Netgear FSM7328S, FSM7352S, FSM7352PS Administration Guide

Beta Draft2

March 2006

NETGEAR, Inc.

4500 Great America Parkway

Santa Clara, CA 95054 USA

NETGEAR 7000 Series

Managed Switch

Administration Guide

ii

v1.0, March 2006

© 2006 by NETGEAR, Inc. All rights reserved. FullManual.

Trademarks

NETGEAR and Auto Uplink are trademarks or registered trademarks of NETGEAR, Inc..

Microsoft, Windows, and Wi ndow s NT are registered trademar ks of Microsoft Corporation.

Other brand and product names are registered trademarks or trademarks of their respective holders. Portions of this

document are copyright Intoto, Inc.

March 2006

Statement of Conditions

In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to

make changes to the products described in this document without notice.

NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit

layout(s) described herein.

EN 55 022 Declaration of Conformance

This is to certify that the 7000 Series Managed Switch is shielded against the generation of radio interference in

accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application

of EN 55 022 Class B (CISPR 22).

Certificate of the Manufacturer/Importer

It is hereby certified that the 7000 Series Managed Switch has been suppressed in accordance with the conditions set out

in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters)

in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the

operating instructions.

The Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market

and

has been granted the right to test the series for compliance with the regulations.

Bestätigung des Herstellers/Importeurs

Es wird hiermit bestätigt, daß das7000 Series Managed Switch gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/

1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann

jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.

Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt

gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.

Voluntary Control Council for Interference (VCCI) Statement

This equipment is in the Class B category (information equipment to be used in a residential area or an adjacent area

thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing

Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas. When used

near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling.

Note: Delete this note and the information below for products that are not wireless.

v1.0, March 2006

iii

FCC Information to User

This product does not contain any user serviceable components and is to be used with approved antenn as only. Any

product changes or modifications will invalidate all applicable regulatory certifications and approvals

FCC Guidelines for Human Exposure

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment

should be installed and operated with minimum distance of 20 cm between the radiator and your body.

This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter."

Declaration Of Conformity

We NETGEAR, Inc., 4500 Great America Parkway, Santa Clara, CA 95054, declare under our sole responsibility that

the model 7xxx Cardbus Card Wireless Adapter complies with Part 15 of FCC Rules. Operation is subject to the

following two conditions:

• This device may not cause harmful interference, and

• This device must accept any interference received, including interference that may cause undesired operation.

Regulatory Compliance Information

This section includes user requirements for operating this product in accordance with National laws for usage of radio

spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result

in unlawful operation and adverse action against the end-user by the applicable National regulatory authority.

NOTE: This product's firmware limits operation to only the channels allowed in a particular Region or Country.

Therefore, all options described in this user's guide may not be available in your version of the product.

FCC Requirements for Operation in the United States

Radio Frequency Interference Warnings & Instructions

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of

the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential

installation. This equipment uses and can radiate radio frequency energy and, if not installed and used in accordance

with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that

interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or

television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to

correct the interference by one or more of the following methods:

• Reorient or relocate the receiving antenna

• Increase the separation between the equipment and the receiver

• Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected

v1.0, March 2006

iv

• Consult the dealer or an experienced radio/TV technician for help.

FOR HOME OR OFFICE USE

Tested to Comply

with FCC Standards

7000 Series Managed Switch

PY3WG111

Modifications made to the product, unless expressly approved byNETGEAR, Inc., could void the user's right to operate

the equipment.

Canadian Department of Communications Radio Interference Regulations

This digital apparatus (7000 Series Managed Switch) does not exceed the Class B limits for radio-noise emissions from

digital apparatus as set out in the Radio Interference Regulations of the Canadian Depar tment of Communications.

Canada ID: 4054A-WG111

Product and Publication Details

Model Number: 7xxx

Publication Date: March 2006

Product Family: Managed Switch

Product Name: 7000 Series Managed Switch

Home or Business Product: Business

Language: English

Publication Part Number: Beta Draft2

Publication Version Number: 1.0

v

v1.0, March 2006

Contents

NETGEAR 7000 Series Managed Switch Administration Guide

About This Book ....................................................................................................................xi

Chapter 1

Getting Started

In-band and Out-of-band Connectivity ............................................................................1-1

Configuring for In-band Connectivity .. .... ..................................................................1-1

Using BootP or DHCP .......................................................................................1-1

Using the EIA-232 Port ......................................................................................1-2

Configuring for Out-Of-Band Connectivity ................................................................1-3

Starting the Switch ..........................................................................................................1-4

Initial Configuration .........................................................................................................1-4

Initial Configuration Procedure .................................................................................1-5

