Loading...
ProSafe M4100 and M7100
Managed Switches
Software Administration Manual
10.0.1
350 East Plumeria Drive
San Jose, CA 95134
USA
February 2013 202-11161-01
ProSafe M4100 and M7100 Managed Switches
Support
Thank you for selecting NETGEAR products.
After installing your device, locate the serial number on the label of your product and use it to register your product at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR recommends registering your product through the NETGEAR website. For product updates and web support, visit http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR.
Phone (Other Countries): Check the list of phone numbers at http://support.netgear.com/general/contact/default.aspx.
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. © All rights reserved.
Revision History
Publication Part |
Version |
Publish Date |
Comments |
Number |
|
|
|
|
|
|
|
202-11161-01 |
v1.0 |
February 2013 |
Updated document. |
|
|
|
|
202-1xxxx-01 |
v1.0 |
October 2012 |
Added iSCSI features. |
|
|
|
|
202-11153-01 |
v1.0 |
August 2012 |
Added Private VLAN features. |
|
|
|
|
202-10515-05 |
v1.0 |
August 2012 |
Added MVR feature. |
|
|
|
|
202-10515-05 |
v1.0 |
July 2011 |
Added DHCPv6 and DHCPv6 mode features. |
|
|
|
|
202-10515-04 |
v1.0 |
November 2010 |
New document template. |
|
|
|
|
202-10515-03 |
v 1.0 |
June 2010 |
Move some content to the Software Setup |
|
|
|
Guide. |
|
|
|
|
202-10515-02 |
|
|
Software release 8.0.2: new firmware with |
|
|
|
DHCP L3 Relay, color conform policy, DHCP |
|
|
|
server in dynamic mode, and configuring a |
|
|
|
stacking port as an Ethernet port. |
|
|
|
|
202-10515-01 |
|
|
Original publication. |
|
|
|
|
2 |
Table of Contents
Chapter 1 Documentation Resources
Chapter 2 VLANs
Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 CLI: Create Two VLANS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Web Interface: Create Two VLANS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Assign Ports to VLAN2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 CLI: Assign Ports to VLAN2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Web Interface: Assign Ports to VLAN2. . . . . . . . . . . . . . . . . . . . . . . . . . 19 Create Three VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 CLI: Create Three VLANS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Web Interface: Create Three VLANS . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Assign Ports to VLAN3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 CLI: Assign Ports to VLAN3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Web Interface: Assign Ports to VLAN3. . . . . . . . . . . . . . . . . . . . . . . . . . 23 Assign VLAN3 as the Default VLAN for Port 1/0/2 . . . . . . . . . . . . . . . . . . . 24 CLI: Assign VLAN3 as the Default VLAN for Port 1/0/2 . . . . . . . . . . . . .24 Web Interface: Assign VLAN3 as the Default VLAN for Port 1/0/2. . . . .24 Create a MAC-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 CLI: Create a MAC-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Web Interface: Assign a MAC-Based VLAN. . . . . . . . . . . . . . . . . . . . . . 26 Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 CLI: Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Web Interface: Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . .29 Virtual VLANs: Create an IP Subnet–Based VLAN . . . . . . . . . . . . . . . . . .31 CLI: Create an IP Subnet–Based VLAN. . . . . . . . . . . . . . . . . . . . . . . . . 31 Web Interface: Create an IP Subnet–Based VLAN . . . . . . . . . . . . . . . .32 Voice VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 CLI: Configure Voice VLAN and Prioritize Voice Traffic . . . . . . . . . . . . .34 Web Interface: Configure Voice VLAN and Prioritize Voice Traffic . . . .36 Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Assign Private-VLAN Types (Primary, Isolated, Community). . . . . . . . . . .46 CLI: Assign Private-VLAN Type (Primary, Isolated, Community). . . . . .46
Web Interface: Assign Private-VLAN Type (Primary, Isolated, Community)46 Configure Private-VLAN Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
CLI: Configure Private-VLAN Association . . . . . . . . . . . . . . . . . . . . . . . 48 Web Interface: Configure Private-VLAN Association . . . . . . . . . . . . . . .48 Configure Private-VLAN Port Mode (Promiscuous, Host) . . . . . . . . . . . . .49 CLI: Configure Private-VLAN Port Mode (Promiscuous, Host) . . . . . . .49 Web Interface: Configure Private-VLAN Port Mode (Promiscuous, Host)49 Configure Private-VLAN Host Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 CLI: Configure Private-VLAN Host Ports . . . . . . . . . . . . . . . . . . . . . . . . 50 Web Interface: Assign Private-VLAN Port Host Ports . . . . . . . . . . . . . .51
Contents | 3
ProSafe M4100 and M7100 Managed Switches
Map Private-VLAN Promiscuous Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
CLI: Map Private-VLAN Promiscuous Port. . . . . . . . . . . . . . . . . . . . . . . 52
Web Interface: Map Private-VLAN Promiscuous Port . . . . . . . . . . . . . . 52
Chapter 3 LAGs
Create Two LAGs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 CLI: Create Two LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Web Interface: Create Two LAGs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Add Ports to LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 CLI: Add Ports to the LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Web Interface: Add Ports to LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Enable Both LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 CLI: Enable Both LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Web Interface: Enable Both LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Chapter 4 Port Routing
Port Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 CLI: Enable Routing for the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Web Interface: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . 62 Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 CLI: Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . . . . . . 63 Web Interface: Enable Routing for Ports on the Switch . . . . . . . . . . . . . 63 Add a Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 CLI: Add a Default Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Web Interface: Add a Default Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Add a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 CLI: Add a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Web Interface: Add a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Chapter 5 VLAN Routing
Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 CLI: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Web Interface: Create Two VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Set Up VLAN Routing for the VLANs and the Switch. . . . . . . . . . . . . . . . . 73 CLI: Set Up VLAN Routing for the VLANs and the Switch . . . . . . . . . . . 73 Web Interface: Set Up VLAN Routing for the VLANs and the Switch . . 73
Chapter 6 RIP
Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 CLI: Enable Routing for the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Web Interface: Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . 76 Routing for Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
CLI: Enable Routing and Assigning IP Addresses for Ports 1/0/2 and 1/0/377 Web Interface: Enable Routing for the Ports . . . . . . . . . . . . . . . . . . . . . 77
RIP for the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
4 | Contents
ProSafe M4100 and M7100 Managed Switches
CLI: Enable RIP on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 Web Interface: Enable RIP on the Switch. . . . . . . . . . . . . . . . . . . . . . . .79 RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 CLI: Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . .80 Web Interface: Enable RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . .80 VLAN Routing with RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82 CLI: Configure VLAN Routing with RIP Support. . . . . . . . . . . . . . . . . . .82 Web Interface: Configure VLAN Routing with RIP Support . . . . . . . . . .84
Chapter 7 OSPF
Inter-area Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87 CLI: Configure an Inter-area Router . . . . . . . . . . . . . . . . . . . . . . . . . . . .87 Web Interface: Configure an Inter-area Router . . . . . . . . . . . . . . . . . . .89 OSPF on a Border Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92 CLI: Configure OSPF on a Border Router . . . . . . . . . . . . . . . . . . . . . . .92 Web Interface: Configure OSPF on a Border Router . . . . . . . . . . . . . .93 Stub Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98 CLI: Configure Area 1 as a Stub Area on A1 . . . . . . . . . . . . . . . . . . . . .98 Web Interface: Configure Area 1 as a Stub Area on A1 . . . . . . . . . . . .100 CLI: Configure Area 1 as a Stub Area on A2 . . . . . . . . . . . . . . . . . . . .103 Web Interface: Configure Area 1 as a Stub Area on A2 . . . . . . . . . . . .104 nssa Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107 CLI: Configure Area 1 as an nssa Area . . . . . . . . . . . . . . . . . . . . . . . .107 Web Interface: Configure Area 1 as an nssa Area on A1. . . . . . . . . . .108 CLI: Configure Area 1 as an nssa Area on A2 . . . . . . . . . . . . . . . . . . .111 Web Interface: Configure Area 1 as an nssa Area on A2. . . . . . . . . . .113 VLAN Routing OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 CLI: Configure VLAN Routing OSPF . . . . . . . . . . . . . . . . . . . . . . . . . .118 Web Interface: Configure VLAN Routing OSPF . . . . . . . . . . . . . . . . . .119 OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 CLI: Configure OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Web Interface: Configure OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
Chapter 8 ARP
Proxy ARP Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127 CLI: show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127 CLI: ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128 Web Interface: Configure Proxy ARP on a Port . . . . . . . . . . . . . . . . . .128
Chapter 9 VRRP
VRRP on a Master Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130 CLI: Configure VRRP on a Master Router . . . . . . . . . . . . . . . . . . . . . .130 Web Interface: Configure VRRP on a Master Router . . . . . . . . . . . . . .131 VRRP on a Backup Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132 CLI: Configure VRRP on a Backup Router. . . . . . . . . . . . . . . . . . . . . .132 Web Interface: Configure VRRP on a Backup Router . . . . . . . . . . . . .133
Contents | 5
ProSafe M4100 and M7100 Managed Switches
Chapter 10 ACLs
MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 ACL Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 CLI: Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . 138 Web Interface: Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . 139 One-Way Access Using a TCP Flag in an ACL . . . . . . . . . . . . . . . . . . . . 142 CLI:Configure One-Way Access Using a TCP Flag in an ACL . . . . . . 142
Web Interface: Configure One-Way Access Using a TCP Flag in an ACL146 Use ACLs to Configure Isolated VLANs on a Layer 3 Switch . . . . . . . . . 158
CLI: Configure One-Way Access Using a TCP Flag in ACL Commands159 Web Interface: Configure One-Way Access Using a TCP Flag in an ACL161
Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 CLI: Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . 170 Web Interface: Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . 170 ACL Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 CLI: Configure ACL Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Web Interface: Configure ACL Mirroring . . . . . . . . . . . . . . . . . . . . . . . 174 ACL Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 CLI: Redirect a Traffic Stream . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 Web Interface: Redirect a Traffic Stream . . . . . . . . . . . . . . . . . . . . . . . 179 Configure IPv6 ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 CLI: Configure an IPv6 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Web Interface: Configure an IPv6 ACL . . . . . . . . . . . . . . . . . . . . . . . . 186
Chapter 11 CoS Queuing
CoS Queue Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Trusted Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Untrusted Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 CoS Queue Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 CLI: Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Web Interface: Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . 193 Set classofservice Trust Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 CLI: Set classofservice Trust Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Web Interface: Set classofservice Trust Mode . . . . . . . . . . . . . . . . . . 193 Show classofservice IP-Precedence Mapping . . . . . . . . . . . . . . . . . . . . . 194 CLI: Show classofservice IP-Precedence Mapping . . . . . . . . . . . . . . . 194 Web Interface: Show classofservice ip-precedence Mapping . . . . . . . 194 Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode195
