Layer 2 managed switch software version 4 (282 pages)
Summary of Contents for NETGEAR GSM7248NA
Page 1
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10238-01 Jan 2007...
Page 2
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Tested to Comply with FCC Standards FOR HOME OR OFFICE USE Modifications made to the product, unless expressly approved by NETGEAR, Inc., could void the user's right to operate the equipment. Canadian Department of Communications Radio Interference Regulations This digital apparatus (7000 Series Managed Switch) does not exceed the Class A limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.
Page 4
Product and Publication Details Model Number: 7xxx Publication Date: Jan 2007 Product Family: Managed Switch Product Name: 7000 Series Managed Switch Home or Business Product: Business Language: English Publication Part Number: 202-10238-01 Publication Version Number: v1.0, Jan 2007...
Contents NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 About This Manual ....................... xiii Chapter 1 Introduction Document Organization ....................1-1 Audience .........................1-2 CLI Documentation ......................1-3 Related Documentation ....................1-3 Chapter 2 Getting Started In-band and Out-of-band Connectivity ................2-5 Configuring for In-band Connectivity ................2-5 Using BootP or DHCP ..................2-5...
Page 6
Chapter 4 Using the Web Interface Configuring for Web Access ...................4-1 Starting the Web Interface ....................4-2 Web Page Layout .....................4-2 Configuring an SNMP V3 User Profile ..............4-2 Command Buttons ....................4-3 Chapter 5 Virtual LANs VLAN Configuration Example ..................5-2 CLI Examples .........................5-2 Example #1: Create Two VLANs ................5-2 Example #2: Assign Ports to VLAN2 ................5-3 Example #3: Assign Ports to VLAN3 ................5-3...
Page 7
VLAN Routing OSPF Configuration ...............7-10 CLI Example ....................7-10 Routing Information Protocol ..................7-12 RIP Configuration ....................7-12 CLI Example ......................7-13 Example #1: Enable Routing for the Switch: ...........7-13 Example #2: Enable Routing for Ports .............7-14 Example #3. Enable RIP for the Switch ............7-14 Example #4.
Page 8
Example #5: show mac access-lists ................9-9 Chapter 10 Class of Service (CoS) Queuing Overview ........................10-1 CoS Queue Mapping ....................10-1 Trusted Ports ......................10-1 Untrusted Ports ......................10-2 CoS Queue Configuration ....................10-2 Port Egress Queue Configuration ................10-2 Drop Precedence Configuration (per Queue) ............10-3 Per Interface Basis ....................10-3 CLI Examples .......................10-3 Example #1: show classofservice trust ..............10-4...
Page 9
CLI Examples .......................13-3 Example #1: show port security ................13-3 Example #2: show port security on a specific interface .........13-3 Example #3: (Config) port security .................13-3 Chapter 14 Traceroute CLI Example .........................14-2 Chapter 15 Configuration Scripting Overview ........................15-1 Considerations ......................15-1 CLI Examples .......................15-1 Example #1: script ....................15-2 Example #2: script list and script delete ..............15-2 Example #3: script apply running-config.scr ............15-2...
Page 10
Chapter 18 Simple Network Time Protocol (SNTP) Overview ........................18-1 CLI Examples .......................18-1 Example #1: show sntp ..................18-1 Example #2: show sntp client .................18-2 Example #3: show sntp server ................18-2 Example #4: Configure SNTP ................18-2 Example #5: Setting Time Zone ................18-4 Example #6: Setting Named SNTP Server ............18-4 Chapter 19 Managing Switch Stacks...
Page 11
Renumbering Stack Members ................19-14 Moving a Master to a Different Unit in the Stack ..........19-14 Removing a Master Unit from an Operating Stack ..........19-14 Merging Two Operational Stacks .................19-15 Preconfiguration ....................19-15 Upgrading Firmware .....................19-15 Migration of Configuration With a Firmware Upgrade ..........19-16 Code Mismatch ....................19-17 Chapter 20 Pre-Login Banner...
About This Manual The NETGEAR ® FVX538 ProSafe™ VPN Firewall 200 Reference Manual describes how to install, configure and troubleshoot the 7000 Series Managed Switch. The information in this manual is intended for readers with intermediate computer and Internet skills.
