, enter 20. • In the IP Address field, enter 192.150.4.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 3 until T displays. The T specifies that the egress packet is tagged for the port.
Page 131 Managed Switches c. Scroll down and select the interface vlan10 and vlan 20 check boxes. d. Enter the following information: For RIP Mode, select the Enable radio button. e. Click Apply to save the settings.
Page 132: Chapter 8 Ospf
OSPF O pe n Sh or te st Pat h Fi rst This chapter includes the following sections: • Open Shortest Path First Concepts • Inter-area Router • OSPF on a Border Router • Stub Areas • NSSA Areas • VLAN Routing OSPF •...
Page 133: Open Shortest Path First Concepts
Managed Switches Open Shortest Path First Concepts For larger networks, Open Shortest Path First (OSPF) is generally used in preference to RIP. OSPF offers several benefits to the administrator of a large or complex network: • Less network traffic: Routing table updates are sent only when a change has occurred. Only the part of the table which has changed is sent.
Page 134: Cli: Configure An Inter-Area Router
Assign IP addresses to ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 135 Enable OSPF, and set the OSPF priority and cost for the ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip ospf (Netgear Switch) (Interface 1/0/2)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface 1/0/2)#ip ospf priority 128 (Netgear Switch) (Interface 1/0/2)#ip ospf cost 32 (Netgear Switch) (Interface 1/0/2)#exit...
Page 136: Web Interface: Configure An Inter-Area Router
Managed Switches Web Interface: Configure an Inter-area Router Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 137 Managed Switches c. Enter the following information: • In the IP Address field, enter 192.150.2.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Administrative Mode field, select Enable. d. Click Apply to save the settings. Assign IP address 192.150.3.1 to port 1/0/3: a.
Page 138 Managed Switches A screen similar to the following displays. b. Under OSPF Configuration, enter the following information: • In the Router ID field, enter 192.150.9.9. • In the OSPF Admin Mode field, select Enable. • In the RFC 1583 Compatibility field, select Disable. c.
Page 139 Managed Switches b. Scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2. • In the OSPF Admin Mode field, select Enable. •...
Page 140: Ospf On A Border Router
(Netgear Switch) (Config)#ip routing Enable routing and assign IPs for ports 1/0/2, 1/0/3, and 1/0/4. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.130.3.1 255.255.255.0...
Page 141: Web Interface: Configure Ospf On A Border Router
Enable OSPF for the ports, and set the OSPF priority and cost for the ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip ospf (Netgear Switch) (Interface 1/0/2)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface 1/0/2)#ip ospf priority 128 (Netgear Switch) (Interface 1/0/2)#ip ospf cost 32 (Netgear Switch) (Interface 1/0/2)#exit...
Page 142 Managed Switches Click Apply to save the settings. Assign IP address 192.150.2.2 to port 1/0/2. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top.
Page 143 Managed Switches b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.130.3.1. •...
Page 144 Managed Switches A screen similar to the following displays. b. Under OSPF Configuration, enter the following information: • In the Router ID field, enter 192.130.1.1. • In the OSPF Admin Mode field, select Enable. • In the RFC 1583 Compatibility field, select Disable. c.
Page 145 Managed Switches • In the Metric Cost field, enter 32. c. Click Apply to save the settings. Enable OSPF on port 1/0/3. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top.
Page 146: Stub Areas
CLI: Configure Area 1 as a Stub Area on A1 Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Set the router ID to 1.1.1.1. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id 1.1.1.1 Configure area 0.0.0.1 as a stub area (Netgear Switch) (Config-router)#area 0.0.0.1 stub OSPF...
Page 147 (Netgear Switch) (Interface 2/0/19)#ip address 192.168.20.1 255.255.255.0 (Netgear Switch) (Interface 2/0/19)#ip ospf (Netgear Switch) (Interface 2/0/19)#ip ospf areaid 0.0.0.1 (Netgear Switch) (Interface 2/0/19)#exit (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State...
Page 148: Web Interface: Configure Area 1 As A Stub Area On A1
Managed Switches Web Interface: Configure Area 1 as a Stub Area on A1 Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 149 Managed Switches • In the Network Mask field, enter 255.255.255.0. • In the Admin Mode field, select Enable. d. Click Apply to save the settings. Assign IP address 192.168.20.1 to port 2/0/19: a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 150 Managed Switches A screen similar to the following displays. b. Under OSPF Configuration, in the Router ID field, enter 1.1.1.1. c. Click Apply to save the settings. Enable OSPF on the port 2/0/11. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays.
Page 151 Managed Switches A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 2/0/19 check box. Now 2/0/19 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.1. •...
Page 152: Cli: Configure Area 1 As A Stub Area On A2
(Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address 192.168.20.2 255.255.255.0 (Netgear Switch) (Interface 1/0/15)#ip ospf (Netgear Switch) (Interface 1/0/15)#ip ospf areaid 0.0.0.1 (Netgear Switch) (Interface 1/0/15)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #show ip route Total Number of Routes......2...
Page 153: Web Interface: Configure Area 1 As A Stub Area On A2
Managed Switches Web Interface: Configure Area 1 as a Stub Area on A2 Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 154 Managed Switches • In the Network Mask field, enter 255.255.255.0. • In the Admin Mode field, select Enable. d. Click Apply to save the settings. Specify the router ID, and enable OSPF for the switch. a. Select Routing > OSPF > Basic > OSPF Configuration. A screen similar to the following displays.
Page 155: Nssa Areas
Figure 16. NSSA area The example is shown as CLI commands and as a web interface procedure. CLI: Configure Area 1 as an NSSA Area Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config)#ip routing OSPF...
Page 156 Enable area 0.0.0.1 on port 2/0/19. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 2/0/11 (Netgear Switch) (Interface 2/0/11)#routing (Netgear Switch) (Interface 2/0/11)#ip address 192.168.10.1 255.255.255.0 (Netgear Switch) (Interface 2/0/11)#ip ospf (Netgear Switch) (Interface 2/0/11)#exit (Netgear Switch) (Config)#interface 2/0/19 (Netgear Switch) (Interface 2/0/19)#routing (Netgear Switch) (Interface 2/0/19)#ip address 192.168.20.1 255.255.255.0...
Page 157: Web Interface: Configure Area 1 As An Nssa Area On A1
Managed Switches Web Interface: Configure Area 1 as an NSSA Area on A1 Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 158 Managed Switches d. Click Apply to save the settings. Assign IP address 192.168.20.1 to port 2/0/19. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 2/0/19 check box. Now 2/0/19 appears in the Interface field at the top.
Page 159 Managed Switches c. Click Apply to save the settings. Enable OSPF on port 2/0/11. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top.
Page 160: Cli: Configure Area 1 As An Nssa Area On A2
Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#router ospf Set the router ID to 2.2.2.2. (Netgear Switch) (Config-router)#router-id 2.2.2.2 Configure the area 0.0.0.1 as an NSSA area. (Netgear Switch) (Config-router)# area 0.0.0.1 nssa OSPF...
Page 161 Enable OSPF area 0.0.0.1 on port 1/0/15. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#routing (Netgear Switch) (Interface 1/0/11)#ip address 192.168.30.1 255.255.255.0 (Netgear Switch) (Interface 1/0/11)#ip rip (Netgear Switch) (Interface 1/0/11)#exit (Netgear Switch) (Config)#interface 1/0/15 (Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address 192.168.20.2...
Page 162: Web Interface: Configure Area 1 As An Nssa Area On A2
Managed Switches Web Interface: Configure Area 1 as an NSSA Area on A2 Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. mFor Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 163 Managed Switches • In the Network Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Assign IP address 192.168.20.2 to port 1/0/15. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays.
Page 164 Managed Switches A screen similar to the following displays. b. Under OSPF Configuration, in the Router ID field, enter 2.2.2.2. c. Click Apply to save the settings. Enable RIP on port 1/0/11. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays.
Page 165 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. c. Enter the following information: • In the OSPF Area ID field, enter 0.0.0.1. •...
Page 166: Vlan Routing Ospf
Managed Switches A screen similar to the following displays. b. Scroll down and select the RIP check box. Now RIP appears in the Source field at the top. c. Enter the following information: In the Redistribute field, select Enable. d. Under Route Redistribution, in the Available Source list, select RIP. e.
Page 167: Cli: Configure Vlan Routing Ospf
(Netgear Switch) (Interface 1/0/3)#vlan pvid 20 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip address 192.150.4.1 255.255.255.0...
Page 168 (Netgear Switch) (Config router)#exit Enable OSPF for the VLAN and physical router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface vlan 10)#ip ospf (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip ospf areaid 0.0.0.3...
Page 169: Web Interface: Configure Vlan Routing Ospf
Managed Switches Web Interface: Configure VLAN Routing OSPF Configure a VLAN and include ports 1/0/2 in the VLAN. a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 10.
Page 170 Managed Switches c. Click Unit 1. The ports display: Click the gray box under port 3 until T displays. The T specifies that the egress packet is tagged for the port. Click Apply to save the VLAN that includes port 3. Enable OSPF on the switch.
Page 171: Ospfv3
Managed Switches d. Enter the following information: • In the OSPF Area ID field, enter 0.0.0.2. • In the OSPF Admin Mode field, select Enable. • In the Priority field, enter 128. • In the Metric Cost field, enter 32. e.
Page 172: Cli: Configure Ospfv3
(Netgear Switch) (Interface 1/0/1)#ipv6 enable Enable OSPFv3 on the interface 1/0/1, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (Interface 1/0/1)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor Router ID Priority...
Page 173 (Netgear Switch) (Interface 1/0/13)#ipv6 enable Enable OSPFv3 on interface 1/0/13, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/13)#ipv6 ospf (Netgear Switch) (Interface 1/0/13)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor Router ID Priority IntfID...
Page 174: Web Interface: Configure Ospfv3
Managed Switches Web Interface: Configure OSPFv3 Enable IPv6 unicast routing on the switch. Select Routing > IPv6 > Basic > IPv6 Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 175 Managed Switches a. Select Routing > IPv6 > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. c.
Page 176 Managed Switches d. Click Add to save the settings. Enable OSPFv3 on port 1/0/1. a. Select Routing > OSPFv3 > Advanced > Interface Configuration. A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the interface 1/0/1 check box.
Page 177: Chapter 9 Bgp
B o rd er G a te wa y Pro to co l This chapter includes the following sections: • Border Gateway Protocol Concepts • Example1: Configure BGP on Switches A, B, and C in the Same AS • Example 2: Create eBGP on Switches A and D •...
Page 178: Border Gateway Protocol Concepts
AS. Once it is used in an AS, it is called internal BGP or iBGP. In contrast, the BGP used between ASs is called external BGP or eBGP. Note: The NETGEAR ProSafe Managed Switch does not support any version of BGP other than version 4. Note: BGP can be configured through the CLI only.
Page 179: Example1: Configure Bgp On Switches A, B, And C In The Same As
Managed Switches Example1: Configure BGP on Switches A, B, and C in the Same AS iBGP is an internal BGP connection between peers in the same AS. Because AS_PATH does not change in the same AS, iBGP cannot prevent loops as EBGP does. To protect against loops between iBGPs, iBGP does not advertise the routes learned from an iBGP peer to another iBGP peer, which is why iBGP must be fully meshed.
Page 180: Configure Bgp On Switch A
(Netgear Switch) (Interface 1/0/3) #interface vlan 200 (Netgear Switch) (Interface vlan 100) # interface vlan 200 (Netgear Switch) (Interface vlan 200) # ip address 192.168.1.1 /24 (Netgear Switch) (Interface vlan 200) # interface vlan 300 (Netgear Switch) (Interface vlan 300) # ip address 192.168.3.2 /24 Configure the local BGP AS as 100 and the BGP peer as 100.
Page 181: Configure Bgp On Switch B
(Netgear Switch) (Interface 1/0/2) #vlan participation include 300 (Netgear Switch) (Interface 1/0/2) #interface vlan 300 (Netgear Switch) (Interface vlan 300) # ip address 192.168.3.1 /24 (Netgear Switch) (Interface vlan 300) # interface vlan 400 (Netgear Switch) (Interface vlan 400) # ip address 192.168.2.2 /24 Configure the local BGP AS as 100 and the BGP peer as 100.
Page 182: Configure Bgp On Switch C
(Netgear Switch) (Interface 1/0/2) #vlan participation include 400 (Netgear Switch) (Interface 1/0/2) #interface vlan 200 (Netgear Switch) (Interface vlan 200) # ip address 192.168.1.2 /24 (Netgear Switch) (Interface vlan 200) # interface vlan 400 (Netgear Switch) (Interface vlan 400) # ip address 192.168.2.1 /24 Configure the local BGP AS as 100 and the BGP peer as 100.
Page 183 Managed Switches (Netgear Switch) #show ip bgp neighbors 192.168.1.2 Remote Address ........ 192.168.1.2 Remote AS ........100 Peer ID ........192.168.1.2 Peer Admin Status ......START Peer State ........ESTABLISHED Local Interface Address ....... 192.168.1.1 Local Port ........47158 Remote Port ........179 Connection Retry Interval .....
Page 184: Example 2: Create Ebgp On Switches A And D
(Netgear Switch) (Config) #interface 1/0/1 (Netgear Switch) (Interface 1/0/1) #interface 1/0/1 (Netgear Switch) (Interface 1/0/1) #vlan pvid 100 (Netgear Switch) (Interface 1/0/1) #vlan participation include 100 (Netgear Switch) (Interface 1/0/1) #interface vlan 100 (Netgear Switch) (Interface vlan 100) #ip address 172.126.1.1 /24...
Page 185: Configure Ebgp On Switch D
(Netgear Switch) (Interface 1/0/1) #vlan pvid 100 (Netgear Switch) (Interface 1/0/1) #interface 1/0/1 (Netgear Switch) (Interface 1/0/1) #interface vlan 100 (Netgear Switch) (Interface vlan 100) #ip address 172.126.1.2 /24 (Netgear Switch) (Interface vlan 100) #exit (Netgear Switch) (Config) #exit Enable BGP on VLAN 200 on Switch D and using Switch A as an eBGP partner.
Page 186 Managed Switches (Netgear Switch) #show ip bgp neighbors 172.126.1.2 Remote Address ........ 172.126.1.2 Remote AS ........200 Peer ID ........172.126.1.2 Peer Admin Status ......START Peer State ........ESTABLISHED Local Interface Address ....... 172.126.1.1 Local Port ........47038 Remote Port ........179 Connection Retry Interval .....
Page 187: Example 3: Create An Ibgp Connection With A Loopback Interface
IGP protocol such as OSPF or RIP to configure the switch to reach the IP address of loopback interface. Since NETGEAR BGP does not support multihop eBGP, eBGP cannot be established with loopback interface. Configure iBGP on Switch D Create VLAN 200 with IP address 172.126.2.1.
Page 188: Configure Ebgp On Switch E
Managed Switches Create loopback 0. (Netgear Switch) (Config) #interface loopback 0 (Netgear Switch) (Interface loopback 0) #ip address 10.1.1.1 /32 (Netgear Switch) (Interface loopback 0) #exit Create a static route to the loopback interface 0 (10.1.2.1). (Netgear Switch) (Config) #ip route 10.1.2.1 255.255.255.255 172.126.2.2 Create a BGP neighbor with loopback interface (10.1.2.1) in Switch E (configured in the next...
Page 189: Check The Ibgp Status
Create a BGP neighbor with loopback interface on Switch E, (Netgear Switch) (Config) #router bgp 200 (Netgear Switch) (Config-router) # bgp router-id 10.1.2.1 (Netgear Switch) (Config-router) # neighbor 10.1.1.1 remote-as 200 (Netgear Switch) (Config-router) #neighbor 10.1.1.1 update-source loopback 0 Check the iBGP Status Check the iBGP status on Switch D and on Switch E with the same command.
Page 190: Example 4: Configure Reflection For Ibgp
Managed Switches Example 4: Configure Reflection for iBGP AS100 1/0/2 1/0/3 192.168.1.1 192.168.3.2/24 IBPG 1/0/2 1/0/1 192.168.3.1/24 192.168.1.2 1/0/1 192.168.2.2/24 1/0/2 192.168.2.1/24 136.1.1.0/24 172.222.1.0/24 136.1.2.0/24 172.222.2.0/24 136.1.3.0/24 Figure 19. iBGP Topology iBGP must be fully meshed because an iBGP speaker does not advertise the routes learned from another iBGP speaker to a third iBGP speaker.
Page 191: Configure Rr On Switch A
Configure RR on Switch A. Switches B and C are considered reflection clients. (Netgear Switch) (Config) #router bgp 100 (Netgear Switch) (Config-router) #bgp router-id 192.168.1.1 (Netgear Switch) (Config-router) #neighbor 172.126.3.1 remote-as 100 (Netgear Switch) (Config-router) #neighbor 172.12.3.1 route-reflector-client (Netgear Switch) (Config-router) #neighbor 192.168.1.2 remote-as 100 (Netgear Switch) (Config-router) #neighbor 192.168.1.2 route-reflector-client...
Page 192 Create a prefix list and apply it to BGP to permit 136.1.1.0/24 only and deny all other routes from any iBGP neighbor. (Netgear Switch) (Config)#ip prefix-list prefix1 permit 136.1.1.0/24 (Netgear Switch) (Config)#router bgp 100 (Netgear Switch) (Config-router)# distribute-list prefix prefix1 in The following is the IP route table after prefix1 is configured in BGP.
Page 193: Example 6: Filter Routes With As_Path
Managed Switches If you want to filter routes from a specific neighbor, use the following command: (Netgear Switch) (Config-router)#neighbor 36.1.1.2 prefix-list prefix1 in If you want to filter routes that will be sent out to a neighbor, use the option <out>: (Netgear Switch) (Config-router)#distribute-list prefix-list prefix1 out (Netgear Switch) (Config-router)#neighbor 36.1.1.2 prefix-list prefix1 out...
Page 194: Example 7: Filter Routes With Route Maps
Switch A is denied to all of the routes in which AS_PATH contains only 200 and permits others. (Netgear Switch)(Config) #ip as-path access-list 1 deny ^200$ (Netgear Switch)(Config) #ip as-path access-list 1 permit .* (Netgear Switch) (Config-router) #neighbor 172.126.1.2 filter-list 1 in Example 7: Filter Routes with Route Maps You can implement route filters with BGP route maps.
Page 195 Managed Switches Create route-map 1. (Netgear Switch) #config (Netgear Switch) (Config)#ip as-path access-list 1 deny '^200$' (Netgear Switch) (Config)#ip as-path access-list 1 permit '^*' (Netgear Switch) (Config)#route-map route-map1 (Netgear Switch) (route-map)#match as-path 1 Before we apply route-map1 to BGP, the route table is as follows:...
Page 196: Example 8: Exchange Ipv6 Routes Over An Ipv4 Bgp
(Netgear Switch) (Interface 1/0/2) #ipv6 enable (Netgear Switch) (Interface 1/0/2)#ipv6 address 2001:1:1::1/64 Configure IPv6 BGP. (Netgear Switch) (Config) #router bgp 100 (Netgear Switch) (Config-router) #neighbor 2001:1:1::2 remote-as 100 (Netgear Switch) (Config-router) #address-family ipv6 (Netgear Switch) (config-router-af) #neighbor 2001:1:1::2 activate Configure IPv6 BGP on Switch B Enable IPv6 unicast globally.
Page 197 Managed Switches Configure IPv6 BGP. (Netgear Switch) (Config) #router bgp 100 (Netgear Switch) (Config-router) #neighbor 2001:1:1::1 remote-as 100 (Netgear Switch) (Config-router) #address-family ipv6 (Netgear Switch) (config-router-af) #neighbor 2001:1:1::1 activate...
Page 198: Chapter 10 Pbr
Po l i c y - b as e d rou t in g This chapter includes the following sections: • Policy-Based Routing Concept • Route-Map Statements • PBR Processing Logic • PBR Configurations • PBR Example Note: PBR is available on the M6100 series switches only.
Page 199: Policy-Based Routing Concept
PBR. However, this feature is not supported in NETGEAR Software Version 10.2. Starting with Software Version 10.2, the NETGEAR switch supports the route-map infrastructure for BGP. Match parameters defined in this chapter for policy-based routing operate in isolation with BGP.
Page 200: Pbr Processing Logic
Managed Switches The following packet entities are supported in NETGEAR Software Version 10.2 to classify L3 routed traffic: • The size of the packet • Protocol of the payload (Protocol ID field in IP header) • Source MAC address •...
Page 201: Pbr Configurations
Managed Switches The route map with a deny statement uses the following logic: • The incoming packet is matched against the criteria in the match term specified in the route map. This match command can refer to an IP/MAC access list. An ACL that is used in the match term itself has one or more permit or deny rules.
Page 202: Pbr Example
IP address-sensitive routing is achieved through PBR. Create an IP ACL 1 to match 10.1.0.0/16. (Netgear Switch) (Config) #access-list 1 permit 10.1.0.0 0.0.255.255 Create an IP ACL 2 to match 10.2.0.0/16. (Netgear Switch) (Config)#access-list 2 permit 10.2.0.0 0.0.255.255 Create a route map pbr_1 with sequence number 10 to match ip ACL 1.
Page 203 (Netgear Switch) (Interface 1/0/1-1/0/2) #exit (Netgear Switch) (Config) #interface vlan 30 (Netgear Switch) (Interface vlan 30) #routing (Netgear Switch) (Interface vlan 30) #ip address 10.1.1.1 255.0.0.0 (Netgear Switch) (Interface vlan 30) #exit Enable PBR on VLAN 30. (Netgear Switch) (Config) #interface vlan 30...
Page 204: Chapter 11 Arp
Proxy A d dress Res ol ut i o n Pro to co l This chapter includes the following sections: • Proxy ARP Concepts • Proxy ARP Examples...
Page 205: Proxy Arp Concepts
Proxy ARP Examples The following are examples of the commands used in the proxy ARP feature. CLI: show ip interface (Netgear Switch) #show ip interface ? <slot/port> Enter an interface in slot/port format. brief Display summary information about IP configuration settings for all ports.
