NETGEAR 7000 User Manual
NETGEAR 7000 Series
Managed Switch
Administration Guide
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
202-10194-02
May 2006
© 2006 by NETGEAR, Inc. All rights reserved. FullManual.
Trademarks
NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR, Inc..
Microsoft, Windows, and Wi ndow s NT are registered trademar ks of Microsoft Corporation.
Other brand and product names are registered trademarks or trademarks of their respective holders. Portions of this
document are copyright Intoto, Inc.
May 2006
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.
EN 55 022 Declaration of Conformance
This is to certify that the 7000 Series Managed Switch is shielded against the generation of radio interference in
accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application
of EN 55 022 Class B (CISPR 22).
Certificate of the Manufacturer/Importer
It is hereby certified that the 7000 Series Managed Switch has been suppressed in accordance with the conditions set out
in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters)
in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the
operating instructions.
The Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das7000 Series Managed Switch gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/
1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann
jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the Class B category (information equipment to be used in a residential area or an adjacent area
thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing
Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas. When used
near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling.
ii
v1.1, May 2006
Note: Delete this note and the information below for products that are not wireless.
FCC Information to User
This product does not contain any user serviceable components and is to be used with approved antenn as only. Any
product changes or modifications will invalidate all applicable regulatory certifications and approvals
FCC Guidelines for Human Exposure
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment
should be installed and operated with minimum distance of 20 cm between the radiator and your body.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter."
Declaration Of Conformity
We NETGEAR, Inc., 4500 Great America Parkway, Santa Clara, CA 95054, declare under our sole responsibility that
the model 7xxx Cardbus Card Wireless Adapter complies with Part 15 of FCC Rules. Operation is subject to the
following two conditions:
• This device may not cause harmful interference, and
• This device must accept any interference received, including interference that may cause undesired operation.
Regulatory Compliance Information
This section includes user requirements for operating this product in accordance with National laws for usage of radio
spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result
in unlawful operation and adverse action against the end-user by the applicable National regulatory authority.
NOTE: This product's firmware limits operation to only the channels allowed in a particular Region or Country.
Therefore, all options described in this user's guide may not be available in your version of the product.
FCC Requirements for Operation in the United States
Radio Frequency Interference Warnings & Instructions
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of
the FCC Rules. These limits are designed to provide rea sonable protection against harmful interference in a residential
installation. This equipment uses and can radiate radio frequency energy and, if not installed and used in accordance
with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that
interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to
correct the interference by one or more of the following methods:
• Reorient or relocate the receiving antenna
• Increase the separation between the equipment and the receiver
• Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected
v1.1, May 2006
iii
• Consult the dealer or an experienced radio/TV technician for help.
7000 Series Managed Switch
Tested to Comply
with FCC Standards
FOR HOME OR OFFICE USE
Modifications made to the product, unless expressly approved byNETGEAR, Inc., could void the user's right to operate
the equipment.
PY3WG111
Canadian Department of Communications Radio Interference Regulations
This digital apparatus (7000 Series Managed Switch) does not exceed the Class B limits for radio-noise emissions from
digital apparatus as set out in the Radio Interference Regulations of the Canadian Depar tment of Communications.
