Netgear FSM7328S, FSM7352S, FSM7352PS Administration Guide

NETGEAR 7000 Series Managed Switch Administration Guide
NETGEAR, Inc.
4500 Great America Parkway Santa Clara, CA 95054 USA
Beta Draft2 March 2006
© 2006 by NETGEAR, Inc. All rights reserved. FullManual.
Trademarks
NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR, Inc.. Microsoft, Windows, and Wi ndow s NT are registered trademar ks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Portions of this
document are copyright Intoto, Inc. March 2006
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
EN 55 022 Declaration of Conformance
This is to certify that the 7000 Series Managed Switch is shielded against the generation of radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application of EN 55 022 Class B (CISPR 22).
Certificate of the Manufacturer/Importer
It is hereby certified that the 7000 Series Managed Switch has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
The Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
has been granted the right to test the series for compliance with the regulations.
and
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das7000 Series Managed Switch gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/ 1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the Class B category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas. When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling.
v1.0, March 2006
Note: Delete this note and the information below for products that are not wireless.
FCC Information to User
This product does not contain any user serviceable components and is to be used with approved antenn as only. Any product changes or modifications will invalidate all applicable regulatory certifications and approvals
FCC Guidelines for Human Exposure
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance of 20 cm between the radiator and your body.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter."
Declaration Of Conformity
We NETGEAR, Inc., 4500 Great America Parkway, Santa Clara, CA 95054, declare under our sole responsibility that the model 7xxx Cardbus Card Wireless Adapter complies with Part 15 of FCC Rules. Operation is subject to the following two conditions:
This device may not cause harmful interference, and
This device must accept any interference received, including interference that may cause undesired operation.
Regulatory Compliance Information
This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result in unlawful operation and adverse action against the end-user by the applicable National regulatory authority.
NOTE: This product's firmware limits operation to only the channels allowed in a particular Region or Country.
Therefore, all options described in this user's guide may not be available in your version of the product.
FCC Requirements for Operation in the United States
Radio Frequency Interference Warnings & Instructions
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following methods:
Reorient or relocate the receiving antenna
Increase the separation between the equipment and the receiver
Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected
v1.0, March 2006
iii
Consult the dealer or an experienced radio/TV technician for help.
7000 Series Managed Switch
Tested to Comply with FCC Standards
FOR HOME OR OFFICE USE
Modifications made to the product, unless expressly approved byNETGEAR, Inc., could void the user's right to operate the equipment.
PY3WG111
Canadian Department of Communications Radio Interference Regulations
This digital apparatus (7000 Series Managed Switch) does not exceed the Class B limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Depar tment of Communications.
Canada ID: 4054A-WG111
Product and Publication Details
Model Number: 7xxx Publication Date: March 2006 Product Family: Managed Switch Product Name: 7000 Series Managed Switch Home or Business Product: Business Language: English Publication Part Number: Beta Draft2 Publication Version Number: 1.0
iv
v1.0, March 2006

