NETGEAR 7000 Series Managed Switch Administration Guide NETGEAR, Inc.
© 2006 by NETGEAR, Inc. All rights reserved. FullManual. Trademarks NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR, Inc.. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Portions of this document are copyright Intoto, Inc.
Note: Delete this note and the information below for products that are not wireless. FCC Information to User This product does not contain any user serviceable components and is to be used with approved antennas only. Any product changes or modifications will invalidate all applicable regulatory certifications and approvals FCC Guidelines for Human Exposure This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment.
• Consult the dealer or an experienced radio/TV technician for help. 7000 Series Managed Switch Tested to Comply with FCC Standards FOR HOME OR OFFICE USE PY3WG111 Modifications made to the product, unless expressly approved byNETGEAR, Inc., could void the user's right to operate the equipment.
Contents NETGEAR 7000 Series Managed Switch Administration Guide About This Book .................................................................................................................... xi Chapter 1 Getting Started In-band and Out-of-band Connectivity ............................................................................1-1 Configuring for In-band Connectivity ........................................................................1-1 Using BootP or DHCP ..................................
Example #3: Assign Ports to VLAN3 ........................................................................3-3 Example #4: Assign VLAN3 as the Default VLAN ...................................................3-3 Graphical User Interface .................................................................................................3-4 Chapter 4 Link Aggregation CLI Example ...................................................................................................................
Proxy Address Resolution Protocol (ARP) ...................................................................5-21 Overview ................................................................................................................5-21 CLI Examples .........................................................................................................5-22 Example #1: show ip interface .........................................................................5-22 Example #2: ip proxy-arp ..................
Example #2: set classofservice trust mode ..............................................................8-4 Example #3: show classofservice ip-precedence mapping ......................................8-5 Example #4: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode 8-5 Example #5: Set CoS Trust Mode of an Interface ....................................................8-6 Traffic Shaping ........................................................................................................
Example #2: script list and script delete .................................................................13-2 Example #3: script apply running-config.scr ..........................................................13-2 Example #4: Creating a Configuration Script .........................................................13-3 Example #5: Upload a Configuration Script ...........................................................13-3 Chapter 14 Outbound Telnet Overview .............................................
Chapter 18 Syslog Overview .......................................................................................................................18-1 Persistent Log Files ................................................................................................18-1 Interpreting Log Files .............................................................................................18-2 CLI Examples .........................................................................................................
About This Book This document provides an understanding of the CLI and Web configuration options for software Release 4.3 features. Document Organization This document provides examples of the use of the switch software in a typical network. It describes the use and advantages of specific functions provided by the 7000 Series Managed Switch, and includes information on configuring those functions using the Command Line Interface and Web Interface.
NETGEAR 7000 Series Managed Switch Administration Guide • Multicast – • • Security – Denial of Service – Port Security Operating System – • IGMP Snooping Dual Configuration Tools – Alarm Manager – Traceroute – Configuration Scripting – Advance Keying – Prelogin Banner – Port Mirroring – SNTP – Syslog – Data Migration Audience Use this guide if you are a(n): • Experienced system administrator who is responsible for configuring and operating a network using switch software •
NETGEAR 7000 Series Managed Switch Administration Guide Refer to the Command Line Reference for information for the command structure Related Documentation Before proceeding, read the Release Notes for this switch product. The Release Notes detail the platform specific functionality of the Switching, Routing, SNMP, Config, Management, and other packages.
NETGEAR 7000 Series Managed Switch Administration Guide xiv v1.
Chapter 1 Getting Started Connect a terminal to the switch to begin configuration. In-band and Out-of-band Connectivity Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. Configuring for In-band Connectivity In-band connectivity allows you to access the switch from a remote workstation using the Ethernet network.
NETGEAR 7000 Series Managed Switch Administration Guide MAC Address MAC address of the switch When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for in-band connectivity over the network. If you do not use BootP or DHCP, access the switch through the EIA-232 port, and configure the network information as described below.
NETGEAR 7000 Series Managed Switch Administration Guide config network parms ipaddress netmask gateway IP Address Unique IP address for the switch. Each IP parameter is made up of four decimal numbers, ranging from 0 to 255. The default for all IP parameters is zeroes (0.0.0.0). Subnet Subnet mask for the LAN. gateway IP address of the default router, if the switch is a node outside the IP range of the LAN. 6.
