Netgear GSM4210P User manual
M4200 and M4300 Series ProSAFE Managed Switches
Software Administration Manual
Software Version 12.0.2
July 2016
202-11586-03
350 East Plumeria Drive
San Jose, CA 95134
USA
Managed Switches
Support
Thank you for purchasing this NETGEAR product. You can visit www.netgear.com/support to register your product, get help,
access the latest downloads and user manuals, and join our community. We recommend that you use only official NETGEAR
support resources.
Conformity
For the current EU Declaration of Conformity, visit http://kb.netgear.com/app/answers/detail/a_id/11621.
Compliance
For regulatory compliance information, visit http://www.netgear.com/about/regulatory.
See the regulatory compliance document before connecting the power supply.
Trademarks
© NETGEAR, Inc., NETGEAR and the NETGEAR Logo are trademarks of NETGEAR, Inc. Any non-NETGEAR trademarks are
used for reference purposes only.
Revision History
Publication
Part Number
202-11586-03 July 2016 Added or changed the following sections:
202-11586-02 May 2016 Updated Compatible Switch Models.
202-11586-01 December 2015 Initial publication.
Publication
Date
Comments
• Add ACL Remarks
• Change the Sequence of an ACL Rule
• Command Authorization
• Privileged Exec Command Mode Authorization
• Error Disablement and Automatic Error Recovery
• Loop Protection
• Nondisruptive Configuration Management
• DHCP L3 Relay
Made minor changes to other sections.
2
Table of Contents
Chapter 1 Documentation Resources
Chapter 2 VLANs
VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
CLI: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Web Interface: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Assign Ports to VLAN 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
CLI: Assign Ports to VLAN 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Web Interface: Assign Ports to VLAN 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Create Three VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
CLI: Create Three VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Web Interface: Create Three VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Assign Ports to VLAN 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
CLI: Assign Ports to VLAN 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Web Interface: Assign Ports to VLAN 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Assign VLAN 3 as the Default VLAN for Port 1/0/2 . . . . . . . . . . . . . . . . . . . . . . 26
CLI: Assign VLAN 3 as the Default VLAN for Port 1/0/2 . . . . . . . . . . . . . . . . 26
Web Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2 . . . . . . 27
Create a MAC-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
CLI: Create a MAC-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Web Interface: Assign a MAC-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
CLI: Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Web Interface: Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . 32
Virtual VLANs: Create an IP Subnet–Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . 35
CLI: Create an IP Subnet–Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Web Interface: Create an IP Subnet–Based VLAN. . . . . . . . . . . . . . . . . . . . . . 37
Voice VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
CLI: Configure Voice VLAN and Prioritize Voice Traffic. . . . . . . . . . . . . . . . . . 39
Web Interface: Configure Voice VLAN and Prioritize Voice Traffic . . . . . . . . 41
Configure GARP VLAN Registration Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
CLI: Enable GVRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Web Interface: Configure GVRP on switch A . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Web Interface: Configure GVRP on Switch B . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Assign Private-VLAN Types (Primary, Isolated, Community). . . . . . . . . . . . . . . 54
CLI: Assign Private-VLAN Type (Primary, Isolated, Community) . . . . . . . . . 54
Web Interface: Assign Private-VLAN Type (Primary,
Isolated, Community). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3
Managed Switches
Configure Private-VLAN Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
CLI: Configure Private-VLAN Association. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Web Interface: Configure Private-VLAN Association . . . . . . . . . . . . . . . . . . . 56
Configure Private-VLAN Port Mode (Promiscuous, Host) . . . . . . . . . . . . . . . . . 57
CLI: Configure Private-VLAN Port Mode (Promiscuous, Host) . . . . . . . . . . . 57
Web Interface: Configure Private-VLAN Port Mode
(Promiscuous, Host). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Configure Private-VLAN Host Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
CLI: Configure Private-VLAN Host Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Web Interface: Assign Private-VLAN Port Host Ports. . . . . . . . . . . . . . . . . . . 59
Map Private-VLAN Promiscuous Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
CLI: Map Private-VLAN Promiscuous Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Web Interface: Map Private-VLAN Promiscuous Port. . . . . . . . . . . . . . . . . . . 60
VLAN Access Ports and Trunk Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
CLI: Configure a VLAN Trunk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Web Interface: Configure a VLAN Trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Chapter 3 LAGs
Link Aggregation Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Add Ports to LAGs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
CLI: Add Ports to the LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Web Interface: Add Ports to LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Chapter 4 Port Routing
Port Routing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Port Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
CLI: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Web Interface: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . 74
Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
CLI: Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Web Interface: Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . . 75
Add a Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
CLI: Add a Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Web Interface: Add a Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Add a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
CLI: Add a Static Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Web Interface: Add a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Chapter 5 VLAN Routing
VLAN Routing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
CLI: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Web Interface: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Set Up VLAN Routing for the VLANs and the Switch. . . . . . . . . . . . . . . . . . . . . . 86
CLI: Set Up VLAN Routing for the VLANs and the Switch. . . . . . . . . . . . . . . . 86
4
Managed Switches
Web Interface: Set Up VLAN Routing for the VLANs and the Switch . . . . . . 87
Chapter 6 RIP
Routing Information Protocol Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
CLI: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Web Interface: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . 90
Enable Routing for Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
CLI: Enable Routing and Assigning IP Addresses for Ports
