How it Works
Netgear
Loading...
M7300
User Manual
537 pgs10.38 Mb0
Installation Manual
36 pgs705.37 Kb0
Installation Manual [fr]
14 pgs2.73 Mb0
Administration Manual
498 pgs29.34 Mb0
Installation Manual
30 pgs908.19 Kb0
Installation Manual
714 pgs3.12 Mb0
Installation Manual
2 pgs507.19 Kb0
Table of contents
Loading...

Netgear M7300 Administration Manual

ProSafe Managed Switch

Software Administration Manual
9.0.1 XSM7224S
350 East Plumeria Drive San Jose, CA 95134 USA
July 2011 202-10515-05
ProSafe Managed Switch
©2011 NETGEAR, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means without the written permission of NETGEAR, Inc.
Technical Support
Thank you for choosing NETGEAR. To register your product, get the latest product updates, or get support online, visit us at http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR Phone (Other Countries): See Support information card.
Trademarks
NETGEAR, the NETGEAR logo, ReadyNAS, ProSafe, Smart Wizard, Auto Uplink, X-RAID2, and NeoTV are trademarks or registered trademarks of NETGEAR, Inc. Microsoft, Windows, Windows NT, and Vista are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use, or application of, the product(s) or circuit layout(s) described herein.
Revision History
Publication Part Number
202-10515-05 v1.0 July 2011 Add DHCPv6 and DHCPv6 mode features. 202-10515-04 v1.0 November 2010 New document template. 202-10515-03 v 1.0 June 2010 Move some content to the Software Setup
202-10515-02 Software release 8.0.2: new firmware with
202-10515-01 Original publication.
Version Publish Date Comments
Guide.
DHCP L3 Relay, color conform policy, DHCP server in dynamic mode, and configuring a stacking port as an Ethernet port.
2 |

