1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Switch
  5. 7000 Series
  6. Administration manual

NETGEAR 7000 Series Administration Manual

Netgear managed switch administration guide
Hide thumbs Also See for 7000 Series:
Table of Contents

Advertisement

Quick Links

Download this manual
NETGEAR 7000 Series
Managed Switch
Administration Guide
Version 7.2
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
202-10238-02
May 2008

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR 7000 Series

Summary of Contents for NETGEAR 7000 Series

  • Page 1 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10238-02 May 2008...

  • Page 2: Statement Of Conditions

    Certificate of the Manufacturer/Importer It is hereby certified that the 7000 Series Managed Switch has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions.

  • Page 3: Canadian Department Of Communications Radio Interference Regulations

    Canadian Department of Communications Radio Interference Regulations This digital apparatus (7000 Series Managed Switch) does not exceed the Class A limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.
  • Page 4 Product and Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number: 7xxx May 2008 Managed Switch 7000 Series Managed Switch Business English 202-10238-02 v1.0, May 2008...

  • Page 5: Table Of Contents

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 About This Manual Conventions, Formats and Scope ... xv How to Use This Manual ...xvi How to Print this Manual ...xvi Revision History ...xvii Chapter 1 Introduction Document Organization ...1-1 Audience ...1-2 CLI Documentation ...1-3...
  • Page 6 Example #2: Enabling Routing for Ports on the Switch ...7-4 VLAN Routing ...7-4 VLAN Routing Configuration ...7-5 CLI Examples ...7-5 Example #1: Create Two VLANs ...7-6 Example #2: Set Up VLAN Routing for the VLANs and the Switch..7-6 v1.0, May 2008...
  • Page 7 Routing Information Protocol ...7-12 RIP Configuration ...7-12 CLI Examples ...7-13 Example #1: Enable Routing for the Switch ...7-13 Example #2: Enable Routing for Ports ...7-14 Example #3: Enable RIP for the Switch ...7-14 Example #4: Enable RIP for ports 1/0/2 and 1/0/3 ...7-15 OSPF ...7-15...
  • Page 8 Example #2: Configure a One-Way Access Using a TCP Flag in an ACL ...9-4 CLI Commands ...9-5 Web Interface Procedure ...9-8 Example #3: Configure Isolated VLANs on a Layer 3 switch by Using ACLs ...9-23 CLI Commands ...9-24 Web Interface Procedure ...9-26 MAC ACL CLI Examples ...9-38...
  • Page 9 Chapter 12 IGMP Snooping Overview ...12-1 CLI Examples ...12-1 Example #1: Enable IGMP Snooping ...12-1 Example #2: show igmpsnooping ...12-2 Example #3: show mac-address-table igmpsnooping ...12-2 Chapter 13 Port Security Overview ...13-1 Operation ...13-2 CLI Examples ...13-3 Example #1: show port security ...13-3 Example #2: show port security on a specific interface ...13-3 Example #3: (Config) port security ...13-3 Chapter 14...
  • Page 10 Example #2: show logging buffered ...19-3 Example #3: show logging traplogs ...19-4 Example #4: show logging hosts ...19-4 Example #5: logging port configuration ...19-5 Chapter 20 Managing Switch Stacks Understanding Switch Stacks ...20-2 Switch Stack Membership ...20-3 v1.0, May 2008...
  • Page 11 Stack Member Priority Values ...20-6 Switch Stack Offline Configuration ...20-6 Effects of Adding a Preconfigured Switch to a Switched Stack ...20-6 Effects of Replacing a Preconfigured Switch in a Switch Stack ...20-7 Effects of Removing a Preconfigured Switch from a Switch Stack ...20-7 Switch Stack Software Compatibility Recommendations ...20-8...
  • Page 12 CLI Commands ...24-4 Web Interface Procedure ...24-5 Chapter 25 Protected Ports Overview ...25-1 Example ...25-1 Example #1: Configure a Protected Port to Isolate Ports on the Switch ...25-1 CLI Commands ...25-2 Web Interface Procedure ...25-3 Chapter 26 802.1x Port Security Overview ...26-1...
  • Page 13 Example ...26-1 Example 1#: Enable 802.1x Authentication on One Port in a VLAN ...26-1 CLI Commands ...26-2 Web Interface Procedure ...26-3 Chapter 27 Double VLANs Overview ...27-1 Example ...27-1 Example 1#: Enable a Double VLAN on a VLAN ...27-1 CLI Commands ...27-2 Web Interface Procedure ...27-3 Index v1.0, May 2008...
  • Page 14 v1.0, May 2008...

  • Page 15: About This Manual

    The NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 describes how to install, configure and troubleshoot the 7000 Series Managed Switch. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Formats and Scope The conventions, formats, and scope of this manual are described in the following paragraphs: •...

  • Page 16: How To Use This Manual

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • Scope. This manual is written for the 7000 Series Managed Switch according to these specifications: Product Version Manual Publication Date Note: Product updates are available on the NETGEAR, Inc. website at http://kbserver.netgear.com/products/7xxx.asp.

  • Page 17: Revision History

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window.
  • Page 18 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 xviii v1.0, May 2008...

  • Page 19: Introduction

    This document provides examples of the use of the switch software in a typical network. It describes the use and advantages of specific functions provided by the 7000 Series Managed Switch, and includes information on configuring those functions using the Command Line Interface and Web Interface.

  • Page 20: Audience

    • Level 1 and Level 2 Support provider To obtain the greatest benefit from this guide, you should have an understanding of the switch software base and should have read the specification for your networking device platform. You should also have a basic knowledge of Ethernet and networking concepts.

  • Page 21: Cli Documentation

    • Netgear Quick Installation Guide, 7000 Series Managed Switch • Netgear CLI Reference for the Prosafe 7X00 Series Managed Switch. There are three documents in this series; choose the appropriate one for your product. • Netgear Hardware Installation Guide for your switch These documents may be found at http://www.NETGEAR.com.
  • Page 22 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Introduction v1.0, May 2008...

  • Page 23: Getting Started

    Connect a terminal to the switch to begin configuration. In-band and Out-of-band Connectivity Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. Configuring for In-band Connectivity In-band connectivity allows you to access the switch from a remote workstation using the Ethernet network.

  • Page 24: Using The Eia-232 Port

    MAC Address MAC address of the switch When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for in-band connectivity over the network.