NETGEAR 7000 Series Managed Switch Administration Guide e. Select the proper mode under Properties. f. Select Terminal keys. Note: When using HyperTerminal with Microsoft Windows 2000, make sure that you have Windows 2000 Service Pack 2 or later installed. With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal's VT100 emulation. Go to www.microsoft.com for more information on Windows 2000 service packs. 3.
NETGEAR 7000 Series Managed Switch Administration Guide • The console connection was established and the console prompt appears on the screen of a VT100 terminal or terminal equivalent. The initial switch configuration is performed through the console port. After the initial configuration, you can manage the switch either from the already-connected console port or remotely through an interface defined during the initial configuration. The switch is not configured with a default user name and password.
NETGEAR 7000 Series Managed Switch Administration Guide Software Installation This section contains procedures to help you become acquainted quickly with the switch software. Before installing switch software, you should verify that the switch operates with the most recent firmware. Quick Starting the Networking Device 1. Configure the switch for In-band or Out-of-Band connectivity. In-band connectivity allows access to the software locally or from a remote workstation.
NETGEAR 7000 Series Managed Switch Administration Guide • • • • Uploading from Networking Device to Out-of-Band PC (Only XMODEM) Downloading from Out-of-Band PC to Networking Device (Only XMODEM) Downloading from TFTP Server Restoring factory defaults If you configure any network parameters, you should execute the following command: copy system:running-config nvram:startup-config This command saves the changes to the configuration file. You must be in the correct mode to execute the command.
NETGEAR 7000 Series Managed Switch Administration Guide Table 1-1. Quick Start Commands Command Mode Description copy system:running-config nvram:startupconfig Privileged EXEC Saves passwords and all other changes to the device. logout User EXEC Privileged EXEC Logs the user out of the networking device. show network User EXEC Displays the following network configuration information: If you do not save the configuration, all changes are lost when you power down or reset the networking device.
NETGEAR 7000 Series Managed Switch Administration Guide Table 1-1. Quick Start Commands Command Mode copy nvram:errorlog / /> Privileged EXEC copy nvram:traplog / /> Privileged EXEC copy / /> nvram:startupconfig Privileged EXEC Description Starts the error log upload, displays the mode and type of upload and confirms the upload is progressing.
NETGEAR 7000 Series Managed Switch Administration Guide Table 1-1. Quick Start Commands Command Mode Description copy / /> system:image Privileged EXEC Sets the destination (download) datatype to be an image. clear config Privileged EXEC Enter yes when the prompt asks if you want to clear all the configurations made to the networking device.
Chapter 2 Using the Web Interface This chapter is a brief introduction to the web interface — it explains how to access the Web-based management panels to configure and manage the system. Tip: Use the Web interface for configuration instead of the CLI interface. Web configuration is quicker and easier than entering the multiple required CLI commands. There are equivalent functions in the Web interface and the terminal interface—that is, both applications usually employ the same menus to accomplish a task.
NETGEAR 7000 Series Managed Switch Administration Guide a. At the CLI prompt, enter the show network command. b. Set Web Mode to Enabled. Starting the Web Interface Follow these steps to start the switch Web interface: 1. Enter the IP address of the switch in the Web browser address field. 2. When the Login panel is displayed click Login. 3. .Enter the appropriate User Name and Password. The User Name and associated Password are the same as those used for the terminal interface. Click on the Login button.
NETGEAR 7000 Series Managed Switch Administration Guide 3. Enter a new user name in the User Name field. 4. Enter a new user password in the Password field and then retype it in the Confirm Password field. Note: If SNMPv3 Authentication is to be used for this user, the password must be eight or more alphanumeric characters. 5. If you do not need authentication, go to Step 9. 6.
NETGEAR 7000 Series Managed Switch Administration Guide 2-4 Using the Web Interface v1.
Chapter 3 Virtual LANs Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security and management of multicast traffic. A VLAN is a set of end stations and the switch ports that connect them.
NETGEAR 7000 Series Managed Switch Administration Guide VLAN Configuration Example The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. port 1/0/2 handles traffic for both VLANs, while port 1/0/1 is a member of VLAN 2 only, and ports 1/0/3 and 1/0/4 are members of VLAN 3 only. The script following the diagram shows the commands you would use to configure the switch as shown in the diagram.
NETGEAR 7000 Series Managed Switch Administration Guide Example #2: Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2, specify that frames will always be transmitted tagged from all member ports, and that untagged frames will be rejected on receipt.