Page 206: Web Interface: Configure Proxy Arp On A Port
Managed Switches Web Interface: Configure Proxy ARP on a Port Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. Under Configuration, scroll down and select the Interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top.
Page 207: Chapter 12 Vrrp
VRRP V i r t u a l Rou te r Re d un d a nc y Pro to co l This chapter includes the following sections: • Virtual Router Redundancy Protocol Concepts • VRRP on a Master Router •...
Page 208: Virtual Router Redundancy Protocol Concepts
Managed Switches Virtual Router Redundancy Protocol Concepts When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network. If the router goes down, the end station is unable to communicate.
Page 209: Vrrp On A Master Router
1/0/2 is the same as the port’s actual IP address therefore, this router will always be the VRRP master when it is active. The default priority is 255. (Netgear Switch) (Interface 1/0/2)#ip vrrp 20 ip 192.150.2.1 Enable VRRP on the port.
Page 210: Web Interface: Configure Vrrp On A Master Router
Managed Switches Web Interface: Configure VRRP on a Master Router Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 211: Vrrp On A Backup Router
Configure the IP addresses and subnet masks for the port that will participate in the protocol. (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#routing (Netgear Switch) (Interface 1/0/4)#ip address 192.150.4.1 255.255.0.0 (Netgear Switch) (Interface 1/0/4)#exit Enable VRRP for the switch.
Page 212: Web Interface: Configure Vrrp On A Backup Router
1/0/4 is the same as Router 1’s port 1/0/2 actual IP address, this router will always be the VRRP backup when Router 1 is active. (Netgear Switch) (Interface 1/0/4)#ip vrrp 20 ip 192.150.2.1 Set the priority for the port. The default priority is 100.
Page 213 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/4 check box. Now 1/0/4 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.150.4.1. •...
Page 214: Chapter 13 Acls
ACLs A ccess Co n t ro l L i s t s This chapter includes the following sections: • Access Control List Concepts • MAC ACLs • Set Up an IP ACL with Two Rules • One-Way Access Using a TCP Flag in an ACL •...
Page 215: Access Control List Concepts
Managed Switches Access Control List Concepts Access control lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a firewall router or in a router connecting two internal networks. When you configure ACLs, you can selectively admit or reject inbound traffic, thereby controlling access to your network or to specific resources on your network.
Page 216: Ip Acls
Managed Switches IP ACLs IP ACLs classify for Layer 3. Each ACL is a set of up to 10 rules applied to inbound traffic. Each rule specifies whether the contents of a given field should be used to permit or deny access to the network, and can apply to one or more of the following fields within a packet: •...
Page 217: Cli: Set Up An Ip Acl With Two Rules
IP address. Enter these commands: (Netgear Switch) #config (Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Define the second rule for ACL 101 to set conditions for UDP traffic similar to those for TCP traffic.
Page 218: Web Interface: Set Up An Ip Acl With Two Rules
Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip access-group 101 in (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Set Up an IP ACL with Two Rules Create IP ACL 101 on the switch.
Page 219 Managed Switches c. Click Add to create a new rule. Create a new ACL rule and add it to ACL 101. a. After you click the Add button in step 2, a screen similar to the following displays. a. In the Extended ACL Rule Configuration, enter the following information: •...
Page 220 Managed Switches • In the Source IP Address field, enter 192.168.77.0. • In the Source IP Mask field, enter 0.0.0.255. • In the Destination IP Address field, enter 192.178.77.0. • In the Destination IP Mask field, enter 0.0.0.255. c. Click Apply to save the settings. Apply ACL 101 to port 2.
Page 221: One-Way Access Using A Tcp Flag In An Acl
Managed Switches One-Way Access Using a TCP Flag in an ACL This example shows how to set up one-way access using a TCP flag in an ACL. PC 1 can access FTP server 1 and FTP server 2, but PC 2 can access only FTP server 2. Port 1/0/24 Port 0/13 192.168.40.2...
Page 222 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/35 (Netgear Switch) (Interface 0/35)#vlan pvid 30 (Netgear Switch) (Interface 0/35)#vlan participation include 30 (Netgear Switch) (Interface 0/35)#exit (Netgear Switch) (Config)#interface vlan 30 (Netgear Switch) (Interface-vlan 30)#routing (Netgear Switch) (Interface-vlan 30)#ip address 192.168.30.1 255.255.255.0...
Page 223 (Netgear Switch) (Config)#ip route 192.168.50.0 255.255.255.0 192.168.200.2 Create an ACL that denies all the packets with TCP flags +syn-ack. (Netgear Switch) (Config)#access-list 101 deny tcp any flag +syn -ack Create an ACL that permits all the IP packets. (Netgear Switch) (Config)#access-list 102 permit ip any Apply ACLs 101 and 102 to port 0/44;...
Page 224 (Netgear Switch) (Vlan)#vlan routing 40 (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan pvid 40 (Netgear Switch) (Interface 1/0/24)#vlan participation include 40 (Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch) (Config)#interface vlan 40 (Netgear Switch) (Interface-vlan 40)#routing (Netgear Switch) (Interface-vlan 40)#ip address 192.168.40.1 255.255.255.0 (Netgear Switch) (Interface-vlan 40)#exit Create VLAN 50 with port 1/0/25 and assign IP address 192.168.50.1/24.
Page 225: Web Interface: Configure One-Way Access Using A Tcp
(Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#vlan routing 200 (Netgear Switch) (Config)#interface 1/0/48 (Netgear Switch) (Interface 1/0/48)#vlan pvid 200 (Netgear Switch) (Interface 1/0/48)#vlan participation include 200 (Netgear Switch) (Interface 1/0/48)#exit (Netgear Switch) #interface vlan 200 (Netgear Switch) (Interface-vlan 200)#routing (Netgear Switch) (Interface-vlan 200)#ip address 192.168.200.2 255.255.255.0...
Page 226 Managed Switches b. In the VLAN Routing Wizard, enter the following information: • In the Vlan ID field, enter 30. • In the IP Address field, enter 192.168.30.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d.
Page 227 Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 200. • In the IP Address field, enter 192.168.200.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d.
Page 228 Managed Switches Add a static route with IP address 192.268.40.0/24: a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b. Under Configure Routes, make the following selection and enter the following information: •...
Page 229 Managed Switches Create an ACL with ID 101. a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL Table, in the IP ACL ID field, enter 101. c. Click Add. Create an ACL with ID 102.
Page 230 Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID list, select 101. c. Click Add. A screen similar to the following displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 231 Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID list, select 102. c. Click Add. A screen similar to the following displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 232 Managed Switches A screen similar to the following displays. b. Under Binding Configuration, specify the following: • In the ACL ID list, select 101. • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d. Click the gray box under port 44. A check mark displays in the box. e.
Page 233 Managed Switches Configuring the Switch B Create VLAN 40 with IP address 192.168.40.1/24. a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 40. •...
Page 234 Managed Switches c. Click Unit 1. The ports display. d. Click the gray box under port 25 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 50. Create VLAN 200 with IP address 192.168.200.2/24.
Page 235 Managed Switches b. Under Configure Routes, make the following selections and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.100.0. • In the Subnet Mask field, enter 255.255.255.0. • In the Next Hop IP Address field, enter 192.168.200.1.
Page 236: Use Acls To Configure Isolated Vlans On A Layer 3 Switch
Managed Switches Use ACLs to Configure Isolated VLANs on a Layer 3 Switch This example shows how to isolate VLANs on a Layer 3 switch by using ACLs. In this example, PC 1 is in VLAN 24, PC 2 is in VLAN 48, and the server is in VLAN 38. PC 1 and PC 2 are isolated by an ACL but can both access the server.
Page 237: Cli: Configure One-Way Access Using A Tcp Flag In Acl Commands
(Netgear Switch) (Vlan)#vlan routing 24 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 24 (Netgear Switch) (Interface 1/0/24)#vlan pvid 24 (Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch) (Config)#interface vlan 24 (Netgear Switch) (Interface-vlan 24)#routing (Netgear Switch) (Interface-vlan 24)#ip address 192.168.24.1 255.255.255.0...
Page 238 (Netgear Switch) (Config)#ip route default 10.100.5.252 Create ACL 101 to deny all traffic that has the destination IP address 192.168.24.0/24. (Netgear Switch) (Config)#access-list 101 deny ip any 192.168.24.0 0.0.0.255 Create ACL 102 to deny all traffic that has the destination IP address 192.168.48.0/24.
Page 239: Web Interface: Configure One-Way Access Using A Tcp
Managed Switches Deny all traffic with the destination IP address 192.168.48.0/24, and permit all other traffic. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#ip access-group 102 in 1 (Netgear Switch) (Interface 1/0/24)#ip access-group 103 in 2 (Netgear Switch) (Interface 1/0/24)#exit Deny all traffic with the destination IP address 192.168.24.0/24, and permit all other traffic.
Page 240 Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 48. • In the IP Address field, enter 192.168.48.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d.
Page 241 Managed Switches e. Click Apply to save VLAN 38. Enable IP routing: a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. Under IP Configuration, make the following selections: • For Routing Mode, select the Enable radio button. •...
Page 242 Managed Switches A screen similar to the following displays. b. In the IP ACL Table, in the IP ACL ID field, enter 102. c. Click Add. Create an ACL with ID 103. a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays.
Page 243 Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 101. c. Click Add. A screen similar to the following displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 244 Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 102. c. Click Add. A screen similar to the following displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 245 Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 103. c. Click Add. A screen similar to the following displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: •...
Page 246 Managed Switches A screen similar to the following displays. b. Under Binding Configuration, make the following selection and enter the following information: • In the ACL ID field, select 102. • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d.
Page 247: Set Up A Mac Acl With Two Rules
CLI: Set up a MAC ACL with Two Rules Create a new MAC ACL acl_bpdu. (Netgear Switch) # (Netgear Switch) #config (Netgear Switch) (Config)#mac access-list extended acl_bpdu Deny all the traffic that has destination MAC 01:80:c2:xx:xx:xx. (Netgear Switch) (Config-mac-access-list)#deny any 01:80:c2:00:00:00 00:00:00:ff:ff:ff...
Page 248: Web Interface: Set Up A Mac Acl With Two Rules
(Netgear Switch) (Config-mac-access-list)#exit Apply the MAC ACL acl_bpdu to port 1/0/2. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#mac access-group acl_bpdu in Web Interface: Set up a MAC ACL with Two Rules Create MAC ACL 101 on the switch. a. Select Security > ACL > MAC ACL.
Page 249 Managed Switches A screen similar to the following displays. a. In the ACL Name field, select acl_bpdu. b. In the Action field, select Deny. c. Enter the following information in the Rule Table. • In the ID field, enter 1. •...
Page 250: Acl Mirroring
Managed Switches c. Click the Add button. Apply the ACL acl_bpdu to port 2. a. Select Security > ACL > MAC ACL > MAC Binding Configuration. A screen similar to the following displays. b. Enter the following information in the MAC Binding Configuration. •...
Page 251: Cli: Configure Acl Mirroring
Create an IP access control list with the name monitorHost. (Netgear Switch) (Config)# ip access-list monitorHost Define the rules to match host 10.0.0.1 and to permit all others. (Netgear Switch) (Config-ipv4-acl)# permit ip 10.0.0.1 0.0.0.0 any mirror 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every ACLs...
Page 252 Managed Switches Bind the ACL with interface 1/0/1. (Netgear Switch) (Interface 1/0/1)#ip access-group monitorHost in 1 View the configuration. (Netgear Switch) # show ip access-lists Current number of ACLs: 1 Maximum number of ACLs: 100 ACL ID/Name Rules Direction Interface(s)
Page 253: Web Interface: Configure Acl Mirroring
Managed Switches Web Interface: Configure ACL Mirroring Create an IP access control list with the name monitorHost on the switch. a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL ID field, enter monitorHost. c.
Page 254 Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. c. In the Rule ID field, enter 1. d. For Action, select the Permit radio button. e. In the Mirror Interface list, select 1/0/19. f.
Page 255 Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. c. In the Rule ID field, enter 2. d. Select the Permit radio button. e. In the Match Every field, select True. f.
Page 256: Acl Redirect
Managed Switches Bind the ACL with interface 1/0/1. a. Select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. b. In the Sequence Number field, enter 1. c. In the Port Selection Table, click Unit 1 to display all the ports for the device. d.
Page 257: Cli: Redirect A Traffic Stream
(Netgear Switch) (Config)#ip access-list redirectHTTP Define a rule to match the HTTP stream and define a rule to permit all others. (Netgear Switch) (Config-ipv4-acl)# permit tcp any any eq http redirect 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every Bind the ACL with interface 1/0/1.
Page 258: Web Interface: Redirect A Traffic Stream
Managed Switches Web Interface: Redirect a Traffic Stream This example redirects the HTTP traffic stream received in port 1/0/1 to port 1/0/19. Create an IP access control list with the name redirectHTTP. a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays.
Page 259 Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. c. In the Rule ID field, enter 1. d. In the protocol field, select www-http. e. For Action, select the Permit radio button. f.
Page 260 Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. c. In the Rule ID field, enter 2. d. For Action, select the Permit radio button. e. In the Match Every field, select True. f.
Page 261: Configure A Management Acl
Permit any host to access the managed VLAN IP address of 169.254.100.100 through a Telnet or HTTP connection: (Netgear Switch) (Config)#ip access-list acl_for_cpu (Netgear Switch) (Config-ipv4-acl)#permit tcp any 169.254.100.100 0.0.0.0 eq telnet (Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq http (Netgear Switch) (Config-ipv4-acl)#permit tcp any 169.254.100.100 0.0.0.0 eq http...
Page 262: Example 2: Permit A Specific Host To Access The Switch
Permit a specific host access the switch over an SSH connection only. (Netgear Switch) (Config)#ip access-list acl_for_cpu (Netgear Switch) (Config-ipv4-acl)#permit tcp 10.100.5.13 0.0.0.0 any eq ssh (Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq ssh (Netgear Switch) (Config-ipv4-acl)#permit every (Netgear Switch) (Config-ipv4-acl)#exit (Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane...
Page 263: Cli: Configure An Ipv6 Acl
Rule-3. Permits IPv6 HTTP traffic to any destination. CLI: Configure an IPv6 ACL Create the access control list with the name ipv6-acl. (Netgear Switch) (Config)# ipv6 access-list ipv6-acl Define three rules to: • Permit any IPv6 traffic to the destination network 2001:DB8:C0AB:AC14::/64 from the source network 2001:DB8:C0AB:AC11::/64.
Page 264 2001:DB8:C0AB:AC14::/64 (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 2001:DB8:C0AB:AC13::/64 eq telnet (Netgear Switch) (Config-ipv6-acl)# permit tcp 2001:DB8:C0AB:AC11::/64 any eq http Apply the rules to inbound traffic on port 1/0/1. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/1...
Page 265: Web Interface: Configure An Ipv6 Acl
Managed Switches Rule Number: 3 Action......... permit Protocol........6(tcp) Source IP Address......2001:DB8:C0AB:AC11::/64 Destination L4 Port Keyword....80(www/http) Web Interface: Configure an IPv6 ACL Create the access control list with the name ipv6-acl a. Select Security > ACL > Advanced > IPv6 ACL. b.
Page 266 Managed Switches A screen similar to the following displays. b. In the ACL Name list, select ipv6-acl. c. Click Add. A screen similar to the following displays. d. In the Rule ID field, enter 1. e. For Action, select the Permit radio button. f.
Page 267 Managed Switches A screen similar to the following displays. b. In the ACL Name list, select ipv6-acl. c. Click Add. A screen similar to the following displays. d. In the Rule ID field, enter 2. e. For Action, select the Permit radio button. f.
Page 268 Managed Switches A screen similar to the following displays. b. In the ACL Name list, select ipv6-acl. c. Click Add. A screen similar to the following displays. d. In the Rule ID field, enter 3. e. For Action, select the Permit radio button. f.
Page 269 Managed Switches A screen similar to the following displays. f. Click the Apply button. View the binding table. Select Security > ACL > Advanced > Binding Table. A screen similar to the following displays. ACLs...
Page 270: Chapter 14 Cos Queuing
CoS Queuing C l a ss of Se r vi ce Qu eui ng This chapter describes Class of Service (CoS) queue mapping, CoS Configuration, and traffic shaping features. The chapter includes the following sections: • CoS Queuing Concepts • Show classofservice Trust •...
Page 271: Cos Queuing Concepts
Managed Switches CoS Queuing Concepts Each port has one or more queues for packet transmission. During configuration, you can determine the mapping and configuration of these queues. Based on the service rate and other criteria you configure, queues provide preference to specified packets.
Page 272: Untrusted Ports
Managed Switches Untrusted Ports • No incoming packet priority designation is trusted; therefore, the default priority value for the port is used. • All ingress packets from untrusted ports, where the packet is classified by an ACL or a DiffServ policy, are directed to specific CoS queues on the appropriate egress port. That specific CoS queue is determined by either the default priority of the port or a DiffServ or ACL-assigned queue attribute.
Page 273: Show Classofservice Trust
The example is shown as CLI commands and as a web interface procedure. CLI: Show classofservice Trust To use the CLI to show CoS trust mode, use these commands: (Netgear Switch) #show classofservice trust? <cr> Press Enter to execute the command.
Page 274: Web Interface: Set Classofservice Trust Mode
Enter the minimum bandwidth percentage for Queue 0. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict? <queue-id> Enter a Queue Id from 0 to 7.
Page 275 Managed Switches A screen similar to the following displays. b. In the Queue ID list, select 0. c. Under Interface Queue Configuration, scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. d.
Page 276: Set Cos Trust Mode For An Interface
Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p Note: The traffic class value range is 0–-6 instead of 0–-7 because queue 7...
Page 277: Configure Traffic Shaping
CLI: Configure traffic-shape (Netgear Switch) (Config)#traffic-shape? <bw> Enter the shaping bandwidth percentage from 0 to 100 in increments of 5. (Netgear Switch) (Config)#traffic-shape 70? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#traffic-shape 70 (Netgear Switch) (Config)# Web Interface: Configure Traffic Shaping Set the shaping bandwidth percentage to 70 percent.
Page 278: Chapter 15 Diffserv
DiffServ D i f fere n t i a te d Se r vi ces This chapter includes the following sections: • Differentiated Services Concepts • DiffServ • DiffServ for VoIP • Auto VoIP • DiffServ for IPv6 • Color Conform Policy...
Page 279: Differentiated Services Concepts
Managed Switches Differentiated Services Concepts Differentiated services (DiffServ) is one technique for implementing Quality of Service (QoS) policies. Using DiffServ in your network allows you to directly configure the relevant parameters on the switches and routers rather than using a resource reservation protocol.This section explains how to configure the managed switch to identify which traffic class a packet belongs to, and how it should be handled to provide the quality of service you want.
Page 280: Diffserv
Figure 27. Class B subnet with differentiated services The example is shown as CLI commands and as a web interface procedure. CLI: Configure DiffServ Ensure that the DiffServ operation is enabled for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#diffserv DiffServ...
Page 281 Create a DiffServ class of type all for each of the departments, and name them. Define the match criteria of source IP address for the new classes. (Netgear Switch) (Config)#class-map match-all finance_dept (Netgear Switch) (Config class-map)#match srcip 172.16.10.0 255.255.255.0 (Netgear Switch) (Config class-map)#exit (Netgear Switch) (Config)#class-map match-all marketing_dept (Netgear Switch) (Config class-map)#match srcip 172.16.20.0 255.255.255.0...
Page 282 It is presumed that the switch will forward this traffic to interface 1/0/5 based on a normal destination address lookup for Internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit...
Page 283: Web Interface: Configure Diffserv
