1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Switch
  5. FSM7328S - ProSafe Switch
  6. Administration manual

NETGEAR ProSafe FSM7328S Administration Manual

Managed switch
Hide thumbs Also See for ProSafe FSM7328S:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Configuration Manual
NETGEAR 7000 Series
Managed Switch
Administration Guide
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Beta Draft2
March 2006

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR ProSafe FSM7328S

Summary of Contents for NETGEAR ProSafe FSM7328S

  • Page 1 NETGEAR 7000 Series Managed Switch Administration Guide NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Beta Draft2 March 2006...

  • Page 2: Statement Of Conditions

    In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.

  • Page 3: Declaration Of Conformity

    This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter." Declaration Of Conformity We NETGEAR, Inc., 4500 Great America Parkway, Santa Clara, CA 95054, declare under our sole responsibility that the model 7xxx Cardbus Card Wireless Adapter complies with Part 15 of FCC Rules. Operation is subject to the following two conditions: •...

  • Page 4: Canadian Department Of Communications Radio Interference Regulations

    Canadian Department of Communications Radio Interference Regulations This digital apparatus (7000 Series Managed Switch) does not exceed the Class B limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.

  • Page 5: Table Of Contents

    NETGEAR 7000 Series Managed Switch Administration Guide About This Book ... xi Chapter 1 Getting Started In-band and Out-of-band Connectivity ...1-1 Configuring for In-band Connectivity ...1-1 Using BootP or DHCP ...1-1 Using the EIA-232 Port ...1-2 Configuring for Out-Of-Band Connectivity ...1-3 Starting the Switch ...1-4...
  • Page 6 VLAN Routing Configuration ...5-5 CLI Examples ...5-5 Example 1: Create Two VLANs ...5-6 Example 2: Set Up VLAN Routing for the VLANs and the Switch..5-7 VLAN Routing RIP Configuration ...5-7 CLI Example ...5-9 VLAN Routing OSPF Configuration ... 5-11 CLI Example ...5-12...
  • Page 7 Example #1 Configuring an Inter-Area Router ...5-20 Example #2 - Configuring OSPF on a Border Router ...5-22 Proxy Address Resolution Protocol (ARP) ...5-24 Overview ...5-24 CLI Examples ...5-25 Example #1: show ip interface ...5-25 Example #2: ip proxy-arp ...5-25 Chapter 6 Virtual Router Redundancy Protocol CLI Examples ...6-2 Chapter 7...
  • Page 8 CLI Examples ...8-3 Example #1: show classofservice trust ...8-4 Example #2: set classofservice trust mode ...8-4 Example #3: show classofservice ip-precedence mapping ...8-5 Example #4: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode 8-5 Example #5: Set CoS Trust Mode of an Interface ...8-6 Traffic Shaping ...8-6 CLI Example ...8-6 Example #1 traffic-shape ...8-7...
  • Page 9 Example #1: script ...13-2 Example #2: script list and script delete ...13-2 Example #3: script apply running-config.scr ...13-2 Example #4: Creating a Configuration Script ...13-3 Example #5: Upload a Configuration Script ...13-3 Chapter 14 Outbound Telnet Overview ...14-1 CLI Examples ...14-1 Example #1: show network ...14-2 Example #2: show telnet ...14-2 Example #3: transport output telnet ...14-3...
  • Page 10 Chapter 18 Syslog Overview ...18-1 Persistent Log Files ...18-1 Interpreting Log Files ...18-2 CLI Examples ...18-2 Example #1: show logging ...18-3 Example #2: show logging buffered ...18-3 Example #3: show logging traplogs ...18-4 Example 4: show logging hosts ...18-4 Example #5: logging port configuration ...18-5 v1.0, March 2006...

  • Page 11: About This Book

    Switch, and includes information on configuring those functions using the Command Line Interface and Web Interface. The switch software can operate as a Layer 2 switch, a Layer 3 router or a combination switch/ router. The switch also includes support for network management and Quality of Service functions such as Access Control Lists and Differentiated Services.
  • Page 12 • Level 1 and Level 2 Support provider To obtain the greatest benefit from this guide, you should have an understanding of the switch software base and should have read the specification for your networking device platform. You should also have a basic knowledge of Ethernet and networking concepts.
  • Page 13 Refer to the Command Line Reference for information for the command structure Related Documentation Before proceeding, read the Release Notes for this switch product. The Release Notes detail the platform specific functionality of the Switching, Routing, SNMP, Config, Management, and other packages.
  • Page 14 NETGEAR 7000 Series Managed Switch Administration Guide v1.0, March 2006...