• button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 • Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window.
Page 16
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 v1.0, Jan 2007...
Chapter 1 Introduction This document provides an understanding of the CLI and Web configuration options for software Release 6.0 features. Document Organization This document provides examples of the use of the switch software in a typical network. It describes the use and advantages of specific functions provided by the 7000 Series Managed Switch, and includes information on configuring those functions using the Command Line Interface and Web Interface.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 – Class of Service (CoS) – Differentiated Services • Multicast – IGMP Snooping • Security – Denial of Service – Port Security • Operating System – Dual Configuration • Tools –...
• Netgear Quick Installation Guide, 7000 Series Managed Switch • Netgear CLI Reference for the Prosafe 7X00 Series Managed Switch. There are three documents in this series; choose the appropriate one for your product. • Netgear Hardware Installation Guide for your switch These documents may be found at http://www.NETGEAR.com...
Page 20
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Introduction v1.0, Jan 2007...
Chapter 2 Getting Started Connect a terminal to the switch to begin configuration. In-band and Out-of-band Connectivity Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. Configuring for In-band Connectivity In-band connectivity allows you to access the switch from a remote workstation using the Ethernet network.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 MAC Address MAC address of the switch When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for in-band connectivity over the network.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 IP Address Unique IP address for the switch. Each IP parameter is made up of four decimal numbers, ranging from 0 to 255. The default for all IP parameters is zeroes (0.0.0.0).
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 e. Select the proper mode under Properties. Select Terminal keys. Note: When using HyperTerminal with Microsoft Windows 2000, make sure that you have Windows 2000 Service Pack 2 or later installed. With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal's VT100 emulation.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 • The console connection was established and the console prompt appears on the screen of a VT100 terminal or terminal equivalent. The initial switch configuration is performed through the console port. After the initial configuration, you can manage the switch either from the already-connected console port or remotely through an interface defined during the initial configuration.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Software Installation This section contains procedures to help you become acquainted quickly with the switch software. Before installing switch software, you should verify that the switch operates with the most recent firmware.
Page 27
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 • Uploading from Networking Device to Out-of-Band PC (Only XMODEM) • Downloading from Out-of-Band PC to Networking Device (Only XMODEM) • Downloading from TFTP Server • Restoring factory defaults If you configure any network parameters, you should execute the following command: copy system:running-config nvram:startup-config This command saves the changes to the configuration file.
Page 28
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Table 2-1. Quick Start Commands Command Mode Description Privileged Saves passwords and all other changes to the device. copy system:run- ning-config EXEC If you do not save the configuration, all changes are lost when nvram:startup- you power down or reset the networking device.
Page 29
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Table 2-1. Quick Start Commands Command Mode Description Privileged Starts the error log upload, displays the mode and type of copy nvram:error- log <tftp:// EXEC upload and confirms the upload is progressing.
Page 30
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Table 2-1. Quick Start Commands Command Mode Description Privileged Sets the destination (download) datatype to be an image. copy <tftp:// <ipaddress>/ EXEC The URL must be specified as: <filepath>/<file- tftp://<ipaddress>/<filepath>/<filename> name>> sys- tem:image The system:image option downloads the code file.
Ezconfig can be entered either in Global Config mode (#) or in Display mode (>). The utility displays the following text when you enter the ezconfig command (FSM7352S) >ezconfig NETGEAR EZ Configuration Utility -------------------------------- Hello and Welcome! This utility will walk you thru assigning the IP address for the switch management CPU.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Changing the Password The first question it will ask is whether you wish to change the admin password. For security reasons, you should change the password by typing Y. If you have already set the password and do not wish to change it again, just enter N.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 If an IP address is already assigned, and you do not wish to change the IP address again, simply type N. Assigning Switch Name and Location Information Ezconfig will proceed to the next step in the setup:...
Page 34
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 If during the session, the switch loses its power, the setup information will be lost if Ezconfig does not have the chance to save the changes before power-down. Using Ezconfig for Switch Setup...