1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Web Interface: Enable Routing for the Ports . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Enable RIP on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
CLI: Enable RIP on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Web Interface: Enable RIP on the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
CLI: Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Web Interface: Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . 94
Configure VLAN Routing with RIP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
CLI: Configure VLAN Routing with RIP Support . . . . . . . . . . . . . . . . . . . . . . . . 95
Web Interface: Configure VLAN Routing with RIP Support . . . . . . . . . . . . . . 97
Chapter 7 OSPF
Open Shortest Path First Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Inter-area Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
CLI: Configure an Inter-area Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Web Interface: Configure an Inter-area Router . . . . . . . . . . . . . . . . . . . . . . .104
OSPF on a Border Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
CLI: Configure OSPF on a Border Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Web Interface: Configure OSPF on a Border Router . . . . . . . . . . . . . . . . . . . 109
Stub Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
CLI: Configure Area 1 as a Stub Area on A1 . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Web Interface: Configure Area 1 as a Stub Area on A1 . . . . . . . . . . . . . . . .116
CLI: Configure Area 1 as a Stub Area on A2 . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Web Interface: Configure Area 1 as a Stub Area on A2 . . . . . . . . . . . . . . . .121
NSSA Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
CLI: Configure Area 1 as an NSSA Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Web Interface: Configure Area 1 as an NSSA Area on A1. . . . . . . . . . . . . . . 125
CLI: Configure Area 1 as an NSSA Area on A2 . . . . . . . . . . . . . . . . . . . . . . . . 128
Web Interface: Configure Area 1 as an NSSA Area on A2. . . . . . . . . . . . . . . 130
VLAN Routing OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
CLI: Configure VLAN Routing OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Web Interface: Configure VLAN Routing OSPF . . . . . . . . . . . . . . . . . . . . . . .137
OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
CLI: Configure OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Web Interface: Configure OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
5
Managed Switches
Chapter 8 PBR
Policy-Based Routing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Route-Map Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
PBR Processing Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
PBR Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
PBR Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Chapter 9 ARP
Proxy ARP Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Proxy ARP Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
CLI: show ip interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
CLI: ip proxy-arp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Web Interface: Configure Proxy ARP on a Port . . . . . . . . . . . . . . . . . . . . . . . 154
Chapter 10 VRRP
Virtual Router Redundancy Protocol Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . 156
VRRP on a Master Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
CLI: Configure VRRP on a Master Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Web Interface: Configure VRRP on a Master Router. . . . . . . . . . . . . . . . . . . 158
VRRP on a Backup Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
CLI: Configure VRRP on a Backup Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Web Interface: Configure VRRP on a Backup Router. . . . . . . . . . . . . . . . . . . 160
Chapter 11 ACLs
Access Control List Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
ACL Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Set Up an IP ACL with Two Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
CLI: Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Web Interface: Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . 166
One-Way Access Using a TCP Flag in an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
CLI: Configure One-Way Access Using a TCP Flag in an ACL . . . . . . . . . . . . 169
Web Interface: Configure One-Way Access Using a TCP
Flag in an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Use ACLs to Configure Isolated VLANs on a Layer 3 Switch. . . . . . . . . . . . . . . 184
CLI: Configure One-Way Access Using a TCP Flag in ACL
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Web Interface: Configure One-Way Access Using a TCP
Flag in an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
CLI: Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Web Interface: Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . . . . . . 196
Configure ACL Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
CLI: Configure ACL Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
6
Managed Switches
Web Interface: Configure ACL Mirroring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Configure ACL Redirection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
CLI: Redirect a Traffic Stream . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Web Interface: Redirect a Traffic Stream . . . . . . . . . . . . . . . . . . . . . . . . . . . .206
Add ACL Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Change the Sequence of an ACL Rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Configure a Management ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Example 1: Permit Any Host to Access the Switch Through
Telnet or HTTP: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Example 2: Permit a Specific Host to Access the Switch
Through SSH Only. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Configure IPv6 ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
CLI: Configure an IPv6 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Web Interface: Configure an IPv6 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Chapter 12 CoS Queuing
CoS Queuing Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
CoS Queue Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Trusted Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
Untrusted Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
CoS Queue Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
CLI: Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Web Interface: Show classofservice Trust. . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Set classofservice Trust Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
CLI: Set classofservice Trust Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Web Interface: Set classofservice Trust Mode . . . . . . . . . . . . . . . . . . . . . . . . 226
Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode. . 226
CLI: Configure Cos-queue Min-bandwidth and Strict Priority
Scheduler Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Web Interface: Configure CoS-queue Min-bandwidth and
Strict Priority Scheduler Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Set CoS Trust Mode for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
CLI: Set CoS Trust Mode for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Web Interface: Set CoS Trust Mode for an Interface. . . . . . . . . . . . . . . . . . . 228
Configure Traffic Shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