  • Page 15: Getting Started

    BootP or DHCP. Check with your system administrator to determine whether BootP or DHCP is enabled. You need to configure the BootP or DHCP server with information about the switch —obtain this information through the serial port connection using the...

  • Page 16: Using The Eia-232 Port

    MAC Address MAC address of the switch When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for in-band connectivity over the network.

  • Page 17: Configuring For Out-Of-Band Connectivity

    IP address of the default router, if the switch is a node outside the IP range of the LAN. 6. To enable these changes to be retained during a reset of the switch, type Ctrl-Z to return to the main prompt, type save config at the main menu prompt, and type y to confirm the changes.

  • Page 18: Starting The Switch

    3. Connect the female connector of the RS-232 crossover cable directly to the switch console port, and tighten the captive retaining screws. Starting the Switch 1. Make sure that the switch console port is connected to a VT100 terminal or VT100 terminal emulator via the RS-232 crossover cable. 2. Locate an AC power receptacle.

  • Page 19: Initial Configuration Procedure

    The switch is not configured with a default user name and password. All of the settings below are necessary to allow the remote management of the switch through Telnet (Telnet client) or HTTP (Web browser).

  • Page 20: Software Installation

    NETGEAR 7000 Series Managed Switch Administration Guide Software Installation This section contains procedures to help you become acquainted quickly with the switch software. Before installing switch software, you should verify that the switch operates with the most recent firmware. Quick Starting the Networking Device 1.
  • Page 21 Global Config users passwd <username> Getting Started NETGEAR 7000 Series Managed Switch Administration Guide Description Shows hardware version, MAC address, and software version information. Displays all of the users that are allowed to access the network- ing device.
  • Page 22 NETGEAR 7000 Series Managed Switch Administration Guide Table 1-1. Quick Start Commands Command Mode Privileged copy system:run- ning-config EXEC nvram:startup- config User EXEC logout Privileged EXEC User EXEC show network Privileged network parms <ipaddr> <net- EXEC mask> [gateway] Privileged copy nvram:star-...
  • Page 23 EXEC <filepath>/<file- name>> nvram:startup- config Getting Started NETGEAR 7000 Series Managed Switch Administration Guide Description Starts the error log upload, displays the mode and type of upload and confirms the upload is progressing. The URL must be specified as: xmodem:<filepath>/<filename>...
  • Page 24 NETGEAR 7000 Series Managed Switch Administration Guide Table 1-1. Quick Start Commands Command Mode Privileged copy <tftp:// <ipaddress>/ EXEC <filepath>/<file- name>> sys- tem:image Privileged clear config EXEC Privileged copy system:run- ning-config EXEC nvram:startup- config (or cold boot Privileged reload the networking device)

  • Page 25: Using The Web Interface

    For example, when you log in, there is a Main Menu with the same functions available. You can manage your switch through a Web browser and Internet connection. This is referred to as Web-based management. To use Web-based management, the system must be set up for in-band connectivity.

  • Page 26: Starting The Web Interface

    Starting the Web Interface Follow these steps to start the switch Web interface: 1. Enter the IP address of the switch in the Web browser address field. 2. When the Login panel is displayed click Login. 3. .Enter the appropriate User Name and Password. The User Name and associated Password are the same as those used for the terminal interface.

  • Page 27: Command Buttons

    Then, enter in the Encryption Key field an encryption code of eight or more alphanumeric characters. 9. Click Submit. Command Buttons The following command buttons are used throughout the Web interface panels for the switch: Save Refresh Submit...
  • Page 28 NETGEAR 7000 Series Managed Switch Administration Guide Using the Web Interface v1.0, March 2006...

  • Page 29: Virtual Lans

    A VLAN is a set of end stations and the switch ports that connect them. You may have many reasons for the logical division, such as department or project membership. The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN.

  • Page 30: Vlan Configuration Example

    NETGEAR 7000 Series Managed Switch Administration Guide VLAN Configuration Example The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. port 1/2/2 handles traffic for both VLANs, while port 1/2/1 is a member of VLAN 2 only, and ports 1/2/3 and 1/2/4 are members of VLAN 3 only.

  • Page 31: Example #2: Assign Ports To Vlan2

    0(Netgear Switch) #config (Netgear Switch) (Config)#interface 0/1 (Netgear Switch) (Interface 1/2/1)#vlan participation include 2 (Netgear Switch) (Interface 1/2/1)#vlan acceptframe vlanonly (Netgear Switch) (Interface 1/2/1)#exit (Netgear Switch) (Config)#interface 1/2/2...