  • Page 25: Configuring For Out-Of-Band Connectivity

    IP address of the default router, if the switch is a node outside the IP range of the LAN. 7. To enable these changes to be retained during a reset of the switch, type Ctrl-Z to return to the main prompt, type save config at the main menu prompt, and type y to confirm the changes.

  • Page 26: Starting The Switch

    3. Connect the female connector of the RS-232 crossover cable directly to the switch console port, and tighten the captive retaining screws. Starting the Switch 1. Make sure that the switch console port is connected to a VT100 terminal or VT100 terminal emulator via the RS-232 crossover cable. 2. Locate an AC power receptacle.

  • Page 27: Initial Configuration Procedure

    The switch is not configured with a default user name and password. All of the settings below are necessary to allow the remote management of the switch through Telnet (Telnet client) or HTTP (Web browser).

  • Page 28: Software Installation

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Software Installation This section contains procedures to help you become acquainted quickly with the switch software. Before installing switch software, you should verify that the switch operates with the most recent firmware.
  • Page 29 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • Uploading from Networking Device to Out-of-Band PC (Only XMODEM) • Downloading from Out-of-Band PC to Networking Device (Only XMODEM) • Downloading from TFTP Server • Restoring factory defaults If you configure any network parameters, you should execute the following command: copy system:running-config nvram:startup-config This command saves the changes to the configuration file.
  • Page 30 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Table 2-1. Quick Start Commands Command Mode Privileged copy system:run- ning-config EXEC nvram:startup- config User EXEC logout Privileged EXEC User EXEC show network Privileged network parms <ipaddr> <net- EXEC mask> [gateway]...
  • Page 31 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Table 2-1. Quick Start Commands Command Mode Privileged copy nvram:error- log <tftp:// EXEC <ipaddress>/ <filepath>/<file- name>> Privileged copy nvram:tra- plog <tftp:// EXEC <ipaddress>/ <filepath>/<file- name>> Privileged copy <tftp:// <ipaddress>/ EXEC <filepath>/<file- name>>...
  • Page 32 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Table 2-1. Quick Start Commands Command Mode Privileged copy <tftp:// <ipaddress>/ EXEC <filepath>/<file- name>> sys- tem:image Privileged clear config EXEC Privileged copy system:run- ning-config EXEC nvram:startup- config (or cold boot Privileged...

  • Page 33: Using Ezconfig For Switch Setup

    -------------------------------- Hello and Welcome! This utility will walk you through assigning the IP address for the switch management CPU. It will allow you to save the changes at the end. After the session, simply use the newly assigned IP address to access the Web GUI using any public domain Web browser.

  • Page 34: Changing The Password

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Changing the Password The first question it will ask is whether you wish to change the admin password. For security reasons, you should change the password by typing Y. If you have already set the password and do not wish to change it again, just enter N.

  • Page 35: Assigning Switch Name And Location Information

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 If an IP address is already assigned, and you do not wish to change the IP address again, simply type N. Assigning Switch Name and Location Information Ezconfig will proceed to the next step in the setup:...
  • Page 36 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 If during the session, the switch loses its power, the setup information will be lost if Ezconfig does not have the chance to save the changes before power-down. Using Ezconfig for Switch Setup...

  • Page 37: Using The Web Interface

    For example, when you log in, there is a Main Menu with the same functions available. You can manage your switch through a Web browser and Internet connection. This is referred to as Web-based management. To use Web-based management, the system must be set up for in-band connectivity.

  • Page 38: Starting The Web Interface

    As of software release 7.2, the Web interface has a new look. The new Web interface is called the Prosafe Control Center (PCC). When you use the switch’s IP address to log into the switch, the following screen displays: v1.0, May 2008...
  • Page 39 As shipped from the factory, both users can log in without a password. Netgear strongly recommends that the network administrator creates a unique password for the administrative user before placing the switch into production.
  • Page 40 This tag contains services to perform a firmware upgrade, to save the configuration, and to perform a backup of the configuration. – Help This tag provides access to the Netgear product support Web site and the online user guide. v1.0, May 2008 Using the Web Interface...
  • Page 41 4. Save the Configuration When you click the Apply button to save the changes, the changes are applied to the switch but not saved into the permanent memory of the switch. When you reboot the switch, the changes are lost.To save the changes into the permanent memory of the switch, use the Save...

  • Page 42: Configuring An Snmp V3 User Profile

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Configuring an SNMP V3 User Profile Configuring an SNMP V3 user profile is a part of user configuration. Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, additional steps are needed.

  • Page 43: Virtual Lans

    A VLAN is a set of end stations and the switch ports that connect them. You may have many reasons for the logical division, such as department or project membership. The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN.

  • Page 44: Vlan Configuration Example

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 VLAN Configuration Example The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. port 1/0/2 handles traffic for both VLANs, while port 1/0/1 is a member of VLAN 2 only, and ports 1/0/3 and 1/0/4 are members of VLAN 3 only.

  • Page 45: Example #2: Assign Ports To Vlan2

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2, specify that frames will always be transmitted tagged from all member ports, and that untagged frames will be rejected on receipt.

  • Page 46: Graphical User Interface

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Graphical User Interface Use the following screens to perform the same configuration using the Graphical User Interface: • Switching --> VLAN--> Configuration. To create the VLANs and specify port participation. •...

  • Page 47: Chapter 6 Link Aggregation

    Management functions treat a LAG as if it were a single physical port. You can include a LAG in a VLAN. You can configure more than one LAG for a given switch. CLI Example This section provides an example of configuring the software to support Link Aggregation (LAG) to a server and to a Layer 3 switch.

  • Page 48: Example #1: Create Two Lags

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 6-1 shows the example network. Figure 6-1 Example #1: Create two LAGS (Netgear Switch) #config (Netgear Switch) (Config)#port-channel lag_10 (Netgear Switch) (Config)#port-channel lag_20 (Netgear Switch) (Config)#exit Use the show port-channel all command to show the logical interface ids you will use to identify the LAGs in subsequent commands.

  • Page 49: Example #2: Add The Ports To The Lags

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Add the ports to the LAGs (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear Switch) (Interface 0/2)#exit (Netgear Switch) (Config)#interface 0/3 (Netgear Switch) (Interface 0/3)#addport 1/1...
  • Page 50 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Link Aggregation v1.0, May 2008...

