NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 NETGEAR, Inc.
© 2008 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR, Inc.. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Portions of this document are copyright Intoto, Inc.
• This device may not cause harmful interference, and • This device must accept any interference received, including interference that may cause undesired operation. FCC Requirements for Operation in the United States Radio Frequency Interference Warnings & Instructions This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
Product and Publication Details Model Number: 7xxx Publication Date: May 2008 Product Family: Managed Switch Product Name: 7000 Series Managed Switch Home or Business Product: Business Language: English Publication Part Number: 202-10238-02 Publication Version Number: 1.0 iv v1.
Contents NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 About This Manual Conventions, Formats and Scope ................................................................................... xv How to Use This Manual .................................................................................................xvi How to Print this Manual ..................................................................................................xvi Revision History ..............................
Setting Up the Switch IP Address ...................................................................................3-2 Assigning Switch Name and Location Information .........................................................3-3 Saving the Configuration ................................................................................................3-3 Chapter 4 Using the Web Interface Configuring for Web Access ...........................................................................................
VLAN Routing RIP Configuration .............................................................................7-7 CLI Example ......................................................................................................7-8 VLAN Routing OSPF Configuration .......................................................................7-10 CLI Example ....................................................................................................7-10 Routing Information Protocol ............................
Example #2: Configure a One-Way Access Using a TCP Flag in an ACL ...............9-4 CLI Commands ..................................................................................................9-5 Web Interface Procedure ...................................................................................9-8 Example #3: Configure Isolated VLANs on a Layer 3 switch by Using ACLs ........9-23 CLI Commands ................................................................................................
Chapter 12 IGMP Snooping Overview .......................................................................................................................12-1 CLI Examples ...............................................................................................................12-1 Example #1: Enable IGMP Snooping .....................................................................12-1 Example #2: show igmpsnooping ..........................................................................
Example #4: session-limit and session-timeout .....................................................16-3 Chapter 17 Port Mirroring Overview .......................................................................................................................17-1 CLI Examples ...............................................................................................................17-1 Example #1: show monitor session .......................................................................
Switch Stack Cabling (FSM73xxS) .........................................................................20-4 Stack Master Election and Re-Election ..................................................................20-5 Stack Member Numbers .........................................................................................20-5 Stack Member Priority Values ................................................................................20-6 Switch Stack Offline Configuration .............................
Chapter 22 IGMP Querier CLI Examples ...............................................................................................................22-2 Example #1: Enable IGMP Querier ........................................................................22-2 Example #2: Show IGMP Querier Status ...............................................................22-2 Chapter 23 DNS Overview .......................................................................................................................
Example ........................................................................................................................26-1 Example 1#: Enable 802.1x Authentication on One Port in a VLAN ......................26-1 CLI Commands ................................................................................................26-2 Web Interface Procedure .................................................................................26-3 Chapter 27 Double VLANs Overview ................................
xiv v1.
About This Manual The NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 describes how to install, configure and troubleshoot the 7000 Series Managed Switch. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Formats and Scope The conventions, formats, and scope of this manual are described in the following paragraphs: • • Typographical Conventions.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • Scope. This manual is written for the 7000 Series Managed Switch according to these specifications: Product Version 7000 Series Managed Switch Manual Publication Date May 2008 . Note: Product updates are available on the NETGEAR, Inc. website at http://kbserver.netgear.com/products/7xxx.asp.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 – • Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window. • Click the print icon in the upper left of your browser window. Printing a PDF version of the Complete Manual. Use the Complete PDF Manual link at the top left of any page. • Click the Complete PDF Manual link at the top left of any page in the manual.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 xviii v1.
Chapter 1 Introduction This document provides an understanding of the CLI and Web configuration options for software Release 7.2 features. Document Organization This document provides examples of the use of the switch software in a typical network. It describes the use and advantages of specific functions provided by the 7000 Series Managed Switch, and includes information on configuring those functions using the Command Line Interface and Web Interface.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Documentation The Command Line Reference provides information about the CLI commands used to configure the switch and the stack. The document provides CLI descriptions, syntax, and default values. Refer to the Command Line Reference for information for the command structure Related Documentation Before proceeding, read the Release Notes for this switch product.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 1-4 Introduction v1.
Chapter 2 Getting Started Connect a terminal to the switch to begin configuration. In-band and Out-of-band Connectivity Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. Configuring for In-band Connectivity In-band connectivity allows you to access the switch from a remote workstation using the Ethernet network.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 gateway IP address of the default router, if the switch is a node outside the IP range of the LAN MAC Address MAC address of the switch When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for in-band connectivity over the network.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 6. Set the IP address, subnet mask, and gateway address by issue the following command: config network parms ipaddress netmask gateway IP Address Unique IP address for the switch. Each IP parameter is made up of four decimal numbers, ranging from 0 to 255. The default IP address is 169.254.100.100. Subnet Subnet mask for the LAN. The default value is 255.255.255.0.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 d. Set the flow control to none. e. Select the proper mode under Properties. f. Select Terminal keys. Note: When using HyperTerminal with Microsoft Windows 2000, make sure that you have Windows 2000 Service Pack 2 or later installed. With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal's VT100 emulation. Go to www.microsoft.com for more information on Windows 2000 service packs. 3.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • The console connection was established and the console prompt appears on the screen of a VT100 terminal or terminal equivalent. The initial switch configuration is performed through the console port. After the initial configuration, you can manage the switch either from the already-connected console port or remotely through an interface defined during the initial configuration.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Software Installation This section contains procedures to help you become acquainted quickly with the switch software. Before installing switch software, you should verify that the switch operates with the most recent firmware. Quick Starting the Networking Device 1. Configure the switch for In-band or Out-of-Band connectivity. In-band connectivity allows access to the software locally or from a remote workstation.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • • • • Uploading from Networking Device to Out-of-Band PC (Only XMODEM) Downloading from Out-of-Band PC to Networking Device (Only XMODEM) Downloading from TFTP Server Restoring factory defaults If you configure any network parameters, you should execute the following command: copy system:running-config nvram:startup-config This command saves the changes to the configuration file. You must be in the correct mode to execute the command.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Table 2-1. Quick Start Commands Command Mode Description copy system:running-config nvram:startupconfig Privileged EXEC Saves passwords and all other changes to the device. logout User EXEC Privileged EXEC Logs the user out of the networking device.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Table 2-1. Quick Start Commands Command Mode copy nvram:errorlog / /> Privileged EXEC copy nvram:traplog / /> Privileged EXEC copy / /> nvram:startupconfig Privileged EXEC Description Starts the error log upload, displays the mode and type of upload and confirms the upload is progressing.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Table 2-1. Quick Start Commands Command Mode Description copy / /> system:image Privileged EXEC Sets the destination (download) datatype to be an image. clear config Privileged EXEC Enter yes when the prompt asks if you want to clear all the configurations made to the networking device.