CLI: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode195 Web Interface: Configure CoS-queue Min-bandwidth and Strict Priority Scheduler Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Set CoS Trust Mode for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 CLI: Set CoS Trust Mode for an Interface . . . . . . . . . . . . . . . . . . . . . . 197 Web Interface: Set CoS Trust Mode for an Interface . . . . . . . . . . . . . . 197
6 | Contents
ProSafe M4100 and M7100 Managed Switches
Configure Traffic Shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
CLI: Configure traffic-shape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
Web Interface: Configure Traffic Shaping. . . . . . . . . . . . . . . . . . . . . . .198
Chapter 12 DiffServ
DiffServ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201 CLI: Configure DiffServ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202 Web Interface: Configure DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . .204 DiffServ for VoIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218 CLI: Configure DiffServ for VoIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218 Web Interface: Diffserv for VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220 Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225 CLI: Configure Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226 Web Interface: Configure Auto-VoIP . . . . . . . . . . . . . . . . . . . . . . . . . .228 DiffServ for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229 CLI: Configure DiffServ for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230 Web Interface: Configure DiffServ for IPv6. . . . . . . . . . . . . . . . . . . . . .231 Color Conform Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237 CLI: Configure a Color Conform Policy. . . . . . . . . . . . . . . . . . . . . . . . .237 Web Interface: Configure a Color Conform Policy . . . . . . . . . . . . . . . .238
Chapter 13 IGMP Snooping and Querier
IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246 CLI: Enable IGMP Snooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246 Web Interface: Enable IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . .246 Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246 CLI: Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247 Web Interface: Show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . .247 Show mac-address-table igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . .247 CLI: Show mac-address-table igmpsnooping . . . . . . . . . . . . . . . . . . . .248 Web Interface: Show mac-address-table igmpsnooping . . . . . . . . . . .248 External Multicast Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248 CLI: Configure the Switch with an External Multicast Router . . . . . . . .248 Web Interface: Configure the Switch with an External Multicast Router249 Multicast Router Using VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249 CLI: Configure the Switch with a Multicast Router Using VLAN . . . . . .249
Web Interface: Configure the Switch with a Multicast Router Using VLAN249 IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250 Enable IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
CLI: Enable IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251 Web Interface: Enable IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . .252 Show IGMP Querier Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254 CLI: Show IGMP Querier Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254 Web Interface: Show IGMP Querier Status . . . . . . . . . . . . . . . . . . . . .254
Chapter 14 MVR (Multicast VLAN Registration)
Configure MVR in Compatible Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Contents | 7
ProSafe M4100 and M7100 Managed Switches
CLI: Configure MVR in Compatible Mode . . . . . . . . . . . . . . . . . . . . . . 257 Web Interface: Configure MVR in Compatible Mode . . . . . . . . . . . . . . 259 Configure MVR in Dynamic Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 CLI: Configure MVR in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . . . . . 263 Web Interface: Configure MVR in Dynamic Mode . . . . . . . . . . . . . . . . 265
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Chapter 15 Security Management
Port Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . . . . . . . . . . . . . 270 CLI: Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . . . . . . . 270 Web Interface: Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . 270 Convert the Dynamic Address Learned from 1/0/1 to a Static Address . . 271
CLI: Convert the Dynamic Address Learned from 1/0/1 to the Static Address272 Web Interface: Convert the Dynamic Address Learned from 1/0/1 to the Static Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Create a Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 CLI: Create a Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Web Interface: Create a Static Address . . . . . . . . . . . . . . . . . . . . . . . . 273 Protected Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 CLI: Configure a Protected Port to Isolate Ports on the Switch . . . . . . 274
Web Interface: Configure a Protected Port to Isolate Ports on the Switch276 802.1x Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
CLI: Authenticating dot1x Users by a RADIUS Server . . . . . . . . . . . . . 280 Web Interface: Authenticating dot1x Users by a RADIUS Server . . . . 281 Create a Guest VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286 CLI: Create a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 Web Interface: Create a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . 288 Assign VLANs Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 CLI: Assign VLANS Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 Web Interface: Assign VLANS Using RADIUS. . . . . . . . . . . . . . . . . . . 294 Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 CLI: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . 298 Web Interface: Configure Dynamic ARP Inspection. . . . . . . . . . . . . . . 299 Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 CLI: Configure Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Web Interface: Configure Static Mapping. . . . . . . . . . . . . . . . . . . . . . . 304 DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 CLI: Configure DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306 Web Interface: Configure DHCP Snooping . . . . . . . . . . . . . . . . . . . . . 307 Enter Static Binding into the Binding Database . . . . . . . . . . . . . . . . . . . . 309 CLI: Enter Static Binding into the Binding Database . . . . . . . . . . . . . . 309 Web Interface: Enter Static Binding into the Binding Database . . . . . . 310 Maximum Rate of DHCP Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 CLI: Configure the Maximum Rate of DHCP Messages. . . . . . . . . . . . 311 Web Interface: Configure the Maximum Rate of DHCP Messages . . . 311 IP Source Guard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312 CLI: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . 312
