Switch User Manual

ManualsBrandsNETGEAR ManualsSwitchM7100

350 East Plumeria Drive

San Jose, CA 95134

USA

February 2013

202-11161-01

ProSafe M4100 and M7100

Managed Switches

Software Administration Manual

10.0.1

Summary of content (559 pages)

PAGE 1
ProSafe M4100 and M7100 Managed Switches Soft ware Administration M anual 10.0.
PAGE 2
ProSafe M4100 and M7100 Managed Switches Support Thank you for selecting NETGEAR products. After installing your device, locate the serial number on the label of your product and use it to register your product at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR recommends registering your product through the NETGEAR website. For product updates and web support, visit http://support.netgear.com. Phone (US & Canada only): 1-888-NETGEAR.
PAGE 3
Table of Contents Chapter 1 Documentation Resources Chapter 2 VLANs Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 CLI: Create Two VLANS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Web Interface: Create Two VLANS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Assign Ports to VLAN2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 CLI: Assign Ports to VLAN2 . . . . . . .
PAGE 4
ProSafe M4100 and M7100 Managed Switches Map Private-VLAN Promiscuous Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 CLI: Map Private-VLAN Promiscuous Port. . . . . . . . . . . . . . . . . . . . . . . 52 Web Interface: Map Private-VLAN Promiscuous Port . . . . . . . . . . . . . . 52 Chapter 3 LAGs Create Two LAGs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 CLI: Create Two LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
ProSafe M4100 and M7100 Managed Switches CLI: Enable RIP on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 Web Interface: Enable RIP on the Switch. . . . . . . . . . . . . . . . . . . . . . . .79 RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 CLI: Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . .80 Web Interface: Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . .
PAGE 6
ProSafe M4100 and M7100 Managed Switches Chapter 10 ACLs MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 ACL Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 CLI: Set Up an IP ACL with Two Rules . .
PAGE 7
ProSafe M4100 and M7100 Managed Switches Configure Traffic Shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197 CLI: Configure traffic-shape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198 Web Interface: Configure Traffic Shaping. . . . . . . . . . . . . . . . . . . . . . .198 Chapter 12 DiffServ DiffServ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 CLI: Configure DiffServ. . . . . . . . . . .
PAGE 8
ProSafe M4100 and M7100 Managed Switches CLI: Configure MVR in Compatible Mode . . . . . . . . . . . . . . . . . . . . . . 257 Web Interface: Configure MVR in Compatible Mode . . . . . . . . . . . . . . 259 Configure MVR in Dynamic Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 CLI: Configure MVR in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . . . . . 263 Web Interface: Configure MVR in Dynamic Mode . . . . . . . . . . . . . . . . 265 . . . . . . . . . . . . . . . . . . . . .
PAGE 9
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . .313 Chapter 16 SNTP Show SNTP (CLI Only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317 show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 show sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318 show sntp server. . . . . . . . . . . . . . . . . . . .
PAGE 10
ProSafe M4100 and M7100 Managed Switches Web Interface: Show Logging Buffered . . . . . . . . . . . . . . . . . . . . . . . . 343 Show Logging Traplogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 CLI: Show Logging Traplogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 Web Interface: Show Logging Trap Logs . . . . . . . . . . . . . . . . . . . . . . . 343 Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
ProSafe M4100 and M7100 Managed Switches Chapter 20 SNMP Add a New Community. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369 CLI: Add a New Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369 Web Interface: Add a New Community. . . . . . . . . . . . . . . . . . . . . . . . .370 Enable SNMP Trap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370 CLI: Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . .
PAGE 12
ProSafe M4100 and M7100 Managed Switches CLI: Create a Private VLAN Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 Web Interface: Create a Private VLAN Group . . . . . . . . . . . . . . . . . . . 404 Chapter 25 Spanning Tree Protocol Configure Classic STP (802.1d). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408 CLI: Configure Classic STP (802.1d) . . . . . . . . . . . . . . . . . . . . . . . . . . 408 Web Interface: Configure Classic STP (802.1d). . . . . . . . . . .
PAGE 13
ProSafe M4100 and M7100 Managed Switches Chapter 29 DHCP L2 Relay and L3 Relay DHCP L2 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488 CLI: Enable DHCP L2 Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489 Web Interface: Enable DHCP L2 Relay . . . . . . . . . . . . . . . . . . . . . . . .490 DHCP L3 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494 Configure the DHCP Server Switch . .
PAGE 14
ProSafe M4100 and M7100 Managed Switches CLI: Set iSCSI Target Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554 Web Interface: Set iSCSI Target Port. . . . . . . . . . . . . . . . . . . . . . . . . . 554 Show iSCSI Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 CLI: Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 Web Interface: Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . .
PAGE 15
1. Documentation Resources 1 Before installation, read the Release Notes for this switch product. The Release Notes detail the platform-specific functionality of the switching, routing, SNMP, configuration, management, and other packages.
PAGE 16
2.
PAGE 17
ProSafe M4100 and M7100 Managed Switches The Private Edge VLAN feature lets you set protection between ports located on the switch. This means that a protected port cannot forward traffic to another protected port on the same switch. The feature does not provide protection between ports located on different switches. The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs.
PAGE 18
ProSafe M4100 and M7100 Managed Switches Web Interface: Create Two VLANS 1. Create VLAN2. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 2. • In the VLAN Name field, enter VLAN2. • In the VLAN Type list, select Static. c. Click Add. 2. Create VLAN3. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b.
PAGE 19
ProSafe M4100 and M7100 Managed Switches Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2, and to specify that frames will always be transmitted tagged from all member ports and that untagged frames will be rejected on receipt.
PAGE 20
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under PVID Configuration, scroll down and select the check box for Interface 1/0/1. Then scroll down and select the Interface 1/0/2 check box. c. Enter the following information: • In the Acceptable Frame Type polyhedron list, select VLAN Only. • In the PVID (1 to 4093) field, enter 2. d. Click Apply to save the settings. Create Three VLANs The example is shown as CLI commands and as a Web interface procedure.
PAGE 21
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 100. • In the VLAN Name field, enter VLAN100. c. Click Add. 2. Create VLAN101. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 101. • In the VLAN Name field, enter VLAN101. c. Click Add. Chapter 2.
PAGE 22
ProSafe M4100 and M7100 Managed Switches 3. Create VLAN102. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 102. • In the VLAN Name field, enter VLAN102. c. Click Add. Assign Ports to VLAN3 This example shows how to assign the ports that will belong to VLAN 3, and to specify that untagged frames will be accepted on port 1/0/4.
PAGE 23
ProSafe M4100 and M7100 Managed Switches Web Interface: Assign Ports to VLAN3 1. Assign ports to VLAN3. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 3. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 2, 3, and 4 until T displays. The T specifies that the egress packet is tagged for the ports. e. Click Apply to save the settings. 2. Specify that untagged frames will be accepted on port 1/0/4. a.
PAGE 24
ProSafe M4100 and M7100 Managed Switches Assign VLAN3 as the Default VLAN for Port 1/0/2 This example shows how to assign VLAN 3 as the default VLAN for port 1/0/2. CLI: Assign VLAN3 as the Default VLAN for Port 1/0/2 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#vlan pvid 3 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Assign VLAN3 as the Default VLAN for Port 1/0/2 1.
PAGE 25
ProSafe M4100 and M7100 Managed Switches Create a MAC-Based VLAN The MAC-based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet. You define a MAC to VLAN mapping by configuring an entry in the MAC to VLAN table. An entry is specified using a source MAC address and the appropriate VLAN ID. The MAC to VLAN configurations are shared across all ports of the device (i.e.
PAGE 26
ProSafe M4100 and M7100 Managed Switches 3. Map MAC 00:00:0A:00:00:02 to VLAN3. (Netgear Switch)(Config)#exit (Netgear Switch)#vlan data (Netgear Switch)(Vlan)#vlan association mac 00:00:00A:00:00:02 3 (Netgear Switch)(Vlan)#exit 4. Add all the ports to VLAN3.
PAGE 27
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the VLAN ID list, select 3. c. Click Unit 1. The ports display. d. Click the gray box before Unit 1 until U displays. e. Click Apply. 3. Assign VPID3 to port 1/0/23. a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b. Scroll down and select the 1/0/23 check box. c. In the PVID (1 to 4093) field, enter 3. d. Click Apply to save the settings. 4.
PAGE 28
ProSafe M4100 and M7100 Managed Switches b. Enter the following information: • In the MAC Address field, enter 00:00:0A:00:00:02. • In the PVID (1 to 4093) field, enter 3. c. Click Add. Create a Protocol-Based VLAN Create two protocol VLAN groups. One is for IPX and the other is for IP/ARP. The untagged IPX packets are assigned to VLAN 4, and the untagged IP/ARP packets are assigned to VLAN 5. CLI: Create a Protocol-Based VLAN 1. Create a VLAN protocol group vlan_ipx based on IPX protocol.
PAGE 29
ProSafe M4100 and M7100 Managed Switches 5. Enable protocol VLAN group 1 and 2 on the interface. (Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 2 (Netgear Switch)(Interface 1/0/11)#exit Web Interface: Create a Protocol-Based VLAN 1. Create the protocol-based VLAN group vlan_ipx. a.
PAGE 30
ProSafe M4100 and M7100 Managed Switches b. Enter the following information: • In the Group Name field, enter vlan_ip. • In the Protocol list, select IP and ARP while holding down the Ctrl key. • In the VLAN field, enter 5. c. Click Add. 3. Add port 11 to the group vlan_ipx. a. Select Switching > VLAN > Advanced > Protocol Based VLAN Group Membership. A screen similar to the following displays. b. In the Group ID list, select 1. c. Click the gray box under port 11. A check mark displays in the box. d.
PAGE 31
ProSafe M4100 and M7100 Managed Switches Virtual VLANs: Create an IP Subnet–Based VLAN In an IP subnet–based VLAN, all the end workstations in an IP subnet are assigned to the same VLAN. In this VLAN, users can move their workstations without reconfiguring their network addresses. IP subnet VLANs are based on Layer 3 information from packet headers. The switch makes use of the network-layer address (for example, the subnet address for TCP/IP networks) in determining VLAN membership.
PAGE 32
ProSafe M4100 and M7100 Managed Switches Assign all the ports to VLAN 2000. (Netgear Switch) #show mac-addr-table vlan 2000 MAC Address Interface Status ----------------- --------- ------------ 00:00:24:58:F5:56 1/0/1 Learned 00:00:24:59:00:62 1/0/24 Learned Web Interface: Create an IP Subnet–Based VLAN 1. Create VLAN 2000. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 2000.
PAGE 33
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the VLAN ID list, select 2000. c. Click Unit 1. The ports display. d. Click the gray box before Unit 1 until U displays. e. Click Apply. 3. Associate the IP subnet with VLAN 2000. a. Select Switching > VLAN > Advanced > IP Subnet Based VLAN. A screen similar to the following displays. b. Enter the following information: • In the IP Address field, enter 10.100.0.0. • In the Subnet Mask field, enter 255.255.0.0.
PAGE 34
ProSafe M4100 and M7100 Managed Switches management control and that clients attached to the network cannot initiate a direct attack on voice components. PBX 1/0/1 GSM73xxS 1/0/3 1/0/2 VoIP phone PC VoIP phone PC Voice traffic Data traffic Figure 3. Voice VLAN The script in this section shows how to configure Voice VLAN and prioritize the voice traffic. Here the Voice VLAN mode is in VLAN ID 10. CLI: Configure Voice VLAN and Prioritize Voice Traffic 1. Create VLAN 10.
PAGE 35
ProSafe M4100 and M7100 Managed Switches 2. Include the ports 1/0/1 and 1/0/2 in VLAN 10. (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan tagging 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit 3. Configure Voice VLAN globally. (Netgear Switch) (Config)# voice vlan 4. Configure Voice VLAN mode in the interface 1/0/2.
PAGE 36
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure Voice VLAN and Prioritize Voice Traffic 1. Create VLAN 10. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 10. c. In the VLAN Name field, enter Voice VLAN. d. Click Add. A screen similar to the following displays. 2. Include the ports 1/0/1 and 1/0/2 in VLAN 10. a. Select Switching > VLAN > Advanced > VLAN Membership.
PAGE 37
ProSafe M4100 and M7100 Managed Switches b. In the VLAN Membership table, in the VLAN ID list, select 10. c. Select Port 1 and Port 2 as tagged. A screen similar to the following displays. d. Click Apply. 3. Configure Voice VLAN globally. a. Select Switching > VLAN > Advanced > Voice VLAN Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. Chapter 2.
PAGE 38
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 4. Configure Voice VLAN mode in the interface 1/0/2. a. Select Switching > VLAN > Advanced > Voice VLAN Configuration. b. Select the 1/0/2 check box. c. In the Interface Mode list, select VLAN ID. d. In the Value field, enter 10. A screen similar to the following displays. e. Click Apply. 5. Create the DiffServ class ClassVoiceVLAN. a. Select QoS > Advanced > DiffServ > Class Configuration. 38 | Chapter 2.
PAGE 39
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Class Name field, enter ClassVoiceVLAN. c. In the Class Type list, select All. A screen similar to the following displays. d. Click Add. The Class Name screen displays, as shown in the next step in this procedure. 6. Configure matching criteria for the class as VLAN 10. a. Select QoS > DiffServ > Advanced > Class Configuration. A screen similar to the following displays. b. Click the class ClassVoiceVLAN.
PAGE 40
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. c. In the DiffServ Class Configuration table, select VLAN. d. In the VLAN ID field, enter 10. A screen similar to the following displays. e. Click Apply. A screen similar to the following displays. 7. Create the DiffServ policy PolicyVoiceVLAN. a. Select QoS > DiffServ > Advanced > Policy Configuration. 40 | Chapter 2.
PAGE 41
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Policy Name field, enter PolicyVoiceVLAN. c. In the Policy Type list, select In. d. In the Member Class list, select ClassVoiceVLAN. A screen similar to the following displays. e. Click Add. The Policy Configuration screen displays, as shown in the next step in this procedure. 8. Map the policy and class and assign them to the higher-priority queue. a. Select QoS > DiffServ > Advanced > Policy Configuration.
PAGE 42
ProSafe M4100 and M7100 Managed Switches b. Click the Policy PolicyVoiceVLAN. A screen similar to the following displays. c. In the field next to the Assign Queue radio button, select 3. A screen similar to the following displays. d. Click Apply. 9. Assign it to interfaces 1/0/1 and 1/0/2. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. Select the check boxes for Interfaces 1/0/1 and 1/0/2. c.
PAGE 43
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. Chapter 2.
PAGE 44
ProSafe M4100 and M7100 Managed Switches Private VLANs The Private VLANs feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each other and provides Layer 2 isolation between ports of the same private VLAN.
PAGE 45
ProSafe M4100 and M7100 Managed Switches Figure 2 illustrates the private VLAN traffic flow. Five ports A, B, C, D, and E make up a private VLAN. Port A is a promiscuous port which is associated with the primary VLAN 100. Ports B and C are the host ports which belong to the isolated VLAN 101. Ports D and E are the community ports which are associated with community VLAN 102. Port F is the inter-switch/stack link. It is configured to transmit VLANs 100, 101 and 102.
PAGE 46
ProSafe M4100 and M7100 Managed Switches Assign Private-VLAN Types (Primary, Isolated, Community) The example is shown as CLI commands and as a Web interface procedure. CLI: Assign Private-VLAN Type (Primary, Isolated, Community) Use the following commands to assign VLAN 100 to primary VLAN, VLAN 101 to isolated VLAN, and VLAN 102 to community VLAN.
PAGE 47
ProSafe M4100 and M7100 Managed Switches 2. Assign VLAN 101 as an isolated VLAN. a. Select Security > Traffic Control > Private VLAN > Private VLAN Type Configuration. A screen similar to the following displays. b. Under Private VLAN Type Configuration, select the VLAN ID 101 check box. Now 101 appears in the interface field at the top. c. In the Private VLAN Type field, select Isolated from the pull-down menu. d. Click Apply to save the settings 3. Assign VLAN 102 to community VLAN. a.
PAGE 48
ProSafe M4100 and M7100 Managed Switches Configure Private-VLAN Association The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Private-VLAN Association Use the following commands to associate VLAN 101-102 (secondary VLAN) to VLAN 100 (primary VLAN). (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) #config (Config)#vlan 100 (Config)(Vlan) #private-vlan association 101-102 (Config)(Vlan) #end Web Interface: Configure Private-VLAN Association 1.
PAGE 49
ProSafe M4100 and M7100 Managed Switches Configure Private-VLAN Port Mode (Promiscuous, Host) The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Private-VLAN Port Mode (Promiscuous, Host) Use the following commands to assign port 1/0/1 to promiscuous port mode and ports 1/0/2-1/0/5 to host port mode.
PAGE 50
ProSafe M4100 and M7100 Managed Switches d. Click Apply to save the settings. 2. Configure ports 1/0/2-1/0/5 to host port mode. a. Select Security > Traffic Control > Private VLAN > Private VLAN Port Mode Configuration. A screen similar to the following displays. b. Under Private VLAN Port Mode Configuration, select the 1/0/2 to 1/0/5 interface check box. c. In the Port VLAN Mode field, select Host from the pull-down menu. d. Click Apply to save the settings.
PAGE 51
ProSafe M4100 and M7100 Managed Switches Web Interface: Assign Private-VLAN Port Host Ports 1. Associate isolated ports 1/0/2-1/0/3 to a private-VLAN (primary=100, secondary=101). a. Select Security > Traffic Control > Private VLAN > Private VLAN Host Interface Configuration. A screen similar to the following displays. b. Under Private VLAN Host Interface Configuration, select the 1/0/2 and 1/0/3 interface check box. c. In the Host Primary VLAN field, enter 100. d.
PAGE 52
ProSafe M4100 and M7100 Managed Switches b. Under Private VLAN Host Interface Configuration, select the 1/0/4 and 1/0/5 interface check box. c. In the Host Primary VLAN field, enter 100. d. In the Host Secondary VLAN field, enter 102. e. Click Apply to save the settings. Map Private-VLAN Promiscuous Port The example is shown as CLI commands and as a Web interface procedure.
PAGE 53
ProSafe M4100 and M7100 Managed Switches b. Under Private VLAN Promiscuous Interface Configuration, select the 1/0/1 interface check box. Now 1/0/1 appears in the Interface field at the top. c. In the Promiscuous Primary VLAN field, enter 100. d. In the Promiscuous Secondary VLAN field, enter 101-102. e. Click Apply to save the settings. Chapter 2.
PAGE 54
3. LAGs 3 Li n k Aggregation G roups This chapter provides the following examples: • Create Two LAGs on page 55 • Add Ports to LAGs on page 56 • Enable Both LAGs on page 59 Link aggregation allows the switch to treat multiple physical links between two endpoints as a single logical link. All the physical links in a given LAG must operate in full-duplex mode at the same speed.
PAGE 55
ProSafe M4100 and M7100 Managed Switches • Better use of physical resources. Traffic can be load-balanced across the physical links. • Increased bandwidth. The aggregated physical links deliver higher bandwidth than each individual link. • Incremental increase in bandwidth. A physical upgrade could produce a tenfold increase in bandwidth; LAG produces a two- or fivefold increase, useful if only a small increase is needed.
PAGE 56
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Lag Name field, enter lag_10. c. Click Add. 2. Create LAG lag_20. a. Select Switching > LAG > LAG Configuration. A screen similar to the following displays. b. In the Lag Name field, enter lag_20. c. Click Add. Add Ports to LAGs The example is shown as CLI commands and as a Web interface procedure. 56 | Chapter 3.
PAGE 57
ProSafe M4100 and M7100 Managed Switches CLI: Add Ports to the LAGs (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear Switch) (Interface 0/2)#exit (Netgear Switch) (Config)#interface 0/3 (Netgear Switch) (Interface 0/3)#addport 1/1 (Netgear Switch) (Interface 0/3)#exit (Netgear Switch) (Config)#interface 0/8 (Netgear Switch) (Interface 0/8)#addport 1/2 (Netgear Switch) (Interface 0/8)#exit (Netgear Switch) (Config)#interface 0/9 (Netgear
PAGE 58
ProSafe M4100 and M7100 Managed Switches Web Interface: Add Ports to LAGs 1. Add ports to lag_10. a. Select Switching > LAG > LAG Membership. A screen similar to the following displays. b. In the LAG ID list, select LAG 1. c. Click Unit 1. The ports display. d. Click the gray boxes under port 2 and 3. Two check marks display in the box. e. Click Apply to save the settings. 2. Add ports to lag_20. a. Select Switching > LAG > LAG Membership. A screen similar to the following displays. b.
PAGE 59
ProSafe M4100 and M7100 Managed Switches d. Click the gray boxes under ports 8 and 9. Two check marks display in the boxes. e. Click Apply to save the settings. Enable Both LAGs The example is shown as CLI commands and as a Web interface procedure. CLI: Enable Both LAGs By default, the system enables link trap notification. (Console) #config (Console) (Config)#port-channel adminmode all (Console) (Config)#exit At this point, the LAGs could be added to VLANs. Web Interface: Enable Both LAGs a.
PAGE 60
4. Port Routing 4 This chapter provides the following sections: • Port Routing Configuration on page 61 • Enable Routing for the Switch on page 62 • Enable Routing for Ports on the Switch on page 62 • Add a Default Route on page 65 • Add a Static Route on page 66 The first networks were small enough for the end stations to communicate directly.
PAGE 61
ProSafe M4100 and M7100 Managed Switches Port Routing Configuration The M4100 and M7100 Managed Switch always supports Layer 2 bridging, but Layer 3 routing must be explicitly enabled, first for the M4100 and M7100 Managed Switch as a whole, and then for each port that is to be part of the routed network. The configuration commands used in the example in this section enable IP routing on ports 1/0/2,1/0/3, and 1/0/5.
PAGE 62
ProSafe M4100 and M7100 Managed Switches Enable Routing for the Switch The example is shown as CLI commands and as a Web interface procedure. CLI: Enable Routing for the Switch The following script shows the commands that you would use to configure a M4100 and M7100 Managed Switch to provide the port routing support shown in Figure 7, Layer 3 switch configured for port routing on page 61. Use the following command to enable routing for the switch. Execution of the command enables IP forwarding by default.
PAGE 63
ProSafe M4100 and M7100 Managed Switches CLI: Enable Routing for Ports on the Switch (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.
PAGE 64
ProSafe M4100 and M7100 Managed Switches d. Click Apply to save the settings. 2. Assign IP address 192.150.3.1/24 to interface 1/0/3. a. Select Routing > IP> Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.150.3.1. • In the Subnet Mask field, enter 255.255.255.0.
PAGE 65
ProSafe M4100 and M7100 Managed Switches Now 1/0/5 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.150.5.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. Add a Default Route When IP routing takes place on a switch, a routing table is needed for the switch to forward the packet based on the destination IP address.
PAGE 66
ProSafe M4100 and M7100 Managed Switches The Route Configuration screen displays. 2. In the Route Type list, select DefaultRoute. 3. In the Next Hop IP Address field, enter one of the routing interface’s IP addresses. • The Network Address and Subnet Mask fields will not accept input as they are not needed. • The Preference field is optional. A value of 1 (highest) will be assigned by default if not specified. 4. Click the Add button on the bottom of the screen.
PAGE 67
ProSafe M4100 and M7100 Managed Switches To delete the static route, simply add “no” keyword in the front of the “ip route” command. Web Interface: Add a Static Route 1. Select Routing > Routing Table > Basic > Route Configuration to display the Route Configuration screen. 2. In the Route Type list, select Static. 3. Fill in the Network Address field. Note that this field should have a network IP address, not a host IP address. Do not enter something like 10,100.100.1.
PAGE 68
5. VLAN Routing 5 This chapter provides the following examples: • Create Two VLANs on page 68 • Set Up VLAN Routing for the VLANs and the Switch on page 73 You can configure the M4100 and M7100 Managed Switch with some ports supporting VLANs and some supporting routing. You can also configure it to allow traffic on a VLAN to be treated as if the VLAN were a router port.
