Page 1: Managed Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10453-02 November 2008...
Page 2: Declaration Of Conformity
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3: Canadian Department Of Communications Radio Interference Regulations
Tested to Comply with FCC Standards FOR HOME OR OFFICE USE Modifications made to the product, unless expressly approved by NETGEAR, Inc., could void the user's right to operate the equipment. Canadian Department of Communications Radio Interference Regulations This digital apparatus (7000 Series Managed Switch) does not exceed the Class A limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.
Page 4 Product and Publication Details Model Number: 7xxx Publication Date: November 2008 Product Family: Managed Switch Product Name: 7000 Series Managed Switch Home or Business Product: Business Language: English Publication Part Number: 202-10453-02 Publication Version Number: v1.0, November 2008...
Page 5: Table Of Contents
Contents NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 About This Manual Conventions, Formats, Scope, and Audience ..............xvii Additional Documentation ....................xviii How to Use This Manual ....................xix How to Print This Manual ....................xix Revision History ....................... xx Chapter 1 Getting Started In-band and Out-of-band Connectivity ................1-1...
Page 6 Web Interface Layout ....................3-2 Configuring an SNMP V3 User Profile ..............3-4 Chapter 4 Virtual LANs Create Two VLANs ......................4-2 CLI: Creating Two VLANS ..................4-2 Web Interface: Creating Two VLANS ...............4-2 Assign Ports to VLAN2 ....................4-4 CLI: Assigning Ports to VLAN2 ................4-4 Web Interface: Assigning Ports to VLAN2 ...............4-4 Assign Ports to VLAN3 ....................4-5 CLI: Assigning Ports to VLAN3 ................4-6...
Page 7 Chapter 6 Port Routing Port Routing Configuration .....................6-1 Enable Routing for the Switch ..................6-2 CLI: Enabling Routing for the Switch ...............6-3 Web Interface: Enabling Routing for the Switch ............6-3 Enable Routing for Ports on the Switch ................6-3 CLI: Enabling Routing for Ports on the Switch ............6-4 Web Interface: Enabling Routing for Ports on the Switch ........6-4 Adding a Default Route ....................6-6 CLI: Add a Default Route ..................6-7...
Page 8 CLI: Enabling RIP for Ports 1/0/2 and 1/0/3 .............8-6 Web Interface: Enabling RIP for Ports 1/0/2 and 1/0/3 ..........8-7 VLAN Routing RIP Configuration ...................8-8 CLI: VLAN Routing RIP Configuration ..............8-10 Web Interface: VLAN Routing RIP Configuration ........... 8-11 Chapter 9 OSPF Configure an Inter-Area Router ..................9-1 CLI: Configuring an Inter-Area Router ..............9-2...
Page 9 CLI: Configuring VRRP on a Master Router ............11-2 Web Interface: Configuring VRRP on a Master Router .......... 11-3 Configure VRRP on a Backup Router ................11-4 CLI: Configuring VRRP on a Backup Router ............11-5 Web Interface: Configuring VRRP on a Backup Router ......... 11-6 Chapter 12 Access Control Lists (ACLs) MAC ACLs ........................12-1...
Page 10 CLI: Showing classofservice ip-precedence Mapping ..........13-5 Web Interface: Showing classofservice ip-precedence Mapping ......13-5 Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode ....13-6 CLI: Configuring Cos-queue Min-bandwidth and Strict Priority Scheduler Mode ...13-6 Web Interface: Configuring CoS-queue Min-bandwidth and Strict Priority Scheduler Mode 13-6 Set CoS Trust Mode of an Interface ................13-9 CLI: Setting CoS Trust Mode of an Interface ............13-9...
Page 11 CLI: Configure the Switch with a Multicast Router Using VLAN ......15-6 Web Interface: Configuring the Switch with a Multicast Router Using VLAN ..15-6 IGMP Querier .......................15-7 Enable IGMP Querier ....................15-8 CLI: Enabling IGMP Querier ..................15-8 Web Interface: Enabling IGMP Querier ..............15-9 Show IGMP Querier Status ..................15-10 CLI: Showing IGMP Querier Status ..............15-10 Web Interface: Showing IGMP Querier Status .............15-10...
Page 12 Configure SNTP ......................17-2 CLI: Configuring SNTP ...................17-2 Web Interface: Configuring SNTP ................17-4 Set the Time Zone (CLI Only) ..................17-5 Set Named SNTP Server .....................17-5 CLI: Setting Named SNTP Server ................17-5 Web Interface: Setting Named SNTP Server ............17-6 Chapter 18 Tools Traceroute ........................18-1 CLI:Traceroute .......................18-1 Web Interface: Traceroute ..................18-2...
Page 13 Show Logging Buffered ....................19-5 CLI: Showing Logging Buffered ................19-6 Web Interface: Showing Logging Buffered .............19-6 Show Logging Traplogs ....................19-7 CLI: Showing Logging Traplogs ................19-7 Web Interface: Showing Logging Trap Logs ............19-7 Show Logging Hosts .....................19-8 CLI: Showing Logging Hosts ..................19-8 Web Interface: Showing Logging Hosts ..............19-8 Log Port Configuration ....................19-9 CLI: Logging Port Configuration ................19-9...
Page 14 CLI: Renumbering Stack Members ..............20-11 Web Interface: Renumbering Stack Members .............20-12 Moving a Master to a Different Unit in the Stack ............20-13 CLI: Moving a Master to a Different Unit in the Stack ..........20-13 Web Interface: Moving a Master to a Different Unit in the Stack ......20-13 Removing a Master Unit from an Operating Stack ..........20-14 Merging Two Operational Stacks .................20-14 Preconfiguration ....................20-14...
Page 15 Web Interface: Configuring a DHCP Server in Dynamic Mode ......23-1 Configure a DHCP Reservation ..................23-3 CLI: Configuring a DHCP Reservation ..............23-4 Web Interface: Configuring a DHCP Reservation ..........23-4 Chapter 24 Double VLANs Enable a Double VLAN ....................24-2 CLI: Enabling a Double VLAN on a VLAN .............24-2 Web Interface: Enabling a Double VLAN on a VLAN ..........24-2 Chapter 25 Private VLAN Groups...
Page 16 v1.0, November 2008...
Page 17: About This Manual
About This Manual The NETGEAR ® 7000 Series Managed Switch Administration Guide Version 7.3 describes how to install, configure and troubleshoot the 7000 Series Managed Switch. The information in this manual is intended for readers with intermediate computer and Internet skills.
Page 18: Additional Documentation
The NETGEAR installation guide for your switch • NETGEAR CLI Reference for the Prosafe 7X00 Series Managed Switch. Refer to the Command Line Reference for information for the command structure. There are three documents in this series; choose the appropriate one for your product.
Page 19: How To Use This Manual
• button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.
Page 20: Revision History
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Revision History Version Part Number Description Number 202-10453-02 Product update: New firmware and new user Interface v1.0, November 2008...
Page 21: Getting Started
Chapter 1 Getting Started Connect a terminal to the switch to begin configuration. In-band and Out-of-band Connectivity Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. Configuring for In-band Connectivity In-band connectivity allows you to access the switch from a remote workstation using the Ethernet network. To use in-band connectivity, you must configure the switch with IP information (IP address, subnet mask, and default gateway).
Page 22 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for in-band connectivity over the network.
Page 23: Configuring For Out-Of-Band Connectivity
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Subnet Subnet mask for the LAN. The default value is 255.255.255.0. gateway IP address of the default router, if the switch is a node outside the IP range of the LAN.
Page 24: Starting The Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Starting the Switch Make sure that the switch console port is connected to a VT100 terminal or VT100 terminal emulator via the RS-232 crossover cable. Locate an AC power receptacle. Deactivate the AC power receptacle.
Page 25: Initial Configuration Procedure
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Initial Configuration Procedure You can perform the initial configuration using the Easy Setup Wizard or by using the Command Line Interface (CLI). The Setup Wizard automatically starts when the switch configuration file is empty. You can exit the wizard at any point by entering [ctrl+z].
Page 26: System Information And System Setup
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 – Enter to show a list of commands that are available in the current mode. System Information and System Setup This section describes the commands you use to view system information and to setup the network device.
Page 27: Command Mode
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Table 1-1. Quick Start Commands (continued) Command Mode Description Global Allows the user to set passwords or change passwords users passwd Config needed to login. <username> A prompt appears after the command is entered requesting the users old password.
Page 28: Clear Config
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Table 1-1. Quick Start Commands (continued) Command Mode Description Privileged Starts the configuration file upload, displays the mode and copy nvram:startup- EXEC type of upload and confirms the upload is progressing.
Page 29 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Table 1-1. Quick Start Commands (continued) Command Mode Description Privileged Enter yes when the prompt asks if you want to save the copy system:running- EXEC configurations made to the networking device.
Page 30 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 1-10 Getting Started v1.0, November 2008...
Page 31: Using Ezconfig For Switch Setup
Ezconfig can be entered either in Global Config mode (#) or in Display mode (>). The utility displays the following text when you enter the ezconfig command (FSM7352S) >ezconfig NETGEAR EZ Configuration Utility -------------------------------- Hello and Welcome! This utility will walk you through assigning the IP address for the switch management CPU.
Page 32: Setting Up The Switch Ip Address
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 again, just enter Enter new password:******** Confirm new password:******** Password Changed! The 'enable' password required for switch configuration via the command line interface is currently not configured. Do you wish to change it (Y/N/Q)?
Page 33: Assigning Switch Name And Location Information
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Assigning Switch Name and Location Information Ezconfig will proceed to the next step in the setup: Do you want to assign switch name and location information (Y/N/Q)? System Name: Alpha1-1 System Location: Bld1...
Page 34 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Using Ezconfig for Switch Setup v1.0, November 2008...
Page 35: Using The Web Interface
Chapter 3 Using the Web Interface This chapter is a brief introduction to the web interface; for example, it explains how to access the Web- based management panels to configure and manage the system. Tip: Use the Web interface for configuration instead of the CLI. Web configuration is quicker and easier than entering the multiple required CLI commands.
Page 36: Starting The Web Interface
The guest may only view the settings and status of the network. As shipped from the factory, both users can log in without a password. Netgear strongly recommends that the network administrator creates a unique password for the administrative user before placing the switch into production.
Page 37 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Figure 3-2 The PCC Web interface has the following four significant features: Layout: The navigation pane has two rows of tabs, as shown in the following screen: Figure 3-3 Tabs Tab Contents...
Page 38: Configuring An Snmp V3 User Profile
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Tabs Tab Contents Main tabs Maintenance Services to perform a firmware upgrade, to save the configuration, and to perform a backup of the configuration. Help Access to the NETGEAR product support website and documentation.
Page 39 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enter a new password in the Password field and then retype it in the Confirm Password field. Note: If SNMPv3 Authentication is to be used for this user, the password must be eight or more alphanumeric characters.
Page 40 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Using the Web Interface v1.0, November 2008...
Page 41: Virtual Lans
Chapter 4 Virtual LANs In this chapter, the following examples are provided: • “Create Two VLANs” on page 4-2 • “Assign Ports to VLAN2” on page 4-4 • “Assign Ports to VLAN3” on page 4-5 • “Assign VLAN3 as the Default VLAN for Port 1/0/2” on page 4-7 •...
Page 42: Create Two Vlans
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 use to configure the switch as shown in the diagram. Layer 3 Switch Port 1/0/2 VLAN Port 1/0/3 VLAN Router Port 1/3/1 Router Port 1/3/2 192.150.3.1 192.150.4.1 Port 1/0/1 Layer 2...
Page 43 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Create VLAN 2. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays. Figure 4-2 b. Enter the following information in the VLAN Configuration.
Page 44: Assign Ports To Vlan2
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • In the VLAN Name field, enter VLAN3 • Select Static from the VLAN Type pull-down menu. Click Add. Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2, specify that frames will always be transmitted tagged from all member ports, and that untagged frames will be rejected on receipt.
Page 45: Assign Ports To Vlan3
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Click the Unit 1. The Ports display. d. Click the gray box under port 1 and 2 until T displays. The T specifies that the egress packet is tagged for the port.