Chapter 4 Using the Web Interface This chapter is a brief introduction to the web interface; for example, it explains how to access the Web-based management panels to configure and manage the system. Tip: Use the Web interface for configuration instead of the CLI interface. Web configuration is quicker and easier than entering the multiple required CLI commands.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 a. At the CLI prompt, enter the show network command. b. Set Web Mode to Enabled. Starting the Web Interface Follow these steps to start the switch Web interface: 1. Enter the IP address of the switch in the Web browser address field.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 3. Enter a new user name in the User Name field. 4. Enter a new user password in the Password field and then retype it in the Confirm Password field. Note: If SNMPv3 Authentication is to be used for this user, the password must be eight or more alphanumeric characters.
Page 38
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Using the Web Interface v1.0, Jan 2007...
Chapter 5 Virtual LANs Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security and management of multicast traffic.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 VLAN Configuration Example The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. port 1/0/2 handles traffic for both VLANs, while port 1/0/1 is a member of VLAN 2 only, and ports 1/0/3 and 1/0/4 are members of VLAN 3 only.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #2: Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2, specify that frames will always be transmitted tagged from all member ports, and that untagged frames will be rejected on receipt.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Graphical User Interface Use the following screens to perform the same configuration using the Graphical User Interface: • Switching --> VLAN--> Configuration. To create the VLANs and specify port participation. •...
Chapter 6 Link Aggregation This section includes instructions on configuring Link Aggregation using the Command Line Interface and the Graphical User Interface. Link Aggregation (LAG) allows the switch to treat multiple physical links between two end-points as a single logical link. All of the physical links in a given LAG must operate in full-duplex mode at the same speed.
Page 44
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Figure 6-1 shows the example network. Figure 6-1 Link Aggregation v1.0, Jan 2007...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example 1: Create two LAGS: (Netgear Switch) #config (Netgear Switch) (Config)#port-channel lag_10 (Netgear Switch) (Config)#port-channel lag_20 (Netgear Switch) (Config)#exit Use the show port-channel all command to show the logical interface ids you will use to identify the LAGs in subsequent commands.
Chapter 7 IP Routing Services IP routing services are divided into five areas: • Port Routing • VLAN Routing • Routing Information Protocol (RIP) • Open Shortest Path First (OSPF) Protocol • Proxy Address Resolution Protocol (ARP) Port Routing The first networks were small enough for the end stations to communicate directly. As networks grew, Layer 2 bridging was used to segregate traffic, a technology that worked well for unicast traffic, but had problems coping with large quantities of multicast packets.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Port Routing Configuration The 7000 Series Managed Switch always supports Layer 2 bridging, but Layer 3 routing must be explicitly enabled, first for the 7000 Series Managed Switch as a whole, and then for each port which is to participate in the routed network.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 CLI Examples This diagram shows a Layer 3 switch configured for port routing. It connects three different subnets, each connected to a different port. The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the port routing support shown in the diagram.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example 2. Enabling Routing for Ports on the Switch Use the following commands to enable routing for ports on the switch. The default link-level encapsulation format is Ethernet. Configure the IP addresses and subnet masks for the ports.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 The next section will show you how to configure the 7000 Series Managed Switch to support VLAN routing and how to use RIP and OSPF. A port may be either a VLAN port or a router port, but not both.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example 1: Create Two VLANs The following code sequence shows an example of creating two VLANs with egress frame tagging enabled. (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface-vlan 10)#ip address 192.150.3.1 255.255.255.0...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 CLI Example This example adds support for RIPv2 to the configuration created in the base VLAN routing example. A second router, using port routing rather than VLAN routing, has been added to the network.
Page 55
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example of configuring VLAN Routing with RIP support on a 7000 Series Managed Switch (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 VLAN Routing OSPF Configuration For larger networks Open Shortest Path First (OSPF) is generally used in preference to RIP. OSPF offers several benefits to the administrator of a large and/or complex network: •...