PAGE 69
ProSafe M4100 and M7100 Managed Switches shows the commands that you would use to configure a M4100 and M7100 Managed Switch to provide the VLAN routing support shown in the diagram. Layer 3 switch Port 1/0/2 VLAN Router port 1/3/1 192.150.3.1 Port 1/0/3 VLAN Router port 1/3/2 192.150.4.1 Port 1/0/1 Layer 2 Switch Layer 2 Switch VLAN 10 VLAN 20 Figure 8.
PAGE 70
ProSafe M4100 and M7100 Managed Switches Web Interface: Create Two VLANs 1. Create VLAN 10 and VLAN20. a. Select Switching > VLAN > Advanced > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 10. c. In the VLAN Name field, enter VLAN10. d. In the VLAN Type list, select Static. e. Click Add. f. Select Switching > VLAN > Advanced > VLAN Configuration. A screen similar to the following displays. g. In the VLAN ID field, enter 20. h.
PAGE 71
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the VLAN ID field, select 10. c. Click the Unit 1. The ports display. d. Click the gray boxes under ports 1 and 2 until T displays. The T specifies that the egress packet is tagged for the port. e. Click Apply. f. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. g. In the VLAN ID list, select 20. h. Click Unit 1. The ports display. i.
PAGE 72
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select 1/0/1 and 1/0/2 check boxes. c. In the PVID (1 to 4093) field, enter 10. d. Click Apply to save the settings. e. Select Switching > VLAN > Advanced > Port PVID Configuraton. A screen similar to the following displays. f. Scroll down and select the 1/0/3 check box. g. In the PVID (1 to 4093) field, enter 20. h. Click Apply to save the settings. 72 | Chapter 5.
PAGE 73
ProSafe M4100 and M7100 Managed Switches Set Up VLAN Routing for the VLANs and the Switch The example is shown as CLI commands and as a Web interface procedure. CLI: Set Up VLAN Routing for the VLANs and the Switch 1.
PAGE 74
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 2. Enter the following information: • In the VLAN ID (1 to 4093) list, select 10. • In the IP Address field, enter 192.150.3.1. • In the Subnet Mask field, enter 255.255.255.0. 3. Click Add to save the settings. 4. Select Routing > VLAN > VLAN Routing. A screen similar to the following displays. 5. Enter the following information: • Select 10 in the VLAN ID (1 to 4093) field. • In the IP Address field, enter 192.
PAGE 75
6. RIP 6 Routing I nformation P roto c ol This chapter provides the following examples: • Routing for the Switch on page 76 • Routing for Ports on page 77 • RIP for the Switch on page 78 • RIP for Ports 1/0/2 and 1/0/3 on page 79 • VLAN Routing with RIP on page 82 Routing Information Protocol (RIP) is a protocol that routers can use to exchange network topology information. It is characterized as an interior gateway protocol, and is typically used in small to medium-sized networks.
PAGE 76
ProSafe M4100 and M7100 Managed Switches Layer 3 sIwitch acting as a router Port 1/0/2 192.150.2.2 Port 1/0/5 192.64.4.1 Port 1/0/3 192.130.3.1 Subnet 2 Subnet 3 Subnet 5 Figure 9. Network with RIP on ports 1/0/2 and 1/0/3 Routing for the Switch The example is shown as CLI commands and as a Web interface procedure. CLI: Enable Routing for the Switch (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Web Interface: Enable Routing for the Switch 1.
PAGE 77
ProSafe M4100 and M7100 Managed Switches 3. Click Apply to save the settings. Routing for Ports The example is shown as CLI commands and as a Web interface procedure. CLI: Enable Routing and Assigning IP Addresses for Ports 1/0/2 and 1/0/3 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.
PAGE 78
ProSafe M4100 and M7100 Managed Switches • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 2. Assign IP address 192.150.3.1/24 to interface 1/0/3. a. Select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.150.3.1.
PAGE 79
ProSafe M4100 and M7100 Managed Switches CLI: Enable RIP on the Switch This sequence enables RIP for the switch. The route preference defaults to 15. (Netgear Switch) #config (Netgear Switch) (Config)#router rip (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#exit (Netgear Switch) (Config)#exit Web Interface: Enable RIP on the Switch 1. Select Routing > RIP > Basic > RIP Configuration. A screen similar to the following displays. 2. For RIP Admin Mode, select Enable radio button.
PAGE 80
ProSafe M4100 and M7100 Managed Switches CLI: Enable RIP for Ports 1/0/2 and 1/0/3 This command sequence enables RIP for ports 1/0/2 and 1/0/3. Authentication defaults to none, and no default route entry is created. The commands specify that both ports receive both RIPv1 and RIPv2 frames, but send only RIPv2-formatted frames.
PAGE 81
ProSafe M4100 and M7100 Managed Switches 4. Select Routing > RIP > Advanced > RIP Configuration. A screen similar to the following displays. 5. Enter the following information: • In the Interface field, select 1/0/3. • For RIP Admin Mode, select the Enable radio button. • In the Send Version list, select RIP-2. 6. Click Apply to save the settings. Chapter 6.
PAGE 82
ProSafe M4100 and M7100 Managed Switches VLAN Routing with RIP Routing Information Protocol (RIP) is one of the protocols that routers can use to exchange network topology information. It is characterized as an interior gateway protocol, and is typically used in small to medium-sized networks. Layer 3 switch Port 1/0/2 VLAN Router port 1/3/1 192.150.3.1 Router port 1/0/5 192.150.4.1 Port 1/0/3 VLAN Router port 1/3/2 192.150.4.1 Router Layer 2 switch Layer 2 switch VLAN 10 VLAN 20 Figure 10.
PAGE 83
ProSafe M4100 and M7100 Managed Switches (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#vlan port tagging all 10 (Netgear Switch) (Config)#vlan port tagging all 20 (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#vlan participation include 10 (Netgear Switch) (Interface 1/0/2)#vlan pvid 10 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#vlan participation include 20 (Netgear Switch) (Interface 1
PAGE 84
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure VLAN Routing with RIP Support 1. Configure a VLAN and include ports 1/0/2 in the VLAN: a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 10. • In the IP Address field, enter 192.150.3.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display: d. Click the gray box under port 2 until T displays.
PAGE 85
ProSafe M4100 and M7100 Managed Switches • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 3 until T displays. The T specifies that the egress packet is tagged for the port. e. Click Apply to save the VLAN that includes port 3. 3. Enable RIP on the switch (you can skip this step since the RIP is enabled by default). a. Select Routing > RIP > Basic > RIP Configuration. A screen similar to the following displays. b.
PAGE 86
7. OSPF 7 Open Shortest Path First This chapter provides the following examples: • Inter-area Router on page 87 • OSPF on a Border Router on page 92 • Stub Areas on page 98 • nssa Areas on page 107 • VLAN Routing OSPF on page 116 • OSPFv3 on page 122 For larger networks Open Shortest Path First (OSPF) is generally used in preference to RIP.
PAGE 87
ProSafe M4100 and M7100 Managed Switches Inter-area Router The examples in this section show you how to configure a M4100 and M7100 Managed Switch first as an inter-area router and then as a border router. They show two areas, each with its own border router connected to one inter-area router. The following figure shows a network segment with an inter-area router connecting areas 0.0.0.2 and 0.0.0.3.
PAGE 88
ProSafe M4100 and M7100 Managed Switches 2. Assign IP addresses to ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.
PAGE 89
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure an Inter-area Router 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply to save the settings. 2. Assign IP address 192.150.2.1 to port 1/0/2. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b.
PAGE 90
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.150.3.1. • In the Network Mask field, enter 255.255.255.0. • In the Administrative Mode field, select Enable. d. Click Apply to save the settings. 4. Specify the router ID, and enable OSPF for the switch. a.
PAGE 91
ProSafe M4100 and M7100 Managed Switches • In the RFC 1583 Compatibility field, select Disable. c. Click Apply to save the settings. 5. Enable OSPF on port 1/0/2. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Scroll downand select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2. • In the OSPF Admin Mode field, select Enable.
PAGE 92
ProSafe M4100 and M7100 Managed Switches Now 1/0/3 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.3. • In the OSPF Admin Mode field, select Enable. • In the Priority field, enter 255. • In the Metric Cost field, enter 64. c. Click Apply to save the settings. OSPF on a Border Router The example is shown as CLI commands and as a Web interface procedure. For an OSPF sample network, see Figure 11 on page 87. CLI: Configure OSPF on a Border Router 1.
PAGE 93
ProSafe M4100 and M7100 Managed Switches Set disable 1583compatibility to prevent a routing loop. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#router-id 192.130.1.1 (Netgear Switch) (Config router)#no 1583compatibility (Netgear Switch) (Config router)#exit (Netgear Switch) (Config)#exit 4. Enable OSPF for the ports, and set the OSPF priority and cost for the ports.
PAGE 94
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply to save the settings. 2. Assign IP address 192.150.2.2 to port 1/0/2. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. c.
PAGE 95
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.130.3.1. • In the Network Mask field, enter 255.255.255.0. • In the Admin Mode field, select Enable. d. Click Apply to save the settings. 4. Assign IP address 192.64.4.1 to port 1/0/4. a.
PAGE 96
ProSafe M4100 and M7100 Managed Switches d. Click Apply to save the settings. 5. Specify the router ID, and enable OSPF for the switch. a. Select Routing > OSPF > Advanced > OSPF Configuration. A screen similar to the following displays. b. Under OSPF Configuration, enter the following information: • In the Router ID field, enter 192.130.1.1. • In the OSPF Admin Mode field, select Enable . • In the RFC 1583 Compatibility field, select Disable. c. Click Apply to save the settings. 6.
PAGE 97
ProSafe M4100 and M7100 Managed Switches • In the OSPF Area ID field, enter 0.0.0.2. • In the OSPF Admin Mode field, select Enable. • In the Router Priority (0 to 255) field, enter 128. • In the Metric Cost field, enter 32. c. Click Apply to save the settings. 7. Enable OSPF on port 1/0/3. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 1/0/3 check box.
PAGE 98
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 1/0/4 check box. Now 1/0/4 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.2. • In the OSPF Admin Mode field, select the Enable. • In the Priority field, enter 255. • In the Metric Cost field, enter 64. c. Click Apply to save the settings.
PAGE 99
ProSafe M4100 and M7100 Managed Switches 2. Set the router IDd to 1.1.1.1. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id 1.1.1.1 3. Configure area 0.0.0.1 as a stub area. (Netgear Switch) (Config-router)#area 0.0.0.1 stub 4. Switch A injects a default route only to area 0.0.0.1. (Netgear Switch) (Config-router)#no area 0.0.0.1 stub summarylsa (Netgear Switch) (Config-router)#exit 5. Enable OSPF area 0 on ports 2/0/11.
PAGE 100
ProSafe M4100 and M7100 Managed Switches (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State ---------------- ----------- 4.4.4.4 192.168.10.2 ------------------2/0/11 --------Full 2.2.2.2 192.168.20.2 2/0/19 Full (Netgear Switch) #show ip route Total Number of Routes.........................
PAGE 101
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.10.1. • In the Network Mask field, enter 255.255.255.0. • In the Admin Mode field, select Enable. d. Click Apply to save the settings. 3. Assign IP address 192.168.20.1 to port 2/0/19: a.
PAGE 102
ProSafe M4100 and M7100 Managed Switches a. Select Routing > OSPF > Basic > OSPF Configuration. A screen similar to the following displays. b. Under OSPF Configuration, in the Router ID field, enter 1.1.1.1. c. Click Apply to save the settings. 5. Enable OSPF on the port 2/0/11. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 2/0/11 check box.
PAGE 103
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 2/0/19 check box. Now 2/0/19 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.1. • In the OSPF Admin Mode field, select Enable. c. Click Apply to save the settings. 7. Configure area 0.0.0.1 as a stub area. a. Select Routing > OSPF > Advanced > Stub Area Configuration. A screen similar to the following displays.
PAGE 104
ProSafe M4100 and M7100 Managed Switches 2. Set the router ID to 2.2.2.2. (Netgear Switch) (Config-router)#router-id 2.2.2.2 3. Configure area 0.0.0.1 as a stub area. (Netgear Switch) (Config-router)#area 0.0.0.1 stub 4. Enable OSPF area 0.0.0.1 on the 1/0/15. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 1/0/15 (Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address 192.168.20.2 255.255.255.
PAGE 105
ProSafe M4100 and M7100 Managed Switches b. For Routing Mode, select the Enable radio button. c. Click Apply to save the settings. 2. Assign IP address 192.168.10.1 to port 1/0/15. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.20.2.
PAGE 106
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.1. • In the OSPF Admin Mode field, select Enable. c. Click Apply to save the settings. 5. Configure area 0.0.0.1 as a stub area. a. Select Routing > OSPF > Advanced > Stub Area Configuration. A screen similar to the following displays.
PAGE 107
ProSafe M4100 and M7100 Managed Switches nssa Areas Port 2/0/11 Layer 3 switch Port 2/0/191 Area 0 Port 1/0/151 Layer 3 Switch Area 1 Figure 13. nssa Area The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Area 1 as an nssa Area 1. Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config)#ip routing 2. Configure area 0.0.0.1 as an nssa area.
PAGE 108
ProSafe M4100 and M7100 Managed Switches 4. Enable area 0.0.0.1 on port 2/0/19. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 2/0/11 (Netgear Switch) (Interface 2/0/11)#routing (Netgear Switch) (Interface 2/0/11)#ip address 192.168.10.1 255.255.255.0 (Netgear Switch) (Interface 2/0/11)#ip ospf (Netgear Switch) (Interface 2/0/11)#exit (Netgear Switch) (Config)#interface 2/0/19 (Netgear Switch) (Interface 2/0/19)#routing (Netgear Switch) (Interface 2/0/19)#ip address 192.168.20.
PAGE 109
ProSafe M4100 and M7100 Managed Switches c. Click Apply to save the settings. 2. Assign IP address 192.168.10.1 to port 2/0/11. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.10.1. • In the Network Mask field, enter 255.255.255.0.
PAGE 110
ProSafe M4100 and M7100 Managed Switches • In the Subnet Mask field, enter 255.255.255.0. • In the Admin Mode field, select Enable. d. Click Apply to save the settings. 4. Specify the router ID, and enable OSPF for the switch. a. Select Routing > OSPF > Basic > OSPF Configuration. A screen similar to the following displays. b. Under OSPF Configuration, in the Router ID field, enter 2.2.2.2. c. Click Apply to save the settings. 5. Enable OSPF on port 2/0/11. a.
PAGE 111
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 2/0/19 check box. 2/0/19 now appears in the Interface field at the top. c. Enter the following information: • In the OSPF Area ID field, enter 0.0.0.1. • In the OSPF Admin Mode field, select Enable. d. Click Apply to save the settings. 7. Configure area 0.0.0.1 as a nssa area. a. Select Routing > OSPF > Advanced > NSSA Area Configuration.
PAGE 112
ProSafe M4100 and M7100 Managed Switches 2. Set the router ID to 2.2.2.2. (Netgear Switch) (Config-router)#router-id 2.2.2.2 3. Configure the area 0.0.0.1 as an nssa area. (Netgear Switch) (Config-router)# area 0.0.0.1 nssa 4. Redistribute the RIP routes into the OSPF. (Netgear Switch) (Config-router)#redistribute rip (Netgear Switch) (Config-router)#redistribute rip subnets 5. Enable OSPF area 0.0.0.1 on port 1/0/15.
PAGE 113
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure Area 1 as an nssa Area on A2 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply to save the settings. 2. Assign IP address 192.168.30.1 to port 1/0/11. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b.
PAGE 114
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Configuration, scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.20.2. • In the Network Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 4. Specify the router ID, and enable OSPF for the switch. a.
PAGE 115
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Interface field, select 1/0/11. • For RIP Admin Mode, select the Enable radio button. c. Click Apply to save the settings. 6. Enable OSPF on port 1/0/15. a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/15 check box. Now 1/0/15 appears in the Interface field at the top. c.
PAGE 116
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Area ID field, enter 0.0.0.1. c. Click Add to save the settings. 8. Redistribute the RIP routes into the OSPF area. a. Select Routing > OSPF > Advanced > Route Redistribution. A screen similar to the following displays. b. Under Route Redistribution, in the Available Source list, select RIP. c. Click Add to add a route redistribution.
PAGE 117
ProSafe M4100 and M7100 Managed Switches The M4100 and M7100 Managed Switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route. The order for choosing a route if more than one type of route exists is as follows: - Intra-area - Inter-area - External type 1: the route is external to the AS - External Type 2: the route was learned from other protocols such as RIP Chapter 7.
PAGE 118
ProSafe M4100 and M7100 Managed Switches CLI: Configure VLAN Routing OSPF This example adds support for OSPF to the configuration created in the base VLAN routing example in Figure 8, Layer 3 switch configured for port routing on page 69. 1. Configure the M4100 and M7100 Managed Switch as an inter-area router.
PAGE 119
ProSafe M4100 and M7100 Managed Switches 3. Enable OSPF for the VLAN and physical router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface vlan 10)#ip ospf (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip ospf areaid 0.0.0.3 (Netgear Switch) (Interface vlan 20)#ip ospf (Netgear Switch) (Interface vlan 20)#exit 4.
PAGE 120
ProSafe M4100 and M7100 Managed Switches c. Click Unit 1. The ports display: Click the gray box under port 2 until T displays. The T specifies that the egress packet is tagged for the port. d. Click Apply to save the VLAN that includes ports 2. 2. Configure a VLAN, and include port 1/0/3 in the VLAN. a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 20. • In the IP Address field, enter 192.150.4.
PAGE 121
ProSafe M4100 and M7100 Managed Switches a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. b. Under Interface Configuration, click VLANS to show all the VLAN interfaces. c. Scroll down and select the interface 0/2/1 check box. Now 0/2/1 appears in the Interface field at the top. d. Enter the following information: • In the OSPF Area ID field, enter 0.0.0.2. • In the OSPF Admin Mode field, select Enable. • In the Priority field, enter 128.
PAGE 122
ProSafe M4100 and M7100 Managed Switches b. Under Interface Configuration, click VLANS to show all the VLAN interfaces. c. Scroll down and select the interface 0/2/2 check box. Now 0/2/2 appears in the Interface field at the top. d. Enter the following information: • In the OSPF Area ID field, enter 0.0.0.3. • In the OSPF Admin Mode field, select the Enable. • In the Priority field, enter 255. • In the Metric Cost field, enter 64. e. Click Apply to save the settings.
PAGE 123
ProSafe M4100 and M7100 Managed Switches 2. Enable OSPFv3, and assign 1.1.1.1 to router ID. (Netgear Switch) (Config)#ipv6 router ospf (Netgear Switch) (Config-rtr)#enable (Netgear Switch) (Config-rtr)#router-id 1.1.1.1 (Netgear Switch) (Config-rtr)#exit 3. Enable routing mode on the interface 1/0/1, and assign the IP address 2000::1 to IPv6,.
PAGE 124
ProSafe M4100 and M7100 Managed Switches 8. Enable OSPFv3 on interface 1/0/13, and set the OSPF network mode to broadcast. (Netgear Switch) (Interface 1/0/13)#ipv6 ospf (Netgear Switch) (Interface 1/0/13)#ipv6 ospf network broadcast (Netgear Switch) #show ipv6 ospf neighbor Router ID Priority IntfID Interface State DeadTime -------- -------- ------ --------- --------- ---- 1.1.1.1 1 1 1/0/13 Full/ DR 34 Web Interface: Configure OSPFv3 1. Enable IPv6 unicast routing on the switch. a.
PAGE 125
ProSafe M4100 and M7100 Managed Switches a. Select Routing > IPv6 > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. c. Enter the following information: • In the IPv6 Mode field, select Enable. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 4. Assign the IP address 2001::1 to port 1/0/1. a.
PAGE 126
ProSafe M4100 and M7100 Managed Switches a. Select Routing > OSPFv3 > Advanced > Interface Configuration. A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.0. • In the Admin Mode field, select Enable. c. Click Apply to save the settings. 6. Display the OSPFv3 Neighbor Table. a.
PAGE 127
8. ARP 8 Prox y Add ress Resolution Proto c ol Proxy ARP allows a router to answer ARP requests when the target IP address is not that of the router itself but a destination that the router can reach. If a host does not know the default gateway, proxy ARP can learn the first hop. Machines in one physical network appear to be part of another logical network.
PAGE 128
ProSafe M4100 and M7100 Managed Switches CLI: ip proxy-arp (Netgear Switch) (Interface 0/24)#ip proxy-arp ? Press Enter to execute the command. (Netgear Switch) (Interface 0/24)#ip proxy-arp Web Interface: Configure Proxy ARP on a Port 1. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. 2. Under Configuration, scroll down and select the Interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. 3.
PAGE 129
9. VRRP 9 Vi rtual Router Red unda ncy Proto c ol This chapter provides the following examples: • VRRP on a Master Router on page 130 • VRRP on a Backup Router on page 132 When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network. If the router goes down, the end station is unable to communicate.
PAGE 130
ProSafe M4100 and M7100 Managed Switches VRRP on a Master Router This example shows how to configure the M4100 and M7100 Managed Switch to support VRRP. Router 1 is the default master router for the virtual route, and Router 2 is the backup router. CLI: Configure VRRP on a Master Router 1. Enable routing for the switch. IP forwarding will then be enabled by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing 2.
PAGE 131
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure VRRP on a Master Router 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply to save the settings. 2. Assign the IP address 192.150.2.1 to port 1/0/2: a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b.
PAGE 132
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Global Configuration, next to the Admin Mode, select Enable radio button. c. Enter the following information in the VRRP Configuration: • In the VRID (1 to 255) field, enter 20. • In the Interface field, select 1/0/2. • In the Primary IP Address field, enter 192.150.2.1. • In the Mode field, select Active. d. Click Apply to save the settings.
PAGE 133
ProSafe M4100 and M7100 Managed Switches 4. Assign virtual router IDs to port that will participate in the protocol. (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#ip vrrp 20 5. Specify the IP address that the virtual router function will recognize. Since the virtual IP address on port 1/0/4 is the same as Router 1’s port 1/0/2 actual IP address, this router will always be the VRRP backup when Router 1 is active. (Netgear Switch) (Interface 1/0/4)#ip vrrp 20 ip 192.150.2.
PAGE 134
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/4 check box. Now 1/0/4 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.150.4.1. • In the Network Mask field, enter 255.255.0.0. • In the Administrative Mode field, select Enable. d. Click Apply to save the settings. 3. Enable VRRP on port 1/0/4. a. Select Routing > VRRP > Basic > VRRP Configuration.
PAGE 135
ProSafe M4100 and M7100 Managed Switches d. Click Add to save the settings. Chapter 9.
PAGE 136
10. ACLs 10 Access Control Li sts This chapter describes the Access Control Lists (ACLs) feature.
PAGE 137
ProSafe M4100 and M7100 Managed Switches MAC ACLs MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet (limited by platform): • Source MAC address with mask. • Destination MAC address with mask. • VLAN ID (or range of IDs). • Class of Service (CoS) (802.1p) . • EtherType: - Secondary CoS (802.1p). - Secondary VLAN (or range of IDs). • L2 ACLs can apply to one or more interfaces.
PAGE 138
ProSafe M4100 and M7100 Managed Switches 4. Apply the ACL to one or more interfaces. Set Up an IP ACL with Two Rules This section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will be accepted by the M4100 and M7100 Managed Switch only if the source and destination stations have IP addresses within the defined sets. Layer 3 switch TCP packet to 192.178.88.3 rejected. Dest.
PAGE 139
ProSafe M4100 and M7100 Managed Switches 2. Define the second rule for ACL 101 to set conditions for UDP traffic similar to those for TCP traffic. (Netgear Switch) (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 3. Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted.
PAGE 140
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For ACL ID, select 101. c. Click Add to create a new rule. 3. Create a new ACL rule and add it to ACL 101. a. After you click the Add button in step 2. A screen similar to the following displays. a. In the Extended ACL Rule Configuration, enter the following information: • In the Rule ID (1 to 23) field, enter 1. • For Action, select the Permit radio button. • In the Protocol Type list, select TCP.