Page 46: Cli: Assigning Ports To Vlan3
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Assigning Ports to VLAN3 (Netgear Switch) (Config)#interface range 1/0/2-1/0/4 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#vlan acceptframe all (Netgear Switch) (Interface 1/0/4)#exit...
Page 47: Assign Vlan3 As The Default Vlan For Port 1/0/2
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Switching > VLAN> Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 4-7 b. Under PVID Configuration, scroll down to interface 1/0/4 and select the checkbox for that interface.
Page 48 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Switching > VLAN >Advanced > Port PVID Configuration. A screen similar to the following displays. Figure 4-8 b. Under PVID Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 49: Creating A Mac-Based Vlan
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Creating a MAC-based VLAN Layer 2 Switch MAC: 00:00:0A:00:00:02 Port 1/0/23 PC 1 PC 2 Figure 4-9 MAC based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet.
Page 50: Cli: Creating A Mac-Based Vlan
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Creating a MAC-Based VLAN Create a VLAN 3 (Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 3 (Netgear Switch)(Vlan)#exit Add the port 1/0/23 to the VLAN 3. (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/23 (Netgear Switch)(Interface 1/0/23)#vlan participation include 3...
Page 51: Web Interface Procedure: Assigning A Mac-Based Vlan
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface Procedure: Assigning a MAC-Based VLAN To use the Web interface to configure the managed switch, proceed as follows: Create VLAN 3. From the main menu, select Switching > VLAN >Basic > VLAN configuration. A screen similar to the following displays.
Page 52 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Select 3 from the VLAN ID pull-down menu. Click the Unit 1. The Ports display. d. Click the gray box before the Unit 1until U displays. Click Apply Assign VPID 3 to the port 1/0/23.
Page 53: Create A Protocol-Based Vlan
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Enter the following information in the MAC Based VLAN Configuration. • Enter 00:00:0A:00:00:02 in the MAC Address field. • Enter 3 in the PVID(1 to 4093) field. Click Add. Create a Protocol-based VLAN Create two protocol vlan groups, one is for IPX and the other is for IP/ARP.
Page 54: Web Interface: Creating A Protocol-Based Vlan
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable protocol vlan group 1 and 2 on the interface. (Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 2 (Netgear Switch)(Interface 1/0/11)#exit...
Page 55 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Switching > VLAN >Advanced > Protocol Based VLAN Group Configuration. A screen similar to the following displays. Figure 4-15 b. Enter the following information in the Protocol Based VLAN Group Configuration.
Page 56 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Switching > VLAN >Advanced > Protocol Based VLAN Group Membership. A screen similar to the following displays Figure 4-17 b. Select the 1 from the Group ID Click on the gray box under port 11.
Page 57: Link Aggregation
Chapter 5 Link Aggregation This chapter includes instructions for configuring Link Aggregation (LAG). The following examples are provided: • “Create Two LAGs” on page 5-2 • “Add the Ports to the LAGs” on page 5-3 • “Enable Both LAGs” on page 5-5 Link Aggregation (LAG) allows the switch to treat multiple physical links between two end-points as a single logical link.
Page 58: Create Two Lags
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Create Two LAGs The following figure shows the example network. Port 1/0/3 LAG_10 Subnet 3 Port 1/0/2 LAG_10 Server Layer 3 Switch Port 1/0/8 Port 1/0/9 LAG 20 LAG_20 Layer 2 Switch...
Page 59: Web Interface: Creating Two Lags
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Creating Two LAGs To use the Web interface to configure the managed switch, proceed as follows: Create LAG lag_10. From the main menu, select Switching > LAG >LAG Configuration. A screen similar to the following displays.
Page 60: Cli: Adding The Ports To The Lags
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Adding the Ports to the LAGs (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear Switch) (Interface 0/2)#exit (Netgear Switch) (Config)#interface 0/3 (Netgear Switch) (Interface 0/3)#addport 1/1...
Page 61: Enable Both Lags
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Click Apply to save the settings. Add ports to the lag_20. From the main menu, select Switching > LAG >LAG Membership. A screen similar to the following displays. Figure 5-5 b. Under the LAG Membership Configuration , enter the following information.
Page 62: Web Interface: Enabling Both Lags
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Enabling Both LAGs To use the Web interface to configure the switch, proceed as follows: From the main menu, select Switching > LAG >LAG Configuration. A screen similar to the following displays.
Page 63: Port Routing
Chapter 6 Port Routing In this chapter, the following examples are provided: • “Enable Routing for the Switch” on page 6-2 • “Enable Routing for Ports on the Switch” on page 6-3 • “Adding a Default Route” on page 6-6 •...
Page 64: Enable Routing For The Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • IP Forwarding, responsible for forwarding received IP packets. • ARP Mapping, responsible for maintaining the ARP Table used to correlate IP and MAC addresses. The table contains both static entries and entries dynamically updated based on information in received ARP frames.
Page 65: Cli: Enabling Routing For The Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Enabling Routing for the Switch Use the following command to enable routing for the switch. Execution of the command enables IP forwarding by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing...
Page 66: Cli: Enabling Routing For Ports On The Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Enabling Routing for Ports on the Switch (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0...
Page 67 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • In the IP Address field, enter 192.150.2.1. • In the Subnet Mask field, enter 255.255.255.0. • Select Enable from Routing Mode pull-down menu. d. Click Apply to save the settings.
Page 68: Adding A Default Route
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 6-5 b. Under IP Interface Configuration, scroll down to interface 1/0/5 and select the checkbox for that interface.
Page 69: Cli: Add A Default Route
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Add a Default Route (FSM7338S) (Config) #ip route default ? <nexthopip> Enter the IP Address of the next router. (FSM7328S) (Config)#ip route default 10.10.10.2 Note that IP subnet “10.10.10.0” should be configured via either Port Routing Configuration example either or VLAN Routing Configuration in the next chapter.
Page 70: Adding A Static Route
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Adding a Static Route If your network switch has multiple routing interface that would allow different forwarding path to be taken for reaching the same destination, it may make sense to create static route to force the packet to take certain route (port) instead of the default route.
Page 71 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Select Static from the Route Type drop down menu. Enter Network Address field. Noted this field is expecting a network IP address, not a host IP address. Do not put down something like “10,100.100.1”. The last number should always be zero.
Page 72 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 6-10 Port Routing v1.0, November 2008...
Page 73: Vlan Routing
Chapter 7 VLAN Routing In this chapter, the following examples are provided: • “Create Two VLANs” • “Set Up VLAN Routing for the VLANs and the Switch” on page 7-6 You can configure the 7000 Series Managed Switch with some ports supporting VLANs and some supporting routing.
Page 74: Cli: Creating Two Vlans
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 The diagram in this section shows a Layer 3 switch configured for port routing. It connects two VLANs, with two ports participating in one VLAN, and one port in the other. The script shows the commands you would use to configure a 7000 Series Managed Switch to provide the VLAN routing support shown in the diagram.
Page 75: Netgear 7000 Series Managed Switch Administration Guide Version
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Creating Two VLANs To use the Web interface to configure the managed switch, proceed as follows: Create VLAN 10, VLAN20. From the main menu, select Switching > VLAN >Advanced > VLAN configuration. A screen similar to the following displays.
Page 76 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 h. In the VLAN Name field, enter VLAN20. Select Static from the VLAN Type pull-down menu. Click Add. Add ports to the VLAN10 and VLAN20. From the main menu, select Switching > VLAN >Advanced > VLAN Membership. A screen similar to the following displays.
Page 77 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Select 20 from the VLAN ID pull-down menu. h. Click the Unit 1. The Ports display. Click the gray box under port 3 until T displays. The T specifies that the egress packet is tagged for the port.
Page 78: Set Up Vlan Routing For The Vlans And The Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Switching > VLAN> Advanced > Port PVID Configuraton. A screen similar to the following displays. Figure 7-7 Under PVID Configuration, scroll down to interface 1/0/3 and select the checkbox for 1/0/3.
Page 79: Web Interface: Setting Up Vlan Routing For The Vlans And The Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable routing for the switch: (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports.
Page 80 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > VLAN> VLAN Routing > VLAN Routing Configuration. A screen similar to the following displays. Figure 7-9 Under the VLAN Routing Configuration, enter the following information.
Page 81: Routing Information Protocol
Chapter 8 Routing Information Protocol In this chapter, the following examples are provided: • “Enable Routing for the Switch” on page 8-2 • “Enable Routing for Ports” on page 8-3 • “Enable RIP for the Switch” on page 8-5 • “Enable RIP for Ports 1/0/2 and 1/0/3”...
Page 82: Enable Routing For The Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 The configuration commands used in the following example enable RIP on ports 1/0/2 and 1/0/3 as shown in the network illustrated in Figure 8-1 Layer 3 Switch acting as a router...
Page 83: Enable Routing For Ports
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > Basic >IP Configuration. A screen similar to the following displays. Figure 8-2 Next to the Routing Mode, select the Enable radio button. Click Apply to save the settings.
Page 84 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 8-3 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 85: Enable Rip For The Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 8-4 b. Under IP Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 86: Cli: Enabling Rip For The Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Enabling RIP for the Switch The next sequence enables RIP for the switch. the route preference defaults to 15. (Netgear Switch) #config (Netgear Switch) (Config)#router rip (Netgear Switch) (Config router)#enable...
Page 87: Web Interface: Enabling Rip For Ports 1/0/2 And 1/0/3
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 but send only RIPv2 formatted frames. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip rip (Netgear Switch) (Interface 1/0/2)#ip rip receive version both (Netgear Switch) (Interface 1/0/2)#ip rip send version rip2...
Page 88: Vlan Routing Rip Configuration
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > RIP > Advanced>RIP Configuration. A screen similar to the following displays. Figure 8-7 Under the Interface Configuration, enter the following information. • Select 1/0/3 from the Interface pull-down menu.
Page 89 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • RIPv2 defined in RFC 1723 – Route specification is extended to include subnet mask and gateway – The routing table is sent to a multicast address, reducing network traffic –...
Page 90: Cli: Vlan Routing Rip Configuration
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: VLAN Routing RIP Configuration Example of configuring VLAN Routing with RIP support on a 7000 Series Managed Switch. (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20...
Page 91: Web Interface: Vlan Routing Rip Configuration
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable RIP for the VLAN router ports. Authentication will default to none, and no default route entry will be created. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip rip...
Page 92 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 8-10 b. Enter the following information in the VLAN Routing Wizard: •...
Page 93 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > RIP > Advanced>RIP Configuration. A screen similar to the following displays. Figure 8-12 b. Under the Interface Configuration, enter the following information. • Select 0/2/1 from the Interface pull-down menu.
Page 94 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 8-14 Routing Information Protocol v1.0, November 2008...
Page 95: Ospf
Chapter 9 OSPF In this chapter, the following examples are provided: • “Configure an Inter-Area Router” on page 9-1 • “Configure OSPF on a Border Router” on page 9-8 • “Configure Area 1 as a Stub Area” on page 9-16 •...
Page 96: Cli: Configuring An Inter-Area Router
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 The first diagram shows a network segment with an inter-area router connecting areas 0.0.0.2 and 0.0.0.3. The example script shows the commands used to configure a 7000 Series Managed Switch as the inter-area router in the diagram by enabling OSPF on port 1/0/2 in area 0.0.0.2 and port 1/0/3 in area 0.0.0.3.
Page 97: Web Interface: Configuring An Inter-Area Router