Table of Contents

Chapter 1 Documentation Resources Chapter 2 VLANs
Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Assign Ports to VLAN2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Assign Ports to VLAN3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Assign VLAN3 as the Default VLAN for Port 1/0/2. . . . . . . . . . . . . . . . . . .15
Create a MAC-Based VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Create a Protocol-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Virtual VLANs: Create an IP Subnet–Based VLAN . . . . . . . . . . . . . . . . . .21
Voice VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Chapter 3 LAGs
Create Two LAGs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Add Ports to LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Enable Both LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Chapter 4 Port Routing
Port Routing Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Enable Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Enable Routing for Ports on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Add a Default Route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Add a Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Chapter 5 VLAN Routing
Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Set Up VLAN Routing for the VLANs and the Switch. . . . . . . . . . . . . . . . .52
Chapter 6 RIP
Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Routing for Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
RIP for the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
RIP for Ports 1/0/2 and 1/0/3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
VLAN Routing with RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Chapter 7 OSPF
Contents | 3
ProSafe Managed Switch
Inter-area Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
OSPF on a Border Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Stub Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
nssa Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
VLAN Routing OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Chapter 8 ARP
Proxy ARP Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Chapter 9 VRRP
VRRP on a Master Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
VRRP on a Backup Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Chapter 10 ACLs
Set Up an IP ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
One-Way Access Using a TCP Flag in an ACL . . . . . . . . . . . . . . . . . . . .117
Use ACLs to Configure Isolated VLANs on a Layer 3 Switch . . . . . . . . .132
Set up a MAC ACL with Two Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
ACL Mirroring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147
ACL Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
Configure IPv6 ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Chapter 11 CoS Queuing
CoS Queue Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
CoS Queue Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Show classofservice Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Set classofservice Trust Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
Show classofservice IP-Precedence Mapping. . . . . . . . . . . . . . . . . . . . .168
Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode169
Set CoS Trust Mode for an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Configure Traffic Shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Chapter 12 DiffServ
DiffServ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
DiffServ for VoIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190
Auto VoIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
DiffServ for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
Color Conform Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208
Chapter 13 IGMP Snooping and Querier
IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
Show igmpsnooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217
Show mac-address-table igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . .218
4 | Contents
ProSafe Managed Switch
External Multicast Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219
Multicast Router Using VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220
IGMP Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221
Enable IGMP Querier. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Show IGMP Querier Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Chapter 14 Security Management
Port Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226
Set the Dynamic and Static Limit on Port 1/0/1 . . . . . . . . . . . . . . . . . . . .227
Convert the Dynamic Address Learned from 1/0/1 to a Static Address. .229
Create a Static Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230
Protected Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230
802.1x Port Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Create a Guest VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Assign VLANs Using RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248
Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
Static Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
DHCP Snooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262
Enter Static Binding into the Binding Database . . . . . . . . . . . . . . . . . . . .265
Maximum Rate of DHCP Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . .266
IP Source Guard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268
Chapter 15 SNTP
Show SNTP (CLI Only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273
Configure SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275
Set the Time Zone (CLI Only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277
Set the Named SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277
Chapter 16 Tools
Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280
Configuration Scripting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282
Pre-Login Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285
Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
Dual Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287
Outbound Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290
Chapter 17 Syslog
Show Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .295
Show Logging Buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
Show Logging Traplogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .298
Show Logging Hosts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
Configure Logging for a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300
Chapter 18 Switch Stacks
Switch Stack Management and Connectivity . . . . . . . . . . . . . . . . . . . . . .302
Contents | 5
ProSafe Managed Switch
The Stack Master and Stack Members . . . . . . . . . . . . . . . . . . . . . . . . . .303
Install and Power-up a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305
Switch Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306
Configure a Stacking Port as an Ethernet Port . . . . . . . . . . . . . . . . . . . .308
Stack Switches Using 10G Fiber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311
Add, Remove, or Replace a Stack Member. . . . . . . . . . . . . . . . . . . . . . .314
Switch Stack Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316
Preconfigure a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317
Renumber Stack Members. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318
Move the Stack Master to a Different Unit . . . . . . . . . . . . . . . . . . . . . . . .320
Chapter 19 SNMP
Add a New Community. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321
Enable SNMP Trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
SNMP V3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323
sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325
Time-Based Sampling of Counters with sFlow. . . . . . . . . . . . . . . . . . . . .329
Chapter 20 DNS
Specify Two DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330
Manually Add a Host Name and an IP Address. . . . . . . . . . . . . . . . . . . .331
Chapter 21 DHCP Server
Configure a DHCP Server in Dynamic Mode. . . . . . . . . . . . . . . . . . . . . .333
Configure a DHCP Reservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336
Chapter 22 DHCPv6 Server
CLI: Configure DHCPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341
Web Interface: Configure an Inter-area Router . . . . . . . . . . . . . . . . . . . .342
Chapter 23 Double VLANs and Private VLAN Groups
Double VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347
Private VLAN Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .351
Chapter 24 Spanning Tree Protocol
Configure Classic STP (802.1d). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358
Configure Rapid STP (802.1w) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360
Configure Multiple STP (802.1s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361
6 | Contents
Chapter 25 Tunnel
CLI: Create a Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Web Interface: Create a Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367
ProSafe Managed Switch
Chapter 26 IPv6 Interface Configuration
Create an IPv6 Routing Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
Create an IPv6 Network Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Create an IPv6 Routing VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377
Configure DHCPv6 Mode on the Routing Interface . . . . . . . . . . . . . . . . .382
Chapter 27 PIM
PIM-DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385
PIM-SM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409
Chapter 28 DHCP L2 Relay and L3 Relay
DHCP L2 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436
DHCP L3 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442
Confige a DHCP L3 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .446
Chapter 29 MLD
Configure MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .451
MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .464
Chapter 30 DVMRP
CLI: Configure DVMRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470
Web Interface: Configure DVMRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .476
Chapter 31 Captive Portal
Captive Portal Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .488
Enable Captive Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .488
Client Access, Authentication, and Control . . . . . . . . . . . . . . . . . . . . . . .490
Block a Captive Portal Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .491
Local Authorization, Create Users and Groups . . . . . . . . . . . . . . . . . . . .491
Remote Authorization (RADIUS) User Configuration. . . . . . . . . . . . . . . .493
SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .495
Index
Contents | 7

1. Documentation Resources

Before installation, read the Release Notes for this switch product. The Release Notes detail the platform-specific functionality of the switching, routing, SNMP, configuration, management, and other packages. In addition, see the following publications:
The NETGEAR installation guide for your switch
Hardware Installation Guide
Software Setup Guide
NETGEAR CLI Reference for the Prosafe 7X00 Series Managed Switch. Refer to the
Command Line Reference for information about the command structure. There are different documents in this series; choose the appropriate one for your product.
- The Command Line Reference provides information about the CLI commands used
to configure the switch and the stack. The document provides CLI descriptions, syntax, and default values.
- The ProSafe Managed Stackable Switch CLI Manual provides information about the
CLI commands used to configure the switch. The document provides CLI descriptions, syntax, and default values.
1
Chapter 1. Documentation Resources | 8

