Netgear M5300-52G-POE Installation Manual [zh]
M5300, M6100, and M7100 Series ProSAFE Managed Switches
Software Administration Manual
Software Version 11.0.0
November 2015
202-11527-02
350 East Plumeria Drive
San Jose, CA 95134
USA
Managed Switches
Support
Thank you for purchasing this NETGEAR product. You can visit www.netgear.com/support to register your product, get help,
access the latest downloads and user manuals, and join our community. We recommend that you use only official NETGEAR
support r
esources.
Conformity
For the current EU Declaration of Conformity, visit http://kb.netgear.com/app/answers/detail/a_id/11621.
Compliance
For regulatory compliance information, visit http://www.netgear.com/about/regulatory.
See the regulatory compliance document before connecting the power supply.
Trademarks
© NETGEAR, Inc., NETGEAR and the NETGEAR Logo are trademarks of NETGEAR, Inc. Any non-NETGEAR trademarks are
used for reference purposes only.
Revision History
Publication
Part Number
202-11527-02 October 2015 Made minor changes to the following chapters:
202-11527-01 March 2015 Added the following chapters:
202-11460-01 October 2014 Added the following chapters:
Publication
Date
Comments
• Chapter 4, MLAGs
• Chapter 10, PBR
• Chapter 24, Switch Stacks
• Chapter 39, Override Factory Defaults
Added the following sections:
• VLAN Access Ports and Trunk Ports
• Find a Rogue DHCP Server
• Use the Authentication Manager to Set Up an Authentication Method List
• Configure a Stateful DHCPv6 Server
• Configure PVSTP and PVRSTP
• Create a 6to4 Tunnel
Made changes and minor additions to various commands.
• Chapter 9, BGP
• Chapter 10, PBR
• Chapter 40, NETGEAR SFP
Added the following sections:
• Full Memory Dump
Replaced the Switch Stack chapter with Chapter 23, Chassis Switch
Management.
Updated most of the rest of the manual.
2
Managed Switches
202-11331-01 September 2013 Added the following chapters:
• Chapter 4, MLAGs
• Chapter 19, MAB
Added or revised the following sections:
• Configure GARP VLAN Registration Protocol
• Configure a Management ACL
• Authorization and Accounting
• Auto VoIP
• Remote SPAN
202-11161-01 February 2013 Updated the document.
October 2012 Added iSCSI features.
202-11153-01 August 2012 Added Private VLAN features.
202-10515-05 August 2012 Added the MVR feature.
202-10515-05 July 2011 Added DHCPv6 and DHCPv6 mode features.
202-10515-04 November 2010 Converted the book to a new format.
202-10515-03 June 2010 Moved some content to the Software Setup Guide.
202-10515-02 Software release 8.0.2: new firmware with DHCP L3 Relay, color conform
policy
, DHCP server in dynamic mode, and configuring a stacking port as an
Ethernet port.
202-10515-01 Initial publication.
3
Table of Contents
Chapter 1 Documentation Resources
Chapter 2 VLANs
VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
CLI: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Web Interface: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Assign Ports to VLAN 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
CLI: Assign Ports to VLAN 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Web Interface: Assign Ports to VLAN 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Create Three VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
CLI: Create Three VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Web Interface: Create Three VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Assign Ports to VLAN 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
CLI: Assign Ports to VLAN 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Web Interface: Assign Ports to VLAN 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Assign VLAN 3 as the Default VLAN for Port 1/0/2 . . . . . . . . . . . . . . . . . . . . . . 28
CLI: Assign VLAN 3 as the Default VLAN for Port 1/0/2 . . . . . . . . . . . . . . . . 28
Web Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2 . . . . . . 29
Create a MAC-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
CLI: Create a MAC-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Web Interface: Assign a MAC-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
CLI: Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Web Interface: Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . 34
Virtual VLANs: Create an IP Subnet–Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . 37
CLI: Create an IP Subnet–Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Web Interface: Create an IP Subnet–Based VLAN. . . . . . . . . . . . . . . . . . . . . . 39
Voice VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
CLI: Configure Voice VLAN and Prioritize Voice Traffic. . . . . . . . . . . . . . . . . . 41
Web Interface: Configure Voice VLAN and Prioritize Voice Traffic . . . . . . . . 43
Configure GARP VLAN Registration Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
CLI: Enable GVRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Web Interface: Configure GVRP on switch A . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Web Interface: Configure GVRP on Switch B . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Assign Private-VLAN Types (Primary, Isolated, Community). . . . . . . . . . . . . . . 56
CLI: Assign Private-VLAN Type (Primary, Isolated, Community) . . . . . . . . . 56
Web Interface: Assign Private-VLAN Type (Primary,
Isolated, Community). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
4
Managed Switches
Configure Private-VLAN Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
CLI: Configure Private-VLAN Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Web Interface: Configure Private-VLAN Association . . . . . . . . . . . . . . . . . . . 58
Configure Private-VLAN Port Mode (Promiscuous, Host) . . . . . . . . . . . . . . . . . 59
CLI: Configure Private-VLAN Port Mode (Promiscuous, Host) . . . . . . . . . . . 59
Web Interface: Configure Private-VLAN Port Mode
(Promiscuous, Host). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Configure Private-VLAN Host Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
CLI: Configure Private-VLAN Host Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Web Interface: Assign Private-VLAN Port Host Ports. . . . . . . . . . . . . . . . . . . 61
Map Private-VLAN Promiscuous Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
CLI: Map Private-VLAN Promiscuous Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Web Interface: Map Private-VLAN Promiscuous Port. . . . . . . . . . . . . . . . . . . 62
VLAN Access Ports and Trunk Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
CLI: Configure a VLAN Trunk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Web Interface: Configure a VLAN Trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Chapter 3 LAGs
Link Aggregation Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Add Ports to LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
CLI: Add Ports to the LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Web Interface: Add Ports to LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Chapter 4 MLAGs
Multichassis Link Aggregation Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Create an MLAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
CLI: Create an MLAG on LAG2 and LAG3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Web Interface: Create an MLAG on LAG2, LAG3, and LAG4. . . . . . . . . . . . . 80
Enable Static Routing on MLAG Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
CLI: Enable Static Routing on MLAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Web Interface: Enable Routing on MLAG Interfaces . . . . . . . . . . . . . . . . . . . . 90
Enable DCPDP on MLAG Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
CLI: Configure the DCPDP on the MLAG Interfaces . . . . . . . . . . . . . . . . . . . . 95
Web Interface: Configure the DCPDP on MLAG Interfaces . . . . . . . . . . . . . . 96
Troubleshoot the MLAG Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