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Step 3: Specify the router ID and enable OSPF for the switch. Set disable1583 compatibility to prevent the routing loop. (Netgear Switch) #config (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#router-id 192.150.9.9...
Page 98 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > IP > IP Configuration. A screen similar to the following displays. Figure 9-2 b. Next to the Routing Mode, select the Enable radio button.
Page 99 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Assign IP address 192.150.3.1 to the port 1/0/3: From the main menu, select Routing > IP > Advanced> IP Interface Configuration. A screen similar to the following displays. Figure 9-4 b. Under IP Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 100 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > OSPF > Advanced> OSPF Configuration. A screen similar to the following displays. Figure 9-5 b. Under the OSPF Configuration, enter the following information: •...
Page 101 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 9-6 b. Under Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 102: Configure Ospf On A Border Router
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 9-7 b. Under Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 103 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable routing & assign IP for ports 1/0/2, 1/0/3 and 1/0/4. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.2 255.255.255.0 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.130.3.1 255.255.255.0...
Page 104: Web Interface: Configuring Ospf On A Border Router
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#ip ospf (Netgear Switch) (Interface 1/0/4)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface 1/0/4)#ip ospf priority 255 (Netgear Switch) (Interface 1/0/4)#ip ospf cost 64 (Netgear Switch) (Interface 1/0/4)#exit...
Page 105 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > IP > Advanced> IP Interface Configuration. A screen similar to the following displays. Figure 9-9 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 106 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Under IP Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface. 1/0/3 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 107 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > OSPF > Advanced> OSPF Configuration. A screen similar to the following displays. Figure 9-12 b. Under the OSPF Configuration, enter the following information: •...
Page 108 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable OSPF on the port 1/0/2. From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 9-13 b. Under Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface.
Page 109 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 9-14 b. Under Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 110: Configure Area 1 As A Stub Area
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 9-15 b. Under Interface Configuration, scroll down to interface 1/0/4 and select the checkbox for that interface.
Page 111: Cli: Configuring Area 1 As A Stub Area On A1
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Configuring Area 1 as a Stub Area on A1 Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing Set the router id to 1.1.1.1. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id 1.1.1.1...
Page 112: Web Interface: Configuring Area 1 As A Stub Area On A1
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State ---------------- ----------- ------------------- --------- 4.4.4.4 192.168.10.2 2/0/11 Full 2.2.2.2 192.168.20.2 2/0/19 Full (Netgear Switch) #show ip route Total Number of Routes......
Page 113 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Assign IP address 192.168.10.1 to the port 2/0/11: From the main menu, select Routing > IP > Advanced> IP Interface Configuration. A screen similar to the following displays. Figure 9-18 b. Under IP Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface.
Page 114 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Under IP Interface Configuration, scroll down to interface 2/0/19 and select the checkbox for that interface. 2/0/19 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 115 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable OSPF on the port 2/0/11. From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 9-21 b. Under Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface.
Page 116: Cli: Configuring Area 1 As A Stub Area On A2
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Under Interface Configuration, scroll down to interface 2/0/19 and select the checkbox for that interface. 2/0/19 now appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.1.
Page 117: Web Interface: Configuring Area 1 As A Stub Area On A2
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable OSPF area 0.0.0.1 on the 1/0/15. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 1/0/15 (Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address 192.168.20.2 255.255.255.0 (Netgear Switch) (Interface 1/0/15)#ip ospf (Netgear Switch) (Interface 1/0/15)#ip ospf areaid 0.0.0.1...
Page 118 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Assign IP address 192.168.10.1 to the port 1/0/15. From the main menu, select Routing > IP > Advanced> IP Interface Configuration. A screen similar to the following displays. Figure 9-25 b. Under IP Interface Configuration, scroll down to interface 1/0/15 and select the checkbox for that interface.
Page 119 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable OSPF on the port 1/0/15. From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 9-27 b. Under Interface Configuration, scroll down to interface 1/0/15 and select the checkbox for that interface.
Page 120: Configure Area 1 As A Nssa Area
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Click Add to save the settings. Configure Area 1 as a nssa Area Layer 3 Layer 3 Switch Switch Port 2/0/11 Port 2/0/191 Port 1/0/151 Area 0 Area 1 Figure 9-29 The example is shown as CLI commands and as a Web interface procedure.
Page 121: Web Interface: Configuring Area 1 As A Nssa Area On A1
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable area 0.0.0.1 on the 2/0/19. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 2/0/11 (Netgear Switch) (Interface 2/0/11)#routing (Netgear Switch) (Interface 2/0/11)#ip address 192.168.10.1 255.255.255.0 (Netgear Switch) (Interface 2/0/11)#ip ospf (Netgear Switch) (Interface 2/0/11)#exit...
Page 122 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > IP > IP Configuration. A screen similar to the following displays. Figure 9-30 b. Next to the Routing Mode, select the Enable radio button.
Page 123 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > IP > Advanced> IP Interface Configuration. A screen similar to the following displays. Figure 9-32 b. Under IP Interface Configuration, scroll down to interface 2/0/19 and select the checkbox for that interface.
Page 124 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > OSPF > Advanced> Interface Configuration. A screen similar to the following displays. Figure 9-34 b. Under Interface Configuration, scroll down to interface 2/0/11 and select the checkbox for that interface.
Page 125: Cli: Configuring Area 1 As A Nssa Area On A2
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Under Interface Configuration, scroll down to interface 2/0/19 and select the checkbox for that interface. 2/0/19 now appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.1.
Page 126: Web Interface: Configuring Area 1 As A Nssa Area On A2
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Redistribute the rip routes into the OSPF. (Netgear Switch) (Config-router)#redistribute rip (Netgear Switch) (Config-router)#redistribute rip subnets Enable OSPF area 0.0.0.1 on the 1/0/15. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#routing (Netgear Switch) (Interface 1/0/11)#ip address 192.168.30.1 255.255.255.0...
Page 127 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > IP > IP Configuration. A screen similar to the following displays. Figure 9-37 b. Next to the Routing Mode, select the Enable radio button.
Page 128 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > IP > Advanced> IP Interface Configuration. A screen similar to the following displays. Figure 9-39 b. Under IP Interface Configuration, scroll down to interface 1/0/15 and select the checkbox for that interface.
Page 129 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > RIP > Advanced> Interface Configuration. A screen similar to the following displays. Figure 9-41 b. Enter the following information in Interface Configuration. • Select the 1/0/11 from Interface pull-down menu.
Page 130 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Click Apply to save the settings. Configure area 0.0.0.1 as a nssa area. From the main menu, select Routing > OSPF > Advanced> NSSA Area Configuration. A screen similar to the following displays.
Page 131: Vlan Routing Ospf Configuration
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 VLAN Routing OSPF Configuration For larger networks Open Shortest Path First (OSPF) is generally used in preference to RIP. OSPF offers several benefits to the administrator of a large and/or complex network: •...
Page 132: Cli: Vlan Routing Ospf Configuration
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: VLAN Routing OSPF Configuration This example adds support for OSPF to the configuration created in the base VLAN routing example in Figure 7-1 on page 7-2. The script shows the commands you would use to configure the 7000 Series Managed Switch as an inter-area router.
Page 133: Web Interface: Vlan Routing Ospf Configuration
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 nable OSPF for the VLAN and physical router ports. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip ospf areaid 0.0.0.2 (Netgear Switch) (Interface vlan 10)#ip ospf (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip ospf areaid 0.0.0.3...
Page 134 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Enter the following information in the VLAN Routing Wizard. • In the Vlan ID field, enter 10. • In the IP Address field, enter 192.150.3.1. • In the Network Mask field, enter 255.255.255.0.
Page 135 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable OSPF on the switch. From the main menu, select Routing > OSPF > Basic>OSPF Configuration. A screen similar to the following displays. Figure 9-47 b. Next to the OSPF Admin Mode, select Enable Radio button.
Page 136 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • In the Priority field, enter 128. • In the Metric Cost field, enter 32. d. Click Apply to save the settings. Enable OSPF on the VLAN 20. From the main menu, select Routing > OSPF > Advanced>Interface Configuration. A screen similar to the following displays.
Page 137: Proxy Address Resolution Protocol (Arp)
ARP request arrived Proxy ARP Examples The following are examples of the commands used in the proxy ARP feature. CLI: show ip interface (Netgear Switch) #show ip interface ? <slot/port> Enter an interface in slot/port format. brief Display summary information about IP configuration settings for all ports.
Page 138: Cli: Ip Proxy-Arp
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: ip proxy-arp (Netgear Switch) (Interface 0/24)#ip proxy-arp ? <cr> Press Enter to execute the command. (Netgear Switch) (Interface 0/24)#ip proxy-arp Web Interface: Configuring Proxy ARP on a Port To use the Web interface to configure proxy ARP on a port, proceed as follows: Configure proxy ARP.
Page 139: Virtual Router Redundancy Protocol
Chapter 11 Virtual Router Redundancy Protocol In this chapter, the following examples are provided: • “Configure VRRP on a Master Router” on page 11-2 • “Configure VRRP on a Backup Router” on page 11-4 When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network.
Page 140: Configure Vrrp On A Master Router
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Configure VRRP on a Master Router This example shows how to configure the 7000 Series Managed Switch to support VRRP. Router 1 will be the default master router for the virtual route, and Router 2 will be the backup router.
Page 141: Web Interface: Configuring Vrrp On A Master Router
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable VRRP on the port. (Netgear Switch) (Interface 1/0/2)#ip vrrp 20 mode (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit Web Interface: Configuring VRRP on a Master Router To use the Web interface to configure VRRP on a master router on the switch, proceed as follows: Enable IP routing on the switch: From the main menu, select Routing >...
Page 142: Configure Vrrp On A Backup Router
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Under IP Interface Configuration, scroll down to interface 1/0/2 and select the checkbox for that interface. 1/0/2 now appears in the Interface field at the top. Enter the following information in the IP Interface Configuration: •...
Page 143: Cli: Configuring Vrrp On A Backup Router
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Configuring VRRP on a Backup Router The following is an example of configuring VRRP on a 7000 Series Managed Switch acting as the backup router: Enable routing for the switch. IP forwarding will then be enabled by default.
Page 144: Web Interface: Configuring Vrrp On A Backup Router
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Configuring VRRP on a Backup Router To use the Web interface to configure VRRP on a backup router on the switch, proceed as follows: Enable IP routing on the switch.
Page 145 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • In the Network Mask field, enter 255.255.0.0. • Select Enable from the pull-down menu. d. Click Apply to save the settings. Enable VRRP on the 1/0/4. From the main menu, select Routing > VRRP > Basic> VRRP Configuration. A screen similar to the following displays.
Page 146 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 11-8 Virtual Router Redundancy Protocol v1.0, November 2008...
Page 147: Access Control Lists (Acls)
Chapter 12 Access Control Lists (ACLs) This chapter describes the Access Control Lists (ACLs) feature. The following examples are provided: • “Set up an IP ACL with Two Rules” on page 12-3 • “Configure a One-Way Access Using a TCP Flag in an ACL” on page 12-8 •...