Chapter 3 Using Ezconfig for Switch Setup Ezconfig is an interactive utility that provides a simplified procedure for setting up the following switch parameters: • • Switch management IP address Switch admin user password • Switch name and location Ezconfig can be entered either in Global Config mode (#) or in Display mode (>).
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Changing the Password The first question it will ask is whether you wish to change the admin password. For security reasons, you should change the password by typing Y. If you have already set the password and do not wish to change it again, just enter N.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 If an IP address is already assigned, and you do not wish to change the IP address again, simply type N.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 If during the session, the switch loses its power, the setup information will be lost if Ezconfig does not have the chance to save the changes before power-down. 3-4 Using Ezconfig for Switch Setup v1.
Chapter 4 Using the Web Interface This chapter is a brief introduction to the web interface; for example, it explains how to access the Web-based management panels to configure and manage the system. Tip: Use the Web interface for configuration instead of the CLI interface. Web configuration is quicker and easier than entering the multiple required CLI commands.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Enable Web mode: a. At the CLI prompt, enter the show network command. b. Set Web Mode to Enabled. Starting the Web Interface Follow these steps to start the switch Web interface: 1. Enter the IP address of the switch in the Web browser address field. 2. When the Login panel is displayed click Login. 3. .Enter the appropriate User Name and Password.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 4-1 The switch can accommodate two types of users: administrative users and guests. An administrative user may configure the switch for network application, but a guest may not. The guest may only view the settings and status of the network. As shipped from the factory, both users can log in without a password.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The new PCC web interface has the following four new significant features: 1. A layout change: The new layout organizes the navigation pane into two rows of tags, as shown in the following screen: Figure 4-3 • Main Tags The PCC provides the following main tags: – System This tag contains configuration and status information for system features and services such as the timer, DNS server, IP address, and system resource usage.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 – • Index This tag contains the site index that allows direct access to any of the pages under the main tags and sub tags. Sub Tags The sub tag content changes depending on the selected main tag. In turn, each sub tag provides further sub categories of functions. 2.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Configuring an SNMP V3 User Profile Configuring an SNMP V3 user profile is a part of user configuration. Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, additional steps are needed. Use the following steps to configure an SNMP V3 new user profile. 1. Select System>Configuration>User Accounts from the hierarchical tree on the left side of the web interface. 2.
Chapter 5 Virtual LANs Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security and management of multicast traffic. A VLAN is a set of end stations and the switch ports that connect them.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 VLAN Configuration Example The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. port 1/0/2 handles traffic for both VLANs, while port 1/0/1 is a member of VLAN 2 only, and ports 1/0/3 and 1/0/4 are members of VLAN 3 only. The script following the diagram shows the commands you would use to configure the switch as shown in the diagram.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2, specify that frames will always be transmitted tagged from all member ports, and that untagged frames will be rejected on receipt.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Graphical User Interface Use the following screens to perform the same configuration using the Graphical User Interface: • Switching --> VLAN--> Configuration. To create the VLANs and specify port participation. • Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt, and whether frames will be transmitted tagged or untagged. 5-4 Virtual LANs v1.
Chapter 6 Link Aggregation This section includes instructions on configuring Link Aggregation using the Command Line Interface and the Graphical User Interface. Link Aggregation (LAG) allows the switch to treat multiple physical links between two end-points as a single logical link. All of the physical links in a given LAG must operate in full-duplex mode at the same speed.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 6-1 shows the example network. Figure 6-1 Example #1: Create two LAGS (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) #config (Config)#port-channel lag_10 (Config)#port-channel lag_20 (Config)#exit Use the show port-channel all command to show the logical interface ids you will use to identify the LAGs in subsequent commands. Assume that lag_10 is assigned id 1/1/1 and lag_20 is assigned id 1/1/2.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 6-4 Link Aggregation v1.
Chapter 7 IP Routing Services IP routing services are divided into five areas: • Port Routing • VLAN Routing • Routing Information Protocol (RIP) • Open Shortest Path First (OSPF) Protocol • Proxy Address Resolution Protocol (ARP) Port Routing The first networks were small enough for the end stations to communicate directly.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Port Routing Configuration The 7000 Series Managed Switch always supports Layer 2 bridging, but Layer 3 routing must be explicitly enabled, first for the 7000 Series Managed Switch as a whole, and then for each port which is to participate in the routed network. The configuration commands used in the example in this section enable IP routing on ports 1/0/ 2,1/0/3, and 1/0/5.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Examples This diagram shows a Layer 3 switch configured for port routing. It connects three different subnets, each connected to a different port. The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the port routing support shown in the diagram. Figure 7-1 Example #1: Enabling routing for the Switch Use the following command to enable routing for the switch.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Enabling Routing for Ports on the Switch Use the following commands to enable routing for ports on the switch. The default link-level encapsulation format is Ethernet. Configure the IP addresses and subnet masks for the ports. Network directed broadcast frames will be dropped and the maximum transmission unit (MTU) size will be 1500 bytes.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The next section will show you how to configure the 7000 Series Managed Switch to support VLAN routing and how to use RIP and OSPF. A port may be either a VLAN port or a router port, but not both. However, a VLAN port may be part of a VLAN that is itself a router port. VLAN Routing Configuration This section provides an example of how to configure 7000 Series Managed Switch to support VLAN routing.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: Create Two VLANs The following code sequence shows an example of creating two VLANs with egress frame tagging enabled.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports. (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) (Config)#interface vlan 10 (Interface-vlan 10)#ip address 192.150.3.1 255.255.255.0 (Interface-vlan 10)#exit (Config)#interface vlan 20 (Interface-vlan 20)#ip address 192.150.4.1 255.255.255.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Example This example adds support for RIPv2 to the configuration created in the base VLAN routing example. A second router, using port routing rather than VLAN routing, has been added to the network. Figure 7-3 7-8 IP Routing Services v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 VLAN Routing OSPF Configuration For larger networks Open Shortest Path First (OSPF) is generally used in preference to RIP.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Set the OSPF priority and cost for the VLAN and physical router ports.