  • Page 32: Example #4: Assign Vlan3 As The Default Vlan

    Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt, and whether frames will be transmitted tagged or untagged. Private Edge VLANs Use the Private Edge VLAN feature to prevent ports on the switch from forwarding traffic to each other even if they are on the same VLAN. •...

  • Page 33: Cli Example

    NETGEAR 7000 Series Managed Switch Administration Guide CLI Example (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/2/1 (Netgear Switch) (Interface 1/2/1)#switchport protected ? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 1/2/1)#switchport protected (Netgear Switch) #show switchport protected 1/2/1 Virtual LANs v1.0, March 2006...
  • Page 34 NETGEAR 7000 Series Managed Switch Administration Guide Virtual LANs v1.0, March 2006...

  • Page 35: Chapter 4 Link Aggregation

    Management functions treat a LAG as if it were a single physical port. You can include a LAG in a VLAN. You can configure more than one LAG for a given switch. CLI Example This section provides an example of configuring the software to support Link Aggregation (LAG) to a server and to a Layer 3 switch.
  • Page 36 NETGEAR 7000 Series Managed Switch Administration Guide Figure 4-1 shows the example network. Figure 4-1 Link Aggregation v1.0, March 2006...

  • Page 37: Example 1: Create Two Lags

    Log. Channel Intf Name Link ------ --------------- ------ ---- ---- ------ ------- ------ --------- ------ 1/1/1 lag_10 1/1/2 lag_20 Link Aggregation NETGEAR 7000 Series Managed Switch Administration Guide Link Adm. Trap Mode Mode Mode Type Down Dis. Dynamic Down Dis.

  • Page 38: Example 2: Add The Ports To The Lags

    NETGEAR 7000 Series Managed Switch Administration Guide Example 2: Add the ports to the LAGs: (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear Switch) (Interface 0/2)#exit (Netgear Switch) (Config)#interface 0/3 (Netgear Switch) (Interface 0/3)#addport 1/1...

  • Page 39: Ip Routing Services

    The router’s IP address is often statically configured in the end station, although the 7000 Series Managed Switch supports protocols such as DHCP that allow the address to be assigned dynamically. Likewise, you may assign some of the entries in the routing tables used by the router statically, but protocols such as RIP and OSPF allow the tables to be created and updated dynamically as the network configuration changes.

  • Page 40: Port Routing Configuration

    The 7000 Series Managed Switch always supports Layer 2 bridging, but Layer 3 routing must be explicitly enabled, first for the 7000 Series Managed Switch as a whole, and then for each port which is to participate in the routed network.

  • Page 41: Cli Examples

    This diagram shows a Layer 3 switch configured for port routing. It connects three different subnets, each connected to a different port. The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the port routing support shown in the diagram. Figure 5-1 Example 1.

  • Page 42: Example 2. Enabling Routing For Ports On The Switch

    NETGEAR 7000 Series Managed Switch Administration Guide Example 2. Enabling Routing for Ports on the Switch Use the following commands to enable routing for ports on the switch. The default link-level encapsulation format is Ethernet. Configure the IP addresses and subnet masks for the ports.

  • Page 43: Vlan Routing Configuration

    VLAN’s interface ID so that you can use it in the router configuration commands. CLI Examples The diagram in this section shows a Layer 3 switch configured for port routing. It connects two VLANs, with two ports participating in one VLAN, and one port in the other. The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the VLAN routing support shown in the diagram.

  • Page 44: Example 1: Create Two Vlans

    NETGEAR 7000 Series Managed Switch Administration Guide Example 1: Create Two VLANs The following code sequence shows an example of creating two VLANs with egress frame tagging enabled. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20...

  • Page 45: Example 2: Set Up Vlan Routing For The Vlans And The Switch

    Example 2: Set Up VLAN Routing for the VLANs and the Switch. The following code sequence shows how to enable routing for the VLANs: (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan routing 10 (Netgear Switch) (Vlan)#vlan routing 20 (Netgear Switch) (Vlan)#exit...
  • Page 46 The routing table is sent to a multicast address, reducing network traffic – An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP. You may configure a given port: • To receive packets in either or both formats •...

  • Page 47: Cli Example

    NETGEAR 7000 Series Managed Switch Administration Guide CLI Example This example adds support for RIPv2 to the configuration created in the base VLAN routing example. A second router, using port routing rather than VLAN routing, has been added to the network.
  • Page 48 NETGEAR 7000 Series Managed Switch Administration Guide Example of configuring VLAN Routing with RIP support on a 7000 Series Managed Switch Create the VLANs and enable VLAN routing. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)# vlan 10 (Netgear Switch) (Vlan)#vlan 20...