Canada ID: 4054A-WG111
Product and Publication Details
Model Number: 7xxx
Publication Date: May 2006
Product Family: Managed Switch
Product Name: 7000 Series Managed Switch
Home or Business Product: Business
Language: English
Publication Part Number: 202-10194-02
Publication Version Number: 1.1
iv
v1.1, May 2006
Contents
NETGEAR 7000 Series Managed Switch Administration Guide
About This Book ....................................................................................................................xi
Chapter 1
Getting Started
In-band and Out-of-band Connectivity ............................................................................1-1
Configuring for In-band Connectivity .. .... ..................................................................1-1
Using BootP or DHCP .......................................................................................1-1
Using the EIA-232 Port ......................................................................................1-2
Configuring for Out-Of-Band Connectivity ................................................................1-3
Starting the Switch ..........................................................................................................1-4
Initial Configuration .........................................................................................................1-4
Initial Configuration Procedure .................................................................................1-5
Software Installation .......................................................................................................1-6
Quick Starting the Networking Device ......................................................................1-6
System Information and System Setup ....................................................................1-6
Chapter 2
Using the Web Interface
Configuring for Web Access ...........................................................................................2-1
Starting the Web Interface ..............................................................................................2-2
Web Page Layout ...................................... ... ... ... .... ... ... ... .... ... ... ...............................2-2
Configuring an SNMP V3 User Profile .....................................................................2-2
Command Buttons ...................................................................................................2-3
Chapter 3
Virtu al LA Ns
VLAN Configuration Example .........................................................................................3-2
CLI Examples .................................................................................................................3-2
Example #1: Create Two VLANs ..............................................................................3-2
Example #2: Assign Ports to VLAN2 ........................................................................3-3
v1.1, May 2006
v
Example #3: Assign Ports to VLAN3 ........................................................................3-3
Example #4: Assign VLAN3 as the Default VLAN ...................................................3-3
Graphical User Interface .................................................................................................3-4
Chapter 4 Link Aggregation
CLI Example ...................................................................................................................4-1
Example 1: Create two LAGS: .................................................................................4-3
Example 2: Add the ports to the LAGs: ....................................................................4-4
Example 3: Enable both LAGs. ................................................................................4-4
Chapter 5
IP Routing Services
Port Routing ........................... ... ... .... .......................................... .....................................5-1
Port Routing Configuration ........ ... ... ... .... ... ... ... ... .... ... .......................................... ... ..5-2
CLI Examples ...........................................................................................................5-3
Example 1. Enabling routing for the Switch .......................................................5-3
Example 2. Enabling Routing for Ports on the Switch .......................................5-4
VLAN Routing .................................................................................................................5-4
VLAN Routing Configuration ....................................................................................5-5
CLI Examples ...........................................................................................................5-5
Example 1: Create Two VLANs .........................................................................5-6
Example 2: Set Up VLAN Routing for the VLANs and the Switch. ....................5-6
VLAN Routing RIP Configuration .............. ... ... ... .... ... .......................................... ... ..5-7
CLI Example ......................................................................................................5-8
VLAN Routing OSPF Configuration .......................................................................5-10
CLI Example ....................................................................................................5-10
Routing Information Protocol ........................................................................................5-12
RIP Configuration ...................................................................................................5-12
CLI Example ...........................................................................................................5-13
Example #1: Enable Routing for the Switch: ...................................................5-13
Example #2: Enable Routing for Ports .............................................................5-14
Example #3. Enable RIP for the Switch ...........................................................5-14
Example #4. Enable RIP for ports 1/0/2 and 1/0/3 ..........................................5-15
OSPF .............................. .............................................. ............................................. ...5-15
CLI Examples .........................................................................................................5-16
Example #1 Configuring an Inter-Area Router ................................................5-17
Example #2 - Configuring OSPF on a Border Router ......................................5-19
vi
v1.1, May 2006
Proxy Address Resolution Protocol (ARP) ...................................................................5-21
Overview ................................................................................................................5-21
CLI Examples .........................................................................................................5-22
Example #1: show ip interface .........................................................................5-22
Example #2: ip proxy-arp .................................................................................5-22
Chapter 6
Virtual Router Redundancy Protocol
CLI Examples .................................................................................................................6-2
Chapter 7
Access Control Lists (ACLs)
Overview ................................... ................ ................ ................. ................ ................ .....7-1
Limitations ....................................... ....................................................................... ..7-1
MAC ACLs ......................................................................................................................7-1
Configuring IP ACLs .......................................................................................................7-2
Process ..................................... ................ ................ ................. ................ ................ .....7-3
IP ACL CLI Example .......................................................................................................7-3
MAC ACL CLI Examples ................................................................................................7-4
Example #1: mac access list ...................................................................................7-5
Example #2: permit any ..........................................................................................7-6
Example #3 Configure mac access-group ...............................................................7-7
Example #4 permit ...................................................................................................7-8
Example #5: show mac access-lists ........................................................................7-9
Chapter 8
Class of Service (CoS) Queuing