Managed Switches Web Interface: Configure DiffServ Enable Diffserv. a. Select QoS > DiffServ > Basic > DiffServ Configuration. A screen similar to the following displays. b. For Diffserv Admin Mode, select the Enable radio button. c. Click Apply to save the settings. Create the class finance_dept.
Page 284 Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.10.0. • In the Source Mask field, enter 255.255.255.0. f. Click Apply. Create the class marketing_dept: a.
Page 285 Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.20.0. • In the Source Mask field, enter 255.255.255.0. f. Click Apply. Create the class test_dept: a.
Page 286 Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.30.0. • In the Source Mask field, enter 255.255.255.0. f. Click Apply. Create class development_dept. a.
Page 287 Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.40.0. • In the Source Mask field, enter 255.255.255.0. f. Click Apply. Create a policy named internet_access and add the class finance_dept to it. a.
Page 288 Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the internet_access check box. internet_access now appears in the Policy Selector field at the top. c. In the Member Class list, select marketing_dept. d.
Page 289 Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the internet_access check box. Now internet_access appears in the Policy Selector field at the top. c. In the Member Class list, select development_dept. d.
Page 290 Managed Switches A screen similar to the following displays. c. In the Assign Queue list, select 1. d. Click Apply. Assign queue 2 to marketing_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b.
Page 291 Managed Switches A screen similar to the following displays. c. In the Assign Queue list, select 2. d. Click Apply. Assign queue 3 to test_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b.
Page 292 Managed Switches A screen similar to the following displays. c. In the Assign Queue list, select 3. d. Click Apply. Assign queue 4 to development_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b.
Page 293 Managed Switches A screen similar to the following displays. c. In the Assign Queue list, select 4. d. Click Apply. Attach the defined policy to interfaces 1/0/1 through 1/0/4 in the inbound direction. a. Select QoS > DiffServ > Advanced > Service Configuration. A screen similar to the following displays.
Page 294 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/5 check box. Now 1/0/5 appears in the Interface field at the top. c. In the Queue ID list, select 1. d. In the Minimum Bandwidth field, enter 25. e.
Page 295 Managed Switches A screen similar to the following displays. b. Under Interface Queue Configuration, scroll down and select the interface 1/0/5 check box. Now 1/0/5 appears in the Interface field at the top. c. In the Queue ID list, select 3. d.
Page 296: Diffserv For Voip
Enter Global configuration mode. Set queue 5 on all ports to use strict priority mode. This queue will be used for all VoIP packets. Activate DiffServ for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#cos-queue strict 5 (Netgear Switch) (Config)#diffserv DiffServ...
Page 297 (Netgear Switch) (Config)#class-map match-all class_ef (Netgear Switch) (Config class-map)#match ip dscp ef (Netgear Switch) (Config class-map)#exit Create a DiffServ policy for inbound traffic named pol_voip, then add the previously created classes class_ef and class_voip as instances within this policy.
Page 298: Web Interface: Diffserv For Voip
Managed Switches Web Interface: Diffserv for VoIP Set queue 5 on all interfaces to use strict mode. a. Select QoS > CoS > Advanced > CoS Interface Configuration. A screen similar to the following displays. b. Under Interface Queue Configuration, select all the interfaces. c.
Page 299 Managed Switches A screen similar to the following displays. b. In the Class Name field, enter class_voip. c. In the Class Type list, select All. Click Add to create a new class. e. Click class_voip. A screen similar to the following displays. f.
Page 300 Managed Switches A screen similar to the following displays. b. In the Class Name field, enter class_ef. c. In the Class Type list, select All. Click Add to create a new class. e. Click class_ef. A screen similar to the following displays. f.
Page 301 Managed Switches A screen similar to the following displays. b. In the Policy Selector field, enter pol_voip. c. In the Member Class list, select class_voip. d. Click Add to create a new policy. e. Click the pol_voip whose class member is class_voip. A screen similar to the following displays.
Page 302 Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the pol_voip check box. Pol_voip now appears in the Policy Selector field at the top. c. In the Member Class list, select class_ef in. Click Apply to add the class class_ef to the policy pol_voip.
Page 303: Auto Voip
Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. c. In the Policy In list, select pol_voip. d. Click Apply to create a new policy. Auto VoIP The Auto VoIP feature makes it easy to set up voice over IP (VoIP) for IP phones on a switch.
Page 304: Oui-Based Auto Voip
Managed Switches The ports on which you configure protocol-based Auto VoIP are made members of the voice VLAN automatically. By default, no VLAN is used for the voice VLAN. You must create a voice VLAN first. OUI-Based Auto VoIP OUI-based Auto VoIP prioritizes VoIP packets based on the bytes of the organizationally unique identifiers (OUIs) in the source MAC address.
Page 305: Example 1: Enable Protocol-Based Auto Voip
This example is provided as CLI commands and as a web interface procedure. CLI: Protocol-Based Auto VoIP This script in this section shows how to set up Auto VoIP per port. Enable protocol-based Auto VoIP on a specific port of the switch. (Netgear Switch)(Configure)#interface 2/0/1 (Netgear Switch)(Interface 2/0/1)#auto-voip protocol-based DiffServ...
Page 306: Example 2: Change The Queue Of Protocol-Based Auto Voip
Managed Switches Display the Auto VoIP information. (Netgear Switch) #show auto-voip protocol-based interface 2/0/1 VoIP VLAN Id........2 Prioritization Type......traffic-class Class Value........6 Interface Auto VoIP Mode Operational Status --------- -------------- ----------------- 2/0/1 Enabled Web Interface: Configure Protocol-Based Auto VoIP Enable protocol-based Auto VoIP on a specific port of the switch: a.
Page 307 Managed Switches Change the egress queue of protocol-based Auto VoIP. (Netgear Switch) (Config)#auto-voip protocol-based traffic-class 4 Display the Auto VoIP information. (Netgear Switch) #show auto-voip protocol-based interface 2/0/1 VoIP VLAN Id........2 Prioritization Type......traffic-class Class Value........4 Interface Auto VoIP Mode Operational Status...
Page 308: Example 3: Create An Auto Voip Vlan
Assign the VoIP traffic to VLAN 5, which becomes the VoIP VLAN. (Netgear Switch) (Config)#auto-voip vlan 5 Display the protocol-based Auto VoIP information. (Netgear Switch) #show auto-voip protocol-based interface 2/0/1 VoIP VLAN Id........5 Prioritization Type......traffic-class Class Value........6...
Page 309 Managed Switches Web Interface: Change the Auto VoIP VLAN Create a VLAN 5: a. Select Switching > VLAN > Basic > Vlan Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 5. c. Click Add. Assign the VoIP traffic to VLAN 5.
Page 310: Diffserv For Ipv6
The script in this section shows how to prioritize ICMPv6 traffic over other IPv6 traffic. Create the IPv6 class classicmpv6. (Netgear Switch) (Config)# class-map match-all classicmpv6 ipv6 Define matching criteria as protocol ICMPv6. (Netgear Switch) (Config-classmap) # match protocol 58...
Page 311: Web Interface: Configure Diffserv For Ipv6
(Netgear Switch) (Config-policy-map)# exit Attach the policy policy_icmpv6 to interfaces 1/0/1,1/0/2 and 1/0/3: (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# service-policy in policyicmpv6 (Netgear Switch) (Interface 1/0/1)# exit (Netgear Switch) (Config)# interface 1/0/2 (Netgear Switch) (Interface 1/0/2)# service-policy in policyicmpv6...
Page 312 Managed Switches A screen similar to the following displays. d. Click Add to create the IPv6 class. A screen similar to the following displays. Define matching criteria as protocol ICMPv6. a. Select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays.
Page 313 Managed Switches A screen similar to the following displays. c. Select the Protocol Type radio button, select Other, and enter 58. A screen similar to the following displays. DiffServ...
Page 314 Managed Switches d. Click the Apply button. Create the policy policyicmpv6, and associate the previously created class classicmpv6. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Name field, enter policyicmpv6. c.
Page 315 Managed Switches A screen similar to the following displays. e. Click Add. Set the attribute as assign queue 6. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Click the policy policyicmpv6. c.
Page 316 Managed Switches A screen similar to the following displays. d. Click Apply. Attach the policy policyicmpv6 to interfaces 1/0/1,1/0/2 and 1/0/3. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. In the Policy Name list, select policyicmpv6. c.
Page 317: Color Conform Policy
Managed Switches A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. Color Conform Policy This example shows how to create a policy to police the traffic to a committed rate. The packets with IP precedence value of 7 are colored green to ensure that these packets are the last to be dropped when there is congestion.
Page 318: Cli: Configure A Color Conform Policy
(Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#vlan participation include 5 (Netgear Switch) (Interface 1/0/13)#vlan tagging 5 (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface 1/0/25 (Netgear Switch) (Interface 1/0/25)#vlan participation include 5...
Page 319: Web Interface: Configure A Color Conform Policy
Managed Switches Apply this policy to port 1/0/13. (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#service-policy in policy_vlan (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#exit Web Interface: Configure a Color Conform Policy Create a VLAN. a. Select Switching > VLAN > Basic > VLAN Configuration.
Page 320 Managed Switches d. Click the gray boxes under ports 13 and 25 until T displays. The T specifies that the egress packet is tagged for the port. e. Click Apply. Create a class class_vlan: a. Select QoS > DiffServ > Advanced > Class Configuration. A screen similar to the following displays.
Page 321 Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, in the VLAN field, enter 5. f. Click Apply. Create a class class_color. a. Select QoS > DiffServ > Advanced > Class Configuration. A screen similar to the following displays. b.
Page 322 Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, in the Precedence Value list, select 7. f. Click Apply. Create a policy policy_vlan. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b.
Page 323 Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the policy_vlan check box. c. In the Member Class field, enter class_vlan. d. Click Apply. Configure policy_vlan. a. Select QoS > DiffServ > Advanced > Policy Configuration. b.
Page 324 Managed Switches Apply policy_vlan to interface 1/0/13. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. Under Service Interface Configuration, scroll down and select the Interface 1/0/13 check box. c. In the Policy Name list, select policy_vlan. d.
Page 325: Chapter 16 Igmp Snooping And Querier
IGMP Snooping and Querier I n ter n e t Grou p M an ag eme nt Pro to co l fea tu re s This chapter includes the following sections: • Internet Group Management Protocol Concepts • IGMP Snooping •...
Page 326: Internet Group Management Protocol Concepts
Managed Switches Internet Group Management Protocol Concepts NETGEAR implements Internet Group Management Protocol (IGMP) in the following way: • IGMP uses version 1, version 2, or version 3. • IGMP includes snooping. • You can enable IGMP snooping on a per-VLAN basis.
Page 327: Show Igmpsnooping
Managed Switches Show igmpsnooping The example is shown as CLI commands and as a web interface procedure. CLI: Show igmpsnooping (Netgear Switch) #show igmpsnooping Admin Mode........Disable Multicast Control Frame Count....0 Interfaces Enabled for IGMP Snooping... None VLANs enabled for IGMP snooping....None Web Interface: Show igmpsnooping Select Switching >...
Page 328: Show Mac-Address-Table Igmpsnooping
Show mac-address-table igmpsnooping The example is shown as CLI commands and as a web interface procedure. CLI for IGMPv1 and IGMPv2: Show mac-address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? <cr> Press Enter to execute the command. (Netgear Switch) #show mac-address-table igmpsnooping...
Page 329: Web Interface: Show Mac-Address-Table Igmpsnooping
This example configures the interface as the one the multicast router is attached to. All IGMP packets that are snooped by the switch are forwarded to the multicast router that is reachable from this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter interface Web Interface: Configure the Switch with an External Multicast Router Select Switching >...
Page 330: Multicast Router Using Vlan
This example configures the interface to forward only the snooped IGMP packets that come from VLAN ID (<VLAN Id>) to the multicast router attached to this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter 2 Web Interface: Configure the Switch with a Multicast Router Using VLAN Select Switching >...
Page 331: Igmp Querier Concepts
Managed Switches IGMP Querier Concepts When the switch is used in network applications where video services such as IPTV, video streaming, and gaming are deployed, the video traffic is normally flooded to all connected ports because such traffic packets usually have multicast Ethernet addresses. IGMP snooping can be enabled to create a multicast group to direct that traffic only to those users that require it.
Page 332: Enable Igmp Querier
(Netgear switch) (vlan)#set igmp querier 1 (Netgear switch) (vlan)#exit (Netgear switch) #config (Netgear switch) (config)#set igmp querier (Netgear switch) (config)#set igmp querier address 10.10.10.1 (Netgear switch) (config)#exit Web Interface: Enable IGMP Querier Select Switching > Multicast > IGMP VLAN Configuration.
Page 333 Managed Switches A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 1. • In the Admin Mode field, select Enable. c. Click Add. Enable the IGMP snooping querier globally. a. Select Switching > Multicast > IGMP Snooping > IGMP VLAN Configuration. A screen similar to the following displays.
Page 334: Show Igmp Querier Status
The example is shown as CLI commands and as a web interface procedure. CLI: Show IGMP Querier Status To see the IGMP querier status, use the following command. (Netgear Switch) #show igmpsnooping querier vlan 1 VLAN 1 : IGMP Snooping querier status ---------------------------------------------- IGMP Snooping Querier VLAN Mode....
Page 335: Web Interface: Show Igmp Querier Status
Managed Switches Web Interface: Show IGMP Querier Status Select Switching > Multicast > IGMP Snooping > Querier Configuration. A screen similar to the following displays. Click Refresh. IGMP Snooping and Querier...
Page 336: Chapter 17 Mvr
Multicast VL AN Registration This chapter includes the following sections: • Multicast VLAN Registration • Configure MVR in Compatible Mode • Configure MVR in Dynamic Mode...
Page 337: Multicast Vlan Registration
Managed Switches Multicast VLAN Registration The IGMP Layer 3 protocol is widely used for IPv4 network multicasting. In Layer 2 networks, the IGMP protocol uses resources inefficiently. For example, a Layer 2 switch multicast traffic to all ports even if there are receivers connected to only a few ports. To fix this problem, the IGMP snooping protocol was developed.
Page 338: Configure Mvr In Compatible Mode
Managed Switches Multicast source IGMP (GSM7328Sv2) SP (VLAN999) SP (VLAN 999) MVR (GSM7212P) RP (VLAN 1001) RP (VLAN 1003) RP (VLAN 1002) Multicast client Multicast client Multicast client Figure 32. Network configured for MVR Note: The following examples show how to configure the MVR on the MVR switch (GSM7212P in this case).
Page 339: Cli: Configure Mvr In Compatible Mode
(Netgear Switch) (Config)#mvr vlan 999 (Netgear Switch) (Config)#mvr group 224.1.2.3 Configure multicast VLAN on the source port. (Netgear Switch) (Config)#interface 0/9 (Netgear Switch) (Interface 0/9)#vlan participation include 999 (Netgear Switch) (Interface 0/9)#vlan tagging 999 (Netgear Switch) (Interface 0/9)#mvr (Netgear Switch) (Interface 0/9)#mvr type source (Netgear Switch) (Interface 0/9)#exit Configure the receive ports.
Page 340 (Netgear Switch) (Interface 0/1)#vlan participation exclude 1 (Netgear Switch) (Interface 0/1)#mvr (Netgear Switch) (Interface 0/1)#mvr type receiver (Netgear Switch) (Interface 0/1)#mvr vlan 999 group 224.1.2.3 (Netgear Switch) (Interface 0/1)#exit (Netgear Switch) (Config)#interface 0/5 (Netgear Switch) (Interface 0/5)#vlan participation include 1002...
Page 341: Web Interface: Configure Mvr In Compatible Mode
Managed Switches Web Interface: Configure MVR in Compatible Mode Create MVLAN 999, VLAN1 1001, VLAN2 1002 and VLAN3 1003. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 999, and in the VLAN Name field, enter mVlan. c.
Page 342 Managed Switches Enable MVR and multicast VLAN a. Select Switching > MVR > Basic > MVR Configuration. A screen similar to the following displays. b. For MVR Running, select Enable. c. In the MVR Multicast VLAN field, enter 999. d. Click Apply. Add multicast group 224.1.2.3 to MVR.
Page 343 Managed Switches A screen similar to the following displays. b. Under MVR Interface Configuration, scroll down and select the Interface 0/1, 0/5 and 0/7 check boxes. c. Enter the following information: • In the Admin Mode list, select Enable. • In the Type list, select Receiver.
Page 344: Configure Mvr In Dynamic Mode
IGMP router on the Multicast VLAN (with appropriate translation of the VLAN ID). Create MVLAN, VLAN1, VLAN2, and VLAN3. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 999,1001, 1002, 1003 (Netgear Switch) (Vlan)#vlan name 999 mVlan (Netgear Switch) (Vlan)#vlan name 1001 Vlan1...
Page 345 Configure MVR in dynamic mode. (Netgear Switch) (Config)#mvr mode dynamic Configure multicast VLAN on the source port. (Netgear Switch) (Config)#interface 0/9 (Netgear Switch) (Interface 0/9)#vlan participation include 999 (Netgear Switch) (Interface 0/9)#vlan tagging 999 (Netgear Switch) (Interface 0/9)#mvr (Netgear Switch) (Interface 0/9)#mvr type source (Netgear Switch) (Interface 0/9)#exit Configure the receive ports.
Page 346 Managed Switches (Netgear Switch) (Config)#interface 0/1 (Netgear Switch) (Interface 0/1)#vlan participation include 1001 (Netgear Switch) (Interface 0/1)#vlan pvid 1001 (Netgear Switch) (Interface 0/1)#vlan participation exclude 1 (Netgear Switch) (Interface 0/5)#mvr (Netgear Switch) (Interface 0/1)#mvr type receiver (Netgear Switch) (Interface 0/1)#exit...
Page 347: Web Interface: Configure Mvr In Dynamic Mode
Managed Switches After port 0/1 receive IGMP report for Multicast Group 224.1.2.3, it will be added to the MVR Group 224.1.2.3. (Netgear Switch) #show mvr members MVR Group IP Status Members --------------- --------------- ---------------------------------- 224.1.2.3 ACTIVE 0/1(d) Web Interface: Configure MVR in Dynamic Mode Create MVLAN 999, VLAN1 1001, VLAN2 1002, and VLAN3 1003.
Page 348 Managed Switches A screen similar to the following displays. g. In the VLAN ID list, select 999. h. Click Unit 1. The ports display. Click the gray boxes under port 9 until T displays. The T specifies that the egress packet is tagged for the ports.
Page 349 Managed Switches Add multicast group 224.1.2.3 to the MVR. a. Select Switching > MVR > Basic > MVR Group Configuration. A screen similar to the following displays. b. In the MVR Group IP field, enter 224.1.2.3. c. Click Add. Configure a receiver on interface 0/1, 0/5 and 0/7. a.
Page 350 Managed Switches A screen similar to the following displays. b. Under MVR Interface Configuration, scroll down and select the Interface 0/9 check box. c. Enter the following information: • In the Admin Mode list, select Enable. • In the Type list, select source. d.
Page 351: Chapter 18 Security Management
Security Management Po r t s e c u ri t y feat ures This chapter includes the following sections: • Port Security Concepts • Set the Dynamic and Static Limit on Port 1/0/1 • Convert the Dynamic Address Learned from 1/0/1 to a Static Address •...
Page 352: Port Security Concepts
Managed Switches Port Security Concepts Port security helps to secure the network by preventing unknown devices from forwarding packets. When a link goes down, all dynamically locked addresses are freed. The port security feature offers the following benefits: • You can limit the number of MAC addresses on a given port. Packets that have a matching MAC address (secure packets) are forwarded;...
Page 353: Set The Dynamic And Static Limit On Port 1/0/1
Enable port-security globally (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security Enable port-security on port 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security max-dynamic 10 Set the dynamic limit to 10 (Netgear Switch) (Interface 1/0/1)#port-security max-static 3 Set the static limit to 3...
Page 354: Convert The Dynamic Address Learned From 1/0/1 To A Static Address
The example is shown as CLI commands and as a web interface procedure. CLI: Convert the Dynamic Address Learned from 1/0/1 to the Static Address (Netgear Switch)(Interface 1/0/1)#port-security mac-address move Convert the dynamic address learned from 1/0/1 to the static address (Netgear Switch)(Interface 1/0/1)#exit...
Page 355: Web Interface: Convert The Dynamic Address Learned From 1/0/1 To The Static Address
Select the Convert Dynamic Address to Static check box. Click Apply to save the settings. Create a Static Address The example is shown as CLI commands and as a web interface procedure. CLI: Create a Static Address (Netgear Switch) (Interface 1/0/1)#port-security mac-address 00:13:00:01:02:03 Security Management...
