Netgear M5300-28G-POE Installation Manual

Software Administration Manual

M5300, M6100, and M7100 Series ProSAFE Managed Switches

Software Administration Manual Software Version 11.0.0

August 2020 202-11527-03

NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134, USA

Managed Switches

Support and Community

Visit netgear.com/support to get your questions answered and access the latest downloads.

You can also check out our NETGEAR Community for helpful advice at community.netgear.com.

Regulatory and Legal

Si ce produit est vendu au Canada, vous pouvez accéder à ce document en français canadien à https://www.netgear.com/support/download/.

(If this product is sold in Canada, you can access this document in Canadian French at https://www.netgear.com/support/download/.)

For regulatory compliance information including the EU Declaration of Conformity, visit https://www.netgear.com/about/regulatory/.

See the regulatory compliance document before connecting the power supply.

For NETGEAR's Privacy Policy, visit https://www.netgear.com/about/privacy-policy.

By using this device, you are agreeing to NETGEAR's Terms and Conditions at https://www.netgear.com/about/terms-and-conditions. If you do not agree, return the device to your place of purchase within your return period.

Do not use this device outdoors. The PoE source is intended for intra building connection only.

Trademarks

Revision History

Publication Part Number

202-11527-03 August 2020 Correction on Chapter 30, STP: M5300 supports 4 PVSTP or PVRSTP

202-11527-02 October 2015 Made minor changes to the following chapters:

202-11527-01 March 2015 Added the following chapters:

Publication Date

Comments

instances.

• Chapter 4, MLAGs

• Chapter 10, PBR

• Chapter 24, Switch Stacks

• Chapter 39, Override Factory Defaults

Added the following sections:

• VLAN Access Ports and Trunk Ports

• Find a Rogue DHCP Server

• Use the Authentication Manager to Set Up an Authentication Method List

• Configure a Stateful DHCPv6 Server

• Configure PVSTP and PVRSTP

• Create a 6to4 Tunnel

Made changes and minor additions to various commands.

Software Administration Manual2

Managed Switches

202-11460-01 October 2014 Added the following chapters:

• Chapter 9, BGP

• Chapter 10, PBR

• Chapter 40, NETGEAR SFP

Added the following sections:

• Full Memory Dump

Replaced the Switch Stack chapter with Chapter 23, Chassis Switch Management.

Updated most of the rest of the manual.

202-11331-01 September 2013 Added the following chapters:

• Chapter 4, MLAGs

• Chapter 19, MAB

Added or revised the following sections:

• Configure GARP VLAN Registration Protocol

• Configure a Management ACL

• Authorization and Accounting

• Auto VoIP

• Remote SPAN

202-11161-01 February 2013 Updated the document.

October 2012 Added iSCSI features.

202-11153-01 August 2012 Added Private VLAN features.

202-10515-05 August 2012 Added the MVR feature.

202-10515-05 July 2011 Added DHCPv6 and DHCPv6 mode features.

202-10515-04 November 2010 Converted the book to a new format.

202-10515-03 June 2010 Moved some content to the Software Setup Guide.

202-10515-02 Software release 8.0.2: new firmware with DHCP L3 Relay, color conform

policy, DHCP server in dynamic mode, and configuring a stacking port as an Ethernet port.

202-10515-01 Initial publication.

Software Administration Manual3

Chapter 1 Documentation Resources

Chapter 2 VLANs

VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

CLI: Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Web Interface: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Assign Ports to VLAN 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

CLI: Assign Ports to VLAN 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Web Interface: Assign Ports to VLAN 2 . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Create Three VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

CLI: Create Three VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Web Interface: Create Three VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Assign Ports to VLAN 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

CLI: Assign Ports to VLAN 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Web Interface: Assign Ports to VLAN 3 . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Assign VLAN 3 as the Default VLAN for Port 1/0/2 . . . . . . . . . . . . . . . . . . . .28

CLI: Assign VLAN 3 as the Default VLAN for Port 1/0/2 . . . . . . . . . . . . .28

Web Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2. . . .29

Create a MAC-Based VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

CLI: Create a MAC-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Web Interface: Assign a MAC-Based VLAN . . . . . . . . . . . . . . . . . . . . . . .31

Create a Protocol-Based VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

CLI: Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Web Interface: Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . .34

Virtual VLANs: Create an IP Subnet–Based VLAN . . . . . . . . . . . . . . . . . . . . . 37

CLI: Create an IP Subnet–Based VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . .38

Web Interface: Create an IP Subnet–Based VLAN . . . . . . . . . . . . . . . . . .38

Voice VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

CLI: Configure Voice VLAN and Prioritize Voice Traffic . . . . . . . . . . . . . .41

Web Interface: Configure Voice VLAN and Prioritize Voice Traffic . . . .43

Configure GARP VLAN Registration Protocol . . . . . . . . . . . . . . . . . . . . . . . .48

CLI: Enable GVRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Web Interface: Configure GVRP on switch A . . . . . . . . . . . . . . . . . . . . . .51

Web Interface: Configure GVRP on Switch B . . . . . . . . . . . . . . . . . . . . . .53

Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Assign Private-VLAN Types (Primary, Isolated, Community) . . . . . . . . . . . . 56

CLI: Assign Private-VLAN Type (Primary, Isolated, Community). . . . . . .56

Web Interface: Assign Private-VLAN Type (Primary,

Isolated, Community) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Managed Switches

Configure Private-VLAN Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

CLI: Configure Private-VLAN Association . . . . . . . . . . . . . . . . . . . . . . . . .58

Web Interface: Configure Private-VLAN Association . . . . . . . . . . . . . . . .58

Configure Private-VLAN Port Mode (Promiscuous, Host) . . . . . . . . . . . . . .60

CLI: Configure Private-VLAN Port Mode (Promiscuous, Host) . . . . . . . .60

Web Interface: Configure Private-VLAN Port Mode

(Promiscuous, Host). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Configure Private-VLAN Host Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

CLI: Configure Private-VLAN Host Ports. . . . . . . . . . . . . . . . . . . . . . . . . . .62