The Creation of an MLAG Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Traffic Through an MLAG Is Not Forwarded Normally . . . . . . . . . . . . . . . . .100
A Ping to a VRRP Virtual IP Address Fails. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
The VRRP Is Not in the Master State on the Primary or
Secondary Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
DCPDP Does Not Detect the Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Chapter 5 Port Routing
Port Routing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Port Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
5
Managed Switches
CLI: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Web Interface: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . 105
Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
CLI: Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Web Interface: Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . 106
Add a Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
CLI: Add a Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Web Interface: Add a Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Add a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
CLI: Add a Static Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Web Interface: Add a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Chapter 6 VLAN Routing
VLAN Routing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
CLI: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Web Interface: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Set Up VL
CLI: Set Up VLAN Routing for the VLANs and the Switch. . . . . . . . . . . . . . . 118
Web Interface: Set Up VLAN Routing for the VLANs and the Switch . . . . . 119
AN Routing for the VLANs and the Switch. . . . . . . . . . . . . . . . . . . . . 118
Chapter 7 RIP
Routing Information Protocol Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
CLI: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Web Interface: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . 122
Enable Routing for Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
CLI: Enable Routing and Assigning IP Addresses for Ports
1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Web Interface: Enable Routing for the Ports . . . . . . . . . . . . . . . . . . . . . . . . . 123
Enable RIP on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
CLI: Enable RIP on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Web Interface: Enable RIP on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
CLI: Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Web Interface: Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . 126
Configure VLAN Routing with RIP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
CLI: Configure VLAN Routing with RIP Support . . . . . . . . . . . . . . . . . . . . . . . 127
Web Interface: Configure VLAN Routing with RIP Support . . . . . . . . . . . . . 129
Chapter 8 OSPF
Open Shortest Path First Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Inter-area Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
CLI: Configure an Inter-area Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Web Interface: Configure an Inter-area Router . . . . . . . . . . . . . . . . . . . . . . . 136
OSPF on a Border Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
6
Managed Switches
CLI: Configure OSPF on a Border Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Web Interface: Configure OSPF on a Border Router . . . . . . . . . . . . . . . . . . . 141
Stub Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
CLI: Configure Area 1 as a Stub Area on A1 . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Web Interface: Configure Area 1 as a Stub Area on A1 . . . . . . . . . . . . . . . .148
CLI: Configure Area 1 as a Stub Area on A2 . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Web Interface: Configure Area 1 as a Stub Area on A2 . . . . . . . . . . . . . . . .153
NSSA Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
CLI: Configure Area 1 as an NSSA Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Web Interface: Configure Area 1 as an NSSA Area on A1. . . . . . . . . . . . . . . 157
CLI: Configure Area 1 as an NSSA Area on A2 . . . . . . . . . . . . . . . . . . . . . . . . 160
Web Interface: Configure Area 1 as an NSSA Area on A2. . . . . . . . . . . . . . . 162
VLAN Routing OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
CLI: Configure VLAN Routing OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Web Interface: Configure VLAN Routing OSPF . . . . . . . . . . . . . . . . . . . . . . .169
OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
CLI: Configure OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Web Interface: Configure OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Chapter 9 BGP
Border Gateway Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Example1: Configure BGP on Switches A, B, and C in the Same AS . . . . . . . . 179
Configure BGP on Switch A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Configure BGP on Switch B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Configure BGP on Switch C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Check the BGP Neighbor Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Example 2: Create eBGP on Switches A and D . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Configure eBGP on Switch A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Configure eBGP on Switch D. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Check the eBGP Neighbor Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Example 3: Create an iBGP Connection with a Loopback Interface. . . . . . . . . 187
Configure iBGP on Switch D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Configure eBGP on Switch E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Check the iBGP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Example 4: Configure Reflection for iBGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Configure RR on Switch A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Configure RR on Switch B and C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Example 5: Filter Routes with NLRI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Example 6: Filter Routes with AS_PATH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Example 7: Filter Routes with Route Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Example 8: Exchange IPv6 Routes over an IPv4 BGP . . . . . . . . . . . . . . . . . . . .196
Configure IPv6 BGP on Switch A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Configure IPv6 BGP on Switch B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Chapter 10 PBR
Policy-Based Routing Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Route-Map Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
7
Managed Switches
PBR Processing Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
PBR Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
PBR Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Chapter 11 ARP
Proxy ARP Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Proxy ARP Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
CLI: show ip interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
CLI: ip proxy-arp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Web Interface: Configure Proxy ARP on a Port . . . . . . . . . . . . . . . . . . . . . . . 207
Chapter 12 VRRP
Virtual Router Redundancy Protocol Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . 209
VRRP on a Master Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
CLI: Configure VRRP on a Master Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Web Interface: Configure VRRP on a Master Router. . . . . . . . . . . . . . . . . . . 211
VRRP on a Backup Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
CLI: Configure VRRP on a Backup Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Web Interface: Configure VRRP on a Backup Router. . . . . . . . . . . . . . . . . . . 213
Chapter 13 ACLs
Access Control List Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