Contents

NETGEAR 7000 Series Managed Switch Administration Guide
About This Book ....................................................................................................................xi
Chapter 1 Getting Started
In-band and Out-of-band Connectivity ............................................................................1-1
Configuring for In-band Connectivity .. .... ..................................................................1-1
Using BootP or DHCP .......................................................................................1-1
Using the EIA-232 Port ......................................................................................1-2
Configuring for Out-Of-Band Connectivity ................................................................1-3
Starting the Switch ..........................................................................................................1-4
Initial Configuration .........................................................................................................1-4
Initial Configuration Procedure .................................................................................1-5
Software Installation .......................................................................................................1-6
Quick Starting the Networking Device ......................................................................1-6
System Information and System Setup ....................................................................1-6
Chapter 2 Using the Web Interface
Configuring for Web Access ...........................................................................................2-1
Starting the Web Interface ..............................................................................................2-2
Web Page Layout ...................................... ... ... ... .... ... ... ... .... ... ... ...............................2-2
Configuring an SNMP V3 User Profile .....................................................................2-2
Command Buttons ...................................................................................................2-3
Chapter 3 Virtu al LA Ns
VLAN Configuration Example .........................................................................................3-2
CLI Examples .................................................................................................................3-2
Example #1: Create Two VLANs ..............................................................................3-2
Example #2: Assign Ports to VLAN2 ........................................................................3-3
v1.0, March 2006
v
Example #3: Assign Ports to VLAN3 ........................................................................3-3
Example #4: Assign VLAN3 as the Default VLAN ...................................................3-4
Graphical User Interface .................................................................................................3-4
Private Edge VLANs .................................................................. .....................................3-4
CLI Example .............................................................................................................3-5
Chapter 4 Link Aggregation
CLI Example ...................................................................................................................4-1
Example 1: Create two LAGS: .................................................................................4-3
Example 2: Add the ports to the LAGs: ....................................................................4-4
Example 3: Enable both LAGs. ................................................................................4-4
Chapter 5 IP Routing Services
Port Routing ........................... ... ... .... .......................................... .....................................5-1
Port Routing Configuration ........ ... ... ... .... ... ... ... ... .... ... .......................................... ... ..5-2
CLI Examples ...........................................................................................................5-3
Example 1. Enabling routing for the Switch .......................................................5-3
Example 2. Enabling Routing for Ports on the Switch .......................................5-4
VLAN Routing .................................................................................................................5-4
VLAN Routing Configuration ....................................................................................5-5
CLI Examples ...........................................................................................................5-5
Example 1: Create Two VLANs .........................................................................5-6
Example 2: Set Up VLAN Routing for the VLANs and the Switch. ....................5-7
VLAN Routing RIP Configuration .............. ... ... ... .... ... .......................................... ... ..5-7
CLI Example ......................................................................................................5-9
VLAN Routing OSPF Configuration .......................................................................5-11
CLI Example ....................................................................................................5-12
Routing Information Protocol ........................................................................................5-14
RIP Configuration ...................................................................................................5-15
CLI Example ...........................................................................................................5-16
Example #1: Enable Routing for the Switch: ...................................................5-16
Example #2: Enable Routing for Ports .............................................................5-17
Example #3. Enable RIP for the Switch ...........................................................5-17
Example #4. Enable RIP for ports 1/2/2 and 1/2/3 ..........................................5-18
OSPF .............................. .............................................. ............................................. ...5-18
CLI Examples .........................................................................................................5-19
vi
v1.0, March 2006
Example #1 Configuring an Inter-Area Router ................................................5-20
Example #2 - Configuring OSPF on a Border Router ......................................5-22
Proxy Address Resolution Protocol (ARP) ...................................................................5-24
Overview ................................................................................................................5-24
CLI Examples .........................................................................................................5-25
Example #1: show ip interface .........................................................................5-25
Example #2: ip proxy-arp .................................................................................5-25
Chapter 6 Virtual Router Redundancy Protocol
CLI Examples .................................................................................................................6-2
Chapter 7 Access Control Lists (ACLs)
Overview ................................... ................ ................ ................. ................ ................ .....7-1
Limitations ....................................... ....................................................................... ..7-1
MAC ACLs ......................................................................................................................7-1
Configuring IP ACLs .......................................................................................................7-2
Process ..................................... ................ ................ ................. ................ ................ .....7-3
IP ACL CLI Example .......................................................................................................7-3
MAC ACL CLI Examples ................................................................................................7-4
Example #1: mac access list ...................................................................................7-5
Example #2: permit any ..........................................................................................7-6
Example #3 Configure mac access-group ...............................................................7-7
Example #4 permit ...................................................................................................7-8
Example #5: show mac access-lists ........................................................................7-9
Chapter 8 Class of Service (CoS) Queuing
Overview ................................... ................ ................ ................. ................ ................ .....8-1
CoS Queue Mapping ......................................................................................................8-1
Trusted Ports .......................................................................... ..................................8-1
Untrusted Ports ........................................................................................................8-2
CoS Queue Configuration ..............................................................................................8-2
Port Egress Queue Configuration ................ ... ... .... ... ... ... .... ... ... ... .... ... .....................8-2
Drop Precedence Configuration (per Queue) ..........................................................8-3
Per Interface Basis ...................................................................................................8-3
v1.0, March 2006
vii
CLI Examples .................................................................................................................8-3
Example #1: show classofservice trust ....................................................................8-4
Example #2: set classofservice trust mode ..............................................................8-4