Web Interface: Assign Private-VLAN Port Host Ports . . . . . . . . . . . . . . . .62

Map Private-VLAN Promiscuous Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

CLI: Map Private-VLAN Promiscuous Port . . . . . . . . . . . . . . . . . . . . . . . . .63

Web Interface: Map Private-VLAN Promiscuous Port. . . . . . . . . . . . . . . .63

VLAN Access Ports and Trunk Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

CLI: Configure a VLAN Trunk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

Web Interface: Configure a VLAN Trunk . . . . . . . . . . . . . . . . . . . . . . . . . .66

Chapter 3 LAGs

Link Aggregation Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Add Ports to LAGs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

CLI: Add Ports to the LAGs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

Web Interface: Add Ports to LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

Chapter 4 MLAGs

Multichassis Link Aggregation Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . .76

Create an MLAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79

CLI: Create an MLAG on LAG2 and LAG3 . . . . . . . . . . . . . . . . . . . . . . . . .79

Web Interface: Create an MLAG on LAG2, LAG3, and LAG4. . . . . . . . .82

Enable Static Routing on MLAG Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . .85

CLI: Enable Static Routing on MLAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85

Web Interface: Enable Routing on MLAG Interfaces . . . . . . . . . . . . . . . .92

Enable DCPDP on MLAG Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

CLI: Configure the DCPDP on the MLAG Interfaces . . . . . . . . . . . . . . . .97

Web Interface: Configure the DCPDP on MLAG Interfaces . . . . . . . . . .98

Troubleshoot the MLAG Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

The Creation of an MLAG Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Traffic Through an MLAG Is Not Forwarded Normally. . . . . . . . . . . . . 102

A Ping to a VRRP Virtual IP Address Fails. . . . . . . . . . . . . . . . . . . . . . . . 102

The VRRP Is Not in the Master State on the Primary or

Secondary Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

DCPDP Does Not Detect the Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Chapter 5 Port Routing

Port Routing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Port Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Enable Routing for the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106

Software Administration Manual5

Managed Switches

CLI: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Web Interface: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . 107

Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

CLI: Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . . . . . . 108

Web Interface: Enable Routing for Ports on the Switch. . . . . . . . . . . . 108

Add a Default Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110

CLI: Add a Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Web Interface: Add a Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Add a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

CLI: Add a Static Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Web Interface: Add a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Chapter 6 VLAN Routing

VLAN Routing Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

CLI: Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Web Interface: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Set Up VLAN Routing for the VLANs and the Switch . . . . . . . . . . . . . . . . 120

CLI: Set Up VLAN Routing for the VLANs and the Switch. . . . . . . . . . 120

Web Interface: Set Up VLAN Routing for the VLANs and the Switch 121

Chapter 7 RIP

Routing Information Protocol Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124

CLI: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Web Interface: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . 124

Enable Routing for Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

CLI: Enable Routing and Assigning IP Addresses for Ports

1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Web Interface: Enable Routing for the Ports. . . . . . . . . . . . . . . . . . . . . 125

Enable RIP on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

CLI: Enable RIP on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Web Interface: Enable RIP on the Switch. . . . . . . . . . . . . . . . . . . . . . . . 127

Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

CLI: Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . 128

Web Interface: Enable RIP for Ports 1/0/2 and 1/0/3. . . . . . . . . . . . . . 128

Configure VLAN Routing with RIP Support . . . . . . . . . . . . . . . . . . . . . . . . .129

CLI: Configure VLAN Routing with RIP Support . . . . . . . . . . . . . . . . . . 129

Web Interface: Configure VLAN Routing with RIP Support . . . . . . . . 131

Chapter 8 OSPF

Open Shortest Path First Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Inter-area Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

CLI: Configure an Inter-area Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Web Interface: Configure an Inter-area Router . . . . . . . . . . . . . . . . . . 138

OSPF on a Border Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Software Administration Manual6

Managed Switches

CLI: Configure OSPF on a Border Router . . . . . . . . . . . . . . . . . . . . . . . 142

Web Interface: Configure OSPF on a Border Router. . . . . . . . . . . . . . 143

Stub Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148

CLI: Configure Area 1 as a Stub Area on A1 . . . . . . . . . . . . . . . . . . . . . 148

Web Interface: Configure Area 1 as a Stub Area on A1 . . . . . . . . . . . 150

CLI: Configure Area 1 as a Stub Area on A2 . . . . . . . . . . . . . . . . . . . . . 154

Web Interface: Configure Area 1 as a Stub Area on A2 . . . . . . . . . . . 155

NSSA Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157

CLI: Configure Area 1 as an NSSA Area. . . . . . . . . . . . . . . . . . . . . . . . . 157

Web Interface: Configure Area 1 as an NSSA Area on A1 . . . . . . . . . 159

CLI: Configure Area 1 as an NSSA Area on A2 . . . . . . . . . . . . . . . . . . . 162

Web Interface: Configure Area 1 as an NSSA Area on A2 . . . . . . . . . 164

VLAN Routing OSPF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168

CLI: Configure VLAN Routing OSPF. . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Web Interface: Configure VLAN Routing OSPF . . . . . . . . . . . . . . . . . . 171

OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173

CLI: Configure OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Web Interface: Configure OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Chapter 9 BGP

Border Gateway Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Example1: Configure BGP on Switches A, B, and C in the Same AS. . . 181

Configure BGP on Switch A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Configure BGP on Switch B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Configure BGP on Switch C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Check the BGP Neighbor Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Example 2: Create eBGP on Switches A and D . . . . . . . . . . . . . . . . . . . . . .186

Configure eBGP on Switch A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Configure eBGP on Switch D. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Check the eBGP Neighbor Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Example 3: Create an iBGP Connection with a Loopback Interface . . . .189

Configure iBGP on Switch D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Configure eBGP on Switch E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Check the iBGP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Example 4: Configure Reflection for iBGP . . . . . . . . . . . . . . . . . . . . . . . . . .192

Configure RR on Switch A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Configure RR on Switch B and C. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Example 5: Filter Routes with NLRI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193

Example 6: Filter Routes with AS_PATH . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