  • Page 51: Ip Routing Services

    • Recreate the Layer 2 header The router’s IP address is often statically configured in the end station, although the 7000 Series Managed Switch supports protocols such as DHCP that allow the address to be assigned dynamically. Likewise, you may assign some of the entries in the routing tables used by the router statically, but protocols such as RIP and OSPF allow the tables to be created and updated dynamically as the network configuration changes.

  • Page 52: Netgear 7000 Series Managed Switch Administration Guide Version

    The 7000 Series Managed Switch always supports Layer 2 bridging, but Layer 3 routing must be explicitly enabled, first for the 7000 Series Managed Switch as a whole, and then for each port which is to participate in the routed network.

  • Page 53: Cli Examples

    This diagram shows a Layer 3 switch configured for port routing. It connects three different subnets, each connected to a different port. The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the port routing support shown in the diagram. Figure 7-1 Example #1: Enabling routing for the Switch Use the following command to enable routing for the switch.

  • Page 54: Example #2: Enabling Routing For Ports On The Switch

    (Netgear Switch) (Config)#exit VLAN Routing You can configure 7000 Series Managed Switch with some ports supporting VLANs and some supporting routing. You can also configure it to allow traffic on a VLAN to be treated as if the VLAN were a router port.

  • Page 55: Vlan Routing Configuration

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The next section will show you how to configure the 7000 Series Managed Switch to support VLAN routing and how to use RIP and OSPF. A port may be either a VLAN port or a router port, but not both.

  • Page 56: Example #1: Create Two Vlans

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: Create Two VLANs The following code sequence shows an example of creating two VLANs with egress frame tagging enabled. (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20...

  • Page 57: Vlan Routing Rip Configuration

    The routing table is sent to a multicast address, reducing network traffic – An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP. You may configure a given port: • To receive packets in either or both formats •...

  • Page 58: Cli Example

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Example This example adds support for RIPv2 to the configuration created in the base VLAN routing example. A second router, using port routing rather than VLAN routing, has been added to the network.
  • Page 59 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example of configuring VLAN Routing with RIP support on a 7000 Series Managed Switch (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10...

  • Page 60: Vlan Routing Ospf Configuration

    An inter-area router communicates with border routers in each of the areas to which it provides connectivity. The 7000 Series Managed Switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route. The order for choosing a route if more than one type of route exists is as follows: –...
  • Page 61 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example of configuring OSPF on a 7000 Series Managed Switch acting as an inter-area router: (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10...

  • Page 62: Routing Information Protocol

    The routing table is sent to a multicast address, reducing network traffic – An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP. You may configure a given port: • To receive packets in either or both formats •...

  • Page 63: Cli Examples

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • To prevent any RIP packets from being transmitted CLI Examples The configuration commands used in the following example enable RIP on ports 1/0/2 and 1/0/3 as shown in the network illustrated in...

  • Page 64: Example #2: Enable Routing For Ports

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Enable Routing for Ports The following command sequence enables routing and assigns IP addresses for ports 1/0/2 and 1/ 0/3. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0...

  • Page 65: Example #4: Enable Rip For Ports 1/0/2 And 1/0/3

    An inter-area router communicates with border routers in each of the areas to which it provides connectivity. The 7000 Series Managed Switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route. The order for choosing a route if...

  • Page 66: Cli Examples

    External Type 2: the route was learned from other protocols such as RIP CLI Examples The examples in this section show you how to configure a 7000 Series Managed Switch first as an inter-area router and then as a border router. They show two areas, each with its own border router connected to one inter-area router.

  • Page 67: Example #1: Configuring An Inter-Area Router

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: Configuring an Inter-Area Router Figure 7-5 Enable Routing for the Switch. The following command sequence enables ip routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Assign IP Addresses for Ports.
  • Page 68 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Specify Router ID and Enable OSPF for the Switch. The following sequence specifies the router ID and enables OSPF for the switch. Set disable1583 compatibility to prevent the routing loop. (Netgear Switch) #config...

  • Page 69: Example #2: Configuring Ospf On A Border Router

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Configuring OSPF on a Border Router Figure 7-6 IP Routing Services 7-19 v1.0, May 2008...
  • Page 70 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The following example configures OSPF on a 7000 Series Managed Switch operating as a border router: Enable routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Enable routing & assign IP for ports 1/0/2, 1/0/3 and 1/0/4.

  • Page 71: Proxy Address Resolution Protocol (Arp)

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Enable OSPF for the ports and set the OSPF priority and cost for the ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip ospf (Netgear Switch) (Interface 1/0/2)#ip ospf areaid 0.0.0.2...

  • Page 72: Cli Examples

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Examples The following are examples of the commands used in the proxy ARP feature. Example #1: show ip interface (Netgear Switch) #show ip interface ? <slot/port> brief (Netgear Switch) #show ip interface 0/24 Routing Mode...

  • Page 73: Virtual Router Redundancy Protocol

    A given port may appear as more than one virtual router to the network, also, more than one port on a 7000 Series Managed Switch may be configured as a virtual router. Either a physical port or a routed VLAN may participate.

  • Page 74: Cli Examples

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Examples This example shows how to configure the 7000 Series Managed Switch to support VRRP. Router 1 will be the default master router for the virtual route, and Router 2 will be the backup router.

  • Page 75: Example #1: Configure Vrrp On A Master Router

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: Configure VRRP on a Master Router The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the master router: Enable routing for the switch. IP forwarding will then be enabled by default.

  • Page 76: Example #2: Configure Vrrp On A Backup Router

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Configure VRRP on a Backup Router The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the backup router: Enable routing for the switch. IP forwarding will then be enabled by default.

  • Page 77: Access Control Lists (Acls)

    This section describes the Access Control Lists (ACLs) feature. Overview Access Control Lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a firewall router or in a router connecting two internal networks. When you configure ACLs, you can selectively admit or reject inbound traffic, thereby controlling access to your network or to specific resources on your network.

  • Page 78: Configuring Ip Acls

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • Destination MAC address with mask • VLAN ID (or range of IDs) • Class of Service (CoS) (802.1p) • Ethertype • L2 ACLs can apply to one or more interfaces •...

  • Page 79: Process

    TCP traffic and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will only be accepted by the 7000 Series Managed Switch if the source and destination stations have IP addresses that fall within the defined sets.

