NETGEAR 7000 Series manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of NETGEAR 7000 Series, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of NETGEAR 7000 Series one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of NETGEAR 7000 Series. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of NETGEAR 7000 Series should contain:
- informations concerning technical data of NETGEAR 7000 Series
- name of the manufacturer and a year of construction of the NETGEAR 7000 Series item
- rules of operation, control and maintenance of the NETGEAR 7000 Series item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of NETGEAR 7000 Series alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of NETGEAR 7000 Series, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the NETGEAR service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of NETGEAR 7000 Series.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the NETGEAR 7000 Series item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    202-10238-02 May 2008 NETGEAR , Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA NETGEAR 7000 Series Managed Switch Administration Guide Ve r s i o n 7 . 2[...]

  • Page 2

    ii v1.0, May 2008 © 2008 by NETGEAR, Inc. All rights reserved. T rademarks NETGEAR and Auto Uplink are trademarks or regis ter ed trademarks of NETGEAR , Inc. . Microsoft, W indows, and W indow s NT are registered trademar ks of Microsoft Corporation. Other brand and product names are registered trademarks or trad emarks of their respective holder[...]

  • Page 3

    v1.0, May 2008 iii • This device may not cause harmful interference, and • This device must accept any inte rference received, including interferen ce that may caus e undesired operation. FCC Requirement s for Operation in the United St ates Radio Frequency In terfe rence Warnings & Instructions This equipment has been tested and f ound to [...]

  • Page 4

    v1.0, May 20 08 iv Product and Publication Det ails Model Number: 7xxx Publication Date: May 2008 Product Family: Managed Switch Product Name: 7000 Series Managed Switch Home or Business Prod uc t: Business Language: Engl ish Publication Part Number: 202-10238-02 Publication V ersion Number: 1.0[...]

  • Page 5

    v v1.0, May 2008 Content s NETGEAR 7000 Series Managed Switch Ad ministration Guide V ersion 7.2 About This Manual Conventions, Formats and Scope ............................ ............. ................. ................ ......... xv How to Use This Manual ................. ................ ............. ................ ................ .......[...]

  • Page 6

    vi v1.0, May 2008 Setting Up the Switch IP Address .... ... ... ... .... ............ ............. ................. ............ ............ 3-2 Assigning Switch Name and Location Informat ion .......... ................ ............. ................ .. 3-3 Saving the Configuration ................. ................ ................ ...........[...]

  • Page 7

    vii v1.0, May 2008 VLAN Routing RIP Configuration .............. ... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ............. .. 7-7 CLI Example ...... ............. ................. ............ ................. ............. ................ ........ 7-8 VLAN Routing OSPF Configuration .......... ... ...... ................. ...[...]

  • Page 8

    viii v1.0, May 2008 Example #2: Configure a One-Way Access Using a TCP Flag in an ACL .......... ..... 9-4 CLI Commands .. ................. ............. ................ ................ ............. ................ ..... 9-5 Web Interface Procedure ....... ... ... .... ... ... ... ............. ... .... ... ... ... .... ... ... ... ... .......[...]

  • Page 9

    ix v1.0, May 2008 Chapter 12 IGMP Snooping Overview ............. ................ ................ ................ ................ ................ ................ ......... .1 2 - 1 CLI Examples . ............. ................ ............. ................ ................. ............. ................ ...... 12- 1 Example #1: Enable IGMP [...]

  • Page 10

    x v1.0, May 2008 Example #4: session-limit and session-timeout ........ ................ ................ ............. 16-3 Chapter 17 Port Mirroring Overview ............. ................ ................ ................ ................ ................ ................ ......... .1 7 - 1 CLI Examples . ............. ................ .........[...]

  • Page 11

    xi v1.0, May 2008 Switch S tack Cabling (FSM73xxS) ............ ... ............. ............. ................ ............. ... 20-4 S tack Master Election and Re-Election ..... ...... ................ ............. ................ .......... 20-5 S tack Member Numbers .. ................ ............. ................ ............. ...........[...]

  • Page 12

    xii v1.0, May 2008 Chapter 22 IGMP Querier CLI Examples . ............. ................ ............. ................ ................. ............. ................ ...... 22- 2 Example #1: Enable IGMP Querier . .......... ... ............. ................ ............. ............. ... 22-2 Example #2: Show IGMP Querier St at us .. .........[...]

  • Page 13

    xiii v1.0, May 2008 Example .............. ................ ................ ................ ................ ................ ................ ......... .2 6 - 1 Example 1#: Enable 802.1x Authentication on One Port in a VLAN ... ... ... ... .... ... ... 26-1 CLI Commands .. ................. ............. ................ ............. ..........[...]

  • Page 14

    xiv v1.0, May 2008[...]

  • Page 15

    xv v1.0, May 2008 About This Manual The NETGEAR 7000 Series Managed Switch Ad ministrat ion Guide V ersion 7.2 describes how to install, configure and trou bleshoot the 7000 Se ries Managed Switch. The informa tion in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Format s and Scope The conventions,[...]

  • Page 16

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 xvi v1.0, May 2008 • Scope. This manual is written for the 7000 Series Managed Switch according to these specifications: . How to Use This Manual The HTML version of this manual, if provided, includ es the following: • Buttons, and , for browsing forwards or backwards through [...]

  • Page 17

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 xvii v1.0, May 2008 • Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing o pens in a browser window . • Click the print icon in the upper left of your browser window . – Printing a [...]

  • Page 18

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 xviii v1.0, May 2008[...]

  • Page 19

    1-1 v1.0, May 2008 Chapter 1 Introduction This document provid es an understanding of th e CLI and W eb configuratio n options for software Release 7.2 features. Document Organization This document provides exa mples of the use of the switch software in a typical network. It describes the use and advantages of specific f unctions provided by the 70[...]

  • Page 20

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 1-2 Introduction v1.0, May 2008 – Class of Service (CoS) – Differentiated Services • Multicast – IGMP Snooping • Security – Denial of Service – Port Security • Operating System – Dual Configuration •T o o l s –A l a r m M a n a g e r – T raceroute – Confi[...]

  • Page 21

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Introduction 1-3 v1.0, May 2008 CLI Document ation The Command Line Refer ence provides information about the CLI commands used to configure the switch and the sta ck . The do cument provides CLI descriptions, syntax, and default values. Refer to the Command Line Refer ence for in[...]

  • Page 22

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 1-4 Introduction v1.0, May 2008[...]

  • Page 23

    2-5 v1.0, May 2008 Chapter 2 Getting S tarted Connect a terminal to the sw itch to begin configuration. In-band and Out-of-band Connectivity Ask the system administrator to determine whet her you will configure the switch for in-band or out-of-band connec tivity . Configuring for In -band Connectivity In-band connectivity allows you to access the s[...]

  • Page 24

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 2-6 Getting Started v1.0, May 2008 gateway IP address of the default r outer , if the switch is a node outside the IP range of the LAN MAC Address MAC address of the switch When you connect the switch to the network for th e first time after setting up the BootP or DHCP server , i[...]

  • Page 25

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Getting Started 2-7 v1.0, May 2008 6. Set the IP address, subnet mask, and gate way address by issue the following command: config network parms ipaddress netmask g ateway 7. T o enable these changes to be retained during a reset of the switch, type Ctrl-Z to return to the main pr[...]

  • Page 26

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 2-8 Getting Started v1.0, May 2008 d. Set the flow control to none. e. Select the proper mode under Properti es . f. Select T erminal keys. 3. Connect the female connec tor of the RS-232 cr ossover cable directly to the switch console port, and tighten the captive retaining screws[...]

  • Page 27

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Getting Started 2-9 v1.0, May 2008 • The console co nnection was establish ed and the console prompt appears on the screen of a VT100 terminal or terminal equivalent. The initial switch configuratio n is performed through the c onsole port. After the initial configuration, you c[...]