Page 57
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example of configuring OSPF on a 7000 Series Managed Switch acting as an inter-area router: (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 • To prevent any RIP packets from being transmitted CLI Example The configuration commands used in the following example enable RIP on ports 1/0/2 and 1/0/3 as shown in the network illustrated in...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #2: Enable Routing for Ports The following command sequence enables routing and assigns IP addresses for ports 1/0/2 and 1/ 0/3. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #4. Enable RIP for ports 1/0/2 and 1/0/3 This command sequence enables RIP for ports 1/0/2 and 1/0/3. Authentication defaults to none, and no default route entry is created. The commands specify that both ports receive both RIPv1 and RIPv2 frames, but send only RIPv2 formatted frames.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 • Intra-area • Inter-area • External type 1: the route is external to the AS • External Type 2: the route was learned from other protocols such as RIP CLI Examples The examples in this section show you how to configure a 7000 Series Managed Switch first as an inter-area router and then as a border router.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #1 Configuring an Inter-Area Router Figure 7-5 Enable Routing for the Switch. The following command sequence enables ip routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Assign IP Addresses for Ports.
Page 64
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Specify Router ID and Enable OSPF for the Switch. The following sequence specifies the router ID and enables OSPF for the switch. Set disable1583 compatibility to prevent the routing loop. (Netgear Switch) #config...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #2 - Configuring OSPF on a Border Router Figure 7-6 IP Routing Services 7-19 v1.0, Jan 2007...
Page 66
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 The following example configures OSPF on a 7000 Series Managed Switch operating as a border router: Enable routing for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Enable routing & assign IP for ports 1/0/2, 1/0/3 and 1/0/4.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Enable OSPF for the ports and set the OSPF priority and cost for the ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip ospf (Netgear Switch) (Interface 1/0/2)#ip ospf areaid 0.0.0.2...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 CLI Examples The following are examples of the commands used in the proxy ARP feature. Example #1: show ip interface (Netgear Switch) #show ip interface ? <slot/port> Enter an interface in slot/port format.
Chapter 8 Virtual Router Redundancy Protocol When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network. If the router goes down, the end station is unable to communicate.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 CLI Examples This example shows how to configure the 7000 Series Managed Switch to support VRRP. Router 1 will be the default master router for the virtual route, and Router 2 will be the backup router.
Page 71
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the master router: Enable routing for the switch. IP forwarding will then be enabled by default.
Page 72
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the backup router: Enable routing for the switch. IP forwarding will then be enabled by default.
Chapter 9 Access Control Lists (ACLs) This section describes the Access Control Lists (ACLs) feature. Overview Access Control Lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a firewall router or in a router connecting two internal networks. When you configure ACLs, you can selectively admit or reject inbound traffic, thereby controlling access to your network or to specific resources on your network.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 • Destination MAC address with mask • VLAN ID (or range of IDs) • Class of Service (CoS) (802.1p) • Ethertype • L2 ACLs can apply to one or more interfaces •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Process To configure ACLs, follow these steps: • Create an ACL by specifying a name (MAC ACL) or a number (IP ACL) • Add new rules to the ACL • Configure the match criteria for the rules •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 The following is an example of configuring ACL support on a 7000 Series Managed Switch: Create ACL 101. Define the first rule: it will permit packets with a match on the...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #1: mac access list (Netgear Switch)(Config)#mac access-list ? extended Configure extended MAC Access List parameters. Netgear Switch)(Config)#mac access-list extended ? <name> Enter access-list name up to 31 characters in length.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #2: permit any (Netgear Switch) (Config-mac access-list)#permit ? <srcmac> Enter a MAC address. Configure a match condition for all the destination MAC addresses in the Destination MAC Address field. (Netgear Switch) (Config-mac access-list)#permit any ? <dstmac>...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #3 Configure mac access-group (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#mac ? access-group Attach MAC Access List to Interface. (Netgear Switch) (Interface 1/0/5)#mac access-group ? <name> Enter name of MAC Access Control List.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #4 permit (Netgear Switch) (Config)#mac access-list extended b2 (Netgear Switch) (Config-mac-access-list)#permit 00:00:00:00:00:00 ? <dstmac> Enter a MAC Address. Configure a a match condition for all the destination MAC addresses in the Destination MAC Address field.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #5: show mac access-lists (Netgear Switch) #show mac access-lists Current number of all ACLs: 2 Maximum number of all ACLs: 100 MAC ACL Name Rules Interface(s) Direction ------------ ----- ------------...