Page 356: Web Interface: Create A Static Address
Managed Switches Web Interface: Create a Static Address Select Security > Traffic Control > Port Security > Static MAC address. A screen similar to the following displays. Under Port List, in the Interface list, select 1/0/1. In the Static MAC Address section of the screen, enter the following information: •...
Page 357: Cli: Configure A Protected Port To Isolate Ports On The Switch
(Netgear Switch) #exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/23 (Netgear Switch) (Interface 1/0/23)#vlan pvid 192 (Netgear Switch) (Interface 1/0/23)#vlan participation include 192 (Netgear Switch) (Interface 1/0/23)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan pvid 192 (Netgear Switch) (Interface 1/0/24)#vlan participation include 192...
Page 358 (Netgear Switch) (Vlan)#exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/48 (Netgear Switch) (Interface 1/0/48)#vlan pvid 202 (Netgear Switch) (Interface 1/0/48)#vlan participation include 202 (Netgear Switch) (Interface 1/0/48)#exit (Netgear Switch) (Config)#interface vlan 202 (Netgear Switch) (Interface-vlan 202)#routing (Netgear Switch) (Interface-vlan 202)ip address 10.100.5.34 255.255.255.0 (Netgear Switch) (Interface-vlan 202)#exit Create a DHCP pool to allocated IP addresses to PCs.
Page 359: Web Interface: Configure A Protected Port To Isolate Ports
Managed Switches Web Interface: Configure a Protected Port to Isolate Ports on the Switch Create a DHCP pool: Note: This example assumes that the DHCP service is enabled. For information about how to enable the DHCP service, see the web interface procedure in Configure a DHCP Server in Dynamic Mode page 509.
Page 360 Managed Switches Configure a VLAN and include ports 1/0/23 and 1/0/24 in the VLAN: a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 192. •...
Page 361 Managed Switches d. Click the gray box under port 48 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save the VLAN that includes port 48. Enable IP routing: a.
Page 362: 802.1X Port Security
Managed Switches A screen similar to the following displays. b. Under Protected Ports Configuration, click Unit 1. The ports display. • Click the gray box under port 23. A check mark displays in the box. • Click the gray box under port 24. A check mark displays in the box. c.
Page 363: Cli: Authenticating Dot1X Users By A Radius Server
(Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Config)#dot1x system-auth-control (Netgear Switch) (Config)#interface 1/0/19 (Netgear Switch) (Interface 1/0/19)#routing (Netgear Switch) (Interface 1/0/19)#ip address 10.100.5.33 255.255.255.0 (Netgear Switch) (Interface 1/0/19)#dot1x port-control force-authorized Use RADIUS to authenticate the dot1x users.
Page 364: Web Interface: Authenticating Dot1X Users By A Radius Server
Managed Switches Configure an accounting server. (Netgear Switch) (Config)#radius accounting mode (Netgear Switch) (Config)#radius server host acct 10.100.5.17 Configure the shared secret between the accounting server and the client. (Netgear Switch) (Config)#radius server key acct 10.100.5.17 Enter secret (16 characters max):123456...
Page 365 Managed Switches c. Enter the following information: • In the IP Address field, enter 192.168.1.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Assign IP address 10.100.5.33/24 to interface 1/0/19: a.
Page 366 Managed Switches a. Select Security > Port Authentication > Advanced > Port Authentication. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/19 check box. Now 1/0/19 appears in the Interface field at the top. c.
Page 367 Managed Switches c. In the Secret Configured field, select Yes. d. In the Secret field, enter 123456. e. In the Primary Server field, select Yes. f. In the Message Authenticator field, select Enable. g. Click Add. Enable accounting. a. Select Security > Management Security > RADIUS > Radius Configuration. A screen similar to the following displays.
Page 368: Create A Guest Vlan
Managed Switches Create a Guest VLAN The guest VLAN feature allows a switch to provide a distinguished service to dot1x unaware clients (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach an external network with no ability to surf the internal LAN Guest 1 RADIUS server...
Page 369: Cli: Create A Guest Vlan
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/24)#exit Create VLAN 2000, and have 1/0/1 and 1/0/24 as members of VLAN 2000.
Page 370: Web Interface: Create A Guest Vlan
Managed Switches Enable the guest VLAN on ports 1/0/1 and 1/0/24. (Netgear Switch) #show dot1x detail 1/0/1 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........auto Authenticator PAE State......Authenticated Backend Authentication State....Idle Quiet Period (secs)......60 Transmit Period (secs)......30 Guest VLAN ID........
Page 371 Managed Switches b. In the VLAN ID field, enter 2000. c. In the VLAN Type field, select Static. d. Click Add. Add ports to VLAN 2000. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b.
Page 372 Managed Switches A screen similar to the following displays. b. For Administrative Mode, select the Enable radio button. c. Click Apply to save settings. Configure the dot1x authentication list. a. Select Security > Management Security > Authentication List > Dot1x Authentication List.
Page 373: Assign Vlans Using Radius
Managed Switches d. In the Secret field, enter 12345. e. Click Add. Configure the guest VLAN. a. Select Security > Port Authentication > Advanced > Port Authentication. A screen similar to the following displays. b. Scroll down and select the port 1/0/1 and 1/0/24 check boxes. c.
Page 374: Cli: Assign Vlans Using Radius
Enable dot1x authentication on the switch (Netgear Switch) (Config)#dot1x system-auth-control Use the RADIUS as the authenticator. (Netgear Switch) (Config)#aaa authentication dot1x default radius Enable the switch to accept VLAN assignment by the RADIUS server. (Netgear Switch) (Config)#authorization network radius Security Management...
Page 375 Managed Switches Set the RADIUS server IP address. (Netgear Switch) (Config)#radius server host auth 192.168.0.1 Set the NAS-IP address for the RADIUS server. (Netgear Switch) (Config)#radius server key auth 192.168.0.1 Enter secret (16 characters max):12345 Re-enter secret:12345 Set the radius server key.
Page 376: Web Interface: Assign Vlans Using Radius
Managed Switches Web Interface: Assign VLANS Using RADIUS Assign the IP address for the web management interface. a. Select System > Management > Network Interface > IPv4 Network Configuration. A screen similar to the following displays. b. For Current Network Configuration Protocol, select the None radio button. c.
Page 377 Managed Switches A screen similar to the following displays. b. Under Port Authentication, scroll down and select the 1/0/6 and 1/0/12 check boxes. c. In the Control Mode list, select Force Authorized. d. Click Apply to save settings. Enable dot1x on the switch. Make sure that 1/0/12 and 1/0/6 are configured as force authorized before you do this step;...
Page 378 Managed Switches A screen similar to the following displays. b. Select the defaultList check box. c. In the 1 list, select RADIUS. d. Click Add. Configure the RADIUS authentication server. a. Select Security > Management Security > Radius > Server Configuration. A screen similar to the following displays.
Page 379: Dynamic Arp Inspection
Managed Switches Dynamic ARP Inspection Dynamic ARP inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors.
Page 380: Cli: Configure Dynamic Arp Inspection
Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 381: Web Interface: Configure Dynamic Arp Inspection
Managed Switches Web Interface: Configure Dynamic ARP Inspection Enable DHCP snooping globally. a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b. For DHCP Snooping Mode, select the Enable radio button. c. Click Apply. Enable DHCP snooping in a VLAN.
Page 382 Managed Switches Configure the port through which the DHCP server is reached as trusted. Here interface 1/0/1 is trusted. a. Select Security > Control > DHCP Snooping Interface Configuration. A screen similar to the following displays. b. Select the check box for Interface 1/0/1. c.
Page 383 Managed Switches A screen similar to the following displays. b. In the VLAN ID field, enter 1. c. In the Dynamic ARP Inspection field, select Enable. A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. Now all the ARP packets received on the ports that are member of the VLAN are copied to the CPU for ARP inspection.
Page 384: Static Mapping
(Netgear Switch) (Config)# arp access-list ArpFilter Configure the rule to allow the static client. (Netgear Switch) (Config-arp-access-list)# permit ip host 192.168.10.2 mac host 00:11:85:ee:54:e9 Configure ARP ACL used for VLAN 1. (Netgear Switch) (Config)# ip arp inspection filter ArpFilter vlan 1 Security Management...
Page 385: Web Interface: Configure Static Mapping
Managed Switches Now the ARP packets from the static client go through because the client has an entry in the ARP table. ACL ARP packets from the DHCP client go also through because the client has a DHCP snooping entry. This command can include the optional static keyword.
Page 386: Dhcp Snooping
Managed Switches Configure the ARP ACL used for VLAN 1. a. Select Security > Control > Dynamic ARP Inspection > DAI VLAN Configuration. b. In the ARP ACL Name field, enter ArpFilter. c. Click Apply. A screen similar to the following displays. DHCP Snooping DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server to filter harmful DHCP message and to build a bindings database of (MAC...
Page 387: Cli: Configure Dhcp Snooping
Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 388 Managed Switches A screen similar to the following displays. Enable DHCP snooping in a VLAN. a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b. In the VLAN ID list, select 1. c.
Page 389 Managed Switches A screen similar to the following displays. b. Select the Interface 1/0/1check box. c. For Interface 1/01/, in the Trust Mode field, select Enable. d. Click Apply. A screen similar to the following displays. Select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays.
Page 390: Find A Rogue Dhcp Server
Find a Rogue DHCP Server If you enable DHCP snooping, you can find a rogue DHCP server in the network. CLI: Find a Rogue DHCP server Check the statistics on the untrusted ports. (NETGEAR) #show ip dhcp snooping statistics Interface MAC Verify Client Ifc...
Page 391: Web Interface: Find A Rogue Dhcp Server
Control the logging DHCP messages filtration by the DHCP Snooping application for port 1/0/27. (Netgear Switch) (Interface 1/0/27)#ip dhcp snooping log-invalid Display the buffered logging output and search for “DHCP packet; op Reply” so you can determine the IP address and MAC address of the rogue DHCP server.
Page 392 Managed Switches Enable the logging of invalid packets for port 1/0/27. a. Select Security > Control > DHCP Snooping > Interface Configuration. A screen similar to the following displays. b. Select the 1/0/27 check box. c. In the Invalid Packets field, select Enable. d.
Page 393: Enter Static Binding Into The Binding Database
CLI: Enter Static Binding into the Binding Database Enter the DHCP snooping static binding. (Netgear Switch) (Config)# ip dhcp snooping binding 00:11:11:11:11:11 vlan 1 192.168.10 .1 interface 1/0/2 Check to make sure that the binding database has the static entry.
Page 394: Maximum Rate Of Dhcp Messages
“no shutdown” on this interface to further work with that port. CLI: Configure the Maximum Rate of DHCP Messages Control the maximum rate of DHCP messages. (Netgear Switch) (Interface 1/0/2)# ip dhcp snooping limit rate 5 View the rate configured. (GSM7328S) #show ip dhcp snooping interfaces 1/0/2...
Page 395: Ip Source Guard
Managed Switches A screen similar to the following displays. IP Source Guard IP Source Guard uses the DHCP snooping bindings database. When IP Source Guard is enabled, the switch drops incoming packets that do not match a binding in the bindings database.
Page 396: Cli: Configure Dynamic Arp Inspection
Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust View the DHCP Snooping Binding table.
Page 397: Web Interface: Configure Dynamic Arp Inspection
Managed Switches Web Interface: Configure Dynamic ARP Inspection Enable DHCP snooping globally. a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b. For DHCP Snooping Mode, select the Enable radio button. c. Click Apply. Enable DHCP snooping in a VLAN.
Page 398 Managed Switches A screen similar to the following displays. Configure the port through which the DHCP server is reached as trusted. Here interface 1/0/1 is trusted. a. Select Security > Control > DHCP Snooping Interface Configuration. A screen similar to the following displays. b.
Page 399 Managed Switches A screen similar to the following displays. Enable IP source guard in the interface 1/0/2. a. Select Security > Control > IP Source Guard > Interface Configuration. b. Select the Interface 1/0/2 check box. c. For the IPSG mode, select Enable. d.
Page 400: Authorization
Any change in a user command authorization access list takes effect after a user has logged on and logged in again. The vendor-specific attribute netgear-cmdAuth is defined as follows: VENDOR netgear...
Page 401: Cli: Configure Command Authorization By A Tacacs+ Server
Managed Switches CLI: Configure Command Authorization by a TACACS+ Server (Netgear Switch)(Config)#aaa authorization commands commandlist tacacs (Netgear Switch)(Config)#tacacs-server host 10.100.5.13 (Netgear Switch)(Config)#exit (Netgear Switch)(Config)#tacacs-server key 12345678 (Netgear Switch)(Config)#line telnet (Netgear Switch)(Config-telnet)#authorization commands default (Netgear Switch)#show authorization methods show authorization methods : Command Is Not Authorized...
Page 402: Cli: Configure Exec Command Authorization By A Tacacs+ Server
RADIUS response packet as administrator, the Cisco VSA “shell:priv-lvl” is ignored. CLI: Configure Exec Command Authorization by a TACACS+ Server (Netgear Switch)(Config)#aaa authorization exec execList tacacs (Netgear Switch)(Config)#tacacs-server host 10.100.5.13 (Netgear Switch)(Config)#tacacs-server host 10.100.5.13 (Netgear Switch)(Config)#tacacs-server key 12345678...
Page 403: Cli: Configure Telnet Command Accounting By A Tacacs+ Server
TACACS+ accounting supports both user EXEC command authorization and privileged EXEC command authorization. (Netgear Switch)(Config)#tacacs-server host 10.100.5.13 (Netgear Switch)(Tacacs)#key 12345678 (Netgear Switch)(Tacacs)#exit (Netgear Switch)(Config)# (Netgear Switch)(Config)#aaa accounting commands default stop-only tacacs (Netgear Switch)(Config)#line telnet (Netgear Switch)(Config-telnet)#accounting commands default (Netgear Switch)(Config-telnet)#exit (Netgear Switch)#show accounting methods AcctType...
Page 404: Configure Telnet Exec Accounting By Radius Server
(Netgear Switch)(Config)#radius server key acct 10.100.5.13 Enter secret (64 characters max):12345678 Re-enter secret:12345678 (Netgear Switch)(Config)#radius accounting mode (Netgear Switch)(Config)#aaa accounting exec default stop-only radius (Netgear Switch)#show radius Number of Configured Authentication Servers..0 Number of Configured Accounting Servers..1 Number of Named Authentication Server Groups... 0 Number of Named Accounting Server Groups..
Page 405: Use The Authentication Manager To Set Up An Authentication Method List
Managed Switches Use the Authentication Manager to Set Up an Authentication Method List Note: The authentication manager is available on the M6100 series switches only. The authentication manager lets you configure an authentication method list, which you can apply on a per-port basis. If authentication is disabled, no authentication method is applied and the port provides open access.
Page 406: Configure A Dot1X-Mab Authentication Method List With
Managed Switches Configure a Dot1x–MAB Authentication Method List with Dot1x–MAB Priority Note: This section describes how to configure the authentication order and priority. For information about configuring the dot1x authentication method, which is also referred to as 802.1x port security, see 802.1x Port Security on page 362.
Page 407: Configure A Dot1X-Mab Authentication Method List With
Managed Switches The CLI command to enable authentication is as follows. (Netgear Switch)#configure (Netgear Switch)(Config)#authentication enable Configure a Dot1x–MAB Authentication Method List with MAB–Dot1x Priority Note: This section describes how to configure the authentication order and priority. For information about configuring the MAB authentication...
Page 408 At the expiration of the timer, the authentication manager restarts the authentication process for the first method in the list. The CLI command to enable authentication is as follows. (Netgear Switch)#configure (Netgear Switch)(Config)#authentication enable Security Management...
Page 409: Chapter 19 Mab
MAC Authentication Bypass This chapter includes the following sections: • MAC Authentication Bypass Concepts • Configure MAC Authentication Bypass on a Switch • Configure a Network Policy Server on a Microsoft Windows Server 2008 R2 or Later Server • Configure an Active Directory on a Microsoft Windows Server 2008 R2 or Later Server •...
Page 410: Mac Authentication Bypass Concepts
Managed Switches MAC Authentication Bypass Concepts MAC Authentication Bypass (MAB) provides 802.1X-unaware clients controlled access to the network by using the MAC address of the client device as the identifier. MAB has the following requirements: • You must preconfigure the known and allowable MAC addresses and corresponding access rights in the authentication server.
Page 411 Managed Switches 1. Traffic from an unknown client The switch learns the MAC address 2. EAPoL Request Identity message (30 seconds) 3. EAPoL Request Identity message (30 seconds) 4. EAPoL Request Identity message (30 seconds) 5. EAPoL time-out and MAB initiation (30 seconds) 6.
Page 412: Configure Mac Authentication Bypass On A Switch
(Netgear Switch) (Config)#dot1x system-auth-control Configure RADIUS to authenticate 802.1X users. (Netgear Switch) (Config)#aaa authentication dot1x default radius Configure the switch to communicate with the Microsoft network policy server. In this example, the Microsoft network policy server IP address is 10.1.10.46. The shared key on the switch and the RADIUS server must match.
Page 413 To reduce the MAB authentication time, decrease the time of guest VLAN period. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/10 (Netgear Switch) (Interface 1/0/10)#dot1x timeout guest-vlan-period 1 Web Interface: Configure the Switch to Perform MAB with a Microsoft Network Policy Server Enable 802.1X authentication on the switch:...
Page 414 Managed Switches Configure the switch to communicate with the Microsoft network policy server. In this example, the IP address of the Microsoft network policy server is 10.1.10.46. The shared key between the switch and the server must match. a. Select Security > Management Security > RADIUS > Server Configuration. A screen similar to the following displays.
Page 415 Managed Switches The table heading displays the information for port 0/1. c. Configure the following settings: • From the Control Mode menu, select Force Authorized. • From the MAB menu, select Disable. Leave all other settings on the screen at their default value. d.
Page 416: Configure A Network Policy Server On A Microsoft Windows Server 2008 R2 Or Later Server
Managed Switches Configure a Network Policy Server on a Microsoft Windows Server 2008 R2 or Later Server Enable EAP-MD5 support. WARNING: Serious problems can occur if you modify the registry incorrectly by using the Registry Editor or by using another method. These problems might require that you reinstall your Microsoft operating system.
Page 417 Managed Switches b. Configure the following settings: • In the Friendly name field, enter the switch name (in this example, enter M4100-D12G). • In the Address (IP or DNS) field, enter the IP address of the switch that connects to the network policy server (in this example, enter 10.1.10.50. •...
Page 418 Managed Switches c. Select the Policy enabled check box. d. From the Type of network access server menu, select Unspecified. Leave the Vendor specific radio button cleared. e. Click the Apply button. f. Click the Conditions tab. The screen adjusts.
Page 419 Managed Switches g. Configure the NAS Port Type field as Ethernet. h. Click the Apply button. Click the Settings tab. The screen adjusts.
Page 420 Managed Switches Select the Override Network policy authentication settings check box. k. Under the EAP Types field, click the Add button. From the menu, select MD5-Challenge. m. Click the OK button. MD5-Challenge is added to the EAP Types field. n. From the EAP Types field, select MD5-Challenge. o.
Page 421 Managed Switches c. Select the Policy enabled check box. d. Select the Grant access radio button. e. From the Type of network access server menu, select Unspecified. Leave the Vendor specific radio button cleared. f. Click the Apply button. g. Click the Conditions tab. The screen adjusts.
Page 422 Managed Switches h. Configure the NAS Port Type field as Ethernet. Click the Apply button. Click the Constraints tab. The screen adjusts.
Page 423 Managed Switches k. Under the EAP Types field, click the Add button. From the menu, select MD5-Challenge. m. Click the OK button. MD5-Challenge is added to the EAP Types field. n. From the EAP Types field, select MD5-Challenge. o. Click the Apply button. p.
Page 424: Configure An Active Directory On A Microsoft Windows
Managed Switches q. Select all four encryption check boxes, including the No encryption check box. r. Click the Apply button. Configure an Active Directory on a Microsoft Windows Server 2008 R2 or Later Server Create a user account with the following settings: •...
Page 425: Reduce The Mab Authentication Time