ACL Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Set Up an IP ACL with Two Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
CLI: Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Web Interface: Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . 219
One-Way Access Using a TCP Flag in an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
CLI: Configure One-Way Access Using a TCP Flag in an ACL . . . . . . . . . . . . 222
Web Interface: Configure One-Way Access Using a TCP
Flag in an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Use ACLs to Configure Isolated VLANs on a Layer 3 Switch. . . . . . . . . . . . . . . 237
CLI: Configure One-Way Access Using a TCP Flag in ACL
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Web Interface: Configure One-Way Access Using a TCP
Flag in an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
CLI: Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Web Interface: Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . . . . . . 249
ACL Mirroring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
CLI: Configure ACL Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Web Interface: Configure ACL Mirroring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
ACL Redirect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
CLI: Redirect a Traffic Stream . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Web Interface: Redirect a Traffic Stream . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
8
Managed Switches
Configure a Management ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Example 1: Permit Any Host to Access the Switch Through
Telnet or HTTP: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Example 2: Permit a Specific Host to Access the Switch
Through SSH Only. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Configure IPv6 ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
CLI: Configure an IPv6 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Web Interface: Configure an IPv6 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Chapter 14 CoS Queuing
CoS Queuing Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
CoS Queue Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Trusted Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272
Untrusted Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
CoS Queue Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
CLI: Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Web Interface: Show classofservice Trust. . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Set classofservice Trust Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
CLI: Set classofservice Trust Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Web Interface: Set classofservice Trust Mode . . . . . . . . . . . . . . . . . . . . . . . . 275
Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode. . 275
CLI: Configure Cos-queue Min-bandwidth and Strict Priority
Scheduler Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Web Interface: Configure CoS-queue Min-bandwidth and
Strict Priority Scheduler Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Set CoS Trust Mode for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
CLI: Set CoS Trust Mode for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Web Interface: Set CoS Trust Mode for an Interface. . . . . . . . . . . . . . . . . . . 277
Configure Traffic Shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
CLI: Configure traffic-shape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Web Interface: Configure Traffic Shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Chapter 15 DiffServ
Differentiated Services Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
CLI: Configure DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Web Interface: Configure DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
DiffServ for VoIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
CLI: Configure DiffServ for VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Web Interface: Diffserv for VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305
Protocol-Based Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
OUI-Based Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Example 1: Enable Protocol-Based Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . .307
Example 2: Change the Queue of Protocol-Based Auto VoIP . . . . . . . . . . .308
Example 3: Create an Auto VoIP VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
9
Managed Switches
DiffServ for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
CLI: Configure DiffServ for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Web Interface: Configure DiffServ for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . 313
Color Conform Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
CLI: Configure a Color Conform Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Web Interface: Configure a Color Conform Policy. . . . . . . . . . . . . . . . . . . . . 321
Chapter 16 IGMP Snooping and Querier
Internet Group Management Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . 328
IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
CLI: Enable IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Web Interface: Enable IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
CLI: Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Web Interface: Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Show mac-address-table igmpsnooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
CLI for IGMPv1 and IGMPv2: Show mac-address-table igmpsnooping . . 330
CLI for IGMPv3: show igmpsnooping ssm entries . . . . . . . . . . . . . . . . . . . . . 330
Web Interface: Show mac-address-table igmpsnooping . . . . . . . . . . . . . . . 331
External Multicast Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
CLI: Configure the Switch with an External Multicast Router . . . . . . . . . . . 331
Web Interface: Configure the Switch with an External Multicast Router. . 331
Multicast Router Using VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
CLI: Configure the Switch with a Multicast Router Using VLAN . . . . . . . . . 332
Web Interface: Configure the Switch with a Multicast Router
Using VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
IGMP Querier Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Enable IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
CLI: Enable IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Web Interface: Enable IGMP Querier. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Show IGMP Querier Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
CLI: Show IGMP Querier Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Web Interface: Show IGMP Querier Status. . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Chapter 17 MVR
Multicast VLAN Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Configure MVR in Compatible Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
CLI: Configure MVR in Compatible Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Web Interface: Configure MVR in Compatible Mode. . . . . . . . . . . . . . . . . . . 343
Configure MVR in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
CLI: Configure MVR in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Web Interface: Configure MVR in Dynamic Mode . . . . . . . . . . . . . . . . . . . . . 349
Chapter 18 Security Management
Port Security Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . . . . . . . . . . . . . . . . . 355
10
Managed Switches
CLI: Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . . . . . . . . . . . 355
Web Interface: Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . 355
Convert the Dynamic Address Learned from 1/0/1 to a Static Address . . . . 356
CLI: Convert the Dynamic Address Learned from 1/0/1 to the
Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Web Interface: Convert the Dynamic Address Learned from