Overview ................................... ................ ................ ................. ................ ................ .....8-1
CoS Queue Mapping ......................................................................................................8-1
Trusted Ports .......................................................................... ..................................8-1
Untrusted Ports ........................................................................................................8-2
CoS Queue Configuration ..............................................................................................8-2
Port Egress Queue Configuration ................ ... ... .... .......................................... ... ... ..8-2
Drop Precedence Configuration (per Queue) ..........................................................8-3
Per Interface Basis ...................................................................................................8-3
CLI Examples .................................................................................................................8-3
Example #1: show classofservice trust ....................................................................8-4
v1.1, May 2006
vii
Example #2: set classofservice trust mode ..............................................................8-4
Example #3: show classofservice ip-precedence mapping ......................................8-5
Example #4: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode 8-5
Example #5: Set CoS Trust Mode of an Interface ..................................... ............... 8-6
Traffic Shaping ....................................................... ... .... .......................................... ........8-6
CLI Example .............................................................................................................8-6
Example #1 traffic-shape ...................................................................................8-7
Chapter 9
Differentiated Services
CLI Example ...................................................................................................................9-2
DiffServ for VoIP Configuration Example ........................................................................9-4
Chapter 10
IGMP Snooping
Overview ................................... ................ ................ ................. ................ ................ ...10-1
CLI Examples ...............................................................................................................10-1
Example #1: Enable IGMP Snooping .....................................................................10-1
Example #2: show igmpsnooping ..........................................................................10-2
Example #3: show mac-address-table igmpsnooping ............................................10-2
Chapter 11
Port Security
Overview ................................... ................ ................ ................. ................ ................ ...11-1
Operation ..................................... .............................................. ...................................11-2
CLI Examples ...............................................................................................................11-3
Example #1: show port security .............................................................................11-3
Example #2: show port security on a specific interface .........................................11-3
Example #3: (Config) port security .........................................................................11-3
Chapter 12
Traceroute
CLI Example .................................................................................................................12-2
Chapter 13
Configuration Scripting
Overview ................................... ................ ................ ................. ................ ................ ...13-1
Considerations ................................. ................ ................ ................ ................ .............13-1
CLI Examples ...............................................................................................................13-1
Example #1: script .................................................................................................13-2
viii
v1.1, May 2006
Example #2: script list and script delete .................................................................13-2
Example #3: script apply running-config.scr ..........................................................13-2
Example #4: Creating a Configuration Script ................................... ......................13-3
Example #5: Upload a Configuration Script ...........................................................13-3
Chapter 14
Outbound Telnet
Overview ................................... ................ ................ ................. ................ ................ ...14-1
CLI Examples ...............................................................................................................14-1
Example #1: show network ....................................................................................14-2
Example #2: show telnet ........................................................................................14-2
Example #3: transport output telnet .......................................................................14-3
Example #4: session-limit and session-timeout .....................................................14-3
Chapter 15 Port Mirroring
Overview ................................... ................ ................ ................. ................ ................ ...15-1
CLI Examples ...............................................................................................................15-1
Example #1: show monitor session .......................................................................15-2
Example #2: show port all ......................................................................................15-2
Example #3: show port interface ............................................................................15-2
Example #4: (Config) monitor session 1 mode ...................................................... 15-3
Example #5: (Config) monitor session 1 source interface ................ ... ... ... ... .... ... ...15-4
Example #6: (Interface) port security .....................................................................15-4
Chapter 16
Simple Network Time Protocol (SNTP)
Overview ................................... ................ ................ ................. ................ ................ ...16-1
CLI Examples ...............................................................................................................16-1
Example #1: show sntp ..........................................................................................16-1
Example #2: show sntp client .................................................................................16-2
Example #3: show sntp server ...............................................................................16-2
Example #4: Configure SNTP ................................................................................16-2
Chapter 17
Pre-Login Banner
Overview ................................... ................ ................ ................. ................ ................ ...17-1
CLI Example .................................................................................................................17-1
v1.1, May 2006
ix
Chapter 18
Syslog
Overview ................................... ................ ................ ................. ................ ................ ...18-1
Persistent Log Files ................................... ... ... ... .... ... ... ..........................................18-1
Interpreting Log Files .............................................................................................18-2
CLI Examples ...............................................................................................................18-2
Example #1: show logging .....................................................................................18-3
Example #2: show logging buffered .......................................................................18-3
Example #3: show logging traplogs .......................................................................18-4
Example 4: show logging hosts ..............................................................................18-4
Example #5: logging port configuration ..................................................................18-5
x
v1.1, May 2006
About This Book
This document provides an understanding of the CLI and Web configuration options for software
Release 4.3 features.
Document Organization
This document provides examples of the use of the switch software in a typical network. It
describes the use and advantages of specific functions provided by the 7000 Series Managed
Switch, and includes information on configuring those functions using the Command Line
Interface and Web Interface.