PAGE 141
ProSafe M4100 and M7100 Managed Switches a. After you click the Add button in step 3, a screen similar to the following displays. b. Under Extended ACL Rule Configuration, enter the following information: • In the Rule ID (1 to 23) field, enter 22. • For Action, select the Permit radio button. • In the Protocol Type list, select UDP. • In the Source IP Address field, enter 192.168.77.0. • In the Source IP Mask field, enter 0.0.0.255. • In the Destination IP Address field, enter 192.178.77.0.
PAGE 142
ProSafe M4100 and M7100 Managed Switches • In the ACL ID list, select 10. • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d. Click the gray box under port 2. A check mark displays in the box. e. Click Apply to save the settings. One-Way Access Using a TCP Flag in an ACL This example shows how to set up one-way Web access using a TCP flag in an ACL. PC 1 can access FTP server 1 and FTP server 2, but PC 2 can access only FTP server 2. Port 1/0/24 192.168.40.2 Port 0/13 192.
PAGE 143
ProSafe M4100 and M7100 Managed Switches 1. Create VLAN 30 with port 0/35 and assign IP address 192.168.30.1/24.
PAGE 144
ProSafe M4100 and M7100 Managed Switches 3. Create VLAN 200 with port 0/44 and assign IP address 192.168.200.1/24.
PAGE 145
ProSafe M4100 and M7100 Managed Switches 2. Create VLAN 40 with port 1/0/24 and assign IP address 192.168.40.1/24.
PAGE 146
ProSafe M4100 and M7100 Managed Switches 4. Create VLAN 200 with port 1/0/48 and assign IP address 192.168.200.1/24.
PAGE 147
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays.n the VLAN Routing Wizard, b. In the VLAN Routing Wizard, enter the following information: • In the Vlan ID field, enter 30. • In the IP Address field, enter 192.168.30.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 35 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 30. 2.
PAGE 148
ProSafe M4100 and M7100 Managed Switches • In the IP Address field, enter 192.168.100.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 13 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 100. 3. Create VLAN 200 with IP address 192.168.200.1/24. a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b.
PAGE 149
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under IP Configuration, make the following selections: • For Routing Mode, select the Enable radio button. • For IP Forwarding Mode, select the Enable radio button. c. Click Apply to enable IP routing. 5. Add a static route with IP address 192.268.40.0/24: a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b.
PAGE 150
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Configure Routes, make the following selection and enter the following information: • In the Route Type list, select Static. • In the Network Address field, enter 192.168.50.0. • In the Subnet Mask field, enter 255.255.255.0. • In the Next Hop IP Address field, enter 192.168.200.2. c. Click Add. 7. Create an ACL with ID 101. a. Select Security > ACL > Advanced > IP ACL.
PAGE 151
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the IP ACL Table, in the IP ACL ID field, enter 102. c. Click Add. 9. Add and configure an IP extended rule that is associated with ACL 101. a. Select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID list, select 10. c. Click Add. Chapter 10.
PAGE 152
ProSafe M4100 and M7100 Managed Switches The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • For Action mode, select the Deny radio button. • In the Match Every field, select False. • In the Protocol Type list, select TCP. • For TCP Flag, in the SYN field, select Set, and in the ACK field, select Clear. e. Click Apply to save the settings. 10.
PAGE 153
ProSafe M4100 and M7100 Managed Switches The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • For Action, select the Permit radio button. • In the Match Every field, select False. • In the Protocol Type list, select IP. e. Click Apply to save the settings. 11. Apply ACL 101 to port 44. a. Select Security > ACL > Advanced > IP Binding Configuration.
PAGE 154
ProSafe M4100 and M7100 Managed Switches c. Click Unit 1. The ports display. d. Click the gray box under port 44. A check mark displays in the box. e. Click Apply to save the settings. 12. Apply ACL 102 to port 44. a. Select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. b. Under Binding Configuration, make the following selection and enter the following information: • In the ACL ID list, select 102. • In the Sequence Number field, enter 2. c.
PAGE 155
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 40. • In the IP Address field, enter 192.168.40.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 24 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 40. 2. Create VLAN 50 with IP address 192.168.50.1/24: a.
PAGE 156
ProSafe M4100 and M7100 Managed Switches d. Click the gray box under port 25 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 50. 3. Create VLAN 200 with IP address 192.168.200.2/24. a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 200. • In the IP Address field, enter 192.168.200.2. • In the Network Mask field, enter 255.255.
PAGE 157
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Configure Routes, make the following selections and enter the following information: • Select Static in the Route Type field. • In the Network Address field, enter 192.168.100.0. • In the Subnet Mask field, enter 255.255.255.0. • In the Next Hop IP Address field, enter 192.168.200.1. c. Click Add. 5. Create a static route with IP address 192.168.30.0/24: a.
PAGE 158
ProSafe M4100 and M7100 Managed Switches c. Click Add. Use ACLs to Configure Isolated VLANs on a Layer 3 Switch This example shows how to isolate VLANs on a Layer 3 switch by using ACLs. In this example, PC 1 is in VLAN 24, PC 2 is in VLAN 48, and the server is in VLAN 38. PC 1 and PC 2 are isolated by an ACL but can both access the server. The example is shown as CLI commands and as a Web interface procedure. Port 11/0/38 10.100.5.34 Server 10.100.5.252 Layer 3 switch Port 1/0/24 192.148.24.
PAGE 159
ProSafe M4100 and M7100 Managed Switches CLI: Configure One-Way Access Using a TCP Flag in ACL Commands 1. Enter the following CLI commands.
PAGE 160
ProSafe M4100 and M7100 Managed Switches 3. Create VLAN 38, add port 1/0/38 to it, and assign IP address 10.100.5.34 to it.
PAGE 161
ProSafe M4100 and M7100 Managed Switches 9. Deny all traffic with the destination IP address 192.168.48.0/24, and permit all other traffic. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#ip access-group 102 in 1 (Netgear Switch) (Interface 1/0/24)#ip access-group 103 in 2 (Netgear Switch) (Interface 1/0/24)#exit 10. Deny all traffic with the destination IP address 192.168.24.0/24, and permit all other traffic.
PAGE 162
ProSafe M4100 and M7100 Managed Switches a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 48. • In the IP Address field, enter 192.168.48.1. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 48 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 48. 3.
PAGE 163
ProSafe M4100 and M7100 Managed Switches • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display. d. Click the gray box under port 38 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 38. 4. Enable IP routing: a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b.
PAGE 164
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the IP ACL Table, in the IP ACL ID field, enter 102. c. Click Add. 7. Create an ACL with ID 103. a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL ID field of the IP ACL Table, enter 103. c. Click Add. 8. Add and configure an IP extended rule that is associated with ACL 101: a. Select Security > ACL > Advanced > IP Extended Rules. 164 | Chapter 10.
PAGE 165
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 101. c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • For Action, select the Deny radio button. • In the Match Every field, select False. • In the Destination IP Address field, enter 192.168.
PAGE 166
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 102. c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • For Action mode, select the Deny radio button. • In the Match Every field, select False.
PAGE 167
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 103. c. Click Add. The Extended ACL Rule Configuration screen displays. d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • For Action mode, select the Permit radio button. • In the Match Every field, select False. • In the Protocol Type field, select IP. e.
PAGE 168
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Binding Configuration, make the following selection and enter the following information: • In the ACL ID field, select 102. • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d. Click the gray box under port 24. A check mark displays in the box. e. Click Apply to save the settings. 12. Apply ACL 101 to port 48: a. Select Security > ACL > Advanced > IP Binding Configuration.
PAGE 169
ProSafe M4100 and M7100 Managed Switches b. Under Binding Configuration, make the following selection and enter the following information: • In he ACL ID field, select 101. • In the Sequence Number field, enter 1. c. Click Unit 1. The ports display. d. Click the gray box under port 48. A check mark displays in the box. e. Click Apply to save the settings. 13. Apply ACL 103 to port 24 and port 48: a. Select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays.
PAGE 170
ProSafe M4100 and M7100 Managed Switches CLI: Set up a MAC ACL with Two Rules 1. Create a new MAC ACL acl_bpdu. (Netgear Switch) # (Netgear Switch) #config (Netgear Switch) (Config)#mac access-list extended acl_bpdu 2. Deny all the traffic that has destination MAC 01:80:c2:xx:xx:xx. (Netgear Switch) (Config-mac-access-list)#deny any 01:80:c2:00:00:00 00:00:00:ff:ff:ff 3. Permit all the other traffic. (Netgear Switch) (Config-mac-access-list)#permit any (Netgear Switch) (Config-mac-access-list)#exit 4.
PAGE 171
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. a. In the ACL Name field, select acl_bpdu. b. In the Action field, select Deny. c. Enter the following information in the Rule Table. • In the ID field, enter 1. • In the Destination MAC field, enter 01:80:c2:00:00:00. • In the Destination MAC Mask field, enter 00:00:00:ff:ff:ff. d. Click the Add button. 3. Create a another rule associated with the ACL acl_bpdu. a. Select Security > ACL > MAC ACL > MAC Rules.
PAGE 172
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Enter the following information in the MAC Binding Configuration. • IN the ACL ID field, select acl_bpdu. • In the Sequence Number field, enter 1. c. Click the Unit 1. The ports display. d. Click the gray box under port 2. A check mark displays in the box. e. Click Apply to save the settings.
PAGE 173
ProSafe M4100 and M7100 Managed Switches desired traffic with the option mirror to an interface. Any traffic matching this rule will be copied to the specified mirrored interface. Other network GSM73xxS 1/0/1 1/0/19 Probing station L2 switch Packets from 10.0.0.1 workstation 10.0.0.1 workstation 10.0.0.2 workstation Packets from 10.0.0.2 workstation Figure 19.
PAGE 174
ProSafe M4100 and M7100 Managed Switches 3. Bind the ACL with interface 1/0/1. (Netgear Switch) (Interface 1/0/1)#ip access-group monitorHost in 1 4. View the configuration.
PAGE 175
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the IP ACL ID field, enter monitorHost. c. Click Add to create ACL monitorHost, and the following screen displays: 2. Create a rule to match host 10.0.0.1 in the ACL monitorHost. a. Select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Chapter 10.
PAGE 176
ProSafe M4100 and M7100 Managed Switches b. Click Add, and the Extended ACL Rule Configuration screen displays. c. In the Rule ID field, enter 1. d. For Action, select the Permit radio button. e. In the Mirror Interface list, select 1/0/19. f. In the Src IP Address field, enter 10.0.0.1. g. In the Src IP Mask field, enter 0.0.0.0. h. Click Apply. 3. Create a rule to match every other traffic. a. Select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays.
PAGE 177
ProSafe M4100 and M7100 Managed Switches b. Click Add, and a screen similar to the following displays. c. In the Rule ID field, enter 2. d. Select the Permit radio button. e. In the Match Every field, select True. f. Click Apply. At the end of this configuration a screen similar to the following displays. 4. Bind the ACL with interface 1/0/1. a. Select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. b. In the Sequence Number field, enter 1. c.
PAGE 178
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. ACL Redirect This feature redirects a specified traffic stream to a specified interface. Other network 1/0/1 1/0/19 GSM73xxS Workstation Workstation Web server HTTP packets Other packets Figure 20. ACL Redirect CLI: Redirect a Traffic Stream The script in this section shows how to redirect an HTTP traffic stream received in an interface to the specified interface.
PAGE 179
ProSafe M4100 and M7100 Managed Switches 1. Create an IP access control list with the name redirectHTTP. (Netgear Switch) (Config)#ip access-list redirectHTTP 2. Define a rule to match the HTTP stream and define a rule to permit all others. (Netgear Switch) (Config-ipv4-acl)# permit tcp any any eq http redirect 1/0/19 (Netgear Switch) (Config-ipv4-acl)# permit every 3. Bind the ACL with interface 1/0/1. (Netgear Switch) (Interface 1/0/1)#ip access-group redirectHTTP in 1 4. View the configuration.
PAGE 180
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the IP ACL field, enter redirectHTTP. c. Click Add to create the IP ACL redirectHTTP. A screen similar to the following displays. 2. Create a rule to redirect HTTP traffic. a. Select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. 180 | Chapter 10.
PAGE 181
ProSafe M4100 and M7100 Managed Switches b. Click Add, and the Extended ACL Rule Configuration screen displays. c. In the Rule ID field, enter 1. d. For Action, select the Permit radio button. e. In the Redirect Interface list, select 1/0/19. f. In the Dst L4 Port list, select http. g. Click Apply. The Extended ACL Rules screen displays, as described in the next step in this procedure. 3. Create a rule to match every other traffic. a. Select Security > ACL > Advanced > IP Extended Rules.
PAGE 182
ProSafe M4100 and M7100 Managed Switches b. Click Add, and the Extended ACL Rule Configuration screen displays. c. In the Rule ID field, enter 2. d. For Action, select the Permit radio button. e. In the Match Every field, select True. f. Click Apply. A screen similar to the following displays. 4. Bind the ACL with interface 1/0/1. a. Select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. b. In the Sequence Number field, enter 1. 182 | Chapter 10.
PAGE 183
ProSafe M4100 and M7100 Managed Switches c. In the Port Selection Table, click Unit 1 to display all the ports. d. Select the check box below Port 1. e. Click Apply. At the end of this configuration a screen similar to the following displays. Configure IPv6 ACLs This feature extends the existing IPv4 ACL by providing support for IPv6 packet classification. Each ACL is a set of up to 12 rules applied to inbound traffic.
PAGE 184
ProSafe M4100 and M7100 Managed Switches Note that the order of the rules is important: When a packet matches multiple rules, the first rule takes precedence. Also, once you define an ACL for a given port, all traffic not specifically permitted by the ACL is denied access. Interface 1/0/1 GSM73xxS 2001:0DB8:c0ab:ac11::/64 2001:0DB8:c0ab:ac14::/64 2001:0DB8:c0ab:ac12::/64 2001:0DB8:c0ab:ac13::/64 IPv6 HTTP traffic IPv6 Telnet traffic IPv6 Any other traffic Figure 21.
PAGE 185
ProSafe M4100 and M7100 Managed Switches • Permit IPv6 Telnet traffic to the destination network 2001:DB8:C0AB:AC13::/64 from the source network 2001:DB8:C0AB:AC11::/64. • Permit IPv6 HTTP traffic to any destination network from the source network 2001:DB8:C0AB:AC11::/64.
PAGE 186
ProSafe M4100 and M7100 Managed Switches Rule Number: 3 Action......................................... permit Protocol....................................... 6(tcp) Source IP Address.............................. 2001:DB8:C0AB:AC11::/64 Destination L4 Port Keyword.................... 80(www/http) Web Interface: Configure an IPv6 ACL 1. Create the access control list with the name ipv6-acl a. Select Security > ACL > Advanced > IPv6 ACL. b. In the IPv6 ACL Table, in the IPv6 ACL field, enter ipv6-acl .
PAGE 187
ProSafe M4100 and M7100 Managed Switches b. In the ACL Name list, select ipv6-acl. c. Click Add. d. In the Rule ID field, enter 1. e. For Action, select the Permit radio button. f. In the Source Prefix field, enter 2001:DB8:C0AB:AC11::. g. In the Source Prefix Length field, enter 64. h. In the Destination Prefix field, enter 2001:DB8:C0AB:AC14::. i. In the Destination Prefix Length field, enter 64. A screen similar to the following displays. j. Click Apply. 3. Add Rule 2. a.
PAGE 188
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. i. Click Apply. 4. Add Rule 3. a. In the Rule ID field, enter 3. b. For Action, select the Permit radio button. c. In the Protocol Type list, select TCP. d. In the Source Prefix field, enter 2001:DB8:C0AB:AC11::. e. In the Source Prefix Length field, enter 64. f. In the Destination L4 Port list, select http. A screen similar to the following displays. g. Click Apply. 5.
PAGE 189
ProSafe M4100 and M7100 Managed Switches b. In the ACL ID list, select ipv6-acl. c. In the Sequence Number list, select 1. d. Click Unit 1. e. Select Port 1. A screen similar to the following displays. f. Click Apply. A screen similar to the following displays. 6. View the binding table. Select Security > ACL > Advanced > Binding Table. A screen similar to the following displays. Chapter 10.
PAGE 190
11. CoS Queuing 11 Class of Ser vice Queuing This chapter describes Class of Service (CoS) queue mapping, CoS Configuration, and traffic shaping features.
PAGE 191
ProSafe M4100 and M7100 Managed Switches CoS Queue Mapping CoS queue mapping uses trusted and untrusted ports. Trusted Ports • The system takes at face value certain priority designations for arriving packets. • Trust applies only to packets that have that trust information. • There can be only one trust field at a time - per port. - 802.1p user priority (This is the default trust mode and is managed through switching configuration.
PAGE 192
ProSafe M4100 and M7100 Managed Switches CoS Queue Configuration CoS queue configuration involves port egress queue configuration and drop precedence configuration (per queue). The design of these on a per-queue, pe- drop precedence basis allows you to create the service characteristics that you want for different types of traffic. Port egress queue configuration: • Scheduler type, strict vs.
PAGE 193
ProSafe M4100 and M7100 Managed Switches Web Interface: Show classofservice Trust Select QoS > CoS > Basic > CoS Configuration. A screen similar to the following displays. Set classofservice Trust Mode The example is shown as CLI commands and as a Web interface procedure. CLI: Set classofservice Trust Mode (Netgear Switch) (Config)#classofservice? dot1p-mapping Configure dot1p priority mapping. ip-dscp-mapping Maps an IP DSCP value to an internal traffic class.
PAGE 194
ProSafe M4100 and M7100 Managed Switches 2. Select the Global radio button. 3. In the Global Trust Mode list, select trust dot1p. 4. Click Apply to save the settings. Show classofservice IP-Precedence Mapping The example is shown as CLI commands and as a Web interface procedure.
PAGE 195
ProSafe M4100 and M7100 Managed Switches The IP precedence to queue mapping of the interface is displayed. Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode (Netgear Switch) (Config)#cos-queue min-bandwidth? Enter the minimum bandwidth percentage for Queue 0.
PAGE 196
ProSafe M4100 and M7100 Managed Switches c. Under Interface Queue Configuration, scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. d. Enter the following information: • In the Minimum Bandwidth field, enter 15. • In the Scheduler Type list, select Weighted. e. Click Apply to save the settings. 2. For interface 1/0/2, set the minimum bandwidth 25 for queue 1, and set the scheduler type to strict. a.
PAGE 197
ProSafe M4100 and M7100 Managed Switches CLI: Set CoS Trust Mode for an Interface (Netgear Switch) (Interface 1/0/3)#classofservice trust? dot1p Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP. (Netgear Switch) (Interface 1/0/3)#classofservice trust dot1p? Press Enter to execute the command.
PAGE 198
ProSafe M4100 and M7100 Managed Switches command to enable traffic shaping by specifying the maximum transmission bandwidth limit for all interfaces (Global Config) or for a single interface (Interface Config). The value is a percentage that ranges from 0 to 100 in increments of 5. The default bandwidth value is 0, meaning no upper limit is enforced, which allows the interface to transmit up to its maximum line rate.
PAGE 199
ProSafe M4100 and M7100 Managed Switches d. Click Apply to save the settings. Chapter 11.
PAGE 200
12. DiffServ Differentiated Ser vices 12 This chapter provides the following examples: • DiffServ on page 201 • DiffServ for VoIP on page 218 • Auto VoIP on page 225 • DiffServ for IPv6 on page 229 • Color Conform Policy on page 237 Differentiated services (DiffServ) is one technique for implementing Quality of Service (QoS) policies.
PAGE 201
ProSafe M4100 and M7100 Managed Switches • Class. A class consists of a set of rules that identify which packets belong to the class. Inbound traffic is separated into traffic classes based on Layer 3 and Layer 4 header data and the VLAN ID, and marked with a corresponding DSCP value. One type of class is supported: All, which specifies that every match criterion defined for the class must be true for a match to occur. • Policy. Defines the QoS attributes for one or more traffic classes.
PAGE 202
ProSafe M4100 and M7100 Managed Switches CLI: Configure DiffServ 1. Ensure that the DiffServ operation is enabled for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#diffserv 2. Create a DiffServ class of type all for each of the departments, and name them. Define the match criteria of source IP address for the new classes. (Netgear Switch) (Config)#class-map match-all finance_dept (Netgear Switch) (Config class-map)#match srcip 172.16.10.0 255.255.255.
PAGE 203
ProSafe M4100 and M7100 Managed Switches This policy uses the assign-queue attribute to put each department’s traffic on a different egress queue. This is how the DiffServ inbound policy connects to the CoS queue settings established in the following example.
PAGE 204
ProSafe M4100 and M7100 Managed Switches assign-queue attribute. It is presumed that the switch will forward this traffic to interface 1/0/5 based on a normal destination address lookup for Internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit Web Interface: Configure DiffServ 1. Enable Diffserv. a.
PAGE 205
ProSafe M4100 and M7100 Managed Switches d. Click the finance_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.10.0. • f. In the Source Mask field, enter 255.255.255.0. Click Apply. 3. Create the class marketing_dept: a. Select QoS > DiffServ > Advanced >Class Configuration. A screen similar to the following displays. b. Enter the following information: • In the Class Name field, enter marketing_dept.
PAGE 206
ProSafe M4100 and M7100 Managed Switches d. Click marketing_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.20.0. • f. In the Source Mask field, enter 255.255.255.0. Click Apply. 4. Create the class test_dept: a. Select QoS > DiffServ > Advanced >Class Configuration. A screen similar to the following displays. b. Enter the following information: • In the Class Name field, enter test_dept.
PAGE 207
ProSafe M4100 and M7100 Managed Switches d. Click test_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.30.0. • f. In the Source Mask field, enter 255.255.255.0. Click Apply. 5. Create class development_dept. a. Select QoS > DiffServ > Advanced > Class Configuration. A screen similar to the following displays. b. Enter the following information: • In the Class Name field, enter development_dept.
PAGE 208
ProSafe M4100 and M7100 Managed Switches d. Click development_dept to configure this class. e. Under Diffserv Class Configuration, enter the following information: • In the Source IP Address field, enter 172.16.40.0. • f. In the Source Mask field, enter 255.255.255.0. Click Apply. 6. Create a policy named internet_access and add the class finance_dept to it. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b.
PAGE 209
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the internet_access check box. internet_access now appears in the Policy Selector field at the top. c. In the Member Class list, select marketing_dept. d. Click Apply to add the class marketing_dept to the policy internet_access. 8. Add the class test_dept into the policy internet_access. a. Select QoS > DiffServ > Advanced >Policy Configuration.
PAGE 210
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the internet_access check box. Now internet_access appears in the Policy Selector field at the top. c. In the Member Class list, select development_dept. d. Click Apply to add the class development_dept to the policy internet_access. 10. Assign queue 1 to finance_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration.
PAGE 211
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. c. In the Assign Queue list, select 1. d. Click Apply. 11. Assign queue 2 to marketing_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Click the internet_access check box for marketing_dept. Chapter 12.
PAGE 212
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. c. In the Assign Queue list, select 2. d. Click Apply. 12. Assign queue 3 to test_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Click the internet_access check mark for test_dept. 212 | Chapter 12.
PAGE 213
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. c. In the Assign Queue list, select 3. d. Click Apply. 13. Assign queue 4 to development_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Click the internet_access check mark for development_dept. Chapter 12.
PAGE 214
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. c. In the Assign Queue list, select 4. d. Click Apply. 14. Attach the defined policy to interfaces 1/0/1 through 1/0/4 in the inbound direction. a. Select QoS > DiffServ > Advanced > Service Configuration. A screen similar to the following displays. b. Scroll down and select the check boxes for interfaces 1/0/1, 1/0/2, 1/0/3, and 1/0/4. c. In the Policy In list, select internet_access. d. Click Apply. 15.