2. VLANs

Virtual LANs
This chapter provides the following examples:
Create Two VLANs on page 10
Assign Ports to VLAN2 on page 12
Assign Ports to VLAN3 on page 13
Assign VLAN3 as the Default VLAN for Port 1/0/2 on page 15
Create a MAC-Based VLAN on page 16
Create a Protocol-Based VLAN on page 19
Virtual VLANs: Create an IP Subnet–Based VLAN on page 21
Voice VLANs on page 24
Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast. Like a router, it partitions the network into logical segments, which provides better administration, security, and management of multicast traffic.
A VLAN is a set of end stations and the switch ports that connect them. You can have different reasons for the logical division, such as department or project membership. The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN.
2
Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. An end station might omit the tag, or the VLAN portion of the tag, in which case the first switch port to receive the packet can either reject it or insert a tag using its default VLAN ID. A given port can handle traffic for more than one VLAN, but it can support only one default VLAN ID.
The Private Edge VLAN feature lets you set protection between ports located on the switch. This means that a protected port cannot forward traffic to another protected port on the same switch. The feature does not provide protection between ports located on different switches.
The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. Port 1/0/2 handles traffic for both VLANs, while port 1/0/1 is a member of VLAN 2 only,
Chapter 2. VLANs | 9
ProSafe Managed Switch
and ports 1/0/3 and 1/0/4 are members of VLAN 3 only. The script following the diagram shows the commands you would use to configure the switch as shown in the diagram.
Layer 3 switch
Port 1/0/2 VLAN Router Port 1/3/1
192.150.3.1
Port 1/0/1
Layer 2 Switch
VLAN 10 VLAN 20
Figure 1. Switch with 4 ports configured for traffic from 2 VLANs
Port 1/0/3 VLAN Router Port 1/3/2
192.150.4.1
Layer 2 Switch
The following examples show how to create VLANs, assign ports to the VLANs, and assign a VLAN as the default VLAN to a port.

Create Two VLANs

The example is shown as CLI commands and as a Web interface procedure.

CLI: Create Two VLANS

Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank.
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan 3 (Netgear Switch) (Vlan)#exit

Web Interface: Create Two VLANS

1. Create VLAN2.
10 | Chapter 2. VLANs
ProSafe Managed Switch
a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the
following displays.
b. Enter the following information:
In the VLAN ID field, enter 2.
In the VLAN Name field, enter VLAN2.
In the VLAN Type list, select Static.
c. Click Add.
2. Create VLAN3.
a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the
following displays.
b. Enter the following information:
In the VLAN ID field, enter 3.
In the VLAN Name field, enter VLAN3.
In the VLAN Type list, select Static.
c. Click Add.
Chapter 2. VLANs | 11
ProSafe Managed Switch

Assign Ports to VLAN2

This sequence shows how to assign ports to VLAN2, and to specify that frames will always be transmitted tagged from all member ports and that untagged frames will be rejected on receipt.

CLI: Assign Ports to VLAN2

(Netgear Switch) #config (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#vlan port tagging all 2 (Netgear Switch) (Config)#

Web Interface: Assign Ports to VLAN2

1. Assign ports to VLAN2.
a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the
following displays.
b. In the VLAN ID list, select 2. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 1 and 2 until T displays. The T specifies that the
egress packet is tagged for the ports.
e. Click Apply to save the settings.
2. Specify that only tagged frames will be accepted on ports 1/0/1 and 1/0/2.
12 | Chapter 2. VLANs
ProSafe Managed Switch
a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar
to the following displays.
b. Under PVID Configuration, scroll down and select the check box for Interface 1/0/1.
Then scroll down and select the Interface 1/0/2 check box.
c. Enter the following information:
In the Acceptable Frame Type polyhedron list, select VLAN Only.
In the PVID (1 to 4093) field, enter 2.
d. Click Apply to save the settings.