Example #3: show classofservice ip-precedence mapping ......................................8-5
Example #4: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode 8-5
Example #5: Set CoS Trust Mode of an Interface ..................................... ............... 8-6
Traffic Shaping ....................................................... ... .... .......................................... ........8-6
CLI Example .............................................................................................................8-6
Example #1 traffic-shape ...................................................................................8-7
Chapter 9 Differentiated Services
CLI Example ...................................................................................................................9-2
DiffServ for VoIP Configuration Example ........................................................................9-4
Chapter 10 IGMP Snooping
Overview ................................... ................ ................ ................. ................ ................ ...10-1
CLI Examples ...............................................................................................................10-1
Example #1: show igmpsnooping ..........................................................................10-1
Example #2: show mac-address-table igmpsnooping ............................................10-2
Chapter 11 Port Security
Overview ................................... ................ ................ ................. ................ ................ ...11-1
Operation ..................................... .............................................. ...................................11-2
CLI Examples ...............................................................................................................11-3
Example #1: show port security .............................................................................11-3
Example #2: show port security on a specific interface .........................................11-3
Example #3: (Config) port security .........................................................................11-3
Chapter 12 Traceroute
CLI Example .................................................................................................................12-2
Chapter 13 Configuration Scripting
Overview ................................... ................ ................ ................. ................ ................ ...13-1
Considerations ................................. ................ ................ ................ ................ .............13-1
CLI Examples ...............................................................................................................13-1
viii
v1.0, March 2006
Example #1: script .................................................................................................13-2
Example #2: script list and script delete .................................................................13-2
Example #3: script apply running-config.scr ..........................................................13-2
Example #4: Creating a Configuration Script ................................... ......................13-3
Example #5: Upload a Configuration Script ...........................................................13-3
Chapter 14 Outbound Telnet
Overview ................................... ................ ................ ................. ................ ................ ...14-1
CLI Examples ...............................................................................................................14-1
Example #1: show network ....................................................................................14-2
Example #2: show telnet ........................................................................................14-2
Example #3: transport output telnet .......................................................................14-3
Example #4: session-limit and session-timeout .....................................................14-3
Chapter 15 Port Mirroring
Overview ................................... ................ ................ ................. ................ ................ ...15-1
CLI Examples ...............................................................................................................15-1
Example #1: show monitor session .......................................................................15-2
Example #2: show port all ......................................................................................15-2
Example #3: show port interface ............................................................................15-2
Example #4: (Config) monitor session 1 mode ...................................................... 15-3
Example #5: (Config) monitor session 1 source interface ................ ... ... ... ... .... ... ...15-4
Example #6: (Interface) port security .....................................................................15-4
Chapter 16 Simple Network Time Protocol (SNTP)
Overview ................................... ................ ................ ................. ................ ................ ...16-1
CLI Examples ...............................................................................................................16-1
Example #1: show sntp ..........................................................................................16-1
Example #2: show sntp client .................................................................................16-2
Example #3: show sntp server ...............................................................................16-2
Example #4: Configure SNTP ................................................................................16-2
Chapter 17 Pre-Login Banner
Overview ................................... ................ ................ ................. ................ ................ ...17-1
CLI Example .................................................................................................................17-1
v1.0, March 2006
ix
Chapter 18 Syslog
Overview ................................... ................ ................ ................. ................ ................ ...18-1
Persistent Log Files ................................... ... ... ... .... ... ... ..........................................18-1
Interpreting Log Files .............................................................................................18-2
CLI Examples ...............................................................................................................18-2
Example #1: show logging .....................................................................................18-3
Example #2: show logging buffered .......................................................................18-3
Example #3: show logging traplogs .......................................................................18-4
Example 4: show logging hosts ..............................................................................18-4
Example #5: logging port configuration ..................................................................18-5
x
v1.0, March 2006
About This Book
This document provides an understanding of the CLI and Web configuration options for software Release 4.3 features.
Document Organization
This document provides examples of the use of the switch software in a typical network. It describes the use and advantages of specific functions provided by the 7000 Series Managed Switch, and includes information on configuring those functions using the Command Line Interface and Web Interface.
The switch software can operate as a Layer 2 switch, a Layer 3 router or a combination switch/ router. The switch also includes support for network management and Qu ality of Service functions such as Access Control Lists and Differentiated Services. Which functions you choose to activate will depend on the size and complexity of your network: this document describes configuration for some of the most-used functions.
This document contains configuration information about the following:
Layer 2 – VLANs – Routing
Layer 3 – Port routing – VLAN Routing – Virtual Router Redundancy Protocol (VRRP) –RIP – OSPF –Proxy ARP
Quality of Service (QoS) – Access Control Lists (ACLs) – Class of Service (CoS) – Dif ferentiated Services
v1.0, March 2006
xi
NETGEAR 7000 Series Managed Switch Administration Guide
Multicast – IGMP Snooping
Security – Denial of Service – Port Security
Operating System – Dual Configuration
•Tools –Alarm Manager – Traceroute – Configuration Scripting – Advance Keying – Prelogin Banner – Port Mirroring –SNTP –Syslog – Data Migration
Audience
Use this guide if you are a(n):
Experienced system administrator who is responsible for configuring and operating a network using switch software
Level 1 and Level 2 Support provider
To obtain the greatest benefit from this guide, you should have an understanding of the switch software base and should have read the specification for your networking device platform. You should also have a basic knowledge of Ethernet and networking concepts.
CLI Documentation
The Command Line Reference provides information about the CLI commands used to configure the switch and the stack. The document provides CLI descriptions, syntax, and default values.
xii
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
Refer to the Command Line Reference for information for the command structure
Related Documentation
Before proceeding, read the Release Notes for this switch product. The Release Notes detail the platform specific functionality of the Switching, Routing, SNMP, Config, Management, and other packages.
Extending the portfolio of supported switching silicon to the broadest range in the industry
Increasing the software’s Quality of Service and Class of Service capabilities with integrated Layer 2, 3, and 4 Access Control Lists
Improving switch’s industry-leading Switching package with new features in the areas of IGMP, port mirroring, and others
v1.0, March 2006
xiii
NETGEAR 7000 Series Managed Switch Administration Guide
xiv
v1.0, March 2006
Chapter 1
Getting Started
Connect a terminal to the switch to begin configuration.