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • To prevent any RIP packets from being transmitted CLI Examples The configuration commands used in the following example enable RIP on ports 1/0/2 and 1/0/3 as shown in the network illustrated in Figure 7-4 Figure 7-4 Example #1: Enable Routing for the Switch The following sequence enables routing for the switch: (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit IP Routing Services 7-13 v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Enable Routing for Ports The following command sequence enables routing and assigns IP addresses for ports 1/0/2 and 1/ 0/3. (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) #config (Config)#interface 1/0/2 (Interface 1/0/2)#routing (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #4: Enable RIP for ports 1/0/2 and 1/0/3 This command sequence enables RIP for ports 1/0/2 and 1/0/3. Authentication defaults to none, and no default route entry is created. The commands specify that both ports receive both RIPv1 and RIPv2 frames, but send only RIPv2 formatted frames.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • Intra-area • Inter-area • External type 1: the route is external to the AS • External Type 2: the route was learned from other protocols such as RIP CLI Examples The examples in this section show you how to configure a 7000 Series Managed Switch first as an inter-area router and then as a border router. They show two areas, each with its own border router connected to one inter-area router.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: Configuring an Inter-Area Router Figure 7-5 Enable Routing for the Switch. The following command sequence enables ip routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Assign IP Addresses for Ports.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Specify Router ID and Enable OSPF for the Switch. The following sequence specifies the router ID and enables OSPF for the switch. Set disable1583 compatibility to prevent the routing loop. (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) #config (Config)#router ospf (Config router)#enable (Config router)#router-id 192.150.9.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Configuring OSPF on a Border Router Figure 7-6 IP Routing Services 7-19 v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The following example configures OSPF on a 7000 Series Managed Switch operating as a border router: Enable routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Enable routing & assign IP for ports 1/0/2, 1/0/3 and 1/0/4.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Enable OSPF for the ports and set the OSPF priority and cost for the ports. (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) #config (Config)#interface 1/0/2 (Interface 1/0/2)#ip ospf (Interface 1/0/2)#ip ospf areaid 0.0.0.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Examples The following are examples of the commands used in the proxy ARP feature. Example #1: show ip interface (Netgear Switch) #show ip interface ? brief Enter an interface in slot/port format. Display summary information about IP configuration settings for all ports. (Netgear Switch) #show ip interface 0/24 Routing Mode................................... Administrative Mode............................
Chapter 8 Virtual Router Redundancy Protocol When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network. If the router goes down, the end station is unable to communicate. Since static configuration is a convenient way to assign router addresses, Virtual Router Redundancy Protocol (VRRP) was developed to provide a backup mechanism.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Examples This example shows how to configure the 7000 Series Managed Switch to support VRRP. Router 1 will be the default master router for the virtual route, and Router 2 will be the backup router. Figure 8-1 8-2 Virtual Router Redundancy Protocol v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: Configure VRRP on a Master Router The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the master router: Enable routing for the switch. IP forwarding will then be enabled by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear (Netgear (Netgear (Netgear Configure the IP addresses and subnet masks for the port that will particpate in the protocol.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Configure VRRP on a Backup Router The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the backup router: Enable routing for the switch. IP forwarding will then be enabled by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear (Netgear (Netgear (Netgear Configure the IP addresses and subnet masks for the port that will particpate in the protocol.
Chapter 9 Access Control Lists (ACLs) This section describes the Access Control Lists (ACLs) feature. Overview Access Control Lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a firewall router or in a router connecting two internal networks. When you configure ACLs, you can selectively admit or reject inbound traffic, thereby controlling access to your network or to specific resources on your network. You can set up ACLs to control traffic at Layer 2, or Layer3.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • Destination MAC address with mask • VLAN ID (or range of IDs) • Class of Service (CoS) (802.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Process To configure ACLs, follow these steps: • Create an ACL by specifying a name (MAC ACL) or a number (IP ACL) • Add new rules to the ACL • Configure the match criteria for the rules • Apply the ACL to one or more interfaces IP ACL Examples Example #1: Set up an IP ACL with Two Rules The script in this section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic and one to UDP traffic.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Create ACL 101. Define the first rule: the ACL will permit packets with a match on the specified source IP address (after the mask has been applied), that are carrying TCP traffic, and that are sent to the specified destination IP address. (Netgear Switch) #config (Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Define the second rule for ACL 101.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The example is shown as CLI commands and as a Web interface procedure. CLI Commands To use the CLI to configure the GSM7248R, enter the following CLI commands: Step 1: Configure the GSM7248R (see Figure 9-2) Create VLAN 30 with port 0/3 and assign IP address 192.168.30.1/24.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Create VLAN 200 with port 0/44 and assign IP address 192.168.200.1/24.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 To use the CLI to Configure the GSM7352S, enter the following CLI commands: Step 2: Configure the GSM7352S (see Figure 9-2) Create VLAN 40 with port 1/0/24 and assign IP address 192.168.40.1/24.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Add two static routes so that the switch forwards the packets with destinations 192.168.100.0/24 and 192.168.30.0/24 to the correct next hops. (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip route 192.168.100.0 255.255.255.0 192.168.200.1 (Netgear Switch) (Config)#ip route 192.168.30.0 255.255.255.0 192.168.200.1 Web Interface Procedure To use the Web interface to configure the GSM7248R, proceed as follows: 1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Create VLAN 100 with IP address 192.168.100.1/24: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-4 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 100. • In the IP Address field, enter 192.168.100.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 3. Create VLAN 200 with IP address 192.168.200.1/24: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-5 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 200. • In the IP Address field, enter 192.168.200.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 4. Enable IP Routing: a. From the main menu, select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. Figure 9-6 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. c. Click Apply to enable IP Routing. 5. Add a static route with IP address 192.268.40.0/24: a.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 b. Under Configure Routes, make the following selection and enter the following information: • Select Static from the Route Type pulldown menu. • In the Network Address field, enter 192.168.40.0. • In the Subnet Mask field, enter 255.255.255.0. • In the Next Hop IP Address field, enter 192.168.200.2. c. Click Add. 6. Create a static route with IP address 192.168.50.0/24: a.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 7. Create an ACL with ID 101: a. From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-9 b. In the IP ACL ID field of the IP ACL Table, enter 101. c. Click Add. 8. Create an ACL with ID 102: a. From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-10 b. In the IP ACL ID field of the IP ACL Table, enter 102. c.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 9. Add and configure an IP extended rule that is associated with ACL 101: a. From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 9-11 b. Under IP Extended Rules, select 101 from the ACL ID pulldown menu. c. Click Add. The Extended ACL Rule Configuration screen displays. Figure 9-12 9-14 Access Control Lists (ACLs) v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • Next to Action mode, select the Deny radio button. • Select False from the Match Every pulldown menu. • Select TCP from the Protocol Type pulldown menu. • Next to TCP Flag, select Set from the SYN pulldown menu, and select Clear from the ACK pulldown menu. e.