The switch software can operate as a Layer 2 switch, a Layer 3 router or a combination switch/
router. The switch also includes support for network management and Qu ality of Service functions
such as Access Control Lists and Differentiated Services. Which functions you choose to activate
will depend on the size and complexity of your network: this document describes configuration for
some of the most-used functions.
This document contains configuration information about the following:
• Layer 2
– VLANs
– Routing
• Layer 3
– Port routing
– VLAN Routing
– Virtual Router Redundancy Protocol (VRRP)
–RIP
– OSPF
–Proxy ARP
• Quality of Service (QoS)
– Access Control Lists (ACLs)
– Class of Service (CoS)
– Dif ferentiated Services
v1.1, May 2006
xi
NETGEAR 7000 Series Managed Switch Administration Guide
• Multicast
– IGMP Snooping
• Security
– Denial of Service
– Port Security
• Operating System
– Dual Configuration
•Tools
–Alarm Manager
– Traceroute
– Configuration Scripting
– Advance Keying
– Prelogin Banner
– Port Mirroring
–SNTP
–Syslog
– Data Migration
Audience
Use this guide if you are a(n):
• Experienced system administrator who is responsible for configuring and operating a network
using switch software
• Level 1 and Level 2 Support provider
To obtain the greatest benefit from this guide, you should have an understanding of the switch
software base and should have read the specification for your networking device platform. You
should also have a basic knowledge of Ethernet and networking concepts.
CLI Documentation
The Command Line Reference provides information about the CLI commands used to configure
the switch and the stack. The document provides CLI descriptions, syntax, and default values.
xii
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
Refer to the Command Line Reference for information for the command structure
Related Documentation
Before proceeding, read the Release Notes for this switch product. The Release Notes detail the
platform specific functionality of the Switching, Routing, SNMP, Config, Management, and other
packages.
• Extending the portfolio of supported switching silicon to the broadest range in the industry
• Increasing the software’s Quality of Service and Class of Service capabilities with integrated
Layer 2, 3, and 4 Access Control Lists
• Improving switch’s industry-leading Switching package with new features in the areas of
IGMP, port mirroring, and others
v1.1, May 2006
xiii
NETGEAR 7000 Series Managed Switch Administration Guide
xiv
v1.1, May 2006
Chapter 1
Getting Started
Connect a terminal to the switch to begin configuration.
In-band and Out-of-band Connectivity
Ask the system administrator to determine whether you will configure the switch for in-band or
out-of-band connectivity.
Configuring for In-band Connectivity
In-band connectivity allows you to access the switch from a remote workstation using the Ethernet
network. To use in-band connectivity, you must configure the switch with IP information (IP
address, subnet mask, and default gateway).
Configure for In-band connectivity using one of the following methods:
• BootP or DHCP
• EIA-232 port
Using BootP or DHCP
You can assign IP information initially over the network or over the Ethernet service port through
BootP or DHCP. Check with your system administrator to determine whether BootP or DHCP is
enabled.
You need to configure the BootP or DHCP server with information about the switch —obtain this
information through the serial port connection using the
server with the following values:
show network command. Set up the
IP Address Unique IP address for the switch. Each IP parameter is made up of
four decimal numbers, ranging from 0 to 255. The default for all IP
parameters is zeroes (0.0.0.0).
Subnet Subnet mask for the LAN
gateway IP address of the default router, if the switch is a node outside the IP
range of the LAN
1-1
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
MAC Address MAC address of the switch
When you connect the switch to the network for the first time after setting up the BootP or DHCP
server, it is configured with the information supplied above. The switch is ready for in-band
connectivity over the network.
If you do not use BootP or DHCP, access the switch through the EIA-232 port, and configure the
network information as described below.
Using the EIA-232 Port
You can use a locally or remotely attached terminal to configure in-band management through the
EIA-232 port.
1. T o use a locally attached terminal, attach one end of a null-modem serial cable to the EIA-232
port of the switch and the other end to the COM port of the terminal or workstation.
For remote attachment, attach one end of the serial cable to the EIA-232 port of the switch and
the other end to the modem.
2. Set up the terminal for VT100 terminal emulation.
a. Set the terminal ON.
b. Launch the VT100 application.
c. Configure the COM port as follows:
• Set the data rate to 115,200 baud.
• Set the data format to 8 data bits, 1 stop bit, and no parity.
• Set the flow control to none.
• Select the proper mode under Properties.
• Select Terminal keys.
3. The Log-in User prompt displays when the terminal interface initializes.
Enter an approved user name and password. The default is admin for the user name and the
password is blank.