Software Installation .......................................................................................................1-6

Quick Starting the Networking Device ......................................................................1-6

System Information and System Setup ....................................................................1-6

Chapter 2

Using the Web Interface

Configuring for Web Access ...........................................................................................2-1

Starting the Web Interface ..............................................................................................2-2

Web Page Layout ...................................... ... ... ... .... ... ... ... .... ... ... ...............................2-2

Configuring an SNMP V3 User Profile .....................................................................2-2

Command Buttons ...................................................................................................2-3

Chapter 3

Virtu al LA Ns

VLAN Configuration Example .........................................................................................3-2

CLI Examples .................................................................................................................3-2

Example #1: Create Two VLANs ..............................................................................3-2

Example #2: Assign Ports to VLAN2 ........................................................................3-3

vi

v1.0, March 2006

Example #3: Assign Ports to VLAN3 ........................................................................3-3

Example #4: Assign VLAN3 as the Default VLAN ...................................................3-4

Graphical User Interface .................................................................................................3-4

Private Edge VLANs .................................................................. .....................................3-4

CLI Example .............................................................................................................3-5

Chapter 4 Link Aggregation

CLI Example ...................................................................................................................4-1

Example 1: Create two LAGS: .................................................................................4-3

Example 2: Add the ports to the LAGs: ....................................................................4-4

Example 3: Enable both LAGs. ................................................................................4-4

Chapter 5

IP Routing Services

Port Routing ........................... ... ... .... .......................................... .....................................5-1

Port Routing Configuration ........ ... ... ... .... ... ... ... ... .... ... .......................................... ... ..5-2

CLI Examples ...........................................................................................................5-3

Example 1. Enabling routing for the Switch .......................................................5-3

Example 2. Enabling Routing for Ports on the Switch .......................................5-4

VLAN Routing .................................................................................................................5-4

VLAN Routing Configuration ....................................................................................5-5

CLI Examples ...........................................................................................................5-5

Example 1: Create Two VLANs .........................................................................5-6

Example 2: Set Up VLAN Routing for the VLANs and the Switch. ....................5-7

VLAN Routing RIP Configuration .............. ... ... ... .... ... .......................................... ... ..5-7

CLI Example ......................................................................................................5-9

VLAN Routing OSPF Configuration .......................................................................5-11

CLI Example ....................................................................................................5-12

Routing Information Protocol ........................................................................................5-14

RIP Configuration ...................................................................................................5-15

CLI Example ...........................................................................................................5-16

Example #1: Enable Routing for the Switch: ...................................................5-16

Example #2: Enable Routing for Ports .............................................................5-17

Example #3. Enable RIP for the Switch ...........................................................5-17

Example #4. Enable RIP for ports 1/2/2 and 1/2/3 ..........................................5-18

OSPF .............................. .............................................. ............................................. ...5-18

CLI Examples .........................................................................................................5-19

vii

v1.0, March 2006

Example #1 Configuring an Inter-Area Router ................................................5-20

Example #2 - Configuring OSPF on a Border Router ......................................5-22

Proxy Address Resolution Protocol (ARP) ...................................................................5-24

Overview ................................................................................................................5-24

CLI Examples .........................................................................................................5-25

Example #1: show ip interface .........................................................................5-25

Example #2: ip proxy-arp .................................................................................5-25

Chapter 6

Virtual Router Redundancy Protocol

CLI Examples .................................................................................................................6-2

Chapter 7

Access Control Lists (ACLs)

Overview ................................... ................ ................ ................. ................ ................ .....7-1

Limitations ....................................... ....................................................................... ..7-1

MAC ACLs ......................................................................................................................7-1

Configuring IP ACLs .......................................................................................................7-2

Process ..................................... ................ ................ ................. ................ ................ .....7-3

IP ACL CLI Example .......................................................................................................7-3

MAC ACL CLI Examples ................................................................................................7-4

Example #1: mac access list ...................................................................................7-5

Example #2: permit any ..........................................................................................7-6

Example #3 Configure mac access-group ...............................................................7-7

Example #4 permit ...................................................................................................7-8

Example #5: show mac access-lists ........................................................................7-9

Chapter 8

Class of Service (CoS) Queuing

Overview ................................... ................ ................ ................. ................ ................ .....8-1

CoS Queue Mapping ......................................................................................................8-1

Trusted Ports .......................................................................... ..................................8-1

Untrusted Ports ........................................................................................................8-2

CoS Queue Configuration ..............................................................................................8-2

Port Egress Queue Configuration ................ ... ... .... ... ... ... .... ... ... ... .... ... .....................8-2