1/0/1 to the Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Create a Static Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
CLI: Create a Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .357
Web Interface: Create a Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Protected Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
CLI: Configure a Protected Port to Isolate Ports on the Switch. . . . . . . . . . 359
Web Interface: Configure a Protected Port to Isolate Ports
on the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
802.1x Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
CLI: Authenticating dot1x Users by a RADIUS Server. . . . . . . . . . . . . . . . . . 365
Web Interface: Authenticating dot1x Users by a RADIUS Server . . . . . . . . 366
Create a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370
CLI: Create a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Web Interface: Create a Guest VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Assign VLANs Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
CLI: Assign VLANS Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Web Interface: Assign VLANS Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . 378
Dynamic ARP Inspection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
CLI: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Web Interface: Configure Dynamic ARP Inspection. . . . . . . . . . . . . . . . . . . . 383
Static Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
CLI: Configure Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Web Interface: Configure Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
CLI: Configure DHCP Snooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Web Interface: Configure DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Find a Rogue DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
CLI: Find a Rogue DHCP server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Web Interface: Find a Rogue DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Enter Static Binding into the Binding Database. . . . . . . . . . . . . . . . . . . . . . . . . . 395
CLI: Enter Static Binding into the Binding Database . . . . . . . . . . . . . . . . . . . 395
Web Interface: Enter Static Binding into the Binding Database . . . . . . . . . .395
Maximum Rate of DHCP Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
CLI: Configure the Maximum Rate of DHCP Messages. . . . . . . . . . . . . . . . . 396
Web Interface: Configure the Maximum Rate of DHCP Messages . . . . . . . 396
IP Source Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
CLI: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Web Interface: Configure Dynamic ARP Inspection. . . . . . . . . . . . . . . . . . . . 399
Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Command Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
CLI: Configure Command Authorization by a TACACS+ Server. . . . . . . . . . 403
Exec Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
11
Managed Switches
CLI: Configure Exec Command Authorization by a TACACS+ Server . . . . . 404
Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
CLI: Configure Telnet Command Accounting by a TACACS+ Server . . . . . . 405
Configure Telnet EXEC Accounting by RADIUS Server . . . . . . . . . . . . . . . . . 406
Use the Authentication Manager to Set Up an
Authentication Method List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Configure a Dot1x–MAB Authentication Method List with
Dot1x–MAB Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Configure a Dot1x–MAB Authentication Method List with
MAB–Dot1x Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Configure a Dot1x, MAB, and Captive Portal Authentication
Method List with Default Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Chapter 19 MAB
MAC Authentication Bypass Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Configure MAC Authentication Bypass on a Switch. . . . . . . . . . . . . . . . . . . . . . 414
Configure a Network Policy Server on a Microsoft
Windows Serv
Configure an Active Directory on a Microsoft Windows
Server 2008 R2 or Later Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Reduce the MAB Authentication Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
CLI: Reduce the Authentication Time for MAB. . . . . . . . . . . . . . . . . . . . . . . . 428
Web Interface: Reduce the Authentication Time for MAB . . . . . . . . . . . . . . 428
er 2008 R2 or Later Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Chapter 20 SNTP
Simple Network Time Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
Show SNTP (CLI Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
show sntp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
show sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
show sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
CLI: Configure SNTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
Web Interface: Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Set the Time Zone (CLI Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
CLI: Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Web Interface: Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . 435
Chapter 21 Tools
Traceroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
CLI: Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Web Interface: Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Configuration Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
script Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
script list Command and script delete Command . . . . . . . . . . . . . . . . . . . . . 441
script apply running-config.scr Command . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
12
Managed Switches
Create a Configuration Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Upload a Configuration Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Pre-Login Banner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443
Create a Pre-Login Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443
Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
CLI: Specify the Source (Mirrored) Ports and Destination (Probe) . . . . . . 444
Web Interface: Specify the Source (Mirrored) Ports and
Destination (Probe) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Remote SPAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
CLI: Enable RSPAN on a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Dual Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
CLI: Download a Backup Image and Make It Active. . . . . . . . . . . . . . . . . . . . 449
Web Interface: Download a Backup Image and Make It Active . . . . . . . . . . 450
Outbound Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
CLI: show network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
CLI: show telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
CLI: transport output telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Web Interface: Configure Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
CLI: Configure the Session Limit and Session Time-out . . . . . . . . . . . . . . . . 454
Web Interface: Configure the Session Time-out . . . . . . . . . . . . . . . . . . . . . . 454
Full Memory Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
Chapter 22 Syslog
Syslog Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
Show Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
CLI: Show Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
Web Interface: Show Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Show Logging Buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
CLI: Show Logging Buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Web Interface: Show Logging Buffered. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461
Show Logging Traplogs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
CLI: Show Logging Traplogs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Web Interface: Show Logging Trap Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .462
Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