In-band and Out-of-band Connectivity

Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity.

Configuring for In-band Connectivity

In-band connectivity allows you to access the switch from a remote workstation using the Ethernet network. To use in-band connectivity, you must configure the switch with IP information (IP address, subnet mask, and default gateway).
Configure for In-band connectivity using one of the following methods:
BootP or DHCP
EIA-232 port
Using BootP or DHCP
You can assign IP information initially over the network or over the Ethernet service port through BootP or DHCP. Check with your system administrator to determine whether BootP or DHCP is enabled.
You need to configure the BootP or DHCP server with information about the switch —obtain this information through the serial port connection using the server with the following values:
show network command. Set up the
IP Address Unique IP address for the switch. Each IP parameter is made up of
four decimal numbers, ranging from 0 to 255. The default for all IP parameters is zeroes (0.0.0.0).
Subnet Subnet mask for the LAN gateway IP address of the default router, if the switch is a node outside the IP
range of the LAN
1-1
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
MAC Address MAC address of the switch
When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for in-band connectivity over the network.
If you do not use BootP or DHCP, access the switch through the EIA-232 port, and configure the network information as described below.
Using the EIA-232 Port
You can use a locally or remotely attached terminal to configure in-band management through the EIA-232 port.
1. T o use a locally attached terminal, attach one end of a null-modem serial cable to the EIA-232 port of the switch and the other end to the COM port of the terminal or workstation. For remote attachment, attach one end of the serial cable to the EIA-232 port of the switch and the other end to the modem.
2. Set up the terminal for VT100 terminal emulation. a. Set the terminal ON. b. Launch the VT100 application. c. Configure the COM port as follows:
Set the data rate to 115,200 baud.
Set the data format to 8 data bits, 1 stop bit, and no parity.
Set the flow control to none.
Select the proper mode under Properties.
Select Terminal keys.
3. The Log-in User prompt displays when the terminal interface initializes.
Enter an approved user name and password. The default is admin for the user name and the password is blank.
The switch is installed and loaded with the default configuration.
4. Reduce network traffic by turning off the Network Configuration Protocol. Enter the following command:
configure network protocol none
5. Set the IP address, subnet mask, and gateway address by issue the following command:
1-2 Getting Started
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
config network parms ipaddress netmask gateway
IP Address Unique IP address for the switch. Each IP parameter is made up of four
decimal numbers, ranging from 0 to 255. The default for all IP parameters is zeroes (0.0.0.0).
Subnet Subnet mask for the LAN. gateway IP address of the default router, if the switch is a node outside the IP range of
the LAN.
6. T o enable these changes to be retained during a reset of the switch, type Ctrl-Z to return to the main prompt, type save config at the main menu prompt, and type y to confirm the changes.
7. To view the changes and verify in-band information, issue the command: show network.
8. The switch is configured for in-band connectivity and ready for Web-based management.