Drop Precedence Configuration (per Queue) ..........................................................8-3

Per Interface Basis ...................................................................................................8-3

viii

v1.0, March 2006

CLI Examples .................................................................................................................8-3

Example #1: show classofservice trust ....................................................................8-4

Example #2: set classofservice trust mode ..............................................................8-4

Example #3: show classofservice ip-precedence mapping ......................................8-5

Example #4: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode 8-5

Example #5: Set CoS Trust Mode of an Interface ..................................... ............... 8-6

Traffic Shaping ....................................................... ... .... .......................................... ........8-6

CLI Example .............................................................................................................8-6

Example #1 traffic-shape ...................................................................................8-7

Chapter 9

Differentiated Services

CLI Example ...................................................................................................................9-2

DiffServ for VoIP Configuration Example ........................................................................9-4

Chapter 10

IGMP Snooping

Overview ................................... ................ ................ ................. ................ ................ ...10-1

CLI Examples ...............................................................................................................10-1

Example #1: show igmpsnooping ..........................................................................10-1

Example #2: show mac-address-table igmpsnooping ............................................10-2

Chapter 11

Port Security

Overview ................................... ................ ................ ................. ................ ................ ...11-1

Operation ..................................... .............................................. ...................................11-2

CLI Examples ...............................................................................................................11-3

Example #1: show port security .............................................................................11-3

Example #2: show port security on a specific interface .........................................11-3

Example #3: (Config) port security .........................................................................11-3

Chapter 12

Traceroute

CLI Example .................................................................................................................12-2

Chapter 13

Configuration Scripting

Overview ................................... ................ ................ ................. ................ ................ ...13-1

Considerations ................................. ................ ................ ................ ................ .............13-1

CLI Examples ...............................................................................................................13-1

ix

v1.0, March 2006

Example #1: script .................................................................................................13-2

Example #2: script list and script delete .................................................................13-2

Example #3: script apply running-config.scr ..........................................................13-2

Example #4: Creating a Configuration Script ................................... ......................13-3

Example #5: Upload a Configuration Script ...........................................................13-3

Chapter 14

Outbound Telnet

Overview ................................... ................ ................ ................. ................ ................ ...14-1

CLI Examples ...............................................................................................................14-1

Example #1: show network ....................................................................................14-2

Example #2: show telnet ........................................................................................14-2

Example #3: transport output telnet .......................................................................14-3

Example #4: session-limit and session-timeout .....................................................14-3

Chapter 15 Port Mirroring

Overview ................................... ................ ................ ................. ................ ................ ...15-1

CLI Examples ...............................................................................................................15-1

Example #1: show monitor session .......................................................................15-2

Example #2: show port all ......................................................................................15-2

Example #3: show port interface ............................................................................15-2

Example #4: (Config) monitor session 1 mode ...................................................... 15-3

Example #5: (Config) monitor session 1 source interface ................ ... ... ... ... .... ... ...15-4

Example #6: (Interface) port security .....................................................................15-4

Chapter 16

Simple Network Time Protocol (SNTP)

Overview ................................... ................ ................ ................. ................ ................ ...16-1

CLI Examples ...............................................................................................................16-1

Example #1: show sntp ..........................................................................................16-1

Example #2: show sntp client .................................................................................16-2

Example #3: show sntp server ...............................................................................16-2

Example #4: Configure SNTP ................................................................................16-2

Chapter 17

Pre-Login Banner

Overview ................................... ................ ................ ................. ................ ................ ...17-1

CLI Example .................................................................................................................17-1

x

v1.0, March 2006

Chapter 18

Syslog

Overview ................................... ................ ................ ................. ................ ................ ...18-1

Persistent Log Files ................................... ... ... ... .... ... ... ..........................................18-1

Interpreting Log Files .............................................................................................18-2

CLI Examples ...............................................................................................................18-2

Example #1: show logging .....................................................................................18-3

Example #2: show logging buffered .......................................................................18-3

Example #3: show logging traplogs .......................................................................18-4

Example 4: show logging hosts ..............................................................................18-4

Example #5: logging port configuration ..................................................................18-5

xi

v1.0, March 2006

About This Book

This document provides an understanding of the CLI and Web configuration options for software

Release 4.3 features.

Document Organization

This document provides examples of the use of the switch software in a typical network. It

describes the use and advantages of specific functions provided by the 7000 Series Managed

Switch, and includes information on configuring those functions using the Command Line

Interface and Web Interface.

The switch software can operate as a Layer 2 switch, a Layer 3 router or a combination switch/

router. The switch also includes support for network management and Qu ality of Service functions

such as Access Control Lists and Differentiated Services. Which functions you choose to activate

will depend on the size and complexity of your network: this document describes configuration for

some of the most-used functions.