CLI: Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Web Interface: Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Configure Logging for a Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
CLI: Configure Logging for the Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Web Interface: Configure Logging for the Port . . . . . . . . . . . . . . . . . . . . . . . 464
Email Alerting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
CLI: Send Log Messages to admin@switch.com Using
Account aaaa@netgear.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Chapter 23 Chassis Switch Management
Chassis Switch Management and Connectivity . . . . . . . . . . . . . . . . . . . . . . . . .468
Supervisor and Chassis Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Supervisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
13
Managed Switches
Chassis Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Chassis Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Code Mismatch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Configuration Mismatch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
Migrate Configuration with a Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . 470
Add, Remove, or Replace a Chassis Member . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Add a Blade to an Operating Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Remove a Blade from the Chassis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Replace a Chassis Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Chassis Switch Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
Preconfigure a Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
Move the Supervisor to a Different Blade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
CLI: Move the Supervisor to a Different Blade . . . . . . . . . . . . . . . . . . . . . . . 473
Web Interface: Move the Supervisor to a Different Blade. . . . . . . . . . . . . . 474
Chapter 24 Switch Stacks
Switch Stack Management and Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Stack Master and Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Stack Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Stack Member Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Stack Member Priority Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Install and Power-up a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Compatible Switch Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Install a Switch Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Switch Firmware and Firmware Mismatch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Migrate Configuration with a Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . 481
Web Interface: Copy Master Firmware to a Stack Member. . . . . . . . . . . . . 481
Stack Switches Using Ethernet Ports and a Stack Cable . . . . . . . . . . . . . . . . . . 482
CLI: Configure the Stack Ports as Ethernet Ports . . . . . . . . . . . . . . . . . . . . . 482
Web Interface: Configure the Stack Ports as Ethernet Ports. . . . . . . . . . . . 484
Stack Switches Using 10G Fiber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
CLI: Stack Switches Using 10G Fiber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Web Interface: Stack Switches Using 10G Fiber . . . . . . . . . . . . . . . . . . . . . . 488
Add, Remove, or Replace a Stack Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Add Switches to an Operating Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Remove a Switch from a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490
Replace a Stack Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Switch Stack Configuration Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Preconfigure a Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
Renumber Stack Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
CLI: Renumber Stack Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Web Interface: Renumber Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
Move the Stack Master to a Different Unit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
CLI: Move the Stack Master to a Different Unit. . . . . . . . . . . . . . . . . . . . . . . 496
14
Managed Switches
Web Interface: Move the Stack Master to a Different Unit . . . . . . . . . . . . .496
Chapter 25 SNMP
Add a New Community. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
CLI: Add a New Community. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Web Interface: Add a New Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
CLI: Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Web Interface: Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
SNMP Version 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
CLI: Configure SNMPv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Web Interface: Configure SNMPv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
CLI: Configure Statistical Packet-Based Sampling of Packet
Flows with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Web Interface: Configure Statistical Packet-based Sampling
with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
Time-Based Sampling of Counters with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . .505
CLI: Configure Time-Based Sampling of Counters with sFlow. . . . . . . . . . . 505
Web Interface: Configure Time-Based Sampling of Counters
with sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Chapter 26 DNS
Domain Name System Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Specify Two DNS Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
CLI: Specify Two DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Web Interface: Specify Two DNS Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Manually Add a Host Name and an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . 509
CLI: Manually Add a Host Name and an IP Address . . . . . . . . . . . . . . . . . . . . 509
Web Interface: Manually Add a Host Name and an IP Address. . . . . . . . . . . 509
Chapter 27 DHCP Server
Dynamic Host Configuration Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . 511
Configure a DHCP Server in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
CLI: Configure a DHCP Server in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . . 511
Web Interface: Configure a DHCP Server in Dynamic Mode . . . . . . . . . . . .512
Configure a DHCP Server that Assigns a Fixed IP Address . . . . . . . . . . . . . . . . 514
CLI: Configure a DHCP Server that Assigns a Fixed IP Address . . . . . . . . . . 514
Web Interface: Configure a DHCP Server that Assigns a Fixed IP Address 515
Chapter 28 DHCPv6 Server
Dynamic Host Configuration Protocol Version 6 Concepts. . . . . . . . . . . . . . . . 518
CLI: Configure DHCPv6 Prefix Delegation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Web Interface: Configure DHCPv6 Prefix Delegation . . . . . . . . . . . . . . . . . . . .520
Configure a Stateless DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
CLI: Configure a Stateless DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
15
Managed Switches
Web Interface: Configure a Stateless DHCPv6 Server . . . . . . . . . . . . . . . . . 525
Configure a Stateful DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528
CLI: Configure a Stateful DHCPv6 Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 528
Web Interface: Configure a Stateful DHCPv6 Server . . . . . . . . . . . . . . . . . . 529
Chapter 29 DVLANs and Private VLANs
Double VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534
CLI: Enable a Double VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
Web Interface: Enable a Double VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
Private VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538
CLI: Create a Private VLAN Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539
Web Interface: Create a Private VLAN Group. . . . . . . . . . . . . . . . . . . . . . . . . 540
Chapter 30 STP