NETGEAR 7000 Series Managed Switch Administration Guide Graphical User Interface Use the following screens to perform the same configuration using the Graphical User Interface: • Switching --> VLAN--> Configuration. To create the VLANs and specify port participation. • Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt, and whether frames will be transmitted tagged or untagged. 3-4 Virtual LANs v1.
Chapter 4 Link Aggregation This section includes instructions on configuring Link Aggregation using the Command Line Interface and the Graphical User Interface. Link Aggregation (LAG) allows the switch to treat multiple physical links between two end-points as a single logical link. All of the physical links in a given LAG must operate in full-duplex mode at the same speed.
NETGEAR 7000 Series Managed Switch Administration Guide Figure 4-1 shows the example network. Figure 4-1 4-2 Link Aggregation v1.
NETGEAR 7000 Series Managed Switch Administration Guide Example 1: Create two LAGS: (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) #config (Config)#port-channel lag_10 (Config)#port-channel lag_20 (Config)#exit Use the show port-channel all command to show the logical interface ids you will use to identify the LAGs in subsequent commands. Assume that lag_10 is assigned id 1/1/1 and lag_20 is assigned id 1/1/2. (Console) #show port-channel all PortLink Log. Channel Adm.
NETGEAR 7000 Series Managed Switch Administration Guide Example 2: Add the ports to the LAGs: (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) #config (Config)#interface 0/2 (Interface 0/2)#addport (Interface 0/2)#exit (Config)#interface 0/3 (Interface 0/3)#addport (Interface 0/3)#exit (Config)#interface 0/8 (Interface
Chapter 5 IP Routing Services IP routing services are divided into five areas: • Port Routing • VLAN Routing • Routing Information Protocol (RIP) • Open Shortest Path First (OSPF) Protocol • Proxy Address Resolution Protocol (ARP) Port Routing The first networks were small enough for the end stations to communicate directly.
NETGEAR 7000 Series Managed Switch Administration Guide Port Routing Configuration The 7000 Series Managed Switch always supports Layer 2 bridging, but Layer 3 routing must be explicitly enabled, first for the 7000 Series Managed Switch as a whole, and then for each port which is to participate in the routed network. The configuration commands used in the example in this section enable IP routing on ports 1/0/ 2,1/0/3, and 1/0/5.
NETGEAR 7000 Series Managed Switch Administration Guide CLI Examples This diagram shows a Layer 3 switch configured for port routing. It connects three different subnets, each connected to a different port. The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the port routing support shown in the diagram. Figure 5-1 Example 1. Enabling routing for the Switch Use the following command to enable routing for the switch.
NETGEAR 7000 Series Managed Switch Administration Guide Example 2. Enabling Routing for Ports on the Switch Use the following commands to enable routing for ports on the switch. The default link-level encapsulation format is Ethernet. Configure the IP addresses and subnet masks for the ports. Network directed broadcast frames will be dropped and the maximum transmission unit (MTU) size will be 1500 bytes.
NETGEAR 7000 Series Managed Switch Administration Guide The next section will show you how to configure the 7000 Series Managed Switch to support VLAN routing and how to use RIP and OSPF. A port may be either a VLAN port or a router port, but not both. However, a VLAN port may be part of a VLAN that is itself a router port. VLAN Routing Configuration This section provides an example of how to configure 7000 Series Managed Switch to support VLAN routing.
NETGEAR 7000 Series Managed Switch Administration Guide Example 1: Create Two VLANs The following code sequence shows an example of creating two VLANs with egress frame tagging enabled.
NETGEAR 7000 Series Managed Switch Administration Guide The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports. (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) (Config)#interface vlan 10 (Interface-vlan 10)#ip address 192.150.3.1 255.255.255.0 (Interface-vlan 10)#exit (Config)#interface vlan 20 (Interface-vlan 20)#ip address 192.150.4.1 255.255.255.
NETGEAR 7000 Series Managed Switch Administration Guide CLI Example This example adds support for RIPv2 to the configuration created in the base VLAN routing example. A second router, using port routing rather than VLAN routing, has been added to the network. Figure 5-3 5-8 IP Routing Services v1.