Page 148: Configuring Ip Acls
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • L2 ACLs can apply to one or more interfaces • Multiple access lists can be applied to a single interface - sequence number determines the order of execution • You cannot configure a MAC ACL and an IP ACL on the same interface •...
Page 149: Set Up An Ip Acl With Two Rules
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Set up an IP ACL with Two Rules This section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will only be accepted by the 7000 Series Managed Switch if the source and destination stations have IP addresses within the defined sets.
Page 150: Web Interface: Setting Up An Ip Acl With Two Rules
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Define the second rule for ACL 101 to set similar conditions for UDP traffic as for TCP traffic. (Netgear Switch) (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted.
Page 151 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 following displays. Figure 12-3 b. Next to the ACL ID, select 101 from the pull-down menu. Click Add to create a new rule. Create a new ACL rule and add it to the ACL 101.
Page 152 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • Select the TCP from the Protocol Type pull-down menu. • In the Source IP Address, enter 192.168.77.0. • In the Source IP Mask, enter 0.0.0.255. • In the Destination IP Address, enter 192.178.77.0.
Page 153 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 similar to the following displays. Figure 12-6 b. Enter the following information in the IP Binding Configuration. • Select the 101 from the ACL ID pull-down menu. • In the Sequence Number field, enter 1.
Page 154: Configure A One-Way Access Using A Tcp Flag In An Acl
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Configure a One-Way Access Using a TCP Flag in an ACL This example shows how to set up one-way web access using a TCP flag in an ACL. PC1 can access FTP server1 and FTP server2 but PC2 only access FTP server2.
Page 155 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 (Netgear Switch) (Config)#interface vlan 30 (Netgear Switch) (Interface-vlan 30)#routing (Netgear Switch) (Interface-vlan 30)#ip address 192.168.30.1 255.255.255.0 (Netgear Switch) (Interface-vlan 30)#exit (Netgear Switch) (Config)#exit Create VLAN 100 with port 0/13 and assign IP address 192.168.100.1/24.
Page 156 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Create an ACL that denies all the packets with TCP flags +syn-ack. (Netgear Switch) (Config)#access-list 101 deny tcp any any flag +syn -ack Create an ACL that permits all the IP packets.
Page 157: Web Interface: Configuring A One-Way Access Using A Tcp Flag In An Acl
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Create VLAN 50 with port 1/0/25 and assign IP address 192.168.50.1/24. (Netgear Switch)(Config)#exit (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 50 (Netgear Switch) (Vlan)#vlan routing 50 (Netgear Switch) (Vlan)#exit (Netgear Switch) #configure...
Page 158 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 12-8 b. Enter the following information in the VLAN Routing Wizard: •...
Page 159 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Create VLAN 100 with IP address 192.168.100.1/24: From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 12-9 b. Enter the following information in the VLAN Routing Wizard: •...
Page 160 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Create VLAN 200 with IP address 192.168.200.1/24: From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 12-10 b. Enter the following information in the VLAN Routing Wizard: •...
Page 161 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable IP Routing: From the main menu, select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. Figure 12-11 b. Under IP Configuration, make the following selections: •...
Page 162 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • In the Next Hop IP Address field, enter 192.168.200.2. Click Add. Create a static route with IP address 192.168.50.0/24: From the main menu, select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays.
Page 163 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 following displays. Figure 12-14 b. In the IP ACL ID field of the IP ACL Table, enter 101. Click Add. Create an ACL with ID 102: From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays.
Page 164 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays. Figure 12-16 b. Under IP Extended Rules, select 101 from the ACL ID pull-down menu.
Page 165 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • Next to TCP Flag, select Set from the SYN pull-down menu, and select Clear from the ACK pull-down menu. Click Apply to save the settings. 10. Add and configure an IP extended rule that is associated with ACL 102: From the main menu, select Security >...
Page 166 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1. • Next to Action mode, select the Permit radio button.
Page 167 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 similar to the following displays. Figure 12-21 b. Under Binding Configuration, make the following selection and enter the following information: • Select 102 from the ACL ID pull-down menu. • In the Sequence Number field, enter 2.
Page 168 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Enter the following information in the VLAN Routing Wizard: • In the Vlan ID field, enter 40. • In the IP Address field, enter 192.168.40.1. • In the Network Mask field, enter 255.255.255.0.
Page 169 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 12-24 b. Enter the following information in the VLAN Routing Wizard: •...
Page 170 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 similar to the following displays. Figure 12-25 b. Under Configure Routes, make the following selection and enter the following information: • Select Static from the Route Type pull-down menu. • In the Network Address field, enter 192.168.100.0.
Page 171: Configure Isolated Vlans On A Layer 3 Switch By Using Acls
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Under Configure Routes, make the following selection and enter the following information: • Select Static from the Route Type pull-down menu. • In the Network Address field, enter 192.168.30.0. •...
Page 172: Cli: Configuring A One-Way Access Using A Tcp Flag In An Acl Commands
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Configuring a One-Way Access Using a TCP Flag in an ACL Commands To use the CLI to isolate VLANs on a Layer 3 switch by using ACLs, enter the following CLI commands.
Page 173 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Create VLAN 38, add port 1/0/38 to it, and assign IP address 10.100.5.34 to it. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 38 (Netgear Switch) (Vlan)#vlan routing (Netgear Switch) (Vlan)#exit (Netgear Switch) #config...
Page 174: Web Interface: Configuring A One-Way Access Using A Tcp Flag In An Acl
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Configuring a One-Way Access Using a TCP Flag in an ACL To use the Web interface to isolate VLANs on a Layer 3 switch by using ACLs, proceed as follows: Create VLAN 24 with IP address 192.168.24.1:...
Page 175 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 12-29 b. Enter the following information in the VLAN Routing Wizard: •...
Page 176 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 12-30 b. Enter the following information in the VLAN Routing Wizard: •...
Page 177 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Under IP Configuration, make the following selections: • Next to Routing Mode, select the Enable radio button. • Next to IP Forwarding Mode, select the Enable radio button. Click Apply to enable IP Routing.
Page 178 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. In the IP ACL ID field of the IP ACL Table, enter 102. Click Add. Create an ACL with ID 103: From the main menu, select Security > ACL > Advanced > IP ACL. A screen similar to the following displays.
Page 179 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Click Add. The Extended ACL Rule Configuration screen displays. Figure 12-36 d. Under Extended ACL Rule Configuration (100-199), enter the following information and make the following selections: • In the Rule ID field, enter 1.
Page 180 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Add and configure an IP extended rule that is associated with ACL 102: From the main menu, select Security > ACL > Advanced > IP Extended Rules. A screen similar to the following displays.
Page 181 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • In the Destination IP Address field, enter 192.168.48.0. • In the Destination IP Mask field, enter 0.0.0.255. Click Apply to save the settings. 10. Add and configure an IP extended rule that is associated with ACL 103: From the main menu, select Security >...
Page 182 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • Select False from the Match Every pull-down menu. • Select IP from the Protocol Type pull-down menu. Click Apply to save the settings. 11. Apply ACL 102 to port 24: From the main menu, select Security >...
Page 183 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 12. Apply ACL 101 to port 48: From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays. Figure 12-42 b. Under Binding Configuration, make the following selection and enter the following information: •...
Page 184: Set Up A Mac Acl With Two Rules
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 13. Apply ACL 103 to port 24 and port 48: From the main menu, select Security > ACL > Advanced > IP Binding Configuration. A screen similar to the following displays.
Page 185: Cli: Setting Up A Mac Acl With Two Rules
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Setting up a MAC ACL with Two Rules Create a new MAC ACL acl_bpdu. (Netgear Switch) # (Netgear Switch) #config (Netgear Switch) (Config)#mac access-list extended acl_bpdu Deny all the traffic which has destination MAC 01:80:c2:xx:xx:xx.
Page 186 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Security > ACL >MAC ACL> MAC Rules. A screen similar to the following displays. Figure 12-45 Select acl_bpdu from the ACL Name pull-down menu. b. Select Deny from the Action pull-down menu.
Page 187 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Select acl_bpdu from the ACL Name pull-down menu. b. Enter the following information in the Rule Table. • In the ID field, enter 2. • Select the Permit from the Action pull-down menu.
Page 188 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 12-42 Access Control Lists (ACLs) v1.0, November 2008...
Page 189: Class Of Service (Cos) Queuing
Chapter 13 Class of Service (CoS) Queuing This section describes the Class of Service (CoS) Queue Mapping and Traffic Shaping features. In this chapter, the following examples are provided: • “Show classofservice Trust” on page 13-3 • “Set classofservice trust Mode” on page 13-3 •...
Page 190: Untrusted Ports
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 – 802.1p User Priority (default trust mode - Managed through Switching configuration) – IP Precedence – IP DiffServ Code Point (DSCP) The system can assign service level based upon the 802.1p priority field of the L2 header. You configure this by mapping the 802.1p priorities to one of three traffic class queues.
Page 191: Show Classofservice Trust
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • Queue management type, Tail Drop vs. WRED Only if per queue config is not supported • WRED Decay Exponent • Traffic Shaping for an entire interface Show classofservice Trust CLI: Showing classofservice trust To use the CLI to show CoS trust mode, use these commands.
Page 192: Cli: Setting Classofservice Trust Mode
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Setting classofservice Trust Mode (Netgear Switch) (Config)#classofservice? dot1p-mapping Configure dot1p priority mapping. ip-dscp-mapping Maps an IP DSCP value to an internal traffic class. trust Sets the Class of Service Trust Mode of an Interface.
Page 193: Show Classofservice Ip-Precedence Mapping
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Show classofservice ip-precedence Mapping The example is shown as CLI commands and as a Web interface procedure. CLI: Showing classofservice ip-precedence Mapping (Netgear Switch) #show classofservice ip-precedence-mapping IP Precedence Traffic Class...
Page 194: Configure Cos-Queue Min-Bandwidth And Strict Priority Scheduler Mode
Enter the minimum bandwidth percentage for Queue 0. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 Incorrect input! Use 'cos-queue min-bandwidth <bw-0>..<bw-7>. (Netgear Switch) (Config)#cos-queue min-bandwidth 15 25 10 5 5 20 10 10 (Netgear Switch) (Config)#cos-queue strict? <queue-id> Enter a Queue Id from 0 to 7.
Page 195 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select QoS > Advanced >Interface Queue Configuration. A screen similar to the following displays. Figure 13-4 b. Select the 0 from the Queue ID pull-down menu. Under Interface Queue Configuration, scroll down to interface 1/0/2 and select the checkbox for 1/ 0/1.
Page 196 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select QoS > Advanced >Interface Queue Configuration. A screen similar to the following displays. Figure 13-5 b. Select the 1 from the Queue ID pull-down menu. Under Interface Queue Configuration, scroll down to interface 1/0/2 and select the checkbox for 1/ 0/2.
Page 197: Set Cos Trust Mode Of An Interface
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Set CoS Trust Mode of an Interface CLI: Setting CoS Trust Mode of an Interface (Netgear Switch) (Interface 1/0/3)#classofservice trust? dot1p Sets the Class of Service Trust Mode of an Interface to 802.1p.
Page 198: Configure Traffic Shaping
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Under CoS Configuration, Select the Interface radio button. Select 1/0/3 from the interface pull-down menu. Select trust dot1p from the Interface Trust Mode pull-down menu. Click the Apply to save the settings.
Page 199 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select QoS > Advanced >CoS Interface Configuration. A screen similar to the following displays. Figure 13-7 b. Under CoS Interface Configuration, scroll down to interface 1/0/3 and select the checkbox for 1/0/ 3.