  • Page 28

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 2-10 Getting Started v1.0, May 2008 Sof tware Installation This section contains procedures to help you b ecome acquainted quickly with the switch software. Before installing switch software, you should verify that the switch operates with the most recent firmware. Quick S t artin[...]

  • Page 29

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Getting Started 2-11 v1.0, May 2008 • Uploading from Network ing Device to Out-of-Band PC (Only XMODEM) • Downloading from Out-of-Ban d PC to Networking Device ( Only XMODEM) • Downloading from TFTP Server • Restoring factory defaults If you configure any network parameter[...]

  • Page 30

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 2-12 Getting Started v1.0, May 2008 copy system:run- ning-config nvram:startup- config Privileged EXEC Saves passwords and all other changes to the device. If you do not save the configurat ion, all changes are lost when you power down or reset the networking device. In a stackin [...]

  • Page 31

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Getting Started 2-13 v1.0, May 2008 copy nvram:error- log <tftp:// <ipaddress>/ <filepath>/<file- name>> Privileged EXEC Starts the error log upload, displays the mode and typ e of upload and confirms th e upload i s progressing. The URL must be specified a[...]

  • Page 32

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 2-14 Getting Started v1.0, May 2008 copy <tftp:// <ipaddress>/ <filepath>/<file- name>> sys- tem:image Privileged EXEC Sets the destination (downlo ad) datatype to be an image. The URL must be specified as: tftp://<ipaddress>/<filepath>/<fi l[...]

  • Page 33

    3-1 v1.0, May 2008 Chapter 3 Using Ezconfig for Switch Setup Ezconfig is an interactive utility that provides a si mplified procedure for setting up the following switch parameters: • Switch management IP add r ess • Switch admin user pa sswo rd • Switch name and location Ezconfig can be entered either in Global Conf ig mo de (#) or in Displa[...]

  • Page 34

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 3-2 Using Ezconfig for Switch Setup v1.0, May 2008 Changing the Password The first question it will ask is whet her you wish to change the admin passw ord. For security reasons, you should change the password by typing Y . If you have already set the password and do not wish to ch[...]

  • Page 35

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Using Ezconfig for Switch Setup 3-3 v1.0, May 2008 If an IP address is already assigned, and you do not wish to change the IP address again, simply type N. Assigning Switch Name and Location Information Ezconfig will proceed to the next step in the setup: Saving the Configuration [...]

  • Page 36

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 3-4 Using Ezconfig for Switch Setup v1.0, May 2008 If during the session, the switch loses its po wer , the setup informat ion will be lost if Ezconfig does not have the chance to save th e changes before power-down.[...]

  • Page 37

    4-1 v1.0, May 2008 Chapter 4 Using the W eb Interface This chapter is a brief introduction to the web in terface; for example, it ex plains how to access the W eb-based management panels to con figure and m anage the system. Y ou can manage your switch through a W eb brow ser and Internet connection. This is referred to as W eb-based managem ent. T[...]

  • Page 38

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 4-2 Using the Web Interf ace v1.0, May 2008 2. Enable W eb mode: a. At the CLI prompt, enter the show network command. b. Set Web Mode to Enabled. S t arting the Web Interface Follow these steps to start the switch W eb interface: 1. Enter the IP address of the switch in the W eb [...]

  • Page 39

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Using the Web Interfa ce 4-3 v1.0, May 2008 The switch can accommodate two types of u sers: administrative use rs and guests. An administrative user may configur e the switch for network application, but a guest may not. The guest may only view the settings an d status of the netw[...]

  • Page 40

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 4-4 Using the Web Interf ace v1.0, May 2008 The new PCC web interface has the follo wing four new significant features: 1. A layout change: The new layout or ganizes the navigation pane into two rows of tags, as shown in the following screen: • Main T a gs The PCC provides th e [...]

  • Page 41

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Using the Web Interfa ce 4-5 v1.0, May 2008 –I n d e x This tag contains the site index that allows direct access to any of the pages under the main tags and sub tags. • Sub T ags The sub tag content changes depending on the selected main tag. In turn, each sub tag provides fu[...]

  • Page 42

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 4-6 Using the Web Interf ace v1.0, May 2008 Configuring an SNMP V3 User Profile Configuring an SNMP V3 user profile is a part o f user configuration. Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, additional steps are needed. U[...]

  • Page 43

    5-1 v1.0, May 2008 Chapter 5 V irtual LANs Adding V irtual LAN (VLAN) support to a Layer 2 switch offers some of the bene fits of both bridging and routing . Like a bridge, a VLAN switch forwards traffic based on the Layer 2 head er , which is fast, and like a router , it partitions the network into lo gical segments, which prov ides better adminis[...]

  • Page 44

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 5-2 Virtual LANs v1.0, May 2008 VLAN Configuration Example The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. port 1/0/2 handles traf fic for both VLANs, while port 1/0/1 is a member of VLAN 2 only , and ports 1/0/3 and 1/0/4[...]

  • Page 45

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Virtual LANs 5-3 v1.0, May 2008 Example #2: Assign Port s to VLAN2 This sequence shows how to assign ports to VLAN2, specify that frames w ill always be transmitted tagged from all member ports, and that untagged frames will be rejected on receipt. Example #3: Assign Port s to VLA[...]

  • Page 46

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 5-4 Virtual LANs v1.0, May 2008 Graphical User Interface Use the following screens to pe rform the same configuration usin g the Graphical User Interface: • Switching --> VLAN- -> Configuration . T o create the VLANs and specify port participation. • Switching --> VLA[...]

  • Page 47

    6-1 v1.0, May 2008 Chapter 6 Link Aggregation This section includes instruc tions on configuring Link Aggregation u sing the Command Line Interface and the Graphical User Interface. Link Aggregation (LAG) allows the switch to treat multiple physical l inks between two end-points as a single logical link. All of the physical links in a given LAG mus[...]

  • Page 48

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 6-2 Link Aggr egation v1.0, May 2008 Figure 6-1 shows the example network. Example #1: Create two LAGS Use the show port-c hannel all command to show the logical interface ids you will use to identify the LAGs in subsequent c ommands. Assume that lag_10 is assigned id 1/1/1 and la[...]

  • Page 49

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Link Aggregatio n 6-3 v1.0, May 2008 Example #2: Add the port s to the LAGs Example #3: Enable both LAGs By default, the system en ables link trap notification At this point, the LAGs could be added to VLANs. (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgea[...]

  • Page 50

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 6-4 Link Aggr egation v1.0, May 2008[...]

  • Page 51

    7-1 v1.0, May 2008 Chapter 7 IP Routing Services IP routing services are divided into five areas : • Port Routing • VLAN Routing • Routing Information Protocol (RIP) • Open Shortest Path First (OSPF) Protocol • Proxy Address Resolut ion Protocol (ARP) Port Routing The first networks were small en ough for the end stations to co mmunicate [...]

  • Page 52

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-2 IP Routing Services v1.0, May 2008 Port Routing Configuration The 7000 Series M anaged Switch always supp orts Layer 2 bridging, but Layer 3 routing must be explicitly enabled, first for the 7000 Series Managed Switch as a wh ole, and then for each port which is to participate[...]

  • Page 53

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 IP Routing Services 7-3 v1.0, May 2008 CLI Examples This diagram shows a Layer 3 switch configured fo r port routing. It co nnects three different subnets, each connected to a diff erent port. Th e script shows the comm ands you would use to configure a 7000 Series Managed Switch [...]

  • Page 54

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-4 IP Routing Services v1.0, May 2008 Example #2: Enabling Routing for Port s on the Switch Use the following commands to enable routing for ports on th e switch. The de fault link-level encapsulation format is Ethernet. Configure the IP addresses and subnet masks for the ports. [...]

  • Page 55

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 IP Routing Services 7-5 v1.0, May 2008 The next section will show you how to config ure the 7000 Series Managed Switch to support VLAN routing and how to use RIP and OSPF . A port may be either a VLAN port or a router port, but not both. However , a VLAN port may be pa rt of a VLA[...]