Example 7: Filter Routes with Route Maps . . . . . . . . . . . . . . . . . . . . . . . . . .196

Example 8: Exchange IPv6 Routes over an IPv4 BGP . . . . . . . . . . . . . . . . .198

Configure IPv6 BGP on Switch A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Configure IPv6 BGP on Switch B. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Chapter 10 PBR

Policy-Based Routing Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Route-Map Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201

Software Administration Manual7

Managed Switches

PBR Processing Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

PBR Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203

PBR Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204

Chapter 11 ARP

Proxy ARP Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

Proxy ARP Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

CLI: show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

CLI: ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Web Interface: Configure Proxy ARP on a Port . . . . . . . . . . . . . . . . . . . 209

Chapter 12 VRRP

Virtual Router Redundancy Protocol Concepts. . . . . . . . . . . . . . . . . . . . . 212

VRRP on a Master Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

CLI: Configure VRRP on a Master Router. . . . . . . . . . . . . . . . . . . . . . . . 213

Web Interface: Configure VRRP on a Master Router . . . . . . . . . . . . . . 214

VRRP on a Backup Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

CLI: Configure VRRP on a Backup Router . . . . . . . . . . . . . . . . . . . . . . . 215

Web Interface: Configure VRRP on a Backup Router. . . . . . . . . . . . . . 216

Chapter 13 ACLs

Access Control List Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

MAC ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

ACL Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220

CLI: Set Up an IP ACL with Two Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Web Interface: Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . . 222

One-Way Access Using a TCP Flag in an ACL . . . . . . . . . . . . . . . . . . . . . . .225

CLI: Configure One-Way Access Using a TCP Flag in an ACL . . . . . . 225

Web Interface: Configure One-Way Access Using a TCP

Flag in an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Use ACLs to Configure Isolated VLANs on a Layer 3 Switch . . . . . . . . . 240

CLI: Configure One-Way Access Using a TCP Flag in ACL

Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Web Interface: Configure One-Way Access Using a TCP

Flag in an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Set up a MAC ACL with Two Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251

CLI: Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . 251

Web Interface: Set up a MAC ACL with Two Rules. . . . . . . . . . . . . . . . 252

ACL Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254

CLI: Configure ACL Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Web Interface: Configure ACL Mirroring. . . . . . . . . . . . . . . . . . . . . . . . 257

ACL Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260

CLI: Redirect a Traffic Stream . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Web Interface: Redirect a Traffic Stream . . . . . . . . . . . . . . . . . . . . . . . . 262

Software Administration Manual8

Managed Switches

Configure a Management ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266

Example 1: Permit Any Host to Access the Switch Through

Telnet or HTTP:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Example 2: Permit a Specific Host to Access the Switch

Through SSH Only. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Configure IPv6 ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267

CLI: Configure an IPv6 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Web Interface: Configure an IPv6 ACL. . . . . . . . . . . . . . . . . . . . . . . . . . 269

Chapter 14 CoS Queuing

CoS Queuing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

CoS Queue Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276

Trusted Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Untrusted Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

CoS Queue Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277

Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

CLI: Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Web Interface: Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . . . 278

Set classofservice Trust Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278

CLI: Set classofservice Trust Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Web Interface: Set classofservice Trust Mode . . . . . . . . . . . . . . . . . . . 279

Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode279

CLI: Configure Cos-queue Min-bandwidth and Strict Priority

Scheduler Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Web Interface: Configure CoS-queue Min-bandwidth and

Strict Priority Scheduler Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Set CoS Trust Mode for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281

CLI: Set CoS Trust Mode for an Interface. . . . . . . . . . . . . . . . . . . . . . . . 282

Web Interface: Set CoS Trust Mode for an Interface . . . . . . . . . . . . . . 282

Configure Traffic Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282

CLI: Configure traffic-shape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

Web Interface: Configure Traffic Shaping . . . . . . . . . . . . . . . . . . . . . . . 283

Chapter 15 DiffServ

Differentiated Services Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286

CLI: Configure DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286

Web Interface: Configure DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

DiffServ for VoIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302

CLI: Configure DiffServ for VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Web Interface: Diffserv for VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309

Protocol-Based Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

OUI-Based Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

Example 1: Enable Protocol-Based Auto VoIP . . . . . . . . . . . . . . . . . . . 311

Example 2: Change the Queue of Protocol-Based Auto VoIP . . . . . . 312

Example 3: Create an Auto VoIP VLAN . . . . . . . . . . . . . . . . . . . . . . . . . 314

Software Administration Manual9

Managed Switches

DiffServ for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316

CLI: Configure DiffServ for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Web Interface: Configure DiffServ for IPv6 . . . . . . . . . . . . . . . . . . . . . . 317

Color Conform Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

CLI: Configure a Color Conform Policy . . . . . . . . . . . . . . . . . . . . . . . . . 324

Web Interface: Configure a Color Conform Policy. . . . . . . . . . . . . . . . 325

Chapter 16 IGMP Snooping and Querier

Internet Group Management Protocol Concepts. . . . . . . . . . . . . . . . . . . 332

IGMP Snooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .332

CLI: Enable IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

Web Interface: Enable IGMP Snooping. . . . . . . . . . . . . . . . . . . . . . . . . 332

Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .333

CLI: Show igmpsnooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Web Interface: Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Show mac-address-table igmpsnooping. . . . . . . . . . . . . . . . . . . . . . . . . . 334

CLI for IGMPv1 and IGMPv2: Show mac-address-table igmpsnooping334

CLI for IGMPv3: show igmpsnooping ssm entries . . . . . . . . . . . . . . . . 334

Web Interface: Show mac-address-table igmpsnooping. . . . . . . . . . 335

External Multicast Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335

CLI: Configure the Switch with an External Multicast Router . . . . . . . 335

Web Interface: Configure the Switch with an External Multicast Router335

Multicast Router Using VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

CLI: Configure the Switch with a Multicast Router Using VLAN. . . . . 337

Web Interface: Configure the Switch with a Multicast Router

Using VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

IGMP Querier Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Enable IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

CLI: Enable IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Web Interface: Enable IGMP Querier. . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Show IGMP Querier Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341