  • Page 49: Vlan Routing Ospf Configuration

    (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/3/1 (Netgear Switch) (Interface 1/3/1)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface 1/3/1)#exit (Netgear Switch) (Config)#interface 1/3/2 (Netgear Switch) (Interface 1/3/2)#ip address 192.150.4.1 255.255.255.0 (Netgear Switch) (Interface 1/3/2)#exit Enable RIP for the switch. The route preference will default to 15.

  • Page 50: Cli Example

    An inter-area router communicates with border routers in each of the areas to which it provides connectivity. The 7000 Series Managed Switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route. The order for choosing a route if more than one type of route exists is as follows: –...
  • Page 51 NETGEAR 7000 Series Managed Switch Administration Guide Example of configuring OSPF on a 7000 Series Managed Switch acting as an inter-area router: Create the VLANs and enable VLAN routing. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20...

  • Page 52: Routing Information Protocol

    (Netgear Switch) (Interface 1/3/1)#ip ospf (Netgear Switch) (Interface 1/3/1)#exit (Netgear Switch) (Config)#interface 1/3/2 (Netgear Switch) (Interface 1/3/2)# ip ospf areaid 0.0.0.3 (Netgear Switch) (Interface 1/3/2)#ip ospf (Netgear Switch) (Interface 1/3/2)#exit Set the OSPF priority and cost for the VLAN and physical router ports.

  • Page 53: Rip Configuration

    The routing table is sent to a multicast address, reducing network traffic – An authentication method is used for security The 7000 Series Managed Switch supports both versions of RIP. You may configure a given port: • To receive packets in either or both formats •...

  • Page 54: Cli Example

    NETGEAR 7000 Series Managed Switch Administration Guide CLI Example The configuration commands used in the following example enable RIP on ports 1/2/2 and 1/2/3 as shown in the network illustrated in Figure 5-4 Example #1: Enable Routing for the Switch:...

  • Page 55: Example #2: Enable Routing For Ports

    (Netgear Switch) (Interface 1/2/3)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface 1/2/3)#exit (Netgear Switch) (Config)#exit Example #3. Enable RIP for the Switch The next sequence enables RIP for the switch. the route preference defaults to 15. (Netgear Switch) #config (Netgear Switch) (Config)#router rip (Netgear Switch) (Config router)#enable...

  • Page 56: Example #4. Enable Rip For Ports 1/2/2 And 1/2/3

    An inter-area router communicates with border routers in each of the areas to which it provides connectivity. The 7000 Series Managed Switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route. The order for choosing a route if...

  • Page 57: Cli Examples

    External Type 2: the route was learned from other protocols such as RIP CLI Examples The examples in this section show you how to configure a 7000 Series Managed Switch first as an inter-area router and then as a border router. They show two areas, each with its own border router connected to one inter-area router.

  • Page 58: Example #1 Configuring An Inter-Area Router

    NETGEAR 7000 Series Managed Switch Administration Guide Example #1 Configuring an Inter-Area Router Figure 5-5 Enable Routing for the Switch. The following command sequence enables ip routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Assign IP Addresses for Ports.
  • Page 59 Specify Router ID and Enable OSPF for the Switch. The following sequence specifies the router ID and enables OSPF for the switch. Set disable1583 compatibility to prevent the routing loop. (Netgear Switch) #config (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#router-id 192.150.9.9...

  • Page 60: Example #2 - Configuring Ospf On A Border Router

    NETGEAR 7000 Series Managed Switch Administration Guide Example #2 - Configuring OSPF on a Border Router Figure 5-6 5-22 IP Routing Services v1.0, March 2006...
  • Page 61 The following example configures OSPF on a 7000 Series Managed Switch operating as a border router: Enable routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Enable routing & assign IP for ports 1/2/2, 1/2/3 and 1/2/4. (Netgear Switch) (Config)#interface 1/2/2 (Netgear Switch) (Interface 1/2/2)#routing (Netgear Switch) (Interface 1/2/2)#ip address 192.150.2.2 255.255.255.0...

  • Page 62: Proxy Address Resolution Protocol (Arp)

    NETGEAR 7000 Series Managed Switch Administration Guide Enable OSPF for the ports and set the OSPF priority and cost for the ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/2/2 (Netgear Switch) (Interface 1/2/2)#ip ospf (Netgear Switch) (Interface 1/2/2)#ip ospf areaid 0.0.0.2...