The switch is installed and loaded with the default configuration.
4. Reduce network traffic by turning off the Network Configuration Protocol. Enter the
following command:
configure network protocol none
5. Set the IP address, subnet mask, and gateway address by issue the following command:
1-2 Getting Started
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
config network parms ipaddress netmask gateway
IP Address Unique IP address for the switch. Each IP parameter is made up of four
decimal numbers, ranging from 0 to 255. The default for all IP parameters is
zeroes (0.0.0.0).
Subnet Subnet mask for the LAN.
gateway IP address of the default router, if the switch is a node outside the IP range of
the LAN.
6. T o enable these changes to be retained during a reset of the switch, type Ctrl-Z to return to the
main prompt, type save config at the main menu prompt, and type y to confirm the changes.
7. To view the changes and verify in-band information, issue the command: show network.
8. The switch is configured for in-band connectivity and ready for Web-based management.
Configuring for Out-Of-Band Connectivity
To monitor and configure the switch using out-of-band connectivity, use the console port to
connect the switch to a terminal desktop system running terminal emulation software. The console
port connector is a male DB-9 connector, implemented as a data terminal equipment (DTE)
connector.
The following hardware is required to use the console port:
• VT100-compatible terminal, or a desktop, or a portable system with a serial port running
VT100 terminal emulation software.
• An RS-232 crossover cable with a female DB-9 connector for the console port and the
appropriate connector for the terminal.
Perform the following tasks to connect a terminal to the switch console port using out-of-band
connectivity:
1. Connect an RS-232 crossover cable to the terminal running VT100 terminal emulation
software.
2. Configure the terminal emulation software as follows:
a. Select the appropriate serial port (serial port 1 or serial port 2) to connect to the console.
b. Set the data rate to 115,200 baud.
c. Set the data format to 8 data bits, 1 stop bit, and no parity.
d. Set the flow control to none.
Getting Started 1-3
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
e. Select the proper mode under Properties.
f. Select Terminal keys.
Note: When using HyperT erminal with Microsoft W indows 2000, make sure that
you have Windows 2000 Service Pack 2 or later installed. With Windows
2000 Service Pack 2, the arrow keys function properly in HyperTerminal's
VT100 emulation. Go to www.microsoft.com for more information on
Windows 2000 service packs.
3. Connect the female connector of the RS-232 crossover cable directly to the switch console
port, and tighten the captive retaining screws.
Starting the Switch
1. Make sure that the switch console port is connected to a VT100 terminal or VT100 terminal
emulator via the RS-232 crossover cable.
2. Locate an AC power receptacle.
3. Deactivate the AC power receptacle.
4. Connect the switch to the AC receptacle.
5. Activate the AC power receptacle.
When the power is turned on with the local terminal already connected, the switch goes through a
power-on self-test (POST). POST runs every time the switch is initialized and checks hardware
components to determine if the switch is fully operational before completely booting. If POST
detects a critical problem, the startup procedure stops. If POST passes successfully, a valid
executable image is loaded into RAM. POST messages are displayed on the terminal and indicate
test success or failure. The boot process runs for approximately 60 seconds.
Initial Configuration
The initial simple configuration procedure is based on the following assumptions:
• The switch was not configured before and is in the same state as when you received it.
• The switch booted successfully.
1-4 Getting Started
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
• The console connection was established and the console prompt appears on the screen of a
VT100 terminal or terminal equivalent.
The initial switch configuration is performed through the console port. After the initial
configuration, you can manage the switch either from the already-connected console port or
remotely through an interface defined during the initial configuration.
The switch is not configured with a default user name and password.
All of the settings below are necessary to allow the remote management of the switch through
Telnet (Telnet client) or HTTP (Web browser).
Before setting up the initial configuration of the switch, obtain the following information from
your network administrator:
• The IP address to be assigned to the management interface through which the switch is
managed.
• The IP subnet mask for the network.
• The IP address of the default gateway.
Initial Configuration Procedure
You can perform the initial configuration using the Easy Setup Wizard or by using the Command
Line Interface (CLI). The Setup Wizard automatically starts when the switch configuration file is
empty. You can exit the wizard at any point by entering [ctrl+z]. For more information on CLI
initial configuration, see the User’s Configuration Guide. This guide shows how to use the Setup
Wizard for initial switch configuration. The wizard s ets up the following configuration on the
switch:
• Establishes the initial privileged user account with a valid password. The wizard configures
one privileged user account during the set up.