  • Page 80: Example #2: Configure A One-Way Access Using A Tcp Flag In An Acl

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Create ACL 101. Define the first rule: the ACL will permit packets with a match on the specified source IP address (after the mask has been applied), that are carrying TCP traffic, and that are sent to the specified destination IP address.

  • Page 81: Cli Commands

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The example is shown as CLI commands and as a Web interface procedure. CLI Commands To use the CLI to configure the GSM7248R, enter the following CLI commands: Step 1: Configure the GSM7248R (see Create VLAN 30 with port 0/3 and assign IP address 192.168.30.1/24.
  • Page 82 (Netgear Switch) (Config)#ip route 192.168.50.0 255.255.255.0 192.168.200.2 Create an ACL that denies all the packets with TCP flags +syn-ack. (Netgear Switch) (Config)#access-list 101 deny tcp any any flag +syn -ack Create an ACL that permits all the IP packets. (Netgear Switch) (Config)#access-list 102 permit ip any any Apply the ACL 101 and 102 to the port 0/44;...
  • Page 83 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 To use the CLI to Configure the GSM7352S, enter the following CLI commands: Step 2: Configure the GSM7352S (see Figure 9-2) Create VLAN 40 with port 1/0/24 and assign IP address 192.168.40.1/24.

  • Page 84: Web Interface Procedure

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Add two static routes so that the switch forwards the packets with destinations 192.168.100.0/24 and 192.168.30.0/24 to the correct next hops. (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip route 192.168.100.0 255.255.255.0 192.168.200.1 (Netgear Switch) (Config)#ip route 192.168.30.0 255.255.255.0 192.168.200.1...
  • Page 85 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Create VLAN 100 with IP address 192.168.100.1/24: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-4 b. Enter the following information in the VLAN Routing Wizard: •...
  • Page 86 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 3. Create VLAN 200 with IP address 192.168.200.1/24: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-5 b. Enter the following information in the VLAN Routing Wizard: •...
  • Page 87 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 4. Enable IP Routing: a. From the main menu, select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. Figure 9-6 b. Under IP Configuration, make the following selections: •...
  • Page 88 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 b. Under Configure Routes, make the following selection and enter the following information: • Select Static from the Route Type pulldown menu. • In the Network Address field, enter 192.168.40.0. •...
  • Page 89 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 7. Create an ACL with ID 101: a. From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-9 b. In the IP ACL ID field of the IP ACL Table, enter 101.
  • Page 90 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 9. Add and configure an IP extended rule that is associated with ACL 101: a. From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays.
  • Page 91 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • Next to Action mode, select the Deny radio button.
  • Page 92 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 9-14 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • Next to Action mode, select the Permit radio button.
  • Page 93 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 11. Apply ACL 101 to port 44: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-15 b.
  • Page 94 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 12. Apply ACL 102 to port 44: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-16 b.
  • Page 95 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 To use the Web interface to configure the GSM7352S, proceed as follows: 1. Create VLAN 40 with IP address 192.168.40.1/24: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays.
  • Page 96 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Create VLAN 50 with IP address 192.168.50.1/24: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-18 b. Enter the following information in the VLAN Routing Wizard: •...
  • Page 97 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 3. Create VLAN 200 with IP address 192.168.200.2/24: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 9-19 b. Enter the following information in the VLAN Routing Wizard: •...
  • Page 98 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 4. Create a static route with IP address 192.168.100.0/24: a. From the main menu, select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays.

  • Page 99: Example #3: Configure Isolated Vlans On A Layer 3 Switch By Using Acls

    Using ACLs This example shows how to isolate VLANs on a Layer 3 switch by using ACLs. In this example, PC1 is in VLAN 24, PC2 is in VLAN 48, and PC3 is in VLAN 38. PC1 and PC2 are isolated by an ACL but can both access the server.

  • Page 100: Cli Commands

    The example is shown as CLI commands and as a Web interface procedure. CLI Commands To use the CLI to isolate VLANs on a Layer 3 switch by using ACLs, enter the following CLI commands: Create VLAN 24, add port 1/0/24 to it, and assign IP address 192.168.24.1 to it.
  • Page 101 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Create VLAN 48, add port 1/0/48 to it, and assign IP address 192.168.48.1 to it. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 48 (Netgear Switch) (Vlan)#vlan routing 48 (Netgear Switch) (Vlan)#exit...

  • Page 102: Web Interface Procedure

    (Netgear Switch) (Interface 1/0/48)#ip access-group 103 in 2 (Netgear Switch) (Interface 1/0/48)#exit Web Interface Procedure To use the Web interface to isolate VLANs on a Layer 3 switch by using ACLs, proceed as follows: 1. Create VLAN 24 with IP address 192.168.24.1: a.
  • Page 103 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 24. • In the IP Address field, enter 192.168.24.1. • In the Network Mask field, enter 255.255.255.0.
  • Page 104 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 e. Click Apply to save VLAN 48. 3. Create VLAN 38 with IP address 10.100.5.34: a. From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays.
  • Page 105 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 9-26 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button.
  • Page 106 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 6. Create an ACL with ID 102: a. From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. Figure 9-28 b. In the IP ACL ID field of the IP ACL Table, enter 102.
  • Page 107 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 b. In the IP ACL ID field of the IP ACL Table, enter 103. c. Click Add. 8. Add and configure an IP extended rule that is associated with ACL 101: a.
  • Page 108 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • Next to Action mode, select the Deny radio button.
  • Page 109 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 9-33 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • Next to Action mode, select the Deny radio button.
  • Page 110 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 10. Add and configure an IP extended rule that is associated with ACL 103: a. From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays.
  • Page 111 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • Next to Action mode, select the Permit radio button. • Select False from the Match Every pulldown menu. • Select IP from the Protocol Type pulldown menu. e. Click Apply to save the settings.
  • Page 112 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 12. Apply ACL 101 to port 48: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 9-37 b.
  • Page 113 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 13. Apply ACL 103 to port 24 and port 48: a. From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays.

  • Page 114: Mac Acl Cli Examples

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 MAC ACL CLI Examples The following are examples of the commands used for the MAC ACLs feature. Example #1: mac access list (Netgear Switch)(Config)#mac access-list ? extended Configure extended MAC Access List parameters.

  • Page 115: Example #2: Permit Any

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: permit any (Netgear Switch) (Config-mac access-list)#permit ? <srcmac> Enter a MAC address. Configure a match condition for all the destination MAC addresses in the Destination MAC Address field. (Netgear Switch) (Config-mac access-list)#permit any ? <dstmac>...