Page 200 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 13-12 Class of Service (CoS) Queuing v1.0, November 2008...
Page 201: Differentiated Services
Chapter 14 Differentiated Services In this chapter, the following examples are provided: • “Differentiated Services” on page 14-2 • “DiffServ for VoIP Configuration” on page 14-20 Differentiated Services (DiffServ) is one technique for implementing Quality of Service (QoS) policies. Using DiffServ in your network allows you to directly configure the relevant parameters on the switches and routers rather than using a resource reservation protocol.This section explains how to configure the 7000 Series Managed Switch to identify which traffic class a packet belongs to, and how it should be handled to provide the desired quality of service.
Page 202: Cli: Diffserv
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 – Policing packets by dropping or re-marking those that exceed the class’s assigned data rate – Counting the traffic within the class • Service. Assigns a policy to an interface for inbound traffic...
Page 203 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 - Source IP address -- for the new classes. (Netgear Switch) (Config)#class-map match-all finance_dept (Netgear Switch) (Config class-map)#match srcip 172.16.10.0 255.255.255.0 (Netgear Switch) (Config class-map)#exit (Netgear Switch) (Config)#class-map match-all marketing_dept (Netgear Switch) (Config class-map)#match srcip 172.16.20.0 255.255.255.0...
Page 204: Web Interface: Diffserv
It is presumed that the switch will forward this traffic to interface 1/0/5 based on a normal destination address lookup for internet traffic. (Netgear Switch) (Config)#interface 1/0/5 (Netgear Switch) (Interface 1/0/5)#cos-queue min-bandwidth 0 25 25 25 25 0 0 0 (Netgear Switch) (Interface 1/0/5)#exit (Netgear Switch) (Config)#exit...
Page 205 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Next to the Diffserv Admin Mode, select the Enable radio button. Click Apply to save the settings. Create class finance_dept. From the main menu, select QoS > DiffServ >Advanced >Class Configuration. A screen similar to the following displays.
Page 206 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click the finance_dept to configure this class. Figure 14-4 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.10.0. • In the Source Mask field, enter 255.255.255.0.
Page 207 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Enter the following information in the Class Configuration • In the Class Name field, enter marketing_dept. • Select All from the Class Type pull-down menu. Click Add to create a new class marketing_dept.
Page 208 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select QoS > DiffServ > Advanced >Class Configuration. A screen similar to the following displays. Figure 14-7 b. Enter the following information in the Class Configuration •...
Page 209 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.30.0. • In the Source Mask field, enter 255.255.255.0. Click Apply. Create class development_dept.
Page 210 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click the development_dept to configure this class. Figure 14-10 Under the Diffserv Class Configuration page, enter the following information: • In the Source IP Address field, enter 172.16.40.0. • In the Source Mask field, enter 255.255.255.0. Click Apply.
Page 211 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 14-11 b. Enter the following information in the Class Configuration • In the Policy Selector field, enter internet_access.
Page 212 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Add the class test_dept into the policy internet_access. From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 14-13 b. Under Policy Configuration, scroll down to internet_access and select the checkbox for internet_access.
Page 213 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click Apply to add the class development_dept to the policy internet_access. 10. Assign queue 1 to the finance_dept. From the main menu, select QoS > DiffServ > Advanced >Policy Configuration. A screen similar to the following displays.
Page 214 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click Apply. 11. Assign queue 2 to the marketing_dept. From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 14-17 b. Click the internet_access whose member class is marketing_dept. another screen similar to the following displays.
Page 215 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click Apply. 12. Assign queue 3 to the test_dept. From the main menu, select QoS > DiffServ > Advanced >Policy Configuration. A screen similar to the following displays. Figure 14-19 b.
Page 216 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click Apply. 13. Assign queue 4 to the development_dept. From the main menu, select QoS > DiffServ >Advanced >Policy Configuration. A screen similar to the following displays. Figure 14-21 b. Click the internet_access whose member class is development_dept. another screen similar to the following displays.
Page 217 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click Apply. 14. Attach the defined policy to the interface 1/0/1 through 1/0/4 in the inbound direction From the main menu, select QoS > Advanced >Service Configuration. A screen similar to the following displays.
Page 218 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select QoS > CoS >Advanced >Interface Queue Configuration. A screen similar to the following displays. Figure 14-24 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/0/5.
Page 219 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/ 0/5. 1/0/5 now appears in the Interface field at the top. Select the 2 from the Queue ID pull-down menu d.
Page 220: Diffserv For Voip Configuration
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select QoS > CoS >Advanced >Interface Queue Configuration. A screen similar to the following displays. Figure 14-27 b. Under Interface Queue Configuration, scroll down to interface 1/0/5 and select the checkbox for 1/0/5.
Page 221: Cli: Diffserv For Voip
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 script is for Router 1 in the accompanying diagram: a similar script should be applied to Router 2. Port 1/0/2 Layer 3 Switch operating as Router 1 Port 1/0/3 Internet Layer 3 Switch...
Page 222: Web Interface: Diffserv For Voip
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Create a second DiffServ classifier named 'class_ef' and define a single match criterion to detect a DiffServ code point (DSCP) of 'EF' (expedited forwarding). This handles incoming traffic that was previously marked as expedited somewhere in the network.
Page 223 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select QoS > CoS > Advanced > CoS Interface Configuration. A screen similar to the following displays. Figure 14-29 b. Under Interface Queue Configuration, select all the interfaces.
Page 224 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select QoS > DiffServ > Advanced >DiffServ Configuration. A screen similar to the following displays. Figure 14-31 b. In the Class Name, enter class_voip. Select the All from the Class Type pull-down menu.
Page 225 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select QoS > DiffServ > Advanced >DiffServ Configuration. A screen similar to the following displays. Figure 14-33 b. In the Class Name, enter class_ef. Select the All from the Class Type pull-down menu.
Page 226 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Click the Apply to create a new class. Create a policy pol_voip and add class_voip into this policy From the main menu, select QoS > DiffServ> Advanced > Policy Configuration. A screen similar to the following displays.
Page 227 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Next to the Policy Attribute, click the Mark IP DSCP radio button, select ef from the Mark IP DSCP pull-down menu. Click Apply to create a new policy. add class_ef into the policy pol_voip From the main menu, select QoS >...
Page 228 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Click the pol_voip whose class member is class_ef, another screen similar to the following displays. Figure 14-38 Select the 5 from the Assign Queue pull-down menu. Click the Apply to create a new policy.
Page 229: Igmp Snooping And Querier
The following example shows how to enable IGMP snooping. (Netgear Switch) #config (Netgear Switch) (Config)#ip igmpsnooping (Netgear Switch) (Config)#ip igmpsnooping interfacemode (Netgear Switch) (Config)#exit Web Interface: Enabling IGMP Snooping To use the Web interface to configure the managed switch, proceed as follows: Configure the IGMP Snooping Configuration.
Page 230: Show Igmpsnooping
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Switching > Multicast > IGMP Snooping Configuration. A screen similar to the following displays. Figure 15-1 b. Enter the following information in the IGMP Snooping Configuration.
Page 231: Cli: Showing Igmpsnooping
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Showing igmpsnooping (Netgear Switch) #show igmpsnooping? <cr> Press Enter to execute the command. <slot/port> Enter interface in slot/port format. mrouter Display IGMP Snooping Multicast Router information. <1-4093> Display IGMP Snooping valid VLAN ID information.
Page 232: Show Mac-Address-Table Igmpsnooping
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Show mac-address-table igmpsnooping The example is shown as CLI commands and as a Web interface procedure. CLI: Showing mac-address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? <cr> Press Enter to execute the command.
Page 233: Configure The Switch With An External Multicast Router
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Configure the Switch with an External Multicast Router The example is shown as CLI commands and as a Web interface procedure. CLI: Configuring the Switch with an External Multicast Router This example configures the interface as the one the multicast router is attached to. All IGMP packets snooped by the switch will be forwarded to the multicast router reachable from this interface.
Page 234: Configure The Switch With A Multicast Router Using Vlan
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Under Multicast Router Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface. 1/0/3 now appears in the Interface field at the top. In the Multicast Router pull-down menu, select Enable.
Page 235: Igmp Querier
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Switching > Multicast > Multicast Router VLAN Configuration. A screen similar to the following displays. Figure 15-5 Under Multicast Router VLAN Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 236: Enable Igmp Querier
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 However, the IGMP snooping operation usually requires an extra network device—normally a router—that can generate an IGMP membership query and solicit interested nodes to respond. With the build-in IGMP Querier feature inside the switch, such an external device is no longer needed.
Page 237: Web Interface: Enabling Igmp Querier
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 the querier for VLAN 1. See the CLI Manual for more details about other IGMP querier command options. (Netgear switch) #vlan database (Netgear switch) (vlan)#ip igmp 1 (Netgear switch) (vlan)#ip igmpsnooping querier 1...
Page 238: Show Igmp Querier Status
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Show IGMP Querier Status The example is shown as CLI commands and as a Web interface procedure. CLI: Showing IGMP Querier Status To see the IGMP querier status, use the following command.
Page 239: Security Management
Chapter 16 Security Management In this chapter, exmples are provided for the following topics: • “Port Security” • “Protected Ports” on page 16-6 • “802.1x Port Security” on page 16-13 Port Security This section describes the Port Security feature. Port Security: •...
Page 240: Set The Dynamic And Static Limit On The Port 1/0/1
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • Dynamically locked MAC addresses are eligible to be learned by another port • Static MAC addresses are not eligible for aging • Dynamically locked addresses can be converted to statically locked addresses Set the Dynamic and Static Limit on the Port 1/0/1 The example is shown as CLI commands and as a Web interface procedure.
Page 241 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Security > Traffic Control >Port Security->Port Administrator. A screen similar to the following displays. Figure 16-1 b. Under Port Security Configuration, next to the Port Security Mode, select Enable radio button.
Page 242: Convert The Dynamic Address Learned From 1/0/1 To The Static Address
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click Apply to save the settings. Convert the Dynamic Address Learned from 1/0/1 to the Static Address The example is shown as CLI commands and as a Web interface procedure.
Page 243: Create A Static Address
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Under Port Security Configuration, select 1/0/1 from the Port List pull-down menu. Select the Convert Dynamic Address to Static checkbox. Click Apply to save the settings. Create a Static Address The example is shown as CLI commands and as a Web interface procedure.
Page 244: Protected Ports
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Protected Ports This section describes how to set up protected ports on the switch. Some situations might require that traffic is prevented from being forwarded between any ports at Layer 2 so that one user cannot see the traffic of another user on the same switch.
Page 245 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Step 1: Create one VLAN 192 including PC1 and PC2. (Netgear Switch) #vlan database (Netgear Switch) #vlan 192 (Netgear Switch) #vlan routing 192 (Netgear Switch) #exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/23...
Page 246: Web Interface: Configuring A Protected Port To Isolate Ports On The Switch