CLI: Configure traffic-shape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Web Interface: Configure Traffic Shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Chapter 13 DiffServ
Differentiated Services Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
CLI: Configure DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Web Interface: Configure DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
DiffServ for VoIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
CLI: Configure DiffServ for VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Web Interface: Diffserv for VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
7
Managed Switches
Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Protocol-Based Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
OUI-Based Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Example 1: Enable Protocol-Based Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . 257
Example 2: Change the Queue of Protocol-Based Auto VoIP . . . . . . . . . . . 258
Example 3: Create an Auto VoIP VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
DiffServ for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
CLI: Configure DiffServ for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Web Interface: Configure DiffServ for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . 262
Color Conform Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
CLI: Configure a Color Conform Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Web Interface: Configure a Color Conform Policy. . . . . . . . . . . . . . . . . . . . . 270
WRED Explicit Congestion Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Chapter 14 IGMP Snooping and Querier
Internet Group Management Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . 279
IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
CLI: EnaP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
The following example shows how to enable IGble IGMMP snooping.. . . . 279
Web Interface: Enable IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
CLI: Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Web Interface: Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Show mac-address-table igmpsnooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
CLI for IGMPv1 and IGMPv2: Show mac-address-table igmpsnooping . . 281
CLI for IGMPv3: show igmpsnooping ssm entries . . . . . . . . . . . . . . . . . . . . . 281
Web Interface: Show mac-address-table igmpsnooping . . . . . . . . . . . . . . . 282
External Multicast Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
CLI: Configure the Switch with an External Multicast Router . . . . . . . . . . . 282
Web Interface: Configure the Switch with an External Multicast Router. . 282
Multicast Router Using VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
CLI: Configure the Switch with a Multicast Router Using VLAN . . . . . . . . . 283
Web Interface: Configure the Switch with a Multicast Router
Using VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
IGMP Querier Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Enable IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
CLI: Enable IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Web Interface: Enable IGMP Querier. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Show IGMP Querier Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
CLI: Show IGMP Querier Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Web Interface: Show IGMP Querier Status. . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Chapter 15 MVR
Multicast VLAN Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Configure MVR in Compatible Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
CLI: Configure MVR in Compatible Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Web Interface: Configure MVR in Compatible Mode. . . . . . . . . . . . . . . . . . . 294
8
Managed Switches
Configure MVR in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
CLI: Configure MVR in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Web Interface: Configure MVR in Dynamic Mode . . . . . . . . . . . . . . . . . . . . . 300
Chapter 16 Security Management
Port Security Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . . . . . . . . . . . . . . . . . 306
CLI: Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . . . . . . . . . . . 306
Web Interface: Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . 306
Convert the Dynamic Address Learned from 1/0/1 to a Static Address . . . . 307
CLI: Convert the Dynamic Address Learned from 1/0/1 to the
Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Web Interface: Convert the Dynamic Address Learned from
1/0/1 to the Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Create a Static Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
CLI: Create a Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308
Web Interface: Create a Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Protected Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
CLI: Configure a Protected Port to Isolate Ports on the Switch. . . . . . . . . . 310
Web Interface: Configure a Protected Port to Isolate Ports
on the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
802.1x Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
CLI: Authenticating dot1x Users by a RADIUS Server. . . . . . . . . . . . . . . . . . 316
Web Interface: Authenticating dot1x Users by a RADIUS Server . . . . . . . . 317
Create a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
CLI: Create a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Web Interface: Create a Guest VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Assign VLANs Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
CLI: Assign VLANS Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Web Interface: Assign VLANS Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . 329
Dynamic ARP Inspection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
CLI: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Web Interface: Configure Dynamic ARP Inspection. . . . . . . . . . . . . . . . . . . . 334
Static Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
CLI: Configure Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Web Interface: Configure Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
CLI: Configure DHCP Snooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Web Interface: Configure DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Find a Rogue DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
CLI: Find a Rogue DHCP server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Web Interface: Find a Rogue DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Enter Static Binding into the Binding Database. . . . . . . . . . . . . . . . . . . . . . . . . . 346
CLI: Enter Static Binding into the Binding Database . . . . . . . . . . . . . . . . . . . 346
Web Interface: Enter Static Binding into the Binding Database . . . . . . . . . .346
Maximum Rate of DHCP Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
CLI: Configure the Maximum Rate of DHCP Messages. . . . . . . . . . . . . . . . . 347
Web Interface: Configure the Maximum Rate of DHCP Messages . . . . . . . 347
9
Managed Switches
IP Source Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
CLI: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Web Interface: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . 350
Command Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
CLI Example 1: Configure Command Authorization by a TACACS+ Server353