CLI: Show IGMP Querier Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Web Interface: Show IGMP Querier Status . . . . . . . . . . . . . . . . . . . . . . 342

Chapter 17 MVR

Multicast VLAN Registration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

Configure MVR in Compatible Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345

CLI: Configure MVR in Compatible Mode. . . . . . . . . . . . . . . . . . . . . . . 346

Web Interface: Configure MVR in Compatible Mode . . . . . . . . . . . . . 348

Configure MVR in Dynamic Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .351

CLI: Configure MVR in Dynamic Mode . . . . . . . . . . . . . . . . . . . . . . . . . 351

Web Interface: Configure MVR in Dynamic Mode . . . . . . . . . . . . . . . . 354

Chapter 18 Security Management

Port Security Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . . . . . . . . . . . . . 360

Software Administration Manual10

Managed Switches

CLI: Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . . . . . . . 360

Web Interface: Set the Dynamic and Static Limit on Port 1/0/1 . . . . . 360

Convert the Dynamic Address Learned from 1/0/1 to a Static Address .361

CLI: Convert the Dynamic Address Learned from 1/0/1 to the

Static Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Web Interface: Convert the Dynamic Address Learned from

1/0/1 to the Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Create a Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .363

CLI: Create a Static Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

Web Interface: Create a Static Address . . . . . . . . . . . . . . . . . . . . . . . . . 364

Protected Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364

CLI: Configure a Protected Port to Isolate Ports on the Switch. . . . . . 365

Web Interface: Configure a Protected Port to Isolate Ports

on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

802.1x Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370

CLI: Authenticating dot1x Users by a RADIUS Server . . . . . . . . . . . . . 371

Web Interface: Authenticating dot1x Users by a RADIUS Server . . . 372

Create a Guest VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

CLI: Create a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Web Interface: Create a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

Assign VLANs Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382

CLI: Assign VLANS Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383

Web Interface: Assign VLANS Using RADIUS . . . . . . . . . . . . . . . . . . . . 386

Dynamic ARP Inspection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

CLI: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . 390

Web Interface: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . 391

Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394

CLI: Configure Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394

Web Interface: Configure Static Mapping. . . . . . . . . . . . . . . . . . . . . . . 395

DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .396

CLI: Configure DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397

Web Interface: Configure DHCP Snooping . . . . . . . . . . . . . . . . . . . . . 398

Find a Rogue DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401

CLI: Find a Rogue DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401

Web Interface: Find a Rogue DHCP server . . . . . . . . . . . . . . . . . . . . . . 402

Enter Static Binding into the Binding Database . . . . . . . . . . . . . . . . . . . . .404

CLI: Enter Static Binding into the Binding Database . . . . . . . . . . . . . . 404

Web Interface: Enter Static Binding into the Binding Database . . . . 404

Maximum Rate of DHCP Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .405

CLI: Configure the Maximum Rate of DHCP Messages. . . . . . . . . . . . 405

Web Interface: Configure the Maximum Rate of DHCP Messages . . 405

IP Source Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .406

CLI: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . 408

Web Interface: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . 409

Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .412

Command Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

CLI: Configure Command Authorization by a TACACS+ Server . . . . 413

Exec Authorization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

Software Administration Manual11

Managed Switches

CLI: Configure Exec Command Authorization by a TACACS+ Server 414

Accounting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414

CLI: Configure Telnet Command Accounting by a TACACS+ Server 415

Configure Telnet EXEC Accounting by RADIUS Server. . . . . . . . . . . . 416

Use the Authentication Manager to Set Up an

Authentication Method List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Configure a Dot1x–MAB Authentication Method List with

Dot1x–MAB Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Configure a Dot1x–MAB Authentication Method List with

MAB–Dot1x Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Configure a Dot1x, MAB, and Captive Portal Authentication

Method List with Default Priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420

Chapter 19 MAB

MAC Authentication Bypass Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 423

Configure MAC Authentication Bypass on a Switch . . . . . . . . . . . . . . . . . .425

Configure a Network Policy Server on a Microsoft

Windows Server 2008 R2 or Later Server . . . . . . . . . . . . . . . . . . . . . . . . . 430

Configure an Active Directory on a Microsoft Windows

Server 2008 R2 or Later Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .438

Reduce the MAB Authentication Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . .439

CLI: Reduce the Authentication Time for MAB . . . . . . . . . . . . . . . . . . . 440

Web Interface: Reduce the Authentication Time for MAB . . . . . . . . . 440

Chapter 20 SNTP

Simple Network Time Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . . 442

Show SNTP (CLI Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442

show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

show sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

show sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444

CLI: Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

Web Interface: Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

Set the Time Zone (CLI Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .447

CLI: Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Web Interface: Set the Named SNTP Server. . . . . . . . . . . . . . . . . . . . . 448

Chapter 21 Tools

Traceroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

CLI: Traceroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Web Interface: Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453

Configuration Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .453

script Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455

script list Command and script delete Command. . . . . . . . . . . . . . . . 455

script apply running-config.scr Command . . . . . . . . . . . . . . . . . . . . . . 455

Software Administration Manual12

Managed Switches

Create a Configuration Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456

Upload a Configuration Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456

Pre-Login Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

Create a Pre-Login Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

Port Mirroring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .458

CLI: Specify the Source (Mirrored) Ports and Destination (Probe). . . 458

Web Interface: Specify the Source (Mirrored) Ports and

Destination (Probe) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Remote SPAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459

CLI: Enable RSPAN on a Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

Dual Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

CLI: Download a Backup Image and Make It Active . . . . . . . . . . . . . . 464

Web Interface: Download a Backup Image and Make It Active. . . . . 465

Outbound Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466

CLI: show network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

CLI: show telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

CLI: transport output telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

Web Interface: Configure Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

CLI: Configure the Session Limit and Session Time-out . . . . . . . . . . . 469

Web Interface: Configure the Session Time-out. . . . . . . . . . . . . . . . . . 469

Full Memory Dump. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470

Chapter 22 Syslog

Syslog Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Show Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473

CLI: Show Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Web Interface: Show Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Show Logging Buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