  • Page 56

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-6 IP Routing Services v1.0, May 2008 Example #1: Create T wo VLANs The following code sequence show s an example of creating two VL ANs with egress frame tagging enabled. Example #2: Set Up VLAN Routing for the VLANs and the Switch. The following code sequence shows ho w to enab[...]

  • Page 57

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 IP Routing Services 7-7 v1.0, May 2008 The next sequence shows an e xample of config uring the IP addresses and subnet masks for the virtual router ports. VLAN Routing RIP Configuration Routing Information Prot ocol (RIP) is one of the pro tocols which may be used by routers to ex[...]

  • Page 58

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-8 IP Routing Services v1.0, May 2008 CLI Example This example adds support for RIPv2 to the co nfiguration created in the base VLAN routing example. A second router , using port routing rath er than VLAN routing, has been added to the network. Figure 7-3[...]

  • Page 59

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 IP Routing Services 7-9 v1.0, May 2008 Example of configuring VLAN Rou ting with RIP support on a 7000 Series Managed Switch (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10 (Netgear Switch) (Vlan)#[...]

  • Page 60

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-10 IP Routing Services v1.0, May 2008 VLAN Routing OSPF Configuration For larger networks Open Shortest Path First (OSP F) is generally used in preference to RIP . OSPF offers several benefits to the administrator of a large and/or complex network: • Less network traffic: – [...]

  • Page 61

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 IP Routing Services 7-11 v1.0, May 2008 Example of configuring OSPF on a 7000 Series Managed Switch acting as an inter-area router : (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10 (Netgear Switch)[...]

  • Page 62

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-12 IP Routing Services v1.0, May 2008 Routing Information Protocol Routing Information Prot ocol (RIP) is one of the pro tocols which may be used by routers to exchange network topology informa tion. It is characterized as an “interior” ga teway protocol, and is typically us[...]

  • Page 63

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 IP Routing Services 7-13 v1.0, May 2008 • T o prevent any RIP packets from being transmitted CLI Examples The configuratio n commands used in the follo wing example enable RIP o n ports 1/0/2 and 1/0/3 as shown in the network illustrated in Figure 7-4 Example #1: Enable Routing [...]

  • Page 64

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-14 IP Routing Services v1.0, May 2008 Example #2: Enable Routing for Port s The following command sequence en ables routing and assigns IP addresses for ports 1/0/2 and 1/ 0/3. Example #3: Enable RIP for the Switch The next sequence enables RIP for the switch. the route preferen[...]

  • Page 65

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 IP Routing Services 7-15 v1.0, May 2008 Example #4: Enable RIP for port s 1/0/2 and 1/0/3 This command sequence en ables RIP for ports 1/0/2 and 1/0/3. Au thentication defaults to none, and no default route entry is created. The commands specify that both ports receive both RIPv1 [...]

  • Page 66

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-16 IP Routing Services v1.0, May 2008 • Intra-area • Inter-area • External type 1: the route is external to the AS • External T ype 2: the route was learned from other protocol s such as RIP CLI Examples The examples in this section show you how to co nfigure a 7000 Seri[...]

  • Page 67

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 IP Routing Services 7-17 v1.0, May 2008 Example #1: Configuring an Inter-Are a Router Enable Routing for the Switch. The following command sequence enables ip routing for the switch. Assign IP Addresses for Ports. The following sequence enables routing and assigns IP addresses for[...]

  • Page 68

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-18 IP Routing Services v1.0, May 2008 Specify Router ID and Enable OSPF for the Switch. The following sequence specifies the router ID and enables OSPF for the switch. Set disable1583 compatibility to prevent the routing loop. Enable and Configure OSPF for the Ports. The followi[...]

  • Page 69

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 IP Routing Services 7-19 v1.0, May 2008 Example #2: Configuring OSPF on a Border Router Figure 7-6[...]

  • Page 70

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-20 IP Routing Services v1.0, May 2008 The following example configures OSPF on a 7000 Series Mana ged Switch operating as a border router: Enable routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Enable routing & assign IP for ports 1/0/2,[...]

  • Page 71

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 IP Routing Services 7-21 v1.0, May 2008 Proxy Address Resoluti on Protocol (ARP) This section describes the Proxy Address Resolution Protocol (ARP) feature. Overview • Proxy ARP allows a router to answer ARP requests where the target IP address is not the router itself but a des[...]

  • Page 72

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 7-22 IP Routing Services v1.0, May 2008 CLI Examples The following are examples of the comm ands used in the proxy ARP feature. Example #1: show ip interface Example #2: ip proxy-arp (Netgear Switch) #show ip interface ? <slot/port> Enter an in terface in slot/port format. b[...]

  • Page 73

    8-1 v1.0, May 2008 Chapter 8 V i rtual Router Redundancy Protocol When an end station is statically configured w ith the address of the router that will handle its routed traf fic, a single point of failure is intro duced into the network. If the router goes down, the end station is unable to communicate. Since sta tic configuration is a co nvenien[...]

  • Page 74

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 8-2 Virtual Router Redun dan cy Protocol v1.0, May 2008 CLI Examples This example shows how to configure the 7000 Series Manag ed Switch to support V RRP . Router 1 will be the default master router for the virtual route, and Router 2 will be the backup router . Figure 8-1[...]

  • Page 75

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Virtual Router Redunda ncy Pr otocol 8-3 v1.0, May 2008 Example #1: Configure VR RP on a Master Router The following is an examp le of configurin g VRRP on a 7000 Series Managed Switch acting as the master router: Enable routing for the switch. IP forwardi ng will then be enabled [...]

  • Page 76

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 8-4 Virtual Router Redun dan cy Protocol v1.0, May 2008 Example #2: Configure VR RP on a Backup Router The following is an examp le of configurin g VRRP on a 7000 Series Managed Switch acting as the backup route r: Enable routing for the switch. IP forwardi ng will then be enabled[...]

  • Page 77

    9-1 v1.0, May 2008 Chapter 9 Access Control List s (ACLs) This section describes the Access Control Lists (ACLs) feat ure . Overview Access Control Lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a firewall router or in a router connecting two internal network s. Wh en you configure ACLs, yo u can selectively admit [...]

  • Page 78

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-2 Access Control Lists (ACLs) v1.0, May 2008 • Destination MAC address with mask • VLAN ID (or range of IDs) • Class of Service (CoS) (802.1p) • Ethertype • L2 ACLs can apply to one or mo re interfaces • Multiple access lists can be a pplied to a single interface - s[...]

  • Page 79

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-3 v1.0, May 2008 Process T o configure ACLs, follow these steps: • Create an ACL by specifying a name (MAC ACL) or a number (IP ACL) • Add new rules to the ACL • Configure the match criteria for the rules • Apply the ACL to one or more interf[...]

  • Page 80

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-4 Access Control Lists (ACLs) v1.0, May 2008 Example #2: Configure a One-W ay Access Using a TCP Flag in an ACL This example shows how to set up one-way web access using a TCP flag in an ACL. PC1 can access FTP server1 and FTP serve r2 but PC2 only access FTP server2. Create ACL[...]

  • Page 81

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-5 v1.0, May 2008 The example is shown as CLI commands and as a W eb interface procedure. CLI Commands T o use the CLI to configure the GSM724 8R, enter the following CLI commands: Step 1: Configure the GSM7248R (see Figure 9-2 ) Create VLAN 30 with p[...]

  • Page 82

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-6 Access Control Lists (ACLs) v1.0, May 2008 Create VLAN 200 with port 0/44 and a ssign IP address 192.168.200.1/2 4 . (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#vlan routing 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) #configu[...]

  • Page 83

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-7 v1.0, May 2008 T o use the CLI to Configure the GSM735 2S, enter the following CLI commands: Step 2: Configure the GSM7352S (see Figure 9 -2 ) Create VLAN 40 with port 1/0/24 and assign IP address 192.168.40.1/2 4 . (Netgear Switch) #vlan database [...]