NETGEAR 7000 Series Managed Switch Administration Guide Example of configuring VLAN Routing with RIP support on a 7000 Series Managed Switch (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch)
NETGEAR 7000 Series Managed Switch Administration Guide VLAN Routing OSPF Configuration For larger networks Open Shortest Path First (OSPF) is generally used in preference to RIP.
NETGEAR 7000 Series Managed Switch Administration Guide Example of configuring OSPF on a 7000 Series Managed Switch acting as an inter-area router: (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Sw
NETGEAR 7000 Series Managed Switch Administration Guide Set the OSPF priority and cost for the VLAN and physical router ports.
NETGEAR 7000 Series Managed Switch Administration Guide • To prevent any RIP packets from being transmitted CLI Example The configuration commands used in the following example enable RIP on ports 1/0/2 and 1/0/3 as shown in the network illustrated in Figure 5-4 Figure 5-4 Example #1: Enable Routing for the Switch: The following sequence enables routing for the switch: (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit IP Routing Services 5-13 v1.
NETGEAR 7000 Series Managed Switch Administration Guide Example #2: Enable Routing for Ports The following command sequence enables routing and assigns IP addresses for ports 1/0/2 and 1/ 0/3. (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) Switch) #config (Config)#interface 1/0/2 (Interface 1/0/2)#routing (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.
NETGEAR 7000 Series Managed Switch Administration Guide Example #4. Enable RIP for ports 1/0/2 and 1/0/3 This command sequence enables RIP for ports 1/0/2 and 1/0/3. Authentication defaults to none, and no default route entry is created. The commands specify that both ports receive both RIPv1 and RIPv2 frames, but send only RIPv2 formatted frames.
NETGEAR 7000 Series Managed Switch Administration Guide • Intra-area • Inter-area • External type 1: the route is external to the AS • External Type 2: the route was learned from other protocols such as RIP CLI Examples The examples in this section show you how to configure a 7000 Series Managed Switch first as an inter-area router and then as a border router. They show two areas, each with its own border router connected to one inter-area router.
NETGEAR 7000 Series Managed Switch Administration Guide Example #1 Configuring an Inter-Area Router Figure 5-5 Enable Routing for the Switch. The following command sequence enables ip routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Assign IP Addresses for Ports.
NETGEAR 7000 Series Managed Switch Administration Guide Specify Router ID and Enable OSPF for the Switch. The following sequence specifies the router ID and enables OSPF for the switch. Set disable1583 compatibility to prevent the routing loop. (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) #config (Config)#router ospf (Config router)#enable (Config router)#router-id 192.150.9.
NETGEAR 7000 Series Managed Switch Administration Guide Example #2 - Configuring OSPF on a Border Router Figure 5-6 IP Routing Services 5-19 v1.
NETGEAR 7000 Series Managed Switch Administration Guide The following example configures OSPF on a 7000 Series Managed Switch operating as a border router: Enable routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Enable routing & assign IP for ports 1/0/2, 1/0/3 and 1/0/4.
NETGEAR 7000 Series Managed Switch Administration Guide Enable OSPF for the ports and set the OSPF priority and cost for the ports. (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) Switch) Switch) Switch) #config (Config)#interface 1/0/2 (Interface 1/0/2)#ip ospf (Interface 1/0/2)#ip ospf areaid 0.0.0.
NETGEAR 7000 Series Managed Switch Administration Guide CLI Examples The following are examples of the commands used in the proxy ARP feature. Example #1: show ip interface (Netgear Switch) #show ip interface ? brief Enter an interface in slot/port format. Display summary information about IP configuration settings for all ports. (Netgear Switch) #show ip interface 0/24 Routing Mode................................... Administrative Mode............................
Chapter 6 Virtual Router Redundancy Protocol When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network. If the router goes down, the end station is unable to communicate. Since static configuration is a convenient way to assign router addresses, Virtual Router Redundancy Protocol (VRRP) was developed to provide a backup mechanism.
NETGEAR 7000 Series Managed Switch Administration Guide CLI Examples This example shows how to configure the 7000 Series Managed Switch to support VRRP. Router 1 will be the default master router for the virtual route, and Router 2 will be the backup router. Figure 6-1 6-2 Virtual Router Redundancy Protocol v1.
NETGEAR 7000 Series Managed Switch Administration Guide The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the master router: Enable routing for the switch. IP forwarding will then be enabled by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear (Netgear (Netgear (Netgear Configure the IP addresses and subnet masks for the port that will particpate in the protocol.