CLI Example 2: Configure Command Authorization by a RADIUS Server . 356
Privileged Exec Command Mode Authorization . . . . . . . . . . . . . . . . . . . . . . . . . 359
CLI Example 1: Configure EXEC Authorization by a TACACS+ Server . . . . 359
CLI Example 2: Configure EXEC Authorization by a RADIUS Server. . . . . . 362
Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
CLI: Configure Telnet Command Accounting by a TACACS+ Server . . . . . . 364
Configure Telnet EXEC Accounting by RADIUS Server . . . . . . . . . . . . . . . . . 365
Use the Authentication Manager to Set Up an
Authentication Method List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Configure a Dot1x–MAB Authentication Method List with
Dot1x–MAB Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Configure a Dot1x–MAB Authentication Method List with
MAB–Dot1x Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Configure a Dot1x, MAB, and Captive Portal Authentication
Method List with Default Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
RADIUS Change of Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
IPv6 Stateless RA Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Chapter 17 MAB
MAC Authentication Bypass Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Configure MAC Authentication Bypass on a Switch. . . . . . . . . . . . . . . . . . . . . . 377
Configure a Network Policy Server on a Microsoft
Windows Server 2008 R2 or Later Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Configure an Active Directory on a Microsoft Windows
Server 2008 R2 or Later Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Reduce the MAB Authentication Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
CLI: Reduce the Authentication Time for MAB. . . . . . . . . . . . . . . . . . . . . . . . 391
Web Interface: Reduce the Authentication Time for MAB . . . . . . . . . . . . . . 391
Chapter 18 SNTP
Simple Network Time Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Show SNTP (CLI Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
show sntp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
show sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
show sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
CLI: Configure SNTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Web Interface: Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Set the Time Zone (CLI Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
CLI: Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Web Interface: Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . 398
10
Managed Switches
Chapter 19 Tools
Traceroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
CLI: Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Web Interface: Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402
Configuration Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402
script Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
script list Command and script delete Command. . . . . . . . . . . . . . . . . . . . . .403
script apply running-config.scr Command . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Create a Configuration Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Upload a Configuration Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Pre-Login Banner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .405
Create a Pre-Login Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .405
Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
CLI: Specify the Source (Mirrored) Ports and Destination (Probe) . . . . . . 406
Web Interface: Specify the Source (Mirrored) Ports and
Destination (Probe) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Remote SPAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
CLI: Enable RSPAN on a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Dual Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
CLI: Download a Backup Image and Make It Active. . . . . . . . . . . . . . . . . . . . 411
Web Interface: Download a Backup Image and Make It Active . . . . . . . . . . 412
Outbound Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
CLI: show network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
CLI: show telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
CLI: transport output telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Web Interface: Configure Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
CLI: Configure the Session Limit and Session Time-out . . . . . . . . . . . . . . . . 416
Web Interface: Configure the Session Time-out . . . . . . . . . . . . . . . . . . . . . . 416
Error Disablement and Automatic Error Recovery . . . . . . . . . . . . . . . . . . . . . . . 417
Loop Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Nondisruptive Configuration Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Full Memory Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Chapter 20 Syslog
Syslog Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Show Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
CLI: Show Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Web Interface: Show Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
Show Logging Buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
CLI: Show Logging Buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Web Interface: Show Logging Buffered. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427
Show Logging Traplogs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
CLI: Show Logging Traplogs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Web Interface: Show Logging Trap Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428
Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
CLI: Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Web Interface: Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
11
Managed Switches
Configure Logging for a Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
CLI: Configure Logging for the Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Web Interface: Configure Logging for the Port . . . . . . . . . . . . . . . . . . . . . . . 430
Email Alerting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
CLI: Send Log Messages to admin@switch.com Using
Account aaaa@netgear.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Chapter 21 Switch Stacks
Switch Stack Management and Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Stack Master and Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Stack Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Stack Member Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Stack Member Priority Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Install and Power-up a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Compatible Switch Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Install a Switch Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Switch Firmware and Firmware Mismatch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Migrate Configuration with a Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . 439
Web Interface: Copy Master Firmware to a Stack Member. . . . . . . . . . . . . 439
Stack Switches Using a 10G Copper Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
CLI: Configure the 10G Copper Ports as Stack Ports . . . . . . . . . . . . . . . . . . 441
Web Interface: Configure the 10G Copper Ports as Stack Ports . . . . . . . . 443