Managed Switches Select the Password never expires check box. Select the Store password using reversible encryption check box. Click the Apply button. Create a Password Settings Object (PSO) as described at the following Microsoft website: http://technet.microsoft.com/en-us/library/cc754461(v=ws.10).aspx. Use the default setting for all the attributes except for the following setting: msDS-PasswordComplexityEnabled = FALSE.
Page 426: Cli: Reduce The Authentication Time For Mab
Change the guest VLAN period timer to 10 seconds using the CLI: (Netgear Switch) #config (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#dot1x timeout guest-vlan-period 10 Web Interface: Reduce the Authentication Time for MAB Change the guest VLAN period timer to 10 seconds using the web interface: Select Security >...
Page 427: Chapter 20 Sntp
SNTP S i mp l e N e t wor k Ti m e Pro to col This chapter includes the following sections: • Simple Network Time Protocol Concepts • Show SNTP (CLI Only) • Configure SNTP • Set the Time Zone (CLI Only) •...
Page 428: Simple Network Time Protocol Concepts
(Netgear Switch) #show sntp? <cr> Press Enter to execute the command. client Display SNTP Client Information. server Display SNTP Server Information. show sntp client (Netgear Switch) #show sntp client Client Supported Modes: unicast broadcast SNTP Version: Port: Client Mode: unicast Unicast Poll Interval:...
Page 429: Show Sntp Server
The example is shown as CLI commands and as a web interface procedure. CLI: Configure SNTP NETGEAR switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
Page 430 The client mode can be either broadcast mode or unicast mode. If the NTP server is not your own, you must use unicast mode. (Netgear Switch) (Config)#sntp client mode unicast When the SNTP client mode is enabled, the client waits for the polling interval to send the query to the server.
Page 431: Web Interface: Configure Sntp
Managed Switches Web Interface: Configure SNTP Configure the SNTP server. a. Select System > Management >Time > SNTP Server Configuration. A screen similar to the following displays. b. Enter the following information: • In the Server Type field, select IPV4. •...
Page 432: Set The Time Zone (Cli Only)
The example is shown as CLI commands and as a web interface procedure. CLI: Set the Named SNTP Server NETGEAR provides SNTP servers accessible by NETGEAR devices. Because NETGEAR might change IP addresses assigned to its time servers, it is best to access an SNTP server by DNS name instead of using a hard-coded IP address.
Page 433: Web Interface: Set The Named Sntp Server
A screen similar to the following displays. b. Enter the following information: • In the Server Type list, select DNS. • In the Address field, enter time-f.netgear.com • In the Port field, enter 123. • In the Priority field, enter 1.
Page 434 Managed Switches b. Enter the following information: • For DNS Status, select the Enable radio button • In the DNS Server field, enter 192.168.1.1. c. Click Add. SNTP...
Page 435: Chapter 21 Tools
Tools To o l s to ma na ge , moni to r, a nd p e rso n a li ze t h e s w itch a nd ne two r k This chapter includes the following sections: •...
Page 436: Traceroute
Managed Switches Traceroute This section describes the traceroute feature. Use traceroute to discover routes that packets take when traveling on a hop-by-hop basis to their destination through the network. • Traceroute maps network routes by sending packets with small time-to-live (TTL) values and watches the ICMP time-out announcements.
Page 437: Cli: Traceroute
Managed Switches CLI: Traceroute (Netgear Switch) #traceroute? <ipaddr> Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? <cr> Press Enter to execute the command. <port> Enter port no. (Netgear Switch) #traceroute 216.109.118.74 tracing route over a maximum of 20 hops 10.254.24.1...
Page 438: Web Interface: Traceroute
Managed Switches Web Interface: Traceroute Select Maintenance > Troubleshooting > Traceroute. A screen similar to the following displays. Use this screen to tell the switch to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. Once you click the Apply button, the switch will send three traceroute packets each hop, and the results will be displayed in the result table.
Page 439: Script Command
(Netgear Switch) #script list Configuration Script Name Size(Bytes) ------------------------- ----------- basic.scr running-config.scr 3201 2 configuration script(s) found. 1020706 bytes free. (Netgear Switch) #script delete basic.scr Are you sure you want to delete the configuration script(s)? (y/n) y 1 configuration script(s) deleted. Tools...
Page 440: Script Apply Running-Config.scr Command
Configuration Script Name Size(Bytes) ------------------------- ---------- running-config.scr 3201 1 configuration script(s) found. 1020799 bytes free. Upload a Configuration Script (Netgear Switch) #copy nvram: script running-config.scr tftp://192.168.77.52/running-config.scr Mode......TFTP Set TFTP Server IP... 192.168.77.52 TFTP Path....TFTP Filename....running-config.scr Data Type....
Page 441: Pre-Login Banner
On your computer, use Notepad to create a banner.txt file that contains the banner to be displayed. Login Banner - Unauthorized access is punishable by law. Transfer the file from the PC to the switch using TFTP. (Netgear Switch) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode........... TFTP Set TFTP Server IP......192.168.77.52 TFTP Path......../ TFTP Filename........
Page 442: Port Mirroring
CLI: Specify the Source (Mirrored) Ports and Destination (Probe) (Netgear Switch)#config (Netgear Switch)(Config)#monitor session 1 mode Enable mirror (Netgear Switch)(Config)#monitor session 1 source interface 1/0/2 Specify the source interface. (Netgear Switch)(Config)#monitor session 1 destination interface 1/0/3 Specify the destination interface. (Netgear Switch)(Config)#exit...
Page 443: Web Interface: Specify The Source (Mirrored) Ports And Destination (Probe)
Managed Switches Web Interface: Specify the Source (Mirrored) Ports and Destination (Probe) Select Monitoring > Mirroring > Port Mirroring. A screen similar to the following displays. Scroll down and select the Source Port 1/0/2 check box. The value 1/0/2 now appears in the Interface field at the top.
Page 444: Cli: Enable Rspan On A Switch
(Netgear Switch) (Config)(Vlan 5)#remote-span (Netgear Switch) (Config)(Vlan 5)#exit (Netgear Switch) (Config)#monitor session 1 mode (Netgear Switch) (Config)#monitor session 1 source interface 1/0/1 (Netgear Switch) (Config)#monitor session 1 destination remote vlan 5 reflector-port 1/0/2 (Netgear Switch) (Config)#exit (Netgear Switch) #show monitor session 1...
Page 445 (Netgear Switch) (Interface 1/0/3)#vlan tagging 5 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#monitor session 1 mode (Netgear Switch) (Config)#monitor session 1 source remote vlan 5 (Netgear Switch) (Config)#monitor session 1 destination interface 1/0/4 (Netgear Switch) #show monitor session 1 Session Admin Probe Mirrored Ref.
Page 446: Dual Image
Managed Switches Dual Image Traditionally switches contain a single image in the permanent storage. This image is loaded into memory every time there is a reboot. The dual image feature allows switches to have two images in permanent storage. You can denote one of these images as an active image that will be loaded in subsequent reboots and the other image as a backup image.
Page 447: Cli: Download A Backup Image And Make It Active
Managed Switches CLI: Download a Backup Image and Make It Active (Netgear Switch) #copy tftp://192.168.0.1/gsm73xxseps.stk image2 Mode........... TFTP Set Server IP........192.168.0.1 Path........../ Filename........gsm73xxseps.stk Data Type........Code Destination Filename......image2 Management access will be blocked for the duration of the transfer Are you sure you...
Page 448: Web Interface: Download A Backup Image And Make It Active
-------------------------------------------------------------------- 5.11.2.51 8.0.0.2 image1 image1 (Netgear Switch) #boot system image2 Activating image image2 .. (Netgear Switch) #show bootvar Image Descriptions image1 : default image image2 : Images currently available on Flash -------------------------------------------------------------------- unit image1 image2...
Page 449: Outbound Telnet
Managed Switches A screen similar to the following displays. b. Under Dual Image Configuration, scroll down and select the Image 2 check box. The image2 now appears in the Image name field at the top. c. In the Active Image field, select TRUE. d.
Page 450: Cli: Show Network
Managed Switches CLI: show network (Netgear Switch) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch) User:admin Password: (Netgear Switch) >en Password: (Netgear Switch) #show network IP Address....... 192.168.77.151 Subnet Mask......255.255.255.0 Default Gateway......192.168.77.127 Burned In MAC Address....00:10:18.82.04:E9 Locally Administered MAC Address..00:00:00:00:00:00 MAC Address Type......
Page 451: Cli: Transport Output Telnet
Displays the protocols to use for outgoing connections from a line. (Netgear Switch) (Line)#transport output ? telnet Allow or disallow new telnet sessions. (Netgear Switch) (Line)#transport output telnet ? <cr> Press Enter to execute the command. (Netgear Switch) (Line)#transport output telnet (Netgear Switch) (Line)# Web Interface: Configure Telnet Select Security >...
Page 452: Cli: Configure The Session Limit And Session Time-Out
Managed Switches Under Outbound Telnet, for Admin Mode, select the Enable radio button. Click Apply. CLI: Configure the Session Limit and Session Time-out (Netgear Switch) (Line)#session-limit ? <0-5> Configure the maximum number of outbound telnet sessions allowed. (Netgear Switch) (Line)#session-limit 5 (Netgear Switch) (Line)#session-timeout ? <1-160>...
Page 453: Full Memory Dump
For USB mode, you need a USB sticker plugged into the USB slot on the front panel. (Netgear Switch) (Config) #exception protocol tftp Configure the IP address for the NFS or TFTP server. (Netgear Switch) (Config) #exception dump tftp-server 172.26.2.100 Change the name of the dump file. The file name is formed as follows: •...
Page 454: Chapter 22 Syslog
Syslog Sy ste m l oggin g This chapter includes the following sections: • Syslog Concepts • Show Logging • Show Logging Buffered • Show Logging Traplogs • Show Logging Hosts • Configure Logging for a Port • Email Alerting...
Page 455: Syslog Concepts
Sequence number Figure 45. Log Files Show Logging The example is shown as CLI commands and as a web interface procedure. CLI: Show Logging (Netgear Switch) #show logging Logging Client Local Port CLI Command Logging disabled Console Logging disabled Console Logging Severity Filter :...
Page 456: Web Interface: Show Logging
Managed Switches Web Interface: Show Logging Configure the syslog. a. From the main menu, select Monitoring > Logs > Sys Log Configuration. A screen similar to the following displays. b. In the Syslog Configuration, next to the Admin Status, select the Enable radio button.
Page 457 Managed Switches b. Under Console Log Configuration, for Admin Status, select the Disable radio button. c. Click Apply. Configure the buffer logs. a. Select Monitoring > Logs > Buffer Logs. A screen similar to the following displays. b. Under Buffer Logs, for Admin Status, select the Enable radio button. c.
Page 458: Show Logging Buffered
Managed Switches Show Logging Buffered The example is shown as CLI commands and as a web interface procedure. CLI: Show Logging Buffered (Netgear Switch) #show logging buffered ? <cr> Press Enter to execute the command. (Netgear Switch) #show logging buffered...
Page 459: Web Interface: Show Logging Buffered
Select Monitoring > Logs > Buffer Logs. A screen similar to the following displays. Show Logging Traplogs The example is shown as CLI commands and as a web interface procedure. CLI: Show Logging Traplogs (Netgear Switch) #show logging traplogs <cr> Press Enter to execute the command.
Page 460: Web Interface: Show Logging Trap Logs
Select Monitoring > Logs > Trap Logs. A screen similar to the following displays. Show Logging Hosts The example is shown as CLI commands and as a web interface procedure. CLI: Show Logging Hosts (Netgear Switch) #show logging hosts ? <cr> Press Enter to execute the command. (Netgear Switch) #show logging hosts...
Page 461: Web Interface: Show Logging Hosts
Syslog Configuration. (Netgear Switch) (Config)#logging host ? <hostaddress> Enter Logging Host IP Address reconfigure Logging Host Reconfiguration remove Logging Host Removal (Netgear Switch) (Config)#logging host 192.168.21.253 ? <cr> Press Enter to execute the command. <port> Enter Port Id Syslog...
Page 462: Web Interface: Configure Logging For The Port
Press Enter to execute the command. <severitylevel> Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). (Netgear Switch) (Config)#logging host 192.168.21.253 4 1 ? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#logging host 192.168.21.253 4 1...
Page 463: Email Alerting
Managed Switches Email Alerting Email alerting is an extension of the logging system. The logging system allows you to configure a set of destinations for log messages. This feature adds the email configuration, through which the log messages are sent to a configured SMTP server such that an administrator can receive the log in an email account of their choice.
Page 464: Cli: Send Log Messages To Admin@Switch.com Using Account Aaaa@Netgear.com
Managed Switches CLI: Send Log Messages to admin@switch.com Using Account aaaa@netgear.com Configure an SMTP server, for example, smtp.netgear.com. Before you configure the SMTP server, you need to have an account on SMTP server. (Netgear Switch) (Config)#mail-server "smtp.netgear.com" port 465 (Netgear Switch) (Mail-Server)#security tlsv1...
Page 465: Chapter 23 Chassis Switch Management
Chassis Switch Management Co n f i g u re s y s te m a n d i n te r fa ce fea t u re s This chapter includes the following sections: • Chassis Switch Management and Connectivity •...
Page 466: Chassis Switch Management And Connectivity
Managed Switches Chassis Switch Management and Connectivity You can manage the chassis switch through the supervisor. To access the supervisor, use either a serial connection to the chassis supervisor’s console port or a Telnet connection to the IP address of service port (out-of-baud) or normal ports on the front panel. You can use any of the following methods to manage the chassis: •...
Page 467: Chassis Members
Managed Switches • The supervisor is removed from the chassis. • The supervisor is reset or powered off. • The supervisor fails. If a supervisor reelection occurs, the new supervisor becomes available after a few seconds. In the meantime, the chassis uses the forwarding tables in memory to minimize network disruption.
Page 468: Configuration Mismatch
NETGEAR recommends that you schedule the firmware upgrade when no excessive network traffic (such as a broadcast event) is occurring.
Page 469: Add, Remove, Or Replace A Chassis Member
Managed Switches Add, Remove, or Replace a Chassis Member You can add, remove, or replace a chassis member. Add a Blade to an Operating Chassis Preconfigure the new member, if desired. Remove the blank front panel from the chassis slot. Slide the blade slightly into the open slot.
Page 470: Chassis Switch Configuration Files
Managed Switches Verify, by monitoring the supervisor console port, that the new member successfully joins the chassis by issuing the show chassis command. The new blade should join as a member (never as supervisor; the existing supervisor of the chassis should not change). If the code version of the newly added member is not the same as the existing chassis, update the code as described in Upgrade the Firmware...
Page 471: Move The Supervisor To A Different Blade
Make sure that you can log in on the console attached to the new supervisor. Use the show switch command to verify that all blades rejoined the chassis. NETGEAR recommends that you reset the chassis with the reload command after moving the supervisor.
Page 472: Web Interface: Move The Supervisor To A Different Blade
Managed Switches Web Interface: Move the Supervisor to a Different Blade Select System > Chassis > Basic > Chassis Configuration. A screen similar to the following displays. Under Chassis Configuration, scroll down and select the Unit ID 2 check box. Now 2 appears in the Unit ID field at the top.
Page 473: Chapter 24 Switch Stacks
M a n a g e s w i tc h s ta c k s This chapter describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches that are running release 11.0 or a newer release. This chapter includes the following sections: •...
Page 474: Switch Stack Management And Connectivity
Managed Switches Switch Stack Management and Connectivity You manage the switch stack through the stack master. You cannot manage stack members on an individual basis. To access the stack master, use either a serial connection to the switch master’s console port or a Telnet connection to the IP address of the stack. You can use these methods to manage switch stacks: •...
Page 475: Stack Master
The switch with the highest stack member priority value Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs.
Page 476: Stack Members
Install and Power-up a Stack Many switch models include a Hardware Installation Guide with information about rack mounting and stack cabling. Compatible Switch Models NETGEAR stackable managed switches include the following models: • M5300-28G • M5300-52G...
Page 477: Install A Switch Stack
Install the switches in a rack. Install all stacking cables, including the redundant stack link. NETGEAR highly recommends that you install a redundant link between the switches. Identify the switch to be the master and power it up. Monitor the console port.
Page 478: Switch Firmware And Firmware Mismatch
In that situation, the output of the show switch command shows a code (firmware) mismatch error. Note: NETGEAR recommends that you schedule the firmware upgrade when there is no excessive network traffic (such as a broadcast event). ...
Page 479: Migrate Configuration With A Firmware Upgrade
Managed Switches b. Attempt again to copy the firmware to the units that did not get updated by issuing the copy command in stack configuration mode. After the firmware is loaded to all members of the stack, reset all the switches The new firmware takes effect.
Page 480: Stack Switches Using Ethernet Ports And A Stack Cable
0/28 AX742 (stack) Stack Stack Link Down (Netgear Switch) #config (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 ethernet (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config)#exit (Netgear Switch) #reload Are you sure you want to reload the stack? (y/n) y Switch Stacks...
Page 481 Managed Switches After Switch A reboots, check the stack port configuration. (Netgear Switch) #show port 2/0/28 Admin Physical Physical Link Link LACP Actor Intf Type Mode Mode Status Status Trap Mode Timeout ------ ----- ------- -------- --------- ------ ------- -------...
Page 482: Web Interface: Configure The Stack Ports As Ethernet Ports
Managed Switches Web Interface: Configure the Stack Ports as Ethernet Ports On Switch A, configure a stack port as an Ethernet port. a. Select System > Stacking > Advanced > Stack Port Configuration. A screen similar to the following displays. b.
Page 483 Managed Switches b. Scroll down and select the 1/0/51 check box. c. In the Configured Stack Mode menu, select Ethernet. d. Click Apply to save the settings. Reboot the switch. a. Select Maintenance > Reset > Device Reboot. A screen similar to the following displays. b.
Page 484: Stack Switches Using 10G Fiber
CLI: Stack Switches Using 10G Fiber on page 484 • Web Interface: Stack Switches Using 10G Fiber on page 486 CLI: Stack Switches Using 10G Fiber On Switch A, display the stack port information. (Netgear Switch) #show stack-port Configured Running Link Stack Stack Link...
Page 485 Ethernet Ethernet Link Down Because port 2/0/28 functions in Ethernet mode, change it to stack mode. (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 stack (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config) Reboot Switch B. (Netgear Switch) #reload Management switch has unsaved changes.
Page 486: Web Interface: Stack Switches Using 10G Fiber
Managed Switches Web Interface: Stack Switches Using 10G Fiber On Switch A, display the stack port information. a. Select System > Stacking > Advanced > Stack Port Configuration. A screen similar to the following displays. Because port 1/0/52 is already configured as a stack port, no action is required. On Switch B, configure port 2/0/28 as a stack port.
Page 487: Add, Remove, Or Replace A Stack Member
Managed Switches b. In the Reboot Unit No. menu, select 2. c. Click Apply. The switch reboots. Add, Remove, or Replace a Stack Member You can manage an operating stack. Add Switches to an Operating Stack  To add new switches to an operating stack: Make sure that the redundant stack connection is functional.
Page 488: Remove A Switch From A Stack
Managed Switches Disconnect the redundant stack cable that connects the last switch in the stack to the first switch in the stack at the position in the ring where you intend to insert the new switch. Note: If you want to merge an operational stack into the this stack, add the switches as a group by unplugging one stacking cable in the operational stack and physically connecting all unpowered units at that point.
Page 489: Replace A Stack Member
Managed Switches If the switch stack divides but you do not intend to partition the switch stack, do the following: a. Power off the newly created switch stacks. b. Reconnect them to the original switch stack through their stack ports. c.
Page 490: Preconfigure A Switch
No other stack members become the stack master. Note: NETGEAR does not recommend this scenario. Stack master election specifically • Connect two switches through their The stack member with the determined by the stack member stack ports.