This document contains configuration information about the following:

• Layer 2

– VLANs

– Routing

• Layer 3

– Port routing

– VLAN Routing

– Virtual Router Redundancy Protocol (VRRP)

–RIP

– OSPF

–Proxy ARP

• Quality of Service (QoS)

– Access Control Lists (ACLs)

– Class of Service (CoS)

– Dif ferentiated Services

NETGEAR 7000 Series Managed Switch Administration Guide

xii

v1.0, March 2006

• Multicast

– IGMP Snooping

• Security

– Denial of Service

– Port Security

• Operating System

– Dual Configuration

•Tools

–Alarm Manager

– Traceroute

– Configuration Scripting

– Advance Keying

– Prelogin Banner

– Port Mirroring

–SNTP

–Syslog

– Data Migration

Audience

Use this guide if you are a(n):

• Experienced system administrator who is responsible for configuring and operating a network

using switch software

• Level 1 and Level 2 Support provider

To obtain the greatest benefit from this guide, you should have an understanding of the switch

software base and should have read the specification for your networking device platform. You

should also have a basic knowledge of Ethernet and networking concepts.

CLI Documentation

The Command Line Reference provides information about the CLI commands used to configure

the switch and the stack. The document provides CLI descriptions, syntax, and default values.

NETGEAR 7000 Series Managed Switch Administration Guide

xiii

v1.0, March 2006

Refer to the Command Line Reference for information for the command structure

Related Documentation

Before proceeding, read the Release Notes for this switch product. The Release Notes detail the

platform specific functionality of the Switching, Routing, SNMP, Config, Management, and other

packages.

• Extending the portfolio of supported switching silicon to the broadest range in the industry

• Increasing the software’s Quality of Service and Class of Service capabilities with integrated

Layer 2, 3, and 4 Access Control Lists

• Improving switch’s industry-leading Switching package with new features in the areas of

IGMP, port mirroring, and others

NETGEAR 7000 Series Managed Switch Administration Guide

xiv

v1.0, March 2006

1-1

v1.0, March 2006

Chapter 1

Getting Started

Connect a terminal to the switch to begin configuration.

In-band and Out-of-band Connectivity

Ask the system administrator to determine whether you will configure the switch for in-band or

out-of-band connectivity.

Configuring for In-band Connectivity

In-band connectivity allows you to access the switch from a remote workstation using the Ethernet

network. To use in-band connectivity, you must configure the switch with IP information (IP

address, subnet mask, and default gateway).

Configure for In-band connectivity using one of the following methods:

• BootP or DHCP

• EIA-232 port

Using BootP or DHCP

You can assign IP information initially over the network or over the Ethernet service port through

BootP or DHCP. Check with your system administrator to determine whether BootP or DHCP is

enabled.

You need to configure the BootP or DHCP server with information about the switch —obtain this

information through the serial port connection using the

show network command. Set up the

server with the following values:

IP Address Unique IP address for the switch. Each IP parameter is made up of

four decimal numbers, ranging from 0 to 255. The default for all IP

parameters is zeroes (0.0.0.0).

Subnet Subnet mask for the LAN

gateway IP address of the default router, if the switch is a node outside the IP

range of the LAN

NETGEAR 7000 Series Managed Switch Administration Guide

1-2 Getting Started

v1.0, March 2006

MAC Address MAC address of the switch

When you connect the switch to the network for the first time after setting up the BootP or DHCP

server, it is configured with the information supplied above. The switch is ready for in-band

connectivity over the network.

If you do not use BootP or DHCP, access the switch through the EIA-232 port, and configure the

network information as described below.

Using the EIA-232 Port

You can use a locally or remotely attached terminal to configure in-band management through the

EIA-232 port.

1. T o use a locally attached terminal, attach one end of a null-modem serial cable to the EIA-232

port of the switch and the other end to the COM port of the terminal or workstation.

For remote attachment, attach one end of the serial cable to the EIA-232 port of the switch and

the other end to the modem.

2. Set up the terminal for VT100 terminal emulation.

a. Set the terminal ON.

b. Launch the VT100 application.

c. Configure the COM port as follows:

• Set the data rate to 115,200 baud.

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set the flow control to none.

• Select the proper mode under Properties.

• Select Terminal keys.

3. The Log-in User prompt displays when the terminal interface initializes.

Enter an approved user name and password. The default is admin for the user name and the

password is blank.

The switch is installed and loaded with the default configuration.