NETGEAR 7000 Series Managed Switch Administration Guide The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the backup router: Enable routing for the switch. IP forwarding will then be enabled by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear (Netgear (Netgear (Netgear Configure the IP addresses and subnet masks for the port that will particpate in the protocol.
Chapter 7 Access Control Lists (ACLs) This section describes the Access Control Lists (ACLs) feature. Overview Access Control Lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a firewall router or in a router connecting two internal networks. When you configure ACLs, you can selectively admit or reject inbound traffic, thereby controlling access to your network or to specific resources on your network. You can set up ACLs to control traffic at Layer 2, or Layer3.
NETGEAR 7000 Series Managed Switch Administration Guide • Destination MAC address with mask • VLAN ID (or range of IDs) • Class of Service (CoS) (802.
NETGEAR 7000 Series Managed Switch Administration Guide Process To configure ACLs, follow these steps: • Create an ACL by specifying a name (MAC ACL) or a number (IP ACL) • Add new rules to the ACL • Configure the match criteria for the rules • Apply the ACL to one or more interfaces IP ACL CLI Example The script in this section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic and one to UDP traffic. The content of the two rules is the same.
NETGEAR 7000 Series Managed Switch Administration Guide The following is an example of configuring ACL support on a 7000 Series Managed Switch: Create ACL 101. Define the first rule: it will permit packets with a match on the specified Source IP address, after the mask has been applied, that are carrying TCP traffic, and are sent to the specified Destination IP address. (Netgear Switch) #config (Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.
NETGEAR 7000 Series Managed Switch Administration Guide Example #1: mac access list (Netgear Switch)(Config)#mac access-list ? extended Configure extended MAC Access List parameters. Netgear Switch)(Config)#mac access-list extended ? rename Enter access-list name up to 31 characters in length. Rename MAC Access Control List. (Netgear Switch) (Config)#mac access-list extended b1 ? Press Enter to execute the command.
NETGEAR 7000 Series Managed Switch Administration Guide Example #2: permit any (Netgear Switch) (Config-mac access-list)#permit ? any Enter a MAC address. Configure a match condition for all the destination MAC addresses in the Destination MAC Address field. (Netgear Switch) (Config-mac access-list)#permit any ? any Enter a MAC address. Configure a match condition for all the destination MAC addresses in the Destination MAC Address field.
NETGEAR 7000 Series Managed Switch Administration Guide Example #3 Configure mac access-group (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#mac ? access-group Attach MAC Access List to Interface. (Netgear Switch) (Interface 1/0/5)#mac access-group ? Enter name of MAC Access Control List. (Netgear Switch) (Interface 1/0/5)#mac access-group b1 ? in Enter the direction .
NETGEAR 7000 Series Managed Switch Administration Guide Example #4 permit (Netgear Switch) (Config)#mac access-list extended b2 (Netgear Switch) (Config-mac-access-list)#permit 00:00:00:00:00:00 ? any Enter a MAC Address. Configure a a match condition for all the destination MAC addresses in the Destination MAC Address field. (Netgear Switch) (Config-mac-access-list)#permit 00:00:00:00:00:00 any access-queue cos Configure the Queue Id assignment attribute.
NETGEAR 7000 Series Managed Switch Administration Guide Example #5: show mac access-lists (Netgear Switch) #show mac access-lists Current number of all ACLs: 2 Maximum number of all ACLs: 100 MAC ACL Name -----------b1 b2 Rules ----1 1 (Netgear Switch) Direction --------inbound #show mac access-lists ? Enter access-list name up to 31 characters in length. Press Enter to execute the command.
NETGEAR 7000 Series Managed Switch Administration Guide 7-10 Access Control Lists (ACLs) v1.
Chapter 8 Class of Service (CoS) Queuing This section describes the Class of Service (CoS) Queue Mapping and Traffic Shaping features. Overview Each port has one or more queues for packet transmission. During configuration, you can determine the mapping and configuration of these queues. Based on service rate and other criteria you configure, queues provide preference to specified packets. If a delay becomes necessary, the system holds packets until the scheduler authorizes transmission.
NETGEAR 7000 Series Managed Switch Administration Guide – – IP Precedence IP DiffServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header. You configure this by mapping the 802.1p priorities to one of three traffic class queues.