8 | Contents
ProSafe M4100 and M7100 Managed Switches
Web Interface: Configure Dynamic ARP Inspection . . . . . . . . . . . . . . .313
Chapter 16 SNTP
Show SNTP (CLI Only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317
show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317
show sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318
show sntp server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318
Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319
CLI: Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319
Web Interface: Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320
Set the Time Zone (CLI Only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321
Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321
CLI: Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
Web Interface: Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . .322
Chapter 17 Tools
Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324 CLI: Traceroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325 Web Interface: Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325 Configuration Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326 script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327 script list and script delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327 script apply running-config.scr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328 Create a Configuration Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328 Upload a Configuration Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328 Pre-Login Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329 Create a Pre-Login Banner (CLI Only) . . . . . . . . . . . . . . . . . . . . . . . . .329 Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330 CLI: Specify the Source (Mirrored) Ports and Destination (Probe). . . .330
Web Interface: Specify the Source (Mirrored) Ports and Destination (Probe)330 Dual Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331
CLI: Download a Backup Image and Make It Active. . . . . . . . . . . . . . .332 Web Interface: Download a Backup Image and Make It Active . . . . . .333 Outbound Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .334 CLI: show network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335 CLI: show telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335 CLI: transport output telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336 Web Interface: Configure Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336 CLI: Configure the session-limit and session-timeout. . . . . . . . . . . . . .337 Web Interface: Configure the Session Timeout . . . . . . . . . . . . . . . . . .337
Chapter 18 Syslog
Show Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340
CLI: Show Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340
Web Interface: Show Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340
Show Logging Buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342
CLI: Show Logging Buffered. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342
Contents | 9
ProSafe M4100 and M7100 Managed Switches
Web Interface: Show Logging Buffered . . . . . . . . . . . . . . . . . . . . . . . . 343 Show Logging Traplogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 CLI: Show Logging Traplogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 Web Interface: Show Logging Trap Logs . . . . . . . . . . . . . . . . . . . . . . . 343 Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 CLI: Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 Web Interface: Show Logging Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . 345 Configure Logging for a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 CLI: Configure Logging for the Port . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 Web Interface: Configure Logging for the Port . . . . . . . . . . . . . . . . . . . 346 Email Alerting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
CLI: Send Log Messages to admin@switch.com Using Account aaaa@netgear.com. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Chapter 19 Switch Stacks
Switch Stack Management and Connectivity . . . . . . . . . . . . . . . . . . . . . . 349 The Stack Master and Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . 350 Stack Master. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 Stack Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Stack Member Numbers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Stack Member Priority Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Install and Power-up a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Compatible Switch Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Install a Switch Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 Switch Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 Code Mismatch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Migrate Configuration with a Firmware Upgrade . . . . . . . . . . . . . . . . . 354 Copy Master Firmware to a Stack Member (Web Interface) . . . . . . . . 355 Configure a Stacking Port as an Ethernet Port . . . . . . . . . . . . . . . . . . . . 355 CLI: Configure a Stacking Port as an Ethernet Port . . . . . . . . . . . . . . . 356 Web Interface: Configure a Stacking Port as an Ethernet Port . . . . . . 357 Stack Switches Using 10G Fiber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 CLI: Stack Switches Using 10G Fiber . . . . . . . . . . . . . . . . . . . . . . . . . 359 Web Interface: Stack Switches Using 10G Fiber . . . . . . . . . . . . . . . . . 360 Add, Remove, or Replace a Stack Member . . . . . . . . . . . . . . . . . . . . . . . 361 Add Switches to an Operating Stack . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Remove a Switch from the Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 Replace a Stack Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 Switch Stack Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 Preconfigure a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Renumber Stack Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365 CLI: Renumber Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366 Web Interface: Renumber Stack Members . . . . . . . . . . . . . . . . . . . . . 366 Move the Stack Master to a Different Unit . . . . . . . . . . . . . . . . . . . . . . . . 368 CLI: Move the Stack Master to a Different Unit . . . . . . . . . . . . . . . . . . 368 Web Interface: Move the Stack Master to a Different Unit . . . . . . . . . . 368
10 | Contents
ProSafe M4100 and M7100 Managed Switches
Chapter 20 SNMP