  • Page 84

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-8 Access Control Lists (ACLs) v1.0, May 2008 Web Interfac e Procedure T o use the W eb interface to configur e the GSM7248R, proceed as follows: 1. Create VLAN 30 with IP address 192.168. 30.1/24: a. From the main menu, select Routing > VL AN > VLAN Routing W izard. A scre[...]

  • Page 85

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-9 v1.0, May 2008 2. Create VLAN 100 with IP address 192.168.100.1/24: a. From the main menu, select Routing > VL AN > VLAN Routing W izard. A screen similar to the following displays. b. Enter the following informatio n in the VLAN Routing W iz[...]

  • Page 86

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-10 Access Control Lists (ACLs ) v1.0, May 2008 3. Create VLAN 200 with IP address 192.168.200.1/24: a. From the main menu, select Routing > VL AN > VLAN Routing W izard. A screen similar to the following displays. b. Enter the following informatio n in the VLAN Routing W i[...]

  • Page 87

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-11 v1.0, May 2008 4. Enable IP Routing: a. From the main menu, select Ro uting > IP > Basic > IP Configuration. A scr een similar to the following displays. b. Under IP Configuration, ma ke the following selections: • Next to Routing Mode,[...]

  • Page 88

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-12 Access Control Lists (ACLs ) v1.0, May 2008 b. Under Configure Routes, make the following selection and enter the following information: • Select St a t i c from the Route T y pe pulldown menu . • In the Network Address field, enter 192.168.40.0 . • In the Subnet Mask f[...]

  • Page 89

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-13 v1.0, May 2008 7. Create an ACL with ID 101: a. From the main menu, select Security > ACL > Ad vanced > IP ACL. A screen similar to the following displays. b. In the IP ACL ID field of the IP ACL T able, enter 101 . c. Click Add . 8. Crea[...]

  • Page 90

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-14 Access Control Lists (ACLs ) v1.0, May 2008 9. Add and configure an IP extended rule that is associated with ACL 101: a. From the main menu, select Se curity > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. b. Under IP Extended Rules,[...]

  • Page 91

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-15 v1.0, May 2008 d. Under Extended ACL Rule Config uration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1 . • Next to Action mode, select the Deny rad io but ton. • Select False fr[...]

  • Page 92

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-16 Access Control Lists (ACLs ) v1.0, May 2008 d. Under Extended ACL Rule Config uration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1 . • Next to Action mode, select the Permit rad i o but ton. • Select False[...]

  • Page 93

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-17 v1.0, May 2008 11 . Apply ACL 101 to port 4 4: a. From the main menu, select Security > ACL > Advanced > IP Binding Configura tion. A screen similar to the following displays. b. Under Binding Configurat io n, make the fo llowing selectio[...]

  • Page 94

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-18 Access Control Lists (ACLs ) v1.0, May 2008 12. Apply ACL 102 to po rt 44: a. From the main menu, select Security > ACL > Advanced > IP Binding Configura tion. A screen similar to the following displays. b. Under Binding Configurat io n, make the fo llowing selection[...]

  • Page 95

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-19 v1.0, May 2008 T o use the W eb interface to config ure the GSM7352S, proceed as follows: 1. Create VLAN 40 with IP address 192.168. 40.1/24: a. From the main menu, select Routing > VL AN > VLAN Routing W izard. A screen similar to the follo[...]

  • Page 96

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-20 Access Control Lists (ACLs ) v1.0, May 2008 2. Create VLAN 50 with IP address 192.168. 50.1/24: a. From the main menu, select Routing > VL AN > VLAN Routing W izard. A screen similar to the following displays. b. Enter the following informatio n in the VLAN Routing W iz[...]

  • Page 97

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-21 v1.0, May 2008 3. Create VLAN 200 with IP address 192.168.200.2/24: a. From the main menu, select Routing > VL AN > VLAN Routing W izard. A screen similar to the following displays. b. Enter the following informatio n in the VLAN Routing W i[...]

  • Page 98

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-22 Access Control Lists (ACLs ) v1.0, May 2008 4. Create a static route with IP address 192.168.100.0/2 4: a. From the main menu, select Routing > Routing T able > Bas i c > Rou te Configuration. A screen similar to the following displays. b. Under Configure Routes, mak[...]

  • Page 99

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-23 v1.0, May 2008 5. Create a static route with IP address 192.168.30.0/24: a. From the main menu, select Routing > Routing T able > Bas i c > Rou te Configuration. A screen similar to the following displays. b. Under Configure Routes, make [...]

  • Page 100

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-24 Access Control Lists (ACLs ) v1.0, May 2008 The example is shown as CLI commands and as a W eb interface procedure. CLI Commands T o use the CLI to isolate VLANs on a Layer 3 switch by using ACLs, enter the following CLI commands: Figure 9-22 Create VLAN 24, add po rt 1/0/24 [...]

  • Page 101

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-25 v1.0, May 2008 Create VLAN 48, add po rt 1/0/48 to it, and assign IP address 192.168.48.1 to it . (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 48 (Netgear Switch) (Vlan)#vlan routing 48 (Netgear Switch) (Vlan)#exit (Netgear Switch)[...]

  • Page 102

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-26 Access Control Lists (ACLs ) v1.0, May 2008 Web Interfac e Procedure T o use the W eb interface to isolate VLANs on a Laye r 3 switch by using ACLs, pr oceed as follows: 1. Create VLAN 24 with IP address 192.168. 24.1: a. From the main menu, select Routing > VL AN > VLA[...]

  • Page 103

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-27 v1.0, May 2008 b. Enter the following informatio n in the VLAN Routing W izard: • In the Vlan ID field, enter 24 . • In the IP Address field, enter 192.168.24.1 . • In the Network Mask field, enter 255.255.255 .0 . c. Click Unit 1 . The port[...]

  • Page 104

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-28 Access Control Lists (ACLs ) v1.0, May 2008 e. Click Apply to save VLAN 48. 3. Create VLAN 38 with IP address 10.100.5.34: a. From the main menu, select Routing > VL AN > VLAN Routing W izard. A screen similar to the following displays. b. Enter the following informatio[...]

  • Page 105

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-29 v1.0, May 2008 b. Under IP Configuration, ma ke the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. c. Click Apply to enable IP Routing. 5. Create an A[...]

  • Page 106

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-30 Access Control Lists (ACLs ) v1.0, May 2008 6. Create an ACL with ID 102: a. From the main menu, select Security > ACL > Ad vanced > IP ACL. A screen similar to the following displays. b. In the IP ACL ID field of the IP ACL T able, enter 102 . c. Click Add . 7. Crea[...]

  • Page 107

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-31 v1.0, May 2008 b. In the IP ACL ID field of the IP ACL T able, enter 103 . c. Click Add . 8. Add and configure an IP extended rule that is associated with ACL 101: a. From the main menu, select Se curity > ACL > Advanced > IP Extended Rul[...]

  • Page 108

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-32 Access Control Lists (ACLs ) v1.0, May 2008 d. Under Extended ACL Rule Config uration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1 . • Next to Action mode, select the Deny rad io but ton. • Select False fr[...]

  • Page 109

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-33 v1.0, May 2008 d. Under Extended ACL Rule Config uration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1 . • Next to Action mode, select the Deny rad io but ton. • Select False fr[...]

  • Page 110

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-34 Access Control Lists (ACLs ) v1.0, May 2008 10. Add and configure an IP extended rule that is associated with ACL 103: a. From the main menu, select Se curity > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. b. Under IP Extended Rules[...]

  • Page 111

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-35 v1.0, May 2008 • Next to Action mode, select the Permit rad i o but ton. • Select False from the Match Every pulld own menu. • Select IP from the Protocol T ype pulldown menu. e. Click Apply to save the settings. 11 . Apply ACL 102 to port 2[...]