NETGEAR 7000 Series Managed Switch Administration Guide – Tail drop vs. WRED Drop Precedence Configuration (per Queue) • • WRED parameters – Minimum threshold – Maximum threshold – Drop probability – Scale factor Tail Drop parameters – Threshold Per Interface Basis • Queue management type – Tail Drop vs.
NETGEAR 7000 Series Managed Switch Administration Guide Example #1: show classofservice trust (Netgear Switch) #show classofservice trust ? Press Enter to execute the command. (Netgear Switch) #show classofservice trust Class of Service Trust Mode: Dot1P Example #2: set classofservice trust mode (Netgear Switch) (Config)#classofservice ? dot1p-mapping ip-dscp-mapping trust Configure dot1p priority mapping. Maps an IP DSCP value to an internal traffic class.
NETGEAR 7000 Series Managed Switch Administration Guide Example #3: show classofservice ip-precedence mapping (Netgear Switch) #show classofservice ip-precedence-mapping IP Precedence ------------0 1 2 3 4 5 6 7 Traffic Class ------------1 0 0 1 2 2 3 3 Example #4: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode (Netgear Switch) (Config)#cos-queue min-bandwidth ? Enter the minimum bandwidth percentage for Queue 0.
NETGEAR 7000 Series Managed Switch Administration Guide Example #5: Set CoS Trust Mode of an Interface (Netgear Switch) (Config)#classofservice trust ? dot1p ip-dscp Sets the Class of Service Trust Mode of an Interface to 802.1p. Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Config)#classofservice trust dot1p ? Press Enter to execute the command.
NETGEAR 7000 Series Managed Switch Administration Guide Example #1 traffic-shape (Netgear Switch) (Config)#traffic-shape ? Enter the shaping bandwidth percentage from 0 to 100 in increments of 5. (Netgear Switch) (Config)#traffic-shape 70 ? Press Enter to execute the command. (Netgear Switch) (Config)#traffic-shape 70 (Netgear Switch) (Config)# Class of Service (CoS) Queuing 8-7 v1.
NETGEAR 7000 Series Managed Switch Administration Guide 8-8 Class of Service (CoS) Queuing v1.
Chapter 9 Differentiated Services Differentiated Services (DiffServ) is one technique for implementing Quality of Service (QoS) policies. Using DiffServ in your network allows you to directly configure the relevant parameters on the switches and routers rather than using a resource reservation protocol.This section explains how to configure the 7000 Series Managed Switch to identify which traffic class a packet belongs to, and how it should be handled to provide the desired quality of service.
NETGEAR 7000 Series Managed Switch Administration Guide • – Marking the packet with a given DSCP code point, IP precedence, or CoS – Policing packets by dropping or re-marking those that exceed the class’s assigned data rate – Counting the traffic within the class Service. Assigns a policy to an interface for inbound traffic CLI Example This example shows how a network administrator can provide equal access to the Internet (or other external network) to different departments within a company.
NETGEAR 7000 Series Managed Switch Administration Guide The following example configures DiffServ on a 7000 Series Managed Switch: Ensure DiffServ operation is enabled for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#diffserv Create a DiffServ class of type “all” for each of the departments, and name them. Define the match criteria -- Source IP address -for the new classes. (Netgear Switch) (Config)#class-map match-all finance_dept (Netgear Switch) (Config class-map)#match srcip 172.16.
NETGEAR 7000 Series Managed Switch Administration Guide Attach the defined policy to interfaces 1/0/1 through 1/0/4 in the inbound direction (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#service-policy in internet_access (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#service-policy in internet_access (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interfac
NETGEAR 7000 Series Managed Switch Administration Guide a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side. The configuration script is for Router 1 in the accompanying diagram: a similar script should be applied to Router 2. Figure 9-2 Differentiated Services 9-5 v1.
NETGEAR 7000 Series Managed Switch Administration Guide The following example configures DiffServ VoIP support: Enter Global Config mode. Set queue 5 on all ports to use strict priority mode. This queue shall be used for all VoIP packets. Activate DiffServ for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#cos-queue strict 5 (Netgear Switch) (Config)#diffserv Create a DiffServ classifier named 'class_voip' and define a single match criterion to detect UDP packets.
Chapter 10 IGMP Snooping This section describes the Internet Group Management Protocol (IGMP) feature: IGMPv3 and IGMP Snooping. Overview IGMP: • Uses Version 3 of IGMP • Includes snooping • Snooping can be enabled per VLAN CLI Examples The following are examples of the commands used in the IGMP Snooping feature. Example #1: Enable IGMP Snooping The following example shows how to eanble IGMP snooping.