Assign Ports to VLAN3

This example shows how to assign the ports that will belong to VLAN 3, and to specify that untagged frames will be accepted on port 1/0/4. Note that port 1/0/2 belongs to both VLANs and that port 1/0/1 can never belong to VLAN 3.

CLI: Assign Ports to VLAN3

(Netgear Switch) (Config)#interface range 1/0/2-1/0/4 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#vlan participation include 3 (Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#vlan acceptframe all (Netgear Switch) (Interface 1/0/4)#exit (Netgear Switch) (Config)#exit
Chapter 2. VLANs | 13
ProSafe Managed Switch

Web Interface: Assign Ports to VLAN3

1. Assign ports to VLAN3.
a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the
following displays.
b. In the VLAN ID list, select 3. c. Click Unit 1. The ports display. d. Click the gray boxes under ports 2, 3 and 4 until T displays. The T specifies that the
egress packet is tagged for the ports.
e. Click Apply to save the settings.
2. Specify that untagged frames will be accepted on port 1/0/4.
a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar
to the following displays.
b. Scroll down and select the Interface 1/0/4 check box. Now 1/0/4 appears in the
Interface field at the top.
c. In the Acceptable Frame Types list, select Admit All. d. Click Apply to save the settings.
14 | Chapter 2. VLANs
ProSafe Managed Switch

Assign VLAN3 as the Default VLAN for Port 1/0/2

This example shows how to assign VLAN 3 as the default VLAN for port 1/0/2.

CLI: Assign VLAN3 as the Default VLAN for Port 1/0/2

(Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#vlan pvid 3 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit

Web Interface: Assign VLAN3 as the Default VLAN for Port 1/0/2

1. Assign VLAN3 as the default VLAN for port 1/0/2.
a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar
to the following displays.
b. Under PVID Configuration, scroll down and select the Interface 1/0/2 check box.
Now 1/0/2 appears in the Interface field at the top.
c. In the PVID (1 to 4093) field, enter 3. d. Click Apply to save the settings.
Chapter 2. VLANs | 15
ProSafe Managed Switch

Create a MAC-Based VLAN

The MAC-based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet.
You define a MAC to VLAN mapping by configuring an entry in the MAC to VLAN table. An entry is specified using a source MAC address and the appropriate VLAN ID. The MAC to VLAN configurations are shared across all ports of the device (i.e., there is a system-wide table that has MAC address to VLAN ID mappings).
When untagged or priority tagged packets arrive at the switch and entries exist in the MAC to VLAN table, the source MAC address of the packet is looked up. If an entry is found, the corresponding VLAN ID is assigned to the packet. If the packet is already priority tagged it will maintain this value; otherwise, the priority will be set to 0 (zero). The assigned VLAN ID is verified against the VLAN table. If the VLAN is valid, ingress processing on the packet continues; otherwise, the packet is dropped. This implies that you can configure a MAC address mapping to a VLAN that has not been created on the system.

CLI: Create a MAC-Based VLAN

1. Create VLAN3
(Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 3 (Netgear Switch)(Vlan)#exit
2. Add port 1/0/23 to VLAN3.
(Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/23 (Netgear Switch)(Interface 1/0/23)#vlan participation include 3 (Netgear Switch)(Interface 1/0/23)#vlan pvid 3 (Netgear Switch)(Interface 1/0/23)#exit
.
16 | Chapter 2. VLANs
ProSafe Managed Switch
3. Map MAC 00:00:0A:00:00:02 to VLAN3.
(Netgear Switch)(Config)#exit (Netgear Switch)#vlan data (Netgear Switch)(Vlan)#vlan association mac 00:00:00A:00:00:02 3 (Netgear Switch)(Vlan)#exit
4. Add all the ports to VLAN3.
(Netgear Switch)#config (Netgear Switch)(Config)#interface range 1/0/1-1/0/28 (Netgear Switch)(conf-if-range-1/0/1-1/0/28)#vlan participation include 3 (Netgear Switch)(conf-if-range-1/0/1-1/0/28)#exit (Netgear Switch)(Config)#exit