  • Page 116: Example #3 Configure Mac Access-Group

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #3 Configure mac access-group (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#mac ? access-group Attach MAC Access List to Interface. (Netgear Switch) (Interface 1/0/5)#mac access-group ? <name> Enter name of MAC Access Control List.

  • Page 117: Example #4 Permit

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #4 permit (Netgear Switch) (Config)#mac access-list extended b2 (Netgear Switch) (Config-mac-access-list)#permit 00:00:00:00:00:00 ? <dstmac> Enter a MAC Address. Configure a a match condition for all the destination MAC addresses in the Destination MAC Address field.

  • Page 118: Example #5: Show Mac Access-Lists

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #5: show mac access-lists (Netgear Switch) #show mac access-lists Current number of all ACLs: 2 MAC ACL Name Rules ------------ ----- (Netgear Switch) #show mac access-lists ? <name> Enter access-list name up to 31 characters in length.

  • Page 119: Class Of Service (Cos) Queuing

    This section describes the Class of Service (CoS) Queue Mapping and Traffic Shaping features. Overview Each port has one or more queues for packet transmission. During configuration, you can determine the mapping and configuration of these queues. Based on service rate and other criteria you configure, queues provide preference to specified packets.

  • Page 120: Untrusted Ports

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 – IP Precedence – IP DiffServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header. You configure this by mapping the 802.1p priorities to one of three traffic class queues. These queues are: •...

  • Page 121: Drop Precedence Configuration (Per Queue)

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 – Tail drop vs. WRED Drop Precedence Configuration (per Queue) • WRED parameters – Minimum threshold – Maximum threshold – Drop probability – Scale factor • Tail Drop parameters – Threshold Per-Interface Basis •...

  • Page 122: Example #1: Show Classofservice Trust

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: show classofservice trust (Netgear Switch) #show classofservice trust ? <cr> Press Enter to execute the command. (Netgear Switch) #show classofservice trust Class of Service Trust Mode: Dot1P Example #2: set classofservice trust mode...

  • Page 123: Example #3: Show Classofservice Ip-Precedence Mapping

    (Netgear Switch) (Config)#cos-queue min-bandwidth ? <bw-0> (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict ? <queue-id> (Netgear Switch) (Config)#cos-queue strict 1 ? <cr>...

  • Page 124: Example #5: Set Cos Trust Mode Of An Interface

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #5: Set CoS Trust Mode of an Interface (Netgear Switch) (Config)#classofservice trust ? dot1p ip-dscp (Netgear Switch) (Config)#classofservice trust dot1p ? <cr> (Netgear Switch) (Config)#classofservice trust dot1p Note: The Traffic Class value range is <0-6> instead of <0-7> because queue 7 is reserved in a stacking build for stack control, and is therefore not configurable by the user.

  • Page 125: Example #1 Traffic-Shape

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1 traffic-shape (Netgear Switch) (Config)#traffic-shape ? <bw> (Netgear Switch) (Config)#traffic-shape 70 ? <cr> (Netgear Switch) (Config)#traffic-shape 70 (Netgear Switch) (Config)# Class of Service (CoS) Queuing Enter the shaping bandwidth percentage from 0 to 100 in increments of 5.
  • Page 126 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 10-8 Class of Service (CoS) Queuing v1.0, May 2008...

  • Page 127: Differentiated Services

    7000 Series Managed Switch to identify which traffic class a packet belongs to, and how it should be handled to provide the desired quality of service. As implemented on the 7000 Series Managed Switch, DiffServ allows you to control what traffic is accepted and what traffic is discarded.

  • Page 128: Cli Example

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 – Marking the packet with a given DSCP code point, IP precedence, or CoS – Policing packets by dropping or re-marking those that exceed the class’s assigned data rate – Counting the traffic within the class •...
  • Page 129 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The following example configures DiffServ on a 7000 Series Managed Switch: Ensure DiffServ operation is enabled for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#diffserv Create a DiffServ class of type “all” for each of the departments, and name them.

  • Page 130: Diffserv For Voip Configuration Example

    1/0/5 based on a normal destination address lookup for internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit DiffServ for VoIP Configuration Example One of the most valuable uses of DiffServ is to support Voice over IP (VoIP).
  • Page 131 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side. The configuration script is for Router 1 in the accompanying diagram: a similar script should be applied to Router 2.
  • Page 132 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The following example configures DiffServ VoIP support: Enter Global Config mode. Set queue 5 on all ports to use strict priority mode. Activate DiffServ for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#cos-queue strict 5...

  • Page 133: Igmp Snooping

    The following are examples of the commands used in the IGMP Snooping feature. Example #1: Enable IGMP Snooping The following example shows how to enable IGMP snooping. (Netgear Switch) #config (Netgear Switch) (Config)#ip igmpsnooping (Netgear Switch) (Config)#ip igmpsnooping interfacemode (Netgear Switch) (Config)#exit IGMP Snooping v1.0, May 2008 Chapter 12...

  • Page 134: Example #2: Show Igmpsnooping

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: show igmpsnooping (Netgear Switch) #show igmpsnooping? <cr> Press Enter to execute the command. <slot/port> Enter interface in slot/port format. mrouter Display IGMP Snooping Multicast Router information. <1-4093> Display IGMP Snooping valid VLAN ID information.

  • Page 135: Port Security

    This section describes the Port Security feature. Overview Port Security: • Allows for limiting the number of MAC addresses on a given port • Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted •...

  • Page 136: Operation

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Operation Port Security: • Helps secure network by preventing unknown devices from forwarding packets • When link goes down, all dynamically locked addresses are ‘freed’ • If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets with a MAC address matching the MAC address in the static list •...

  • Page 137: Cli Examples

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Examples The following are examples of the commands used in the Port Security feature. Example #1: show port security (Netgear Switch) #show port-security ? <cr> Press Enter to execute the command.
  • Page 138 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 13-4 Port Security v1.0, May 2008...

  • Page 139: Traceroute

    This section describes the Traceroute feature. Use Traceroute to discover the routes that packets take when traveling on a hop-by-hop basis to their destination through the network. • Maps network routes by sending packets with small Time-to-Live (TTL) values and watches the ICMP time-out announcements •...