Configuring for Out-Of-Band Connectivity

To monitor and configure the switch using out-of-band connectivity, use the console port to connect the switch to a terminal desktop system running terminal emulation software. The console port connector is a male DB-9 connector, implemented as a data terminal equipment (DTE) connector.
The following hardware is required to use the console port:
VT100-compatible terminal, or a desktop, or a portable system with a serial port running VT100 terminal emulation software.
An RS-232 crossover cable with a female DB-9 connector for the console port and the appropriate connector for the terminal.
Perform the following tasks to connect a terminal to the switch console port using out-of-band connectivity:
1. Connect an RS-232 crossover cable to the terminal running VT100 terminal emulation software.
2. Configure the terminal emulation software as follows: a. Select the appropriate serial port (serial port 1 or serial port 2) to connect to the console. b. Set the data rate to 115,200 baud. c. Set the data format to 8 data bits, 1 stop bit, and no parity. d. Set the flow control to none.
Getting Started 1-3
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
e. Select the proper mode under Properties. f. Select Terminal keys.
Note: When using HyperT erminal with Microsoft W indows 2000, make sure that
you have Windows 2000 Service Pack 2 or later installed. With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal's VT100 emulation. Go to Windows 2000 service packs.
3. Connect the female connector of the RS-232 crossover cable directly to the switch console port, and tighten the captive retaining screws.
www.microsoft.com for more information on

Starting the Switch

1. Make sure that the switch console port is connected to a VT100 terminal or VT100 terminal emulator via the RS-232 crossover cable.
2. Locate an AC power receptacle.
3. Deactivate the AC power receptacle.
4. Connect the switch to the AC receptacle.
5. Activate the AC power receptacle.
When the power is turned on with the local terminal already connected, the switch goes through a power-on self-test (POST). POST runs every time the switch is initialized and checks hardware components to determine if the switch is fully operational before completely booting. If POST detects a critical problem, the startup procedure stops. If POST passes successfully, a valid executable image is loaded into RAM. POST messages are displayed on the terminal and indicate test success or failure. The boot process runs for approximately 60 seconds.

Initial Configuration

The initial simple configuration procedure is based on the following assumptions:
The switch was not configured before and is in the same state as when you received it.
The switch booted successfully.
1-4 Getting Started
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
The console connection was established and the console prompt appears on the screen of a VT100 terminal or terminal equivalent.
The initial switch configuration is performed through the console port. After the initial configuration, you can manage the switch either from the already-connected console port or remotely through an interface defined during the initial configuration.
The switch is not configured with a default user name and password. All of the settings below are necessary to allow the remote management of the switch through
Telnet (Telnet client) or HTTP (Web browser). Before setting up the initial configuration of the switch, obtain the following information from
your network administrator:
The IP address to be assigned to the management interface through which the switch is managed.
The IP subnet mask for the network.
The IP address of the default gateway.