  • Page 63: Cli Examples

    (Netgear Switch) (Interface 0/24)#ip proxy-arp ? <cr> (Netgear Switch) (Interface 0/24)#ip proxy-arp IP Routing Services NETGEAR 7000 Series Managed Switch Administration Guide Enter an interface in slot/port format. Display summary information about IP configuration settings for all ports. Press Enter to execute the command.
  • Page 64 NETGEAR 7000 Series Managed Switch Administration Guide 5-26 IP Routing Services v1.0, March 2006...

  • Page 65: Virtual Router Redundancy Protocol

    A given port may appear as more than one virtual router to the network, also, more than one port on a 7000 Series Managed Switch may be configured as a virtual router. Either a physical port or a routed VLAN may participate.

  • Page 66: Cli Examples

    NETGEAR 7000 Series Managed Switch Administration Guide CLI Examples This example shows how to configure the 7000 Series Managed Switch to support VRRP. Router 1 will be the default master router for the virtual route, and Router 2 will be the backup router.
  • Page 67 The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the master router: Enable routing for the switch. IP forwarding will then be enabled by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Configure the IP addresses and subnet masks for the port that will particpate in the protocol.
  • Page 68 NETGEAR 7000 Series Managed Switch Administration Guide The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the backup router: Enable routing for the switch. IP forwarding will then be enabled by default. (Netgear Switch) #config...

  • Page 69: Access Control Lists (Acls)

    This section describes the Access Control Lists (ACLs) feature. Overview Access Control Lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a firewall router or in a router connecting two internal networks. When you configure ACLs, you can selectively admit or reject inbound traffic, thereby controlling access to your network or to specific resources on your network.

  • Page 70: Configuring Ip Acls

    NETGEAR 7000 Series Managed Switch Administration Guide • Destination MAC address with mask • VLAN ID (or range of IDs) • Class of Service (CoS) (802.1p) • Ethertype • L2 ACLs can apply to one or more interfaces • Multiple access lists can be applied to a single interface - sequence number determines the order of execution •...

  • Page 71: Process

    TCP traffic and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will only be accepted by the 7000 Series Managed Switch if the source and destination stations have IP addresses that fall within the defined sets.

  • Page 72: Mac Acl Cli Examples

    NETGEAR 7000 Series Managed Switch Administration Guide The following is an example of configuring ACL support on a 7000 Series Managed Switch: Create ACL 101. Define the first rule: it will permit packets with a match on the specified Source IP address, after the mask has been applied, that are carrying TCP traffic, and are sent to the specified Destination IP address.

  • Page 73: Example #1: Mac Access List

    <name> Enter access-list name up to 31 characters in length. rename Rename MAC Access Control List. (Netgear Switch) (Config)#mac access-list extended b1 ? <cr> Press Enter to execute the command. (Netgear Switch) (Config)#mac access-list extended b1 Access Control Lists (ACLs) NETGEAR 7000 Series Managed Switch Administration Guide v1.0, March 2006...

  • Page 74: Example #2: Permit Any

    NETGEAR 7000 Series Managed Switch Administration Guide Example #2: permit any (Netgear Switch) (Config-mac access-list)#permit ? <srcmac> Enter a MAC address. Configure a match condition for all the destination MAC addresses in the Destination MAC Address field. (Netgear Switch) (Config-mac access-list)#permit any ? <dstmac>...

  • Page 75: Example #3 Configure Mac Access-Group

    <name> Enter name of MAC Access Control List. (Netgear Switch) (Interface 1/2/5)#mac access-group b1 ? Enter the direction <in>. (Netgear Switch) (Interface 1/2/5)#mac access-group b1 in ? <cr> Press Enter to execute the command. <1-4294967295> Enter the sequence number (greater than 0) to rank precedence for this interface and direction.

  • Page 76: Example #4 Permit

    NETGEAR 7000 Series Managed Switch Administration Guide Example #4 permit (Netgear Switch) (Config)#mac access-list extended b2 (Netgear Switch) (Config-mac-access-list)#permit 00:00:00:00:00:00 ? <dstmac> Enter a MAC Address. Configure a a match condition for all the destination MAC addresses in the Destination MAC Address field.

  • Page 77: Example #5: Show Mac Access-Lists

    Press Enter to execute the command. (Netgear Switch) #show mac access-lists b1 Rule Number: 1 Action... Match All... Access Control Lists (ACLs) NETGEAR 7000 Series Managed Switch Administration Guide Maximum number of all ACLs: 100 Interface(s) Direction ------------ --------- 1/2/5...
  • Page 78 NETGEAR 7000 Series Managed Switch Administration Guide 7-10 Access Control Lists (ACLs) v1.0, March 2006...