Spanning Tree Protocol Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Configure Classic STP (802.1d) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
CLI: Configure Classic STP (802.1d) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Web Interface: Configure Classic STP (802.1d) . . . . . . . . . . . . . . . . . . . . . . 545
Configure Rapid STP (802.1w). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
CLI: Configure Rapid STP (802.1w). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
Web Interface: Configure Rapid STP (802.1w) . . . . . . . . . . . . . . . . . . . . . . . 547
Configure Multiple STP (802.1s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548
CLI: Configure Multiple STP (802.1s). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548
Web Interface: Configure Multiple STP (802.1s) . . . . . . . . . . . . . . . . . . . . . 549
Configure PVSTP and PVRSTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550
CLI: Configure PVSTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
Web Interface: Configure PVSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
Chapter 31 Tunnels for IPv6
Tunnel Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
Create a 6in4 Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
CLI: Create a 6in4 Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561
Web Interface: Create a 6in4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
Create a 6to4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
CLI: Create a 6to4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
Web Interface: Create a 6to4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572
Chapter 32 IPv6 Interface Configuration
Create an IPv6 Routing Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
CLI: Create an IPv6 Routing Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Web Interface: Create an IPv6 Routing Interface . . . . . . . . . . . . . . . . . . . . . 587
Create an IPv6 Routing VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589
CLI: Create an IPv6 Routing VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589
Web Interface: Create an IPv6 VLAN Routing Interface . . . . . . . . . . . . . . . . 591
Configure DHCPv6 Mode on the Routing Interface. . . . . . . . . . . . . . . . . . . . . . 593
16
Managed Switches
CLI: Configure DHCPv6 mode on routing interface. . . . . . . . . . . . . . . . . . . . 594
Web Interface: Configure DHCPv6 mode on routing interface . . . . . . . . . . 595
Chapter 33 PIM
Protocol Independent Multicast Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
CLI: Configure PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600
Web Interface: Configure PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
PIM-SM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621
CLI: Configure PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622
Web Interface: Configure PIM-SM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 626
Chapter 34 DHCP L2 Relay and L3 Relay
DHCP L2 Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
CLI: Enable DHCP L2 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
Web Interface: Enable DHCP L2 Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649
DHCP L3 Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652
Configure the DHCP Server Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652
Configure a DHCP L3 Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657
Chapter 35 MLD
Multicast Listener Discovery Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663
Configure MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .663
CLI: Configure MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664
Web Interface: Configure MLD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 666
MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675
CLI: Configure MLD Snooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676
Web Interface: Configure MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
Chapter 36 DVMRP
Distance Vector Multicast Routing Protocol Concepts . . . . . . . . . . . . . . . . . . . 680
CLI: Configure DVMRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681
Web Interface: Configure DVMRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687
Chapter 37 Captive Portal
Captive Portal Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698
Captive Portal Configuration Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
Enable a Captive Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
CLI: Enable a Captive Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
Web Interface: Enable a Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .700
Client Access, Authentication, and Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701
Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .701
CLI: Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701
Web Interface: Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . 702
Local Authorization, Create Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 702
17
Managed Switches
CLI: Create Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702
Web Interface: Create Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703
Remote Authorization (RADIUS) User Configuration . . . . . . . . . . . . . . . . . . . . 704
CLI: Configure RADIUS as the Verification Mode. . . . . . . . . . . . . . . . . . . . . . 705
Web Interface: Configure RADIUS as the Verification Mode . . . . . . . . . . . . 706
SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706
Chapter 38 iSCSI
iSCSI Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 708
Enable iSCSI Awareness with VLAN Priority Tag. . . . . . . . . . . . . . . . . . . . . . . . . 709
CLI: Enable iSCSI Awareness with VLAN Priority Tag. . . . . . . . . . . . . . . . . . . 709
Web Interface: Enable iSCSI Awareness with VLAN Priority Tag . . . . . . . . . 709
Enable iSCSI Awareness with DSCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710
CLI: Enable iSCSI Awareness with DSCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710
Web Interface: Enable iSCSI Awareness with DSCP. . . . . . . . . . . . . . . . . . . . 710
Set the iSCSI Target Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711
CLI: Set iSCSI Target Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711
Web Interface: Set iSCSI Target Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711
Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 712
CLI: Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 712
Web Interface: Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713
Chapter 39 Override Factory Defaults
Override the Factory Default Configuration File . . . . . . . . . . . . . . . . . . . . . . . . 715
CLI: Install Another Factory Defaults Configuration File. . . . . . . . . . . . . . . . 715
CLI: Erase the Old Factory Default Configuration File. . . . . . . . . . . . . . . . . . 716
Chapter 40 NETGEAR SFP
Connect with NETGEAR SFP AGM731F. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
Index
18
1. Documentation Resources
Before installation, read the release notes for your switch. The release notes detail the
platform-specific functionality of the switching, routing, SNMP, configuration, management, and
other packages. In addition, see the following publications:
• The NETGEAR installation guide for your switch
• Managed Switch Hardware Installation Guide
• Managed Switch Software Setup Manual
• ProSAFE Managed Switch Command Line Interface (CLI) User Manual
• ProSAFE Managed Switch W
Note: For more information about the topics covered in this manual, visit the
support website at http://support.netgear.com.
eb Management User Manual
1
Note: Firmware updates with new features and bug fixes are made
available from time to time on downloadcenter.netgear.com. Some
products can regularly check the site and download new firmware, or
you can check for and download new firmware manually. If the
features or behavior of your product do not match what is described in
this guide, you might need to update your firmware.