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Step 4: Enable IProuting and configure a default route. (Netgear Switch)(config)#ip routing (Netgear Switch)(config)#ip route 0.0.0.0 0.0.0.0 10.100.5.252 Step 5: Enable a protected port on 1/0/23 and 1/0/24. (Netgear Switch) (Config)#interface 1/0/23...
Page 247 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. Figure 16-6 b. Under DHCP Pool Configuration, enter the following information: •...
Page 248 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • Click on DNS Server Addresses. The router address fields display. In the first DNS server address field, enter 12.7.210.170. Click Add. Configure a VLAN and include ports 1/0/23 and 1/0/24 in the VLAN: From the main menu, select Routing >...
Page 249 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. Figure 16-8 b. Enter the following information in the VLAN Routing Wizard: •...
Page 250 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Enable IP Routing: From the main menu, select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. Figure 16-9 b. Under IP Configuration, make the following selections: •...
Page 251: 802.1X Port Security
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click Add to add the route that is associated to VLAN 202 to the Learned Routes table. Configure port 23 and port 24 as protected ports: From the main menu, select Security > Traffic Control > Protected Port. A screen similar to the following displays.
Page 252 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • Can be configured on a per-port basis Layer 2 Switch RADIUS Server Layer 2 Switch PC 1 PC 2 Figure 16-12 The following example shows how to authenticate the dot1x users by a RADIUS server. The management IP address is 10.100.5.33/24.
Page 253: Cli: Authenticating Dot1X Users By A Radius Server
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Authenticating dot1x Users by a RADIUS Server (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0 (Netgear Switch) (Config)#dot1x system-auth-control Enable dot1x on the switch.
Page 254: Web Interface: Authenticating Dot1X Users By A Radius Server
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Authenticating dot1x Users by a RADIUS Server Enable routing for the switch. From the main menu, select Routing > Basic >IP Configuration. A screen similar to the following displays.
Page 255 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Assign IP address 10.100.5.33/24 to the interface 1/0/19 From the main menu, select Routing > Advanced >IP Interface Configuration. A screen similar to the following displays. Figure 16-15 b. Under IP Interface Configuration, scroll down to interface 1/0/19 and select the checkbox for that interface.
Page 256 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click Add button. Set the port 1/0/19 to the Force Authorized mode. (In this case, the Radius server is connected to this interface.) From the main menu, select Security > Port Authentication > Advanced > Port Authentication. A screen similar to the following displays.
Page 257 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click Apply to save settings. Configure RADIUS authentication server. From the main menu, select Security > Management Security > Server Configuration. A screen similar to the following displays. Figure 16-19 b.
Page 258 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. In the Server Address, enter 10.100.5.17. Select the Enable from the Accounting Mode pull-down menu. d. Click the Apply. Configure accounting server. From the main menu, select Security > Management Security > RADIUS > Radius Accounting Server Configuration.
Page 259: Simple Network Time Protocol (Sntp)
SNTP client implemented over UDP which listens on port 123 Show SNTP (CLI Only) The following are examples of the commands used in the SNTP feature. show sntp (Netgear Switch Routing) #show sntp ? <cr> Press Enter to execute the command. client Display SNTP Client Information.
Page 260: Show Sntp Client
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 show sntp client (Netgear Switch Routing) #show sntp client Client Supported Modes: unicast broadcast SNTP Version: Port: Client Mode: unicast Unicast Poll Interval: Poll Timeout (seconds): Poll Retry: show sntp server...
Page 261 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 NETGEAR switches do not have a built-in real-time clock. However, it is possible to use SNTP to get the time from a public SNTP/NTP server over the Internet. You may need permission from those public time servers.
Page 262: Web Interface: Configuring Sntp
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Configuring SNTP To use the Web interface to configure SNTP, proceed as follows: Configure SNTP server From the main menu, select System > Management>Time>SNTP Server Configuration. A screen similar to the following displays.
Page 263: Set The Time Zone (Cli Only)
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select System > Management>Time>SNTP Global Configuration. A screen similar to the following displays. Figure 17-2 b. Enter the following information in the SNTP Global Configuration. • Next to the Client Mode, Select the Unicast radio button •...
Page 264: Web Interface: Setting Named Sntp Server
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Because Netgear may change IP addresses assigned to its time servers, it is best to access a SNTP server by DNS name instead of using a hard-coded IP address. The public time servers available are time-a, time-b, and time-c.
Page 265 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • In the Version field, enter 4 Click Add. Configure the DNS server. From the main menu, select System > Management>DNS>DNS Configuration. A screen similar to the following displays. Figure 17-4 b.
Page 266 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 17-8 Simple Network Time Protocol (SNTP) v1.0, November 2008...
Page 267: Traceroute
In this example, the packet takes 16 hops to reach its destination. CLI:Traceroute (Netgear Switch) #traceroute? <ipaddr> Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? <cr> Press Enter to execute the command. <port> Enter port no. (Netgear Switch) #traceroute 216.109.118.74 18-1 v1.0, November 2008...
Page 268: Web Interface: Traceroute
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Tracing route over a maximum of 20 hops 10.254.24.1 40 ms 9 ms 10 ms 10.254.253.1 30 ms 49 ms 21 ms 63.237.23.33 29 ms 10 ms 10 ms 63.144.4.1 39 ms...
Page 269: Configuration Scripting
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 APPLY button, the switch will send three traceroute packets each hop, and the results will be displayed in the result table. b. Enter the following information in the Traceroute. In the IP Address field, enter 216.109.118.74.
Page 270: Script
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 script (Netgear Switch) #script ? apply Applies configuration script to the switch. delete Deletes a configuration script file from the switch. list Lists all configuration script files present on the switch.
Page 271: Create A Configuration Script
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Create a Configuration Script (Netgear Switch) #show running-config running-config.scr Config script created successfully. (Netgear Switch) #script list Configuration Script Name Size(Bytes) ------------------------- ---------- running-config.scr 3201 1 configuration script(s) found. 1020799 bytes free.
Page 272: Port Mirroring
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 To create a Pre-Login Banner, follow these steps: On your PC, using Notepad create a banner.txt file that contains the banner to be displayed. Login Banner - Unauthorized access is punishable by law.
Page 273: Cli: Specifying The Source (Mirrored) Ports And Destination (Probe)
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 The example is shown as CLI commands and as a Web interface procedure. CLI: Specifying the Source (Mirrored) Ports and Destination (Probe) (Netgear Switch)#config (Netgear Switch)(Config)#monitor session 1 mode Enable mirror (Netgear Switch)(Config)#monitor session 1 source interface 1/0/2 Specify the source interface.
Page 274: Outbound Telnet
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Click Apply. Outbound Telnet In this chapter, the following examples are provided: • “CLI: show network” on page 18-8 • “CLI: transport output telnet” on page 18-9 • “CLI: session-limit and session-timeout” on page 18-10 Outbound Telnet: •...
Page 275: Cli: Show Telnet
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: show telnet (Netgear Switch Routing)#show telnet Outbound Telnet Login Timeout (minutes)..5 Maximum Number of Outbound Telnet Sessions..5 Allow New Outbound Telnet Sessions..... Yes CLI: transport output telnet (Netgear Switch Routing) (Config)#lineconfig ? <cr>...
Page 276: Cli: Session-Limit And Session-Timeout
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Security > Access > Telnet. A screen similar to the following displays. Figure 18-3 Enter the following information in the Outbound Telnet. Next to the Admin Mode, select the Enable radio button.
Page 277 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Security > Access > Telnet. A screen similar to the following displays. Figure 18-4 Enter the following information in the Outbound Telnet . • In the Session Timeout field, enter 15.
Page 278 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 18-12 Tools v1.0, November 2008...
Page 279: Syslog
Chapter 19 Syslog In this chapter, the following examples are provided: • “Show Logging” on page 19-2 • “Show Logging Buffered” on page 19-5 • “Show Logging Traplogs” on page 19-7 • “Show Logging Hosts” on page 19-8 • “Log Port Configuration” on page 19-9 The Syslog feature: •...
Page 280: Show Logging
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Show Logging The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging (Netgear Switch Routing) #show logging Logging Client Local Port CLI Command Logging disabled...
Page 281 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Enter the following information in the Syslog Configuration. Next to the Admin Status, select the Enable radio button. Click Apply. Configure the Command Log From the main menu, select Monitoring > Logs >Command Log.
Page 282 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Monitoring > Logs >Console Log. Figure 19-4 b. Enter the following information in the Console Log Configuration. Next to the Admin Status, click the Disable radio button.
Page 283: Show Logging Buffered
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Monitoring > Logs >Buffer Logs. A screen similar to the following displays. Figure 19-5 b. Enter the following information in the Buffer Logs. Next to the Admin Status, click the Enable radio button.
Page 284: Cli: Showing Logging Buffered
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Showing Logging Buffered (Netgear Switch Routing) #show logging buffered ? <cr> Press Enter to execute the command. (Netgear Switch Routing) #show logging buffered Buffered (In-Memory) Logging enabled Buffered Logging Wrapping Behavior Buffered Log Count <1>...
Page 285: Show Logging Traplogs
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Show Logging Traplogs The example is shown as CLI commands and as a Web interface procedure. CLI: Showing Logging Traplogs (Netgear Switch Routing) #show logging traplogs <cr> Press Enter to execute the command.
Page 286: Show Logging Hosts
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Show Logging Hosts The example is shown as CLI commands and as a Web interface procedure. CLI: Showing Logging Hosts (Netgear Switch Routing) #show logging hosts ? <cr> Press Enter to execute the command.
Page 287: Log Port Configuration
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Log Port Configuration The example is shown as CLI commands and as a Web interface procedure. CLI: Logging Port Configuration (Netgear Switch Routing) #config (Netgear Switch Routing) (Config)#logging ? buffered Buffered (In-Memory) Logging Configuration.
Page 288 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 To use the Web interface to configure the managed switch, proceed as follows: From the main menu, select Monitoring > Logs >Sys Log Configuration. A screen similar to the following displays.
Page 289: Managing Switch Stacks
Chapter 20 Managing Switch Stacks This chapter describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches running Release 4.x.x.x or newer. NETGEAR stackable managed switches include the following models: • FSM7226RS • FSM7250RS • FSM7328S •...
Page 290: Understanding Switch Stacks
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Understanding Switch Stacks A switch stack is a set of up to eight Ethernet switches connected through their stacking ports. One of the switches controls the operation of the stack and is called the stack master. The stack master and the other switches in the stack are stack members.
Page 291: Switch Stack Cabling (Fsm73Xxs)
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 A standalone switch is a switch stack with one stack member that also operates as the stack master. You can connect one standalone switch to another to create a switch stack containing two stack members, with one of them being the stack master.
Page 292: Stack Master Election And Re-Election
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 use the regular Category 5 Ethernet 8 wire cable. Figure 20-1 Interconnect port 51 ports 51 and 52 as shown port 52 Figure 20-2 Stack Master Election and Re-Election The stack master is elected or re-elected based on one of these factors and in the order listed:...
Page 293: Stack Member Numbers
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 The switch with the highest stack member priority value Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs.
Page 294: Switch Stack Offline Configuration
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Switch Stack Offline Configuration You can use the offline configuration feature to preconfigure (supply a configuration to) a new switch before it joins the switch stack. You can configure in advance the stack member number, the switch type, and the interfaces associated with a switch that is not currently part of the stack (see “Preconfiguration”...