CLI: Show Logging Buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

Web Interface: Show Logging Buffered. . . . . . . . . . . . . . . . . . . . . . . . . 477

Show Logging Traplogs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .477

CLI: Show Logging Traplogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

Web Interface: Show Logging Trap Logs. . . . . . . . . . . . . . . . . . . . . . . . 478

Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .478

CLI: Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Web Interface: Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Configure Logging for a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479

CLI: Configure Logging for the Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Web Interface: Configure Logging for the Port . . . . . . . . . . . . . . . . . . 480

Email Alerting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .481

CLI: Send Log Messages to admin@switch.com Using

Account aaaa@netgear.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

Chapter 23 Chassis Switch Management

Chassis Switch Management and Connectivity . . . . . . . . . . . . . . . . . . . . 485

Supervisor and Chassis Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485

Supervisor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485

Software Administration Manual13

Managed Switches

Chassis Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Chassis Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .486

Code Mismatch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Configuration Mismatch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

Migrate Configuration with a Firmware Upgrade . . . . . . . . . . . . . . . . 487

Add, Remove, or Replace a Chassis Member . . . . . . . . . . . . . . . . . . . . . . .488

Add a Blade to an Operating Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Remove a Blade from the Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Replace a Chassis Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

Chassis Switch Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489

Preconfigure a Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489

Move the Supervisor to a Different Blade. . . . . . . . . . . . . . . . . . . . . . . . . . .490

CLI: Move the Supervisor to a Different Blade . . . . . . . . . . . . . . . . . . . 491

Local Browser UI: Move the Supervisor to a Different Blade . . . . . . . 492

Chapter 24 Switch Stacks

Switch Stack Management and Connectivity . . . . . . . . . . . . . . . . . . . . . . 494

Stack Master and Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .494

Stack Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Stack Member Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Stack Member Priority Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Install and Power-up a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .496

Compatible Switch Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Install a Switch Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497

Switch Firmware and Firmware Mismatch . . . . . . . . . . . . . . . . . . . . . . . . . 498

Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498

Migrate Configuration with a Firmware Upgrade . . . . . . . . . . . . . . . . 499

Web Interface: Copy Master Firmware to a Stack Member . . . . . . . . 499

Stack Switches Using Ethernet Ports and a Stack Cable. . . . . . . . . . . . . . .500

CLI: Configure the Stack Ports as Ethernet Ports . . . . . . . . . . . . . . . . . 500

Web Interface: Configure the Stack Ports as Ethernet Ports. . . . . . . . 502

Stack Switches Using 10G Fiber. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .504

CLI: Stack Switches Using 10G Fiber . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

Web Interface: Stack Switches Using 10G Fiber . . . . . . . . . . . . . . . . . 506

Add, Remove, or Replace a Stack Member . . . . . . . . . . . . . . . . . . . . . . . . .507

Add Switches to an Operating Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

Remove a Switch from a Stack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508

Replace a Stack Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509

Switch Stack Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .509

Preconfigure a Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .510

Renumber Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512

CLI: Renumber Stack Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512

Web Interface: Renumber Stack Members . . . . . . . . . . . . . . . . . . . . . . 513

Move the Stack Master to a Different Unit. . . . . . . . . . . . . . . . . . . . . . . . . 514

CLI: Move the Stack Master to a Different Unit. . . . . . . . . . . . . . . . . . . 514

Software Administration Manual14

Managed Switches

Web Interface: Move the Stack Master to a Different Unit . . . . . . . . . 514

Chapter 25 SNMP

Add a New Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

CLI: Add a New Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

Web Interface: Add a New Community . . . . . . . . . . . . . . . . . . . . . . . . . 517

Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518

CLI: Enable SNMP Trap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518

Web Interface: Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518

SNMP Version 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .519

CLI: Configure SNMPv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519

Web Interface: Configure SNMPv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520

sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521

CLI: Configure Statistical Packet-Based Sampling of Packet

Flows with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522

Web Interface: Configure Statistical Packet-based Sampling

with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523

Time-Based Sampling of Counters with sFlow . . . . . . . . . . . . . . . . . . . . . .524

CLI: Configure Time-Based Sampling of Counters with sFlow . . . . . 524

Web Interface: Configure Time-Based Sampling of Counters

with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525

Chapter 26 DNS

Domain Name System Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527

Specify Two DNS Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527

CLI: Specify Two DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527

Web Interface: Specify Two DNS Servers . . . . . . . . . . . . . . . . . . . . . . . 527

Manually Add a Host Name and an IP Address. . . . . . . . . . . . . . . . . . . . . .528

CLI: Manually Add a Host Name and an IP Address . . . . . . . . . . . . . . 529

Web Interface: Manually Add a Host Name and an IP Address. . . . . 529

Chapter 27 DHCP Server

Dynamic Host Configuration Protocol Concepts . . . . . . . . . . . . . . . . . . . 531

Configure a DHCP Server in Dynamic Mode . . . . . . . . . . . . . . . . . . . . . . . .531

CLI: Configure a DHCP Server in Dynamic Mode . . . . . . . . . . . . . . . . 531

Web Interface: Configure a DHCP Server in Dynamic Mode . . . . . . . 532

Configure a DHCP Server that Assigns a Fixed IP Address . . . . . . . . . . . .534

CLI: Configure a DHCP Server that Assigns a Fixed IP Address . . . . 534

Web Interface: Configure a DHCP Server that Assigns a Fixed IP Address535

Chapter 28 DHCPv6 Server

Dynamic Host Configuration Protocol Version 6 Concepts . . . . . . . . . . 538

CLI: Configure DHCPv6 Prefix Delegation . . . . . . . . . . . . . . . . . . . . . . . . . .539

Web Interface: Configure DHCPv6 Prefix Delegation . . . . . . . . . . . . . . . .540

Configure a Stateless DHCPv6 Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .544

CLI: Configure a Stateless DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . 544

Software Administration Manual15

Managed Switches

Web Interface: Configure a Stateless DHCPv6 Server . . . . . . . . . . . . 545

Configure a Stateful DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .548

CLI: Configure a Stateful DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . . 548