Page 82
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 9-10 Access Control Lists (ACLs) v1.0, Jan 2007...
Chapter 10 Class of Service (CoS) Queuing This section describes the Class of Service (CoS) Queue Mapping and Traffic Shaping features. Overview Each port has one or more queues for packet transmission. During configuration, you can determine the mapping and configuration of these queues. Based on service rate and other criteria you configure, queues provide preference to specified packets.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 – IP Precedence – IP DiffServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header. You configure this by mapping the 802.1p priorities to one of three traffic class queues. These queues are: •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 – Tail drop vs. WRED Drop Precedence Configuration (per Queue) • WRED parameters – Minimum threshold – Maximum threshold – Drop probability – Scale factor • Tail Drop parameters – Threshold Per Interface Basis •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #1: show classofservice trust (Netgear Switch) #show classofservice trust ? <cr> Press Enter to execute the command. (Netgear Switch) #show classofservice trust Class of Service Trust Mode: Dot1P Example #2: set classofservice trust mode...
Enter the minimum bandwidth percentage for Queue 0. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict ? <queue-id> Enter a Queue Id from 0 to 7.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #5: Set CoS Trust Mode of an Interface (Netgear Switch) (Config)#classofservice trust ? dot1p Sets the Class of Service Trust Mode of an Interface to 802.1p. ip-dscp Sets the Class of Service Trust Mode of an Interface to IP DSCP.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #1 traffic-shape (Netgear Switch) (Config)#traffic-shape ? <bw> Enter the shaping bandwidth percentage from 0 to 100 in increments of 5. (Netgear Switch) (Config)#traffic-shape 70 ? <cr> Press Enter to execute the command.
Page 90
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 10-8 Class of Service (CoS) Queuing v1.0, Jan 2007...
Chapter 11 Differentiated Services Differentiated Services (DiffServ) is one technique for implementing Quality of Service (QoS) policies. Using DiffServ in your network allows you to directly configure the relevant parameters on the switches and routers rather than using a resource reservation protocol.This section explains how to configure the 7000 Series Managed Switch to identify which traffic class a packet belongs to, and how it should be handled to provide the desired quality of service.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 – Marking the packet with a given DSCP code point, IP precedence, or CoS – Policing packets by dropping or re-marking those that exceed the class’s assigned data rate – Counting the traffic within the class •...
Page 93
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 The following example configures DiffServ on a 7000 Series Managed Switch: Ensure DiffServ operation is enabled for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#diffserv Create a DiffServ class of type “all” for each of the departments, and name them.
1/0/5 based on a normal destination address lookup for internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit DiffServ for VoIP Configuration Example One of the most valuable uses of DiffServ is to support Voice over IP (VoIP).
Page 95
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side. The configuration script is for Router 1 in the accompanying diagram: a similar script should be applied to Router 2.
Page 96
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 The following example configures DiffServ VoIP support: Enter Global Config mode. Set queue 5 on all ports to use strict priority mode. This queue shall be used for all VoIP packets.
The following are examples of the commands used in the IGMP Snooping feature. Example #1: Enable IGMP Snooping The following example shows how to eanble IGMP snooping. (Netgear Switch) #config (Netgear Switch) (Config)#ip igmpsnooping (Netgear Switch) (Config)#ip igmpsnooping interfacemode (Netgear Switch) (Config)# exit 12-1 v1.0, Jan 2007...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #2: show igmpsnooping (Netgear Switch) #show igmpsnooping? <cr> Press Enter to execute the command. <slot/port> Enter interface in slot/port format. mrouter Display IGMP Snooping Multicast Router information. <1-4093> Display IGMP Snooping valid VLAN ID information.
Chapter 13 Port Security This section describes the Port Security feature. Overview Port Security: • Allows for limiting the number of MAC addresses on a given port • Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Operation Port Security: • Helps secure network by preventing unknown devices from forwarding packets • When link goes down, all dynamically locked addresses are ‘freed’ • If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets with a MAC address matching the MAC address in the static list •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 CLI Examples The following are examples of the commands used in the Port Security feature. Example #1: show port security (Netgear Switch) #show port-security ? <cr> Press Enter to execute the command.