PAGE 215
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/5 check box. Now 1/0/5 appears in the Interface field at the top. c. In the Queue ID list, select 1. d. In the Minimum Bandwidth field, enter 25. e. Click Apply. 16. Set the CoS queue 2 configuration for interface 1/0/5. a. Select QoS > CoS > Advanced > Interface Queue Configuration. A screen similar to the following displays. b.
PAGE 216
ProSafe M4100 and M7100 Managed Switches a. Select QoS > CoS > Advanced > Interface Queue Configuration. A screen similar to the following displays. b. Under Interface Queue Configuration, scroll down and select the interface 1/0/5 check box. Now 1/0/5 appears in the Interface field at the top. c. In the Queue ID list, select 3. d. In the Minimum Bandwidth field, enter 25. e. Click Apply. 18. Set the CoS queue 4 configuration for interface 1/0/5. a.
PAGE 217
ProSafe M4100 and M7100 Managed Switches c. In the Queue ID list, select 4. d. In the Minimum Bandwidth field, enter 25. e. Click Apply. Chapter 12.
PAGE 218
ProSafe M4100 and M7100 Managed Switches DiffServ for VoIP One of the most valuable uses of DiffServ is to support Voice over IP (VoIP). VoIP traffic is inherently time sensitive: For a network to provide acceptable service, a guaranteed transmission rate is vital. This example shows one way to provide the necessary quality of service: how to set up a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side.
PAGE 219
ProSafe M4100 and M7100 Managed Switches 2. Create a DiffServ classifier named class_voip and define a single match criterion to detect UDP packets. The class type match-all indicates that all match criteria defined for the class must be satisfied in order for a packet to be considered a match. (Netgear Switch) (Config)#class-map match-all class_voip (Netgear Switch) (Config class-map)#match protocol udp (Netgear Switch) (Config class-map)#exit 3.
PAGE 220
ProSafe M4100 and M7100 Managed Switches Web Interface: Diffserv for VoIP 1. Set queue 5 on all interfaces to use strict mode. a. Select QoS > CoS > Advanced > CoS Interface Configuration. A screen similar to the following displays. b. Under Interface Queue Configuration, select all the interfaces. c. In the Queue ID list, select 5. d. In the Scheduler Type list, select Strict. e. Click Apply to save the settings. 2. Enable DiffServ. a. Select QoS > DiffServ > Basic > DiffServ Configuration.
PAGE 221
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Class Name field, enter class_voip. c. In the Class Type list, select All. d. Click Add to create a new class. e. Click class_voip. A screen similar to the following displays: f. g. In the Protocol Type list, select UDP. Click Apply to create a new class. 4. Create a class class_ef: a. Select QoS > DiffServ > Advanced > DiffServ Configuration. Chapter 12.
PAGE 222
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Class Name field, enter class_ef. c. In the Class Type list, select All. d. Click Add to create a new class. e. Click class_ef. Another screen similar to the following displays: f. g. In the IP DSCP list, select ef. Click Apply to create a new class. 5. Create a policy pol_voip. and add class_voip to this policy. a. Select QoS > DiffServ > Advanced > Policy Configuration. 222 | Chapter 12.
PAGE 223
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Policy Selector field, enter pol_voip. c. In the Member Class list, select class_voip. d. Click Add to create a new policy. e. Click the pol_voip whose class member is class_voip. A screen similar to the following displays. f. In the Assign Queue list, select 5. g. For Policy Attribute, select the Mark IP DSCP radio button, and select ef. h. Click Apply to create a new policy. 6.
PAGE 224
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the pol_voip check box. Pol_voip now appears in the Policy Selector field at the top. c. In the Member Class list, select class_ef in. d. Click Apply to add the class class_ef to the policy pol_voip. e. Click the pol_voip whose class member is class_ef, and a screen similar to the following displays. f. In the Assign Queue list, select 5. g.
PAGE 225
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. c. In the Policy In list, select pol_voip. d. Click Apply to create a new policy. Auto VoIP The Auto-VoIP feature makes it easy to set up VoIP for IP phones on a switch.
PAGE 226
ProSafe M4100 and M7100 Managed Switches installed to assign the highest priority to VOIP data packets. As soon as the call ends, the filters are removed. PBX GSM73xxS VoIP phone VoIP phone VoIP phone Voice traffic Data traffic PC PC Data server PC Figure 24. Auto VoIP The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Auto VoIP This script in this section shows how to set up auto VoIP system-wide. 1. Enable auto VoIP on all the interfaces in the device.
PAGE 227
ProSafe M4100 and M7100 Managed Switches 2.
PAGE 228
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure Auto-VoIP 1. Enable auto VoIP for all the interfaces in the device. a. Select QoS > DiffServ > Auto VoIP. A screen similar to the following displays. b. Select the check box in the first row to select all the interfaces. c. In the Auto VoIP Mode field, select Enable. A screen similar to the following displays. d. Click Apply. 228 | Chapter 12.
PAGE 229
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. DiffServ for IPv6 This feature extends the existing QoS ACL and DiffServ functionality by providing support for IPv6 packet classification. Internet Interface 1/0/1 GSM73xxS Interface 1/0/3 Interface 1/0/2 IPv6 Workstation IPv6 Workstation ICMPv6 traffic Other traffic IPv6 Workstation Figure 25. DiffServ for IPv6 The example is shown as CLI commands and as a web interface procedure. Chapter 12.
PAGE 230
ProSafe M4100 and M7100 Managed Switches CLI: Configure DiffServ for IPv6 The script in this section shows how to prioritize ICMPv6 traffic over other IPv6 traffic. 1. Create the IPv6 class classicmpv6. (Netgear Switch) (Config)# class-map match-all classicmpv6 ipv6 2. Define matching criteria as protocol ICMPv6. (Netgear Switch) (Config-classmap) # match protocol 58 (Netgear Switch) (Config-classmap) # exit 3. Create the policy policyicmpv6. (Netgear Switch) (Config)# policy-map policyicmpv6 in 4.
PAGE 231
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure DiffServ for IPv6 1. Create the IPv6 class classicmpv6. a. Select QoS > DiffServ > Advanced > IPv6 Class Configuration. A screen similar to the following displays. b. In the Class Name field, enter classicmpv6. c. In the Class Type list, select All. A screen similar to the following displays. d. Click Add to create the IPv6 class. A screen similar to the following displays. 2. Define matching criteria as protocol ICMPv6. a.
PAGE 232
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Click the class classicmpv6. A screen similar to the following displays. c. Select the Protocol Type radio button, select Other, and enter 58. A screen similar to the following displays. d. Click Apply. 232 | Chapter 12.
PAGE 233
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 3. Create the policy policyicmpv6, and associate the previously created class classicmpv6. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Name field, enter policyicmpv6. c. In the Policy Type list, select In. d. In the Member Class list, select classicmpv6. A screen similar to the following displays. e. Click Add. 4.
PAGE 234
ProSafe M4100 and M7100 Managed Switches a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. Click the policy policyicmpv6. A screen similar to the following displays. 234 | Chapter 12.
PAGE 235
ProSafe M4100 and M7100 Managed Switches c. In the Assign Queue list, select 6. d. Click Apply. 5. Attach the policy policyicmpv6 to interfaces 1/0/1,1/0/2 and 1/0/3. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. In the Policy Name list, select policyicmpv6. c. Select the Interface 1/0/1, 1/0/2, and 1/0/3 check boxes. Chapter 12.
PAGE 236
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. 236 | Chapter 12.
PAGE 237
ProSafe M4100 and M7100 Managed Switches Color Conform Policy This example shows how to create a policy to police the traffic to a committed rate. The packets with IP precedence value of 7 are colored green to ensure that these packets are the last to be dropped when there is congestion. The example is shown as CLI commands and as a Web interface procedure. CLI: Configure a Color Conform Policy 1. Create a VLAN 5 and configure ports 1/0/13 and 1/0/25 as its members.
PAGE 238
ProSafe M4100 and M7100 Managed Switches means these packets will be the last packets to be dropped in the event of congestion beyond the policed rate.
PAGE 239
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the VLAN ID list, select 5. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 13 and 25 until T displays. The T specifies that the egress packet is tagged for the port. e. Click Apply. 3. Create a class class_vlan: a. Select QoS > DiffServ > Advanced > Class Configuration. A screen similar to the following displays. b.
PAGE 240
ProSafe M4100 and M7100 Managed Switches c. Click Add to create a new class class_vlan. d. Click class_vlan to configure this class. A screen similar to the following displays: e. Under Diffserv Class Configuration, in the VLAN field, enter 5. f. Click Apply. 4. Create a class class_color. a. Select QoS > DiffServ > Advanced > Class Configuration. 240 | Chapter 12.
PAGE 241
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Class Name field, enter class_color. • In the Class Type list, select All. c. Click Add to create a new class class_color. Chapter 12.
PAGE 242
ProSafe M4100 and M7100 Managed Switches d. Click class_color to configure this class. A screen similar to the following displays: e. Under Diffserv Class Configuration, in the Precedence Value list, select 7. f. Click Apply. 5. Create a policy policy_vlan. a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. b. In the Policy Name field, enter policy_vlan. c. In the Policy Type list, select In. d. Click Add. 6. Associate policy_vlan with class_vlan. a.
PAGE 243
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the policy_vlan check box. c. In the Member Class field, enter class_vlan. d. Click Apply. 7. Configure policy_vlan. a. Select QoS > DiffServ > Advanced > Policy Configuration. Click policy_vlan. A screen similar to the following displays. b. Select the Simple Policy radio button. c. In the Color Mode list, select Color Aware. d.
PAGE 244
ProSafe M4100 and M7100 Managed Switches h. For Violate Action, select the Drop radio button. i. Click Apply. 8. Apply policy_vlan to interface 1/0/13. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. Under Service Interface Configuration, scroll down and select the Interface 1/0/13 check box. c. In the Policy Name list, select policy_vlan. d. Click Apply to save the settings. 244 | Chapter 12.
PAGE 245
13. IGMP Snooping and Querier 13 This chapter provides the following examples: • IGMP Snooping • Show igmpsnooping on page 246 • Show mac-address-table igmpsnooping on page 247 • External Multicast Router on page 248 • Multicast Router Using VLAN on page 249 • IGMP Querier on page 250 • Enable IGMP Querier on page 251 • Show IGMP Querier Status on page 254 IGMP: • Uses version 3 of IGMP. • Includes snooping. • Snooping can be enabled per VLAN. Chapter 13.
PAGE 246
ProSafe M4100 and M7100 Managed Switches IGMP Snooping The following are examples of the commands used in the IGMP snooping feature. CLI: Enable IGMP Snooping The following example shows how to enable IGMP snooping. (Netgear Switch) #config (Netgear Switch) (Config)#set igmp (Netgear Switch) (Config)# set igmp unknown-multicast filter (Netgear Switch) (Config)#exit Web Interface: Enable IGMP Snooping 1. Configure IGMP snooping: a. Select Switching > Multicast > IGMP Snooping Configuration.
PAGE 247
ProSafe M4100 and M7100 Managed Switches CLI: Show igmpsnooping (Netgear Switch) #show igmpsnooping Admin Mode..................................... Disable Unknown Multicast Filtering.................... Disable Multicast Control Frame Count.................. 0 Interfaces Enabled for IGMP Snooping........... None VLANs enabled for IGMP snooping................ None Web Interface: Show igmpsnooping Select Switching > Multicast > IGMP Snooping Configuration. A screen similar to the following displays.
PAGE 248
ProSafe M4100 and M7100 Managed Switches CLI: Show mac-address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? Press Enter to execute the command.
PAGE 249
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure the Switch with an External Multicast Router 1. Select Switching > Multicast > Multicast Router Configuration. A screen similar to the following displays. 2. Under Multicast Router Configuration, scroll down and select the Interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. 3. In the Admin Mode field, select Enable. 4. Click Apply.
PAGE 250
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 2. Under Multicast Router VLAN Configuration, scroll down and select the Interface 1/0/3 check box. 3. Enter the following information in the Multicast Router VLAN Configuration. • In the VLAN ID field, enter 2. • In the Multicast Router field, select Enable. 4. Click Apply.
PAGE 251
ProSafe M4100 and M7100 Managed Switches respond. With the built-in IGMP querier feature inside the switch, such an external device is no longer needed. Figure 26. IGMP querier Since the IGMP querier is designed to work with IGMP snooping, it is necessary to enable IGMP snooping when using it. The following figure shows a network application for video streaming service using the IGMP querier feature. Enable IGMP Querier The example is shown as CLI commands and as a Web interface procedure.
PAGE 252
ProSafe M4100 and M7100 Managed Switches address in querier packets. See the Command Line Reference for more details about other IGMP querier command options. (Netgear switch) #vlan database (Netgear switch) (vlan)#set igmp 1 (Netgear switch) (vlan)#set igmp querier 1 (Netgear switch) (vlan)#exit (Netgear switch) #config (Netgear switch) (config)#set igmp querier (Netgear switch) (config)#set igmp querier address 10.10.10.1 (Netgear switch) (config)#exit Web Interface: Enable IGMP Querier 1.
PAGE 253
ProSafe M4100 and M7100 Managed Switches • In the Admin Mode field, select Enable. c. Click Add. 3. Enable the IGMP snooping querier globally. a. Select Switching > Multicast > IGMP Snooping > IGMP VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • For Querier Admin Mode, select the Enable radio button. • In the Querier IP Address field, enter 10.10.10.1. c. Click Apply. 4. Enable the IGMP snooping querier on VLAN 1. a.
PAGE 254
ProSafe M4100 and M7100 Managed Switches Show IGMP Querier Status The example is shown as CLI commands and as a Web interface procedure. CLI: Show IGMP Querier Status To see the IGMP querier status, use the following command. (Netgear Switch) #show igmpsnooping querier vlan 1 VLAN 1 : IGMP Snooping querier status ---------------------------------------------IGMP Snooping Querier VLAN Mode................ Enable Querier Election Participate Mode.............. Disable Querier VLAN Address...................
PAGE 255
14. MVR (Multicast VLAN Registration) 14 This chapter provides the following examples: • Configure MVR in Compatible Mode • Configure MVR in Dynamic Mode The IGMP Layer 3 protocol is widely used for IPv4 network multicasting. In Layer 2 networks, the IGMP protocol uses resources inefficiently. For example, a Layer 2 switch multicasts traffic to all ports even if there are receivers connected to only a few ports. To fix this problem, the IGMP Snooping protocol was developed.
PAGE 256
ProSafe M4100 and M7100 Managed Switches multicast streams for clients in different VLANs. A diagram of a network configured for MVR is shown in the following illustration. SP is the source port and RP is the receiver port. Multicast source IGMP (GSM7328Sv2) SP (VLAN999) SP (VLAN 999) MVR (GSM7212P) RP (VLAN 1001) RP (VLAN 1003) RP (VLAN 1002) Multicast client Multicast client Multicast client Figure 27.
PAGE 257
ProSafe M4100 and M7100 Managed Switches CLI: Configure MVR in Compatible Mode 1. Create MVlan, VLAN1, VLAN2, and VLAN3. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 999,1001, 1002, 1003 (Netgear Switch) (Vlan)#vlan name 999 mVlan (Netgear Switch) (Vlan)#vlan name 1001 Vlan1 (Netgear Switch) (Vlan)#vlan name 1002 Vlan2 (Netgear Switch) (Vlan)#vlan name 1003 Vlan3 (Netgear Switch) (Vlan)#exit 2. Enable MVR, configure VLAN 999 as a multicast VLAN, and add group 224.1.2.3 to MVR.
PAGE 258
ProSafe M4100 and M7100 Managed Switches Note: The receive port can participate in only one VLAN. (Netgear Switch) (Config)#interface 0/1 (Netgear Switch) (Interface 0/1)#vlan participation include 1001 (Netgear Switch) (Interface 0/1)#vlan pvid 1001 (Netgear Switch) (Interface 0/1)#vlan participation exclude 1 (Netgear Switch) (Interface 0/1)#mvr (Netgear Switch) (Interface 0/1)#mvr type receiver (Netgear Switch) (Interface 0/1)#mvr vlan 999 group 224.1.2.
PAGE 259
ProSafe M4100 and M7100 Managed Switches 5. Show mvr status. (Netgear Switch) #show mvr MVR Running....................... TRUE MVR multicast VLAN................ 999 MVR Max Multicast Groups.......... 256 MVR Current multicast groups...... 1 MVR Global query response time.... 5 (tenths of sec) MVR Mode..........................
PAGE 260
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays: b. In the VLAN ID list, select 999. c. Click Unit 1. The ports display. d. Click the gray box under port 9 until T displays. The T specifies that the egress packet is tagged for the ports. e. Click Apply to save the settings. f. Repeat steps from b to e, add port 0/1 to VLAN1 1001, add port 0/5 to VLAN2 1002, and add port 0/7 to VLAN3 1003. 3. Enable MVR and multicast VLAN a.
PAGE 261
ProSafe M4100 and M7100 Managed Switches c. Click Add. 5. Configure a receiver on interface 0/1, 0/5, and 0/7. a. Select Switching > MVR > Basic > MVR Interface Configuration. A screen similar to the following displays: b. Under MVR Interface Configuration, scroll down and select the Interface 0/1, 0/5 and 0/7 check boxes. c. Enter the following information: • In the Admin Mode list, select Enable. • In the Type list, select Receiver. d. Click Apply to save the settings. 6. Configure source interface.
PAGE 262
ProSafe M4100 and M7100 Managed Switches b. Under MVR Interface Configuration, scroll down and select the Interface 0/9 check box. c. Enter the following information: • In the Admin Mode list, select Enable. • In the Type list, select source. d. Click Apply to save the settings. 7. Configure MVR Group Membership. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays: b. In the Group IP list, select 224.1.2.3. c. Click Unit 1. The ports display. d.
PAGE 263
ProSafe M4100 and M7100 Managed Switches Configure MVR in Dynamic Mode CLI: Configure MVR in Dynamic Mode In dynamic mode, the MVR switch learns existing multicast groups by snooping the IGMP queries from router on source ports and forwarding the IGMP reports from the hosts to the IGMP router on the Multicast VLAN (with appropriate translation of the VLAN ID). 1. Create MVLAN, VLAN1, VLAN2, and VLAN3.
PAGE 264
ProSafe M4100 and M7100 Managed Switches 5. Configure the receive ports. Note: A receive port can participate in only one VLAN.
PAGE 265
ProSafe M4100 and M7100 Managed Switches 6. Show the MVR status. (Netgear Switch) #show mvr MVR Running....................... TRUE MVR multicast VLAN................ 999 MVR Max Multicast Groups.......... 256 MVR Current multicast groups...... 1 MVR Global query response time.... 5 (tenths of sec) MVR Mode..........................
PAGE 266
ProSafe M4100 and M7100 Managed Switches f. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays: g. In the VLAN ID list, select 999. h. Click Unit 1. The ports display. i. Click the gray boxes under port 9 until T displays. The T specifies that the egress packet is tagged for the ports. j. Click Apply to save the settings. k. Repeat steps from b to e, add port 0/1 to VLAN1 1001, add port 0/5 to VLAN2 1002, and add port 0/7 to VLAN3 1003. 2.
PAGE 267
ProSafe M4100 and M7100 Managed Switches 3. Add multicast group 224.1.2.3 to the MVR. a. Select Switching > MVR > Basic > MVR Group Configuration. A screen similar to the following displays: b. In the MVR Group IP field, enter 224.1.2.3. c. Click Add. 4. Configure a receiver on interface 0/1, 0/5 and 0/7. a. Select Switching > MVR > Basic > MVR Interface Configuration. A screen similar to the following displays: b.
PAGE 268
ProSafe M4100 and M7100 Managed Switches 5. Configure a source interface. a. Select Switching > MVR > Basic > MVR Interface Configuration. A screen similar to the following displays: b. Under MVR Interface Configuration, scroll down and select the Interface 0/9 check box. c. Enter the following information: • In the Admin Mode list, select Enable. • In the Type list, select source. d. Click Apply to save the settings. 6. After port 1 receives an IGMP report for multicast group 224.1.2.
PAGE 269
15. Security Management 15 In this chapter, examples are provided for the following topics: • Port Security • Set the Dynamic and Static Limit on Port 1/0/1 on page 270 • Convert the Dynamic Address Learned from 1/0/1 to a Static Address on page 271 • Create a Static Address on page 272 • Protected Ports on page 273 • 802.
PAGE 270
ProSafe M4100 and M7100 Managed Switches given in the software Release Notes. After the limit is reached, additional MAC addresses are not learned. Only frames with an allowable source MAC addresses are forwarded. Note: If you want to set a specific MAC address for a port, set the dynamic entries to 0, then allow only packets with a MAC address matching the MAC address in the static list. Dynamically locked addresses can be converted to statically locked addresses.
PAGE 271
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Port Security Configuration, next to Port Security Mode, select the Enable radio button. c. Click Apply to save the settings. 2. Set the dynamic and static limit on the port 1/0/1: a. Select Security > Traffic Control > Port Security >Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top.
PAGE 272
ProSafe M4100 and M7100 Managed Switches CLI: Convert the Dynamic Address Learned from 1/0/1 to the Static Address (Netgear Switch)(Interface 1/0/1)#port-security mac-address move Convert the dynamic address learned from 1/0/1 to the static address (Netgear Switch)(Interface 1/0/1)#exit (Netgear Switch)(Config)#exit (Netgear Switch)#show port-security static 1/0/1 Number of static MAC addresses configured: 3 Statically configured MAC Address VLAN ID --------------------------------------------00:0E:45:30:1
PAGE 273
ProSafe M4100 and M7100 Managed Switches CLI: Create a Static Address (Netgear Switch) (Interface 1/0/1)#port-security mac-address 00:13:00:01:02:03 Web Interface: Create a Static Address 1. Select Security > Traffic Control > Port Security > Static MAC address. A screen similar to the following displays. 2. Under Port List, in the Interface list, select 1/0/1. 3. In the Static MAC Address section of the screen, enter the following information: • In the Static MAC Address field, enter 00:13:00:01:02:03.
PAGE 274
ProSafe M4100 and M7100 Managed Switches In following example, PC 1 and PC 2 can access the Internet as usual, but PC 1 cannot see the traffic that is generated by PC 2, that is, no traffic is forwarded between PC 1 and PC 2. Internet 10.100.5.34 Layer 2 switch 192.168.1.252 192.168.1.252 PC 2 PC 1 192.168.1. 192.168.1. Figure 28. Protected ports CLI: Configure a Protected Port to Isolate Ports on the Switch 1. Create one VLAN 192 including PC 1 and PC 2.
PAGE 275
ProSafe M4100 and M7100 Managed Switches 2. Create one VLAN 202 connected to the Internet.
PAGE 276
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure a Protected Port to Isolate Ports on the Switch 1. Create a DHCP pool: Note: This example assumes that the DHCP service is enabled. For information about how to enable the DHCP service, see the Web interface procedure in Configure a DHCP Server in Dynamic Mode on page 381. a. Select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. b.
PAGE 277
ProSafe M4100 and M7100 Managed Switches • In the Type of Binding field, select Dynamic. • In the Network Number field, enter 192.168.1.0. • In the Network Mask field, enter 255.255.255.0. • In the Days field, enter 1. • Click Default Router Addresses. The DNS server address fields display. In the first Router Address field, enter 192.168.1.254. • Click DNS Server Addresses. The router address fields display. In the first DNS Server Address field, enter 12.7.210.170. c. Click Add. 2.
PAGE 278
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 202. • In the IP Address field, enter 10.100.5.34. • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display: d. Click the gray box under port 48 twice until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply to save the VLAN that includes port 48. 4. Enable IP routing: a.
PAGE 279
ProSafe M4100 and M7100 Managed Switches a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b. Under Configure Routes, in the Route Type list, select Default Route. c. In the Next Hop IP Address field, enter 10.100.5.252. d. Click Add to add the route that is associated to VLAN 202 to the Learned Routes table. 6. Configure port 23 and port 24 as protected ports: a. Select Security > Traffic Control > Protected Port.