Web Interface: Assign a MAC-Based VLAN

1. Create VLAN3.
a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the
following displays.
b. Enter the following information:
In the VLAN ID field, enter 3.
In the VLAN Name field, enter VLAN3.
In the VLAN Type list, select Static.
c. Click Add.
2. Assign ports to VLAN3.
Chapter 2. VLANs | 17
ProSafe Managed Switch
a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the
following displays.
b. In the VLAN ID list, select 3. c. Click Unit 1. The ports display. d. Click the gray box before Unit 1 until U displays. e. Click Apply.
3. Assign VPID3 to port 1/0/23.
a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar
to the following displays.
b. Scroll down and select the 1/0/23 check box. c. In the PVID (1 to 4093) field, enter 3. d. Click Apply to save the settings.
4. Map the specific MAC to VLAN3.
a. Select Switching > VLAN > Advanced > MAC based VLAN. A screen similar to the
following displays.
18 | Chapter 2. VLANs
ProSafe Managed Switch
b. Enter the following information:
In the MAC Address field, enter 00:00:0A:00:00:02.
In the PVID (1 to 4093) field, enter 3.
c. Click Add.

Create a Protocol-Based VLAN

Create two protocol VLAN groups. One is for IPX, and the other is for IP/ARP. The untagged IPX packets are assigned to VLAN 4, and the untagged IP/ARP packets are assigned to VLAN 5.

CLI: Create a Protocol-Based VLAN

1. Create a VLAN protocol group vlan_ipx based on IPX protocol.
(Netgear Switch)#config (Netgear Switch)(Config)#vlan protocol group vlan_ipx (Netgear Switch)(Config)#vlan protocol group add protocol 1 ipx
2. Create a VLAN protocol group vlan_ipx based on IP/ARP protocol.
(Netgear Switch)(Config)#vlan protocol group vlan_ip (Netgear Switch)(Config)#vlan protocol group add protocol 2 ip (Netgear Switch)(Config)#vlan protocol group add protocol 2 arp (Netgear Switch)(Config)#exit
3. Assign VLAN protocol group 1 to VLAN 4.
(Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 4 (Netgear Switch)(Vlan)#vlan 5 (Netgear Switch)(Vlan)#protocol group 1 4
4. Assign VLAN protocol group 2 to VLAN 5.
(Netgear Switch)(Vlan)#protocol group 2 5
Chapter 2. VLANs | 19
ProSafe Managed Switch
5. Enable protocol VLAN group 1 and 2 on the interface.
(Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 2 (Netgear Switch)(Interface 1/0/11)#exit

Web Interface: Create a Protocol-Based VLAN

1. Create the protocol-based VLAN group vlan_ipx.
a. Select Switching > VLAN > Advanced > Protocol Based VLAN Group
Configuration. A screen similar to the following displays.
Enter the following information:
In the Group Name field, enter vlan_ipx.
In the Protocol list, select IPX.
In the VLAN ID field, enter 4.
b. Click Add.
2. Create the protocol-based VLAN group vlan_ip.
a. Select Switching > VLAN >Advanced > Protocol Based VLAN Group
Configuration. A screen similar to the following displays.
b. Enter the following information:
In the Group Name field, enter vlan_ip.
In the Protocol list, select IP and ARP while holding down the Ctrl key.
20 | Chapter 2. VLANs
ProSafe Managed Switch
In the VLAN field, enter 5.
c. Click Add.
3. Add port 11 to the group vlan_ipx.
a. Select Switching > VLAN > Advanced > Protocol Based VLAN Group
Membership. A screen similar to the following displays.
b. In the Group ID list, select 1. c. Click the gray box under port 11. A check mark displays in the box. d. Click the Apply button.
4. Add port 11 to the group vlan_ip.
a. Select Switching > VLAN > Advanced > Protocol Based VLAN Group
Membership. A screen similar to the following displays
.
b. In the Group ID list, select 2. c. Click the gray box under port 11. A check mark displays in the box. d. Click Apply.