  • Page 140: Cli Example

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Example The following shows an example of using the traceroute command to determine how many hops there are to the destination. The command output shows each IP address the packet passes through and how long it takes to get there.

  • Page 141: Configuration Scripting

    This section describes the Configuration Scripting feature. Overview Configuration Scripting: • Allows you to generate text-formatted files • Provides scripts that can be uploaded and downloaded to the system • Provides flexibility to create command configuration scripts • May be applied to several switches •...

  • Page 142: Example #1: Script

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: script (Netgear Switch) #script ? apply Applies configuration script to the switch. delete Deletes a configuration script file from the switch. list Lists all configuration script files present on the switch.

  • Page 143: Example #4: Creating A Configuration Script

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #4: Creating a Configuration Script (Netgear Switch) #show running-config running-config.scr Config script created successfully. (Netgear Switch) Configuration Script Name ------------------------- running-config.scr 1 configuration script(s) found. 1020799 bytes free. Example #5: Upload a Configuration Script (Netgear Switch) #copy nvram: script running-config.scr...
  • Page 144 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 15-4 Configuration Scripting v1.0, May 2008...

  • Page 145: Outbound Telnet

    This section describes the Outbound Telnet feature. Overview Outbound Telnet: • Establishes an outbound telnet connection between a device and a remote host • A telnet connection is initiated, each side of the connection is assumed to originate and terminate at a “Network Virtual Terminal” (NVT) •...

  • Page 146: Example #1: Show Network

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: show network (Netgear Switch Routing) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch Routing) User:admin Password: (Netgear Switch Routing) Password: (Netgear Switch Routing) IP Address... 192.168.77.151 Subnet Mask... 255.255.255.0 Default Gateway... 192.168.77.127 Burned In MAC Address...

  • Page 147: Example #3: Transport Output Telnet

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #3: transport output telnet (Netgear Switch Routing) (Config)#lineconfig ? <cr> (Netgear Switch Routing) (Config)#lineconfig (Netgear Switch Routing) (Line)#transport ? input output (Netgear Switch Routing) (Line)#transport output ? telnet (Netgear Switch Routing) (Line)#transport output telnet ? <cr>...
  • Page 148 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 16-4 Outbound Telnet v1.0, May 2008...

  • Page 149: Chapter 17 Port Mirroring

    • Assigns a specific port to copy all packets to • Allows inbound or outbound packets to switch to their destination and to be copied to the mirrored port CLI Examples The following are examples of the commands used in the Port Mirroring feature.

  • Page 150: Example #1: Show Monitor Session

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: show monitor session (Netgear Switch Routing) #show monitor session 1 Session ID Admin Mode ---------- ---------- Enable Note: Monitor session ID “1” - “1” is a hardware limitation. Example #2: show port all...

  • Page 151: Example #4: (Config) Monitor Session 1 Mode

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 port, and what is enabled or disabled on the port. (Netgear Switch Routing) #show port 0/7 Admin Intf Type Mode 1/0/7 Mirror Enable (Netgear Switch Routing) #show port 0/8 Admin Intf...

  • Page 152: Example #5: (Config) Monitor Session 1 Source Interface

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #5: (Config) monitor session 1 source interface Specify the source (mirrored) ports and destination (probe) port. (Netgear Switch Routing)(Config)#monitor session 1 source? interface Configure interface. (Netgear Switch Routing)(Config)#monitor session 1 source interface? <slot/port>...

  • Page 153: Simple Network Time Protocol (Sntp)

    SNTP client implemented over UDP which listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature. Example #1: show sntp (Netgear Switch Routing) #show sntp ? <cr> Press Enter to execute the command. client Display SNTP Client Information.

  • Page 154: Example #2: Show Sntp Client

    Failed Unicast Requests: Example #4: Configure SNTP Netgear switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
  • Page 155 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 1. Configure the SNTP server IP address. The IP address can be either from the public NTP server or your own. You can search the Internet to locate the public server. The servers available could be listed in domain-name format instead of address format.

  • Page 156: Example #5: Setting Time Zone

    Netgear provides SNTP servers accessible by Netgear devices. Because Netgear may change IP addresses assigned to its time servers, it is best to access a SNTP server by DNS name instead of using a hard-coded IP address. The public time servers available are time-a, time-b, and time-c.

  • Page 157: Syslog

    Syslog: • Allows you to store system messages and/or errors • Can store to local files on the switch or a remote server running a syslog daemon • Method of collecting message logs from many systems Persistent Log Files •...

  • Page 158: Interpreting Log Files

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Interpreting Log Files <130> 00:00:06 0.0.0.0-1 A. Priority B. Timestamp C. Stack ID D. Component Name E. Thread ID File Name Line Number CLI Examples The following are examples of the commands used in the Syslog feature.

  • Page 159: Example #1: Show Logging

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #1: show logging (Netgear Switch Routing) #show logging Logging Client Local Port CLI Command Logging Console Logging Console Logging Severity Filter : Buffered Logging Syslog Logging Log Messages Received Log Messages Dropped...

  • Page 160: Example #3: Show Logging Traplogs

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #3: show logging traplogs (Netgear Switch Routing) <cr> Press Enter to execute the command. (Netgear Switch Routing) Number of Traps Since Last Reset... Trap Log Capacity... Number of Traps Since Log Last Viewed...

  • Page 161: Example #5: Logging Port Configuration

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #5: logging port configuration (Netgear Switch Routing) (Netgear Switch Routing) (Config)#logging ? buffered Buffered (In-Memory) Logging Configuration. cli-command CLI Command Logging Configuration. console Console Logging Configuration. host Enter IP Address for Logging Host syslog Syslog Configuration.
  • Page 162 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 19-6 Syslog v1.0, May 2008...

  • Page 163: Managing Switch Stacks

    This chapter describes the concepts and recommended operating procedures to manage Netgear stackable managed switches running Release 4.x.x.x or newer. Netgear stackable managed switches include the following models: • FSM7328S • FSM7352S • FSM7352PS • GSM7328S • GSM7352S Note: The FSM family and GSM family cannot be stacked together at this point.

  • Page 164: Understanding Switch Stacks

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Understanding Switch Stacks A switch stack is a set of up to eight Ethernet switches connected through their stacking ports. One of the switches controls the operation of the stack and is called the stack master. The stack master and the other switches in the stack are stack members.