• Enables CLI login and HTTP access to use the local authentication setting only.
• Sets up the IP address for the management interface.
• Sets up the SNMP community string to be used by the SNMP manager at a given IP address.
You may choose to skip this step if SNMP management is not used for this switch.
• Allows you to specify the management server IP or permit SNMP access from all IP
addresses.
• Configures the default gateway IP address.
Getting Started 1-5
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
Software Installation
This section contains procedures to help you become acquainted quickly with the switch software.
Before installing switch software, you should verify that the switch operates with the most recent
firmware.
Quick Starting the Networking Device
1. Configure the switch for In-band or Out-of-Band connectivity. In-band connectivity allows
access to the software locally or from a remote workstation. You must configure the device
with IP information (IP address, subnet mask, and default gateway).
2. Turn the Power ON.
3. Allow the device to load the software until the login prompt appears. The device initial state is
called the default mode.
4. When the prompt asks for operator login, do the following steps:
–Type
admin at the login prompt. Since a number of the Quick Setup commands require
administrator account rights, log in to an administrator account.
– Do not enter a password because the default mode does not use a password.
– Check the CLI User EXEC prompt is displayed.
–Enter
–Enter
–Enter
–Enter
enable to switch to the Privileged EXEC mode from User EXEC.
configure to switch to the Global Config mode from Privileged EXEC.
exit to return to the previous mode.
? to show a list of commands that are available in the current mode.
System Information and System Setup
This section describes the commands you use to view system information and to setup the network
device. Table 1-1 contains the Quick Start commands that allow you to view or configure the
following information:
• Software versions
• Physical port data
• User account management
• IP address configuration
1-6 Getting Started
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
• Uploading from Networking Device to Out-of-Band PC (Only XMODEM)
• Downloading from Out-of-Band PC to Networking Device (Only XMODEM)
• Downloading from TFTP Server
• Restoring factory defaults
If you configure any network parameters, you should execute the following command:
copy system:running-config nvram:startup-config
This command saves the changes to the configuration file. You must be in the correct mode to
execute the command. If you do not save the configuration, all changes are lost when a you power
down or reset the networking device. In a stacking environment, the running configuration is saved
in all units of the stack.
Table 1-1 describes the command syntax, the mode you must be in to execute the command, and
the purpose and output of the command.
Table 1-1. Quick Start Commands
Command Mode Description
show hardware
show users
show
loginsession
users passwd
<username>
Privileged
EXEC
Privileged
EXEC
User EXEC Displays all of the login session information.
Global Config Allows the user to set passwords or change passwords needed
Shows hardware version, MAC address, and software version
information.
Displays all of the users that are allowed to access the networking device.
Access Mode shows whether you can change parameters on the
networking device (Read/Write) or can only view them (Read
Only).
As a factory default, the ‘admin’ user has Read/Write access
and the ‘guest’ user has Read Only access. There can only be
one Read/Write user. There can be up to five Read Only users.
to login.
A prompt appears after the command is entered requesting the
users old password. In the absence of an old password leave the
area blank.
User password should not be more than eight characters in
length.
Getting Started 1-7
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
Table 1-1. Quick Start Commands
Command Mode Description
copy system:running-config
nvram:startupconfig
Privileged
EXEC
Saves passwords and all other changes to the device.
If you do not save the configuration, all changes are lost when
you power down or reset the networking device. In a stacking
environment, the running configuration is saved in all units of
the stack.
logout User EXEC
Logs the user out of the networking device.
Privileged
EXEC
show network
User EXEC Displays the following network configuration inform ation:
• IP Address - IP Address of the interface (default: 0.0.0.0)
• Subnet Mask - IP Subnet Mask for the interface (default:
0.0.0.0)
• Default Gateway - The default Gateway for this interface
(default: 0.0.0.0)
• Burned in MAC Address - The Burned in MAC Address used
for in-band connectivity
• Locally Administered MAC Address - Can be configured to
allow a locally administered MAC address
• MAC Address Type - Specifies which MAC address should
be used for in-band connectivity
• Network Configurations Protocol Current - Indicates which
network protocol is being used (default: none)
• Management VLAN Id - Specifies VLAN id
• Web Mode - Indicates whether HTTP/Web is enabled.