NETGEAR 7000 Series Managed Switch Administration Guide Example #2: show igmpsnooping (Netgear Switch) mrouter <1-4093> #show igmpsnooping? Press Enter to execute the command. Enter interface in slot/port format. Display IGMP Snooping Multicast Router information. Display IGMP Snooping valid VLAN ID information. (Netgear Switch) #show igmpsnooping Admin Mode............................... Multicast Control Frame Count............ Interfaces Enabled for IGMP Snooping.....
Chapter 11 Port Security This section describes the Port Security feature.
NETGEAR 7000 Series Managed Switch Administration Guide Operation Port Security: • Helps secure network by preventing unknown devices from forwarding packets • When link goes down, all dynamically locked addresses are ‘freed’ • If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets with a MAC address matching the MAC address in the static list • Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the a
NETGEAR 7000 Series Managed Switch Administration Guide CLI Examples The following are examples of the commands used in the Port Security feature. Example #1: show port security (Netgear Switch) #show port-security ? all dynamic static violation Press Enter to execute the command. Display port-security information for all interfaces. Enter interface in unit/slot/port format. Display dynamically locked MAC addresses. Display statically locked MAC addresses.
NETGEAR 7000 Series Managed Switch Administration Guide 11-4 Port Security v1.
Chapter 12 Traceroute This section describes the Traceroute feature. Use Traceroute to discover the routes that packets take when traveling on a hop-by-hop basis to their destination through the network.
NETGEAR 7000 Series Managed Switch Administration Guide CLI Example The following shows an example of using the traceroute command to determine how many hops there are to the destination. The command output shows each IP address the packet passes through and how long it takes to get there. In this example, the packet takes 16 hops to reach its destination. (Netgear Switch) #traceroute? Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? Press Enter to execute the command.
Chapter 13 Configuration Scripting This section describes the Configuration Scripting feature.
NETGEAR 7000 Series Managed Switch Administration Guide Example #1: script (Netgear Switch) #script ? apply delete list show validate Applies configuration script to the switch. Deletes a configuration script file from the switch. Lists all configuration script files present on the switch. Displays the contents of configuration script. Validate the commands of configuration script.
NETGEAR 7000 Series Managed Switch Administration Guide Example #4: Creating a Configuration Script (Netgear Switch) #show running-config running-config.scr Config script created successfully. (Netgear Switch) Configuration Script Name ------------------------running-config.scr #script list Size(Bytes) ---------3201 1 configuration script(s) found. 1020799 bytes free. Example #5: Upload a Configuration Script (Netgear Switch) #copy nvram: script running-config.scr tftp://192.168.77.52/running-config.
NETGEAR 7000 Series Managed Switch Administration Guide 13-4 Configuration Scripting v1.
Chapter 14 Outbound Telnet This section describes the Outbound Telnet feature.
NETGEAR 7000 Series Managed Switch Administration Guide Example #1: show network (Netgear Switch Routing) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch Routing) User:admin Password: (Netgear Switch Routing) >en Password: (Netgear Switch Routing) #show network IP Address............................... Subnet Mask.............................. Default Gateway.......................... Burned In MAC Address.................... Locally Administered MAC Address......... MAC Address Type.....
NETGEAR 7000 Series Managed Switch Administration Guide Example #3: transport output telnet (Netgear Switch Routing) (Config)#lineconfig ? Press Enter to execute the command. (Netgear Switch Routing) (Config)#lineconfig (Netgear Switch Routing) (Line)#transport ? input output Displays the protocols to use to connect to a specific line of the router. Displays the protocols to use for outgoing connections from a line.
NETGEAR 7000 Series Managed Switch Administration Guide 14-4 Outbound Telnet v1.
Chapter 15 Port Mirroring This section describes the Port Mirroring feature.
NETGEAR 7000 Series Managed Switch Administration Guide Example #1: show monitor session (Netgear Switch Routing) #show monitor session 1 Session ID ---------1 Admin Mode ---------Enable Probe Port ---------1/0/8 Mirrored Port ------------1/0/7 Note: Monitor session ID “1” - “1” is a hardware limitation.
NETGEAR 7000 Series Managed Switch Administration Guide port, and what is enabled or disabled on the port.