Web Interface: Configure a Stateful DHCPv6 Server. . . . . . . . . . . . . . 549

Chapter 29 DVLANs and Private VLANs

Double VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554

CLI: Enable a Double VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555

Web Interface: Enable a Double VLAN . . . . . . . . . . . . . . . . . . . . . . . . . 555

Private VLAN Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558

CLI: Create a Private VLAN Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559

Web Interface: Create a Private VLAN Group. . . . . . . . . . . . . . . . . . . . 560

Chapter 30 STP

Spanning Tree Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565

Configure Classic STP (802.1d) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .565

CLI: Configure Classic STP (802.1d). . . . . . . . . . . . . . . . . . . . . . . . . . . . 565

Web Interface: Configure Classic STP (802.1d) . . . . . . . . . . . . . . . . . . 565

Configure Rapid STP (802.1w) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .566

CLI: Configure Rapid STP (802.1w). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566

Web Interface: Configure Rapid STP (802.1w) . . . . . . . . . . . . . . . . . . . 567

Configure Multiple STP (802.1s). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568

CLI: Configure Multiple STP (802.1s) . . . . . . . . . . . . . . . . . . . . . . . . . . . 568

Web Interface: Configure Multiple STP (802.1s) . . . . . . . . . . . . . . . . . 569

Configure PVSTP and PVRSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570

CLI: Configure PVSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572

Web Interface: Configure PVSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575

Chapter 31 Tunnels for IPv6

Tunnel Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580

Create a 6in4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .580

CLI: Create a 6in4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581

Web Interface: Create a 6in4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . 582

Create a 6to4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .586

CLI: Create a 6to4 Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587

Web Interface: Create a 6to4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . 592

Chapter 32 IPv6 Interface Configuration

Create an IPv6 Routing Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606

CLI: Create an IPv6 Routing Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 606

Web Interface: Create an IPv6 Routing Interface . . . . . . . . . . . . . . . . . 607

Create an IPv6 Routing VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609

CLI: Create an IPv6 Routing VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609

Web Interface: Create an IPv6 VLAN Routing Interface . . . . . . . . . . . 611

Configure DHCPv6 Mode on the Routing Interface . . . . . . . . . . . . . . . . . .613

Software Administration Manual16

Managed Switches

CLI: Configure DHCPv6 mode on routing interface . . . . . . . . . . . . . . 614

Web Interface: Configure DHCPv6 mode on routing interface . . . . . 615

Chapter 33 PIM

Protocol Independent Multicast Concepts . . . . . . . . . . . . . . . . . . . . . . . . 618

PIM-DM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .618

CLI: Configure PIM-DM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620

Web Interface: Configure PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625

PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .642

CLI: Configure PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643

Web Interface: Configure PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648

Chapter 34 DHCP L2 Relay and L3 Relay

DHCP L2 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 668

CLI: Enable DHCP L2 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 668

Web Interface: Enable DHCP L2 Relay. . . . . . . . . . . . . . . . . . . . . . . . . . 670

DHCP L3 Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .673

Configure the DHCP Server Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673

Configure a DHCP L3 Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678

Chapter 35 MLD

Multicast Listener Discovery Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 684

Configure MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .685

CLI: Configure MLD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 686

Web Interface: Configure MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689

MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .698

CLI: Configure MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699

Web Interface: Configure MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . 700

Chapter 36 DVMRP

Distance Vector Multicast Routing Protocol Concepts . . . . . . . . . . . . . . 703

CLI: Configure DVMRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .704

Web Interface: Configure DVMRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .710

Chapter 37 Captive Portal

Captive Portal Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721

Captive Portal Configuration Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . .722

Enable a Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .722

CLI: Enable a Captive Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722

Web Interface: Enable a Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . 723

Client Access, Authentication, and Control . . . . . . . . . . . . . . . . . . . . . . . . .724

Block a Captive Portal Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .724

CLI: Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724

Web Interface: Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . 725

Local Authorization, Create Users and Groups . . . . . . . . . . . . . . . . . . . . . .725

Software Administration Manual17

Managed Switches

CLI: Create Users and Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 725

Web Interface: Create Users and Groups . . . . . . . . . . . . . . . . . . . . . . . 726

Remote Authorization (RADIUS) User Configuration . . . . . . . . . . . . . . . . .727

CLI: Configure RADIUS as the Verification Mode. . . . . . . . . . . . . . . . . 728

Web Interface: Configure RADIUS as the Verification Mode . . . . . . . 729

SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729

Chapter 38 iSCSI

iSCSI Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 731

Enable iSCSI Awareness with VLAN Priority Tag. . . . . . . . . . . . . . . . . . . . 732

CLI: Enable iSCSI Awareness with VLAN Priority Tag. . . . . . . . . . . . . . 732

Web Interface: Enable iSCSI Awareness with VLAN Priority Tag . . . . 732

Enable iSCSI Awareness with DSCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .733

CLI: Enable iSCSI Awareness with DSCP . . . . . . . . . . . . . . . . . . . . . . . . 733

Web Interface: Enable iSCSI Awareness with DSCP . . . . . . . . . . . . . . 733

Set the iSCSI Target Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .734

CLI: Set iSCSI Target Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734

Web Interface: Set iSCSI Target Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . 734

Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735

CLI: Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735

Web Interface: Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . 736

Chapter 39 Override Factory Defaults

Override the Factory Default Configuration File . . . . . . . . . . . . . . . . . . . 738

CLI: Install Another Factory Defaults Configuration File . . . . . . . . . . . 738

CLI: Erase the Old Factory Default Configuration File. . . . . . . . . . . . . 739

Chapter 40 NETGEAR SFP

Connect with NETGEAR SFP AGM731F. . . . . . . . . . . . . . . . . . . . . . . . . . . 741

Software Administration Manual18

1Documentation Resources

Before installation, read the release notes for your switch. The release notes detail the platform-specific functionality of the switching, routing, SNMP, configuration, management, and other packages. In addition, see the following publications:

• The NETGEAR installation guide for your switch

• Managed Switch Hardware Installation Guide

• Managed Switch Software Setup Manual

• ProSAFE Managed Switch Command Line Interface (CLI) User Manual

• ProSAFE Managed Switch Web Management User Manual

Note: For more information about the topics covered in this manual, visit the

support website at http://support.netgear.com.