Page 295: Effects Of Removing A Preconfigured Switch From A Switch Stack
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Effects of Removing a Preconfigured Switch from a Switch Stack If you remove a preconfigured switch from the switch stack, the configuration associated with the removed stack member remains in the running configuration as configured information. To completely remove the configuration, use the no member unit_number (this is in the stacking configuration mode).
Page 296: Switch Stack Configuration Scenarios
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • You can connect to the stack master through the console port of the stack master only. • You can connect to the stack master by using a Telnet connection to the IP address of the stack.
Page 297: Stacking Recommendations
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Stacking Recommendations The purpose of this section is to collect notes on recommended procedures and expected behavior of stacked managed switches. Procedures addressed initially are listed below. • Initial installation and power-up of a stack.
Page 298: Removing A Unit From The Stack
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Power on a second unit, making sure it is adjacent (next physical unit in the stack) to the unit already powered up. This will insure the second unit comes up as a member of the stack, and not a “Master” of a separate stack.
Page 299: Replacing A Stack Member With A New Unit
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Replacing a Stack Member with a New Unit There are two possible situations here. First, if you replace a stack member of a certain model number with another unit of the same model, follow the process below: •...
Page 300: Web Interface: Renumbering Stack Members
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Renumbering Stack Members To use the Web interface to renumber the stack number, proceed as follows: Renumbering the stacking member’s ID from 3 to 2. From the main menu, select System > Management > Basic > Stack Configuration. A screen similar to the following displays.
Page 301: Moving A Master To A Different Unit In The Stack
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Moving a Master to a Different Unit in the Stack This example is provided as CLI commands and a Web interface procedure. CLI: Moving a Master to a Different Unit in the Stack Using the movemanagement command, move the master to the desired unit number.
Page 302: Removing A Master Unit From An Operating Stack
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 d. Click the Apply. Note: If you move a master to a different unit, you may lose the connection to the switch because the IP address may be changed if the switch gets IP address using DHCP.
Page 303: Upgrading Firmware
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 After a unit type is preconfigured for a specific unit number, attaching a unit with different unit type for this unit number causes the switch to report an error. The show switch command indicates “config mismatch”...
Page 304: Web Interface: Upgrading Firmware
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • Ports on the added unit should remain in the “detached” state. • A message should appear on the CLI indicating a code mismatch with the newly added unit. • To have the newly added unit to merge normally with the stack, code should be loaded to the newly added unit from the master using the copy command.
Page 305: Snmp
The example is shown as CLI commands and as a Web interface procedure. CLI: Adding a New Community (Netgear switch) #config (Netgear switch) (Config)#snmp-server community rw public@4 Web Interface: Adding a New Community To use the Web interface to add a new community, proceed as follows: From the main menu, select System >...
Page 306: Enable Snmp Trap
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 In the Client Address field, enter 0.0.0.0. In the Client IP Mask field, enter 0.0.0.0. Select the Read/Write from the Access Mode pull-down menu. Select the Enable from the Status pull-down menu.
Page 307: Configure Snmp V3
Configure SNMP V3 The example is shown as CLI commands and as a Web interface procedure. CLI: Configuring SNMP V3 This example shows how to configure SNMP v3 on the NETGEAR switches. (Netgear Switch) #config (Netgear Switch) (Config)#users passwd admin...
Page 308: Web Interface: Configuring Snmp V3
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Configuring SNMP V3 Change the user password. If you set the authentication mode to md5, you must make the length of password longer than 8 characters. From the main menu, select Security > Management Security > User Configuration >User Management.
Page 309 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Select the admin from the User Name pull-down menu. Next to Authentication Protocol, click the MD5 radio button. d. Next to the Encryption Protocol, click the DES radio button. In the Encryption Key field, enter 12345678.
Page 310 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 21-6 SNMP v1.0, November 2008...
Page 311: Specify Two Dns Servers
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Chapter 22 In this chapter, the following examples are provided: • “Specify Two DNS Servers” • “Manually Add a Host Name and an IP Address” on page 22-2 This section describes the Domain Name System (DNS) feature. The DNS protocol maps a host name to an IP address, allowing you to replace the IP address with the host name for IP commands such as a ping and a traceroute, and for features such as RADIUS, DHCP Relay, SNTP, SNMP, TFTP, SYSLOG, and UDP Relay.
Page 312: Manually Add A Host Name And An Ip Address
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select System > Management > DNS > DNS Configuration. A screen similar to the following displays. Figure 22-1 Under DNS Server Configuration, in the DNS Server field, enter 12.7.210.170.
Page 313: Web Interface: Manually Adding A Host Name And An Ip Address
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Manually Adding a Host Name and an IP Address To use the Web interface to manually add a host name and an IP address, proceed as follows: From the main menu, select System > Management > DNS > Host Configuration. A screen similar to the following displays.
Page 314 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 22-4 v1.0, November 2008...
Page 315: Dhcp Server
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Chapter 23 DHCP Server This section describes the DHCP server configuration. When a client sends a request to a DHCP server, the DHCP server assigns the IP address from address pools that are specified on the switch. The network in the DHCP pool must belong to the same subnet.
Page 316 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. Figure 23-1 Next to Admin Mode, select the Enable radio button.
Page 317: Configure A Dhcp Reservation
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 23-2 Under DHCP Pool Configuration, enter the following information: •...
Page 318: Cli: Configuring A Dhcp Reservation
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Configuring a DHCP Reservation To use the CLI to create a DHCP server with a with a manual pool, enter the following CLI commands: (Netgear Switch)#config (Netgear Switch) (Config)#service dhcp...
Page 319 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select System > Services > DHCP Server > DHCP Pool Configuration. A screen similar to the following displays. Figure 23-4 Under DHCP Pool Configuration, enter the following information: •...
Page 320 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 23-6 DHCP Server v1.0, November 2008...
Page 321: Double Vlans
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Chapter 24 Double VLANs This section describes how to configure the Double VLAN (DVLAN) feature on the switch. A DVLAN is a way to pass traffic of customers who have multiple VLANs from one customer domain to another customer domain.
Page 322: Enable A Double Vlan
VLAN tag for traffic going from the subnet domain connected to port 1/0/24. This example assumes there is a NETGEAR access switch connecting all these devices in your domain. The access switch tags the packet going to the layer 2 switch port 1/0/24.
Page 323 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. Figure 24-2 b. Under VLAN Configuration, enter the following information and make the following selection: •...
Page 324 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 similar to the following displays. Figure 24-3 b. Under VLAN Membership, select 200 from the VLAN ID pull-down menu. Click Unit 1. The ports display: • Click the gray box under port 24 twice until U displays. The U specifies that the egress packet is untagged for the port.
Page 325 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Change the Port VLAN ID (PVID) of port 24 to 200: From the main menu, select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays.
Page 326 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 screen similar to the following displays. Figure 24-5 b. Under DVLAN Configuration, scroll down to interface 1/0/48 and select the chechbox for that interface. 1/0/48 now appears in the Interface field at the top.
Page 327: Private Vlan Groups
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Chapter 25 Private VLAN Groups The private VLAN Group allows network administrator to create groups of users within a VLAN that cannot communicate with members in different groups but only within the same group. There are two modes for the private group.
Page 328: Cli: Creating A Private Vlan Group
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Creating a Private VLAN Group (Netgear Switch) # (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/6 (Netgear Switch) (Interface 1/0/6)#vlan participation include 200...
Page 329: Web Interface: Creating A Private Vlan Group
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Web Interface: Creating a Private VLAN Group To use the Web interface, proceed as follows: Create a VLAN 200. From the main menu, select Switching > VLAN > Basic > VLAN configuration. A screen similar to the following displays.
Page 330 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Enter the following information in the VLAN Membership. Select 200 from the VLAN ID pull-down menu. Click the Unit 1. The Ports display. d. Click the gray box under port 6 , 7, 16 and 17 until U displays. The U specifies that the egress packet is untagged for the port.
Page 331 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 VLAN > Private Group Configuration. A screen similar to the following displays. Figure 25-5 b. In the Group Name field, enter group1. In the Group ID field, enter 1. d. Select community from the Group Mode pull-down menu.
Page 332 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Security > Traffic Control >Private Group VLAN > Private Group Configuration. A screen similar to the following displays. Figure 25-7 b. In the Group Name field, enter group2.
Page 333: Spanning Tree Protocol
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Chapter 26 Spanning Tree Protocol In this chapter, the following examples are provided: • “Configure Classic STP (802.1d)” • “Configure Rapid STP (802.1w)” on page 26-3 • “Configure Multiple STP (802.1s)” on page 26-4 The purpose of spanning tree is to eliminate the loops in the switch system.
Page 334 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 From the main menu, select Switching > STP > STP Configuration. A screen similar to the following displays. Figure 26-1 b. Enter the following information in the STP Configuration. • Next to the Spanning Tree Admin Mode, select the Enable radio button.
Page 335: Configure Rapid Stp (802.1W)
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Under CST Port Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface. 1/0/3 now appears in the Interface field at the top. Enter the following information in the CST Port Configuration.
Page 336: Configure Multiple Stp (802.1S)
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • Next to the Spanning Tree Admin Mode, select the Enable radio button. • Next to the Force Protocol Version, select the IEEE 802.1w radio button. Click Apply. Configure CST Port Configuration.
Page 337: Cli: Configuring Multiple Stp (802.1S)
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 CLI: Configuring Multiple STP (802.1s) (Netgear switch) (Config)# spanning-tree (Netgear switch) (Config)# spanning-tree forceversion 802.1s (Netgear switch) (Config)# spanning-tree mst instance 1 Create a mst instance 1 (Netgear switch) (Config)# spanning-tree mst priority 1 4096...
Page 338 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 • Next to the Spanning Tree Admin Mode, select the Enable radio button. • Next to the Force Protocol Version, select the IEEE 802.1s radio button. Click Apply. Configure MST Configuration.
Page 339 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Configure MST Port. From the main menu, select Switching > STP > MST Port Status. A screen similar to the following displays. Figure 26-7 Under MST Port Configuration, scroll down to interface 1/0/3 and select the checkbox for that interface.
Page 340 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 26-8 Spanning Tree Protocol v1.0, November 2008...
Page 341 Index Numerics session-timeout 18-10 set classofservice trust mode 13-3, 13-4 802.1x port security 16-13 show classofservice ip-precedence mapping 13-5 show classofservice trust 13-3 show hardware show igmpsnooping 15-3 12-1 show ip interface 10-1 show ip vlan show logging 19-2 apply show logging buffered 19-5, 19-6 10-1...
Page 342 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 untrusted ports 13-2 VLAN routing RIP configuration 7-1, 8-8 IPTV 15-7 delete DHCP server link aggregation (LAG) dynamic mode 23-1 manual mode 23-3 DiffServ MAC ACL 12-1 edge device 14-1 interior node...
Page 343 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 saving the configuration sub tags SNMP V3 user profile web control buttons SNTP 17-1 WRED 13-1 static host name 22-1 switch FSM family of switches 20-1 GSM family of switches 20-1...
Page 344 NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 Index-4 v1.0, November 2008...