Page 491 Managed Switches  To preconfigure a switch: Issue the member unit-id switchindex command. To view the supported unit types, use the show supported switchtype command. Configure the unit that you defined in Step 1, just as if the unit were physically present. Ports for the preconfigured unit come up in a detached state.
Page 492: Renumber Stack Members
• If specific numbering is required, NETGEAR recommends that you assign stack members their numbers when they are first installed and configured in the stack. •...
Page 493: Web Interface: Renumber Stack Members
Managed Switches Web Interface: Renumber Stack Members Renumber the stacking member’s ID from 3 to 2. a. Select System > Management > Basic > Stack Configuration. A screen similar to the following displays. b. Scroll down and select the 3 check box. c.
Page 494: Move The Stack Master To A Different Unit
To mover the stack master to a different unit number, issue the following CLI command: (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#movemanagement 1 2 Web Interface: Move the Stack Master to a Different Unit Select System > Management > Basic > Stack Configuration.
Page 495: Chapter 25 Snmp
SNMP S i m p l e N et work Ma nag e me nt Pro to co l This chapter includes the following sections: • Add a New Community • Enable SNMP Trap • SNMP Version 3 • sFlow •...
Page 496: Add A New Community
The example is shown as CLI commands and as a web interface procedure. CLI: Add a New Community (Netgear switch) #config (Netgear switch) (Config)#snmp-server community rw public@4 Web Interface: Add a New Community Select System > SNMP > SNMP V1/V2 > Community Configuration.
Page 497: Enable Snmp Trap
CLI: Enable SNMP Trap This example shows how to send SNMP trap to the SNMP server. (Netgear switch) #config (Netgear switch) (Config)# snmptrap public 10.100.5.17 Enable send trap to SNMP server 10.100.5.17 (Netgear switch) (Config)#snmp-server traps linkmode Enable send link status to the SNMP server when link status changes.
Page 498: Snmp Version 3
Password Changed! change the password to “12345678” (Netgear Switch) (Config)#users snmpv3 authentication admin md5 Set the authentication mode to md5 (Netgear Switch) (Config)#users snmpv3 encryption admin des 12345678 Set the encryption mode to des and the key is “12345678” SNMP...
Page 499: Web Interface: Configure Snmpv3
Managed Switches Web Interface: Configure SNMPv3 Change the user password. If you set the authentication mode to MD5, you must make the length of password longer than 8 characters. a. Select Security > Management Security > User Configuration > User Management.
Page 500: Sflow
Managed Switches sFlow sFlow is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. The sFlow monitoring system consists of an sFlow agent (embedded in a switch or router or in a standalone probe) and a central sFlow collector.
Page 501: Cli: Configure Statistical Packet-Based Sampling Of Packet
Configure the sFlow receiver timeout. Here sFlow samples will be sent to this receiver for the duration of 31536000 seconds. That is approximately 1 year. (Netgear Switch) (Config)# sflow receiver 1 owner NetMonitor timeout 31536000 Here, the default maximum datagram size is 1400. It can be modified to a value between 200 and 9116 using the command sflow receiver 1 maxdatagram <size>.
Page 502: Web Interface: Configure Statistical Packet-Based Sampling
Managed Switches View the sampling port configurations. (GSM7328S) #show sflow samplers Sampler Receiver Packet Max Header Data Source Index Sampling Rate Size ----------- --------------- ----------------- ------------------ 1/0/1 1024 Web Interface: Configure Statistical Packet-based Sampling with sFlow Configure the sFlow receiver IP address. Select Monitoring >...
Page 503: Time-Based Sampling Of Counters With Sflow
Configure the sampling port sFlow receiver index, and polling interval. You need to repeat this for all the ports to be polled. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow poller 1 (Netgear Switch) (Interface 1/0/1)# sflow poller interval View the polling port configurations.
Page 504: Web Interface: Configure Time-Based Sampling Of Counters
Managed Switches Web Interface: Configure Time-Based Sampling of Counters with sFlow Configure the sampling ports sFlow receiver index, and polling interval: Select Monitoring > sFlow > Advanced > sFlow Interface Configuration. Select the Interface 1/0/1 check box. In the Poller Interval field, enter 300. A screen similar to the following displays.
Page 505: Chapter 26 Dns
D o m a i n N am e Sy stem This chapter includes the following sections: • Domain Name System Concepts • Specify Two DNS Servers • Manually Add a Host Name and an IP Address...
Page 506: Domain Name System Concepts
DNS servers) and to resolve an IP address using the DNS server. The example is shown as CLI commands and as a web interface procedure. CLI: Specify Two DNS Servers (Netgear Switch)#config (Netgear Switch) (Config)#ip name-server 12.7.210.170 219.141.140.10 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#exit (Netgear Switch)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.46...
Page 507: Manually Add A Host Name And An Ip Address
Select System > Management > DNS > Host Configuration. A screen similar to the following displays. Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www.netgear.com. • In the IP Address field, enter 206.82.202.46. Click Add.
Page 508: Chapter 27 Dhcp Server
DHCP Server D y n a m i c H ost Con fi g ura ti o n Pro to co l S e r ve r This chapter includes the following sections: • Dynamic Host Configuration Protocol Concepts • Configure a DHCP Server in Dynamic Mode •...
Page 509: Dynamic Host Configuration Protocol Concepts
(Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#vlan routing 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 200 (Netgear Switch) (Interface 1/0/1)#vlan pvid 200 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface vlan 200 (Netgear Switch) (Interface-vlan 200)#routing (Netgear Switch) (Interface-vlan 200)#ip address 192.168.100.1 255.255.255.0...
Page 510: Web Interface: Configure A Dhcp Server In Dynamic Mode
Managed Switches Web Interface: Configure a DHCP Server in Dynamic Mode Create VLAN 200. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Under VLAN Configuration, in the VLAN ID field, enter 200. c.
Page 511 Managed Switches A screen similar to the following displays. b. Under Port PVID Configuration, scroll down and select the 1/0/1 check box. c. In the PVID (1 to 4093) field, enter 200. d. Click Apply to save the settings. Create a new DHCP pool. a.
Page 512: Configure A Dhcp Server That Assigns A Fixed Ip Address
CLI commands and as a Web interface procedure. CLI: Configure a DHCP Server that Assigns a Fixed IP Address (Netgear Switch)#config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config)#ip dhcp pool pool_manual (Netgear Switch) (Config)#client-name dhcpclient (Netgear Switch) (Config)#hardware-address 00:01:02:03:04:05 (Netgear Switch) (Config)#host 192.168.200.1 255.255.255.0...
Page 513: Web Interface: Configure A Dhcp Server That Assigns A Fixed Ip Address
Managed Switches Web Interface: Configure a DHCP Server that Assigns a Fixed IP Address Select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. For Admin Mode, select the Enable radio button. Click Apply to enable the DHCP service.
Page 514 Managed Switches • In the Host Number field, enter 192.168.200.1. • In the Network Mask field, enter 255.255.255.0. As an alternate, you can enter 24 in the Network Prefix Length field. • In the Days field, enter 1. Click Add. The pool_manual name is now added to the Pool Name drop-down list. DHCP Server...
Page 515: Chapter 28 Dhcpv6 Server
DHCPv6 Server D y n a m i c H ost Con fi g ura ti o n Pro to co l ve rs ion 6 Se r ver This chapter includes the following sections: • Dynamic Host Configuration Protocol Version 6 Concepts •...
Page 516: Dynamic Host Configuration Protocol Version 6 Concepts
Managed Switches Dynamic Host Configuration Protocol Version 6 Concepts Dynamic Host Configuration Protocol version 6 (DHCPv6) for IPv6 is used to assign IPv6 addresses statefully and distribute other configuration information such as domain name or DNS server. DHCPv6 supports stateful address allocation, prefix delegation, and stateless services. This chapter describes how to configure the prefix delegation mode using a DHCPv6 pool.
Page 517: Cli: Configure Dhcpv6 Prefix Delegation
(NETGEAR SWITCH) (Config)#ipv6 unicast routing Create a DHCPv6 pool and enable DHCP service. (NETGEAR SWITCH) (Config)#service dhcpv6 (NETGEAR SWITCH) (Config)#ipv6 dhcp pool pool1 (NETGEAR SWITCH) (Config dhcp6 pool)#domain name netgear.com (NETGEAR SWITCH) (Config dhcp6s pool)#prefix delegation 2001:1::/64 00:01:00:01:15:40:14:4f:00:00:00:4d:aa:d0 (NETGEAR SWITCH) (Config dhcp6s pool)#exit...
Page 518: Web Interface: Configure Dhcpv6 Prefix Delegation
(NETGEAR SWITCH) (Config)#interface 1/0/9 (NETGEAR SWITCH) (Interface 1/0/9)#routing (NETGEAR SWITCH) (Interface 1/0/9)#ipv6 address 2001:1::1/64 (NETGEAR SWITCH) (Interface 1/0/9)#ipv6 enable (NETGEAR SWITCH) (Interface 1/0/9)#ipv6 dhcp server pool1 preference 20 (NETGEAR SWITCH) (Interface 1/0/9)#exit Show DHCPv6 binding. (NETGEAR SWITCH) #show ipv6 dhcp binding Client Address.........
Page 519 Managed Switches A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. Click Apply to save the settings. Enable IPv6 address on interface 1/0/9. a. Select Routing > IPv6 > Advanced > Interface Configuration. A screen similar to the following displays.
Page 520 Managed Switches A screen similar to the following displays. b. In the Interface list, select interface 1/0/9. c. In the Ipv6 Prefix field, enter 2001:1::1. d. In the Prefix Length field, select 64. e. Click Add. The IPv6 prefix for interface 1/0/9 is created. Enable the DHCPv6 server configuration.
Page 521 Managed Switches A screen similar to the following displays. b. In the Pool Name list, select Create. c. In the Pool Name field, enter pool1. d. Click Apply to save the settings. Configure the prefix in the pool1. a. Select System > Services > DHCPv6 Server > DHCPv6 Pool Configuration. A screen similar to the following displays.
Page 522: Configure A Stateless Dhcpv6 Server
CLI: Configure a Stateless DHCPv6 Server Enable IPv6 routing. (Netgear Switch) (Config)#ipv6 unicast-routing Create an IPv6 pool with a DNS server and enable the DHCPv6 service. (Netgear Switch) (Config)#ipv6 dhcp pool ipv6_server (Netgear Switch) (Config-dhcp6s-pool)#dns-server 2011:9:18::1 (Netgear Switch) (Config-dhcp6s-pool)#exit (Netgear Switch) (Config)#service dhcpv6...
Page 523: Web Interface: Configure A Stateless Dhcpv6 Server
(Netgear Switch) (Interface 2/0/21)#routing (Netgear Switch) (Interface 2/0/21)#ipv6 address 2003:1000::1/64 (Netgear Switch) (Interface 2/0/21)#ipv6 enable (Netgear Switch) (Interface 2/0/21)#ipv6 nd other-config-flag (Netgear Switch) (Interface 2/0/21)#ipv6 dhcp server ipv6_server (Netgear Switch) (Interface 2/0/21)#exit Web Interface: Configure a Stateless DHCPv6 Server Enable ipv6 routing.
Page 524 Managed Switches A screen similar to the following displays. b. Scroll down and select the 2/0/21 check box to the left of the Interface column. 2/0/21 displays in the Interface field of the table heading. c. In the IPv6 Mode field, select Enable. d.
Page 525 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply to save the settings. Create a DHCPv6 pool. a. Select System > Services > DHCP Server > DHCPv6 Pool Configuration. A screen similar to the following displays.
Page 526: Configure A Stateful Dhcpv6 Server
CLI: Configure a Stateful DHCPv6 Server Enable IPv6 routing. (Netgear Switch) (Config)#ipv6 unicast-routing Create an IPv6 pool with a DNS server and enable the DHCPv6 service. (Netgear Switch) (Config)#ipv6 dhcp pool ipv6_server (Netgear Switch) (Config-dhcp6s-pool)#address prefix 2001:1:2::/64 (Netgear Switch) (Config-dhcp6s-pool)#exit (Netgear Switch) (Config)#service dhcpv6...
Page 527: Web Interface: Configure A Stateful Dhcpv6 Server
(Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ipv6 address 2001:1:2::1/64 (Netgear Switch) (Interface 1/0/1)#ipv6 enable (Netgear Switch) (Interface 1/0/1)#ipv6 dhcp server ipv6_server (Netgear Switch) (Interface 1/0/1)#exit Web Interface: Configure a Stateful DHCPv6 Server Enable ipv6 routing.
Page 528 Managed Switches A screen similar to the following displays. b. Select the 1/0/1 check box to the left of the Interface column. 1/0/1 displays in the Interface field of the table heading. c. In the IPv6 Mode field, select Enable. d.
Page 529 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply to save the settings. Create the DHCPv6 pool. a. Select System > Services > DHCP Server > DHCPv6 Pool Configuration. A screen similar to the following displays.
Page 530 Managed Switches A screen similar to the following displays. b. In Pool Name list, select ipv6_server. c. In the Prefix field, enter 2001:1:2::. d. In the Prefix Length field, enter 64. e. Click Add. Enable the DHCPv6 pool on interface 1/0/1. a.
Page 531: Chapter 29 Dvlans And Private Vlans
DVLANs and Private VLANs D o u b l e VL A NS a n d p ri vate V L A N g ro ups This chapter includes the following sections: • Double VLANs • Private VLAN Groups...
Page 532: Double Vlans
1/0/24. This example assumes that a Layer 2 switch connects all these devices in your domain. The Layer 2 switch tags the packet going to the NETGEAR switch port 1/0/24. The example is shown as CLI commands and as a web interface procedure.
Page 533: Cli: Enable A Double Vlan
Add interface 1/0/24 to VLAN 200, add pvid 200 to port. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan pvid 200 (Netgear Switch) (Interface 1/0/24)#vlan participation include 200 (Netgear Switch) (Interface 1/0/24)#exit Add interface 1/0/48 to the VLAN 200 in a tagging mode. (Netgear Switch) (Config)#interface 1/0/48...
Page 534 Managed Switches b. Under VLAN Configuration, enter the following information: • In the VLAN ID field, enter 200. • In the VLAN Name field, enter vlan200. • In the VLAN Type field, select Static. c. Click Add. Add ports 24 and 48 to VLAN 200. a.
Page 535 Managed Switches d. Click Apply to save the settings. Configure port 48 as the provider service port: a. Select Switching > VLAN > Advanced > Port DVLAN Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/48 check box. Now 1/0/48 appears in the Interface field at the top.
Page 536: Private Vlan Groups
Managed Switches Private VLAN Groups The private VLAN group allows you to create groups of users within a VLAN that cannot communicate with members in different groups but only within the same group. There are two modes for the private group. The mode can be either isolated or community. When in isolated mode, the member port in the group cannot forward its egress traffic to any other members in the same group.
Page 537: Cli: Create A Private Vlan Group
(Netgear Switch) (Interface 1/0/17)#exit Create a VLAN 200 and include 1/0/6,1/0/7, 1/0/16, and 1/0/17. (Netgear Switch) (Config)# (Netgear Switch) (Config)#private-group name group1 1 mode community Create a private group in community mode. (Netgear Switch) (Config)#private-group name group2 2 mode isolated Create a private group in isolated mode.
Page 538: Web Interface: Create A Private Vlan Group
Managed Switches Add 1/0/16 and 1/0/7 to the private group 1. (Netgear Switch) (Config)#interface range 1/0/16-1/0/17 (Netgear Switch) (conf-if-range-1/0/16-1/0/17)#switchport private-group 2 Add 1/0/16 and 1/0/7 to the private group 2. (Netgear Switch) (conf-if-range-1/0/16-1/0/17)#exit Web Interface: Create a Private VLAN Group Create VLAN 200.
Page 539 Managed Switches A screen similar to the following displays. b. Under VLAN Membership, in the VLAN ID list, select 200. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 6, 7, 16 and 17 until U displays. The U specifies that the egress packet is untagged for the port.
Page 540 Managed Switches A screen similar to the following displays. b. In the Group Name field, enter group1. c. In the Group ID field, enter 1. d. In the Group Mode list, select community. e. Click Add. Add port 6 and 7 to group1. a.
Page 541 Managed Switches A screen similar to the following displays. b. In the Group Name field, enter group2. c. In the Group ID field, enter 2. d. In the Group Mode field, select isolated. e. Click Add. Add ports 16 and 17 to group2. a.
Page 542: Chapter 30 Stp
S p a n n i n g Tree Protoco l This chapter includes the following sections: • Spanning Tree Protocol Concepts • Configure Classic STP (802.1d) • Configure Rapid STP (802.1w) • Configure Multiple STP (802.1s) • Configure PVSTP and PVRSTP...
Page 543: Spanning Tree Protocol Concepts
CLI: Configure Classic STP (802.1d) (Netgear Switch) (Config)# spanning-tree (Netgear Switch) (Config)# spanning-tree mode stp (Netgear switch) (Interface 1/0/3)# spanning-tree port mode Web Interface: Configure Classic STP (802.1d) Enable 802.1d on the switch. a. Select Switching > STP > STP Configuration.
Page 544: Configure Rapid Stp (802.1W)
Click Apply. Configure Rapid STP (802.1w) The example is shown as CLI commands and as a web interface procedure. CLI: Configure Rapid STP (802.1w) (Netgear switch) (Config)# spanning-tree (Netgear switch) (Config)# spanning-tree mode rstp (Netgear switch) (Interface 1/0/3)# spanning-tree port mode...
Page 545: Web Interface: Configure Rapid Stp (802.1W)
Managed Switches Web Interface: Configure Rapid STP (802.1w) Enable 802.1w on the switch: a. Select Switching > STP > STP Configuration. A screen similar to the following displays. b. Enter the following information: • For Spanning Tree Admin Mode, select the Enable radio button. •...
Page 546: Configure Multiple Stp (802.1S)
(Netgear switch) (Config)# spanning-tree mst vlan 2 11 (Netgear switch) (Config)# spanning-tree mst vlan 2 12 Configure the priority and cost on port 1/0/3: (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 port-priority 128 (Netgear switch) (Interface 1/0/3)# spanning-tree mst 1 cost 0...
Page 547: Web Interface: Configure Multiple Stp (802.1S)
Managed Switches Web Interface: Configure Multiple STP (802.1s) Enable 802.1s on the switch. a. Select Switching > STP > STP Configuration. A screen similar to the following displays. b. Enter the following information: • For Spanning Tree Admin Mode, select the Enable radio button. •...
Page 548: Configure Pvstp And Pvrstp
Managed Switches c. Configure MST ID 2. • In the MST ID field, enter 2. • In the Priority field, enter 4096. • In the VLAN Id field, enter 11. • Click Add. • In the VLAN Id field, enter 12. •...
Page 549 Managed Switches If you enable PVSTP or PVRSTP on a switch, all other spanning tree modes on the switch become disabled. The difference between Multiple Spanning Tree Protocol (MSTP) and PVSTP or PVRSTP lies primarily in the way that the protocol maps spanning tree instances to VLANs: PVSTP or PVRSTP creates a spanning tree instance for each VLAN, whereas MSTP maps one or more VLANs to each Multiple Spanning Tree (MST) instance.
Page 550: Cli: Configure Pvstp
Ensure that ports 1/0/1 and 1/0/2 are in VLAN 1002 in tagged mode because BPDU packets for PVSTP are transmitted in tagged packets. Enable PVSTP. (Netgear Switch) #config (Netgear Switch) (Config)#spanning-tree mode pvst Note: After you enable PVSTP (or PVRSTP) globally, PVSTP (or PVRSTP) is applied to VLANs automatically.
Page 551 (Netgear Switch) (Config)#spanning-tree backbonefast To enable the switch to be elected as the root in VLAN 1000, set the PVSTP priority to 0. (Netgear Switch) (Config)#spanning-tree vlan 1000 priority 0 CLI: Configure PVSTP on Switch 2 Ensure that ports 1/0/1 and 1/0/2 are in VLAN 1002 in tagged mode because BPDU packets for PVSTP are transmitted in tagged packets.
Page 552 Managed Switches Verify the PVSTP status. (Netgear Switch) #show spanning-tree vlan 1002 VLAN 1002 Spanning-tree enabled protocol pvst RootID Priority 33770 Address 6C:B0:CE:19:AE:3D Cost Port This switch is the root Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec...
Page 553: Web Interface: Configure Pvstp
Managed Switches Web Interface: Configure PVSTP You must configure PVSTP on Switch 1 and Switch 2. This example assumes that all switches can support PVSTP. Web Interface: Configure PVSTP on Switch 1 Ensure that ports 1/0/1 and 1/0/2 are in VLAN 1002 in tagged mode because BPDU packets for PVSTP are transmitted in tagged packets.
Page 554 Managed Switches b. From the VLAN ID menu, select 1002. The roles of ports 1/0/1 and 1/0/2 display. To enable the switch to be elected as the root, change the PVST priority to lower value (for example, 0). a. Select Switching > STP > Advanced > PVST VLAN. A screen similar to the following displays.
Page 555 Managed Switches The settings for VLAN ID 1002 display in the fields in the table heading. c. In the Priority field, enter 0. d. Click Apply. Web Interface: Configure PVSTP on Switch 2 Ensure that ports 1/0/1 and 1/0/2 are in VLAN 1002 in tagged mode because BPDU packets for PVSTP are transmitted in tagged packets.
Page 556 Managed Switches b. From the VLAN ID menu, select 1002. The roles of ports 1/0/1 and 1/0/2 display.
Page 557: Chapter 31 Tunnels For Ipv6
Tunnels for IPv6 6 i n 4 t u n ne ls an d 6to4 t unne ls This chapter includes the following sections: • Tunnel Concepts • Create a 6in4 Tunnel • Create a 6to4 Tunnel Note: IPv6 tunnels are available on M5300 and M6100 series switches only. However, the following M5300 series switches require a license to support IPv6 tunnels: M5300-28G, M5300-52G, M5300-28G-POE+, and M5300-52G-POE+.
Page 558: Tunnel Concepts
Managed Switches Tunnel Concepts Two methods exist for IPv6 sites to communicate with each other over the IPv4 network: 6in4 tunnel and 6to4 tunnel. The 6in4 tunnel encapsulates IPv6 traffic over an explicitly configured IPv4 destination or end port of the tunnel with the IP protocol number set to 41. The 6to4 tunnel IPv6 prefix is constructed by prepending 2002 (hexadecimal) to the global IPv4 address.
Page 559: Cli: Create A 6In4 Tunnel
(Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#ipv6 address 2000::1/64 (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip (Netgear Switch) (Interface tunnel 0)#tunnel source 192.168.1.1...