• Java Mode - Indicates whether java mode is enabled.
network parms
<ipaddr> <netmask> [gateway]
copy nvram:startup-config
<tftp://<ipaddress>/<filepath>/<filename>>
Privileged
EXEC
Privileged
EXEC
Sets the IP address, subnet mask and gateway of the router. The
IP address and the gateway must be on the same subnet. IP
address range is from 0.0.0.0 to 255.255.255.255.
Starts the configuration file upload, displays the mode and type
of upload and confirms the upload is progressing.
The URL must be specified as:
xmodem:<filepath>/<filename>
For example:
If the user is using HyperTerminal, the user must specify where
the file is going to be received by the PC.
1-8 Getting Started
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
Table 1-1. Quick Start Commands
Command Mode Description
copy nvram:errorlog <tftp://
<ipaddress>/
<filepath>/<filename>>
Privileged
EXEC
Starts the error log upload, displays the mode and type of
upload and confirms the upload is progressing.
The URL must be specified as:
xmodem:<filepath>/<filename>
copy nvram:traplog <tftp://
<ipaddress>/
<filepath>/<filename>>
copy <tftp://
<ipaddress>/
<filepath>/<filename>>
nvram:startupconfig
copy <tftp://
<ipaddress>/
<filepath>/<filename>> sys-
tem:image
copy <tftp://
<ipaddress>/
<filepath>/<filename>>
nvram:startupconfig
Privileged
EXEC
Privileged
EXEC
Privileged
EXEC
Privileged
EXEC
Starts the trap log upload, displays the mode and type of upload
and confirms the upload is progressing.
The URL must be specified as:
xmodem:<filepath>/<filename>
Sets the destination (download) datatype to be an image (system:image) or a configuration file (nvram:startup-config).
The URL must be specified as:
xmodem:<filepath>/<filename>
For example:
If the user is using Hyper Terminal, the user must specify which
file is to be sent to the networking device.
The Networking Device restarts automatically once the code
has been downloaded.
Sets the destination (download) datatype to be an image (sys-
tem:image) or a configuration file (nvram:startup-config).
The URL must be specified as:
xmodem:<filepath>/<filename>
Sets the destination (download) datatype to be a configuration
file.
The URL must be specified as:
tftp://<ipaddress>/<filepath>/<filename>
Before starting a TFTP server download, you must configure
the IP address.
Getting Started 1-9
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
Table 1-1. Quick Start Commands
Command Mode Description
copy <tftp://
<ipaddress>/
<filepath>/<filename>> sys-
tem:image
clear config
copy system:running-config
nvram:startupconfig
reload (or cold boot
the networking device)
Privileged
EXEC
Privileged
EXEC
Privileged
EXEC
Privileged
EXEC
Sets the destination (download) datatype to be an image.
The URL must be specified as:
tftp://<ipaddress>/<filepath>/<filename>
The system:image option downloads the code file.
Enter yes when the prompt asks if you want to clear all the configurations made to the networking device.
Enter yes when the prompt asks if you want to save the configurations made to the networking device.
Enter yes when the prompt asks if you want to reset the system.
You can reset the networking device or cold boot the network-
ing device. Both work effectively.
1-10 Getting Started
v1.1, May 2006
Chapter 2
Using the Web Interface
This chapter is a brief introduction to the web interface — it explains how to access the Web-based
management panels to configure and manage the system.
Tip: Use the Web interface for configuration instead of the CLI interface. Web
configuration is quicker and easier than entering the multiple required CLI
commands. There are equivalent functions in the Web interface and the terminal
interface—that is, both applications usually employ the same menus to accomplish a
task. For example, when you log in, there is a Main Menu with the same functions
available.
You can manage your switch through a Web browser and Internet connection. This is referred to as
Web-based management. To use Web-based management, the system must be set up for in-band
connectivity.
To access the switch, the Web browser must support:
• HTML version 4.0, or later
• HTTP version 1.1, or later
• JavaScript
(TM)
version 1.2, or later
There are several differences between the Web and terminal interfaces. For example, on the Web
interface the entire forwarding database can be displayed, while the terminal interface only
displays 10 entries starting at specified addresses.
To terminate the Web login session, close the web browser.
Configuring for Web Access
To enable Web access to the switch:
1. Configure the switch for in-band connectivity. The switch Getting Started Guide provides
instructions.
2. Enable Web mode:
2-1
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
a. At the CLI prompt, enter the show network command.
b. Set Web Mode to Enabled.