Add, Remove, or Replace a Stack Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Add Switches to an Operating Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Remove a Switch from a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Replace a Stack Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Switch Stack Configuration Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
Preconfigure a Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
Renumber Stack Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
CLI: Renumber Stack Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
Web Interface: Renumber Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Move the Stack Master to a Different Unit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
CLI: Move the Stack Master to a Different Unit. . . . . . . . . . . . . . . . . . . . . . . 451
Web Interface: Move the Stack Master to a Different Unit . . . . . . . . . . . . . 451
Chapter 22 SNMP
Add a New Community. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
CLI: Add a New Community. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Web Interface: Add a New Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
CLI: Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Web Interface: Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
SNMP Version 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
CLI: Configure SNMPv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
Web Interface: Configure SNMPv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
12
Managed Switches
sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
CLI: Configure Statistical Packet-Based Sampling of Packet
Flows with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Web Interface: Configure Statistical Packet-based Sampling
with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Time-Based Sampling of Counters with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . .460
CLI: Configure Time-Based Sampling of Counters with sFlow. . . . . . . . . . . 460
Web Interface: Configure Time-Based Sampling of Counters
with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Chapter 23 DNS
Domain Name System Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Specify Two DNS Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
CLI: Specify Two DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Web Interface: Specify Two DNS Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Manually Add a Host Name and an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . 464
CLI: Manually Add a Host Name and an IP Address . . . . . . . . . . . . . . . . . . . . 464
Web Interface: Manually Add a Host Name and an IP Address. . . . . . . . . . . 464
Chapter 24 DHCP Server
Dynamic Host Configuration Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . 466
Configure a DHCP Server in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
CLI: Configure a DHCP Server in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . . 466
Web Interface: Configure a DHCP Server in Dynamic Mode . . . . . . . . . . . .467
Configure a DHCP Server that Assigns a Fixed IP Address . . . . . . . . . . . . . . . . 469
CLI: Configure a DHCP Server that Assigns a Fixed IP Address . . . . . . . . . . 469
Web Interface: Configure a DHCP Server that Assigns a Fixed IP Address 470
Chapter 25 DHCPv6 Server
Dynamic Host Configuration Protocol Version 6 Concepts. . . . . . . . . . . . . . . . 473
CLI: Configure DHCPv6 Prefix Delegation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Web Interface: Configure DHCPv6 Prefix Delegation . . . . . . . . . . . . . . . . . . . .475
Configure a Stateless DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
CLI: Configure a Stateless DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Web Interface: Configure a Stateless DHCPv6 Server . . . . . . . . . . . . . . . . . 480
Configure a Stateful DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
CLI: Configure a Stateful DHCPv6 Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Web Interface: Configure a Stateful DHCPv6 Server . . . . . . . . . . . . . . . . . . 484
CLI: Set Up a Configuration With a DHCPv6 Server and DHCPv6 Relay . . . . 488
Configure the DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
Configure the DHCPv6 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Chapter 26 DVLANs and Private VLANs
Double VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
CLI: Enable a Double VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .493
Web Interface: Enable a Double VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
13
Managed Switches
Private VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
CLI: Create a Private VLAN Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
Web Interface: Create a Private VLAN Group. . . . . . . . . . . . . . . . . . . . . . . . . 498
Chapter 27 STP
Spanning Tree Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Configure Classic STP (802.1d) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
CLI: Configure Classic STP (802.1d) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Web Interface: Configure Classic STP (802.1d) . . . . . . . . . . . . . . . . . . . . . . 503
Configure Rapid STP (802.1w). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
CLI: Configure Rapid STP (802.1w). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
Web Interface: Configure Rapid STP (802.1w) . . . . . . . . . . . . . . . . . . . . . . . 505
Configure Multiple STP (802.1s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
CLI: Configure Multiple STP (802.1s). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Web Interface: Configure Multiple STP (802.1s) . . . . . . . . . . . . . . . . . . . . . 507
Configure PVSTP and PVRSTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
CLI: Configure PVSTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
Web Interface: Configure PVSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
Chapter 28 Tunnels for IPv6
Tunnel Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
Create a 6in4 Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
CLI: Create a 6in4 Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Web Interface: Create a 6in4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
Create a 6to4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
CLI: Create a 6to4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Web Interface: Create a 6to4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
Chapter 29 IPv6 Interface Configuration
Create an IPv6 Routing Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544
CLI: Create an IPv6 Routing Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544
Web Interface: Create an IPv6 Routing Interface . . . . . . . . . . . . . . . . . . . . . 545
Create an IPv6 Routing VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
CLI: Create an IPv6 Routing VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
Web Interface: Create an IPv6 VLAN Routing Interface . . . . . . . . . . . . . . . . 549
Configure DHCPv6 Mode on the Routing Interface. . . . . . . . . . . . . . . . . . . . . . 551
CLI: Configure DHCPv6 mode on routing interface . . . . . . . . . . . . . . . . . . . 551
Web Interface: Configure DHCPv6 mode on routing interface . . . . . . . . . . 552
Chapter 30 PIM
Protocol Independent Multicast Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
CLI: Configure PIM-DM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
Web Interface: Configure PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579
14
Managed Switches
CLI: Configure PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580
Web Interface: Configure PIM-SM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584