Page 102
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 13-4 Port Security v1.0, Jan 2007...
Chapter 14 Traceroute This section describes the Traceroute feature. Use Traceroute to discover the routes that packets take when traveling on a hop-by-hop basis to their destination through the network. • Maps network routes by sending packets with small Time-to-Live (TTL) values and watches the ICMP time-out announcements •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 CLI Example The following shows an example of using the traceroute command to determine how many hops there are to the destination. The command output shows each IP address the packet passes through and how long it takes to get there.
Chapter 15 Configuration Scripting This section describes the Configuration Scripting feature. Overview Configuration Scripting: • Allows you to generate text-formatted files • Provides scripts that can be uploaded and downloaded to the system • Provides flexibility to create command configuration scripts •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #1: script (Netgear Switch) #script ? apply Applies configuration script to the switch. delete Deletes a configuration script file from the switch. list Lists all configuration script files present on the switch.
Chapter 16 Outbound Telnet This section describes the Outbound Telnet feature. Overview Outbound Telnet: • Establishes an outbound telnet connection between a device and a remote host • A telnet connection is initiated, each side of the connection is assumed to originate and terminate at a “Network Virtual Terminal”...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #3: transport output telnet (Netgear Switch Routing) (Config)#lineconfig ? <cr> Press Enter to execute the command. (Netgear Switch Routing) (Config)#lineconfig (Netgear Switch Routing) (Line)#transport ? input Displays the protocols to use to connect to a specific line of the router.
Page 112
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 16-4 Outbound Telnet v1.0, Jan 2007...
Chapter 17 Port Mirroring This section describes the Port Mirroring feature. Overview Port Mirroring: • Allows you to monitor network traffic with an external network analyzer • Forwards a copy of each incoming and outgoing packet to a specific port •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #1: show monitor session (Netgear Switch Routing) #show monitor session 1 Session ID Admin Mode Probe Port Mirrored Port ---------- ---------- ---------- ------------- Enable 1/0/8 1/0/7 Note: Monitor session ID “1” - “1” is a hardware limitation.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 port, and what is enabled or disabled on the port. (Netgear Switch Routing) #show port 0/7 Admin Physical Physical Link Link LACP Intf Type Mode Mode Status Status Trap Mode 1/0/7...
SNTP client implemented over UDP which listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature. Example #1: show sntp (Netgear Switch Routing) #show sntp ? <cr> Press Enter to execute the command. client Display SNTP Client Information.
Failed Unicast Requests: Example #4: Configure SNTP Netgear switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
Page 119
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 1. Configure the SNTP server IP address. The IP address can be either from the public NTP server or your own. You can search the Internet to locate the public server. The servers available could be listed in domain-name format instead of address format.
Netgear provides SNTP servers accessable by Netgear devices. Because Netgear may change IP addresses assigned to its time servers, it is best to access a SNTP server by DNS name instead of using a hard-coded IP address. The public time servers available are time-a, time-b, and time-c.
Chapter 19 Managing Switch Stacks This chapter describes the concepts and recommended operating procedures to manage Netgear stackable managed switches running Release 4.x.x.x or newer. Netgear stackable managed switches include the following models: • FSM7328S • FSM7352S • FSM7352PS •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Understanding Switch Stacks A switch stack is a set of up to eight Ethernet switches connected through their stacking ports. One of the switches controls the operation of the stack and is called the stack master. The stack master and the other switches in the stack are stack members.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Switch Stack Membership A switch stack has up to eight stack members connected through their stacking ports. A switch stack always has one stack master. A standalone switch is a switch stack with one stack member that also operates as the stack master.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Switch Stack Cabling (FSM73xxS) Figure 19-1 Figure 19-2 illustrate how individual switches are interconnected to form a stack. You can use the regular Category 5 Ethernet 8 wire cable. Figure 19-1...