  • Page 112

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-36 Access Control Lists (ACLs ) v1.0, May 2008 12. Apply ACL 101 to po rt 48: a. From the main menu, select Security > ACL > Advanced > IP Binding Configura tion. A screen similar to the following displays. b. Under Binding Configurat io n, make the fo llowing selection[...]

  • Page 113

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-37 v1.0, May 2008 13. Apply ACL 103 to port 24 and po rt 48 : a. From the main menu, select Security > ACL > Advanced > IP Binding Configura tion. A screen similar to the following displays. b. Under Binding Configurat io n, make the fo llow[...]

  • Page 114

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-38 Access Control Lists (ACLs ) v1.0, May 2008 MAC ACL CLI Examples The following are examples of the comm ands used for the MAC ACLs feature. Example #1: mac access list (Netgear Switch)(Config)#mac access- list ? extended Configure extended MAC Access List parameters. Netgear [...]

  • Page 115

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-39 v1.0, May 2008 Example #2: permit any (Netgear Switch) (Config-mac access- list)#permit ? <srcmac> Enter a MAC address. any Configure a match condition for all the destination MAC addresses in the Destination MAC Address field. (Netgear Swit[...]

  • Page 116

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-40 Access Control Lists (ACLs ) v1.0, May 2008 Example #3 Configure mac access-group (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#m ac ? access-group Attach MAC Access Li st to Interface. (Netgear Switch) (Interface 1/0/5)#m ac access-group ? <[...]

  • Page 117

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Access Control Lists (ACLs ) 9-41 v1.0, May 2008 Example #4 permit (Netgear Switch) (Config)#mac access -list extended b2 (Netgear Switch) (Config-mac-access- list)#permit 00:00:00:00:00:00 ? <dstmac> Enter a MAC Address. any Configure a a match condition for al l the destin[...]

  • Page 118

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 9-42 Access Control Lists (ACLs ) v1.0, May 2008 Example #5: show mac access-list s (Netgear Switch) #show mac access-li sts Current number of all ACLs: 2 Max imum number of all ACLs: 100 MAC ACL Name Rules Interface( s) Direction ------------ ----- ----------- - --------- b1 1 1/[...]

  • Page 119

    10-1 v1.0, May 2008 Chapter 10 Class of Service (CoS) Queuing This section describes the Class of Service (C oS) Queue Mapping and T raffic Shaping features. Overview Each port has one or more queues for packet transmission. During configuration, you can determine the mapping and conf iguration of these queues. Based on service rate and other crite[...]

  • Page 120

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 10-2 Class of Service (CoS) Queuing v1.0, May 2008 – IP Precedence – IP Dif fServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header . Y ou configure this by mapping the 80 2.1p priorities to one of three traffic class q[...]

  • Page 121

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Class of Service (CoS) Queuing 10-3 v1.0, May 2008 – T ail drop vs. WRED Drop Precedence Conf iguration (per Queue) •W R E D p a r a m e t e r s – Minimum threshold – Maximum threshold – Drop probability – Scale factor • T ail Drop parameters – Threshold Per-Interf[...]

  • Page 122

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 10-4 Class of Service (CoS) Queuing v1.0, May 2008 Example #1: show classofservice trust Example #2: set clas sofservice trust mode (Netgear Switch) #show classofservic e trust ? <cr> Press Enter to execute the command. (Netgear Switch) #show classofservic e trust Class of S[...]

  • Page 123

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Class of Service (CoS) Queuing 10-5 v1.0, May 2008 Example #3: show classofser vice ip-precedence mapping Example #4: Config Co s-queue Min-bandwid th and Strict Priority Scheduler Mode (Netgear Switch) #show classofservic e ip-precedence-mapping IP Precedence Traffic Class ------[...]

  • Page 124

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 10-6 Class of Service (CoS) Queuing v1.0, May 2008 Example #5: Set CoS T rus t Mode of an Interface T raffic Shaping This section describes the T raffic Shaping feature. T raffic shaping controls the amou nt and volume of traf fic transmitted through a network. This has the ef fec[...]

  • Page 125

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Class of Service (CoS) Queuing 10-7 v1.0, May 2008 Example #1 traffic-shape (Netgear Switch) (Config)#traffic-sh ape ? <bw> Enter the s haping bandwidth percentage from 0 to 100 in incremen ts of 5. (Netgear Switch) (Config)#traffic-sh ape 70 ? <cr> Press Enter to exec[...]

  • Page 126

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 10-8 Class of Service (CoS) Queuing v1.0, May 2008[...]

  • Page 127

    11-1 v1.0, May 2008 Chapter 1 1 Differentiated Services Differentiated Services ( DiffServ) is one technique for implementing Qu ality of Service (QoS) policies. Using DiffServ in your network allows you to direct ly co nfigure the relevant parameters on the switches and routers ra ther than using a re source reservation protocol.This section expla[...]

  • Page 128

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 11-2 Differentiated Services v1.0, May 2008 – Marking the packet with a given DSCP code point, IP precedence, or CoS – Policing packets by dropping or re -marking th ose that exceed the class’ s assigned data rate – Counting the traffic within the class • Service. Assign[...]

  • Page 129

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Differentiated Services 11-3 v1.0, May 2008 The following examp le configures Dif fServ on a 7000 Series Managed Switch: Ensure DiffServ operation is enabled for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#diffserv Create a DiffServ class of type “all” for e[...]

  • Page 130

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 11-4 Differentiated Services v1.0, May 2008 DiffServ for V oIP Configuration Example One of the most valuable uses of Dif fServ is to support V oice over IP (V oIP). V oIP traffic is inherently time-sensitive: for a ne twork to provide acceptable servic e, a guaranteed transmissio[...]

  • Page 131

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Differentiated Services 11-5 v1.0, May 2008 a class for UDP traffic, have that traf fic marked on the inbound side, and then expedite the traffic on the outbound side. The config uration script is for Router 1 in the acco mpanying diagram: a similar script should be applied to Rou[...]

  • Page 132

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 11-6 Differentiated Services v1.0, May 2008 The following example config ures Dif fServ V oIP support: Enter Global Config mode. Set queue 5 on all ports to use strict priority mode. This queue shall be used for all VoIP packets. Activate DiffServ for the switch. (Netgear Switch) [...]

  • Page 133

    12-1 v1.0, May 2008 Chapter 12 IGMP Snooping This section describes the Internet Group Mana gement Prot ocol (IGMP) feature: IGMPv3 and IGMP Snooping. Overview IGMP: • Uses V ersion 3 of IGMP • Includes snoopin g • Snooping can be enab led per VLAN CLI Examples The following are examples of the commands used in the IGMP Snooping feature. Exam[...]

  • Page 134

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 12-2 IGMP Snooping v1.0, May 2008 Example #2: show igmp snooping Example #3: show mac-ad dress-t able igmp snooping (Netgear Switch) #show igmpsnoop ing? <cr> Press Enter to execute the co mmand. <slot/port> Enter interface in sl ot/port format. mrouter Display IGMP Sn[...]

  • Page 135

    13-1 v1.0, May 2008 Chapter 13 Port Security This section describes the Port Security feature. Overview Port Security: • Allows for limiting the number of MAC addresses on a given port • Packets that have a matching MAC address (secure packets) are forwarde d; all other pa ckets (unsecure packets) are restricted • Enabled on a per port basis [...]

  • Page 136

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 13-2 Port Security v1.0, May 2008 Operation Port Security: • Helps secure network by preventing u nknown devices from forwarding packets • When link goes down, all dynamica lly locked addresses are ‘freed’ • If a specific MAC address is to be set for a port , set the dyn[...]

  • Page 137

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Port Security 13-3 v1.0, May 2008 CLI Examples The following are examples of the commands used in the Port Security feature. Example #1: show port security Example #2: show port securi ty on a specific interface Example #3: (Config) port security (Netgear Switch) #show port-securi[...]

  • Page 138

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 13-4 Port Security v1.0, May 2008[...]