4. Reduce network traffic by turning off the Network Configuration Protocol. Enter the

following command:

configure network protocol none

5. Set the IP address, subnet mask, and gateway address by issue the following command:

NETGEAR 7000 Series Managed Switch Administration Guide

Getting Started 1-3

v1.0, March 2006

config network parms ipaddress netmask gateway

IP Address Unique IP address for the switch. Each IP parameter is made up of four

decimal numbers, ranging from 0 to 255. The default for all IP parameters is

zeroes (0.0.0.0).

Subnet Subnet mask for the LAN.

gateway IP address of the default router, if the switch is a node outside the IP range of

the LAN.

6. T o enable these changes to be retained during a reset of the switch, type Ctrl-Z to return to the

main prompt, type save config at the main menu prompt, and type y to confirm the changes.

7. To view the changes and verify in-band information, issue the command: show network.

8. The switch is configured for in-band connectivity and ready for Web-based management.

Configuring for Out-Of-Band Connectivity

To monitor and configure the switch using out-of-band connectivity, use the console port to

connect the switch to a terminal desktop system running terminal emulation software. The console

port connector is a male DB-9 connector, implemented as a data terminal equipment (DTE)

connector.

The following hardware is required to use the console port:

• VT100-compatible terminal, or a desktop, or a portable system with a serial port running

VT100 terminal emulation software.

• An RS-232 crossover cable with a female DB-9 connector for the console port and the

appropriate connector for the terminal.

Perform the following tasks to connect a terminal to the switch console port using out-of-band

connectivity:

1. Connect an RS-232 crossover cable to the terminal running VT100 terminal emulation

software.

2. Configure the terminal emulation software as follows:

a. Select the appropriate serial port (serial port 1 or serial port 2) to connect to the console.

b. Set the data rate to 115,200 baud.

c. Set the data format to 8 data bits, 1 stop bit, and no parity.

d. Set the flow control to none.

NETGEAR 7000 Series Managed Switch Administration Guide

1-4 Getting Started

v1.0, March 2006

e. Select the proper mode under Properties.

f. Select Terminal keys.

Note: When using HyperT erminal with Microsoft W indows 2000, make sure that

you have Windows 2000 Service Pack 2 or later installed. With Windows

2000 Service Pack 2, the arrow keys function properly in HyperTerminal's

VT100 emulation. Go to

www.microsoft.com for more information on

Windows 2000 service packs.

3. Connect the female connector of the RS-232 crossover cable directly to the switch console

port, and tighten the captive retaining screws.

Starting the Switch

1. Make sure that the switch console port is connected to a VT100 terminal or VT100 terminal

emulator via the RS-232 crossover cable.

2. Locate an AC power receptacle.

3. Deactivate the AC power receptacle.

4. Connect the switch to the AC receptacle.

5. Activate the AC power receptacle.

When the power is turned on with the local terminal already connected, the switch goes through a

power-on self-test (POST). POST runs every time the switch is initialized and checks hardware

components to determine if the switch is fully operational before completely booting. If POST

detects a critical problem, the startup procedure stops. If POST passes successfully, a valid

executable image is loaded into RAM. POST messages are displayed on the terminal and indicate

test success or failure. The boot process runs for approximately 60 seconds.

Initial Configuration

The initial simple configuration procedure is based on the following assumptions:

• The switch was not configured before and is in the same state as when you received it.

• The switch booted successfully.

NETGEAR 7000 Series Managed Switch Administration Guide

Getting Started 1-5

v1.0, March 2006

• The console connection was established and the console prompt appears on the screen of a

VT100 terminal or terminal equivalent.

The initial switch configuration is performed through the console port. After the initial

configuration, you can manage the switch either from the already-connected console port or

remotely through an interface defined during the initial configuration.

The switch is not configured with a default user name and password.

All of the settings below are necessary to allow the remote management of the switch through

Telnet (Telnet client) or HTTP (Web browser).

Before setting up the initial configuration of the switch, obtain the following information from

your network administrator:

• The IP address to be assigned to the management interface through which the switch is

managed.

• The IP subnet mask for the network.

• The IP address of the default gateway.

Initial Configuration Procedure

You can perform the initial configuration using the Easy Setup Wizard or by using the Command

Line Interface (CLI). The Setup Wizard automatically starts when the switch configuration file is

empty. You can exit the wizard at any point by entering [ctrl+z]. For

more information on CLI

initial configuration, see the User’s Configuration Guide. This guide shows how to use the Setup

Wizard for initial switch configuration. The wizard s ets up the following configuration on the

switch:

• Establishes the initial privileged user account with a valid password. The wizard configures

one privileged user account during the set up.

• Enables CLI login and HTTP access to use the local authentication setting only.