Note: Firmware updates with new features and bug fixes are made available

from time to time on can regularly check the site and download new firmware, or you can check for and download new firmware manually. If the features or behavior of your product do not match what is described in this guide, you might need to update your firmware.

downloadcenter.netgear.com. Some products

2VLANs

Virtual LANs

This chapter includes the following sections:

• VLAN Concepts

• Create Two VLANs

• Assign Ports to VLAN 2

• Create Three VLANs

• Assign Ports to VLAN 3

• Assign VLAN 3 as the Default VLAN for Port 1/0/2

• Create a MAC-Based VLAN

• Create a Protocol-Based VLAN

• Virtual VLANs: Create an IP Subnet–Based VLAN

• Voice VLANs

• Configure GARP VLAN Registration Protocol

• Private VLANs

• Assign Private-VLAN Types (Primary, Isolated, Community)

• Configure Private-VLAN Association

• Configure Private-VLAN Port Mode (Promiscuous, Host)

• Configure Private-VLAN Host Ports

• Map Private-VLAN Promiscuous Port

• VLAN Access Ports and Trunk Ports

Managed Switches

VLAN Concepts

Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast. Like a router, it partitions the network into logical segments, which provides better administration, security, and management of multicast traffic.

A VLAN is a set of end stations and the switch ports that connect them. You can have

ferent reasons for the logical division, such as department or project membership. The only

dif physical requirement is that the end station and the port to which it is connected both belong to the same VLAN.

Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. the VLAN portion of the tag, in which case the first switch port to receive the packet can either reject it or insert a tag using its default VLAN ID. A given port can handle traffic for more than one VLAN, but it can support only one default VLAN ID.

The Private Edge VLAN feature lets you set protection between ports located on the switch. This means that a protected port cannot forward traf switch. The feature does not provide protection between ports located on different switches.

An end station might omit the tag, or

fic to another protected port on the same

The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. Port 1/0/2 handles traf

fic for both VLANs, while port 1/0/1 is a member of VLAN 2 only, and ports 1/0/3 and 1/0/4 are members of VLAN 3 only. The script following the diagram shows the commands you would use to configure the switch as shown in the diagram.

Layer 3 switch

Port 1/0/2 VLAN Router Port 1/3/1

192.150.3.1

Port 1/0/1

Layer 2 Switch

VLAN 10 VLAN 20

Port 1/0/3 VLAN Router Port 1/3/2

192.150.4.1

Layer 2 Switch

Figure 1. Switch with 4 ports configured for traffic from 2 VLANs

VLANs Software Administration Manual21

Managed Switches

The following examples show how to create VLANs, assign ports to the VLANs, and assign a VLAN as the default VLAN to a port.

Create Two VLANs

The example is shown as CLI commands and as a web interface procedure.

CLI: Create Two VLANs

Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank.

(Netgear Switch) #vlan database

(Netgear Switch) (Vlan)#vlan 2

(Netgear Switch) (Vlan)#vlan 3

(Netgear Switch) (Vlan)#exit

Web Interface: Create Two VLANs

1. Create VLAN2. a. Select Switching > VLAN > Basic > VLAN Configuration.

A screen similar to the following displays.

b. Enter the following information:

• In the VLAN ID field, enter 2.

• In the VLAN Name field, enter VLAN2.

• In the VLAN T

ype list, select Static.

c. Click Add.

VLANs Software Administration Manual22

Managed Switches

2. Create VLAN3. a. Select Switching > VLAN > Basic > VLAN Configuration.

A screen similar to the following displays.

b. Enter the following information:

• In the VLAN ID field, enter 3.

• In the VLAN Name field, enter VLAN3.

• In the VLAN T

ype list, select Static.

c. Click Add.

Assign Ports to VLAN 2

This sequence shows how to assign ports to VLAN2, and to specify that frames will always be transmitted tagged from all member ports and that untagged frames will be rejected on receipt.

CLI: Assign Ports to VLAN 2

(Netgear Switch) #config

(Netgear Switch) (Config)#interface range 1/0/1-1/0/2

(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 2

(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly

(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2

(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit

(Netgear Switch) (Config)#vlan port tagging all 2

(Netgear Switch) (Config)#

VLANs Software Administration Manual23

Managed Switches

Web Interface: Assign Ports to VLAN 2

1. Assign ports to VLAN2. a. Select Switching > VLAN >

A screen similar to the following displays.

b. In the VLAN ID list, select 2. c. Click Unit 1. d. Click the gray boxes under ports 1 and 2 until T displays.

The ports display.

Advanced > VLAN Membership.

The T specifies that the egress packet is tagged for the ports.

e. Click Apply to save the settings.

2. Specify that only tagged frames will be accepted on ports 1/0/1 and 1/0/2. a. Select Switching > VLAN >

A screen similar to the following displays.

b. Under PVID Configuration, scroll down and select the check box for Interface 1/0/1.

Advanced > Port PVID Configuration.

Then scroll down and select the Interface 1/0/2 check box.

c. Enter the following information:

VLANs Software Administration Manual24

Managed Switches

• In the Acceptable Frame Type polyhedron list, select VLAN Only.

• In the PVID (1 to 4093) field, enter 2.

d. Click Apply to save the settings.

Create Three VLANs

The example is shown as CLI commands and as a web interface procedure.

CLI: Create Three VLANs

Use the following commands to create three VLANs and to assign the VLAN IDs while leaving the names blank.

(Netgear Switch) #vlan database

(Netgear Switch) (Vlan)#vlan 100

(Netgear Switch) (Vlan)#vlan 101

(Netgear Switch) (Vlan)#vlan 102

(Netgear Switch) (Vlan)#exit

Web Interface: Create Three VLANs

1. Create VLAN100. a. Select Switching > VLAN > Basic > VLAN Configuration.

A screen similar to the following displays.

b. Enter the following information:

• In the VLAN ID field, enter 100.

• In the VLAN Name field, enter VLAN100.