Initial Configuration Procedure

You can perform the initial configuration using the Easy Setup Wizard or by using the Command Line Interface (CLI). The Setup Wizard automatically starts when the switch configuration file is empty. You can exit the wizard at any point by entering [ctrl+z]. For
more information on CLI initial configuration, see the User’s Configuration Guide. This guide shows how to use the Setup Wizard for initial switch configuration. The wizard s ets up the following configuration on the switch:
Establishes the initial privileged user account with a valid password. The wizard configures
one privileged user account during the set up.
Enables CLI login and HTTP access to use the local authentication setting only.
Sets up the IP address for the management interface.
Sets up the SNMP community string to be used by the SNMP manager at a given IP address.
You may choose to skip this step if SNMP management is not used for this switch.
Allows you to specify the management server IP or permit SNMP access from all IP
addresses.
Configures the default gateway IP address.
Getting Started 1-5
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide

Software Installation

This section contains procedures to help you become acquainted quickly with the switch software. Before installing switch software, you should verify that the switch operates with the most recent
firmware.

Quick Starting the Networking Device

1. Configure the switch for In-band or Out-of-Band connectivity. In-band connectivity allows
access to the software locally or from a remote workstation. You must configure the device with IP information (IP address, subnet mask, and default gateway).
2. Turn the Power ON.
3. Allow the device to load the software until the login prompt appears. The device initial state is
called the default mode.
4. When the prompt asks for operator login, do the following steps:
–Type admin at the login prompt. Since a number of the Quick Setup commands require
administrator account rights, log in to an administrator account. – Do not enter a password because the default mode does not use a password. – Check the CLI User EXEC prompt is displayed. –Enter enable to switch to the Privileged EXEC mode from User EXEC. –Enter configure to switch to the Global Config mode from Privileged EXEC. –Enter exit to return to the previous mode. –Enter ? to show a list of commands that are available in the current mode.