Starting the Web Interface
Follow these steps to start the switch Web interface:
1. Enter the IP address of the switch in the Web browser address field.
2. When the Login panel is displayed click Login.
3. .Enter the appropriate User Name and Password. The User Name and associated Password are
the same as those used for the terminal interface. Click on the Login button.
4. The System Description Menu displays, with the navigation tree appearing to the left of the
screen.
5. Make a selection by clicking on the appropriate item in the navigation tree.
Web Page Layout
A Web interface panel for the switch Web page consists of three areas.
A banner graphic of the switch appears across the top of the panel.
The second area, a hierarchical-tree view appears to the left of the panel. The tree consists of a
combination of folders, subfolders, and configuration and status HTML pages. You can think of
the folders and subfolders as branches and the configuration and status HTML pages as leafs. Only
the selection of a leaf (not a folder or subfolder) will cause the display of a new HTML page. A
folder or subfolder has no corresponding HTML page.
The third area, at the bottom-right of the panel, displays the currently selected device configuration
status and/or the user configurable information that you have selected from the tree view.
Configuring an SNMP V3 User Profile
Configuring an SNMP V3 user profile is a part of user configuration. Any user can connect to the
switch using the SNMPv3 protocol, but for authentication and encryption, additional steps are
needed. Use the following steps to configure an SNMP V3 new user profile.
1. Select System>Configuration>User Accounts from the hierarchical tree on the left side of
the web interface.
2. Using the User pulldown menu, select Create to create a new user.
2-2 Using the Web Interface
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
3. Enter a new user name in the User Name field.
4. Enter a new user password in the Password field and then retype it in the Confirm Password
field.
Note: If SNMPv3 Authentication is to be used for this user, the password must be
eight or more alphanumeric characters.
5. If you do not need authentication, go to Step 9.
6. To enable authentication, use the Authentication Protocol pulldown menu to select either
MD5 or SHA for the authentication protocol.
7. If you do not need encryption, go to Step 9.
8. To enable encryption, use the Encryption Protocol pulldown menu to select DES for the
encryption scheme. Then, enter in the Encryption Key field an encryption code of eight or
more alphanumeric characters.
9. Click Submit.
Command Buttons
The following command buttons are used throughout the Web interface panels for the switch:
Save Pressing the Save button implements and saves the changes you
just made. Some settings may require you to reset the system in
order for them to take effect.
Refresh Pressing the Refresh button that appears next to the Apply button
in Web interface panels refreshes the data on the panel.
Submit Pressing the Submit button sends the updated configuration to the
switch. Configuration changes take effect immediately, but these
changes are not retained across a power cycle unless a save is performed.
Using the Web Interface 2-3
v1.1, May 2006
NETGEAR 7000 Series Managed Switch Administration Guide
2-4 Using the Web Interface
v1.1, May 2006
Chapter 3
Virtual LANs
Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both
bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header,
which is fast, and like a router, it partitions the network into logical segments, which provides
better administration, security and management of multicast traffic.
A VLAN is a set of end stations and the switch ports that connect them. You may have many
reasons for the logical division, such as department or project membership. The only physical
requirement is that the end station and the port to which it is connected both belong to the same
VLAN.
Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in
the Layer 2 header of packets transmitted on a VLAN. An end station may omit the tag, or the
VLAN portion of the tag, in which case the first switch port to receive the packet may either reject
it or insert a tag using its default VLAN ID. A given port may handle traffic for more than one
VLAN, but it can only support one default VLAN ID.
The Private Edge VLAN feature lets you set protection between ports located on the switch. This
means that a protected port cannot forward traffic to another protected port on the same switch.
The feature does not provide protection between ports located on different switches.
v1.1, May 2006
3-1
NETGEAR 7000 Series Managed Switch Administration Guide
VLAN Configuration Example
The diagram in this section shows a switch with four ports configured to handle the traffic for two
VLANs. port 1/0/2 handles traffic for both VLANs, while port 1/0/1 is a member of VLAN 2 only,
and ports 1/0/3 and 1/0/4 are members of VLAN 3 only. The script following the diagram shows
the commands you would use to configure the switch as shown in the diagram.
Figure 3-1
CLI Examples
The following examples show how to create VLANs, assign ports to the VLANs, and assign a
VLAN as the default VLAN to a port.
Example #1: Create Two VLANs
Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the
names blank.
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 2
(Netgear Switch) (Vlan)#vlan 3
(Netgear Switch) (Vlan)#exit
3-2 Virtual LANs
v1.1, May 2006
Loading...