Chapter 31 DHCP L2 Relay and L3 Relay
DHCP L2 Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
CLI: Enable DHCP L2 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Web Interface: Enable DHCP L2 Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607
DHCP L3 Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
Configure the DHCP L3 Server in a Windows Server Operating System. . 610
Configure a DHCP L3 Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618
Chapter 32 MLD
Multicast Listener Discovery Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624
Configure MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .624
CLI: Configure MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625
Web Interface: Configure MLD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 627
MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636
CLI: Configure MLD Snooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637
Web Interface: Configure MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638
Chapter 33 DVMRP
Distance Vector Multicast Routing Protocol Concepts . . . . . . . . . . . . . . . . . . . 641
CLI: Configure DVMRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642
Web Interface: Configure DVMRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
Chapter 34 Link Dependency
Link Dependency Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
CLI: Create a Link State Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
Web Interface: Create a Link State Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660
Chapter 35 Captive Portals
Captive Portal Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664
Captive Portal Configuration Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665
Enable a Captive Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665
CLI: Enable a Captive Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665
Web Interface: Enable a Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .666
Client Access, Authentication, and Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667
Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .667
CLI: Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667
Web Interface: Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . 668
Local Authorization, Create Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 668
CLI: Create Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 668
Web Interface: Create Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669
Remote Authorization (RADIUS) User Configuration . . . . . . . . . . . . . . . . . . . . 670
CLI: Configure RADIUS as the Verification Mode. . . . . . . . . . . . . . . . . . . . . . 671
15
Managed Switches
Web Interface: Configure RADIUS as the Verification Mode . . . . . . . . . . . . 672
SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 672
Chapter 36 iSCSI
iSCSI Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674
Enable iSCSI Awareness with VLAN Priority Tag. . . . . . . . . . . . . . . . . . . . . . . . . 675
CLI: Enable iSCSI Awareness with VLAN Priority Tag. . . . . . . . . . . . . . . . . . . 675
Web Interface: Enable iSCSI Awareness with VLAN Priority Tag . . . . . . . . . 675
Enable iSCSI Awareness with DSCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676
CLI: Enable iSCSI Awareness with DSCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676
Web Interface: Enable iSCSI Awareness with DSCP. . . . . . . . . . . . . . . . . . . . 676
Set the iSCSI Target Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
CLI: Set iSCSI Target Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
Web Interface: Set iSCSI Target Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
CLI: Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
Web Interface: Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
Chapter 37 Override Factory Defaults
Override the Factory Default Configuration File . . . . . . . . . . . . . . . . . . . . . . . . 681
CLI: Install Another Factory Defaults Configuration File. . . . . . . . . . . . . . . . 681
CLI: Erase the Old Factory Default Configuration File. . . . . . . . . . . . . . . . . . 682
Chapter 38 NETGEAR SFP
Connect with NETGEAR SFP AGM731F. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684
Index
16
1. Documentation Resources
Before installation, read the release notes for your switch. The release notes detail the
platform-specific functionality of the switching, routing, SNMP, configuration, management, and
other packages. In addition, see the following publications:
• The installation guide for your switch:
- Installation NETGEAR ProSAFE Managed Switches, M4200 Series
- Installation NETGEAR ProSAFE Managed Switches, M4300 Series
• The hardware installation guide for your switch:
- ProSAFE Managed Switch Series M4200 Hardware Installation Guide
- ProSAFE Managed Switch Series M4200 Hardware Installation Guide
• M4200 and M4300 Series ProSAFE Managed Switches Software Setup Manual
• M4200 and M4300 Series ProSAFE Managed Switches CLI Command Reference
Manual
• M4200 and M4300 Web Management User Guide
1
Note: For more information about the topics covered in this manual, visit the
support website at netgear.com/support.
Note: Firmware updates with new features and bug fixes are made
available from time to time on downloadcenter.netgear.com. Some
products can regularly check the site and download new firmware, or
you can check for and download new firmware manually. If the
features or behavior of your product do not match what is described in
this guide, you might need to update your firmware.
17
2. VLANs
Virtual LANs
This chapter includes the following sections:
• VLAN Concepts
• Create Two VLANs
• Assign Ports to VLAN 2
• Create Three VLANs
• Assign Ports to VLAN 3
• Assign VLAN 3 as the Default VLAN for Port 1/0/2
• Create a MAC-Based VLAN
• Create a Protocol-Based VLAN
• Virtual VLANs: Create an IP Subnet–Based VLAN
• Voice VLANs
• Configure GARP VLAN Registration Protocol
• Private VLANs
• Assign Private-VLAN Types (Primary, Isolated, Community)
2
• Configure Private-VLAN Association
• Configure Private-VLAN Port Mode (Promiscuous, Host)
• Configure Private-VLAN Host Ports
• Map Private-VLAN Promiscuous Port
• VLAN Access Ports and Trunk Ports
18
Managed Switches
VLAN Concepts
Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both
bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2
header, which is fast. Like a router, it partitions the network into logical segments, which
provides better administration, security, and management of multicast traffic.
A VLAN is a set of end stations and the switch ports that connect them. You can have
different reasons for the logical division, such as department or project membership. The only
physical requirement is that the end station and the port to which it is connected both belong
to the same VLAN.
Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag
in the Layer 2 header of packets transmitted on a VLAN. An end station might omit the tag, or
the VLAN portion of the tag, in which case the first switch port to receive the packet can
either reject it or insert a tag using its default VLAN ID. A given port can handle traffic for
more than one VLAN, but it can support only one default VLAN ID.
The Private Edge VLAN feature lets you set protection between ports located on the switch.
This means that a protected port cannot forward traffic to another protected port on the same
switch. The feature does not provide protection between ports located on different switches.