  • Page 79: Class Of Service (Cos) Queuing

    This section describes the Class of Service (CoS) Queue Mapping and Traffic Shaping features. Overview Each port has one or more queues for packet transmission. During configuration, you can determine the mapping and configuration of these queues. Based on service rate and other criteria you configure, queues provide preference to specified packets.

  • Page 80: Untrusted Ports

    NETGEAR 7000 Series Managed Switch Administration Guide – IP Precedence – IP DiffServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header. You configure this by mapping the 802.1p priorities to one of three traffic class queues. These queues are: •...

  • Page 81: Drop Precedence Configuration (Per Queue)

    WRED Decay Exponent • Traffic Shaping – For an entire interface CLI Examples The following are examples of the commands used in the CoS Queuing feature. Class of Service (CoS) Queuing NETGEAR 7000 Series Managed Switch Administration Guide v1.0, March 2006...

  • Page 82: Example #1: Show Classofservice Trust

    NETGEAR 7000 Series Managed Switch Administration Guide Example #1: show classofservice trust (Netgear Switch) #show classofservice trust ? <cr> Press Enter to execute the command. (Netgear Switch) #show classofservice trust Class of Service Trust Mode: Dot1P Example #2: set classofservice trust mode...

  • Page 83: Example #3: Show Classofservice Ip-Precedence Mapping

    (Netgear Switch) (Config)#cos-queue min-bandwidth ? <bw-0> (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict ? <queue-id> (Netgear Switch) (Config)#cos-queue strict 1 ? <cr>...

  • Page 84: Example #5: Set Cos Trust Mode Of An Interface

    NETGEAR 7000 Series Managed Switch Administration Guide Example #5: Set CoS Trust Mode of an Interface (Netgear Switch) (Config)#classofservice trust ? dot1p ip-dscp (Netgear Switch) (Config)#classofservice trust dot1p ? <cr> (Netgear Switch) (Config)#classofservice trust dot1p Note: The Traffic Class value range is <0-6> instead of <0-7> because queue 7 is reserved in a stacking build for stack control, and is therefore not configurable by the user.

  • Page 85: Example #1 Traffic-Shape

    <cr> (Netgear Switch) (Config)#traffic-shape 70 (Netgear Switch) (Config)# Class of Service (CoS) Queuing NETGEAR 7000 Series Managed Switch Administration Guide Enter the shaping bandwidth percentage from 0 to 100 in increments of 5. Press Enter to execute the command. v1.0, March 2006...
  • Page 86 NETGEAR 7000 Series Managed Switch Administration Guide Class of Service (CoS) Queuing v1.0, March 2006...

  • Page 87: Differentiated Services

    7000 Series Managed Switch to identify which traffic class a packet belongs to, and how it should be handled to provide the desired quality of service. As implemented on the 7000 Series Managed Switch, DiffServ allows you to control what traffic is accepted and what traffic is discarded.

  • Page 88: Cli Example

    NETGEAR 7000 Series Managed Switch Administration Guide – Marking the packet with a given DSCP code point, IP precedence, or CoS – Policing packets by dropping or re-marking those that exceed the class’s assigned data rate – Counting the traffic within the class •...
  • Page 89 Define the match criteria -- Source IP address -- for the new classes. (Netgear Switch) (Config)#class-map match-all finance_dept (Netgear Switch) (Config class-map)#match srcip 172.16.10.0 255.255.255.0 (Netgear Switch) (Config class-map)#exit (Netgear Switch) (Config)#class-map match-all marketing_dept (Netgear Switch) (Config class-map)#match srcip 172.16.20.0 255.255.255.0...

  • Page 90: Diffserv For Voip Configuration Example

    1/2/5 based on a normal destination address lookup for internet traffic. (Netgear Switch) (Config)#interface 1/2/5 (Netgear Switch) (Interface 1/2/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/2/5)#exit (Netgear Switch) (Config)#exit DiffServ for VoIP Configuration Example One of the most valuable uses of DiffServ is to support Voice over IP (VoIP).
  • Page 91 NETGEAR 7000 Series Managed Switch Administration Guide a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side. The configuration script is for Router 1 in the accompanying diagram: a similar script should be applied to Router 2.
  • Page 92 NETGEAR 7000 Series Managed Switch Administration Guide The following example configures DiffServ VoIP support: Enter Global Config mode. Set queue 5 on all ports to use strict priority mode. Activate DiffServ for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#cos-queue strict 5...

  • Page 93: Igmp Snooping

    • Snooping can be enabled per VLAN CLI Examples The following are examples of the commands used in the IGMP Snooping feature. Example #1: show igmpsnooping (Netgear Switch) #show igmpsnooping? <cr> Press Enter to execute the command. <slot/port> Enter interface in slot/port format.