Add a New Community. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369 CLI: Add a New Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369 Web Interface: Add a New Community. . . . . . . . . . . . . . . . . . . . . . . . .370 Enable SNMP Trap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370 CLI: Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370 Web Interface: Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . .371 SNMP V3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .371 CLI: Configure SNMP V3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372 Web Interface: Configure SNMP V3 . . . . . . . . . . . . . . . . . . . . . . . . . . .372 sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
CLI: Configure Statistical Packet-Based Sampling of Packet Flows with sFlow374 Web Interface: Configure Statistical Packet-based Sampling with sFlow375
Time-Based Sampling of Counters with sFlow. . . . . . . . . . . . . . . . . . . . .377 CLI: Configure Time-Based Sampling of Counters with sFlow. . . . . . .377 Web Interface: Configure Time-Based Sampling of Counters with sFlow377
Chapter 21 DNS
Specify Two DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .378
CLI: Specify Two DNS Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .378
Web Interface: Specify Two DNS Servers . . . . . . . . . . . . . . . . . . . . . .378
Manually Add a Host Name and an IP Address . . . . . . . . . . . . . . . . . . . .379
CLI: Manually Add a Host Name and an IP Address . . . . . . . . . . . . . .379
Web Interface: Manually Add a Host Name and an IP Address . . . . . .379
Chapter 22 DHCP Server
Configure a DHCP Server in Dynamic Mode . . . . . . . . . . . . . . . . . . . . . .381
CLI: Configure a DHCP Server in Dynamic Mode . . . . . . . . . . . . . . . .381
Web Interface: Configure a DHCP Server in Dynamic Mode . . . . . . . .382
Configure a DHCP Reservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .384
CLI: Configure a DHCP Reservation . . . . . . . . . . . . . . . . . . . . . . . . . .385
Web Interface: Configure a DHCP Reservation . . . . . . . . . . . . . . . . . .385
Chapter 23 DHCPv6 Server
CLI: Configure DHCPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389
Web Interface: Configure an Inter-area Router . . . . . . . . . . . . . . . . . . . .390
Configure Stateless DHCPv6 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . .394
CLI: Configure Stateless DNS Server. . . . . . . . . . . . . . . . . . . . . . . . . .394
Web Interface: Configure Stateless DHCPv6 Server . . . . . . . . . . . . . .395
Chapter 24 Double VLANs and Private VLAN Groups
Double VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .398
CLI: Enable a Double VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399
Web Interface: Enable a Double VLAN . . . . . . . . . . . . . . . . . . . . . . . .399
Private VLAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402
Contents | 11
ProSafe M4100 and M7100 Managed Switches
CLI: Create a Private VLAN Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 Web Interface: Create a Private VLAN Group . . . . . . . . . . . . . . . . . . . 404
Chapter 25 Spanning Tree Protocol
Configure Classic STP (802.1d). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
CLI: Configure Classic STP (802.1d) . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Web Interface: Configure Classic STP (802.1d). . . . . . . . . . . . . . . . . . 409
Configure Rapid STP (802.1w) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
CLI: Configure Rapid STP (802.1w) . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Web Interface: Configure Rapid STP (802.1w) . . . . . . . . . . . . . . . . . . 410
Configure Multiple STP (802.1s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
CLI: Configure Multiple STP (802.1s). . . . . . . . . . . . . . . . . . . . . . . . . . 411
Web Interface: Configure Multiple STP (802.1s) . . . . . . . . . . . . . . . . . 412
Chapter 26 Tunnel
CLI: Create a Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Configure Switch GSM7328S_1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Configure Switch GSM7328S_2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Web Interface: Create a Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Configure Switch GSM7328S_1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Configure Switch GSM7328S_2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Chapter 27 IPv6 Interface Configuration
Create an IPv6 Routing Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 CLI: Create an IPv6 Routing Interface . . . . . . . . . . . . . . . . . . . . . . . . . 422 Web Interface: Create an IPv6 Routing Interface. . . . . . . . . . . . . . . . . 424 Create an IPv6 Network Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425 CLI: Configure the IPv6 Network Interface . . . . . . . . . . . . . . . . . . . . . . 426 Web Interface: Configure the IPv6 Network Interface . . . . . . . . . . . . . 426 Create an IPv6 Routing VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427 CLI: Create an IPv6 Routing VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . 427 Web Interface: Create an IPv6 VLAN Routing Interface . . . . . . . . . . . 429 Configure DHCPv6 Mode on the Routing Interface . . . . . . . . . . . . . . . . . 432 CLI: Configure DHCPv6 mode on routing interface . . . . . . . . . . . . . . . 432 Web Interface: Configure DHCPv6 mode on routing interface. . . . . . . 433
Chapter 28 PIM
PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
CLI: Configure PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Web Interface: Configure PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
CLI: Configure PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Web Interface: Configure PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
12 | Contents
ProSafe M4100 and M7100 Managed Switches
Chapter 29 DHCP L2 Relay and L3 Relay
DHCP L2 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .488
CLI: Enable DHCP L2 Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489
Web Interface: Enable DHCP L2 Relay . . . . . . . . . . . . . . . . . . . . . . . .490
DHCP L3 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .494
Configure the DHCP Server Switch . . . . . . . . . . . . . . . . . . . . . . . . . . .494
Configure a DHCP L3 Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .499
Chapter 30 MLD
Configure MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .506
CLI: Configure MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .506
Web Interface: Configure MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .508
MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .519
CLI: Configure MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .520