The diagram in this section shows a switch with four ports configured to handle the traffic for
two VLANs. Port 1/0/2 handles traffic for both VLANs, while port 1/0/1 is a member of VLAN
2 only, and ports 1/0/3 and 1/0/4 are members of VLAN 3 only. The script following the
diagram shows the commands you would use to configure the switch as shown in the
diagram.
Layer 3 switch
Port 1/0/2 VLAN
Router Port 1/3/1
192.150.3.1
Port 1/0/1
Layer 2
Switch
VLAN 10 VLAN 20
Port 1/0/3 VLAN
Router Port 1/3/2
192.150.4.1
Layer 2
Switch
Figure 1. Switch with 4 ports configured for traffic from 2 VLANs
The following examples show how to create VLANs, assign ports to the VLANs, and assign a
VLAN as the default VLAN to a port.
VLANs
19
Managed Switches
Create Two VLANs
The example is shown as CLI commands and as a web interface procedure.
CLI: Create Two VLANs
Use the following commands to create two VLANs and to assign the VLAN IDs while leaving
the names blank.
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 2
(Netgear Switch) (Vlan)#vlan 3
(Netgear Switch) (Vlan)#exit
Web Interface: Create Two VLANs
1. Create VLAN2.
a. Select Switching > VLAN > Basic > VLAN Configuration.
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 2.
• In the VLAN Name field, enter VLAN2.
• In the VLAN Type list, select Static.
c. Click Add.
2. Create VLAN3.
a. Select Switching > VLAN > Basic > VLAN Configuration.
VLANs
20
Managed Switches
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 3.
• In the VLAN Name field, enter VLAN3.
• In the VLAN Type list, select Static.
c. Click Add.
Assign Ports to VLAN 2
This sequence shows how to assign ports to VLAN2, and to specify that frames will always
be transmitted tagged from all member ports and that untagged frames will be rejected on
receipt.
CLI: Assign Ports to VLAN 2
(Netgear Switch) #config
(Netgear Switch) (Config)#interface range 1/0/1-1/0/2
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 2
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit
(Netgear Switch) (Config)#vlan port tagging all 2
(Netgear Switch) (Config)#
VLANs
21
Managed Switches
Web Interface: Assign Ports to VLAN 2
1. Assign ports to VLAN2.
a. Select Switching > VLAN > Advanced > VLAN Membership.
A screen similar to the following displays.
b. In the VLAN ID list, select 2.
c. Click Unit 1. The ports display.
d. Click the gray boxes under ports 1 and 2 until T displays.
The T specifies that the egress packet is tagged for the ports.
e. Click Apply to save the settings.
2. Specify that only tagged frames will be accepted on ports 1/0/1 and 1/0/2.
a. Select Switching > VLAN > Advanced > Port PVID Configuration.
A screen similar to the following displays.
b. Under PVID Configuration, scroll down and select the check box for Interface 1/0/1.
Then scroll down and select the Interface 1/0/2 check box.
VLANs
22
Managed Switches
c. Enter the following information:
• In the Acceptable Frame Type polyhedron list, select VLAN Only.
• In the PVID (1 to 4093) field, enter 2.
d. Click Apply to save the settings.
Create Three VLANs
The example is shown as CLI commands and as a web interface procedure.
CLI: Create Three VLANs
Use the following commands to create three VLANs and to assign the VLAN IDs while
leaving the names blank.
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 100
(Netgear Switch) (Vlan)#vlan 101
(Netgear Switch) (Vlan)#vlan 102
(Netgear Switch) (Vlan)#exit
Web Interface: Create Three VLANs
1. Create VLAN100.
a. Select Switching > VLAN > Basic > VLAN Configuration.
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 100.
• In the VLAN Name field, enter VLAN100.
c. Click Add.
VLANs
23
Managed Switches
2. Create VLAN101.
a. Select Switching > VLAN > Basic > VLAN Configuration.
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 101.
• In the VLAN Name field, enter VLAN101.
c. Click Add.
3. Create VLAN102.
a. Select Switching > VLAN > Basic > VLAN Configuration.
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 102.
• In the VLAN Name field, enter VLAN102.
c. Click Add.
VLANs
24
Managed Switches
Assign Ports to VLAN 3
This example shows how to assign the ports that will belong to VLAN 3, and to specify that
untagged frames will be accepted on port 1/0/4. Note that port 1/0/2 belongs to both VLANs
and that port 1/0/1 can never belong to VLAN 3.
CLI: Assign Ports to VLAN 3
(Netgear Switch) (Config)#interface range 1/0/2-1/0/4
(Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3
(Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit
(Netgear Switch) (Config)#interface 1/0/4
(Netgear Switch) (Interface 1/0/4)#vlan acceptframe all
(Netgear Switch) (Interface 1/0/4)#exit
(Netgear Switch) (Config)#exit
Web Interface: Assign Ports to VLAN 3
1. Assign ports to VLAN3.
a. Select Switching > VLAN > Advanced > VLAN Membership.
A screen similar to the following displays.
b. In the VLAN ID list, select 3.
c. Click Unit 1. The ports display.
d. Click the gray boxes under ports 2, 3, and 4 until T displays.