  • Page 94: Example #2: Show Mac-Address-Table Igmpsnooping

    NETGEAR 7000 Series Managed Switch Administration Guide Example #2: show mac-address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? <cr> (Netgear Switch) #show mac-address-table igmpsnooping ----------------------- 00:01:01:00:5E:00:01:16 00:01:01:00:5E:00:01:18 00:01:01:00:5E:37:96:D0 00:01:01:00:5E:7F:FF:FA 00:01:01:00:5E:7F:FF:FE 10-2 Press Enter to execute the command. Type Description -------...

  • Page 95: Port Security

    This section describes the Port Security feature. Overview Port Security: • Allows for limiting the number of MAC addresses on a given port • Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted •...

  • Page 96: Operation

    NETGEAR 7000 Series Managed Switch Administration Guide Operation Port Security: • Helps secure network by preventing unknown devices from forwarding packets • When link goes down, all dynamically locked addresses are ‘freed’ • If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets with a MAC address matching the MAC address in the static list •...

  • Page 97: Cli Examples

    1/2/10 Disabled Example #3: (Config) port security (Netgear Switch) (Config) #port-security ? <cr> Press Enter to execute the command. (Netgear Switch) (Config) #port-security Port Security NETGEAR 7000 Series Managed Switch Administration Guide Static Violation Limit Trap Mode ------ --------- Disabled v1.0, March 2006...
  • Page 98 NETGEAR 7000 Series Managed Switch Administration Guide 11-4 Port Security v1.0, March 2006...

  • Page 99: Traceroute

    This section describes the Traceroute feature. Use Traceroute to discover the routes that packets take when traveling on a hop-by-hop basis to their destination through the network. • Maps network routes by sending packets with small Time-to-Live (TTL) values and watches the ICMP time-out announcements •...

  • Page 100: Cli Example

    NETGEAR 7000 Series Managed Switch Administration Guide CLI Example The following shows an example of using the traceroute command to determine how many hops there are to the destination. The command output shows each IP address the packet passes through and how long it takes to get there.

  • Page 101: Configuration Scripting

    This section describes the Configuration Scripting feature. Overview Configuration Scripting: • Allows you to generate text-formatted files • Provides scripts that can be uploaded and downloaded to the system • Provides flexibility to create command configuration scripts • May be applied to several switches •...

  • Page 102: Example #1: Script

    NETGEAR 7000 Series Managed Switch Administration Guide Example #1: script (Netgear Switch) #script ? apply Applies configuration script to the switch. delete Deletes a configuration script file from the switch. list Lists all configuration script files present on the switch.

  • Page 103: Example #4: Creating A Configuration Script

    Set TFTP Server IP... TFTP Path... TFTP Filename... Data Type... Source Filename... Are you sure you want to start? (y/n) y File transfer operation completed successfully. Configuration Scripting NETGEAR 7000 Series Managed Switch Administration Guide #script list Size(Bytes) ---------- 3201 TFTP 192.168.77.52 running-config.scr Config Script running-config.scr...
  • Page 104 NETGEAR 7000 Series Managed Switch Administration Guide 13-4 Configuration Scripting v1.0, March 2006...

  • Page 105: Outbound Telnet

    This section describes the Outbound Telnet feature. Overview Outbound Telnet: • Establishes an outbound telnet connection between a device and a remote host • A telnet connection is initiated, each side of the connection is assumed to originate and terminate at a “Network Virtual Terminal” (NVT) •...

  • Page 106: Example #1: Show Network

    NETGEAR 7000 Series Managed Switch Administration Guide Example #1: show network (Netgear Switch Routing) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch Routing) User:admin Password: (Netgear Switch Routing) Password: (Netgear Switch Routing) IP Address... 192.168.77.151 Subnet Mask... 255.255.255.0 Default Gateway... 192.168.77.127 Burned In MAC Address... 00:10:18.82.04:E9 Locally Administered MAC Address...

  • Page 107: Example #3: Transport Output Telnet

    (Netgear Switch Routing) (Line)#transport ? input output (Netgear Switch Routing) (Line)#transport output ? telnet (Netgear Switch Routing) (Line)#transport output telnet ? <cr> (Netgear Switch Routing) (Line)#transport output telnet (Netgear Switch Routing) (Line)# Example #4: session-limit and session-timeout (Netgear Switch Routing) (Line)#session-limit ? <0-5>...
  • Page 108 NETGEAR 7000 Series Managed Switch Administration Guide 14-4 Outbound Telnet v1.0, March 2006...