Page 560: Web Interface: Create A 6In4 Tunnel
(Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface 1/0/13)#ip address 192.168.1.2 255.255.255.0 (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#ipv6 address 2000::2/64 (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip (Netgear Switch) (Interface tunnel 0)#tunnel source 192.168.1.2...
Page 561 Managed Switches Enable IPv6 forwarding and unicast routing on the switch. a. Select Routing > IPv6 > Basic> Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. For IPv6 Forwarding, select the Enable radio button. d.
Page 562 Managed Switches A screen similar to the following displays. b. In the Tunnel ID list, select 0. c. In the Mode field, select 6-in-4-configured. d. In the Source Address field, enter 192.168.1.1. e. In the IPv6 Mode field, select Enable. f.
Page 563 Managed Switches A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. For IPv6 Forwarding, select the Enable radio button. d. Click Apply. Create a routing interface and assign an IP address to it. a.
Page 564: Create A 6To4 Tunnel
IPv4 address, which is extracted from IPv6 destination address with the prefix 2002::V4ADDR::/48. A NETGEAR switch behaves as a 6to4 border router that connects 6to4 islands (in the following figure, Switch 1 and Switch 2) to an IPv6 domain (in the following figure, Switch 3).
Page 565: Cli: Create A 6To4 Tunnel
(Netgear Switch) # config (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#ip routing Configure IPv4 address on routing port 1/0/1. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 195.1.3.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#exit Tunnels for IPv6...
Page 566 (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 address 2002:c301:302::1/16 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip 6to4 (Netgear Switch) (Interface tunnel 0)#tunnel source 195.1.3.2 (Netgear Switch) (Interface tunnel 0)#exit Configure the IPv6 address for routing port 1/0/3. The IPv6 address format is 2002:V4ADDR:Subnet::Host/64, in which V4ADDR is the source IPv4 address of the tunnel and Subnet is the subnet of 2002:V4ADDR::/64.
Page 567 (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 address 2002:c301:402::1/16 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip 6to4 (Netgear Switch) (Interface tunnel 0)#tunnel source 195.1.4.2 (Netgear Switch) (Interface tunnel 0)#exit Tunnels for IPv6...
Page 568 Create a static IPv4 route to ensure that Switch 2 can reach Switch 1. You can also use a routing protocol such as RIP or OSPF to let Switch 2 learn the route from Switch 1. (Netgear Switch) (Config)#ip route 195.1.3.0 255.255.255.0 195.1.4.1 Verify the configuration.
Page 569 (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch) (Interface tunnel 0)#ipv6 address 2002:c301:502::1/16 (Netgear Switch) (Interface tunnel 0)#ipv6 enable (Netgear Switch) (Interface tunnel 0)#tunnel mode ipv6ip 6to4 (Netgear Switch) (Interface tunnel 0)#tunnel source 195.1.5.2 (Netgear Switch) (Interface tunnel 0)#exit Configure a global IPv6 address on routing port 2/0/1.
Page 570: Web Interface: Create A 6To4 Tunnel
Managed Switches reate a 6to4 Tunnel Web Interface: C You must configure Switch1, Switch2, and Switch 3. Web Interface: Create a 6to4 Tunnel on Switch 1 Enable IP routing on Switch 1. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays.
Page 571 Managed Switches a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Select the 1/0/1 check box for port 1/0/1. The settings for port 1/0/1 display in the fields in the table heading. c.
Page 572 Managed Switches The settings for port 1/0/3 display in the fields in the table heading. c. Configure the following settings: • In the IPv6 Mode field, select Enable. • In the Routing Mode field, select Enable. d. Click Apply. Configure the IPv6 address for IPv6 routing interface 1/0/3. a.
Page 573 Managed Switches b. Configure the following tunnel settings: • In the Tunnel ID field, select 0. • In the Mode field, select 6-to-4. • In the IPv6 Mode field, select Enable. • In the IPv6 Address/Prefix Length field, enter 2002:c301:302::1/16. •...
Page 574 Managed Switches • In the Next Hop IPv6 Address Type field, select Global. • In the Next Hop IPv6 Address field, enter 2002:c301:502::1. c. Click Add. Create a static route for subnet 195.1.4.0/24. a. Select Routing > Routing Table > Advanced > Route Configuration. A screen similar to the following displays.
Page 575 Managed Switches Web Interface: Create a 6to4 Tunnel on Switch 2 Enable IP routing on Switch 2. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 576 Managed Switches b. Above the table heading, Under IP Interface Configuration, click 2. c. Select the 2/0/1 check box for port 2/0/1. The settings for port 2/0/1 display in the fields in the table heading. d. Configure the following settings: •...
Page 577 Managed Switches d. Configure the following settings: • In the IPv6 Mode field, select Enable. • In the Routing Mode field, select Enable. e. Click Apply. Configure an IPv6 address for routing interface 2/0/3. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays.
Page 578 Managed Switches b. Configure the following tunnel settings: • In the Tunnel ID field, select 0. • In the Mode field, select 6-to-4. • In the IPv6 Mode field, select Enable. • In the IPv6 Address/Prefix Length field, enter 2002:c301:402::1/16. •...
Page 579 Managed Switches Web Interface: Create a 6to4 Tunnel on Switch 3 Enable IP routing on Switch 3. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 580 Managed Switches b. Above the table heading, Under IP Interface Configuration, click 2. c. Select the 2/0/1 check box for port 2/0/1. The settings for port 2/0/1 display in the fields in the table heading. d. Configure the following settings: •...
Page 581 Managed Switches Configure the IPv6 address for the IPv6 routing interface 2/0/24. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. From the Interface menu, select 2/0/24. The settings for port 2/0/24 display in the fields in the table heading. c.
Page 582 Managed Switches • In the EUI64 field, select Disable. • In the Source Address field, enter 195.1.4.2. c. Click Add. d. Configure the following tunnel settings: • In the Tunnel ID field, select 0. • In the Mode field, select 6-to-4. •...
Page 583: Chapter 32 Ipv6 Interface Configuration
IPv6 Interface Configuration I P v 6 rou t i n g an d rou ti ng VL A Ns This chapter includes the following sections: • Create an IPv6 Routing Interface • Create an IPv6 Routing VLAN • Configure DHCPv6 Mode on the Routing Interface Note: IPv6 interface configuration is available on M5300 and M6100 series switches only.
Page 584: Create An Ipv6 Routing Interface
(Netgear Switch) (Config)#ipv6 unicast-routing Assign an IPv6 address to interface 1/0/1. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#ipv6 enable (Netgear Switch) (Interface 1/0/1)#ipv6 address 2000::2/64 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) #ping ipv6 2000::2 Send count=3, Receive count=3 from 2000::2 Average round trip time = 1.00 ms...
Page 585: Web Interface: Create An Ipv6 Routing Interface
Managed Switches (Netgear Switch) #show ipv6 interface 1/0/1 IPv6 is enabled IPv6 Prefix is ........ FE80::21E:2AFF:FED9:249B/128 2000::2/64 [TENT] Routing Mode........Enabled Administrative Mode......Enabled IPv6 Routing Operational Mode....Enabled Bandwidth........1000000 kbps Interface Maximum Transmit Unit....1500 Router Duplicate Address Detection Transmits... 1 Router Advertisement NS Interval....
Page 586 Managed Switches A screen similar to the following displays. b. Under IPv6 Interface Configuration, scroll down and select the Interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. c. In the IPv6 Mode field, select Enable. d.
Page 587: Create An Ipv6 Routing Vlan
Add interface 1/0/1 to VLAN 500. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 500 (Netgear Switch) (Interface 1/0/1)#vlan participation pvid 500 (Netgear Switch) (Interface 1/0/1)#exit Assign IPv6 address 2000::1/64 to VLAN 500 and enable IPv6 routing.
Page 588 IPv6 Unicast Routing Mode...... Enable IPv6 Hop Limit......... 0 ICMPv6 Rate Limit Error Interval....1000 msec ICMPv6 Rate Limit Burst Size....100 messages Maximum Routes......... 128 (Netgear Switch) #show ipv6 interface 0/4/1 IPv6 is enabled IPv6 Prefix is ........ FE80::21E:2AFF:FED9:249B/128 2000::1/64 Routing Mode........Enabled Administrative Mode......
Page 589: Web Interface: Create An Ipv6 Vlan Routing Interface
Managed Switches Web Interface: Create an IPv6 VLAN Routing Interface Create VLAN 500. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 500. c. In the VLAN Type field, select Static. d.
Page 590 Managed Switches A screen similar to the following displays. b. Under PVID Configuration, scroll down and select the Interface 1/0/1 check box. c. In the PVID (1 to 4093) field, enter 500. d. Click Apply to save the settings. Enable IPv6 forwarding and unicast routing on the switch. a.
Page 591: Configure Dhcpv6 Mode On The Routing Interface
Managed Switches e. Click Apply. Assign an IPv6 address to the routing VLAN. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. In the Interface field, select 0/4/2. c. In the IPv6 Prefix field, enter 2000::1. d.
Page 592: Cli: Configure Dhcpv6 Mode On Routing Interface
Enable DHCPv6 on the interface 1/0/23. (Netgear Switch) (Config)#interface 1/0/23 (Netgear Switch) (Interface 1/0/23)#routing (Netgear Switch) (Interface 1/0/23)#ipv6 enable (Netgear Switch) (Interface 1/0/23)#ipv6 address dhcp (Netgear Switch) (Interface 1/0/23) Show the ipv6 address assigned from 1/0/23. (Netgear Switch) #show ipv6 interface 1/0/23 IPv6 is enabled IPv6 Prefix is ........
Page 593: Web Interface: Configure Dhcpv6 Mode On Routing Interface
Managed Switches Web Interface: Configure DHCPv6 mode on routing interface Enable IPv6 unicast globally. a. Select Routing > IPv6 > Basic > Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c.
Page 594 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/23. You can see the IPv6 address assigned by the DHCPv6 server. IPv6 Interface Configuration...
Page 595: Chapter 33 Pim
Protocol Independent Multicast This chapter includes the following sections: • Protocol Independent Multicast Concepts • PIM-DM • PIM-SM Note: PIM is available on M5300 and M6100 series switches only. However, the following M5300 series switches require a license to support PIM: M5300-28G, M5300-52G, M5300-28G-POE+, and M5300-52G-POE+.
Page 596: Protocol Independent Multicast Concepts
Managed Switches Protocol Independent Multicast Concepts The PIM protocol can be configured to operate on IPv4 and IPv6 networks. Separate CLI commands are provided for IPv4 and IPv6 operation; however, most configuration options are common to both protocols. Therefore, this section describes only IPv4 configuration; IPv6 configuration is similar to IPv4.
Page 597 Managed Switches Source IP 192.168.1.1 Port 1/0/13 Port 1/0/9 Port 1/0/10 Switch A Switch B Subnet 192.168.3.0/24 Port Port 1/0/1 1/0/11 Port Port 1/0/21 1/0/21 Subnet 192.168.6.0/24 Switch D Switch C Port 1/0/22 Port 1/0/22 Port 1/0/24 Host IP 192.168.4.2 Figure 57.
Page 598: Cli: Configure Pim-Dm
Enable IP multicast forwarding on the switch. (Netgear Switch) (Config)#ip multicast Enable RIP to build the unicast IP routing table. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#ip rip...
Page 599 (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pim (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/10 (Netgear Switch) (Interface 1/0/10)#routing (Netgear Switch) (Interface 1/0/10)#ip address 192.168.3.2 255.255.255.0 (Netgear Switch) (Interface 1/0/10)#ip rip (Netgear Switch) (Interface 1/0/10)#ip pim (Netgear Switch) (Interface 1/0/10)#exit...
Page 600 (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pim dense (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.5.2 255.255.255.0 (Netgear Switch) (Interface 1/0/21)#ip rip (Netgear Switch) (Interface 1/0/21)#ip pim (Netgear Switch) (Interface 1/0/21)#exit...
Page 601 (Netgear Switch) (Interface 1/0/24)#routing (Netgear Switch) (Interface 1/0/24)#ip pim (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#ip rip (Netgear Switch) (Interface 1/0/24)#ip address 192.168.4.1 255.255.255.0 (Netgear Switch) (Interface 1/0/24)#exit PIM-DM builds the multicast routes table on each switch. (A) #show ip mcast mroute summary...
Page 602: Web Interface: Configure Pim-Dm
Managed Switches Web Interface: Configure PIM-DM PIM-DM on Switch A Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 603 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/9 check box. Now 1/0/9 appears in the Port field at the top. Enter the following information: • In the IP Address field, enter 192.168.3.1. •...
Page 604 Managed Switches d. Click Apply to save the settings. Enable RIP on the interface 1/0/1. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/1. c. For RIP Admin Mode, select the Enable radio button. d.
Page 605 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/13. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays.
Page 606 Managed Switches A screen similar to the following displays. b. For PIM Protocol Type, select the PIM-DM radio button. c. For Admin Mode, select the Enable radio button. d. Click Apply. Enable PIM-DM on interfaces 1/0/1,1/0/9, and 1/0/13. a. Select Routing > Multicast > PIM > Interface Configuration. A screen similar to the following displays.
Page 607 Managed Switches PIM-DM on Switch B: Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. Configure 1/0/10 as a routing port and assign an IP address to it.
Page 608 Managed Switches A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Port 1/0/11 check box. Now 1/0/11 appears in the Port field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.5.1. •...
Page 609 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/11. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays.
Page 610 Managed Switches c. For Admin Mode, select the Enable radio button. Click Apply. Enable PIM-SM on interfaces 1/0/10 and 1/0/11. a. Select Routing > Multicast > PIM > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/10 and 1/0/11 check box. c.
Page 611 Managed Switches A screen similar to the following displays. b. Scroll down select the Port 1/0/21 check box. Now 1/0/21 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.5.2. •...
Page 612 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/21. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. Enable RIP on interface 1/0/22. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays.
Page 613 Managed Switches b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays. b. For PIM Protocol Type, select the PIM-DM radio button. c.
Page 614 Managed Switches PIM-DM on Switch D: Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. Configure 1/0/21 as a routing port and assign an IP address to it.
Page 615 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/22 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.6.2. •...
Page 616 Managed Switches A screen similar to the following displays. b. In the Interface list, select t 1/0/21. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. Enable RIP on interface 1/0/22. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays.
Page 617 Managed Switches Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays.
Page 618 Managed Switches b. Scroll down and select the Interface 1/0/21, 1/0/22, and 1/0/24 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. Enable IGMP globally. a. Select Routing > Multicast > IGMP > Global Configuration. A screen similar to the following displays.
Page 619: Pim-Sm
Managed Switches PIM-SM Protocol-independent multicast sparse mode (PIM-SM) is used to efficiently route multicast traffic to multicast groups that can span wide area networks where bandwidth is a constraint. Source IP 192.168.1.1 Port 1/0/13 Port 1/0/10 Port 1/0/9 Switch A Switch B Subnet 192.168.3.0/24 Port...
Page 620: Cli: Configure Pim-Sm
Enable IP multicast forwarding on the switch. (Netgear Switch) (Config)#ip multicast Enable RIP to build a unicast IP routing table (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#ip rip...
Page 621 (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pim spars (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip pim rp-candidate interface 1/0/11 225.1.1.1 255.255.255.0 Enable the switch to announce its candidacy as a bootstrap router (BSR). (Netgear Switch) (Config)#ip pim bsr-candidate interface 1/0/10 30...
Page 622 PIM-SM on Switch C (Netgear Switch)#configure (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pim sparse (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip pim rp-candidate interface 1/0/22 225.1.1.1 255.255.255.0 (Netgear Switch) (Config)#ip pim bsr-candidate interface 1/0/21 (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.5.2...
Page 623 Managed Switches (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#routing (Netgear Switch) (Interface 1/0/24)#ip address 192.168.4.1 255.255.255.0 (Netgear Switch) (Interface 1/0/24)#ip rip (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#ip pim (Netgear Switch) (Interface 1/0/24)#exit PIM-SM builds the multicast route table on each switch. The following tables show the routes that are built after PIM-SM switches to the source-specific tree from the shared tree.
Page 624: Web Interface: Configure Pim-Sm
Managed Switches Web Interface: Configure PIM-SM PIM-SM on Switch A Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 625 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/9 check box. Now 1/0/9 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.3.1. •...
Page 626 Managed Switches Enable RIP on interface 1/0/1. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface field, select 1/0/1. c. For RIP Admin Mode, select the Enable radio button. d.
Page 627 Managed Switches d. Click Apply. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-SM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays.
Page 628 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1, 1/0/9, and 1/0/13 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. PIM-SM on Switch B: Enable IP routing on the switch.
Page 629 Managed Switches b. Scroll down and select the interface 1/0/10 check box. Now 1/0/10 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.3.2. • In the Subnet Mask field, enter 255.255.255.0. •...
Page 630 Managed Switches Enable RIP on interface 1/0/11. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/11. c. For RIP Admin Mode, select the Enable radio button. d.
Page 631 Managed Switches b. For PIM Protocol Type, select the PIM-SM radio button. c. For Admin Mode, select the Enable radio button. d. Click Apply. Enable PIM-SM on interfaces 1/0/10 and 1/0/11. a. Select Routing > Multicast > PIM > Interface Configuration. A screen similar to the following displays.
Page 632 Managed Switches A screen similar to the following displays. b. In the Interface list, select the 1/0/10. c. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 7. e. Click Apply. PIM-SM on Switch C: Enable IP routing on the switch.
Page 633 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/21 check box. Now 1/0/21 appears in the Interface field at the top. c. Enter the following information: • In the IP address, enter 192.168.5.2. •...
Page 634 Managed Switches A screen similar to the following displays. b. In the Interface field, select 1/0/21. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. Enable RIP on interface 1/0/22. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays.
Page 635 Managed Switches Enable PIM-SM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays. b. For PIM Protocol Type, select the PIM-SM radio button. c. For Admin Mode, select the Enable radio button. d.
Page 636 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. In the Group IP field, enter 225.1.1.1. d. In the Group Mask field, enter 255.255.255.0. e. Click Add. BSR Candidate Configuration. a. Select Routing > Multicast > PIM > BSR Candidate Configuration. A screen similar to the following displays.
Page 637 Managed Switches PIM-SM on Switch D Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. Configure 1/0/21 as a routing port and assign an IP address to it.
Page 638 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/22 appears in the Port field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.6.2. •...
Page 639 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/21. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. Enable RIP on interface 1/0/22. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays.
Page 640 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-SM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays. b.
Page 641 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21, 1/0/22, and 1/0/24 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. Set up Candidate RP configuration. a.
Page 642 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 3. e. Click Apply. Enable IGMP globally. a. Select Routing > Multicast > IGMP > Global Configuration. A screen similar to the following displays.
Page 643 Managed Switches A screen similar to the following displays. b. Under IGMP Routing Interface Configuration, scroll down and select the Interface 1/0/24 check box. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings.
Page 644: Chapter 34 Dhcp L2 Relay And L3 Relay
DHCP L2 Relay and L3 Relay D y n a m i c H ost Con fi g ura ti o n Pro to co l Rel a y s This chapter includes the following sections: • DHCP L2 Relay •...
Page 645: Dhcp L2 Relay
Relay agent information option and broadcast the DHCP message. This section provides information about where a Layer 2 relay agent fits in and how it is used. CLI: Enable DHCP L2 Relay Enter the following commands: (Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 200 (Netgear Switch)(Vlan)#exit DHCP L2 Relay and L3 Relay...