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 9-14 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • Next to Action mode, select the Permit radio button. • Select False from the Match Every pulldown menu. • Select IP from the Protocol Type pulldown menu. e. Click Apply to save the settings. 9-16 Access Control Lists (ACLs) v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 11. Apply ACL 101 to port 44: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-15 b. Under Binding Configuration, make the following selection and enter the following information: • Select 101 from the ACL ID pulldown menu. • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d. Click on the gray box under port 44.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 12. Apply ACL 102 to port 44: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-16 b. Under Binding Configuration, make the following selection and enter the following information: • Select 102 from the ACL ID pulldown menu. • In the Sequence Number field, enter 2. c. Click Unit 1. The ports display. d. Click on the gray box under port 44.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 To use the Web interface to configure the GSM7352S, proceed as follows: 1. Create VLAN 40 with IP address 192.168.40.1/24: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-17 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 40. • In the IP Address field, enter 192.168.40.1. • In the Network Mask field, enter 255.255.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Create VLAN 50 with IP address 192.168.50.1/24: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-18 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 50. • In the IP Address field, enter 192.168.50.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 3. Create VLAN 200 with IP address 192.168.200.2/24: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-19 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 200. • In the IP Address field, enter 192.168.200.2. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 4. Create a static route with IP address 192.168.100.0/24: a. From the main menu, select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. Figure 9-20 b. Under Configure Routes, make the following selection and enter the following information: • Select Static from the Route Type pulldown menu. • In the Network Address field, enter 192.168.100.0. • In the Subnet Mask field, enter 255.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 5. Create a static route with IP address 192.168.30.0/24: a. From the main menu, select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. Figure 9-21 b. Under Configure Routes, make the following selection and enter the following information: • Select Static from the Route Type pulldown menu. • In the Network Address field, enter 192.168.30.0. • In the Subnet Mask field, enter 255.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 9-22 The example is shown as CLI commands and as a Web interface procedure. CLI Commands To use the CLI to isolate VLANs on a Layer 3 switch by using ACLs, enter the following CLI commands: Create VLAN 24, add port 1/0/24 to it, and assign IP address 192.168.24.1 to it.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Create VLAN 48, add port 1/0/48 to it, and assign IP address 192.168.48.1 to it.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Create ACL 103 to permit all other traffic. (Netgear Switch) (Config)#access-list 103 permit ip any any Deny all traffic other traffic. (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) with destination IP address 192.168.48.0/24 and permit all Deny all traffic other traffic. (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) with destination IP address 192.168.24.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 24. • In the IP Address field, enter 192.168.24.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 24 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 24. 2. Create VLAN 48 with IP address 192.168.48.1: a.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 e. Click Apply to save VLAN 48. 3. Create VLAN 38 with IP address 10.100.5.34: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-25 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 38. • In the IP Address field, enter 10.100.5.34. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 9-26 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. c. Click Apply to enable IP Routing. 5. Create an ACL with ID 101: a. From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-27 b. In the IP ACL ID field of the IP ACL Table, enter 101.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 6. Create an ACL with ID 102: a. From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-28 b. In the IP ACL ID field of the IP ACL Table, enter 102. c. Click Add. 7. Create an ACL with ID 103: a. From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-29 9-30 Access Control Lists (ACLs) v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 b. In the IP ACL ID field of the IP ACL Table, enter 103. c. Click Add. 8. Add and configure an IP extended rule that is associated with ACL 101: a. From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 9-30 b. Under IP Extended Rules, select 101 from the ACL ID pulldown menu. c. Click Add. The Extended ACL Rule Configuration screen displays.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • Next to Action mode, select the Deny radio button. • Select False from the Match Every pulldown menu. • In the Destination IP Address field, enter 192.168.24.0. • In the Destination IP Mask field, enter 0.0.0.255. e. Click Apply to save the settings. 9.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 9-33 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • Next to Action mode, select the Deny radio button. • Select False from the Match Every pulldown menu. • In the Destination IP Address field, enter 192.168.48.0. • In the Destination IP Mask field, enter 0.0.0.255. e. Click Apply to save the settings.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 10. Add and configure an IP extended rule that is associated with ACL 103: a. From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 9-34 b. Under IP Extended Rules, select 103 from the ACL ID pulldown menu. c. Click Add. The Extended ACL Rule Configuration screen displays. Figure 9-35 d.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • Next to Action mode, select the Permit radio button. • Select False from the Match Every pulldown menu. • Select IP from the Protocol Type pulldown menu. e. Click Apply to save the settings. 11. Apply ACL 102 to port 24: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-36 b.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 12. Apply ACL 101 to port 48: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-37 b. Under Binding Configuration, make the following selection and enter the following information: • Select 101 from the ACL ID pulldown menu. • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d. Click on the gray box under port 48.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 13. Apply ACL 103 to port 24 and port 48: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-38 b. Under Binding Configuration, make the following selection and enter the following information: • Select 103 from the ACL ID pulldown menu. • In the Sequence Number field, enter 2. c. Click Unit 1. The ports display.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 MAC ACL CLI Examples The following are examples of the commands used for the MAC ACLs feature. Example #1: mac access list (Netgear Switch)(Config)#mac access-list ? extended Configure extended MAC Access List parameters. Netgear Switch)(Config)#mac access-list extended ? rename Enter access-list name up to 31 characters in length. Rename MAC Access Control List.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: permit any (Netgear Switch) (Config-mac access-list)#permit ? any Enter a MAC address. Configure a match condition for all the destination MAC addresses in the Destination MAC Address field. (Netgear Switch) (Config-mac access-list)#permit any ? any Enter a MAC address. Configure a match condition for all the destination MAC addresses in the Destination MAC Address field.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #3 Configure mac access-group (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#mac ? access-group Attach MAC Access List to Interface. (Netgear Switch) (Interface 1/0/5)#mac access-group ? Enter name of MAC Access Control List. (Netgear Switch) (Interface 1/0/5)#mac access-group b1 ? in Enter the direction .