PAGE 280
ProSafe M4100 and M7100 Managed Switches 802.1x Port Security This section describes how to configure the 802.1x port security feature on a switch port. IEEE 802.1x authentication prevents unauthorized clients from connecting to a VLAN unless these clients are authorized by the server. 802.1x port security prevent unauthorized clients from connecting to a VLAN. It can be configured on a per-port basis. RADIUS server Layer 2 switch PC 1 PC 2 Figure 29. Using 802.
PAGE 281
ProSafe M4100 and M7100 Managed Switches 2. Use RADIUS to authenticate the dot1x users. (Netgear Switch) (Config)#aaa authentication dot1x default radius 3. Configure a RADIUS authentication server. (Netgear Switch) (Config)#radius server host auth 10.100.5.17 4. Configure the shared secret between the RADIUS client and the server. Netgear Switch) (Config)#radius server key auth 10.100.5.17 Enter secret (16 characters max):123456 Re-enter secret:123456 5. Set the RADIUS server as a primary server.
PAGE 282
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply to save the settings. 2. Assign IP address 192.168.1.1/24 to the interface 1/0/1. a. Select Routing > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. c.
PAGE 283
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/19 check box. Now 1/0/19 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 10.100.5.33. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 4. Create an authentication name list. a.
PAGE 284
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/19 check box. Now 1/0/19 appears in the Interface field at the top. c. In the Control Mode list, select Force Authorized. d. Click Apply to save the settings. 6. Enable dot1x on the switch. a. Select Security > Port Authentication > Server Configuration. A screen similar to the following displays. b. For Administrative Mode, select the Enable radio button. c.
PAGE 285
ProSafe M4100 and M7100 Managed Switches b. In the Server Address field, enter 10.100.5.17. c. In the Secret Configured field, select Yes. d. In the Secret field, enter 123456. e. In the Primary Server field, select Yes. f. In the Message Authenticator field, select Enable. g. Click Add. 8. Enable accounting. a. Select Security > Management Security > RADIUS > Radius Configuration. A screen similar to the following displays. b. In the Server Address field, enter 10.100.5.17. c.
PAGE 286
ProSafe M4100 and M7100 Managed Switches Create a Guest VLAN The guest VLAN feature allows a switch to provide a distinguished service to dot1x unaware clients (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach an external network with no ability to surf the internal LAN. Guest 1 RADIUS server 1/0/6 1/0/1 Guest 2 1/0/24 Host 1/0/12 Switch Figure 30.
PAGE 287
ProSafe M4100 and M7100 Managed Switches CLI: Create a Guest VLAN 1. Enter the following commands: (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 2000 (Netgear Switch) (Interface 1/0/24)#exit 2.
PAGE 288
ProSafe M4100 and M7100 Managed Switches 4. Enable the guest VLAN on ports 1/0/1 and 1/0/24. (Netgear Switch) #show dot1x detail 1/0/1 Protocol Version............................... 1 PAE Capabilities............................... Authenticator Control Mode................................... auto Authenticator PAE State........................ Authenticated Backend Authentication State................... Idle Quiet Period (secs)............................ 60 Transmit Period (secs).......................
PAGE 289
ProSafe M4100 and M7100 Managed Switches c. In the VLAN Type field, select Static. d. Click Add. 2. Add ports to VLAN 2000. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 2000 . c. Click Unit 1. The ports display. d. Click the gray boxes under ports 1 and 24 until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply. 3. Set force authorized mode on ports 1/0/6 and 1/0/12. a.
PAGE 290
ProSafe M4100 and M7100 Managed Switches Make sure that 1/0/12 and 1/0/6 are configured as force authorized before you do this step; otherwise you cannot access the switch through the Web Interface. a. Select Security > Port Authentication > Basic > 802.1x Configuration. A screen similar to the following displays. b. For Administrative Mode, select the Enable radio button. c. Click Apply to save settings. 5. Configure the dot1x authentication list. a.
PAGE 291
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Radius Server IP Address field, enter 192.168.0.1. c. In the Secret Configured field, select Yes. d. In the Secret field, enter 12345. e. Click Add. 7. Configure the guest VLAN. a. Select Security > Port Authentication > Advanced > Port Authentication. A screen similar to the following displays. b. Scroll down and select the port 1/0/1 and 1/0/24 check boxes. c. In the Guest VLAN ID field, enter 2000. d.
PAGE 292
ProSafe M4100 and M7100 Managed Switches • After a port is in an authorized state, if any client initiates dot1x authentication, the port clears authenticated clients’ states, and in the process clears the VLAN assigned to the port (if any). Then the port continues with the new client authentication and authorization process.
PAGE 293
ProSafe M4100 and M7100 Managed Switches 2. Enable dot1x authentication on the switch (Netgear Switch) (Config)#dot1x system-auth-control 3. Use the RADIUS as the authenticator. (Netgear Switch) (Config)#aaa authentication dot1x default radius 4. Enable the switch to accept VLAN assignment by the RADIUS server. (Netgear Switch) (Config)#authorization network radius 5. Set the RADIUS server IP address. (Netgear Switch) (Config)#radius server host auth 192.168.0.1 6.
PAGE 294
ProSafe M4100 and M7100 Managed Switches 8. Show the dot1x detail for 1/0/5. (Netgear Switch) #show dot1x detail 1/0/5 Port........................................... 1/0/5 Protocol Version............................... 1 PAE Capabilities............................... Authenticator Control Mode................................... auto Authenticator PAE State........................ Authenticated Backend Authentication State................... Idle Quiet Period (secs)............................
PAGE 295
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Current Network Configuration Protocol, select the None radio button. c. In the IP Address field, enter 192.168.0.5. d. In the Subnet Mask field, enter 255.255.255.0. e. Click Apply. 2. Create VLAN 2000. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 2000. c. In the VLAN Type field, select Static. d. Click Add. 3.
PAGE 296
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Port Authentication, scroll down and select the 1/0/6 and 1/0/12 check boxes. c. In the Control Mode list, select Force Authorized. d. Click Apply to save settings. 4. Enable dot1x on the switch. Make sure that 1/0/12 and 1/0/6 are configured as force authorized before you do this step; otherwise, you cannot access the switch through the Web Management Interface. a.
PAGE 297
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Select the defaultList check box. c. In the 1 list, select RADIUS. d. Click Add. 6. Configure the RADIUS authentication server. a. Select Security > Management Security > Radius > Server Configuration. A screen similar to the following displays. b. In the Radius Server IP Address field, enter 192.168.0.1. c. In the Secret Configured field, select Yes. d. In the Secret field, enter 12345. e. Click Add.
PAGE 298
ProSafe M4100 and M7100 Managed Switches DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a bindings database of valid tuples (MAC address, IP address, VLAN interface). When DAI is enabled, the switch drops ARP packet if the sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database. However, it can be overcome through static mappings.
PAGE 299
ProSafe M4100 and M7100 Managed Switches 3. Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust 4. View the DHCP Snooping Binding table. (GSM7328S) #show ip dhcp snooping binding Total number of bindings: 1 MAC Address IP Address VLAN Interface ----------------- --------------- ---- ----------- 00:16:76:A7:88:CC 192.168.10.
PAGE 300
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For DHCP Snooping Mode, select the Enable radio button. c. Click Apply. 2. Enable DHCP snooping in a VLAN. a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 1. c. In the the DHCP Snooping Mode field, select Enable. A screen similar to the following displays. 3.
PAGE 301
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Select the check box for Interface 1/0/1. c. For Interface 1/0/1, set the Trust Mode as Enable. d. Click Apply. A screen similar to the following displays. 4. View the DHCP Snooping Binding table. a. Select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. 5. Enable ARP Inspection in VLAN 1. a.
PAGE 302
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the VLAN ID field, enter 1. c. In the Dynamic ARP Inspection field, select Enable. A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. Now all the ARP packets received on the ports that are member of the VLAN are copied to the CPU for ARP inspection. If there are trusted ports, you can configure them as trusted in the next step.
PAGE 303
ProSafe M4100 and M7100 Managed Switches Note: Make sure the administrator PC has a DHCP snooping entry or can access the device through the trusted port for ARP. Otherwise, you might get disconnected from the device. 6. Configure port 1/0/1 as trusted. a. Select Security > Control > Dynamic ARP Inspection > DAI Interface Configuration. b. Select the Interface 1/0/1 check box. c. For the Trust Mode, select Enable. d. Click Apply. A screen similar to the following displays.
PAGE 304
ProSafe M4100 and M7100 Managed Switches 3. Configure ARP ACL used for VLAN 1. (Netgear Switch) (Config)# ip arp inspection filter ArpFilter vlan 1 4. Now the ARP packets from the static client will go through since it has an entry in the ARP. ACL ARP packets from the DHCP client is also through since it has a DHCP snooping entry. This command can include the optional static keyword.
PAGE 305
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 3. Configure the ARP ACL used for VLAN 1. a. Select Security > Control > Dynamic ARP Inspection > DAI VLAN Configuration. b. In the ARP ACL Name field, enter ArpFilter. c. Click Apply. A screen similar to the following displays.
PAGE 306
ProSafe M4100 and M7100 Managed Switches within the VLAN to be trusted or untrusted. DHCP servers must be reached through trusted ports. Interface 1/0/1 GSM73xxS DHCP server Interface 1/0/1 DHCP client Figure 33. DHCP Snooping The example is shown as CLI commands and as a Web interface procedure. CLI: Configure DHCP Snooping 1. Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping 2. Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 3.
PAGE 307
ProSafe M4100 and M7100 Managed Switches 4. View the DHCP Snooping Binding table. (GSM7328S) #show ip dhcp snooping binding Total number of bindings: MAC Address 1 IP Address VLAN Interface Type Lease (Secs) ----------------- --------------- ---- ----------- ------- ----------- 00:16:76:A7:88:CC 192.168.10.89 1 1/0/2 DYNAMIC 86400 Web Interface: Configure DHCP Snooping 1. Enable DHCP snooping globally: a. Select Security > Control > DHCP Snooping Global Configuration.
PAGE 308
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the VLAN ID list, select 1. c. For DHCP Snooping Mode, select the Enable radio button. A screen similar to the following displays. d. Click Apply. 3. Configure the port through which DHCP server is reached as trusted. a. Select Security > Control > DHCP Snooping Interface Configuration. A screen similar to the following displays. b. Select the Interface 1/0/1check box. c.
PAGE 309
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 4. Select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Enter Static Binding into the Binding Database You can also enter the static binding into the binding database. CLI: Enter Static Binding into the Binding Database 1. Enter the DHCP snooping static binding. (Netgear Switch) (Config)# ip dhcp snooping binding 00:11:11:11:11:11 vlan 1 192.168.10 .
PAGE 310
ProSafe M4100 and M7100 Managed Switches 2. Check to make sure the binding database has the static entry. (GSM7328S) #show ip dhcp snooping binding Total number of bindings: MAC Address IP Address ---------------------------------00:11:11:11:11:11 00:16:76:A7:88:CC 2 VLAN Interface --------------- 192.168.10.1 192.168.10.89 1 1 Type -------1/0/2 1/0/2 Lease (Secs) ----------- ------- STATIC DYNAMIC 86348 Web Interface: Enter Static Binding into the Binding Database 1.
PAGE 311
ProSafe M4100 and M7100 Managed Switches CLI: Configure the Maximum Rate of DHCP Messages 1. Control the maximum rate of DHCP messages. (Netgear Switch) (Interface 1/0/2)# ip dhcp snooping limit rate 5 2. View the rate configured. (GSM7328S) #show ip dhcp snooping interfaces 1/0/2 Interface Trust State Rate Limit ---------- ------------- ------------- (pps) 1/0/2 No 5 Burst Interval (seconds) --------------1 Web Interface: Configure the Maximum Rate of DHCP Messages 1.
PAGE 312
ProSafe M4100 and M7100 Managed Switches IP Source Guard IP Source Guard uses the DHCP snooping bindings database. When IP Source Guard is enabled, the switch drops incoming packets that do not match a binding in the bindings database. IP Source Guard can be configured to enforce just the source IP address or both the source IP address and source MAC address. Static client IP address: 192.168.10.
PAGE 313
ProSafe M4100 and M7100 Managed Switches 2. Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 3. Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust 4. View the DHCP Snooping Binding table. (GSM7328S) #show ip dhcp snooping binding Total number of bindings: MAC Address 1 IP Address VLAN ----------------- --------------- 00:16:76:A7:88:CC 192.
PAGE 314
ProSafe M4100 and M7100 Managed Switches b. For DHCP Snooping Mode, select the Enable radio button. c. Click Apply. 2. Enable DHCP snooping in a VLAN. a. Select Security > Control > DHCP Snooping Global Configuration. A screen similar to the following displays. b. In the VLAN Configuration table, in the VLAN ID list, select 1. c. In the DHCP Snooping Mode field, select Enable. A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. 3.
PAGE 315
ProSafe M4100 and M7100 Managed Switches a. Select Security > Control > DHCP Snooping Interface Configuration. A screen similar to the following displays. b. Select Interface 1/0/1 check box. c. For interface 1/0/1, in the Trust Mode field, select Enable. d. Click Apply. A screen similar to the following displays. 4. View the DHCP Snooping Binding table. Select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. 5.
PAGE 316
ProSafe M4100 and M7100 Managed Switches d. Click Apply. A screen similar to the following displays. 6. Set up IP source guard static binding. a. Select Security > Control > IP Source Guard > Binding Configuration. b. Select the Interface 1/0/2 check box. c. In the MAC Address field, enter 00:05:05:05:05:05. d. In the VLAN ID field, enter 1. e. In the IP Address field, enter 192.168.10.80. f. Click Add. A screen similar to the following displays. 316 | Chapter 15.
PAGE 317
16. SNTP 16 S i mple Net work Tim e P roto c ol This chapter provides the following examples: • Show SNTP (CLI Only) • Configure SNTP on page 319 • Set the Time Zone (CLI Only) on page 321 • Set the Named SNTP Server on page 321 The SNTP feature offers these benefits: • It can be used to synchronize network resources and for adaptation of NTP. • SNTP provides synchronized network timestamp. • It can be used in broadcast or unicast mode.
PAGE 318
ProSafe M4100 and M7100 Managed Switches show sntp client (Netgear Switch Routing) #show sntp client Client Supported Modes: unicast broadcast SNTP Version: 4 Port: 123 Client Mode: unicast Unicast Poll Interval: 6 Poll Timeout (seconds): 5 Poll Retry: 1 show sntp server (Netgear Switch Routing) #show sntp server Server IP Address: 81.169.155.234 Server Type: ipv4 Server Stratum: 3 Server Reference Id: NTP Srv: 212.186.110.
PAGE 319
ProSafe M4100 and M7100 Managed Switches Configure SNTP The example is shown as CLI commands and as a Web interface procedure. CLI: Configure SNTP NETGEAR switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers. The following steps configure SNTP on the switch: 1. Configure the SNTP server IP address.
PAGE 320
ProSafe M4100 and M7100 Managed Switches command to confirm that the time has been received. The time will be used in all logging messages. (Netgear Switch) #show sntp server Server IP Address: 208.14.208.19 Server Type: ipv4 Server Stratum: 4 Server Reference Id: NTP Srv: 208.14.208.3 Server Mode: Server Server Maximum Entries: 3 Server Current Entries: 1 SNTP Servers -----------IP Address: 208.14.208.
PAGE 321
ProSafe M4100 and M7100 Managed Switches • Iin the Server Type field, select IPV4 . • In the Address field, enter 208.14.208.19. • In the Port field, enter 123. • In the Priority field, enter 1. • In the Version field, enter 4. c. Click Add. 2. Configure SNTP globally. a. Select System > Management > Time > SNTP Global Configuration. A screen similar to the following displays. b. Enter the following information: • For Client Mode, Select the Unicast radio button.
PAGE 322
ProSafe M4100 and M7100 Managed Switches CLI: Set the Named SNTP Server NETGEAR provides SNTP servers accessible by NETGEAR devices. Because NETGEAR might change IP addresses assigned to its time servers, it is best to access an SNTP server by DNS name instead of using a hard-coded IP address. The public time servers available are time-a, time-b, and time-c.
PAGE 323
ProSafe M4100 and M7100 Managed Switches a. Select System > Management > DNS > DNS Configuration. A screen similar to the following displays. b. Enter the following information: • For DNS Status, select the Enable radio button • In the DNS Server field, enter 192.168.1.1. c. Click Add. Chapter 16.
PAGE 324
17. Tools 17 This chapter provides the following examples: • Traceroute • Configuration Scripting on page 326 • Pre-Login Banner on page 329 • Port Mirroring on page 330 • Dual Image on page 331 • Outbound Telnet on page 334 Traceroute This section describes the traceroute feature. Use traceroute to discover routes that packets take when traveling on a hop-by-hop basis to their destination through the network.
PAGE 325
ProSafe M4100 and M7100 Managed Switches CLI: Traceroute (Netgear Switch) #traceroute? Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? Press Enter to execute the command. Enter port no. (Netgear Switch) #traceroute 216.109.118.74 racing route over a maximum of 20 hops 1 10.254.24.1 40 ms 9 ms 10 ms 2 10.254.253.1 30 ms 49 ms 21 ms 3 63.237.23.33 29 ms 10 ms 10 ms 4 63.144.4.1 39 ms 63 ms 67 ms 5 63.144.1.141 70 ms 50 ms 50 ms 6 205.171.
PAGE 326
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. Use this screen to tell the switch to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. Once you click the Apply button, the switch will send three traceroute packets each hop, and the results will be displayed in the result table. 2. In the IP Address field, enter 216.109.118.74. 3. Click Apply.
PAGE 327
ProSafe M4100 and M7100 Managed Switches • Application of scripts is partial if a script fails. For example, if the script executes 5 of 10 commands and the script fails, the script stops at 5. • Scripts cannot be modified or deleted while being applied. • Validation of scripts checks for syntax errors only. It does not validate that the script will run successfully. script (Netgear Switch) #script ? apply Applies configuration script to the switch.
PAGE 328
ProSafe M4100 and M7100 Managed Switches script apply running-config.scr (Netgear Switch) #script apply running-config.scr Are you sure you want to apply the configuration script? (y/n) y The system has unsaved changes. Would you like to save them now? (y/n) y Configuration Saved! Create a Configuration Script (Netgear Switch) #show running-config running-config.scr Config script created successfully.
PAGE 329
ProSafe M4100 and M7100 Managed Switches Pre-Login Banner Pre-login banner: • Allows you to create message screens that display when a user logs in to the CLI. • By default, no banner file exists. • You can upload or download. • File size cannot be larger than 2 K. The Pre-Login Banner feature is only for the CLI interface. Create a Pre-Login Banner (CLI Only) 1. On your PC, using Notepad create a banner.txt file that contains the banner to be displayed.
PAGE 330
ProSafe M4100 and M7100 Managed Switches Port Mirroring The port ,irroring feature: • Allows you to monitor network traffic with an external network analyzer. • Forwards a copy of each incoming and outgoing packet to a specific port. • Is used as a diagnostic tool, debugging feature, or means of fending off attacks. • Assigns a specific port to copy all packets to. • Allows inbound or outbound packets to switch to their destination and to be copied to the mirrored port.
PAGE 331
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 2. Scroll down and select the Source Port 1/0/2 check box. The value 1/0/2 now appears in the Interface field at the top. 3. Enter the following information: • In the Destination Port field, enter 1/0/3. • In the Session Mode field, select Enable. 4. Click Apply. Dual Image Traditionally switches contain a single image in the permanent storage. This image is loaded into memory every time there is a reboot.
PAGE 332
ProSafe M4100 and M7100 Managed Switches • When any node is unable to execute the active-image successfully, it attempts to execute the backup-image, as mentioned in the section above. Such cases will require user intervention to correct the problem, by using appropriate stacking commands. CLI: Download a Backup Image and Make It Active (Netgear Switch) #copy tftp://192.168.0.1/gsm73xxseps.stk image2 Mode........................................... TFTP Set Server IP.................................. 192.
PAGE 333
ProSafe M4100 and M7100 Managed Switches -------------------------------------------------------------------unit image1 image2 current-active next-active -------------------------------------------------------------------1 5.11.2.51 8.0.0.2 image1 image1 (Netgear Switch) #boot system image2 Activating image image2 ..
PAGE 334
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Dual Image Configuration, scroll down and select the Image 2 check box. The image2 now appears in the Image name field at the top. c. In the Active Image field, select TRUE. d. Click Apply.
PAGE 335
ProSafe M4100 and M7100 Managed Switches CLI: show network (Netgear Switch Routing) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch Routing) User:admin Password: (Netgear Switch Routing) >en Password: (Netgear Switch Routing) #show network IP Address............................... 192.168.77.151 Subnet Mask.............................. 255.255.255.0 Default Gateway.......................... 192.168.77.127 Burned In MAC Address.................... 00:10:18.82.
PAGE 336
ProSafe M4100 and M7100 Managed Switches CLI: transport output telnet (Netgear Switch Routing) (Config)#lineconfig ? Press Enter to execute the command. (Netgear Switch Routing) (Config)#lineconfig (Netgear Switch Routing) (Line)#transport ? input Displays the protocols to use to connect to a specific line of the router. output Displays the protocols to use for outgoing connections from a line. (Netgear Switch Routing) (Line)#transport output ? telnet Allow or disallow new telnet sessions.
PAGE 337
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 2. Under Outbound Telnet, for Admin Mode, select the Enable radio button. 3. Click Apply. CLI: Configure the session-limit and session-timeout (Netgear Switch Routing) (Line)#session-limit ? <0-5> Configure the maximum number of outbound telnet sessions allowed. (Netgear Switch Routing) (Line)#session-limit 5 (Netgear Switch Routing) (Line)#session-timeout ? <1-160> Enter time in minutes.
PAGE 338
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 2. Enter the following information: • In the Session Timeout field, enter 15. • In the Maximum number of sessions field, enter 5. 3. Click Apply. 338 | Chapter 17.
PAGE 339
18. Syslog 18 This chapter provides the following examples: • Show Logging on page 340 • Show Logging Buffered on page 342 • Show Logging Traplogs on page 343 • Show Logging Hosts on page 344 • Configure Logging for a Port on page 345 • Email Alerting on page 347 The syslog feature: • Allows you to store system messages and errors. • Can store to local files on the switch or a remote server running a syslog daemon. • Provides a method of collecting message logs from many systems.
PAGE 340
ProSafe M4100 and M7100 Managed Switches Show Logging The example is shown as CLI commands and as a Web interface procedure.
PAGE 341
ProSafe M4100 and M7100 Managed Switches a. Select Monitoring > Logs > Command Log. b. Under Command Log, for Admin Status, select the Disable radio button. c. Click Apply. 3. Configure the console log. a. Select Monitoring > Logs > Console Log. b. Under Console Log Configuration, for Admin Status, select the Disable radio button. c. Click Apply. 4. Configure the buffer logs. a. Select Monitoring > Logs > Buffer Logs. Chapter 18.
PAGE 342
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under Buffer Logs, for Admin Status, select the Enable radio button. c. Click Apply. Show Logging Buffered The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging Buffered (Netgear Switch Routing) #show logging buffered ? Press Enter to execute the command.
PAGE 343
ProSafe M4100 and M7100 Managed Switches Web Interface: Show Logging Buffered Select Monitoring > Logs > Buffer Logs. A screen similar to the following displays. Show Logging Traplogs The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging Traplogs (Netgear Switch Routing) #show logging traplogs ? Press Enter to execute the command. (Netgear Switch Routing) #show logging traplogs Number of Traps Since Last Reset............ 6 Trap Log Capacity..................
PAGE 344
ProSafe M4100 and M7100 Managed Switches Select Monitoring > Logs > Trap Logs. A screen similar to the following displays. Show Logging Hosts The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging Hosts (Netgear Switch Routing) #show logging hosts ? Press Enter to execute the command. (Netgear Switch Routing) #show logging hosts Index IP Address Severity Port Status ----- ----------------- ---------- ---- ------------- 1 192.168.21.