• Sets up the IP address for the management interface.

• Sets up the SNMP community string to be used by the SNMP manager at a given IP address.

You may choose to skip this step if SNMP management is not used for this switch.

• Allows you to specify the management server IP or permit SNMP access from all IP

addresses.

• Configures the default gateway IP address.

NETGEAR 7000 Series Managed Switch Administration Guide

1-6 Getting Started

v1.0, March 2006

Software Installation

This section contains procedures to help you become acquainted quickly with the switch software.

Before installing switch software, you should verify that the switch operates with the most recent

firmware.

Quick Starting the Networking Device

1. Configure the switch for In-band or Out-of-Band connectivity. In-band connectivity allows

access to the software locally or from a remote workstation. You must configure the device

with IP information (IP address, subnet mask, and default gateway).

2. Turn the Power ON.

3. Allow the device to load the software until the login prompt appears. The device initial state is

called the default mode.

4. When the prompt asks for operator login, do the following steps:

–Type admin at the login prompt. Since a number of the Quick Setup commands require

administrator account rights, log in to an administrator account.

– Do not enter a password because the default mode does not use a password.

– Check the CLI User EXEC prompt is displayed.

–Enter enable to switch to the Privileged EXEC mode from User EXEC.

–Enter configure to switch to the Global Config mode from Privileged EXEC.

–Enter exit to return to the previous mode.

–Enter ? to show a list of commands that are available in the current mode.

System Information and System Setup

This section describes the commands you use to view system information and to setup the network

device.

Table 1-1 contains the Quick Start commands that allow you to view or configure the

following information:

• Software versions

• Physical port data

• User account management

• IP address configuration

NETGEAR 7000 Series Managed Switch Administration Guide

Getting Started 1-7

v1.0, March 2006

• Uploading from Networking Device to Out-of-Band PC (Only XMODEM)

• Downloading from Out-of-Band PC to Networking Device (Only XMODEM)

• Downloading from TFTP Server

• Restoring factory defaults

If you configure any network parameters, you should execute the following command:

copy system:running-config nvram:startup-config

This command saves the changes to the configuration file. You must be in the correct mode to

execute the command. If you do not save the configuration, all changes are lost when a you power

down or reset the networking device. In a stacking environment, the running configuration is saved

in all units of the stack.

Table 1-1 describes the command syntax, the mode you must be in to execute the command, and

the purpose and output of the command.

Table 1-1. Quick Start Commands

Command Mode Description

show hardware

Privileged

EXEC

Shows hardware version, MAC address, and software version

information.

show users

Privileged

EXEC

Displays all of the users that are allowed to access the network-

ing device.

Access Mode shows whether you can change parameters on the

networking device (Read/Write) or can only view them (Read

Only).

As a factory default, the ‘admin’ user has Read/Write access

and the ‘guest’ user has Read Only access. There can only be

one Read/Write user. There can be up to five Read Only users.

show

loginsession

User EXEC Displays all of the login session information.

users passwd

<username>

Global Config Allows the user to set passwords or change passwords needed

to login.

A prompt appears after the command is entered requesting the

users old password. In the absence of an old password leave the

area blank.

User password should not be more than eight characters in

length.

NETGEAR 7000 Series Managed Switch Administration Guide

1-8 Getting Started

v1.0, March 2006

copy system:run-

ning-config

nvram:startup-

config

Privileged

EXEC

Saves passwords and all other changes to the device.

If you do not save the configuration, all changes are lost when

you power down or reset the networking device. In a stacking

environment, the running configuration is saved in all units of

the stack.

logout User EXEC

Privileged

EXEC

Logs the user out of the networking device.

show network

User EXEC Displays the following network configuration information:

• IP Address - IP Address of the interface (default: 0.0.0.0)

• Subnet Mask - IP Subnet Mask for the interface (default:

0.0.0.0)

• Default Gateway - The default Gateway for this interface

(default: 0.0.0.0)

• Burned in MAC Address - The Burned in MAC Address used

for in-band connectivity

• Locally Administered MAC Address - Can be configured to

allow a locally administered MAC address

• MAC Address Type - Specifies which MAC address should

be used for in-band connectivity

• Network Configurations Protocol Current - Indicates which

network protocol is being used (default: none)

• Management VLAN Id - Specifies VLAN id

• Web Mode - Indicates whether HTTP/Web is enabled.

• Java Mode - Indicates whether java mode is enabled.

network parms

<ipaddr> <net-

mask> [gateway]

Privileged

EXEC

Sets the IP address, subnet mask and gateway of the router. The

IP address and the gateway must be on the same subnet. IP

address range is from 0.0.0.0 to 255.255.255.255.

copy nvram:star-

tup-config

<tftp://<ipad-

dress>/<file-

path>/<filename>>

Privileged

EXEC

Starts the configuration file upload, displays the mode and type

of upload and confirms the upload is progressing.