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #4 permit (Netgear Switch) (Config)#mac access-list extended b2 (Netgear Switch) (Config-mac-access-list)#permit 00:00:00:00:00:00 ? any Enter a MAC Address. Configure a a match condition for all the destination MAC addresses in the Destination MAC Address field. (Netgear Switch) (Config-mac-access-list)#permit 00:00:00:00:00:00 any access-queue cos Configure the Queue Id assignment attribute.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #5: show mac access-lists (Netgear Switch) #show mac access-lists Current number of all ACLs: 2 Maximum number of all ACLs: 100 MAC ACL Name -----------b1 b2 Rules ----1 1 (Netgear Switch) Direction --------inbound #show mac access-lists ? Enter access-list name up to 31 characters in length. Press Enter to execute the command.
Chapter 10 Class of Service (CoS) Queuing This section describes the Class of Service (CoS) Queue Mapping and Traffic Shaping features. Overview Each port has one or more queues for packet transmission. During configuration, you can determine the mapping and configuration of these queues. Based on service rate and other criteria you configure, queues provide preference to specified packets. If a delay becomes necessary, the system holds packets until the scheduler authorizes transmission.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 – – IP Precedence IP DiffServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header. You configure this by mapping the 802.1p priorities to one of three traffic class queues.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 – Tail drop vs. WRED Drop Precedence Configuration (per Queue) • • WRED parameters – Minimum threshold – Maximum threshold – Drop probability – Scale factor Tail Drop parameters – Threshold Per-Interface Basis • Queue management type – Tail Drop vs.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: show classofservice trust (Netgear Switch) #show classofservice trust ? Press Enter to execute the command. (Netgear Switch) #show classofservice trust Class of Service Trust Mode: Dot1P Example #2: set classofservice trust mode (Netgear Switch) (Config)#classofservice ? dot1p-mapping ip-dscp-mapping trust Configure dot1p priority mapping. Maps an IP DSCP value to an internal traffic class.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #3: show classofservice ip-precedence mapping (Netgear Switch) #show classofservice ip-precedence-mapping IP Precedence ------------0 1 2 3 4 5 6 7 Traffic Class ------------1 0 0 1 2 2 3 3 Example #4: Config Cos-queue Min-bandwidth and Strict Priority Scheduler Mode (Netgear Switch) (Config)#cos-queue min-bandwidth ? Enter the minimum bandwidth percentage for Queue 0.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #5: Set CoS Trust Mode of an Interface (Netgear Switch) (Config)#classofservice trust ? dot1p ip-dscp Sets the Class of Service Trust Mode of an Interface to 802.1p. Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Config)#classofservice trust dot1p ? Press Enter to execute the command.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1 traffic-shape (Netgear Switch) (Config)#traffic-shape ? Enter the shaping bandwidth percentage from 0 to 100 in increments of 5. (Netgear Switch) (Config)#traffic-shape 70 ? Press Enter to execute the command. (Netgear Switch) (Config)#traffic-shape 70 (Netgear Switch) (Config)# Class of Service (CoS) Queuing 10-7 v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 10-8 Class of Service (CoS) Queuing v1.
Chapter 11 Differentiated Services Differentiated Services (DiffServ) is one technique for implementing Quality of Service (QoS) policies. Using DiffServ in your network allows you to directly configure the relevant parameters on the switches and routers rather than using a resource reservation protocol.This section explains how to configure the 7000 Series Managed Switch to identify which traffic class a packet belongs to, and how it should be handled to provide the desired quality of service.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • – Marking the packet with a given DSCP code point, IP precedence, or CoS – Policing packets by dropping or re-marking those that exceed the class’s assigned data rate – Counting the traffic within the class Service.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The following example configures DiffServ on a 7000 Series Managed Switch: Ensure DiffServ operation is enabled for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#diffserv Create a DiffServ class of type “all” for each of the departments, and name them. Define the match criteria -- Source IP address -for the new classes.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side. The configuration script is for Router 1 in the accompanying diagram: a similar script should be applied to Router 2. Figure 11-2 Differentiated Services 11-5 v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The following example configures DiffServ VoIP support: Enter Global Config mode. Set queue 5 on all ports to use strict priority mode. This queue shall be used for all VoIP packets. Activate DiffServ for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#cos-queue strict 5 (Netgear Switch) (Config)#diffserv Create a DiffServ classifier named 'class_voip' and define a single match criterion to detect UDP packets.
Chapter 12 IGMP Snooping This section describes the Internet Group Management Protocol (IGMP) feature: IGMPv3 and IGMP Snooping. Overview IGMP: • Uses Version 3 of IGMP • Includes snooping • Snooping can be enabled per VLAN CLI Examples The following are examples of the commands used in the IGMP Snooping feature. Example #1: Enable IGMP Snooping The following example shows how to enable IGMP snooping.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: show igmpsnooping (Netgear Switch) mrouter <1-4093> #show igmpsnooping? Press Enter to execute the command. Enter interface in slot/port format. Display IGMP Snooping Multicast Router information. Display IGMP Snooping valid VLAN ID information. (Netgear Switch) #show igmpsnooping Admin Mode............................... Multicast Control Frame Count............ Interfaces Enabled for IGMP Snooping.....
Chapter 13 Port Security This section describes the Port Security feature.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Examples The following are examples of the commands used in the Port Security feature. Example #1: show port security (Netgear Switch) #show port-security ? all dynamic static violation Press Enter to execute the command. Display port-security information for all interfaces. Enter interface in unit/slot/port format. Display dynamically locked MAC addresses. Display statically locked MAC addresses.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 13-4 Port Security v1.
Chapter 14 Traceroute This section describes the Traceroute feature. Use Traceroute to discover the routes that packets take when traveling on a hop-by-hop basis to their destination through the network.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Example The following shows an example of using the traceroute command to determine how many hops there are to the destination. The command output shows each IP address the packet passes through and how long it takes to get there. In this example, the packet takes 16 hops to reach its destination. (Netgear Switch) #traceroute? Enter IP address. (Netgear Switch) #traceroute 216.109.118.