  • Page 139

    14-1 v1.0, May 2008 Chapter 14 T raceroute This section describes the T raceroute feature. Use T raceroute to discover the routes that packets take when traveli ng on a hop-by -hop basis to their destination through the network. • Maps network routes by sending packets with small T ime-to-Live (TTL) values and watches the ICMP time-ou t announcem[...]

  • Page 140

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 14-2 Traceroute v1.0, May 2008 CLI Example The following shows an example of using the traceroute command to determi ne how many hops there are to the des tination. Th e command output shows each IP ad dress the packet passes through and how long it takes to get there. In this exa[...]

  • Page 141

    15-1 v1.0, May 2008 Chapter 15 Configuration Scripting This section describes the Conf iguration Scripting feature. Overview Configuration Scripting: • Allows you to generate text-formatted files • Provides scrip ts tha t can be uplo aded and download ed to the system • Provides flexibility to create command configuration scripts • May be a[...]

  • Page 142

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 15-2 Configuration Scripting v1.0, May 2008 Example #1: script Example #2: script list and script delete Example #3: script apply running-config.scr (Netgear Switch) #script ? apply Applies configuration script to the swit ch. delete Deletes a confi guration script file from the s[...]

  • Page 143

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Configuration Scripting 15-3 v1.0, May 2008 Example #4: Creating a Configuration Script Example #5: Upload a Configuration Script (Netgear Switch) #show running-confi g running-config.scr Config script created successfully. (Netgear Switch) #script list Configuration Script Name S[...]

  • Page 144

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 15-4 Configuration Scripting v1.0, May 2008[...]

  • Page 145

    16-1 v1.0, May 2008 Chapter 16 Outbound T e lnet This section describes the Outbound T elnet feature. Overview Outbound T elnet: • Establishes an outbound telnet connection between a device and a remote host • A telnet connection is initiated, each side of the conn ection is assumed to originate and terminate at a “Network V i rtual T erminal[...]

  • Page 146

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 16-2 Outbound Telnet v1.0, May 2008 Example #1: show network Example #2: show telnet (Netgear Switch Routing) >telnet 192 .168.77.151 Trying 192.168.77.151... (Netgear Switch Routing) User:admin Password: (Netgear Switch Routing) >en Password: (Netgear Switch Routing) #show [...]

  • Page 147

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Outbound Telnet 16-3 v1.0, May 2008 Example #3: transport output telnet Example #4: session-limi t and session-timeout (Netgear Switch Routing) (Config)#li neconfig ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Config)#li neconfig (Netgear Switch Routi[...]

  • Page 148

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 16-4 Outbound Telnet v1.0, May 2008[...]

  • Page 149

    17-1 v1.0, May 2008 Chapter 17 Port Mirroring This section describes the Port Mirroring feature. Overview Port Mirroring: • Allows you to monitor network traf fi c with an external network analyzer • Forwards a copy of each incoming a nd outgoing packet to a sp ecific port • Is used as a diagnostic tool, deb ugging feature or me ans of fendin[...]

  • Page 150

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 17-2 Port Mirr oring v1.0, May 2008 Example #1: show monitor session Example #2: show port all Example #3: show port interface Use this command for a specific por t. The output shows whether the port is the mirror or the probe (Netgear Switch Routing) #show monit or session 1 Sess[...]

  • Page 151

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Port Mirroring 17-3 v1.0, May 2008 port, and what is enabled or disable d on the port. Example #4: (Config) monitor session 1 mode T o set up port mirroring, s pecify th e monitor session, then the mode. (Netgear Switch Routing) #show port 0/7 Admin Physical Physical Link Link LAC[...]

  • Page 152

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 17-4 Port Mirr oring v1.0, May 2008 Example #5: (Config) monito r session 1 source interface Specify the source (mirrored) ports and destination (probe) port. Example #6: (Interf ace) port security (Netgear Switch Routing)(Config)#mon itor session 1 source? interface Configure int[...]

  • Page 153

    18-1 v1.0, May 2008 Chapter 18 Simple Network T ime Protocol (SNTP) This section describes the Simple Netw ork T ime Protocol (SNTP) feature . Overview SNTP: • Used for synchronizin g network resources • Adaptation of NTP • Provides synchron ized network tim estamp • Can be used in broadcast or unicast mode • SNTP client implemented over [...]

  • Page 154

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 18-2 Simple Network Time Protocol (SNTP) v1.0, May 2008 Example #2: show sntp client Example #3: show sntp server Example #4: Configure SNTP Netgear switches do not have a built-in real-time cloc k. However , it is possible to use SNTP to get the time from a public SNTP/NTP se rve[...]

  • Page 155

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Simple Network Time Protocol (SNTP) 18-3 v1.0, May 2008 1. Configure the SNTP server IP address. The IP address can be either from the public NTP server or your own. Y ou can search the Intern et to locate the public server . The serve rs available could be listed in domain-name f[...]

  • Page 156

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 18-4 Simple Network Time Protocol (SNTP) v1.0, May 2008 Example #5: Setting T ime Zone The SNTP/NTP server is set to Coordina ted Universal Time (UTC) by default. The following example shows how to set the time zone to Pacifi c Standard Time (PST) which is 8 hours behind GMT/UTC. [...]

  • Page 157

    19-1 v1.0, May 2008 Chapter 19 Syslog This section provides informa tion about the Syslog feature. Overview Syslog: • Allows you to store system messages and/or errors • Can store to local files on the switch or a remote server running a syslog daemon • Method of collecting messag e logs from many systems Persistent Log Files • Currently th[...]

  • Page 158

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 19-2 Syslog v1.0, May 2008 Interpreting Log Files CLI Examples The following are examples of the comm ands used in the Syslog feature. <130> JAN 01 00:00:0 6 0.0.0.0-1 UNKN [0x 800023]: boot os.c(386) 4 %% Event (0xaaaaaaaa) A. Priority B. T imestamp C. S tack ID D. Componen[...]

  • Page 159

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Syslog 19-3 v1.0, May 2008 Example #1: show logging Example #2: show logging buffered (Netgear Switch Routing) #show loggi ng Logging Client Local Port : 514 CLI Command Logging : disabled Console Logging : disabled Console Logging Severity Filter : alert Buffered Logging : enable[...]

  • Page 160

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 19-4 Syslog v1.0, May 2008 Example #3: show logging traplogs Example #4: show logging host s (Netgear Switch Routing) #show logging traplogs ? <cr> Press Enter to execute the c ommand. (Netgear Switch Routing) #show logging traplogs Number of Traps Since Last Reset.... .....[...]

  • Page 161

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Syslog 19-5 v1.0, May 2008 Example #5: logging port configuration (Netgear Switch Routing) #config (Netgear Switch Routing) (Config)#logging ? buffered Buffered (In-Memory) Logging Configuration. cli-command CLI Command Logging Configuration. console Console Logging Configuration.[...]

  • Page 162

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 19-6 Syslog v1.0, May 2008[...]

  • Page 163

    20-1 v1.0, May 2008 Chapter 20 Managing Switch S t acks This chapter describes the concepts and recommen ded operating procedures to manage Netg ear stackable managed switches running Release 4. x. x.x or newer . Netgear stack able managed switches include the following models: • FSM7328S • FSM7352S • FSM7352PS • GSM7328S • GSM7352S This [...]

  • Page 164

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 20-2 Managing Sw itch Stacks v1.0, May 2008 Underst anding Switch St acks A switch stack is a set of up to eight Et hernet switches connected throug h their stacking ports. One of the switches controls the operation of th e stack and is called the stack master . The stack master a[...]

  • Page 165

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Managing Switch Stacks 2 0-3 v1.0, May 2008 Switch St ack Membership A switch stack has up to eight stack members connected through their stacking ports. A switch stack always has one stack master . A standalone switch is a switch stac k with one stack member that al so operates a[...]

  • Page 166

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 20-4 Managing Sw itch Stacks v1.0, May 2008 Switch St ack Cabling (FSM73xxS) Figure 20-1 and Figure 20-2 illustrate how indivi dual switches ar e interconnected to form a stack. Y ou can use the regular Category 5 Et hernet 8 wire cable. Figure 20-1 Figure 20-2 Interconnect port s[...]