Web Interface: Configure MLD Snooping . . . . . . . . . . . . . . . . . . . . . . .521
Chapter 31 DVMRP
CLI: Configure DVMRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525
Web Interface: Configure DVMRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531
Chapter 32 Captive Portal
Captive Portal Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543 Enable Captive Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543 CLI: Enable Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543 Web Interface: Enable Captive Portal. . . . . . . . . . . . . . . . . . . . . . . . . .544 Client Access, Authentication, and Control . . . . . . . . . . . . . . . . . . . . . . .545 Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .546 CLI: Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . . . .546 Web Interface: Block a Captive Portal Instance . . . . . . . . . . . . . . . . . .546 Local Authorization, Create Users and Groups . . . . . . . . . . . . . . . . . . . .546 CLI: Create Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .547 Web Interface: Create Users and Groups . . . . . . . . . . . . . . . . . . . . . .547 Remote Authorization (RADIUS) User Configuration . . . . . . . . . . . . . . . .548 CLI: Configure RADIUS as the Verification Mode . . . . . . . . . . . . . . . .549 Web Interface: Configure RADIUS as the Verification Mode . . . . . . . .549 SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .550
Chapter 33 iSCSI
Enable iSCSI Awareness with VLAN Priority Tag . . . . . . . . . . . . . . . . . .552 CLI: Enable iSCSI Awareness with VLAN Priority Tag. . . . . . . . . . . . .552 Web Interface: Enable iSCSI Awareness with VLAN Priority Tag . . . .552 Enable iSCSI Awareness with DSCP . . . . . . . . . . . . . . . . . . . . . . . . . . . .553 CLI: Enable iSCSI Awareness with DSCP . . . . . . . . . . . . . . . . . . . . . .553 Web Interface: Enable iSCSI Awareness with DSCP. . . . . . . . . . . . . .553 Set the iSCSI Target Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554
Contents | 13
ProSafe M4100 and M7100 Managed Switches
CLI: Set iSCSI Target Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554 Web Interface: Set iSCSI Target Port. . . . . . . . . . . . . . . . . . . . . . . . . . 554 Show iSCSI Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 CLI: Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 Web Interface: Show iSCSI Sessions . . . . . . . . . . . . . . . . . . . . . . . . . 555
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
Index
14 | Contents
1. Documentation Resources |
1 |
|
|
||
|
|
|
Before installation, read the Release Notes for this switch product. The Release Notes detail the platform-specific functionality of the switching, routing, SNMP, configuration, management, and other packages. In addition, see the following publications:
•The NETGEAR installation guide for your switch
•Managed Switch Hardware Installation Guide
•Managed Switch Software Setup Manual
•ProSafe Managed Switch Command Line Interface (CLI) User Manual
•ProSafe® M4100/M7100 Managed Switch Web Management User Manual
Chapter 1. Documentation Resources | 15
2. VLANs |
2 |
Virtual LANs |
This chapter provides the following examples:
•Create Two VLANs on page 17
•Assign Ports to VLAN2 on page 19
•Create Three VLANs on page 20
•Assign Ports to VLAN3 on page 22
•Assign VLAN3 as the Default VLAN for Port 1/0/2 on page 24
•Create a MAC-Based VLAN on page 25
•Create a Protocol-Based VLAN on page 28
•Virtual VLANs: Create an IP Subnet–Based VLAN on page 31
•Voice VLANs on page 33
•Private VLANs on page 44
•Assign Private-VLAN Types (Primary, Isolated, Community) on page 46
•Configure Private-VLAN Association on page 48
•Configure Private-VLAN Port Mode (Promiscuous, Host) on page 49
•Configure Private-VLAN Host Ports on page 50
•Map Private-VLAN Promiscuous Port on page 52
Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast. Like a router, it partitions the network into logical segments, which provides better administration, security, and management of multicast traffic.
A VLAN is a set of end stations and the switch ports that connect them. You can have different reasons for the logical division, such as department or project membership. The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN.
Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. An end station might omit the tag, or the VLAN portion of the tag, in which case the first switch port to receive the packet can either reject it or insert a tag using its default VLAN ID. A given port can handle traffic for more than one VLAN, but it can support only one default VLAN ID.
Chapter 2. VLANs | 16
ProSafe M4100 and M7100 Managed Switches
The Private Edge VLAN feature lets you set protection between ports located on the switch. This means that a protected port cannot forward traffic to another protected port on the same switch. The feature does not provide protection between ports located on different switches.
The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. Port 1/0/2 handles traffic for both VLANs, while port 1/0/1 is a member of VLAN 2 only, and ports 1/0/3 and 1/0/4 are members of VLAN 3 only. The script following the diagram shows the commands you would use to configure the switch as shown in the diagram.
Layer 3 switch
Port 1/0/2 VLAN |
Port 1/0/3 VLAN |
Router Port 1/3/1 |
Router Port 1/3/2 |
192.150.3.1 |
192.150.4.1 |
|
Port 1/0/1 |
Layer 2 |
Layer 2 |
Switch |
Switch |
VLAN 10 |
VLAN 20 |
Figure 1. Switch with 4 ports configured for traffic from 2 VLANs
The following examples show how to create VLANs, assign ports to the VLANs, and assign a VLAN as the default VLAN to a port.
Create Two VLANs
The example is shown as CLI commands and as a Web interface procedure.
CLI: Create Two VLANS
Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank.
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan 3 (Netgear Switch) (Vlan)#exit
Chapter 2. VLANs | 17
ProSafe M4100 and M7100 Managed Switches
Web Interface: Create Two VLANS
1.Create VLAN2.
a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays.
b.Enter the following information:
•In the VLAN ID field, enter 2.
•In the VLAN Name field, enter VLAN2.
•In the VLAN Type list, select Static.
c.Click Add.
2.Create VLAN3.
a.Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays.
b.Enter the following information:
•In the VLAN ID field, enter 3.
•In the VLAN Name field, enter VLAN3.
•In the VLAN Type list, select Static.
c.Click Add.
18 | Chapter 2. VLANs
ProSafe M4100 and M7100 Managed Switches
Assign Ports to VLAN2
This sequence shows how to assign ports to VLAN2, and to specify that frames will always be transmitted tagged from all member ports and that untagged frames will be rejected on receipt.