19
2. VLANs
Virtual LANs
This chapter includes the following sections:
• VLAN Concepts
• Create Two VLANs
• Assign Ports to VLAN 2
• Create Three VLANs
• Assign Ports to VLAN 3
• Assign VLAN 3 as the Default VLAN for Port 1/0/2
• Create a MAC-Based VLAN
• Create a Protocol-Based VLAN
• Virtual VLANs: Create an IP Subnet–Based VLAN
• Voice VLANs
• Configure GARP VLAN Registration Protocol
• Private VLANs
• Assign Private-VLAN Types (Primary, Isolated, Community)
• Configure Private-VLAN Association
• Configure Private-VLAN Port Mode (Promiscuous, Host)
• Configure Private-VLAN Host Ports
• Map Private-VLAN Promiscuous Port
• VLAN Access Ports and Trunk Ports
2
20
Managed Switches
VLAN Concepts
Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both
bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2
header, which is fast. Like a router, it partitions the network into logical segments, which
provides better administration, security, and management of multicast traffic.
A VLAN is a set of end stations and the switch ports that connect them. You can have
different reasons for the logical division, such as department or project membership. The only
physical requirement is that the end station and the port to which it is connected both belong
to the same VLAN.
Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag
in the Layer 2 header of packets transmitted on a VLAN. An end station might omit the tag, or
the VLAN portion of the tag, in which case the first switch port to receive the packet can
either reject it or insert a tag using its default VLAN ID. A given port can handle traf
more than one VLAN, but it can support only one default VLAN ID.
The Private Edge VLAN feature lets you set protection between ports located on the switch.
This means that a protected port cannot forward traf
switch. The feature does not provide protection between ports located on dif
fic to another protected port on the same
ferent switches.
fic for
The diagram in this section shows a switch with four ports configured to handle the traffic for
two VLANs. Port 1/0/2 handles traffic for both VLANs, while port 1/0/1 is a member of VLAN
2 only, and ports 1/0/3 and 1/0/4 are members of VLAN 3 only
. The script following the
diagram shows the commands you would use to configure the switch as shown in the
diagram.
Layer 3 switch
Port 1/0/2 VLAN
Router Port 1/3/1
192.150.3.1
Port 1/0/1
Layer 2
Switch
VLAN 10 VLAN 20
Port 1/0/3 VLAN
Router Port 1/3/2
192.150.4.1
Layer 2
Switch
Figure 1. Switch with 4 ports configured for traffic from 2 VLANs
The following examples show how to create VLANs, assign ports to the VLANs, and assign a
VLAN as the default VLAN to a port.
VLANs
21
Managed Switches
Create Two VLANs
The example is shown as CLI commands and as a web interface procedure.
CLI: Create Two VLANs
Use the following commands to create two VLANs and to assign the VLAN IDs while leaving
the names blank.
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 2
(Netgear Switch) (Vlan)#vlan 3
(Netgear Switch) (Vlan)#exit
Web Interface: Create Two VLANs
1. Create VLAN2.
a. Select Switching > VLAN > Basic > VLAN Configuration.
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 2.
• In the VLAN Name field, enter VLAN2.
• In the VLAN Type list, select
Static.
c. Click Add.
2. Create VLAN3.
a. Select Switching > VLAN > Basic > VLAN Configuration.
VLANs
22
Managed Switches
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 3.
• In the VLAN Name field, enter VLAN3.
• In the VLAN Type list, select
Static.
c. Click Add.
Assign Ports to VLAN 2
This sequence shows how to assign ports to VLAN2, and to specify that frames will always
be transmitted tagged from all member ports and that untagged frames will be rejected on
receipt.
CLI: Assign Ports to VLAN 2
(Netgear Switch) #config
(Netgear Switch) (Config)#interface range 1/0/1-1/0/2
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 2
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit
(Netgear Switch) (Config)#vlan port tagging all 2
(Netgear Switch) (Config)#
VLANs
23
Managed Switches
Web Interface: Assign Ports to VLAN 2
1. Assign ports to VLAN2.
a. Select Switching > VLAN > Advanced > VLAN Membership.
A screen similar to the following displays.
b. In the VLAN ID list, select 2.
c. Click Unit 1. The ports display.
d. Click the gray boxes under ports 1 and
2 until T displays.
The T specifies that the egress packet is tagged for the ports.
e. Click Apply to save the settings.
2. Specify that only tagged frames will be accepted on ports 1/0/1 and 1/0/2.
a. Select Switching > VLAN >
A screen similar to the following displays.
b. Under PVID Configuration, scroll down and select the check box for Interface 1/0/1.
Advanced > Port PVID Configuration.
Then scroll down and select the Interface 1/0/2 check box.
VLANs
24
Managed Switches
c. Enter the following information:
• In the Acceptable Frame Type polyhedron list, select VLAN Only.
• In the
d. Click Apply to save the settings.
PVID (1 to 4093) field, enter 2.
Create Three VLANs
The example is shown as CLI commands and as a web interface procedure.
CLI: Create Three VLANs
Use the following commands to create three VLANs and to assign the VLAN IDs while
leaving the names blank.
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 100
(Netgear Switch) (Vlan)#vlan 101
(Netgear Switch) (Vlan)#vlan 102
(Netgear Switch) (Vlan)#exit
Web Interface: Create Three VLANs
1. Create VLAN100.
a. Select Switching > VLAN > Basic > VLAN Configuration.