  • Page 167

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Managing Switch Stacks 2 0-5 v1.0, May 2008 S t ack Master Election and Re-Election The stack master is el ected or re-elec ted based on one of these factors and in the order listed: 1. The switch that is currently the stack master 2. The switch with the highest stack member prior[...]

  • Page 168

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 20-6 Managing Sw itch Stacks v1.0, May 2008 Stack members in the same switch stack cannot have the same stack member numbe r . Every stack member , including a standa lone switch, retains its member nu mber until you manu ally change the number or unless the number i s already bei[...]

  • Page 169

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Managing Switch Stacks 2 0-7 v1.0, May 2008 Effect s of Replacing a Preconfigu red Switch in a Switch St ack When a preconfigured switch in a switch stack fails, is removed from the stack, and is replaced with another switch, the stack applies either the pr econfiguration or the d[...]

  • Page 170

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 20-8 Managing Sw itch Stacks v1.0, May 2008 Switch St ack Software Comp atibility Recommendations All stack members must run the same software version to ensure comp atibility between stack members. The software versions on all stack memb ers, including the stack master , must be [...]

  • Page 171

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Managing Switch Stacks 2 0-9 v1.0, May 2008 Switch St ack Management Connectivity Y ou manage the switch stack and the stack member interfaces through the stack master . Y ou ca n use the web interface , the CLI, and SNMP . Y ou cannot mana ge stack members on an ind i vidual swit[...]

  • Page 172

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 20-10 Managing Switch Stacks v1.0, May 2008 S tack master election specifically determined by the MAC address • Assuming that both stack members have the same priority value and software image, restart both stack members at the same time. The stack member with the higher MAC add[...]

  • Page 173

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Managing Switch Stacks 20-11 v1.0, May 2008 S t acking Recommendations The purpose of this section is to collect notes on recommended pr ocedures and expe cted behavior of stacked manage d switches. Proc edures addressed initially are listed below . • Initial installation and po[...]

  • Page 174

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 20-12 Managing Switch Stacks v1.0, May 2008 Initial inst allation an d Power-up of a S t ack 1. Install units in rack. 2. Install all stacki ng cables. Fully connect, including the redundant stack link. It is highly recommended that a redu ndant link be installed. 3. Identify the [...]

  • Page 175

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Managing Switch Stacks 20-13 v1.0, May 2008 Adding a Unit to an O perating St ack 1. Make sure the redundant stack connection is in place and functional. All stack members should be connected in a logical ring. 2. Preconfigure the new unit, if de sired . 3. Install new unit in the[...]

  • Page 176

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 20-14 Managing Switch Stacks v1.0, May 2008 • Add the new stack unit to the stac k using the pro cess described in s ection “Adding a Unit to an Operating Stack” . The unit can be inserted into the same position as the unit just removed, or the unit can be inserted at the bo[...]

  • Page 177

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Managing Switch Stacks 20-15 v1.0, May 2008 Merging T wo Operational S tacks It is strongly recommend ed that two functioning stacks (each having an independent master) not be merged simply by the reconnection of stack cab les. That process may result in a number of unpredictable [...]

  • Page 178

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 20-16 Managing Switch Stacks v1.0, May 2008 archive command (in stack configuration mode) may be issued to make another attempt to copy the software t o the unit(s) that did not get updated. Errors duri ng code propagati on to stack members could be caused by stack cable mo vement[...]

  • Page 179

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Managing Switch Stacks 20-17 v1.0, May 2008 Code Mismatch If a unit is added to a stack and it does not have the same version of code as tha t of the master , the following should happ en: • “New” unit will boot up and become a “member” of the stack • Ports on the adde[...]

  • Page 180

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 20-18 Managing Switch Stacks v1.0, May 2008[...]

  • Page 181

    21-1 v1.0, May 2008 Chapter 21 Pre-Login Banner This section describes the Pre-Login Banner feature. Overview Pre-Login Banner: • Allows you to create message screens when logging into the CLI Interface • By default, no Banner file exists • Can be uploaded or downloaded • File size cannot be larger than 2K The Pre-Login Banner feature is on[...]

  • Page 182

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 21-2 Pre-Login Banner v1.0, May 2008 2. T ransfer the file from the PC to the switch using TFTP (Netgear Switch Routing) #copy tftp: //192.168.77.52/banner.txt nvram:clibanner Mode................................ ........... TFTP Set TFTP Server IP.................. ........... 19[...]

  • Page 183

    22-1 v1.0, May 2008 Chapter 22 IGMP Querier When the switch is used in ne twork applications where video se rvice s such as IP TV , vide o streaming, and gaming are deployed, the video traf fic would normally be flooded to all connected ports because such traffic packets usually have mu lticast Ethernet addresses. IGMP snooping can be enabled to cr[...]

  • Page 184

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 22-2 IGMP Querier v1.0, May 2008 CLI Examples Example #1: Enable IGMP Querier Use the following CLI commands to set up the switch to genera te IGMP querier packet for a designated VLAN. The IGMP pa cket will be transmitted to every port s on the VLAN. The following example enables[...]

  • Page 185

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 DNS 23-1 v1.0, May 2008 Chapter 23 DNS This section describes the Domain Name System (DNS) feature. The DNS protocol maps a ho st name to an IP address, allow ing you to replace the IP address with the host name for IP commands such as a ping and a traceroute, and for features suc[...]

  • Page 186

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 23-2 DNS v1.0, May 2008 CLI Commands T o use the CLI to specify two DNS serve rs, enter the following CLI commands: Web Interfac e Procedure T o use the W eb interface to specify two DNS servers, proceed as follows: 1. From the main menu, select System > Manage ment > DNS &g[...]

  • Page 187

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 DNS 23-3 v1.0, May 2008 Example 2#: Manually Add a Ho st Name and an IP Address The following example shows commands to add a sta tic host name entry to the switc h so that you can use this entry to resolve the IP address. The example is shown as CLI commands and as a W eb interfa[...]

  • Page 188

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 23-4 DNS v1.0, May 2008 2. Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www .netgear .com . • In the IP Address field, enter 206.82.202.4 6 . 3. Click Add . The host name and IP address now show in the DNS Ho st Configuration t[...]

  • Page 189

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 DHCP Server 24 -1 v1.0, May 2008 Chapter 24 DHCP Server This section describes the DHCP server configuration. When a client sends a request to a DHCP server , the DHCP server assigns the IP address from ad dress pools that are sp ecified on the switch. The network in the DHCP pool[...]

  • Page 190

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 24-2 DHCP Server v1.0, May 2008 Web Interfac e Procedure T o use the W eb interface to create a DHCP se rver with a dynamic pool, proceed as follows: 1. From the main menu, select System > Se rvices > DHCP Server > DHCP Se rver Configuration. A screen simila r to the foll[...]

  • Page 191

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 DHCP Server 24 -3 v1.0, May 2008 4. From the main menu, select System > Services > D HCP Server > D HCP Pool Configuration. A screen similar to the following displays. 5. Under DHCP Pool Configuration, enter the followi ng information: • Select Create from the Pool Name[...]

  • Page 192

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 24-4 DHCP Server v1.0, May 2008 Example #2: Configure a DHCP Server in Manual Mode The following example sh ows how to cre at e a DHCP server with a manual pool. The example is shown as CLI commands and as a W eb interface procedure. CLI Commands T o use the CLI to create a DHCP s[...]

  • Page 193

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 DHCP Server 24 -5 v1.0, May 2008 Web Interfac e Procedure T o use the W eb interface to create a DHCP server with a manual pool, proceed as follows: 1. From the main menu, select System > Se rvices > DHCP Server > DHCP Se rver Configuration. A screen simila r to the follo[...]