System Information and System Setup

This section describes the commands you use to view system information and to setup the network device. following information:
Software versions
Physical port data
User account management
IP address configuration
1-6 Getting Started
Table 1-1 contains the Quick Start commands that allow you to view or configure the
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
Uploading from Networking Device to Out-of-Band PC (Only XMODEM)
Downloading from Out-of-Band PC to Networking Device (Only XMODEM)
Downloading from TFTP Server
Restoring factory defaults If you configure any network parameters, you should execute the following command: copy system:running-config nvram:startup-config This command saves the changes to the configuration file. You must be in the correct mode to
execute the command. If you do not save the configuration, all changes are lost when a you power down or reset the networking device. In a stacking environment, the running configuration is saved in all units of the stack.
Table 1-1 describes the command syntax, the mode you must be in to execute the command, and the purpose and output of the command.
Table 1-1. Quick Start Commands
Command Mode Description
show hardware
show users
show loginsession
users passwd
<username>
Privileged EXEC
Privileged EXEC
User EXEC Displays all of the login session information.
Global Config Allows the user to set passwords or change passwords needed
Shows hardware version, MAC address, and software version information.
Displays all of the users that are allowed to access the network­ing device.
Access Mode shows whether you can change parameters on the networking device (Read/Write) or can only view them (Read Only).
As a factory default, the ‘admin’ user has Read/Write access and the ‘guest’ user has Read Only access. There can only be one Read/Write user. There can be up to five Read Only users.
to login. A prompt appears after the command is entered requesting the
users old password. In the absence of an old password leave the area blank.
User password should not be more than eight characters in length.
Getting Started 1-7
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
Table 1-1. Quick Start Commands
Command Mode Description
copy system:run­ning-config nvram:startup­config
Privileged EXEC
Saves passwords and all other changes to the device. If you do not save the configuration, all changes are lost when
you power down or reset the networking device. In a stacking environment, the running configuration is saved in all units of the stack.
logout User EXEC
Privileged EXEC
show network
network parms
<ipaddr> <net­mask> [gateway]
copy nvram:star­tup-config
<tftp://<ipad­dress>/<file­path>/<filename>>
User EXEC Displays the following network configuration information:
Privileged EXEC
Privileged EXEC
Logs the user out of the networking device.
• IP Address - IP Address of the interface (default: 0.0.0.0)
• Subnet Mask - IP Subnet Mask for the interface (default:
0.0.0.0)
• Default Gateway - The default Gateway for this interface (default: 0.0.0.0)
• Burned in MAC Address - The Burned in MAC Address used for in-band connectivity
• Locally Administered MAC Address - Can be configured to allow a locally administered MAC address
• MAC Address Type - Specifies which MAC address should be used for in-band connectivity
• Network Configurations Protocol Current - Indicates which network protocol is being used (default: none)
• Management VLAN Id - Specifies VLAN id
• Web Mode - Indicates whether HTTP/Web is enabled.
• Java Mode - Indicates whether java mode is enabled.
Sets the IP address, subnet mask and gateway of the router. The IP address and the gateway must be on the same subnet. IP address range is from 0.0.0.0 to 255.255.255.255.
Starts the configuration file upload, displays the mode and type of upload and confirms the upload is progressing.
The URL must be specified as: xmodem:<filepath>/<filename> For example: If the user is using HyperTerminal, the user must specify where
the file is going to be received by the PC.
1-8 Getting Started
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
Table 1-1. Quick Start Commands
Command Mode Description
copy nvram:error­log <tftp://
<ipaddress>/ <filepath>/<file name>>
Privileged EXEC
-
Starts the error log upload, displays the mode and type of upload and confirms the upload is progressing.
The URL must be specified as: xmodem:<filepath>/<filename>
copy nvram:tra­plog <tftp://
<ipaddress>/ <filepath>/<file name>>
copy <tftp:// <ipaddress>/ <filepath>/<file­name>>
nvram:startup­config
copy <tftp://
<ipaddress>/ <filepath>/<file name>> sys-
tem:image copy <tftp://
<ipaddress>/ <filepath>/<file name>>
nvram:startup­config
Privileged EXEC
-
Privileged EXEC
Privileged EXEC
-
Privileged EXEC
-
Starts the trap log upload, displays the mode and type of upload and confirms the upload is progressing.
The URL must be specified as: xmodem:<filepath>/<filename>
Sets the destination (download) datatype to be an image (sys­tem:image) or a configuration file (nvram:startup-config).
The URL must be specified as: xmodem:<filepath>/<filename> For example: If the user is using Hyper Terminal, the user must specify which
file is to be sent to the networking device. The Networking Device restarts automatically once the code
has been downloaded. Sets the destination (download) datatype to be an image (sys-
tem:image) or a configuration file (nvram:startup-config). The URL must be specified as: xmodem:<filepath>/<filename> Sets the destination (download) datatype to be a configuration
file. The URL must be specified as: tftp://<ipaddress>/<filepath>/<filename> Before starting a TFTP server download, you must configure
the IP address.
Getting Started 1-9
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
Table 1-1. Quick Start Commands
Command Mode Description
copy <tftp:// <ipaddress>/ <filepath>/<file­name>> sys-
tem:image
clear config
copy system:run­ning-config nvram:startup­config
reload (or cold boot
the networking device)
Privileged EXEC
Privileged EXEC
Privileged EXEC
Privileged EXEC
Sets the destination (download) datatype to be an image. The URL must be specified as: tftp://<ipaddress>/<filepath>/<filename> The system:image option downloads the code file.
Enter yes when the prompt asks if you want to clear all the con­figurations made to the networking device.
Enter yes when the prompt asks if you want to save the configu­rations made to the networking device.
Enter yes when the prompt asks if you want to reset the system. You can reset the networking device or cold boot the network-
ing device. Both work effectively.
1-10 Getting Started
v1.0, March 2006
Chapter 2
Using the Web Interface
This chapter is a brief introduction to the web interface — it explains how to access the Web-based management panels to configure and manage the system.
Tip: Use the Web interface for configuration instead of the CLI interface. We b
configuration is quicker and easier than entering the multiple required CLI commands. There are equivalent functions in the Web interface and the terminal interface—that is, both applications usually employ the same menus to accomplish a task. For example, when you log in, there is a Main Menu with the same functions available.
You can manage your switch through a Web browser and Internet connection. This is referred to as Web-based management. To use Web-based management, the system must be set up for in-band connectivity.
To access the switch, the Web browser must support:
HTML version 4.0, or later
HTTP version 1.1, or later
JavaScript
(TM)
version 1.2, or later
There are several differences between the Web and terminal interfaces. For example, on the Web interface the entire forwarding database can be displayed, while the terminal interface only displays 10 entries starting at specified addresses.
To terminate the Web login session, close the web browser.