PAGE 345
ProSafe M4100 and M7100 Managed Switches Web Interface: Show Logging Hosts Select Monitoring > Logs > Sys Log Configuration. A screen similar to the following displays. Configure Logging for a Port The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Logging for the Port (Netgear Switch Routing) #config (Netgear Switch Routing) (Config)#logging ? buffered Buffered (In-Memory) Logging Configuration. cli-command CLI Command Logging Configuration.
PAGE 346
ProSafe M4100 and M7100 Managed Switches (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 ? Press Enter to execute the command. Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1 ? Press Enter to execute the command. (Netgear Switch Routing) (Config)#logging host 192.168.21.
PAGE 347
ProSafe M4100 and M7100 Managed Switches Email Alerting Email Alerting is an extension of the logging system. The logging system allows you to configure a set of destinations for log messages. This feature adds the email configuration, through which the log message are sent to a configured SMTP server such that an administrator may receive the log in an email account of their choice. This feature is enabled globally. When email alerting is enabled, selected log messages are sent to an SMTP server.
PAGE 348
ProSafe M4100 and M7100 Managed Switches CLI: Send Log Messages to admin@switch.com Using Account aaaa@netgear.com 1. Configure an SMTP server, for example, smtp.netgear.com. Before you configure the smtp server, you need to have an account on SMTP server. (Netgear Switch) (Config)#mail-server "smtp.netgear.com" port 465 (Netgear Switch) (Mail-Server)#security tlsv1 (Netgear Switch) (Mail-Server)# username aaaa (Netgear Switch) (Mail-Server)# password xxxxxx (Netgear Switch) (Mail-Server)#exit 2.
PAGE 349
19. Switch Stacks 19 This chapter describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches running release 4.x.x.x or newer.
PAGE 350
ProSafe M4100 and M7100 Managed Switches The Stack Master and Stack Members A switch stack is a set of up to 8 switches connected through their stacking ports. The switch that controls the operation of the stack is the stack master. The stack master and the other switches in the stack are stack members. Stack members use stacking technology to behave and work together as a unified system. Layer 2 and Layer 3 protocols present the entire switch stack as a single entity to the network.
PAGE 351
ProSafe M4100 and M7100 Managed Switches 1. The switch that is currently the stack master. 2. The switch with the highest stack member priority value. Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs. 3. The switch with the higher MAC address.
PAGE 352
ProSafe M4100 and M7100 Managed Switches joins a switch stack, its default stack member number changes to the lowest available member number in the stack. Stack members in the same switch stack cannot have the same stack member number. Every stack member, including a standalone switch, retains its member number until you manually change the number or unless the number is already being used by another member in the stack. See Renumber Stack Members on page 365.
PAGE 353
ProSafe M4100 and M7100 Managed Switches Install a Switch Stack Note: Many models of switches have a Hardware Installation Guide that includes additional information about rack mounting and switch stack cabling. 1. Install the switches in a rack. 2. Install all stacking cables, including the redundant stack link. It is highly recommended that a redundant link be installed. 3. Identify the switch to be the master. Power up this switch first. 4. Monitor the console port.
PAGE 354
ProSafe M4100 and M7100 Managed Switches Code Mismatch If a switch is added to a stack and it does not have the same version of code as that of the master, the following occurs: • The new unit boots up and becomes a member of the stack. • Ports on the added unit remain in the detached state. • A message displays on the CLI indicating a code mismatch with the newly added unit.
PAGE 355
ProSafe M4100 and M7100 Managed Switches 4. Continue with the boot of operational code. 5. Once the stack is up, download the saved configuration back to the master. This configuration should then be automatically propagated to all members of the stack. Copy Master Firmware to a Stack Member (Web Interface) 1. Select System > Management > Basic > Stack Configuration. A screen similar to the following displays. 2. In the Copy Master Firmware to Unit list, select 2. 3. Click Apply.
PAGE 356
ProSafe M4100 and M7100 Managed Switches CLI: Configure a Stacking Port as an Ethernet Port 1.
PAGE 357
ProSafe M4100 and M7100 Managed Switches 2. On Switch B, Configure the stack port and reboot.
PAGE 358
ProSafe M4100 and M7100 Managed Switches a. Select Maintenance > Reset > Device Reboot. A screen similar to the following displays. b. In the Reboot Unit No. list, select 2. c. Click Apply. 3. On Switch B, configure a stack port as an Ethernet port a. Select System > Stacking > Advanced > Stack Port Configuration. A screen similar to the following displays. b. Under Stack Port Configuration, scroll down and select the 1/0/51 check box. c. In the Configured Stack Mode list, select Ethernet. d.
PAGE 359
ProSafe M4100 and M7100 Managed Switches Stack Switches Using 10G Fiber This example shows how to stack two switches in different buildings at long distance using 10G fiber. First insert AX741 to I/O slot on Switch A, and insert AX741 to I/O slot on Switch B. Then connect the two AX741 with fiber. Switch A Switch B AX741 Ax741 Figure 39. Using 10G fiber to stack switches in different buildings CLI: Stack Switches Using 10G Fiber 1. On Switch A, show the port information.
PAGE 360
ProSafe M4100 and M7100 Managed Switches 3. Since 2/0/28 is in Ethernet mode, it must be changed to stack mode. (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#stack-port 2/0/28 stack (Netgear Switch) (Config-stack)#exit (Netgear Switch) (Config) 4. Reboot Switch B. (Netgear Switch) #reload Management switch has unsaved changes. Would you like to save them now? (y/n) n Configuration Not Saved! Are you sure you want to reload the stack? (y/n) y Reloading all switches.
PAGE 361
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the 2/0/28 check box. c. In the Configured Stack Mode list, select Stack. d. Click Apply to save the settings. 3. Reboot the switch. a. Select Maintenance > Reset > Device Reboot. A screen similar to the following displays. b. In the Reboot Unit No. list, select 2. c. Click Apply. Add, Remove, or Replace a Stack Member Add Switches to an Operating Stack 1.
PAGE 362
ProSafe M4100 and M7100 Managed Switches 4. Install the new switches in the rack. This procedure assumes installation below the bottom-most switch, or above the top-most switch. 5. Disconnect the redundant stack cable that connects the last switch in the stack back up to the first switch in the stack at the position in the ring where the new switch is to be inserted.
PAGE 363
ProSafe M4100 and M7100 Managed Switches 1. Power off the newly created switch stacks. 2. Reconnect them to the original switch stack through their stacking ports. 3. Power on the switches. Replace a Stack Member 1. Make sure the redundant stack connection is in place and functional. All stack members should be connected in a logical ring. 2. Power down the switch to be removed and disconnect its stack cables. 3. Remove the switch from the rack. 4.
PAGE 364
ProSafe M4100 and M7100 Managed Switches The following table provides switch stack configuration scenarios. Most of the scenarios assume at least two switches are connected through their stacking ports. Table 1. Switch Stack Master Scenarios Scenario Action Result Stack master election specifically determined by existing stack masters. Note: This is not recommended. Connect two powered-on switch stacks Only one of the stack masters through the stacking ports. becomes the new stack master.
PAGE 365
ProSafe M4100 and M7100 Managed Switches 1. Issue the member command. To view the supported unit types, use the show supported switchtype command. 2. Next, configure the unit you just defined with configuration commands, just as if the unit were physically present. Ports for the preconfigured unit come up in a detached state. 3. To see the ports, use the show port all command. Now you can configure the detached ports for VLAN membership and any other port-specific configuration.
PAGE 366
ProSafe M4100 and M7100 Managed Switches CLI: Renumber Stack Members Note: When issuing a command (such as move management, or renumber), NETGEAR recommends that you wait until the command has fully executed before issuing the next command. For example, if a reset is issued to a stack member, use the show port command to verify that the switch has re-merged with the stack, and all ports are joined before issuing the next command.
PAGE 367
ProSafe M4100 and M7100 Managed Switches e. Now the unit ID of the stacking member is 2. Chapter 19.
PAGE 368
ProSafe M4100 and M7100 Managed Switches Move the Stack Master to a Different Unit This example is provided as CLI commands and a Web interface procedure. CLI: Move the Stack Master to a Different Unit 1. Using the movemanagement command, move the master to a different unit number. The operation takes between 30 seconds and 3 minutes depending on the stack size and configuration. The command is movemanagement . 2.
PAGE 369
20. SNMP 20 This chapter provides the following examples: • Add a New Community • Enable SNMP Trap on page 370 • SNMP V3 on page 371 • sFlow on page 373 • Time-Based Sampling of Counters with sFlow on page 377 Add a New Community The example is shown as CLI commands and as a Web interface procedure. CLI: Add a New Community (Netgear switch) #config (Netgear switch) (Config)#snmp-server community rw public@4 Chapter 20.
PAGE 370
ProSafe M4100 and M7100 Managed Switches Web Interface: Add a New Community 1. Select System > SNMP > SNMP V1/V2 > Community Configuration. A screen similar to the following displays. 2. In the Community Name field, enter public@4. 3. In the Client Address field, enter 0.0.0.0. 4. In the Client IP Mask field, enter 0.0.0.0. 5. In the Access Mode field, select Read/Write. 6. In the Status field, select Enable. 7. Click Add.
PAGE 371
ProSafe M4100 and M7100 Managed Switches Web Interface: Enable SNMP Trap 1. Enable SNMP trap for the server 10.100.5.17. a. Select System > SNMP > SNMP V1/V2 > Trap Configuration. A screen similar to the following displays. b. In the Community Name field, enter public. c. In the Version list, select SNMPv1. d. In the Address field, enter 10.100.5.17. e. In the Status field, select Enable. f. Click the Add button. 2. Set the Link Up/Down flag. a. Select System > SNMP > SNMP V1/V2 > Trap Flags.
PAGE 372
ProSafe M4100 and M7100 Managed Switches CLI: Configure SNMP V3 (Netgear Switch) #config (Netgear Switch) (Config)#users passwd admin Enter old password: Enter new password:12345678 Confirm new password:12345678 Password Changed! change the password to “12345678” (Netgear Switch) (Config)#users snmpv3 authentication admin md5 Set the authentication mode to md5 (Netgear Switch) (Config)#users snmpv3 encryption admin des 12345678 Set the encryption mode to des and the key is “12345678” Web Interface: Config
PAGE 373
ProSafe M4100 and M7100 Managed Switches a. Select System > Management > User Configuration. A screen similar to the following displays. b. In the User Name field, select the admin. c. For Authentication Protocol, select the MD5 radio button. d. For Encryption Protocol, select the DES radio button. e. In the Encryption Key field, enter 12345678. f. Click Apply to save the settings. sFlow sFlow is the standard for monitoring high-speed switched and routed networks.
PAGE 374
ProSafe M4100 and M7100 Managed Switches The sFlow agent uses two forms of sampling: statistical packet-based sampling of switched or routed packet flows, and time-based sampling of counters. PC Interface 1/0/2 Interface 1/0/3 Interface 1/0/1 GSM73xxS Uplink interface 1/0/24 PC Sflow collector IP address: 192.168.10.2 Switch/Router Figure 40. sFlow CLI: Configure Statistical Packet-Based Sampling of Packet Flows with sFlow 1. Configure the sFlow receiver (sFlow collector) IP address.
PAGE 375
ProSafe M4100 and M7100 Managed Switches 3. Here the default maxiumum satagram size is 1400. It can be modified to a value between 200 and 9116 using the command sflow receiver 1 maxdatagram . (GSM7328S) #show sflow receivers Receiver Owner Index Time out Max Datagram Port String IP Address Size -------- -------- ---------- ------------ ----- -----------------------------1 1400 6343 192.168.10.2 2 NetMonit 31535988 0 1400 6343 0.0.0.0 3 0 1400 6343 0.0.0.0 4 0 1400 6343 0.0.
PAGE 376
ProSafe M4100 and M7100 Managed Switches e. In the Receiver Address field, enter 192.168.10.2. A screen similar to the following displays. f. Click Apply. A screen similar to the following displays. 2. Configure the sampling ports sFlow receiver index, sampling rate, and sampling maximum header size. a. Select Monitoring > sFlow > Advanced > sFlow Interface Configuration. A screen similar to the following displays. b. Select theInterface 1/0/1 check box. c. In the Sampling Rate field, enter 1024.
PAGE 377
ProSafe M4100 and M7100 Managed Switches Time-Based Sampling of Counters with sFlow CLI: Configure Time-Based Sampling of Counters with sFlow 1. Configure the sampling port sFlow receiver index, and polling interval. You need to repeat this for all the ports to be polled. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow poller 1 (Netgear Switch) (Interface 1/0/1)# sflow poller interval 300 2. View the polling port configurations.
PAGE 378
21. DNS Domain Na m e System 21 This chapter provides the following examples: • Specify Two DNS Servers • Manually Add a Host Name and an IP Address on page 379 This section describes the Domain Name System (DNS) feature. The DNS protocol maps a host name to an IP address, allowing you to replace the IP address with the host name for IP commands such as a ping and a traceroute, and for features such as RADIUS, DHCP relay, SNTP, SNMP, TFTP, SYSLOG, and UDP relay.
PAGE 379
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 2. Under DNS Server Configuration, in the DNS Server field, enter 12.7.210.170. 3. Click Add. 4. In the DNS Server field, enter 219.141.140.10. 5. Click Add. Both DNS servers now show in the DNS Server Configuration table. Manually Add a Host Name and an IP Address The following example shows commands to add a static host name entry to the switch so that you can use this entry to resolve the IP address.
PAGE 380
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 2. Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www.netgear.com. • In the IP Address field, enter 206.82.202.46. 3. Click Add. The host name and IP address now show in the DNS Host Configuration table. 380 | Chapter 21.
PAGE 381
22. DHCP Server 22 This chapter provides the following examples: • Figure on page 381 • Configure a DHCP Reservation on page 384 When a client sends a request to a DHCP server, the DHCP server assigns the IP address from address pools that are specified on the switch. The network in the DHCP pool must belong to the same subnet. DHCP server allows the switch to dynamically assign an IP address to a DHCP client that is attached to the switch.
PAGE 382
ProSafe M4100 and M7100 Managed Switches Note: If there is no DHCP L3 relay between client PC and DHCP server, there must be an active route whose subnet is the same as the DHCP dynamic pool’s subnet. Web Interface: Configure a DHCP Server in Dynamic Mode 1. Create VLAN 200. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Under VLAN Configuration, in the VLAN ID field, enter 200. c. Click Add. 2. Add port 1/0/1 to VLAN 200. a.
PAGE 383
ProSafe M4100 and M7100 Managed Switches d. Click the gray boxes under ports 1 and 24 until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply. 3. Assign PVID to the VLAN 200. a. Select Switching > VLAN> Advanced > Port PVID Configuration. A screen similar to the following displays. b. Under Port PVID Configuration, scroll down and select the 1/0/1 check box. c. In the PVID (1 to 4093) field, enter 200. d. Click Apply to save the settings. 4.
PAGE 384
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. e. Under DHCP Pool Configuration, enter the following information: • In the Pool Name list, select Create. f. • In the Pool Name field, enter pool_dynamic. • In the Type of Binding list, select Dynamic. • In the Network Number field, enter 192.168.100.0. • In the Network Mask field, enter 255.255.255.0. As an alternate, you can enter 24 in the Network Prefix Length field.
PAGE 385
ProSafe M4100 and M7100 Managed Switches CLI: Configure a DHCP Reservation (Netgear Switch)#config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config)#ip dhcp pool pool_manual (Netgear Switch) (Config)#client-name dhcpclient (Netgear Switch) (Config)#hardware-address 00:01:02:03:04:05 (Netgear Switch) (Config)#host 192.168.200.1 255.255.255.0 (Netgear Switch) (Config)#client-identifier 01:00:01:02:03:04:05 Note: The unique identifier is a concatenation of the media type and MAC addresses.
PAGE 386
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 5. Under DHCP Pool Configuration, enter the following information: • In the Pool Name list, select Create. • In the Pool Name field, enter pool_manual. • In the Type of Binding list, select Manual. • In the Client Name field, enter dhcpclient. • In the Hardware Address field, enter 00:01:02:03:04:05. • In the Hardware Type list, select ethernet. • In the Host Number field, enter 192.168.200.1.
PAGE 387
23. DHCPv6 Server 23 This chapter provides the following examples: • CLI: Configure DHCPv6 on page 389 • Web Interface: Configure an Inter-area Router on page 390 • Configure Stateless DHCPv6 Server on page 394 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) is used to assign IPv6 addresses statefully and distribute other configuration information such as domain name or DNS server.
PAGE 388
ProSafe M4100 and M7100 Managed Switches In the following case, the CPE router requests prefix from the PE router. The PE router chooses prefix (2001:1::/64) for delegation, and responds with the prefix to the requesting CPE router. The CPE router subnets the prefix and assigns the longer prefixes to links in the user’s network. The CPE router is then responsible to assign the 2001:1:1::/96 to one user’s network and 2001:1:2::/96 to another user’s network.
PAGE 389
ProSafe M4100 and M7100 Managed Switches CLI: Configure DHCPv6 1. Enable IPv6 routing. (Netgear Switch) #configure (NETGEAR SWITCH) (Config)#ip routing (NETGEAR SWITCH) (Config)#ipv6 unicast routing 2. Create a DHCPv6 pool and enable DHCP service. (NETGEAR SWITCH) (Config)#service dhcpv6 (NETGEAR SWITCH) (Config)#ipv6 dhcp pool pool1 (NETGEAR SWITCH) (Config dhcp6 pool)#domain name netgear.
PAGE 390
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure an Inter-area Router 1. Enable IP routing globally a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply to apply the settings. 2. Enable IPv6 unicast globally a. Select Routing > IPv6 > Basic > Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c.
PAGE 391
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/9 check box. Now 1/0/9 appears in the Interface field at the top. c. Enter the following information: • In the IPv6 Mode field, select Enable. • In the Routing Mode field, select Enable. d. Click Apply to apply the settings. 4. Configure prefix on interface 1/0/9. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b.
PAGE 392
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, Select the Enable radio button. c. Click Apply to apply the setting. 6. Create a DHCPv6 pool named pool1. a. Select System > Services > DHCP Server > DHCPv6 Pool Configuration. A screen similar to the following displays. b. From the Pool Name drop-down list, select Create. c. In the Pool Name field, enter pool1. d. Click Apply to apply the setting. 7. Configure prefix in the pool1 a.
PAGE 393
ProSafe M4100 and M7100 Managed Switches b. From the Pool Name drop-down list, select Pool1. c. Enter 2001:1:: in the Prefix field. d. in the Prefix Length field, enter 64. e. In the Prefix field, enter 00:01:00:01:15:40:14:4f:00:00:00:4d:aa:d0. f. Click Apply to apply the setting. 8. Configure DHCPv6 on interface 1/0/9. a. Select System > Services > DHCPv6 Server > DHCPv6 Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/9 check box.
PAGE 394
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. Configure Stateless DHCPv6 Server This example uses the DHCPv6 server to configure the information about DNS server to those clients which get IPv6 in autoconfig mode or manual mode. The configured DHCP pool doesn’t contain a prefix pool but contains DNS server to be passed to clients. The IPv6 interface must have the ‘ipv6 nd other-config-flag’ command enabled.
PAGE 395
ProSafe M4100 and M7100 Managed Switches Note: In this case, you have to configure the command ipv6 nd other-config-flag on the interface, otherwise, the host cannot update the DNS with it.
PAGE 396
ProSafe M4100 and M7100 Managed Switches c. In the IPv6 Mode field, select Enable. d. In the Routing Mode field, select Enable. e. In the Adv Other Config Flag field, select Enable. f. Click Apply to save the settings. 3. Configure IPv6 address on the interface 2/0/21. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays: b. In the Interface list, select 1/0/21. c. In the IPv6 Prefix field, enter 2003:1000::1. d. In the Length field, enter 64. e.
PAGE 397
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays: b. From the Pool Name drop-down list, select Create. c. In the Pool Name field, enter ipv6_server. d. In the DNS Server Addresses fields, enter 20011:9:18::1 (the DNS server IPv6 address). e. Click Apply. 6. Enable DHCPv6 pool on the interface 2/0/21. a. Select System > Services > DHCPv6 Server > DHCPv6 Interface Configuration. A screen similar to the following displays: b.
PAGE 398
24. Double VLANs and Private VLAN Groups 24 This chapter includes the following examples: • Double VLANs • Private VLAN Groups on page 402 Double VLANs This section describes how to enable the double DVLAN feature. Double VLANs pass traffic from one customer domain to another through the metro core. Custom VLAN IDs are preserved and a provider service VLAN ID is added to the traffic so the traffic can pass the metro core in a simple and cost-effective manner.
PAGE 399
ProSafe M4100 and M7100 Managed Switches The following example shows how to configure the NETGEAR switch shown in the preceding figure to add a double VLAN tag for traffic going from the subnet domain connected to port 1/0/24. This example assumes there is a Layer 2 switch connecting all these devices in your domain. The Layer 2 switch tags the packet going to the NETGEAR switch port 1/0/24. The example is shown as CLI commands and as a Web interface procedure. CLI: Enable a Double VLAN Create a VLAN 200.
PAGE 400
ProSafe M4100 and M7100 Managed Switches a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Under VLAN Configuration, enter the following information: • In the VLAN ID field, enter 200. • In the VLAN Name field, enter vlan200. • In the VLAN Type field, select Static. c. Click Add. 2. Add ports 24 and 48 to VLAN 200. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b.
PAGE 401
ProSafe M4100 and M7100 Managed Switches • Click the gray box under port 48 once until T displays. The T specifies that the egress packet is tagged for the port. d. Click Apply to save the settings. 3. Change the port VLAN ID (PVID) of port 24 to 200: a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/24 check box. Now 1/0/24 appears in the Interface field at the top. c.
PAGE 402
ProSafe M4100 and M7100 Managed Switches b. Scroll down and select the Interface 1/0/48 check box. Now 1/0/48 appears in the Interface field at the top. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. Private VLAN Groups The private VLAN group allows you to create groups of users within a VLAN that cannot communicate with members in different groups but only within the same group. There are two modes for the private group. The mode can be either isolated or community.
PAGE 403
ProSafe M4100 and M7100 Managed Switches CLI: Create a Private VLAN Group 1. Enter the following commands.
PAGE 404
ProSafe M4100 and M7100 Managed Switches 5. Add 1/0/16 and 1/0/7 to the private group 1. (Netgear Switch) (Config)#interface range 1/0/16-1/0/17 (Netgear Switch) (conf-if-range-1/0/16-1/0/17)#switchport private-group 2 6. Add 1/0/16 and 1/0/7 to the private group 2. (Netgear Switch) (conf-if-range-1/0/16-1/0/17)#exit Web Interface: Create a Private VLAN Group 1. Create VLAN 200. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b.
PAGE 405
ProSafe M4100 and M7100 Managed Switches b. Under VLAN Membership, in the VLAN ID list, select 200. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 6, 7, 16 and 17 until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply. 3. Specify the PVID on ports 1/0/6, 1/0/7, 1/0/16, and 1/0/17. a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b.
PAGE 406
ProSafe M4100 and M7100 Managed Switches e. Click Add. 5. Add port 6 and 7 to group1. a. Select Security > Traffic Control > Private Group VLAN >Private Group Membership. A screen similar to the following displays. b. In the Group ID list, select 1. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 6 and 7. A check mark displays in each box. e. Click Apply. 6. Create a private group, group2. a. Select Security > Traffic Control > Private Group VLAN > Private Group Configuration.
PAGE 407
ProSafe M4100 and M7100 Managed Switches a. Select Security > Traffic Control > Private Group VLAN > Private Group VLAN > Private Group Membership. A screen similar to the following displays. b. In the Group ID list, select 2. c. Click Unit 2. The ports display. d. Click the gray boxes under ports 16 and 17, and a check mark displays in each box. e. Click Apply. Chapter 24.
PAGE 408
25. Spanning Tree Protocol 25 This chapter provides the following examples: • Configure Classic STP (802.1d) • Configure Rapid STP (802.1w) on page 410 • Configure Multiple STP (802.1s) on page 411 The purpose of Spanning Tree is to eliminate loops in the switch system. There are three STPs: Classic STP (802.1d), Rapid STP (RSTP, 802.1w), and Multiple STP (MSTP, 802.1s).