  • Page 165: Switch Stack Membership

    A standalone switch is a switch stack with one stack member that also operates as the stack master. You can connect one standalone switch to another to create a switch stack containing two stack members, with one of them being the stack master.

  • Page 166: Switch Stack Cabling (Fsm73Xxs)

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Switch Stack Cabling (FSM73xxS) Figure 20-1 Figure 20-2 illustrate how individual switches are interconnected to form a stack. You can use the regular Category 5 Ethernet 8 wire cable. Figure 20-1...

  • Page 167: Stack Master Election And Re-Election

    Stack Member Numbers A stack member number (1 to 8) identifies each member in the switch stack. The member number also determines the interface-level configuration that a stack member uses. You can display the stack member number by using the show switch user EXEC command.

  • Page 168: Stack Member Priority Values

    You can use the offline configuration feature to preconfigure (supply a configuration to) a new switch before it joins the switch stack. You can configure in advance the stack member number, the switch type, and the interfaces associated with a switch that is not currently part of the stack (see “Preconfiguration”...

  • Page 169: Effects Of Replacing A Preconfigured Switch In A Switch Stack

    Effects of Replacing a Preconfigured Switch in a Switch Stack When a preconfigured switch in a switch stack fails, is removed from the stack, and is replaced with another switch, the stack applies either the preconfiguration or the default configuration to it.

  • Page 170: Switch Stack Software Compatibility Recommendations

    If a stack member is running a software version that is not the same as the stack master, then the stack member is not allowed to join the stack. Use the show switch command to list the stack members and software versions. See “Code...

  • Page 171: Switch Stack Management Connectivity

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Switch Stack Management Connectivity You manage the switch stack and the stack member interfaces through the stack master. You can use the web interface, the CLI, and SNMP. You cannot manage stack members on an individual switch basis.
  • Page 172 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Table 20-2. Switch stack configuration scenarios (continued) Scenario Stack master election specifically determined by the MAC address • Assuming that both stack members have the same priority value and software image, restart both stack members at the same time.

  • Page 173: Stacking Recommendations

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Stacking Recommendations The purpose of this section is to collect notes on recommended procedures and expected behavior of stacked managed switches. Procedures addressed initially are listed below. • Initial installation and power-up of a stack.

  • Page 174: Initial Installation And Power-Up Of A Stack

    “Master” of a separate stack. 7. Monitor the master unit to see that the second unit joins the stack. Use the “show switch” command to determine when the unit joins the stack. It will be assigned a unit number (unit #2, if it has the default configuration).

  • Page 175: Adding A Unit To An Operating Stack

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Adding a Unit to an Operating Stack 1. Make sure the redundant stack connection is in place and functional. All stack members should be connected in a logical ring. 2. Preconfigure the new unit, if desired.

  • Page 176: Renumbering Stack Members

    30 seconds and 3 minutes depending on the stack size and configuration. The command is movemanagement <fromunit-id> <tounit-id> 2. Make sure that you can log in on the console attached to the new master. Use the show switch command to verify that all units rejoined the stack.

  • Page 177: Merging Two Operational Stacks

    4. After a unit type is preconfigured for a specific unit number, attaching a unit with different unit type for this unit number causes the switch to report an error. The show switch command indicates “config mismatch” for the new unit and the ports on that unit don’t come up. To resolve this situation the customer may change the unit number of the mismatched unit or delete the preconfigured unit type using the no member <unit-id>...

  • Page 178: Migration Of Configuration With A Firmware Upgrade

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 archive command (in stack configuration mode) may be issued to make another attempt to copy the software to the unit(s) that did not get updated. Errors during code propagation to stack members could be caused by stack cable movement or unit reconfiguration during the propagation phase.

  • Page 179: Code Mismatch

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Code Mismatch If a unit is added to a stack and it does not have the same version of code as that of the master, the following should happen: • “New” unit will boot up and become a “member” of the stack •...
  • Page 180 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 20-18 Managing Switch Stacks v1.0, May 2008...

  • Page 181: Pre-Login Banner

    This section describes the Pre-Login Banner feature. Overview Pre-Login Banner: • Allows you to create message screens when logging into the CLI Interface • By default, no Banner file exists • Can be uploaded or downloaded • File size cannot be larger than 2K The Pre-Login Banner feature is only for the CLI interface.
  • Page 182 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Transfer the file from the PC to the switch using TFTP (Netgear Switch Routing) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode... TFTP Set TFTP Server IP... 192.168.77.52 TFTP Path../ TFTP Filename... banner.txt Data Type...

  • Page 183: Igmp Querier

    However, the IGMP snooping operation usually requires an extra network device—normally a router—that can generate an IGMP membership query and solicit interested nodes to respond. With the build-in IGMP Querier feature inside the switch, such an external device is no longer needed.

  • Page 184: Example #1: Enable Igmp Querier

    CLI Examples Example #1: Enable IGMP Querier Use the following CLI commands to set up the switch to generate IGMP querier packet for a designated VLAN. The IGMP packet will be transmitted to every ports on the VLAN. The following example enables the querier for VLAN 1. See the CLI Manual for more details about other IGMP querier command options.

  • Page 185: Overview

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 This section describes the Domain Name System (DNS) feature. The DNS protocol maps a host name to an IP address, allowing you to replace the IP address with the host name for IP commands such as a ping and a traceroute, and for features such as RADIUS, DHCP Relay, SNTP, SNMP, TFTP, SYSLOG, and UDP Relay.

  • Page 186: Cli Commands

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 CLI Commands To use the CLI to specify two DNS servers, enter the following CLI commands: (Netgear Switch)#config (Netgear Switch) (Config)#ip name-server 12.7.210.170 219.141.140.10 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#exit (Netgear Switch)#ping www.netgear.com...

  • Page 187: Example 2#: Manually Add A Host Name And An Ip Address

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example 2#: Manually Add a Host Name and an IP Address The following example shows commands to add a static host name entry to the switch so that you can use this entry to resolve the IP address.
  • Page 188 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www.netgear.com. • In the IP Address field, enter 206.82.202.46. 3. Click Add. The host name and IP address now show in the DNS Host Configuration table.

  • Page 189: Dhcp Server

    The network in the DHCP pool must belong to the same subnet. Overview DHCP Server: • Allows the switch to dynamically assign an IP address to a DHCP client that is attached to the switch • Enables the IP address to be assigned based on the client’s MAC address Examples The following are examples of how the DHCP Server feature is used.