  • Page 109: Chapter 15 Port Mirroring

    • Assigns a specific port to copy all packets to • Allows inbound or outbound packets to switch to their destination and to be copied to the mirrored port CLI Examples The following are examples of the commands used in the Port Mirroring feature.

  • Page 110: Example #1: Show Monitor Session

    NETGEAR 7000 Series Managed Switch Administration Guide Example #1: show monitor session (Netgear Switch Routing) #show monitor session 1 Session ID Admin Mode ---------- ---------- Enable Note: Monitor session ID “1” - “1” is a hardware limitation. Example #2: show port all...

  • Page 111: Example #4: (Config) Monitor Session 1 Mode

    Configure the source interface. (Netgear Switch Routing)(Config)#monitor session 1 mode? <cr> Press Enter to execute the command. (Netgear Switch Routing)(Config)#monitor session 1 mode Port Mirroring NETGEAR 7000 Series Managed Switch Administration Guide Physical Physical Mode Status Auto Physical Physical...

  • Page 112: Example #5: (Config) Monitor Session 1 Source Interface

    (Netgear Switch Routing)(Config)#monitor session 1 source? interface Configure interface. (Netgear Switch Routing)(Config)#monitor session 1 source interface? <slot/port> Enter the interface. (Netgear Switch Routing)(Config)#monitor session 1 source interface 0/7 (Netgear Switch Routing)(Config)#monitor session 1 destination? interface Configure interface. (Netgear Switch Routing)(Config)#monitor session 1 destination interface? <slot/port>...

  • Page 113: Simple Network Time Protocol (Sntp)

    SNTP client implemented over UDP which listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature. Example #1: show sntp (Netgear Switch Routing) #show sntp ? <cr> Press Enter to execute the command. client Display SNTP Client Information.

  • Page 114: Example #2: Show Sntp Client

    Failed Unicast Requests: Example #4: Configure SNTP Netgear switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
  • Page 115 Last Attempt Time: Mar 26 03:36:09 2006 Last Update Status: Success Total Unicast Requests: 2 Failed Unicast Requests: 0 Simple Network Time Protocol (SNTP) NETGEAR 7000 Series Managed Switch Administration Guide 208.14.208.19 ipv4 NTP Srv: 208.14.208.3 Server v1.0, March 2006...
  • Page 116 NETGEAR 7000 Series Managed Switch Administration Guide 16-4 Simple Network Time Protocol (SNTP) v1.0, March 2006...

  • Page 117: Pre-Login Banner

    This section describes the Pre-Login Banner feature. Overview Pre-Login Banner: • Allows you to create message screens when logging into the CLI Interface • By default, no Banner file exists • Can be uploaded or downloaded • File size cannot be larger than 2K The Pre-Login Banner feature is only for the CLI interface.
  • Page 118 NETGEAR 7000 Series Managed Switch Administration Guide 2. Transfer the file from the PC to the switch using TFTP (Netgear Switch Routing) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode... TFTP Set TFTP Server IP... 192.168.77.52 TFTP Path../ TFTP Filename... banner.txt Data Type... Cli Banner...

  • Page 119: Syslog

    Syslog: • Allows you to store system messages and/or errors • Can store to local files on the switch or a remote server running a syslog daemon • Method of collecting message logs from many systems Persistent Log Files •...

  • Page 120: Interpreting Log Files

    NETGEAR 7000 Series Managed Switch Administration Guide Interpreting Log Files <130> 00:00:06 0.0.0.0-1 A. Priority B. Timestamp C. Stack ID D. Component Name E. Thread ID File Name Line Number CLI Examples The following are examples of the commands used in the Syslog feature.

  • Page 121: Example #1: Show Logging

    Log Messages Received Log Messages Dropped Log Messages Relayed Log Messages Ignored Example #2: show logging buffered (Netgear Switch Routing) #show logging buffered ? <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging buffered Buffered (In-Memory) Logging...

  • Page 122: Example #3: Show Logging Traplogs

    NETGEAR 7000 Series Managed Switch Administration Guide Example #3: show logging traplogs (Netgear Switch Routing) <cr> Press Enter to execute the command. (Netgear Switch Routing) Number of Traps Since Last Reset... Trap Log Capacity... Number of Traps Since Log Last Viewed...

  • Page 123: Example #5: Logging Port Configuration

    Press Enter to execute the command. <severitylevel> Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1 ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Config)#logging host 192.168.21.253 4 1...
  • Page 124 NETGEAR 7000 Series Managed Switch Administration Guide 18-6 Syslog v1.0, March 2006...

This manual is also suitable for:

Prosafe fsm7352psProsafe fsm7352s7000 series

Table of Contents