The URL must be specified as:

xmodem:<filepath>/<filename>

For example:

If the user is using HyperTerminal, the user must specify where

the file is going to be received by the PC.

Table 1-1. Quick Start Commands

Command Mode Description

NETGEAR 7000 Series Managed Switch Administration Guide

Getting Started 1-9

v1.0, March 2006

copy nvram:error-

log <tftp://

<ipaddress>/

<filepath>/<file

-

name>>

Privileged

EXEC

Starts the error log upload, displays the mode and type of

upload and confirms the upload is progressing.

The URL must be specified as:

xmodem:<filepath>/<filename>

copy nvram:tra-

plog <tftp://

<ipaddress>/

<filepath>/<file

-

name>>

Privileged

EXEC

Starts the trap log upload, displays the mode and type of upload

and confirms the upload is progressing.

The URL must be specified as:

xmodem:<filepath>/<filename>

copy <tftp://

<ipaddress>/

<filepath>/<file-

name>>

nvram:startup-

config

Privileged

EXEC

Sets the destination (download) datatype to be an image (sys-

tem:image) or a configuration file (nvram:startup-config).

The URL must be specified as:

xmodem:<filepath>/<filename>

For example:

If the user is using Hyper Terminal, the user must specify which

file is to be sent to the networking device.

The Networking Device restarts automatically once the code

has been downloaded.

copy <tftp://

<ipaddress>/

<filepath>/<file

-

name>> sys-

tem:image

Privileged

EXEC

Sets the destination (download) datatype to be an image (sys-

tem:image) or a configuration file (nvram:startup-config).

The URL must be specified as:

xmodem:<filepath>/<filename>

copy <tftp://

<ipaddress>/

<filepath>/<file

-

name>>

nvram:startup-

config

Privileged

EXEC

Sets the destination (download) datatype to be a configuration

file.

The URL must be specified as:

tftp://<ipaddress>/<filepath>/<filename>

Before starting a TFTP server download, you must configure

the IP address.

Table 1-1. Quick Start Commands

Command Mode Description

NETGEAR 7000 Series Managed Switch Administration Guide

1-10 Getting Started

v1.0, March 2006

copy <tftp://

<ipaddress>/

<filepath>/<file-

name>> sys-

tem:image

Privileged

EXEC

Sets the destination (download) datatype to be an image.

The URL must be specified as:

tftp://<ipaddress>/<filepath>/<filename>

The system:image option downloads the code file.

clear config

Privileged

EXEC

Enter yes when the prompt asks if you want to clear all the con-

figurations made to the networking device.

copy system:run-

ning-config

nvram:startup-

config

Privileged

EXEC

Enter yes when the prompt asks if you want to save the configu-

rations made to the networking device.

reload (or cold boot

the networking device)

Privileged

EXEC

Enter yes when the prompt asks if you want to reset the system.

You can reset the networking device or cold boot the network-

ing device. Both work effectively.

Table 1-1. Quick Start Commands

Command Mode Description

2-1

v1.0, March 2006

Chapter 2

Using the Web Interface

This chapter is a brief introduction to the web interface — it explains how to access the Web-based

management panels to configure and manage the system.

Tip: Use the Web interface for configuration instead of the CLI interface. We b

configuration is quicker and easier than entering the multiple required CLI

commands. There are equivalent functions in the Web interface and the terminal

interface—that is, both applications usually employ the same menus to accomplish a

task. For example, when you log in, there is a Main Menu with the same functions

available.

You can manage your switch through a Web browser and Internet connection. This is referred to as

Web-based management. To use Web-based management, the system must be set up for in-band

connectivity.

To access the switch, the Web browser must support:

• HTML version 4.0, or later

• HTTP version 1.1, or later

• JavaScript

(TM)

version 1.2, or later

There are several differences between the Web and terminal interfaces. For example, on the Web

interface the entire forwarding database can be displayed, while the terminal interface only

displays 10 entries starting at specified addresses.

To terminate the Web login session, close the web browser.

Configuring for Web Access

To enable Web access to the switch:

1. Configure the switch for in-band connectivity. The switch Getting Started Guide provides

instructions.

2. Enable Web mode:

NETGEAR 7000 Series Managed Switch Administration Guide

2-2 Using the Web Interface

v1.0, March 2006

a. At the CLI prompt, enter the show network command.

b. Set Web Mode to Enabled.