NETGEAR 7000 Series Managed Switch Administration Guide Example #5: (Config) monitor session 1 source interface Specify the source (mirrored) ports and destination (probe) port. (Netgear Switch Routing)(Config)#monitor session 1 source? interface Configure interface. (Netgear Switch Routing)(Config)#monitor session 1 source interface? Enter the interface.
Chapter 16 Simple Network Time Protocol (SNTP) This section describes the Simple Network Time Protocol (SNTP) feature. Overview SNTP: • Used for synchronizing network resources • Adaptation of NTP • Provides synchronized network timestamp • Can be used in broadcast or unicast mode • SNTP client implemented over UDP which listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature.
NETGEAR 7000 Series Managed Switch Administration Guide Example #2: show sntp client (Netgear Switch Routing) #show sntp client Client Supported Modes: SNTP Version: Port: Client Mode: Unicast Poll Interval: Poll Timeout (seconds): Poll Retry: unicast broadcast 4 123 unicast 6 5 1 Example #3: show sntp server (Netgear Switch Routing) #show sntp server Server Server Server Server Server Server Server IP Address: Type: Stratum: Reference Id: Mode: Maximum Entries: Current Entries: 81.169.155.
NETGEAR 7000 Series Managed Switch Administration Guide 1. Configure the SNTP server IP address. The IP address can be either from the public NTP server or your own. You can search the Internet to locate the public server. The servers available could be listed in domain-name format instead of address format. In that case, use the ping command on the PC to find the server’s IP address. The following example configures the SNTP server IP address to 208.14.208.19. (Netgear Switch) (Config)#sntp server 208.14.
NETGEAR 7000 Series Managed Switch Administration Guide 16-4 Simple Network Time Protocol (SNTP) v1.
Chapter 17 Pre-Login Banner This section describes the Pre-Login Banner feature. Overview Pre-Login Banner: • Allows you to create message screens when logging into the CLI Interface • By default, no Banner file exists • Can be uploaded or downloaded • File size cannot be larger than 2K The Pre-Login Banner feature is only for the CLI interface. CLI Example To create a Pre-Login Banner, follow these steps: 1. On your PC, using Notepad create a banner.txt file that contains the banner to be displayed.
NETGEAR 7000 Series Managed Switch Administration Guide 2. Transfer the file from the PC to the switch using TFTP (Netgear Switch Routing) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode........................................... Set TFTP Server IP............................. TFTP Path...................................... TFTP Filename.................................. Data Type...................................... TFTP 192.168.77.52 ./ banner.
Chapter 18 Syslog This section provides information about the Syslog feature.
NETGEAR 7000 Series Managed Switch Administration Guide Interpreting Log Files <130> JAN 01 00:00:06 A 0.0.0.0-1 UNKN [0x800023]: C B D A. Priority B. Timestamp C. Stack ID D. Component Name E. Thread ID F. File Name G. Line Number E bootos.c(386) F G 4 %% Event (0xaaaaaaaa) H I CLI Examples The following are examples of the commands used in the Syslog feature. 18-2 Syslog v1.
NETGEAR 7000 Series Managed Switch Administration Guide Example #1: show logging (Netgear Switch Routing) #show logging Logging Client Local Port CLI Command Logging Console Logging Console Logging Severity Filter Buffered Logging : : : : : 514 disabled disabled alert enabled Syslog Logging : enabled Log Log Log Log : : : : 66 0 0 0 Messages Messages Messages Messages Received Dropped Relayed Ignored Example #2: show logging buffered (Netgear Switch Routing) #show logging buffered ? Press
NETGEAR 7000 Series Managed Switch Administration Guide Example #3: show logging traplogs (Netgear Switch Routing) #show logging traplogs Press Enter to execute the command. (Netgear Switch Routing) #show logging traplogs Number of Traps Since Last Reset............ Trap Log Capacity............................ Number of Traps Since Log Last Viewed.......
NETGEAR 7000 Series Managed Switch Administration Guide Example #5: logging port configuration (Netgear Switch Routing) #config (Netgear Switch Routing) (Config)#logging ? buffered cli-command console host syslog Buffered (In-Memory) Logging Configuration. CLI Command Logging Configuration. Console Logging Configuration. Enter IP Address for Logging Host Syslog Configuration.
NETGEAR 7000 Series Managed Switch Administration Guide 18-6 Syslog v1.