Chapter 15 Configuration Scripting This section describes the Configuration Scripting feature.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: script (Netgear Switch) #script ? apply delete list show validate Applies configuration script to the switch. Deletes a configuration script file from the switch. Lists all configuration script files present on the switch. Displays the contents of configuration script. Validate the commands of configuration script.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #4: Creating a Configuration Script (Netgear Switch) #show running-config running-config.scr Config script created successfully. (Netgear Switch) Configuration Script Name ------------------------running-config.scr #script list Size(Bytes) ---------3201 1 configuration script(s) found. 1020799 bytes free. Example #5: Upload a Configuration Script (Netgear Switch) #copy nvram: script running-config.scr tftp://192.168.77.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 15-4 Configuration Scripting v1.
Chapter 16 Outbound Telnet This section describes the Outbound Telnet feature.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: show network (Netgear Switch Routing) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch Routing) User:admin Password: (Netgear Switch Routing) >en Password: (Netgear Switch Routing) #show network IP Address............................... Subnet Mask.............................. Default Gateway.......................... Burned In MAC Address.................... Locally Administered MAC Address.........
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #3: transport output telnet (Netgear Switch Routing) (Config)#lineconfig ? Press Enter to execute the command. (Netgear Switch Routing) (Config)#lineconfig (Netgear Switch Routing) (Line)#transport ? input output Displays the protocols to use to connect to a specific line of the router. Displays the protocols to use for outgoing connections from a line.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 16-4 Outbound Telnet v1.
Chapter 17 Port Mirroring This section describes the Port Mirroring feature.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: show monitor session (Netgear Switch Routing) #show monitor session 1 Session ID ---------1 Admin Mode ---------Enable Probe Port ---------1/0/8 Mirrored Port ------------1/0/7 Note: Monitor session ID “1” - “1” is a hardware limitation.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 port, and what is enabled or disabled on the port.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #5: (Config) monitor session 1 source interface Specify the source (mirrored) ports and destination (probe) port. (Netgear Switch Routing)(Config)#monitor session 1 source? interface Configure interface. (Netgear Switch Routing)(Config)#monitor session 1 source interface? Enter the interface.
Chapter 18 Simple Network Time Protocol (SNTP) This section describes the Simple Network Time Protocol (SNTP) feature. Overview SNTP: • Used for synchronizing network resources • Adaptation of NTP • Provides synchronized network timestamp • Can be used in broadcast or unicast mode • SNTP client implemented over UDP which listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: show sntp client (Netgear Switch Routing) #show sntp client Client Supported Modes: SNTP Version: Port: Client Mode: Unicast Poll Interval: Poll Timeout (seconds): Poll Retry: unicast broadcast 4 123 unicast 6 5 1 Example #3: show sntp server (Netgear Switch Routing) #show sntp server Server Server Server Server Server Server Server IP Address: Type: Stratum: Reference Id: Mode: Maximum Entries: Current Entries: 81.169.155.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 1. Configure the SNTP server IP address. The IP address can be either from the public NTP server or your own. You can search the Internet to locate the public server. The servers available could be listed in domain-name format instead of address format. In that case, use the ping command on the PC to find the server’s IP address. The following example configures the SNTP server IP address to 208.14.208.19.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #5: Setting Time Zone The SNTP/NTP server is set to Coordinated Universal Time (UTC) by default. The following example shows how to set the time zone to Pacific Standard Time (PST) which is 8 hours behind GMT/UTC. (Netgear switch)(config)#clock timezone PST -8 Example #6: Setting Named SNTP Server Netgear provides SNTP servers accessible by Netgear devices.
Chapter 19 Syslog This section provides information about the Syslog feature.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Interpreting Log Files <130> JAN 01 00:00:06 A 0.0.0.0-1 UNKN [0x800023]: C B D A. Priority B. Timestamp C. Stack ID D. Component Name E. Thread ID F. File Name G. Line Number E bootos.c(386) F G 4 %% Event (0xaaaaaaaa) H I CLI Examples The following are examples of the commands used in the Syslog feature. 19-2 Syslog v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #3: show logging traplogs (Netgear Switch Routing) #show logging traplogs Press Enter to execute the command. (Netgear Switch Routing) #show logging traplogs Number of Traps Since Last Reset............ Trap Log Capacity............................ Number of Traps Since Log Last Viewed.......
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #5: logging port configuration (Netgear Switch Routing) #config (Netgear Switch Routing) (Config)#logging ? buffered cli-command console host syslog Buffered (In-Memory) Logging Configuration. CLI Command Logging Configuration. Console Logging Configuration. Enter IP Address for Logging Host Syslog Configuration.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 19-6 Syslog v1.