Configuring for Web Access

To enable Web access to the switch:
1. Configure the switch for in-band connectivity. The switch Getting Started Guide provides
instructions.
2. Enable Web mode:
2-1
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
a. At the CLI prompt, enter the show network command. b. Set Web Mode to Enabled.

Starting the Web Interface

Follow these steps to start the switch Web interface:
1. Enter the IP address of the switch in the Web browser address field.
2. When the Login panel is displayed click Login.
3. .Enter the appropriate User Name and Password. The User Name and associated Password are
the same as those used for the terminal interface. Click on the Login button.
4. The System Description Menu displays, with the navigation tree appearing to the left of the
screen.
5. Make a selection by clicking on the appropriate item in the navigation tree.

Web Page Layout

A Web interface panel for the switch Web page consists of three areas. A banner graphic of the switch appears across the top of the panel. The second area, a hierarchical-tree view appears to the left of the panel. The tree consists of a
combination of folders, subfolders, and configuration and status HTML pages. You can think of the folders and subfolders as branches and the configuration and status HTML pages as leafs. Only the selection of a leaf (not a folder or subfolder) will cause the display of a new HTML page. A folder or subfolder has no corresponding HTML page.
The third area, at the bottom-right of the panel, displays the currently selected device configuration status and/or the user configurable information that you have selected from the tree view.

Configuring an SNMP V3 User Profile

Configuring an SNMP V3 user profile is a part of user configuration. Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, additional steps are needed. Use the following steps to configure an SNMP V3 new user profile.
1. Select System>Configuration>User Accounts from the hierarchical tree on the left side of
the web interface.
2. Using the User pulldown menu, select Create to create a new user.
2-2 Using the Web Interface
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
3. Enter a new user name in the User Name field.
4. Enter a new user password in the Password field and then retype it in the Confirm Password
field.
Note: If SNMPv3 Authentication is to be used for this user, the password must be
eight or more alphanumeric characters.
5. If you do not need authentication, go to Step 9.
6. To enable authentication, use the Authentication Protocol pulldown menu to select either
MD5 or SHA for the authentication protocol.
7. If you do not need encryption, go to Step 9.
8. To enable encryption, use the Encryption Protocol pulldown menu to select DES for the
encryption scheme. Then, enter in the Encryption Key field an encryption code of eight or more alphanumeric characters.
9. Click Submit.

Command Buttons

The following command buttons are used throughout the Web interface panels for the switch:
Save Pressing the Save button implements and saves the changes you
just made. Some settings may require you to reset the system in order for them to take effect.
Refresh Pressing the Refresh button that appears next to the Apply button
in Web interface panels refreshes the data on the panel.
Submit Pressing the Submit button sends the updated configuration to the
switch. Configuration changes take effect immediately, but these changes are not retained across a power cycle unless a save is per formed.
Using the Web Interface 2-3
-
v1.0, March 2006
NETGEAR 7000 Series Managed Switch Administration Guide
2-4 Using the Web Interface
v1.0, March 2006
Chapter 3
Virtual LANs
Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security and management of multicast traffic.
A VLAN is a set of end stations and the switch ports that connect them. You may have many reasons for the logical division, such as department or project membership. The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN.
Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. An end station may omit the tag, or the VLAN portion of the tag, in which case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID. A given port may handle traffic for more than one VLAN, but it can only support one default VLAN ID.
The Private Edge VLAN feature lets you set protection between ports located on the switch. This means that a protected port cannot forward traffic to another protected port on the same switch.
The feature does not provide protection between ports located on different switches.
v1.0, March 2006
3-1
NETGEAR 7000 Series Managed Switch Administration Guide

VLAN Configuration Example

The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. port 1/2/2 handles traffic for both VLANs, while port 1/2/1 is a member of VLAN 2 only, and ports 1/2/3 and 1/2/4 are members of VLAN 3 only. The script following the diagram shows the commands you would use to configure the switch as shown in the diagram.
Figure 3-1

CLI Examples

The following examples show how to create VLANs, assign ports to the VLANs, and assign a VLAN as the default VLAN to a port.

Example #1: Create Two VLANs

Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank.
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan 3 (Netgear Switch) (Vlan)#exit
3-2 Virtual LANs
v1.0, March 2006
Loading...
+ 94 hidden pages