CLI: Assign Ports to VLAN2
(Netgear Switch) #config
(Netgear Switch) (Config)#interface range 1/0/1-1/0/2
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2
(Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#vlan port tagging all 2 (Netgear Switch) (Config)#
Web Interface: Assign Ports to VLAN2
1.Assign ports to VLAN2.
a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays.
b.In the VLAN ID list, select 2.
c.Click Unit 1. The ports display.
d.Click the gray boxes under ports 1 and 2 until T displays. The T specifies that the egress packet is tagged for the ports.
e.Click Apply to save the settings.
2.Specify that only tagged frames will be accepted on ports 1/0/1 and 1/0/2.
a.Select Switching > VLAN > Advanced > Port PVID Configuration.
Chapter 2. VLANs | 19
ProSafe M4100 and M7100 Managed Switches
A screen similar to the following displays.
b.Under PVID Configuration, scroll down and select the check box for Interface 1/0/1. Then scroll down and select the Interface 1/0/2 check box.
c.Enter the following information:
•In the Acceptable Frame Type polyhedron list, select VLAN Only.
•In the PVID (1 to 4093) field, enter 2.
d.Click Apply to save the settings.
Create Three VLANs
The example is shown as CLI commands and as a Web interface procedure.
CLI: Create Three VLANS
Use the following commands to create three VLANs and to assign the VLAN IDs while leaving the names blank.
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 100 (Netgear Switch) (Vlan)#vlan 101 (Netgear Switch) (Vlan)#vlan 102 (Netgear Switch) (Vlan)#exit
Web Interface: Create Three VLANS
1.Create VLAN100.
a. Select Switching > VLAN > Basic > VLAN Configuration.
20 | Chapter 2. VLANs
ProSafe M4100 and M7100 Managed Switches
A screen similar to the following displays.
b.Enter the following information:
•In the VLAN ID field, enter 100.
•In the VLAN Name field, enter VLAN100.
c.Click Add.
2.Create VLAN101.
a.Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays.
b.Enter the following information:
•In the VLAN ID field, enter 101.
•In the VLAN Name field, enter VLAN101.
c.Click Add.
Chapter 2. VLANs | 21
ProSafe M4100 and M7100 Managed Switches
3.Create VLAN102.
a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays.
b.Enter the following information:
•In the VLAN ID field, enter 102.
•In the VLAN Name field, enter VLAN102.
c.Click Add.
Assign Ports to VLAN3
This example shows how to assign the ports that will belong to VLAN 3, and to specify that untagged frames will be accepted on port 1/0/4. Note that port 1/0/2 belongs to both VLANs and that port 1/0/1 can never belong to VLAN 3.
CLI: Assign Ports to VLAN3
(Netgear Switch) (Config)#interface range 1/0/2-1/0/4
(Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit
(Netgear Switch) (Config)#interface 1/0/4
(Netgear Switch) (Interface 1/0/4)#vlan acceptframe all (Netgear Switch) (Interface 1/0/4)#exit
(Netgear Switch) (Config)#exit
22 | Chapter 2. VLANs
ProSafe M4100 and M7100 Managed Switches
Web Interface: Assign Ports to VLAN3
1.Assign ports to VLAN3.
a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays.
b.In the VLAN ID list, select 3.
c.Click Unit 1. The ports display.
d.Click the gray boxes under ports 2, 3, and 4 until T displays. The T specifies that the egress packet is tagged for the ports.
e.Click Apply to save the settings.
2.Specify that untagged frames will be accepted on port 1/0/4.
a.Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays.
b.Scroll down and select the Interface 1/0/4 check box. Now 1/0/4 appears in the Interface field at the top.
c.In the Acceptable Frame Types list, select Admit All.
d.Click Apply to save the settings.
Chapter 2. VLANs | 23
ProSafe M4100 and M7100 Managed Switches
Assign VLAN3 as the Default VLAN for Port 1/0/2
This example shows how to assign VLAN 3 as the default VLAN for port 1/0/2.
CLI: Assign VLAN3 as the Default VLAN for Port 1/0/2
(Netgear Switch) #config
(Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#vlan pvid 3 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit
Web Interface: Assign VLAN3 as the Default VLAN for Port 1/0/2
1.Assign VLAN3 as the default VLAN for port 1/0/2.
a.Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays.
b.Under PVID Configuration, scroll down and select the Interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top.
c.In the PVID (1 to 4093) field, enter 3.
d.Click Apply to save the settings.
24 | Chapter 2. VLANs
ProSafe M4100 and M7100 Managed Switches
Create a MAC-Based VLAN
The MAC-based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet.
You define a MAC to VLAN mapping by configuring an entry in the MAC to VLAN table. An entry is specified using a source MAC address and the appropriate VLAN ID. The MAC to VLAN configurations are shared across all ports of the device (i.e., there is a system-wide table that has MAC address to VLAN ID mappings).
When untagged or priority tagged packets arrive at the switch and entries exist in the MAC to VLAN table, the source MAC address of the packet is looked up. If an entry is found, the corresponding VLAN ID is assigned to the packet. If the packet is already priority tagged it will maintain this value; otherwise, the priority will be set to 0 (zero). The assigned VLAN ID is verified against the VLAN table. If the VLAN is valid, ingress processing on the packet continues; otherwise, the packet is dropped. This implies that you can configure a MAC address mapping to a VLAN that has not been created on the system.