  • Page 194

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 24-6 DHCP Server v1.0, May 2008 4. Under DHCP Pool Configuration, enter the followi ng information: • Select Create from the Pool Name pulldown menu. • In the Pool Name field, enter pool_m anual . • Select Manual from the T ype of Binding pu lldown menu. • In the Client Na[...]

  • Page 195

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Protected Ports 25-1 v1.0, May 2008 Chapter 25 Protected Port s This section describes how to set up protected por ts on the switch. Some si tuations might require that traf fic is prevented from bein g forwarded between an y ports at Layer 2 so that on e user cannot see the traff[...]

  • Page 196

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 25-2 Protected Po rts v1.0, May 2008 . The example is shown as CLI commands and as a W eb interface procedure. CLI Commands T o use the CLI to configure a protected port in order to isolate ports, enter the following CLI commands: Figure 25-1 Step 1: Create one VLAN 192 includin g[...]

  • Page 197

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Protected Ports 25-3 v1.0, May 2008 Web Interfac e Procedure T o use the W eb Interface to configure a protec ted po rt in order to isolate ports, procee d as follows: 1. Create a DHCP pool: Step 2: Create one VLAN 202 connecte d to the Internet . (Netgear Switch) #vlan database ([...]

  • Page 198

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 25-4 Protected Po rts v1.0, May 2008 a. From the main menu, select System > Se rvices > DHCP Server > DHCP Server Configuration. A screen simila r to the following displays. b. Under DHCP Pool Configuration, enter the followi ng information: • Select Create from the Poo[...]

  • Page 199

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Protected Ports 25-5 v1.0, May 2008 • In the Network Number field, enter 192.168.1.0 . • In the Network Mask field, enter 255.255.255 .0 . • In the Days field, enter 1 . • Click on Default Router Addresses . The DNS server address fields display . In the first router addre[...]

  • Page 200

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 25-6 Protected Po rts v1.0, May 2008 The U specifies that the egress p acket is untagged for the port. d. Click Apply to save the VLAN that includes ports 23 and 24. 3. Configure a VLAN and includ e port 1/0/48 in the VLAN: a. From the main menu, select Routing > VL AN > VLA[...]

  • Page 201

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Protected Ports 25-7 v1.0, May 2008 b. Under IP Configuration, ma ke the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. c. Click Apply to enable IP Routing. 5. Configure default route [...]

  • Page 202

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 25-8 Protected Po rts v1.0, May 2008 6. Configure port 23 and port 2 4 as protected ports: a. From the main menu, select Security > T raffi c Control > Protected Port. A screen similar to the following displays. b. Under Protected Ports Configuration, Click Un it 1 . The por[...]

  • Page 203

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 802.1x Port Security 26-1 v1.0, May 2008 Chapter 26 802.1x Port Security This section describes how to c onfigure the 802.1x Port Secur ity feature on a switch port. IEEE 802.1x authentication prev ents unauthorized clients fro m connecting to a VLAN unless these clients are autho[...]

  • Page 204

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 26-2 802.1x Port Security v1.0, May 2008 The example is shown as CLI commands and as a W eb interface procedure. CLI Commands T o use the CLI to enable 802.1x authentication on one port, and to allow only the user with the name “adam” to access the VL AN, ente r the following [...]

  • Page 205

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 802.1x Port Security 26-3 v1.0, May 2008 Web Interfac e Procedure T o use the W eb Interface to enable 802.1x authen tication on one port, and to allow only the user with the name “adam” to access the VLA N, proceed as follows: 1. Create VLAN 100 with IP address 192.168.100.1:[...]

  • Page 206

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 26-4 802.1x Port Security v1.0, May 2008 b. Enter the following informatio n in the VLAN Routing W izard: • In the Vlan ID field, enter 100 . • In the IP Address field, enter 192.168.100. 1 . • In the Network Mask field, enter 255.255.255 .0 . c. Click Unit 1 . The ports dis[...]

  • Page 207

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 802.1x Port Security 26-5 v1.0, May 2008 3. Add a new user account with the name “adam”: a. From the main menu, select Security > Manage ment Security > User Configuration > User Management. A screen similar to the foll owing displays. b. Under Manage Users, in the Us[...]

  • Page 208

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 26-6 802.1x Port Security v1.0, May 2008 5. Enable port authentication: a. From the main menu, select Security > Port Authentication > Basic > 802.1x Configuration. A screen simila r to the following displays. b. Under Mode, next to Administrative Mode, select the Enable [...]

  • Page 209

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 802.1x Port Security 26-7 v1.0, May 2008 b. Under Port Authentication, enter the following information: • In the Max Users field, enter 4 . • Select Mac based from the Port Method p ulldown menu. c. Click Apply to save the settings.[...]

  • Page 210

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 26-8 802.1x Port Security v1.0, May 2008[...]

  • Page 211

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Double VLANs 27-1 v1.0, May 2008 Chapter 27 Double VLANs This section describes how to configure the Do uble VLAN (DVLAN) feature on the switch. A DVLAN is a way to pass traffic of customers who have multiple VLANs from one customer domain to another customer domain. Custo m VLAN [...]

  • Page 212

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 27-2 Double VLANs v1.0, May 2008 The example is shown as CLI commands and as a W eb interface procedure. CLI Commands T o use the CLI to enable a double VLAN on a VLAN, enter the following CLI commands: Figure 27-1 Create a VLAN 200 . (Netgear Switch)#vlan database (Netgear Switch[...]

  • Page 213

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Double VLANs 27-3 v1.0, May 2008 Web Interfac e Procedure T o use the W eb Interface to enable a d ouble VLAN on a VLAN, proceed as follows: 1. Create static VLAN 200: a. From the main menu, select Switching > VL AN > Basic > VLAN Configuration. A screen similar to the fo[...]

  • Page 214

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 27-4 Double VLANs v1.0, May 2008 2. Add ports 24 and 48 to VLAN 20 0. a. From the main menu, select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. Under VLAN Membership, select 200 from the VLAN ID pulldown me nu. c. Click Un[...]

  • Page 215

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Double VLANs 27-5 v1.0, May 2008 3. Change the Port VLAN ID (PVID) of port 24 to 200: a. From the main menu, select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b. Under PVID Configuration, sc roll down to interface 1/[...]

  • Page 216

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 27-6 Double VLANs v1.0, May 2008 4. Configure port 48 as the provider service port: a. From the main menu, select Switchi ng > VLAN > Advanced > Port DVLAN Configuration. A screen simila r to the following displays. b. Under DVLAN Configuration, scroll down to in terface [...]

  • Page 217

    Index-1 v1.0, May 2008 Index Numerics 802.1x port security 26-1 A ACL 9-1 add 4-5 apply 4-5 ARP 7-21 C cancel 4-5 command archive 20-16 archive download-sw 20-8 clear config 2-14 clock timezone 18-4 copy nvram errorlog 2-13 copy nvram startup-config 2-12 , 2-13 copy nvram tr aplog 2-13 copy system image 2-13 copy system running-config nvram startup[...]

  • Page 218

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 Index-2 v1.0, May 2008 switch priority 20-6 switch renumber 20-14 traceroute 14-1 traf fic-shape 10-7 transport output telnet 16-3 users passwd 2-1 1 configuration scripting 15-1 CoS 10-1 drop precedence configuration 10-3 per-interface basis 10-3 port egress queue configuration 1[...]

  • Page 219

    NETGEAR 7000 Series Managed Switch Administration Guide Versio n 7.2 Index-3 v1.0, May 2008 protected ports 25-1 Q QoS class 11 - 1 policy 11 - 1 service 11 - 2 R refresh 4-5 RIP 7-1 , 7-2 , 7-7 , 7-12 S SNMP V3 user profile 4-6 SNTP 18-1 static host name 23-1 switch FSM family of swit ches 20-1 GSM family of switches 20-1 IP address 3- 2 name 3-3 [...]

  • Page 220

    NETGEAR 7000 Series Managed Switch Administr ation Guide Version 7.2 Index-4 v1.0, May 2008[...]