This manual is also suitable for:

Gsm7328sv1 - prosafe 24+4 gigabit ethernet l3 managed stackable switch Gsm7352sv1 - prosafe 48+4 gigabit ethernet l3 managed stackable switch 7000 series

NETGEAR FSM726E-100NAS Administration Manual

About this Manual

Chapter 1 Getting Started

Chapter 2 Using Ezconfig for Switch Setup

Chapter 3 Using the Web Interface

Chapter 4 Virtual Lans

Chapter 5 Link Aggregation

Chapter 6 Port Routing

Chapter 7 VLAN Routing

NETGEAR 7000 Series Managed Switch Administration Guide Version

Chapter 8 Routing Information Protocol

Chapter 9 OSPF

Chapter 10 Proxy Address Resolution Protocol (ARP)

Chapter 11 Virtual Router Redundancy Protocol

Chapter 12 Access Control Lists (Acls)

Chapter 13 Class of Service (Cos) Queuing

Chapter 14 Differentiated Services

Chapter 15 IGMP Snooping and Querier

Chapter 16 Security Management

Chapter 17 Simple Network Time Protocol (SNTP)

Chapter 18 Tools

Chapter 19 Syslog

Chapter 20 Managing Switch Stacks

Chapter 21 SNMP

Quick Links

Managed Switch

Related Manuals for NETGEAR FSM726E-100NAS

Summary of Contents for NETGEAR FSM726E-100NAS