CLI: Create a MAC-Based VLAN
1. Create VLAN3.
(Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 3 (Netgear Switch)(Vlan)#exit
2. Add port 1/0/23 to VLAN3.
(Netgear Switch)#config
(Netgear Switch)(Config)#interface 1/0/23
(Netgear Switch)(Interface 1/0/23)#vlan participation include 3 (Netgear Switch)(Interface 1/0/23)#vlan pvid 3
(Netgear Switch)(Interface 1/0/23)#exit
Chapter 2. VLANs | 25
ProSafe M4100 and M7100 Managed Switches
3. Map MAC 00:00:0A:00:00:02 to VLAN3.
(Netgear Switch)(Config)#exit (Netgear Switch)#vlan data
(Netgear Switch)(Vlan)#vlan association mac 00:00:00A:00:00:02 3 (Netgear Switch)(Vlan)#exit
4. Add all the ports to VLAN3.
(Netgear Switch)#config
(Netgear Switch)(Config)#interface range 1/0/1-1/0/28
(Netgear Switch)(conf-if-range-1/0/1-1/0/28)#vlan participation include 3 (Netgear Switch)(conf-if-range-1/0/1-1/0/28)#exit
(Netgear Switch)(Config)#exit
Web Interface: Assign a MAC-Based VLAN
1.Create VLAN3.
a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays.
b.Enter the following information:
•In the VLAN ID field, enter 3.
•In the VLAN Name field, enter VLAN3.
•In the VLAN Type list, select Static.
c.Click Add.
2.Assign ports to VLAN3.
a.Select Switching > VLAN > Advanced > VLAN Membership.
26 | Chapter 2. VLANs
ProSafe M4100 and M7100 Managed Switches
A screen similar to the following displays.
b.In the VLAN ID list, select 3.
c.Click Unit 1. The ports display.
d.Click the gray box before Unit 1 until U displays.
e.Click Apply.
3.Assign VPID3 to port 1/0/23.
a.Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays.
b.Scroll down and select the 1/0/23 check box.
c.In the PVID (1 to 4093) field, enter 3.
d.Click Apply to save the settings.
4.Map the specific MAC to VLAN3.
a.Select Switching > VLAN > Advanced > MAC based VLAN. A screen similar to the following displays.
Chapter 2. VLANs | 27
ProSafe M4100 and M7100 Managed Switches
b.Enter the following information:
•In the MAC Address field, enter 00:00:0A:00:00:02.
•In the PVID (1 to 4093) field, enter 3.
c.Click Add.
Create a Protocol-Based VLAN
Create two protocol VLAN groups. One is for IPX and the other is for IP/ARP. The untagged IPX packets are assigned to VLAN 4, and the untagged IP/ARP packets are assigned to VLAN 5.
CLI: Create a Protocol-Based VLAN
1. Create a VLAN protocol group vlan_ipx based on IPX protocol.
(Netgear Switch)#config
(Netgear Switch)(Config)#vlan protocol group vlan_ipx
(Netgear Switch)(Config)#vlan protocol group add protocol 1 ipx
2. Create a VLAN protocol group vlan_ipx based on IP/ARP protocol.
(Netgear Switch)(Config)#vlan protocol group vlan_ip
(Netgear Switch)(Config)#vlan protocol group add protocol 2 ip (Netgear Switch)(Config)#vlan protocol group add protocol 2 arp (Netgear Switch)(Config)#exit
3. Assign VLAN protocol group 1 to VLAN 4.
(Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 4 (Netgear Switch)(Vlan)#vlan 5
(Netgear Switch)(Vlan)#protocol group 1 4
4. Assign VLAN protocol group 2 to VLAN 5.
(Netgear Switch)(Vlan)#protocol group 2 5
28 | Chapter 2. VLANs
ProSafe M4100 and M7100 Managed Switches
5. Enable protocol VLAN group 1 and 2 on the interface.
(Netgear Switch)(Vlan)#exit (Netgear Switch)#config
(Netgear Switch)(Config)#interface 1/0/11
(Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 2 (Netgear Switch)(Interface 1/0/11)#exit
Web Interface: Create a Protocol-Based VLAN
1.Create the protocol-based VLAN group vlan_ipx.
a.Select Switching > VLAN > Advanced > Protocol Based VLAN Group Configuration.
A screen similar to the following displays.
Enter the following information:
•In the Group Name field, enter vlan_ipx.
•In the Protocol list, select IPX.
•In the VLAN ID field, enter 4.
b.Click Add.
2.Create the protocol-based VLAN group vlan_ip.
a.Select Switching > VLAN >Advanced > Protocol Based VLAN Group Configuration.
A screen similar to the following displays.
Chapter 2. VLANs | 29
ProSafe M4100 and M7100 Managed Switches
b.Enter the following information:
•In the Group Name field, enter vlan_ip.
•In the Protocol list, select IP and ARP while holding down the Ctrl key.
•In the VLAN field, enter 5.
c.Click Add.
3.Add port 11 to the group vlan_ipx.
a.Select Switching > VLAN > Advanced > Protocol Based VLAN Group Membership.
A screen similar to the following displays.
b.In the Group ID list, select 1.
c.Click the gray box under port 11. A check mark displays in the box.
d.Click the Apply button.
4.Add port 11 to the group vlan_ip.
a.Select Switching > VLAN > Advanced > Protocol Based VLAN Group Membership.
A screen similar to the following displays.
b.In the Group ID list, select 2.
c.Click the gray box under port 11. A check mark displays in the box.
d.Click Apply.
30 | Chapter 2. VLANs
Loading...