1. The switch that is currently the stack master 2. The switch with the highest stack member priority value Note: Netgear recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re- electedas stack master if a re-election occurs.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Stack members in the same switch stack cannot have the same stack member number. Every stack member, including a standalone switch, retains its member number until you manually change the number or unless the number is already being used by another member in the stack.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Table 19-1. Results of comparing the preconfiguration with the new switch Scenario Result The stack member numbers and the switch types The switch stack applies the configuration to the match. preconfigured new switch and adds it to the stack.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Switch Stack Software Compatibility Recommendations All stack members must run the same software version to ensure compatibility between stack members. The software versions on all stack members, including the stack master, must be the same.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Switch Stack Management Connectivity You manage the switch stack and the stack member interfaces through the stack master. You can use the web interface, the CLI, and SNMP. You cannot manage stack members on an individual switch basis.
Page 130
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Table 19-2. Switch stack configuration scenarios (continued) Scenario Result Stack master election specifically determined by the The stack member with the higher MAC address is MAC address elected stack master. • Assuming that both stack members have the same priority value and software image, restart both stack members at the same time.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Stacking Recommendations The purpose of this section is to collect notes on recommended procedures and expected behavior of stacked managed switches. Procedures addressed initially are listed below. • Initial installation and power-up of a stack.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Initial installation and Power-up of a Stack 1. Install units in rack. 2. Install all stacking cables. Fully connect, including the redundant stack link. It is highly recommended that a redundant link be installed.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Adding a Unit to an Operating Stack 1. Make sure the redundant stack connection is in place and functional. All stack members should be connected in a logical ring. 2. Preconfigure the new unit, if desired.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 • Add the new stack unit to the stack using the process described in section “Adding a Unit to an Operating Stack”. The unit can be inserted into the same position as the unit just removed, or the unit can be inserted at the bottom of the stack.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Merging Two Operational Stacks It is strongly recommended that two functioning stacks (each having an independent master) not be merged simply by the reconnection of stack cables. That process may result in a number of unpredictable results and should be avoided.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 archive command (in stack configuration mode) may be issued to make another attempt to copy the software to the unit(s) that did not get updated. Errors during code propagation to stack members could be caused by stack cable movement or unit reconfiguration during the propagation phase.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Code Mismatch If a unit is added to a stack and it does not have the same version of code as that of the master, the following should happen: • “New” unit will boot up and become a “member” of the stack •...
Page 138
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 19-18 Managing Switch Stacks v1.0, Jan 2007...
Chapter 20 Pre-Login Banner This section describes the Pre-Login Banner feature. Overview Pre-Login Banner: • Allows you to create message screens when logging into the CLI Interface • By default, no Banner file exists • Can be uploaded or downloaded •...
Page 140
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 2. Transfer the file from the PC to the switch using TFTP (Netgear Switch Routing) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode........... TFTP Set TFTP Server IP......192.168.77.52 TFTP Path......../ TFTP Filename........banner.txt Data Type........
Chapter 21 Syslog This section provides information about the Syslog feature. Overview Syslog: • Allows you to store system messages and/or errors • Can store to local files on the switch or a remote server running a syslog daemon • Method of collecting message logs from many systems Persistent Log Files •...
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Interpreting Log Files <130> 00:00:06 0.0.0.0-1 UNKN [0x800023]: bootos.c(386) %% Event (0xaaaaaaaa) A. Priority B. Timestamp C. Stack ID D. Component Name E. Thread ID File Name Line Number CLI Examples The following are examples of the commands used in the Syslog feature.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 Example #3: show logging traplogs (Netgear Switch Routing) #show logging traplogs <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging traplogs Number of Traps Since Last Reset.... Trap Log Capacity......
Chapter 22 IGMP Querier When the switch is used in network applications where video services such as IPTV, video streaming, and gaming are deployed, the video traffic would normally be flooded to all connected ports because such traffic packets usually have multicast Ethernet addresses. IGMP snooping can be enabled to create a multicast group to direct that traffic only to those users that require it.
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0 CLI Examples Example 1: Enable IGMP Querier Using the following CLI commands to setup the switch to generate IGMP querier packet for a designated VLAN. The IGMP packet will be transmitted to every ports on the VLAN. The following example enables the querier for VLAN 1.