Chapter 20 Managing Switch Stacks This chapter describes the concepts and recommended operating procedures to manage Netgear stackable managed switches running Release 4.x.x.x or newer. Netgear stackable managed switches include the following models: • FSM7328S • FSM7352S • FSM7352PS • GSM7328S • GSM7352S Note: The FSM family and GSM family cannot be stacked together at this point.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Understanding Switch Stacks A switch stack is a set of up to eight Ethernet switches connected through their stacking ports. One of the switches controls the operation of the stack and is called the stack master. The stack master and the other switches in the stack are stack members. The stack members use stacking technology to behave and work together as a unified system.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Switch Stack Membership A switch stack has up to eight stack members connected through their stacking ports. A switch stack always has one stack master. A standalone switch is a switch stack with one stack member that also operates as the stack master. You can connect one standalone switch to another to create a switch stack containing two stack members, with one of them being the stack master.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Switch Stack Cabling (FSM73xxS) Figure 20-1 and Figure 20-2 illustrate how individual switches are interconnected to form a stack. You can use the regular Category 5 Ethernet 8 wire cable. Figure 20-1 Interconnect ports 51 and 52 as shown port 51 port 52 Figure 20-2 20-4 Managing Switch Stacks v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Stack Master Election and Re-Election The stack master is elected or re-elected based on one of these factors and in the order listed: 1. The switch that is currently the stack master 2. The switch with the highest stack member priority value Note: Netgear recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Stack members in the same switch stack cannot have the same stack member number. Every stack member, including a standalone switch, retains its member number until you manually change the number or unless the number is already being used by another member in the stack. See “Renumbering Stack Members” and “Merging Two Operational Stacks”.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Table 20-1. Results of comparing the preconfiguration with the new switch Scenario Result The stack member numbers and the switch types The switch stack applies the configuration to the match. preconfigured new switch and adds it to the stack.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Switch Stack Software Compatibility Recommendations All stack members must run the same software version to ensure compatibility between stack members. The software versions on all stack members, including the stack master, must be the same. This helps ensure full compatibility in the stack protocol version among the stack members.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Switch Stack Management Connectivity You manage the switch stack and the stack member interfaces through the stack master. You can use the web interface, the CLI, and SNMP. You cannot manage stack members on an individual switch basis. Connectivity to the Switch Stack Through Console Ports You can connect to the stack master through the console port of the stack master only.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Table 20-2. Switch stack configuration scenarios (continued) Scenario Result Stack master election specifically determined by the The stack member with the higher MAC address is MAC address elected stack master. • Assuming that both stack members have the same priority value and software image, restart both stack members at the same time.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Stacking Recommendations The purpose of this section is to collect notes on recommended procedures and expected behavior of stacked managed switches. Procedures addressed initially are listed below. • Initial installation and power-up of a stack.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Initial installation and Power-up of a Stack 1. Install units in rack. 2. Install all stacking cables. Fully connect, including the redundant stack link. It is highly recommended that a redundant link be installed. 3. Identify the unit to be the master. Power this unit up first. 4. Monitor the console port. Allow this unit to come up to the login prompt.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Adding a Unit to an Operating Stack 1. Make sure the redundant stack connection is in place and functional. All stack members should be connected in a logical ring. 2. Preconfigure the new unit, if desired. 3. Install new unit in the rack. (Assumes installation below the bottom-most unit, or above the top-most unit). 4.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • Add the new stack unit to the stack using the process described in section “Adding a Unit to an Operating Stack”. The unit can be inserted into the same position as the unit just removed, or the unit can be inserted at the bottom of the stack.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Merging Two Operational Stacks It is strongly recommended that two functioning stacks (each having an independent master) not be merged simply by the reconnection of stack cables. That process may result in a number of unpredictable results and should be avoided. 1. Always power off all units in one stack before connecting into another stack. 2.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 archive command (in stack configuration mode) may be issued to make another attempt to copy the software to the unit(s) that did not get updated. Errors during code propagation to stack members could be caused by stack cable movement or unit reconfiguration during the propagation phase. An error could also occur in the presence of excessive network traffic (such as a broadcast event). All units in the stack must run the same code version.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Code Mismatch If a unit is added to a stack and it does not have the same version of code as that of the master, the following should happen: • “New” unit will boot up and become a “member” of the stack • Ports on the added unit should remain in the “detached” state • A message should appear on the CLI indicating a code mismatch with the newly added unit.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 20-18 Managing Switch Stacks v1.
Chapter 21 Pre-Login Banner This section describes the Pre-Login Banner feature. Overview Pre-Login Banner: • Allows you to create message screens when logging into the CLI Interface • By default, no Banner file exists • Can be uploaded or downloaded • File size cannot be larger than 2K The Pre-Login Banner feature is only for the CLI interface. CLI Example Example 1#: Create a Pre-Login Banner To create a Pre-Login Banner, follow these steps: 1. On your PC, using Notepad create a banner.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Transfer the file from the PC to the switch using TFTP (Netgear Switch Routing) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode........................................... Set TFTP Server IP............................. TFTP Path...................................... TFTP Filename.................................. Data Type...................................... TFTP 192.168.77.52 ./ banner.
Chapter 22 IGMP Querier When the switch is used in network applications where video services such as IPTV, video streaming, and gaming are deployed, the video traffic would normally be flooded to all connected ports because such traffic packets usually have multicast Ethernet addresses. IGMP snooping can be enabled to create a multicast group to direct that traffic only to those users that require it.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Examples Example #1: Enable IGMP Querier Use the following CLI commands to set up the switch to generate IGMP querier packet for a designated VLAN. The IGMP packet will be transmitted to every ports on the VLAN. The following example enables the querier for VLAN 1. See the CLI Manual for more details about other IGMP querier command options.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Chapter 23 DNS This section describes the Domain Name System (DNS) feature. The DNS protocol maps a host name to an IP address, allowing you to replace the IP address with the host name for IP commands such as a ping and a traceroute, and for features such as RADIUS, DHCP Relay, SNTP, SNMP, TFTP, SYSLOG, and UDP Relay. You can obtain the DNS server IP address from your ISP or public DNS server list.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Commands To use the CLI to specify two DNS servers, enter the following CLI commands: (Netgear (Netgear (Netgear (Netgear (Netgear Switch)#config Switch) (Config)#ip name-server 12.7.210.170 219.141.140.10 Switch) (Config)#ip domain-lookup Switch) (Config)#exit Switch)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example 2#: Manually Add a Host Name and an IP Address The following example shows commands to add a static host name entry to the switch so that you can use this entry to resolve the IP address. The example is shown as CLI commands and as a Web interface procedure.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www.netgear.com. • In the IP Address field, enter 206.82.202.46. 3. Click Add. The host name and IP address now show in the DNS Host Configuration table. 23-4 DNS v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Chapter 24 DHCP Server This section describes the DHCP server configuration. When a client sends a request to a DHCP server, the DHCP server assigns the IP address from address pools that are specified on the switch. The network in the DHCP pool must belong to the same subnet.