Page 646 Enable the Option 82 Circuit ID field. (Netgear Switch) (Config)#dhcp l2relay circuit-id vlan 200 Enable the Option 82 Remote ID field. (Netgear Switch) (Config)#dhcp l2relay remote-id rem_id vlan 200 Enable DHCP L2 relay on port 1/0/4. (Netgear Switch) (Config)#interface 1/0/4...
Page 647: Web Interface: Enable Dhcp L2 Relay
Managed Switches Web Interface: Enable DHCP L2 Relay Create VLAN 200. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 200. c. In the VLAN Type field, select Static. d.
Page 648 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/4, 1/0/5, and 1/0/6 check boxes. c. In the PVID (1 to 4093) field, enter 200. d. Click Apply to save the settings. Enable DHCP L2 relay on VLAN 200. a.
Page 649 Managed Switches A screen similar to the following displays. b. Scroll down and select the 1/0/4, 1/0/5, and 1/0/6 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. Enable DHCP L2 relay trust on interface 1/0/6. a.
Page 650: Dhcp L3 Relay
This case has two steps, DHCP server configuration and DHCP L3 relay configuration. This example shows how to configure a DHCP L3 relay on a NETGEAR switch and how to configure DHCP pool to assign IP addresses to DHCP clients using DHCP L3 relay.
Page 651 Create a routing interface and enable RIP on it so that the DHCP server learns the route 10.200.1.0/24 from the DHCP L3 relay. (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 10.100.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/3)#ip rip (Netgear Switch) (Interface 1/0/3)#exit Create a DHCP pool.
Page 652 Managed Switches Create a routing interface and assign 10.100.1.1/24 to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the 1/0/3 check box. c. In the IP Address field, enter 10.100.1.1. d.
Page 653 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. In the IP Range From field, enter 10.200.1.1. d. In the IP Range To field, enter 10.200.1.1. e. Click Add. Exclude 10.200.2.1 from the DHCP pool. a.
Page 654 Managed Switches A screen similar to the following displays. b. Under DHCP Pool Configuration, enter the following information: • In the Pool Name list, select Create. • In the Pool Name field, enter dhcp_server. • In the Type of Binding list, select Dynamic. •...
Page 655: Configure A Dhcp L3 Switch
Create a routing interface and enable RIP on it. (Netgear Switch) (Config)# (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#routing (Netgear Switch) (Interface 1/0/4)#ip address 10.100.1.2 255.255.255.0 (Netgear Switch) (Interface 1/0/4)#ip rip (Netgear Switch) (Interface 1/0/4)#exit Create a routing interface connecting to the client.
Page 656 Managed Switches Redistribute 10.200.1.0/24 and 10.200.2.0/24 to the RIP such that RIP advertises this route to the DHCP server. (Netgear Switch) (Config)# (Netgear Switch) (Config)#router rip (Netgear Switch) (Config-router)#redistribute connected (Netgear Switch) (Config-router)#exit Web Interface: Configure a DHCP L3 Relay Enable routing mode on the switch.
Page 657 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/4. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply to save the settings. Create a routing interface and assign 10.200.1.1/24 to it. a.
Page 658 Managed Switches A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Port 1/0/16 check box. c. In the IP Address Configuration Method field, enter Manual. d. In the IP Address field, enter 10.200.2.1. e.
Page 659 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply to save the settings. Configure the DHCP server IP address. a. Select System > Services > UDP Relay. A screen similar to the following displays. b.
Page 660: Chapter 35 Mld
Multicast Listener Discover y This chapter includes the following sections: • Multicast Listener Discovery Concepts • Configure MLD • MLD Snooping Note: MLD is available on M5300 and M6100 series switches only. However, the following M5300 series switches require a license to support MLD: M5300-28G, M5300-52G, M5300-28G-POE+, and M5300-52G-POE+.
Page 661: Multicast Listener Discovery Concepts
Managed Switches Multicast Listener Discovery Concepts Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover multicast listeners, the nodes that are configured to receive multicast data packets, on its directly attached interfaces. The protocol specifically discovers which multicast addresses are of interest to its neighboring nodes and provides this information to the active multicast routing protocol that determines the flow of multicast data packets.
Page 662: Cli: Configure Mld
(Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ipv6 address 2001:1::1/64 (Netgear Switch) (Interface 1/0/1)#ipv6 enable (Netgear Switch) (Interface 1/0/1)#ipv6 pim (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (Interface 1/0/1)#exit...
Page 663 (Netgear Switch) (Config)#ip multicast Enable MLD on interface 1/0/24. (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ipv6 address 2001:1::2/64 (Netgear Switch) (Interface 1/0/21)#ipv6 enable (Netgear Switch) (Interface 1/0/21)#ipv6 pim (Netgear Switch) (Interface 1/0/21)#ipv6 ospf (Netgear Switch) (Interface 1/0/21)#exit...
Page 664: Web Interface: Configure Mld
Managed Switches Web Interface: Configure MLD MLD on Switch A Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 665 Managed Switches b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. Enter the following information: • In the IPv6 Mode field, select Enable. • In the Routing Mode field, select Enable. • In the Admin Mode field, select Enable. d.
Page 666 Managed Switches c. Enter the following information: • In the IPv6 Prefix field, enter 2001:2::1. • In the Prefix Length field, enter 64. • In the EUI64 field, select Disable. d. Click Add to save the settings. Configure the router ID of OSPFv3. a.
Page 667 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM globally. a. Select Routing > IPv6 Multicast > IPv6 PIM > Global Configuration. A screen similar to the following displays. b.
Page 668 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. MLD on Switch B Enable IP routing on the switch.
Page 669 Managed Switches A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. Click Apply. Configure 1/0/21 and 1/0/24 as IPv6 routing ports. a. Select Routing > IPv6 > Advanced > Interface Configuration. A screen similar to the following displays.
Page 670 Managed Switches A screen similar to the following displays. b. In the Interface field, select 1/0/21. c. Enter the following information: • In the IPv6 Prefix field, enter 2001:1::2. • In the Prefix Length field, enter 64. • In the EUI64 field, select Disable. d.
Page 671 Managed Switches A screen similar to the following displays. b. In the Router ID field, enter 2.2.2.2. c. For Admin Mode, select the Enable radio button. d. Click Apply. Enable OSPFv3 on interfaces 1/0/21 and 1/0/24. a. Select Routing > OSPFv3 > Advanced > Interface Configuration. A screen similar to the following displays.
Page 672 Managed Switches Enable PIM-DM globally. a. Select Routing > IPv6 Multicast > IPv6PIM > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable PIM-DM on interfaces 1/0/21 and 1/0/24. a.
Page 673: Mld Snooping
Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable MLD on interface 1/0/24. a. Select Routing > IPv6 Multicast > MLD > Routing Interface Configuration. A screen similar to the following displays. b.
Page 674: Cli: Configure Mld Snooping
(Netgear Switch) (Vlan)#vlan 300 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 300 (Netgear Switch) (Interface 1/0/1)#vlan pvid 300 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 300...
Page 675: Web Interface: Configure Mld Snooping
Managed Switches Web Interface: Configure MLD Snooping Create VLAN 300. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 300. c. Click Add. Assign all of the ports to VLAN 300. a.
Page 676 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 and 1/0/24 check boxes. c. In the PVID (1 to 4093) field, enter 300. d. Click Apply to save the settings. Enable MLD snooping on the switch. a.
Page 677: Chapter 36 Dvmrp
DVMRP Distance Vec tor Multicast Routing Pro to col This chapter includes the following sections: • Distance Vector Multicast Routing Protocol Concepts • CLI: Configure DVMRP • Web Interface: Configure DVMRP Note: DVMRP is available on M5300 and M6100 series switches only. However, the following M5300 series switches require a license to support DVMRP: M5300-28G, M5300-52G, M5300-28G-POE+, and M5300-52G-POE+.
Page 678: Distance Vector Multicast Routing Protocol Concepts
Managed Switches Distance Vector Multicast Routing Protocol Concepts The Distance Vector Multicast Routing Protocol (DVMRP) is used for multicasting over IP networks without routing protocols to support multicast. The DVMRP is based on the RIP protocol but more complicated than RIP. DVRMP maintains a link-state database to keep track of the return paths to the source of multicast packages.
Page 679: Cli: Configure Dvmrp
(Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface 1/0/13)#ip address 192.168.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.3.2 255.255.255.0 (Netgear Switch)(Interface 1/0/21)#exit Enable IP multicast forwarding on the switch.
Page 680 (Netgear Switch) (Interface 1/0/13)#ip dvmrp (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#ip dvmrp (Netgear Switch) (Interface 1/0/21)#exit (Netgear Switch) #show ip dvmrp neighbor Interface ........1/0/13 Neighbor IP Address ......192.168.2.2 State ......... Active Up Time (hh:mm:ss) ......00:02:40 Expiry Time (hh:mm:ss) ......
Page 681 Managed Switches (Netgear Switch) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ------------- ------------ ---------- --------- --------------- 192.168.1.2 225.0.0.1 DVMRP 1/0/1 1/0/21 DVRMP on Switch B Create routing ports 1/0/13 and 1/0/20.
Page 682 Minor Version ......... 255 Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP...
Page 683 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#ip routing (Netgear Switch) (Interface 1/0/11)#ip address 192.168.3.1 255.255.255.0 (Netgear Switch) (Interface 1/0/11)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.168.4.2 255.255.255.0...
Page 684 More Entries or quit(q) Capabilities ........Prune GenID Missing 11441 Received Routes ....... 0 Received Bad Packets ......0 Received Bad Routes ......0 (Netgear Switch) #show ip mcast mroute detail summary Multicast Route Table Summary Incoming Outgoing Source IP...
Page 685: Web Interface: Configure Dvmrp
Managed Switches Web Interface: Configure DVMRP DVMRP on Switch A Enable IP routing on the switch. a. Select Routing > IP > Basic >IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
Page 686 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/13 check box. Now 1/0/13 appears in the Port field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.2.1. •...
Page 687 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP > Global Configuration. A screen similar to the following displays. b.
Page 688 Managed Switches DVMRP on Switch B Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. Configure 1/0/13 as a routing port and assign and IP address to it.
Page 689 Managed Switches A screen similar to the following displays. b. Scroll and select the Port 1/0/20 check box. Now 1/0/20 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.4.1. •...
Page 690 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable DVMRP on the interface. a. Select Routing > Multicast > DVMRP > Interface Configuration. A screen similar to the following displays. b.
Page 691 Managed Switches Configure 1/0/11 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/11 check box. Now 1/0/11 appears in the Port field at the top.
Page 692 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/24 check box. Now 1/0/24 appears in the Port field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.5.1. •...
Page 693 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Enable DVMRP on the interface. a. Select Routing > Multicast > DVMRP > Interface Configuration. A screen similar to the following displays. b.
Page 694 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/24 check box. Now 1/0/24 appears in the Interface field at the top. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. DVMRP...
Page 695: Chapter 37 Captive Portal
Captive Portal C aptive por tals and client authentication This chapter includes the following sections: • Captive Portal Concepts • Captive Portal Configuration Concepts • Enable a Captive Portal • Client Access, Authentication, and Control • Block a Captive Portal Instance •...
Page 696: Captive Portal Concepts
Managed Switches Captive Portal Concepts The captive portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. You can set up verification to allow access for both guests and authenticated users. Authenticated users must be validated against a database of authorized captive portal users before access is granted.
Page 697: Captive Portal Configuration Concepts
Enable captive portal on the switch. (Netgear Switch) (config)#captive-portal (Netgear Switch) (Config-CP)#enable Enable captive portal instance 1. (Netgear Switch) (Config-CP)#configuration 1 (Netgear Switch) (Config-CP 1)#enable Enable captive portal instance 1 on port 1/0/1. (Netgear Switch) (Config-CP 1)#interface 1/0/1 Captive Portal...
Page 698: Web Interface: Enable A Captive Portal
Managed Switches Web Interface: Enable a Captive Portal Enable captive portal on the switch. a. Select Security > Control > Captive Portal > CP Global Configuration. A screen similar to the following displays. b. For Admin Mode, Select the Enable radio button. c.
Page 699: Client Access, Authentication, And Control
Blocking a captive portal instance is a temporary command executed by the administrator and not saved in the configuration. Block a Captive Portal Instance CLI: Block a Captive Portal Instance (Netgear Switch)(Config-CP 1)#block Captive Portal...
Page 700: Web Interface: Block A Captive Portal Instance
CLI: Create Users and Groups Create a group whose group ID is 2. (Netgear Switch) #config (Netgear Switch) (config)#captive-portal (Netgear Switch)(Config-CP)# user group 2 Create a user whose name is user1. (Netgear Switch) (Config-CP)#user 2 name user1 Captive Portal...
Page 701: Web Interface: Create Users And Groups
Enter password (8 to 64 characters): 12345678 Re-enter password: 12345678 Add the user to the group. (Netgear Switch) (Config-CP)#user 2 group 2 Web Interface: Create Users and Groups Create a group. a. Select Security > Control > Captive Portal > CP Group Configuration.
Page 702: Remote Authorization (Radius) User Configuration
Managed Switches A screen similar to the following displays. b. Enter the following information: • In the User ID Field, enter 2. • In the User Name field, enter user1. • In the Password field, enter 12345678. • In the Confirm Password field, enter 12345678. •...
Page 703: Cli: Configure Radius As The Verification Mode
If the attribute is 0 or not present, use the value configured for the captive portal. CLI: Configure RADIUS as the Verification Mode (Netgear Switch) (Config-CP 1)#radius-auth-server Default-RADIUS-Server (Netgear Switch) (Config-CP 1)#verification radius Captive Portal...
Page 704: Web Interface: Configure Radius As The Verification Mode
Managed Switches Web Interface: Configure RADIUS as the Verification Mode Select Security > Control > Captive Portal > CP Configuration. A screen similar to the following displays. Scroll down and select the CP 1 check box. Now CP 1 appears in the CP ID field at the top. Enter the following information: •...
Page 705: Chapter 38 Iscsi
iSCSI I n ter n a l S mal l Comp u te r Sy s te m I nte r face This chapter includes the following sections: • iSCSI Concepts • Enable iSCSI Awareness with VLAN Priority Tag • Enable iSCSI Awareness with DSCP •...
Page 706: Iscsi Concepts
Managed Switches iSCSI Concepts The Internal Small Computer System Interface (iSCSI) feature is used in networks containing iSCSI initiators and targets where the administrator desires to protect the iSCSI traffic from interruption by giving the traffic preferential QoS treatment. The dynamically generated classifier rules are used to direct the iSCSI data traffic to queues that can be given the desired preference characteristics over other data transiting the switch.
Page 707: Enable Iscsi Awareness With Vlan Priority Tag
Use the following commands to enable iSCSI awareness, select VPT, and set VLAN number and aging time. (Netgear Switch) #config (Netgear Switch) (Config) #iscsi enable (Netgear Switch) (Config) #iscsi cos vpt 5 (Netgear Switch) (Config) #iscsi aging time 10 (Netgear Switch) (Config) #exit Web Interface: Enable iSCSI Awareness with VLAN Priority Tag Enable iSCSI awareness, select VPT, and set VLAN number and aging time.
Page 708: Enable Iscsi Awareness With Dscp
Use the following commands to enable iSCSI awareness, select DSCP, and set DSCP queue number and aging time. (Netgear Switch) #config (Netgear Switch) (Config) #iscsi enable (Netgear Switch) (Config) #iscsi cos dscp 46 (Netgear Switch) (Config) #iscsi aging time 10 (Netgear Switch) (Config) #exit Web Interface: Enable iSCSI Awareness with DSCP Enable iSCSI awareness, select DSCP, and set the DSCP queue number and aging time.
Page 709: Set The Iscsi Target Port
When working with iSCSI that does not use the standard IANA assigned iSCSI ports (3260/860), NETGEAR recommends that you specify the target IP address. Then, the switch snoops frames only if the TCP destination port is one of the configured TCP ports and the destination IP address is the target IP address.
Page 710: Show Iscsi Sessions
IP Address TCP Port ------------------- ------------- -------------------- ------------- 192.168.10.107 57965 192.168.10.116 3260 (Netgear Switch) # The command shows that there is an active iSCSI session. The initiator is at IP address 192.168.10.107 and the Target is at IP address 192.168.10.116 iSCSI...
Page 711: Web Interface: Show Iscsi Sessions
Managed Switches Web Interface: Show iSCSI Sessions Show iSCSI sessions. a. Select Switching > iSCSI > Advanced > Sessions. A screen similar to the following displays. Click Refresh. Show the iSCSI session details. a. Select Switching > iSCSI > Advanced > Sessions detailed. A screen similar to the following displays.
Page 712: Chapter 39 Override Factory Defaults
Override Factory Defaults U s e a n o t h e r fa c to r y d e fa u l t co n f ig u ra t i o n fi l e This chapter includes one section: Override the Factory Default Configuration File...
Page 713: Override The Factory Default Configuration File
Managed Switches Override the Factory Default Configuration File NETGEAR managed switches support a single set of default configurations and scaling parameters, which are hard-coded in the factory default configuration file. To enable you to use a different set of default configurations and scaling parameters, you can override the factory default configuration file and specify that another file in the file system must be regarded as the factory defaults.
Page 714: Cli: Erase The Old Factory Default Configuration File
Managed Switches CLI: Erase the Old Factory Default Configuration File Erase the old factory default configuration file from the switch. (Netgear Switch) #erase factory-default Reload the switch. The new factory default configuration file (that is, the factory_default.txt. file) takes effect.
Page 715: Chapter 40 Netgear Sfp
NETGEAR SFP S m a l l for m-fac tor p lug g ab le This chapter includes one section: Connect with NETGEAR SFP AGM731F...
Page 716: Connect With Netgear Sfp Agm731F
Connect with NETGEAR SFP AGM731F Cisco provides a way to support third-party small form-factor pluggables (SFPs). For example, you can get the NETGEAR SFP AGM731F to work between a Cisco switch and a NETGEAR switch. Before connecting the NETGEAR switch to the Cisco switch, configure the following command on the Cisco switch.
Page 717: Index
Index class, DiffServ Numerics classic STP 10G fiber connection, switch stacks client access, captive portal 6in4 tunnels color conform policies, DiffServ 6to4 tunnels command accounting 802.1d (classic STP) command authorization 802.1s (MSTP) compatibility, switch stack firmware 802.1w (RSTP) compatible mode, MVR 802.1x (port security) configuration files, switch stacks configuration scripting...
Page 718 Managed Switches Dual Control Plane Detection Protocol (DCPDP) iSCSI initiators and targets dual images isolated ports DVLANs (double VLANs) isolated VLANs DVMRP (Distance Vector Multicast Routing Protocol) Dynamic ARP inspection (DAI) dynamic mode LAGs (link aggregation groups) DHCP server levels of severity, syslog limits, dynamic and static MAC addresses dynamic port locking locking ports...
Page 719 Managed Switches Per VLAN (Rapid) Spanning Tree Protocol (PV(R)STP) sampling, sFlow PIM (Protocol Independent Multicast) SCCP (Skinny Call Control Protocol) policy based routing (PBR) scheduler mode, strict priority policy server, MAB scripting, configuration policy, DiffServ security, ports port analyzer service, DiffServ port mirroring Session Initiation Protocol (SIP) port routing...
Page 720 Managed Switches Telnet, outbound time zone, SNTP server WRED (weighted random early discard) traceroute trademarks traffic shaping, CoS traplogs, syslog traps, SNMP trunk ports trust mode global, configuring interface, configuring for trusted ports, CoS tunnels, IPv6 Unidirectional Link Detection (UDLD) untrusted ports, CoS upgrading firmware, switch stacks users, captive portal...

This manual is also suitable for:

Prosafe m6100 series Prosafe m7100 series

NETGEAR ProSAFE M5300 Series Software Administration Manual

Chapter 1 Documentation Resources

Chapter 2 Vlans

Chapter 3 Lags

Chapter 4 Mlags

Chapter 5 Port Routing

Chapter 6 VLAN Routing

Chapter 7 RIP

Chapter 8 OSPF

Chapter 9 BGP

Chapter 10 PBR

Chapter 11 ARP

Chapter 12 VRRP

Chapter 13 Acls

Chapter 14 Cos Queuing

Chapter 15 Diffserv

Chapter 16 IGMP Snooping and Querier

Chapter 17 MVR

Chapter 18 Security Management

Quick Links

Related Manuals for NETGEAR ProSAFE M5300 Series

Summary of Contents for NETGEAR ProSAFE M5300 Series