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 100.
• In the VLAN Name field, enter VLAN100.
c. Click Add.
VLANs
25
Managed Switches
2. Create VLAN101.
a. Select Switching > VLAN > Basic > VLAN Configuration.
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 101.
• In the VLAN Name field, enter VLAN101.
c. Click Add.
3. Create VLAN102.
a. Select Switching > VLAN > Basic > VLAN Configuration.
A screen similar to the following displays.
b. Enter the following information:
• In the VLAN ID field, enter 102.
• In the VLAN Name field, enter VLAN102.
c. Click Add.
VLANs
26
Managed Switches
Assign Ports to VLAN 3
This example shows how to assign the ports that will belong to VLAN 3, and to specify that
untagged frames will be accepted on port 1/0/4. Note that port 1/0/2 belongs to both VLANs
and that port 1/0/1 can never belong to VLAN 3.
CLI: Assign Ports to VLAN 3
(Netgear Switch) (Config)#interface range 1/0/2-1/0/4
(Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3
(Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit
(Netgear Switch) (Config)#interface 1/0/4
(Netgear Switch) (Interface 1/0/4)#vlan acceptframe all
(Netgear Switch) (Interface 1/0/4)#exit
(Netgear Switch) (Config)#exit
Web Interface: Assign Ports to VLAN 3
1. Assign ports to VLAN3.
a. Select Switching > VLAN > Advanced > VLAN Membership.
A screen similar to the following displays.
b. In the VLAN ID list, select 3.
c. Click Unit 1. The ports display.
d. Click the gray boxes under ports 2, 3, and 4 until T displays.
The
T specifies that the egress packet is tagged for the ports.
e. Click Apply
to save the settings.
2. Specify that untagged frames will be accepted on port 1/0/4.
a. Select Switching > VLAN >
Advanced > Port PVID Configuration.
VLANs
27
Managed Switches
A screen similar to the following displays.
b. Scroll down and select the Interface 1/0/4 check box.
Now 1/0/4 appears in the Interface field at the top.
c. In the Acceptable Frame Types list, select Admit All.
d. Click Apply
to save the settings.
Assign VLAN 3 as the Default VLAN for Port 1/0/2
This example shows how to assign VLAN 3 as the default VLAN for port 1/0/2.
CLI: Assign VLAN 3 as the Default VLAN for Port 1/0/2
(Netgear Switch) #config
(Netgear Switch) (Config)#interface 1/0/2
(Netgear Switch) (Interface 1/0/2)#vlan pvid 3
(Netgear Switch) (Interface 1/0/2)#exit
(Netgear Switch) (Config)#exit
VLANs
28
Managed Switches
Web Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2
1. Select Switching > VLAN > Advanced > Port PVID Configuration.
A screen similar to the following displays.
2. Under PVID Configuration, scroll down and select the Interface 1/0/2 check box. Now 1/0/2
appears in the Interface field at the top.
3. In the PVID (1 to 4093) field, enter 3.
4. Click Apply to save the settings.
Create a MAC-Based VLAN
The MAC-based VLAN feature allows incoming untagged packets to be assigned to a VLAN
and thus classify traffic based on the source MAC address of the packet.
You define a MAC to VLAN mapping by configuring an entry in the MAC to VLAN table. An
entry is specified using a source MAC address and the appropriate VLAN ID. The MAC to
VLAN configurations are shared across all ports of the device (i.e., there is a system-wide
table that has MAC address to VLAN ID mappings).
When untagged or priority tagged packets arrive at the switch and entries exist in the MAC to
VLAN table, the source MAC address of the packet is looked up. If an entry is found, the
corresponding VLAN ID is assigned to the packet. If the packet is already priority tagged it
will maintain this value; otherwise, the priority will be set to 0 (zero).
verified against the VLAN table. If the VLAN is valid, ingress processing on the packet
continues; otherwise, the packet is dropped. This implies that you can configure a MAC
address mapping to a VLAN that has not been created on the system.
The assigned VLAN ID is
VLANs
29
Managed Switches
CLI: Create a MAC-Based VLAN
1. Create VLAN3
(Netgear Switch)#vlan database
(Netgear Switch)(Vlan)#vlan 3
(Netgear Switch)(Vlan)#exit
.
2. Add port 1/0/23 to VLAN3.
(Netgear Switch)#config
(Netgear Switch)(Config)#interface 1/0/23
(Netgear Switch)(Interface 1/0/23)#vlan participation include 3
(Netgear Switch)(Interface 1/0/23)#vlan pvid 3
(Netgear Switch)(Interface 1/0/23)#exit
3. Map MAC 00:00:0A:00:00:02 to VLAN3.
(Netgear Switch)(Config)#exit
(Netgear Switch)#vlan data
(Netgear Switch)(Vlan)#vlan association mac 00:00:00A:00:00:02 3
(Netgear Switch)(Vlan)#exit
4. Add all the ports to VLAN3.
(Netgear Switch)#config
(Netgear Switch)(Config)#interface range 1/0/1-1/0/28
(Netgear Switch)(conf-if-range-1/0/1-1/0/28)#vlan participation include 3
(Netgear Switch)(conf-if-range-1/0/1-1/0/28)#exit
(Netgear Switch)(Config)#exit
VLANs
30
Loading...