The T specifies that the egress packet is tagged for the ports.
e. Click Apply to save the settings.
2. Specify that untagged frames will be accepted on port 1/0/4.
a. Select Switching > VLAN > Advanced > Port PVID Configuration.
VLANs
25
Managed Switches
A screen similar to the following displays.
b. Scroll down and select the Interface 1/0/4 check box.
Now 1/0/4 appears in the Interface field at the top.
c. In the Acceptable Frame Types list, select Admit All.
d. Click Apply to save the settings.
Assign VLAN 3 as the Default VLAN for Port 1/0/2
This example shows how to assign VLAN 3 as the default VLAN for port 1/0/2.
CLI: Assign VLAN 3 as the Default VLAN for Port 1/0/2
(Netgear Switch) #config
(Netgear Switch) (Config)#interface 1/0/2
(Netgear Switch) (Interface 1/0/2)#vlan pvid 3
(Netgear Switch) (Interface 1/0/2)#exit
(Netgear Switch) (Config)#exit
VLANs
26
Managed Switches
Web Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2
1. Select Switching > VLAN > Advanced > Port PVID Configuration.
A screen similar to the following displays.
2. Under PVID Configuration, scroll down and select the Interface 1/0/2 check box. Now 1/0/2
appears in the Interface field at the top.
3. In the PVID (1 to 4093) field, enter 3.
4. Click Apply to save the settings.
Create a MAC-Based VLAN
The MAC-based VLAN feature allows incoming untagged packets to be assigned to a VLAN
and thus classify traffic based on the source MAC address of the packet.
You define a MAC to VLAN mapping by configuring an entry in the MAC to VLAN table. An
entry is specified using a source MAC address and the appropriate VLAN ID. The MAC to
VLAN configurations are shared across all ports of the device (i.e., there is a system-wide
table that has MAC address to VLAN ID mappings).
When untagged or priority tagged packets arrive at the switch and entries exist in the MAC to
VLAN table, the source MAC address of the packet is looked up. If an entry is found, the
corresponding VLAN ID is assigned to the packet. If the packet is already priority tagged it
will maintain this value; otherwise, the priority will be set to 0 (zero). The assigned VLAN ID is
verified against the VLAN table. If the VLAN is valid, ingress processing on the packet
continues; otherwise, the packet is dropped. This implies that you can configure a MAC
address mapping to a VLAN that has not been created on the system.
VLANs
27
Managed Switches
CLI: Create a MAC-Based VLAN
1. Create VLAN3.
(Netgear Switch)#vlan database
(Netgear Switch)(Vlan)#vlan 3
(Netgear Switch)(Vlan)#exit
2. Add port 1/0/23 to VLAN3.
(Netgear Switch)#config
(Netgear Switch)(Config)#interface 1/0/23
(Netgear Switch)(Interface 1/0/23)#vlan participation include 3
(Netgear Switch)(Interface 1/0/23)#vlan pvid 3
(Netgear Switch)(Interface 1/0/23)#exit
3. Map MAC 00:00:0A:00:00:02 to VLAN3.
(Netgear Switch)(Config)#exit
(Netgear Switch)#vlan data
(Netgear Switch)(Vlan)#vlan association mac 00:00:00A:00:00:02 3
(Netgear Switch)(Vlan)#exit
4. Add all the ports to VLAN3.
(Netgear Switch)#config
(Netgear Switch)(Config)#interface range 1/0/1-1/0/28
(Netgear Switch)(conf-if-range-1/0/1-1/0/28)#vlan participation include 3
(Netgear Switch)(conf-if-range-1/0/1-1/0/28)#exit
(Netgear Switch)(Config)#exit
VLANs
28
Managed Switches
Web Interface: Assign a MAC-Based VLAN
1. Create VLAN3.
a. Select Switching > VLAN > Basic > VLAN Configuration.
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 3.
• In the VLAN Name field, enter VLAN3.
• In the VLAN Type list, select Static.
c. Click Add.
2. Assign ports to VLAN3.
a. Select Switching > VLAN > Advanced > VLAN Membership.
A screen similar to the following displays.
b. In the VLAN ID list, select 3.
c. Click Unit 1. The ports display.
VLANs
29
Managed Switches
d. Click the gray box before Unit 1 until U displays.
e. Click Apply.
3. Assign VPID3 to port 1/0/23.
a. Select Switching > VLAN > Advanced > Port PVID Configuration.
A screen similar to the following displays.
b. Scroll down and select the 1/0/23 check box.
c. In the PVID (1 to 4093) field, enter 3.
d. Click Apply to save the settings.
4. Map the specific MAC to VLAN3.
a. Select Switching > VLAN > Advanced > MAC based VLAN.
A screen similar to the following displays.
b. Enter the following information:
• In the MAC Address field, enter 00:00:0A:00:00:02.
• In the PVID (1 to 4093) field, enter 3.
c. Click Add.
VLANs
30
Loading...