Starting the Web Interface

Follow these steps to start the switch Web interface:

1. Enter the IP address of the switch in the Web browser address field.

2. When the Login panel is displayed click Login.

3. .Enter the appropriate User Name and Password. The User Name and associated Password are

the same as those used for the terminal interface. Click on the Login button.

4. The System Description Menu displays, with the navigation tree appearing to the left of the

screen.

5. Make a selection by clicking on the appropriate item in the navigation tree.

Web Page Layout

A Web interface panel for the switch Web page consists of three areas.

A banner graphic of the switch appears across the top of the panel.

The second area, a hierarchical-tree view appears to the left of the panel. The tree consists of a

combination of folders, subfolders, and configuration and status HTML pages. You can think of

the folders and subfolders as branches and the configuration and status HTML pages as leafs. Only

the selection of a leaf (not a folder or subfolder) will cause the display of a new HTML page. A

folder or subfolder has no corresponding HTML page.

The third area, at the bottom-right of the panel, displays the currently selected device configuration

status and/or the user configurable information that you have selected from the tree view.

Configuring an SNMP V3 User Profile

Configuring an SNMP V3 user profile is a part of user configuration. Any user can connect to the

switch using the SNMPv3 protocol, but for authentication and encryption, additional steps are

needed. Use the following steps to configure an SNMP V3 new user profile.

1. Select System>Configuration>User Accounts from the hierarchical tree on the left side of

the web interface.

2. Using the User pulldown menu, select Create to create a new user.

NETGEAR 7000 Series Managed Switch Administration Guide

Using the Web Interface 2-3

v1.0, March 2006

3. Enter a new user name in the User Name field.

4. Enter a new user password in the Password field and then retype it in the Confirm Password

field.

Note: If SNMPv3 Authentication is to be used for this user, the password must be

eight or more alphanumeric characters.

5. If you do not need authentication, go to Step 9.

6. To enable authentication, use the Authentication Protocol pulldown menu to select either

MD5 or SHA for the authentication protocol.

7. If you do not need encryption, go to Step 9.

8. To enable encryption, use the Encryption Protocol pulldown menu to select DES for the

encryption scheme. Then, enter in the Encryption Key field an encryption code of eight or

more alphanumeric characters.

9. Click Submit.

Command Buttons

The following command buttons are used throughout the Web interface panels for the switch:

Save Pressing the Save button implements and saves the changes you

just made. Some settings may require you to reset the system in

order for them to take effect.

Refresh Pressing the Refresh button that appears next to the Apply button

in Web interface panels refreshes the data on the panel.

Submit Pressing the Submit button sends the updated configuration to the

switch. Configuration changes take effect immediately, but these

changes are not retained across a power cycle unless a save is per

-

formed.

NETGEAR 7000 Series Managed Switch Administration Guide

2-4 Using the Web Interface

v1.0, March 2006

3-1

v1.0, March 2006

Chapter 3

Virtual LANs

Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both

bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header,

which is fast, and like a router, it partitions the network into logical segments, which provides

better administration, security and management of multicast traffic.

A VLAN is a set of end stations and the switch ports that connect them. You may have many

reasons for the logical division, such as department or project membership. The only physical

requirement is that the end station and the port to which it is connected both belong to the same

VLAN.

Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in

the Layer 2 header of packets transmitted on a VLAN. An end station may omit the tag, or the

VLAN portion of the tag, in which case the first switch port to receive the packet may either reject

it or insert a tag using its default VLAN ID. A given port may handle traffic for more than one

VLAN, but it can only support one default VLAN ID.

The Private Edge VLAN feature lets you set protection between ports located on the switch. This

means that a protected port cannot forward traffic to another protected port on the same switch.

The feature does not provide protection between ports located on different switches.

NETGEAR 7000 Series Managed Switch Administration Guide

3-2 Virtual LANs

v1.0, March 2006

VLAN Configuration Example

The diagram in this section shows a switch with four ports configured to handle the traffic for two

VLANs. port 1/2/2 handles traffic for both VLANs, while port 1/2/1 is a member of VLAN 2 only,

and ports 1/2/3 and 1/2/4 are members of VLAN 3 only. The script following the diagram shows

the commands you would use to configure the switch as shown in the diagram.

Figure 3-1

CLI Examples

The following examples show how to create VLANs, assign ports to the VLANs, and assign a

VLAN as the default VLAN to a port.

Example #1: Create Two VLANs

Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the

names blank.

(Netgear Switch) #vlan database

(Netgear Switch) (Vlan)#vlan 2

(Netgear Switch) (Vlan)#vlan 3

(Netgear Switch) (Vlan)#exit