VLANs Software Administration Manual25

Managed Switches

c. Click Add.

2. Create VLAN101. a. Select Switching > VLAN > Basic > VLAN Configuration.

A screen similar to the following displays.

b. Enter the following information:

• In the VLAN ID field, enter 101.

• In the VLAN Name field, enter VLAN101.

c. Click Add.

3. Create VLAN102. a. Select Switching > VLAN > Basic > VLAN Configuration.

A screen similar to the following displays.

b. Enter the following information:

• In the VLAN ID field, enter 102.

• In the VLAN Name field, enter VLAN102.

VLANs Software Administration Manual26

Managed Switches

c. Click Add.

Assign Ports to VLAN 3

This example shows how to assign the ports that will belong to VLAN 3, and to specify that untagged frames will be accepted on port 1/0/4. Note that port 1/0/2 belongs to both VLANs and that port 1/0/1 can never belong to VLAN 3.

CLI: Assign Ports to VLAN 3

(Netgear Switch) (Config)#interface range 1/0/2-1/0/4

(Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3

(Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit

(Netgear Switch) (Config)#interface 1/0/4

(Netgear Switch) (Interface 1/0/4)#vlan acceptframe all

(Netgear Switch) (Interface 1/0/4)#exit

(Netgear Switch) (Config)#exit

Web Interface: Assign Ports to VLAN 3

1. Assign ports to VLAN3. a. Select Switching > VLAN >

A screen similar to the following displays.

b. In the VLAN ID list, select 3. c. Click Unit 1. The ports display d. Click the gray boxes under ports 2, 3, and 4 until

Advanced > VLAN Membership.

T displays.

The T specifies that the egress packet is tagged for the ports.

VLANs Software Administration Manual27

Managed Switches

e. Click Apply to save the settings.

2. Specify that untagged frames will be accepted on port 1/0/4. a. Select Switching > VLAN >

A screen similar to the following displays.

b. Scroll down and select the Interface 1/0/4 check box.

Now 1/0/4 appears in the Interface field at the top.

Advanced > Port PVID Configuration.

c. In the Acceptable Frame T d. Click Apply to save the settings.

ypes list, select Admit All.

Assign VLAN 3 as the Default VLAN for Port 1/0/2

This example shows how to assign VLAN 3 as the default VLAN for port 1/0/2.

CLI: Assign VLAN 3 as the Default VLAN for Port 1/0/2

(Netgear Switch) #config

(Netgear Switch) (Config)#interface 1/0/2

(Netgear Switch) (Interface 1/0/2)#vlan pvid 3

(Netgear Switch) (Interface 1/0/2)#exit

(Netgear Switch) (Config)#exit

VLANs Software Administration Manual28

Managed Switches

Web Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2

1. Select Switching > VLAN > Advanced > Port PVID Configuration.

A screen similar to the following displays.

2. Under PVID Configuration, scroll down and select the Interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top.

3. In the PVID (1 to 4093) field, enter 3.

4. Click Apply to save the settings.

Create a MAC-Based VLAN

The MAC-based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet.

You define a MAC to VLAN mapping by configuring an entry in the MAC to VLAN table. An entry is specified using a source MAC address and the appropriate VLAN ID. The MAC to VLAN configurations are shared across all ports of the device (i.e., there is a system-wide table that has MAC address to VLAN ID mappings).

When untagged or priority tagged packets arrive at the switch and entries exist in the MAC to VLAN table, the source MAC address of the packet is looked up. If an entry is found, the corresponding VLAN ID is assigned to the packet. If the packet is already priority tagged it will maintain this value; otherwise, the priority will be set to 0 (zero). verified against the VLAN table. If the VLAN is valid, ingress processing on the packet continues; otherwise, the packet is dropped. This implies that you can configure a MAC address mapping to a VLAN that has not been created on the system.

The assigned VLAN ID is

VLANs Software Administration Manual29

Managed Switches

CLI: Create a MAC-Based VLAN

1. Create VLAN3

(Netgear Switch)#vlan database

(Netgear Switch)(Vlan)#vlan 3

(Netgear Switch)(Vlan)#exit

2. Add port 1/0/23 to VLAN3.

(Netgear Switch)#config

(Netgear Switch)(Config)#interface 1/0/23

(Netgear Switch)(Interface 1/0/23)#vlan participation include 3

(Netgear Switch)(Interface 1/0/23)#vlan pvid 3

(Netgear Switch)(Interface 1/0/23)#exit

3. Map MAC 00:00:0A:00:00:02 to VLAN3.

(Netgear Switch)(Config)#exit

(Netgear Switch)#vlan data

(Netgear Switch)(Vlan)#vlan association mac 00:00:00A:00:00:02 3

(Netgear Switch)(Vlan)#exit

4. Add all the ports to VLAN3.

(Netgear Switch)#config

(Netgear Switch)(Config)#interface range 1/0/1-1/0/28

(Netgear Switch)(conf-if-range-1/0/1-1/0/28)#vlan participation include 3

(Netgear Switch)(conf-if-range-1/0/1-1/0/28)#exit

(Netgear Switch)(Config)#exit

VLANs Software Administration Manual30

+ 711 hidden pages

Netgear M5300-28G-POE Installation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

M5300, M6100, and M7100 Series ProSAFE Managed Switches

Table of Contents

1Documentation Resources

2VLANs

VLAN Concepts

Create Two VLANs

CLI: Create Two VLANs

Web Interface: Create Two VLANs

Assign Ports to VLAN 2

CLI: Assign Ports to VLAN 2

Web Interface: Assign Ports to VLAN 2

Create Three VLANs

CLI: Create Three VLANs

Web Interface: Create Three VLANs

Assign Ports to VLAN 3

CLI: Assign Ports to VLAN 3

Web Interface: Assign Ports to VLAN 3

Assign VLAN 3 as the Default VLAN for Port 1/0/2

CLI: Assign VLAN 3 as the Default VLAN for Port 1/0/2

Web Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2

Create a MAC-Based VLAN

CLI: Create a MAC-Based VLAN