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Web Interface Procedure To use the Web interface to create a DHCP server with a dynamic pool, proceed as follows: 1. From the main menu, select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. Figure 24-1 2. Next to Admin Mode, select the Enable radio button. 3. Click Apply to enable the DHCP service. 24-2 DHCP Server v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 4. From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 24-2 5. Under DHCP Pool Configuration, enter the following information: • Select Create from the Pool Name pulldown menu. • In the Pool Name field, enter pool_dynamic. • Select Dynamic from the Type of Binding pulldown menu. • In the Network Number field, enter 192.168.100.0.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Configure a DHCP Server in Manual Mode The following example shows how to create a DHCP server with a manual pool. The example is shown as CLI commands and as a Web interface procedure.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Web Interface Procedure To use the Web interface to create a DHCP server with a manual pool, proceed as follows: 1. From the main menu, select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. Figure 24-3 1. Next to Admin Mode, select the Enable radio button. 2. Click Apply to enable the DHCP service. 3.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 24-4 4. Under DHCP Pool Configuration, enter the following information: • Select Create from the Pool Name pulldown menu. • In the Pool Name field, enter pool_manual. • Select Manual from the Type of Binding pulldown menu. • In the Client Name field, enter dhcpclient. • In the Hardware Address field, enter 00:01:02:03:04:05. • Select ethernet from the Hardware Type pulldown menu. • In the Host Number field, enter 192.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Chapter 25 Protected Ports This section describes how to set up protected ports on the switch. Some situations might require that traffic is prevented from being forwarded between any ports at Layer 2 so that one user cannot see the traffic of another user on the same switch.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 . Figure 25-1 The example is shown as CLI commands and as a Web interface procedure. CLI Commands To use the CLI to configure a protected port in order to isolate ports, enter the following CLI commands: Step 1: Create one VLAN 192 including PC1 and PC2.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Step 2: Create one VLAN 202 connected to the Internet.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 a. From the main menu, select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. Figure 25-2 b. Under DHCP Pool Configuration, enter the following information: • Select Create from the Pool Name pulldown menu. • In the Pool Name field, enter pool-a. • Select Dynamic from the Type of Binding pulldown menu. 25-4 Protected Ports v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • In the Network Number field, enter 192.168.1.0. • In the Network Mask field, enter 255.255.255.0. • In the Days field, enter 1. • Click on Default Router Addresses. The DNS server address fields display. In the first router address field, enter 192.168.1.254. • Click on DNS Server Addresses. The router address fields display. In the first DNS server address field, enter 12.7.210.170. c. Click Add. 2.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The U specifies that the egress packet is untagged for the port. d. Click Apply to save the VLAN that includes ports 23 and 24. 3. Configure a VLAN and include port 1/0/48 in the VLAN: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 25-4 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 202.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 0-1 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. c. Click Apply to enable IP Routing. 5. Configure default route for VLAN 202: a. From the main menu, select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. Figure 25-5 b.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 6. Configure port 23 and port 24 as protected ports: a. From the main menu, select Security > Traffic Control > Protected Port. A screen similar to the following displays. Figure 25-6 b. Under Protected Ports Configuration, Click Unit 1. The ports display. c. Click the gray box under ports 23. A flag appears in the box. d. Click the gray box under ports 24. A flag appears in the box. e.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Chapter 26 802.1x Port Security This section describes how to configure the 802.1x Port Security feature on a switch port. IEEE 802.1x authentication prevents unauthorized clients from connecting to a VLAN unless these clients are authorized by the server. Overview 802.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 26-1 The example is shown as CLI commands and as a Web interface procedure. CLI Commands To use the CLI to enable 802.1x authentication on one port, and to allow only the user with the name “adam” to access the VLAN, enter the following CLI commands: Create a VLAN 100, then add 1/0/1 to this VLAN and assign IP address 192.168.100.1 to it.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Add a new listname named dot1xList. (Netgear Switch) (Config)#authentication login dot1xList Enable 802.1x on the switch. (Netgear Switch) (Config)#dot1x system-auth-control Permit the user adam to login. (Netgear Switch) (Config)#dot1x login adam dot1xList Permit 4 users to login simultaneously. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#dot1x max-user 4 Enable the MAC-based method.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 100. • In the IP Address field, enter 192.168.100.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display: d. Click the gray box under port 1 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 100. 2. Enable IP Routing: a.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 3. Add a new user account with the name “adam”: a. From the main menu, select Security > Management Security > User Configuration > User Management. A screen similar to the following displays. Figure 26-3 b. Under Manage Users, in the User Name field, enter “adam” (without the quotes). c. Click Add. 4. Add a new authentication list with the name “dot1xList”: a.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 5. Enable port authentication: a. From the main menu, select Security > Port Authentication > Basic > 802.1x Configuration. A screen similar to the following displays. Figure 26-5 b. Under Mode, next to Administrative Mode, select the Enable radio button. c. Under 802.1X Configuration, select the following: • Select adam from the Users pulldown menu. • Select dot1xList from the Login pulldown menu. d. Click Apply to save the changes.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 b. Under Port Authentication, enter the following information: • In the Max Users field, enter 4. • Select Mac based from the Port Method pulldown menu. c. Click Apply to save the settings. 802.1x Port Security 26-7 v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 26-8 802.1x Port Security v1.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Chapter 27 Double VLANs This section describes how to configure the Double VLAN (DVLAN) feature on the switch. A DVLAN is a way to pass traffic of customers who have multiple VLANs from one customer domain to another customer domain. Custom VLAN IDs are preserved and a provider service VLAN ID is added to the traffic so that the traffic can pass the metro core in a simple and costeffective manner.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 27-1 The example is shown as CLI commands and as a Web interface procedure. CLI Commands To use the CLI to enable a double VLAN on a VLAN, enter the following CLI commands: Create a (Netgear (Netgear (Netgear VLAN 200. Switch)#vlan database Switch) (Vlan)#vlan 200 Switch) (Vlan)#exit Add interface 1/0/24 to VLAN 200, add pvid 200 to the port.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Select interface (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) 1/0/48 as the provider port. (Config)# (Config)#interface 1/0/48 (Interface 1/0/48)#mode dvlan-tunnel (Interface 1/0/48)#exit Web Interface Procedure To use the Web Interface to enable a double VLAN on a VLAN, proceed as follows: 1. Create static VLAN 200: a. From the main menu, select Switching > VLAN > Basic > VLAN Configuration.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Add ports 24 and 48 to VLAN 200. a. From the main menu, select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. Figure 27-3 b. Under VLAN Membership, select 200 from the VLAN ID pulldown menu. c. Click Unit 1. The ports display: • Click the gray box under port 24 twice until U displays. The U specifies that the egress packet is untagged for the port.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 3. Change the Port VLAN ID (PVID) of port 24 to 200: a. From the main menu, select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 27-4 b. Under PVID Configuration, scroll down to interface 1/0/24 and select the chechbox for that interface. 1/0/24 now appears in the Interface field at the top. c. Under PVID Configuration, in the PVID (1 to 4093) field, enter 200. d.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 4. Configure port 48 as the provider service port: a. From the main menu, select Switching > VLAN > Advanced > Port DVLAN Configuration. A screen similar to the following displays. Figure 27-5 b. Under DVLAN Configuration, scroll down to interface 1/0/48 and select the chechbox for that interface. 1/0/48 now appears in the Interface field at the top. c. Select Enable from the Admin Mode pulldown menu. d. Click Apply to save the settings.
Index Numerics 802.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Index-4 v1.