PAGE 409
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure Classic STP (802.1d) 1. Enable 802.1d on the switch. a. Select Switching > STP > STP Configuration. A screen similar to the following displays. b. Enter the following information: • For Spanning Tree Admin Mode, select the Enable radio button. • For Force Protocol Version, select the IEEE 802.1d radio button. c. Click Apply. 2. Configure the CST port. a. Select Switching > STP > CST Port Configuration.
PAGE 410
ProSafe M4100 and M7100 Managed Switches Configure Rapid STP (802.1w) The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Rapid STP (802.1w) (Netgear switch) (Config)# spanning-tree (Netgear switch) (Config)# spanning-tree forceversion 802.1w (Netgear switch) (Interface 1/0/3)# spanning-tree port mode Web Interface: Configure Rapid STP (802.1w) 1. Enable 802.1w on the switch: a. Select Switching > STP > STP Configuration. A screen similar to the following displays. b.
PAGE 411
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under CST Port Configuration, scroll down and select the Interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. c. In the Port Mode field, select Enable. d. Click Apply. Configure Multiple STP (802.1s) The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Multiple STP (802.
PAGE 412
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure Multiple STP (802.1s) 1. Enable 802.1s on the switch. a. Select Switching > STP > STP Configuration. A screen similar to the following displays. b. Enter the following information: • For Spanning Tree Admin Mode, select the Enable radio button. • For Force Protocol Version, select the IEEE 802.1s radio button. c. Click Apply. 2. Configure MST. a. Select Switching > STP > MST Configuration. A screen similar to the following displays. b.
PAGE 413
ProSafe M4100 and M7100 Managed Switches • In the Priority field, enter 4096. • In the VLAN Id field, enter 2. • Click Add. • In the VLAN Id field, enter 3. • Click Apply. c. Configure MST ID 2. • In the MST ID field, enter 2. • In the Priority field, enter 4096. • In the VLAN Id field, enter 11. • Click Add. • In the VLAN Id field, enter 12. • Click Apply. 3. Configure the MST port. a. Select Switching > STP > MST Port Status. A screen similar to the following displays. 4.
PAGE 414
26. Tunnel 26 There are two methods for Pv6 sites to communicate with each other over the IPv4 network: 6in4 tunnel and 6to4 tunnel. The 6in4 tunnel encapsulates IPv6 traffic over an explicitly configured IPv4 destination or end port of the tunnel with the IP protocol number set to 41. The 6to4 tunnel IPv6 prefix is constructed by prepending 2002 (hex) to the global IPv4 address. For example, if the IPv4 address is 4.4.4.1, the tunnel IPv6 prefix would be 2002:404:401::/16.
PAGE 415
ProSafe M4100 and M7100 Managed Switches CLI: Create a Tunnel Configure Switch GSM7328S_1 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ipv6 forwarding (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.
PAGE 416
ProSafe M4100 and M7100 Managed Switches Configure Switch GSM7328S_2 (Netgear Switch) #show interfacet tunnel 0 Interface Link Status.......................... Up IPv6 is enabled IPv6 Prefix is ................................ FE80::C0A8:101/128 2000::1/64 MTU size....................................... 1280 bytes #show interface tunnel TunnelId -------0 Interface --------tunnel 0 TunnelMode ---------- SourceAddress ------------- DestinationAddress ------------------ 6 in 4 Configured 192.168.1.
PAGE 417
ProSafe M4100 and M7100 Managed Switches Web Interface: Create a Tunnel Configure Switch GSM7328S_1 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Enable IPv6 forwarding and unicast routing on the switch. a. Select Routing > IPv6 > Basic> Global Configuration. A screen similar to the following displays. b.
PAGE 418
ProSafe M4100 and M7100 Managed Switches a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Port 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. • In the IP Address field, enter 192.168.1.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. c. Click Apply. 4. Create a 6-in-4 tunnel interface. a.
PAGE 419
ProSafe M4100 and M7100 Managed Switches a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. In the Interface list, select 0/7/1. c. In the IPv6 Prefix field, enter 2000::1. d. In the Length field, enter 64. e. In the EUI64 field, select Disable. f. Click Add. Configure Switch GSM7328S_2 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b.
PAGE 420
ProSafe M4100 and M7100 Managed Switches a. Select Routing > IPv6 > Basic > Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. For IPv6 Forwarding, select the Enable radio button. d. Click Apply. 3. Create a routing interface and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b.
PAGE 421
ProSafe M4100 and M7100 Managed Switches a. Select Routing > IPv6 > Advanced > Tunnel Configuration. A screen similar to the following displays. b. In the Tunnel Id list, select 0. c. In the Mode list, select 6-in-4-configured. d. In the Source Address field, enter 192.168.1.2. e. In the Destination Address field, enter 192.168.1.1. f. Click Apply. 5. Assign an IPv6 address to the tunnel. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b.
PAGE 422
27. IPv6 Interface Configuration 27 This chapter provides the following examples: • Create an IPv6 Routing Interface • Create an IPv6 Network Interface on page 425 • Create an IPv6 Routing VLAN on page 427 • Configure DHCPv6 Mode on the Routing Interface on page 432 Create an IPv6 Routing Interface The example is shown as CLI commands and as a Web interface procedure. CLI: Create an IPv6 Routing Interface 1. Enable IPV6 forwarding and unicast routing on the switch.
PAGE 423
ProSafe M4100 and M7100 Managed Switches 2. Assign an IPv6 address to interface 1/0/1. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#ipv6 enable (Netgear Switch) (Interface 1/0/1)#ipv6 address 2000::2/64 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) #ping ipv6 2000::2 Send count=3, Receive count=3 from 2000::2 Average round trip time = 1.00 ms (Netgear Switch) #show ipv6 brief IPv6 Forwarding Mode..........................
PAGE 424
ProSafe M4100 and M7100 Managed Switches Web Interface: Create an IPv6 Routing Interface 1. Enable IPv6 forwarding and unicast routing on the switch. a. Select Routing > IPv6 > Basic > Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. For IPv6 Forwarding, select the Enable radio button. d. Click Apply. 2. Enable IPv6 routing on interface 1/0/1. a. Select Routing > IPv6 > Advanced > Interface Configuration.
PAGE 425
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/1. c. In the IPv6 Prefix field, enter 2000::2. d. In the Length field, enter 64. e. In the EUI64 field, select Disable. f. Click Add. Create an IPv6 Network Interface The IPv6 network interface is the logical interface used for in-band connectivity with the switch using any of the switch’s front panel ports.
PAGE 426
ProSafe M4100 and M7100 Managed Switches CLI: Configure the IPv6 Network Interface (Netgear Switch) #network ipv6 enable (Netgear Switch) #network ipv6 address 2001:1::1/64 (Netgear Switch) #network ipv6 gateway 2001:1::2 (Netgear Switch) #show network Interface Status............................... Always Up IP Address..................................... 0.0.0.0 Subnet Mask.................................... 0.0.0.0 Default Gateway................................ 0.0.0.0 IPv6 Administrative Mode........
PAGE 427
ProSafe M4100 and M7100 Managed Switches 2. Add an IPv6 gateway to the network interface. a. Select System > Management > Network Interface > IPv6 Network Configuration. A screen similar to the following displays. b. In the IPv6 Gateway field, enter 2001:1::2. c. Click Apply. Create an IPv6 Routing VLAN The example is shown as CLI commands and as a Web interface procedure. CLI: Create an IPv6 Routing VLAN 1. Create a routing VLAN with VLAN ID 500.
PAGE 428
ProSafe M4100 and M7100 Managed Switches 3. Assign IPv6 address 2000::1/64 to VLAN 500 and enable IPv6 routing. (Netgear Switch) (Config)#interface vlan 0/4/1 (Netgear Switch) (Interface 0/4/1)#routing (Netgear Switch) (Interface 0/4/1)#ipv6 enable (Netgear Switch) (Interface 0/4/1)#ipv6 address 2000::1/64 (Netgear Switch) (Interface 0/4/1)#exit 4. Enable IPV6 forwarding and unicast routing on the switch.
PAGE 429
ProSafe M4100 and M7100 Managed Switches Web Interface: Create an IPv6 VLAN Routing Interface 1. Create VLAN 500. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 500. c. In the VLAN Type field, select Static. d. Click Add. 2. Add ports to VLAN 500. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 500. c. Click Unit 1. The ports display. d.
PAGE 430
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under PVID Configuration, scroll down and select the Interface 1/0/1 check box. c. In the PVID (1 to 4093) field, enter 500. d. Click Apply to save the settings. 4. Enable IPv6 forwarding and unicast routing on the switch. a. Select Routing > IPv6 > Basic > Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c.
PAGE 431
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Click VLANS. The logical VLAN interface 0/4/2 displays. c. Select the 0/4/2 check box. d. Under IPv6 Interface Configuration, in the IPv6 Mode field, select Enable. e. Click Apply. 6. Assign an IPv6 address to the routing VLAN. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. In the Interface field, select 0/4/2. c. In the IPv6 Prefix field, enter 2000::1. d.
PAGE 432
ProSafe M4100 and M7100 Managed Switches Configure DHCPv6 Mode on the Routing Interface The routing interface supports DHCPv6 mode, which can get the IPv6 address from a DHCPv6 server (address allocation). Note: Before you enable DHCPv6 mode, you have to disable IPv6 unitcast mode globally. CLI: Configure DHCPv6 mode on routing interface 1. Enable IPv6 unicast globally. (Netgear Switch) (Config)#ipv6 unicast-routing 2. Enable DHCPv6 on the interface 1/0/23.
PAGE 433
ProSafe M4100 and M7100 Managed Switches 3. Show the ipv6 address assigned from 1/0/23. (Netgear Switch) #show ipv6 interface 1/0/23 IPv6 is enabled IPv6 Prefix is ................................ FE80::E291:F5FF:FE06:2BF6/128 2000::1D5C:7CFE:828F:8144/128 [DHCP] Routing Mode................................... Enabled IPv6 Enable Mode............................... Enabled Administrative Mode............................ Enabled IPv6 Operational Mode.......................... Enabled Bandwidth..............
PAGE 434
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/23 check box. Now 1/0/23 appears in the Interface field at the top. c. Enter the following information: • In the IPv6 Mode field, select Enable. • In the Routing Mode field, select Enable. • In the DHCPv6 Client Mode field, select Enable. d. Click Apply to apply the settings. 3. Show the ipv6 address assigned from 1/0/23. a.
PAGE 435
28. PIM 28 Protocol-Independent-Multicast This chapter provides the following examples: • PIM-DM • PIM-SM on page 460 Note: The PIM protocol can be configured to operate on IPv4 and IPv6 networks. Separate CLI commands are provided for IPv4 and IPv6 operation; however, most configuration options are common to both protocols. Therefore, this section describes only IPv4 configuration; IPv6 configuration is similar to IPv4.
PAGE 436
ProSafe M4100 and M7100 Managed Switches Source Switch A Port 1/0/21 Subnet 192.168.4.0/24 Switch D Port 1/0/24 Port 1/0/10 Switch B Subnet 192.168.3.0/24 Subnet 192.168.2.0/24 Port 1/0/1 Port 1/0/9 Subnet 192.168.6.0/24 Port 1/0/22 Port 1/0/22 Subnet 192.168.5.0/24 Port 1/0/13 Subnet 192.168.1.0/24 IP 192.168.1.1 Port 1/0/11 Port 1/0/21 Switch C Host IP 192.168.4.2 Figure 45.
PAGE 437
ProSafe M4100 and M7100 Managed Switches received by a router on its RPF interface, the state refresh message causes an existing prune state to be refreshed. State refresh messages are generated periodically by the router directly attached to the source. There are two versions of PIM-DM. Version 2 does not use IGMP messages; instead, it uses a message that is encapsulated in IP packets with protocol number 103. In version 2, the Hello message is introduced in place of the query message.
PAGE 438
ProSafe M4100 and M7100 Managed Switches 5. Enable PIM-DM on the interface. (Netgear Switch) (Interface 1/0/1)#ip pim dense (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/9 (Netgear Switch) (Interface 1/0/9)#routing (Netgear Switch) (Interface 1/0/9)#ip address (Netgear Switch) (Interface 1/0/9)#ip rip 192.168.3.1 255.255.255.
PAGE 439
ProSafe M4100 and M7100 Managed Switches PIM-DM on Switch C (Netgear Switch) #configure (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pim dense (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch) (Interface 1/0/21)#ip address 192.168.5.2 255.255.255.
PAGE 440
ProSafe M4100 and M7100 Managed Switches 2. Enable IGMP on 1/0/24. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#routing (Netgear Switch) (Interface 1/0/24)#ip pim dense (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#ip rip (Netgear Switch) (Interface 1/0/24)#ip address 192.168.4.1 255.255.255.0 (Netgear Switch) (Interface 1/0/24)#exit 3. PIM-DM builds the multicast routes table on each switch.
PAGE 441
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure PIM-DM PIM-DM on Switch A 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Configure 1/0/1 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b.
PAGE 442
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/9 check box. Now 1/0/9 appears in the Port field at the top. c. Enter the following information : • In the IP Address field, enter 192.168.3.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply. 4. Configure 1/0/13 as a routing port and assign an IP address to it. a.
PAGE 443
ProSafe M4100 and M7100 Managed Switches • In the IP Address field, enter 192.168.1.2. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 5. Enable RIP on the interface 1/0/1. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/1. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 6.
PAGE 444
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/13 . c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 9. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration.
PAGE 445
ProSafe M4100 and M7100 Managed Switches b. For PIM Protocol Type, select the PIM-DM radio button. c. For Admin Mode, select the Enable radio button. d. Click Apply. 10. Enable PIM-DM on interfaces 1/0/1,1/0/9, and 1/0/13. a. Select Routing > Multicast > PIM > Interface Configuration. A screen similar to the following displays. b. Under PIM Interface Configuration, scroll down and select the 1/0/1, 1/0/9, and 1/0/13 check boxes. c. In the Admin Mode field, select Enable. d.
PAGE 446
ProSafe M4100 and M7100 Managed Switches PIM-DM on Switch B: 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Configure 1/0/10 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/10 check box.
PAGE 447
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Port 1/0/11 check box. Now 1/0/11 appears in the Port field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.5.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 4. Enable RIP on interface 1/0/10. a.
PAGE 448
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/11. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 6. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 7. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. 448 | Chapter 28.
PAGE 449
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For PIM Protocol Type, select the PIM-DM radio button. c. For Admin Mode, select the Enable radio button. d. Click Apply. 8. Enable PIM-SM on interfaces 1/0/10 and 1/0/11. a. Select Routing > Multicast > PIM > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/10 and 1/0/11 check box. c. In the Admin Mode field, select Enable. d.
PAGE 450
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Configure 1/0/21 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down select the Port 1/0/21 check box. Now 1/0/21 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.
PAGE 451
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/22 appears in the Port field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.6.1. d. 4. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. Click Apply to save the settings. Enable RIP on interface 1/0/21. a. Select Routing > RIP > Advanced > Interface Configuration.
PAGE 452
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 6. Enable mulicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 7. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. 452 | Chapter 28.
PAGE 453
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For PIM Protocol Type, select the PIM-DM radio button. c. For Admin Mode, select the Enable radio button. d. Click Apply. 8. Enable PIM-DM on interfaces 1/0/21 and 1/0/22. a. Select Routing > Multicast > PIM > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the 1/0/21 and 1/0/22 check boxes. c. In the PIM Interface Configuration, in the Admin Mode field, select Enable. d.
PAGE 454
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Configure 1/0/21 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/21 check box. Now 1/0/21 appears in the Port field at the top. c. Enter the following information in the IP Interface Configuration.
PAGE 455
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/22 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.6.2. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 4. Configure 1/0/24 as a routing port and assign an IP address to it. a.
PAGE 456
ProSafe M4100 and M7100 Managed Switches a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select t 1/0/21. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 6. Enable RIP on interface 1/0/22. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. For RIP Admin Mode, select the Enable radio button. d.
PAGE 457
ProSafe M4100 and M7100 Managed Switches b. In the Interface list, select 1/0/24. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 9. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays. b.
PAGE 458
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21, 1/0/22, and 1/0/24 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. 11. Enable IGMP globally. a. Select Routing > Multicast > IGMP > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 12. Enable IGMP on interface 1/0/24. a.
PAGE 459
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/24 check box. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. Chapter 28.
PAGE 460
ProSafe M4100 and M7100 Managed Switches PIM-SM Protocol-independent multicast sparse mode (PIM-SM) is used to efficiently route multicast traffic to multicast groups that can span wide area networks where bandwidth is a constraint. Source Port 1/0/9 Switch A Port 1/0/21 Subnet 192.168.3.0/24 Subnet 192.168.2.0/24 Port 1/0/1 Port 1/0/22 Switch D Port 1/0/22 Subnet 192.168.6.0/24 Switch B Port 1/0/11 Port 1/0/21 Switch C Subnet 192.168.4.0/24 Port 1/0/24 Port 1/0/10 Subnet 192.168.5.
PAGE 461
ProSafe M4100 and M7100 Managed Switches between trees. PIM-SM uses a bootstrap router (BSR), which advertises information to other multicast routers about the RP. In a given network, a set of routers can be administratively enabled as candidate bootstrap routers. If it is not apparent which router should be the BSR, the candidates flood the domain with advertisements. The router with the highest priority is elected.
PAGE 462
ProSafe M4100 and M7100 Managed Switches (Netgear Switch) (Interface 1/0/1)#ip pim sparse (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/9 (Netgear Switch) (Interface 1/0/9)#routing (Netgear Switch) (Interface 1/0/9)#ip address 192.168.3.1 255.255.255.
PAGE 463
ProSafe M4100 and M7100 Managed Switches 2. Enable the switch to announce its candidacy as a bootstrap router (BSR). (Netgear Switch) (Config)#ip pim sparse bsr-candidate interface 1/0/10 30 7 (Netgear Switch) (Config)#interface 1/0/10 (Netgear Switch) (Interface 1/0/10)#routing (Netgear Switch) (Interface 1/0/10)#ip address 192.168.3.2 255.255.255.
PAGE 464
ProSafe M4100 and M7100 Managed Switches PIM-SM on Switch D (Netgear Switch)#configure (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip igmp (Netgear Switch) (Config)#ip pim sparse (Netgear Switch) (Config)#ip pim rp-candidate interface 1/0/22 225.1.1.1 255.255.255.
PAGE 465
ProSafe M4100 and M7100 Managed Switches PIM-SM builds the multicast route table on each switch. The following tables show the routes that are built after PIM-SM switches to the source-specific tree from the shared tree. (A) #show ip mcast mroute summary Multicast Route Table Summary Incoming Outgoing Source IP Group IP Protocol Interface Interface List ----------- --------- --------- --------- --------------- 192.168.1.1 225.1.1.
PAGE 466
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Configure 1/0/1 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 check box. Now 1/0/1 appears in the Interface field at the top. c.
PAGE 467
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/9 check box. Now 1/0/9 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.3.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply. 4. Configure 1/0/13 as a routing port and assign an IP address to it. a.
PAGE 468
ProSafe M4100 and M7100 Managed Switches • In the IP Address field, enter 192.168.1.2. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 5. Enable RIP on interface 1/0/1. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface field, select 1/0/1. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 6. Enable RIP on interface 1/0/9.
PAGE 469
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Select 1/0/13 in the Interface field. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 9. Enable PIM-SM globally. a. Select Routing > Multicast > PIM > Global Configuration.
PAGE 470
ProSafe M4100 and M7100 Managed Switches b. For PIM Protocol Type, select the PIM-SM radio button. c. For Admin Mode, select the Enable radio button. d. Click Apply. 10. Enable PIM-SM on interfaces 1/0/1,1/0/9, and 1/0/13. a. Select Routing > Multicast > PIM > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1, 1/0/9, and 1/0/13 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings.
PAGE 471
ProSafe M4100 and M7100 Managed Switches c. Click Apply. 2. Configure 1/0/10 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the interface 1/0/10 check box. Now 1/0/10 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.3.2. • In the Subnet Mask field, enter 255.255.255.0.
PAGE 472
ProSafe M4100 and M7100 Managed Switches • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 4. Enable RIP on interface 1/0/10. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface field, select 1/0/10. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 5. Enable RIP on interface 1/0/11. a. Select Routing > RIP > Advanced > Interface Configuration.
PAGE 473
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 7. Enable PIM-SM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays. b. For PIM Protocol Type, select the PIM-SM radio button. c. For Admin Mode, select the Enable radio button. d. Click Apply. 8. Enable PIM-SM on interfaces 1/0/10 and 1/0/11. a.
PAGE 474
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/10 and 1/0/11 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. 9. Set up the candidate RP configuration. a. Select Routing > Multicast > PIM > Candidate RP Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/11. c. In the Group IP field, enter 225.1.1.1. d.
PAGE 475
ProSafe M4100 and M7100 Managed Switches a. Select Routing > Multicast > PIM > BSR Candidate Configuration. A screen similar to the following displays. b. In the Interface list, select the 1/0/10. c. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 7. e. Click Apply. PIM-SM on Switch C: 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c.
PAGE 476
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/21 check box. Now 1/0/21 appears in the Interface field at the top. c. Enter the following information: • In the IP address, enter 192.168.5.2. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 3. Configure 1/0/22 as a routing port and assign an IP address to it. a.
PAGE 477
ProSafe M4100 and M7100 Managed Switches a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface field, select 1/0/21. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 5. Enable RIP on interface 1/0/22. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. For RIP Admin Mode, select the Enable radio button. d.
PAGE 478
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 7. Enable PIM-SM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays. b. For PIM Protocol Type, select the PIM-SM radio button. c. For Admin Mode, select the Enable radio button. d. Click Apply. 8. Enable PIM-SM on interfaces 1/0/21 and 1/0/22. a.
PAGE 479
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21 and 1/0/22 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. 9. Candidate RP Configuration. a. Select Routing > Multicast > PIM > Candidate RP Configuration. A screen similar to the following displays. b. In the Interface list, welect 1/0/22. c. In the Group IP field, enter 225.1.1.1. d. In the Group Mask field, enter 255.255.255.0.
PAGE 480
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Interface list, select the 1/0/21. c. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 5. e. Click Apply. PIM-SM on Switch D 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2.
PAGE 481
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21 check box. Now 1/0/21 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.2.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 3. Configure 1/0/22 as a routing port and assign an IP address to it. a.
PAGE 482
ProSafe M4100 and M7100 Managed Switches 4. Configure 1/0/24 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/24 check box. Now 1/0/24 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.4.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable.
PAGE 483
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 7. Enable RIP on interface 1/0/24. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/24. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 8. Enable multicast globally. a.
PAGE 484
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 9. Enable PIM-SM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays. b. For PIM Protocol Type, select the PIM-SM radio button. c. For Admin Mode, select the Enable radio button. d. Click Apply. 10. Enable PIM-SM on interfaces 1/0/21, 1/0/22, and 1/0/24. a.
PAGE 485
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21, 1/0/22, and 1/0/24 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. 11. Set up Candidate RP configuration. a. Select Routing > Multicast > PIM > Candidate RP Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. In the Group IP field, enter 225.1.1.1. d.
PAGE 486
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 3. e. Click Apply. 13. Enable IGMP globally. a. Select Routing > Multicast > IGMP > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 14. Enable IGMP on interface 1/0/24. a.
PAGE 487
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under IGMP Routing Interface Configuration, scroll down and select the Interface 1/0/24 check box. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. Chapter 28.
PAGE 488
29. DHCP L2 Relay and L3 Relay 29 This chapter includes the following sections: • DHCP L2 Relay • DHCP L3 Relay on page 494 • Configure a DHCP L3 Switch on page 499 DHCP L2 Relay DHCP relay agents eliminate the need to have a DHCP server on each physical network. Relay agents populate the giaddr field and also append the Relay Agent Information option to the DHCP messages. DHCP servers use this option for IP addresses and other parameter assignment policies.