  • Page 190: Web Interface Procedure

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Web Interface Procedure To use the Web interface to create a DHCP server with a dynamic pool, proceed as follows: 1. From the main menu, select System > Services > DHCP Server > DHCP Server Configuration.
  • Page 191 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 4. From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 24-2 5. Under DHCP Pool Configuration, enter the following information: •...

  • Page 192: Example #2: Configure A Dhcp Server In Manual Mode

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Example #2: Configure a DHCP Server in Manual Mode The following example shows how to create a DHCP server with a manual pool. The example is shown as CLI commands and as a Web interface procedure.

  • Page 193: Web Interface Procedure

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Web Interface Procedure To use the Web interface to create a DHCP server with a manual pool, proceed as follows: 1. From the main menu, select System > Services > DHCP Server > DHCP Server Configuration.
  • Page 194 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 24-4 4. Under DHCP Pool Configuration, enter the following information: • Select Create from the Pool Name pulldown menu. • In the Pool Name field, enter pool_manual. • Select Manual from the Type of Binding pulldown menu.

  • Page 195: Protected Ports

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 This section describes how to set up protected ports on the switch. Some situations might require that traffic is prevented from being forwarded between any ports at Layer 2 so that one user cannot see the traffic of another user on the same switch.

  • Page 196: Cli Commands

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 25-1 The example is shown as CLI commands and as a Web interface procedure. CLI Commands To use the CLI to configure a protected port in order to isolate ports, enter the following CLI commands: Step 1: Create one VLAN 192 including PC1 and PC2.

  • Page 197: Web Interface Procedure

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Step 2: Create one VLAN 202 connected to the Internet. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 202 (Netgear Switch) (Vlan)#vlan routing 202 (Netgear Switch) (Vlan)#exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/48...
  • Page 198 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 a. From the main menu, select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. Figure 25-2 b. Under DHCP Pool Configuration, enter the following information: •...
  • Page 199 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 • In the Network Number field, enter 192.168.1.0. • In the Network Mask field, enter 255.255.255.0. • In the Days field, enter 1. • Click on Default Router Addresses. The DNS server address fields display. In the first router address field, enter 192.168.1.254.
  • Page 200 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 The U specifies that the egress packet is untagged for the port. d. Click Apply to save the VLAN that includes ports 23 and 24. 3. Configure a VLAN and include port 1/0/48 in the VLAN: a.
  • Page 201 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 0-1 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button.
  • Page 202 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 6. Configure port 23 and port 24 as protected ports: a. From the main menu, select Security > Traffic Control > Protected Port. A screen similar to the following displays. Figure 25-6 b.

  • Page 203: 802.1X Port Security

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 This section describes how to configure the 802.1x Port Security feature on a switch port. IEEE 802.1x authentication prevents unauthorized clients from connecting to a VLAN unless these clients are authorized by the server.

  • Page 204: Cli Commands

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 26-1 The example is shown as CLI commands and as a Web interface procedure. CLI Commands To use the CLI to enable 802.1x authentication on one port, and to allow only the user with the name “adam”...

  • Page 205: Web Interface Procedure

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Add a new listname named dot1xList. (Netgear Switch) (Config)#authentication login dot1xList Enable 802.1x on the switch. (Netgear Switch) (Config)#dot1x system-auth-control Permit the user adam to login. (Netgear Switch) (Config)#dot1x login adam dot1xList Permit 4 users to login simultaneously.
  • Page 206 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 100. • In the IP Address field, enter 192.168.100.1. • In the Network Mask field, enter 255.255.255.0.
  • Page 207 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 3. Add a new user account with the name “adam”: a. From the main menu, select Security > Management Security > User Configuration > User Management. A screen similar to the following displays.
  • Page 208 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 5. Enable port authentication: a. From the main menu, select Security > Port Authentication > Basic > 802.1x Configuration. A screen similar to the following displays. Figure 26-5 b. Under Mode, next to Administrative Mode, select the Enable radio button.
  • Page 209 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 b. Under Port Authentication, enter the following information: • In the Max Users field, enter 4. • Select Mac based from the Port Method pulldown menu. c. Click Apply to save the settings.
  • Page 210 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 26-8 802.1x Port Security v1.0, May 2008...

  • Page 211: Double Vlans

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 This section describes how to configure the Double VLAN (DVLAN) feature on the switch. A DVLAN is a way to pass traffic of customers who have multiple VLANs from one customer domain to another customer domain.

  • Page 212: Cli Commands

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Figure 27-1 The example is shown as CLI commands and as a Web interface procedure. CLI Commands To use the CLI to enable a double VLAN on a VLAN, enter the following CLI commands: Create a VLAN 200.

  • Page 213: Web Interface Procedure

    NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Select interface 1/0/48 as the provider port. (Netgear Switch) (Config)# (Netgear Switch) (Config)#interface 1/0/48 (Netgear Switch) (Interface 1/0/48)#mode dvlan-tunnel (Netgear Switch) (Interface 1/0/48)#exit Web Interface Procedure To use the Web Interface to enable a double VLAN on a VLAN, proceed as follows: 1.
  • Page 214 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 2. Add ports 24 and 48 to VLAN 200. a. From the main menu, select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. Figure 27-3 b.
  • Page 215 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 3. Change the Port VLAN ID (PVID) of port 24 to 200: a. From the main menu, select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays.
  • Page 216 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 4. Configure port 48 as the provider service port: a. From the main menu, select Switching > VLAN > Advanced > Port DVLAN Configuration. A screen similar to the following displays.
  • Page 217 17-4 show switch show telnet show users sntp client mode unicast sntp server v1.0, May 2008 Index 9-39...
  • Page 218 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 switch priority 20-6 switch renumber 20-14 traceroute 14-1 traffic-shape 10-7 transport output telnet 16-3 users passwd 2-11 configuration scripting 15-1 10-1 drop precedence configuration 10-3 per-interface basis 10-3 port egress queue configuration...
  • Page 219 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 protected ports 25-1 class 11-1 policy 11-1 service 11-2 refresh 7-1, 7-2, 7-7, 7-12 SNMP V3 user profile SNTP 18-1 static host name 23-1 switch FSM family of switches 20-1 GSM family of switches...
  • Page 220 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Index-4 v1.0, May 2008...

Table of Contents