PAGE 489
ProSafe M4100 and M7100 Managed Switches These Layer 2 devices typically operate only as bridges for the network and might not have an IPv4 address on the network. Lacking a valid IPv4 source address, they cannot relay packets directly to a DHCP server located on another network. These Layer 2 devices append the Relay agent information option and broadcast the DHCP message. This section provides information about where a Layer 2 relay agent fits in and how it is used. CLI: Enable DHCP L2 Relay 1.
PAGE 490
ProSafe M4100 and M7100 Managed Switches 6. Enable DHCP L2 relay on port 1/0/5. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)# dhcp l2relay (Netgear Switch) (Interface 1/0/5)# vlan pvid 200 (Netgear Switch) (Interface 1/0/5)# vlan participation include 200 (Netgear Switch) (Interface 1/0/5)# exit 7. Enable DHCP L2 relay on port 1/0/6. (Netgear Switch) (Config)#interface 1/0/6 (Netgear Switch) (Interface 1/0/6)# dhcp l2relay 8.
PAGE 491
ProSafe M4100 and M7100 Managed Switches a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID field, select 200. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 4, 5, and 6 until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply. 3. Specify the PVID on ports 1/0/4, 1/0/5 and 1/0/6. a. Select Switching > VLAN > Advanced > Port PVID Configuration.
PAGE 492
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Scroll down and select the VLAN ID 200 check box. d. Enter the following information: • In the Admin Mode field, select Enable. • In the Circuit ID Mode field, select Enable. • In the Remote ID String field, enter rmt_id. e. Click Apply to save the settings. 5. Enable DHCP L2 Relay on interfaces 1/0/4,1/0/5, and 1/0/6. a.
PAGE 493
ProSafe M4100 and M7100 Managed Switches a. Select System > Services > DHCP L2 Relay > DHCP L2 Relay Interface Configuration. A screen similar to the following displays. b. Under DHCP L2 Relay Configuration, scroll down and select the Interface 1/0/6 check box. c. In the 82 Option Trust Mode field, select Enable. d. Click Apply to save the settings. Chapter 29.
PAGE 494
ProSafe M4100 and M7100 Managed Switches DHCP L3 Relay This case has two steps, DHCP server configuration and DHCP L3 relay configuration. This example shows how to configure a DHCP L3 relay on a NETGEAR switch and how to configure DHCP pool to assign IP addresses to DHCP clients using DHCP L3 relay. DHCP server DHCP L3 relay 1/0/3 1/0/16 1/0/4 1/0/15 PC PC Figure 48. DHCP L3 relay Configure the DHCP Server Switch CLI: Configure a DHCP Server 1. Enable routing on the switch.
PAGE 495
ProSafe M4100 and M7100 Managed Switches 2. Create a routing interface and enable RIP on it so that the DHCP server learns the route 10.200.1.0/24 from the DHCP L3 relay. (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 10.100.1.1 255.255.255.0 (Netgear Switch) (Interface 1/0/3)#ip rip (Netgear Switch) (Interface 1/0/3)#exit 3. Create a DHCP pool.
PAGE 496
ProSafe M4100 and M7100 Managed Switches 2. Create a routing interface and assign 10.100.1.1/24 to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the 1/0/3 check box. c. In the IP Address field, enter 10.100.1.1. d. In the Subnet Mask field, enter 255.255.255.0. e. In the Routing Mode field, select Enable. f. Click Apply to save the settings. 3. Enable RIP on interface 1/0/3. a.
PAGE 497
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. In the IP Range From field, enter 10.200.1.1. d. In the IP Range To field, enter 10.200.1.1. e. Click Add. 5. Exclude 10.200.2.1 from the DHCP pool. a. Select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays: b. In the IP Range From field, enter 10.200.2.1. c. In the IP Range To field, enter 10.200.2.1. d.
PAGE 498
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under DHCP Pool Configuration, enter the following information: • In the Pool Name list, select Create. • In the Pool Name field, enter dhcp_server. • In the Type of Binding list, select Dynamic. • In the Network Number field, enter 10.200.1.0. • In the Network Mask field, enter 255.255.255.0. As an alternate, you can enter 24 in the Network Prefix Length field.
PAGE 499
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under DHCP Pool Configuration, enter the following information: • In the Pool Name list, select Create. • In the Pool Name field, enter dhcp_server_second. • In the Type of Binding list, select Dynamic. • In the Network Number field, enter 10.200.2.0. • In the Network Mask field, enter 255.255.255.0. As an alternate, you can enter 24 in the Network Prefix Length field. c. Click Add.
PAGE 500
ProSafe M4100 and M7100 Managed Switches 3. Create a routing interface connecting to the client. (Netgear (Netgear (Netgear (Netgear Switch) Switch) Switch) Switch) (Config)# (Config)#interface 1/0/16 (Interface 1/0/16)#routing (Interface 1/0/16)#ip address 10.200.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/16)#exit 4. Configure the DHCP Server IP address and enable the DHCP L3 relay. (Netgear Switch) (Config)#ip helper-address 10.100.1.1 dhcp (Netgear Switch) (Config)#ip helper enable 5.
PAGE 501
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/4 check box. c. In the IP Address field, enter 10.100.1.2. d. In the Subnet Mask field, enter 255.255.255.0. e. In the Routing Mode field, select Enable. f. Click Apply to save the settings. 3. Enable RIP on interface 1/0/4. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/4. c.
PAGE 502
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Port 1/0/15 check box. c. In the IP Address Configuration Method field, enter Manual. d. In the IP Address field, enter 10.200.1.1. e. In the Subnet Mask field, enter 255.255.255.0. f. In the Routing Mode field, select Enable. g. Click Apply to save the settings. 5. Create a routing interface and assign 10.200.2.1/24 to it. a.
PAGE 503
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. In the Source field, select Connected. c. In the Redistribute Mode field, select Enable. d. Click Apply to save the settings. 7. Enable DHCP L3 relay. a. Select System > Services > DHCP Relay. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply to save the settings. 8. Configure the DHCP server IP address. a. Select System > Services > UDP Relay.
PAGE 504
ProSafe M4100 and M7100 Managed Switches c. In the UDP Port field, enter dhcp. d. Click Add to save the settings. 504 | Chapter 29.
PAGE 505
30. MLD Mu ltic ast Listener D iscover y 30 This chapter provides the following examples: • Configure MLD on page 506 • MLD Snooping on page 519 Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover multicast listeners, the nodes that are configured to receive multicast data packets, on its directly attached interfaces.
PAGE 506
ProSafe M4100 and M7100 Managed Switches Configure MLD In this case, PIM-DM is enabled on Switch A and Switch B, and MLD is enabled on Switch B’s port 1/0/24 to discover the multicast listeners. IPv6 multicast source 2001:2::/65 Port 1/0/13 Switch A Port 1/0/1 2001:1::/64 Port 1/0/21 Switch B Port 1/0/24 2001:3::/64 Host Figure 49. Configure MLD CLI: Configure MLD MLD on Switch A (Netgear Switch) #configure (Netgear Switch) (Config)#ipv6 router ospf (Netgear Switch) (Config-rtr)#router-id 1.1.1.
PAGE 507
ProSafe M4100 and M7100 Managed Switches (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#ipv6 pim dense (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ipv6 address 2001:1::1/64 (Netgear Switch) (Interface 1/0/1)#ipv6 enable (Netgear Switch) (Interface 1/0/1)#ipv6 pim dense (Netgear Switch) (Interface 1/0/1)#ipv6 ospf (Netgear Switch) (
PAGE 508
ProSafe M4100 and M7100 Managed Switches 5. Enable IP multicast forwarding on the switch. (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip multicast 6. Enable MLD on interface 1/0/24.
PAGE 509
ProSafe M4100 and M7100 Managed Switches a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Enable IPv6 unicast routing on the switch. a. Select Routing > IPv6 > Basic > Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. Click Apply. 3. Configure 1/0/1 and 1/0/13 as a IPv6 routing ports. a.
PAGE 510
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. Enter the following information: • In the IPv6 Mode field, select Enable. • In the Routing Mode field, select Enable. • In the Admin Mode field, select Enable. d. Click Apply to save the settings. 4. Assign an IPv6 address to 1/0/1. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b.
PAGE 511
ProSafe M4100 and M7100 Managed Switches 5. Assign an IPv6 address to 1/0/13. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. Select Interface 1/0/13. c. Enter the following information: • In the IPv6 Prefix field, enter 2001:2::1. • In the Prefix Length field, enter 64. • In the EUI64 field, select Disable. d. Click Add to save the settings. 6. Configure the router ID of OSPFv3. a. Select Routing > OSPFv3 > Basic > OSPFv3 Configuration.
PAGE 512
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 9. Enable PIM-DM globally. a.
PAGE 513
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 10. Enable PIM-DM on interfaces 1/0/1 and 1/0/13. a. Select Routing > IPv6 Multicast > IPv6 PIM > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. MLD on Switch B 1.
PAGE 514
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Enable IPv6 unicast routing on the switch. a. Select Routing > IPv6 > Basic > Global Configuration. A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. Click Apply. 3. Configure 1/0/21 and 1/0/24 as IPv6 routing ports. a. Select Routing > IPv6 > Advanced > Interface Configuration.
PAGE 515
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21 and 1/0/24 check boxes. c. Enter the following information: • In the IPv6 Mode field, select Enable. • In the Routing Mode field, select Enable. • In the Admin Mode field, select Enable. d. Click Apply to save the settings. 4. Assign an IPv6 address to 1/0/21. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b.
PAGE 516
ProSafe M4100 and M7100 Managed Switches 5. Assign an IPv6 address to 1/0/24. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. Under IPv6 Interface Selection, in the Interface field, select 1/0/24 . c. Enter the following information: • In the IPv6 Prefix field, enter 2001:3::1. • In the Prefix Length field, enter 64. • In the EUI64 field, select Disable. d. Click Add to save the settings. 6. Configure the router ID of OSPFv3. a.
PAGE 517
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Under OSPFv3 Interface Configuration, scroll down and select the Interface 1/0/21 and 1/0/24 check boxes. c. In the OSPFv3 Interface Configuration, in the Admin Mode field, select Enable. d. Click Apply to save the settings. 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply.
PAGE 518
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 10. Enable PIM-DM on interfaces 1/0/21 and 1/0/24. a. Select Routing > IPv6 Multicast > IPv6 PIM > Interface Configuration. A screen similar to the following displays. b. Under PIM Interface Configuration, scroll down select the Interface 1/0/21 and 1/0/24 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. 11.
PAGE 519
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 12. Enable MLD on interface 1/0/24. a. Select Routing > IPv6 Multicast > MLD > Routing Interface Configuration. A screen similar to the following displays. b. Under MLD Routing Interface Configuration, scroll down and select the 1/0/24 check box. Now 1/0/24 appears in the Interface field at the top. c. In the Admin Mode field, select Enable. d.
PAGE 520
ProSafe M4100 and M7100 Managed Switches that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets. MLD is a protocol used by IPv6 multicast routers to discover the presence of multicast listeners (nodes configured to receive IPv6 multicast packets) on its directly attached links and to discover which multicast packets are of interest to neighboring nodes.
PAGE 521
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure MLD Snooping 1. Create VLAN 300. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 300. c. Click Add. 2. Assign all of the ports to VLAN 300. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select 300. c. Click Unit 1. The ports display. d.
PAGE 522
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 and 1/0/24 check boxes. c. In the PVID (1 to 4093) field, enter 300. d. Click Apply to save the settings. 4. Enable MLD snooping on the switch. a. Select Routing > Multicast > MLD Snooping > Configuration. A screen similar to the following displays. b. For MLD Snooping Admin Mode, select the Enable radio button. c. Click Apply. 5. Enable MLD snooping on the VLAN 300. a.
PAGE 523
ProSafe M4100 and M7100 Managed Switches b. Enter the following information: • In the VLAN ID field, enter 300. • In the Admin Mode field, select Enable. 6. Click Add. Chapter 30.
PAGE 524
31. DVMRP Distance Vector M ulticast Rout ing Proto c ol 31 The DVMRP is used for multicasting over IP networks without routing protocols to support multicast. The DVMRP is based on the RIP protocol but more complicated than RIP. DVRMP maintains a link-state database to keep track of the return paths to the source of multicast packages.
PAGE 525
ProSafe M4100 and M7100 Managed Switches multicast streams are sent from the multicast resource to the host along the path built by DVMRP. Multicast resource 192.168.1.0/24 192.168.4.0/24 Switch A 1/0/1 1/0/13 192.168.3.0/24 1/0/21 Host 1/0/24 1/0/11 1/0/13 Switch B 1/0/20 1/0/3 Switch C 192.168.5.0/24 192.168.4.0/24 Figure 50. DVMRP CLI: Configure DVMRP DVRMP on Switch A 1. Create routing interfaces 1/0/1, 1/0/13, and 1/0/21.
PAGE 526
ProSafe M4100 and M7100 Managed Switches 3. Enable DVMRP protocol on the switch. (Netgear Switch) (Config)#ip dvmrp 4. Enable DVMRP mode on the interfaces 1/0/1, 1/0/13, and 1/0/21.
PAGE 527
ProSafe M4100 and M7100 Managed Switches (Netgear Switch) #show ip mcast mroute summary Multicast Route Table Summary Incoming Source IP ------------192.168.1.2 Group IP Outgoing Protocol Interface Interface List ------------ ---------- --------- --------------- 225.0.0.1 DVMRP 1/0/1 1/0/21 DVRMP on Switch B 1. Create routing ports 1/0/13 and 1/0/20.
PAGE 528
ProSafe M4100 and M7100 Managed Switches (Netgear Switch) #show ip dvmrp neighbor Interface ..................................... 1/0/13 Neighbor IP Address ........................... 192.168.2.1 State ......................................... Active Up Time (hh:mm:ss) ............................ 00:02:26 Expiry Time (hh:mm:ss) ........................ 00:00:20 Generation ID ................................. 88091 Major Version ................................. 3 Minor Version ...........................
PAGE 529
ProSafe M4100 and M7100 Managed Switches DVRMP on Switch C: 1. Create routing interfaceS 1/0/11, 1/0/3, and 1/0/24. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#ip routing (Netgear Switch) (Interface 1/0/11)#ip address 192.168.3.1 255.255.255.
PAGE 530
ProSafe M4100 and M7100 Managed Switches 6. Enable IGMP mode on the interface 1/0/24. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch) #show ip dvmrp neighbor Interface ..................................... 1/0/11 Neighbor IP Address ........................... 192.168.3.2 State ......................................... Active Up Time (hh:mm:ss) ............................ 00:01:03 Expiry Time (hh:mm:ss) .....
PAGE 531
ProSafe M4100 and M7100 Managed Switches Web Interface: Configure DVMRP DVMRP on Switch A 1. Enable IP routing on the switch. a. Select Routing > IP > Basic >IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Configure 1/0/1 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b.
PAGE 532
ProSafe M4100 and M7100 Managed Switches a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/13 check box. Now 1/0/13 appears in the Port field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.2.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 4.
PAGE 533
ProSafe M4100 and M7100 Managed Switches d. Click Apply to save the settings. 5. Enable IP multicast on the switch. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 6. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 7.
PAGE 534
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down select the Interface 1/0/1, 1/0/13, and 1/0/21 check boxes. c. In the Interface Mode field, select 300. d. Click Apply to save the settings. DVMRP on Switch B 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2.
PAGE 535
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/13 check box. Now 1/0/13 appears in the Port field at the top. c. Enter the following information in the IP Interface Configuration. • In the IP Address field, enter 192.168.2.2. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 3. Configure 1/0/20 as a routing port and assign an IP address to it. a.
PAGE 536
ProSafe M4100 and M7100 Managed Switches a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 5. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP> Global Configuration. A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 6. Enable DVMRP on the interface. a. Select Routing > Multicast > DVMRP > Interface Configuration.
PAGE 537
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/13 and 1/0/20 check boxes. c. In the Interface Mode field, select Enable. d. Click Apply to save the settings. DVMRP on Switch C 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2.
PAGE 538
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/11 check box. Now 1/0/11 appears in the Port field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.3.1. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. 3. Configure 1/0/3 as a routing port and assign an IP address to it. a.
PAGE 539
ProSafe M4100 and M7100 Managed Switches d. Click Apply to save the settings. 4. Configure 1/0/24 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Port 1/0/24 check box. Now 1/0/24 appears in the Port field at the top. c. Enter the following information: • In the IP Address field, enter 192.168.5.1. • In the Subnet Mask field, enter 255.255.255.0.
PAGE 540
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 7. Enable DVMRP on the interface. a. Select Routing > Multicast > DVMRP > Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/3, 1/0/11, and 1/0/24 check boxes. c. Select Enable in the Interface Mode field. d. Click Apply to save the settings. 8. Enable IGMP on the switch. a.
PAGE 541
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 9. Enable IGMP on the interface. a. Select Routing > Multicast > IGMP > Routing Interface Configuration. A screen similar to the following displays. b. Scroll down and select the Interface 1/0/24 check box. Now 1/0/24 appears in the Interface field at the top. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. Chapter 31.
PAGE 542
32.
PAGE 543
ProSafe M4100 and M7100 Managed Switches You can enable captive portal on all the physical ports on the switch. It is not supported for VLAN interfaces, loopback interfaces or logical interfaces. The captive portal feature uses MAC-aaddress based authentication and not port-based authentication. This means that all the clients connected to the captive portal interface must be authenticated before they can get access to the network.
PAGE 544
ProSafe M4100 and M7100 Managed Switches 2. Enable captive portal instance 1. (Netgear Switch) (Config-CP)#configuration 1 (Netgear Switch) (Config-CP 1)#enable 3. Enable captive portal instance 1 on port 1/0/1. (Netgear Switch) (Config-CP 1)#interface 1/0/1 Web Interface: Enable Captive Portal 1. Enable captive portal on the switch. a. Select Security > Control > Captive Portal > CP Global Configuration. A screen similar to the following displays. b. For Admin Mode, Select the Enable radio button. c.
PAGE 545
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. b. Scroll down and select the CP 1 check box. Now CP 1 appears in the CP ID field at the top. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. 3. Enable CP 1 on interface 1/0/1. a. Select Security > Controls > Captive Portal > CP Binding Configuration. A screen similar to the following displays. b. In the CP ID list, select 1. c. Click Unit 1. The ports display. d.
PAGE 546
ProSafe M4100 and M7100 Managed Switches captive portal instance is a temporary command executed by the administrator and not saved in the configuration. Block a Captive Portal Instance CLI: Block a Captive Portal Instance (Netgear Switch)(Config-CP 1)#block Web Interface: Block a Captive Portal Instance 1. Select Security > Control > Captive Portal > CP Configuration. A screen similar to the following displays. 2. Under Captive Portal Configuration, scroll down and select the CP 1 check box.
PAGE 547
ProSafe M4100 and M7100 Managed Switches CLI: Create Users and Groups 1. Create a group whose group ID is 2. (Netgear Switch) #config (Netgear Switch) (config)#captive-portal (Netgear Switch)(Config-CP)# user group 2 2. Create a user whose name is user1. (Netgear Switch) (Config-CP)#user 2 name user1 3. Configure the user’s password. (Netgear Switch) (Config-CP)#user 2 password Enter password (8 to 64 characters): 12345678 Re-enter password: 12345678 4. Add the user to the group.
PAGE 548
ProSafe M4100 and M7100 Managed Switches c. Click Add. 2. Create a user. a. Select Security > Control > Captive Portal > CP User Configuration. A screen similar to the following displays. b. Enter the following information: • In the User ID Field, enter 2. • In the User Name field, enter user1. • In the Password field, enter 12345678. • In the Confirm Password field, enter 12345678. • In the Group field, select 2. c. Click Add.
PAGE 549
ProSafe M4100 and M7100 Managed Switches are used to configure captive portal. VSAs are denoted in the ID column and are comma delimited (vendor ID, attribute ID). Table 3. RADIUS Attributes for Configuring Captive Portal Users RADIUS Attribute No. Description Range Usage Default User-Name 1 User name to be authorized. 1–32 characters Required None User-Password 2 User password. 8–64 characters Required None Session-Timeout 27 Logout once session timeout is reached (seconds).
PAGE 550
ProSafe M4100 and M7100 Managed Switches A screen similar to the following displays. 2. Scroll down and select the CP 1 check box. Now CP 1 appears in the CP ID field at the top. 3. Enter the following information: • In the Verification field, select RADIUS. • In the Radius Auth Server field, enter the RADIUS server name Default-RADIUS-Server. 4. Click Apply. SSL Certificates A captive portal instance can be configured to use the HTTPS protocol during its user verification process.
PAGE 551
33. iSCSI 33 This chapter includes the following sections: • Enable iSCSI Awareness with VLAN Priority Tag on page 552 • Enable iSCSI Awareness with DSCP on page 553 • Set the iSCSI Target Port on page 554 • Show iSCSI Sessions on page 555 The iSCSI feature is used in networks containing iSCSI initiators and targets where the administrator desires to protect the iSCSI traffic from interruption by giving the traffic preferential QoS treatment.
PAGE 552
ProSafe M4100 and M7100 Managed Switches Enable iSCSI Awareness with VLAN Priority Tag The example is shown as CLI commands and as Web interface procedure CLI: Enable iSCSI Awareness with VLAN Priority Tag Use the following commands to enable iSCSI awareness, select VPT, and set VLAN number and aging time.
PAGE 553
ProSafe M4100 and M7100 Managed Switches Enable iSCSI Awareness with DSCP The example is shown as CLI commands and as Web interface procedure. CLI: Enable iSCSI Awareness with DSCP Use the following commands to enable iSCSI awareness, select DSCP, and set DSCP queue number and aging time.
PAGE 554
ProSafe M4100 and M7100 Managed Switches Set the iSCSI Target Port When working with iSCSI that does not use the standard IANA assigned iSCSI ports (3260/860), it is recommended that you specify the target IP address. Then the switch will only snoop frames where the TCP destination port is one of the configured TCP ports and the destination IP is the target IP address. This will improve the performance of the switch by preventing the CPU from processing non-iSCSI flows.
PAGE 555
ProSafe M4100 and M7100 Managed Switches Show iSCSI Sessions The example is shown as CLI commands and as Web interface procedure CLI: Show iSCSI Sessions Use the following commands to show iSCSI sessions and session details: (Netgear Switch) #show iscsi sessions Session 0: ----------------------------------------------------------------------------Target: iqn.2012-08.com.example:storage.lun1 Initiator: iqn.1991-05.com.
PAGE 556
ProSafe M4100 and M7100 Managed Switches 2. Click Refresh. 1. Show iSCSI session details. a. Select Switching > iSCSI > Advanced > Sessions detailed. A screen similar to the following displays: 2. Click Refresh. 556 | Chapter 33.
PAGE 557
Index Numerics CoS queueing 190 6to4 tunnels 414 802.1x port security 280 D A ACL mirroring 172 ACL redirect 178 ACLs 136 IP ACL configuration 137 IPv6 183 isolated VLANs on a Layer 3 switch 158 MAC ACLs 137, 169 TCP flag 142 ARP 127 dynamic ARP inspection 297, 298, 299 ARP, dynamic inspection 312, 313 Auto VoIP 225, 226, 228 B banner, pre-login 329 C captive portal 542, 551 configuration 543, 552 classic STP (802.
PAGE 558
ProSafe M4100 and M7100 Managed Switches IGMP querier 250, 251 enable 251, 252 status 254 IGMP snooping 246, 251 247 external multicast router 248, 249 multicast router using VLAN 249 show igmpsnooping 246 show ignpsnooping 247 show mac-address-table 247 show mac-address-table igmpsnooping 248 IGMPv3 246 interpreting log files 339 IP ACLs 137, 138 IP routing port routing 60, 61 VLAN routing OSPF configuration 116 VLAN routing RIP configuration 82, 84 IP source guard 312, 313 IPTV 250 IPv6 422 network inter
PAGE 559
ProSafe M4100 and M7100 Managed Switches 802.