Virtual VLANs: Create an IP Subnet–Based VLAN

In an IP subnet–based VLAN, all the end workstations in an IP subnet are assigned to the same VLAN. In this VLAN, users can move their workstations without reconfiguring their network addresses. IP subnet VLANs are based on Layer 3 information from packet headers. The switch makes use of the network-layer address (for example, the subnet address for TCP/IP networks) in determining VLAN membership. If a packet is untagged or priority tagged, the switch associates the packet with any matching IP subnet classification. If no IP
Chapter 2. VLANs | 21
ProSafe Managed Switch
subnet classification can be made, the packet is subjected to the normal VLAN classification rules of the switch. This IP subnet capability does not imply a routing function or that the VLAN is routed. The IP subnet classification feature affects only the VLAN assignment of a packet. Appropriate 802.1Q VLAN configuration must exist in order for the packet to be switched.
1/0/1
PC 1 PC 2
10.100.5.1 10.100.5.30
Switch
1/0/24
Figure 2. IP subnet–based VLAN

CLI: Create an IP Subnet–Based VLAN

(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#vlan association subnet 10.100.0.0 255.255.0.0 2000 (Netgear Switch) (Vlan)#exit
Create an IP subnet–based VLAN 2000.
(Netgear Switch) #config (Netgear Switch) (Config)#interface range 1/0/1-1/0/24 (Netgear Switch) (conf-if-range-1/0/1-1/0/24)# vlan participation include 2000 (Netgear Switch) (conf-if-range-1/0/1-1/0/24)#exit (Netgear Switch) (Config)#
Assign all the ports to VLAN 2000.
(Netgear Switch) #show mac-addr-table vlan 2000 MAC Address Interface Status
----------------- --------- -----------­00:00:24:58:F5:56 1/0/1 Learned 00:00:24:59:00:62 1/0/24 Learned
22 | Chapter 2. VLANs
ProSafe Managed Switch

Web Interface: Create an IP Subnet–Based VLAN

1. Create VLAN 2000.
a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the
following displays.
b. Enter the following information:
In the VLAN ID field, enter 2000.
In the VLAN Type list, select Static.
c. Click Add.
2. Assign all the ports to VLAN 2000.
a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to
the following displays.
b. In the VLAN ID list, select 2000. c. Click Unit 1. The ports display. d. Click the gray box before Unit 1 until U displays. e. Click Apply.
3. Associate the IP subnet with VLAN 2000.
Chapter 2. VLANs | 23
ProSafe Managed Switch
a. Select Switching > VLAN > Advanced > IP Subnet Based VLAN. A screen similar
to the following displays.
b. Enter the following information:
In the IP Address field, enter 10.100.0.0.
In the Subnet Mask field, enter 255.255.0.0.
In the VLAN (1 to 4093) field, enter 2000.
c. Click Add.

Voice VLANs

The voice VLAN feature enables switch ports to carry voice traffic with defined priority to enable separation of voice and data traffic coming onto port. Voice VLAN ensures that the sound quality of an IP phone does not deteriorate when the data traffic on the port is high. Also, the inherent isolation provided by VLANs ensures that inter-VLAN traffic is under
24 | Chapter 2. VLANs
ProSafe Managed Switch
management control and that clients attached to the network cannot initiate a direct attack on voice components.
PBX
1/0/1
GSM73xxS
1/0/2
VoIP phone
PC
1/0/3
VoIP phone
PC
Voice traffic Data traffic
Figure 3. Voice VLAN
The script in this section shows how to configure Voice VLAN and prioritize the voice traffic. Here the Voice VLAN mode is in VLAN ID 10.

CLI: Configure Voice VLAN and Prioritize Voice Traffic

1. Create VLAN 10.
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#exit
Chapter 2. VLANs | 25
ProSafe Managed Switch
2. Include the ports 1/0/1 and 1/0/2 in VLAN 10.
(Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan tagging 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit
3. Configure Voice VLAN globally.
(Netgear Switch) (Config)# voice vlan
4. Configure Voice VLAN mode in the interface 1/0/2.
(Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#voice vlan 10 (Netgear Switch) (Interface 1/0/2)#exit
5. Create the DiffServ class ClassVoiceVLAN.
(Netgear Switch) (Config)#class-map match-all ClassVoiceVLAN
6. Configure VLAN 10 as the matching criteria for the class.
(Netgear Switch) (Config-classmap)#match vlan 10
7. Create the DiffServ policy PolicyVoiceVLAN.
(Netgear Switch) (Config)#policy-map PolicyVoiceVLAN in
8. Map the policy and class and assign them to the higher-priority queue.
(Netgear Switch) (Config-policy-map)#class ClassVoiceVLAN (Netgear Switch) (Config-policy-classmap)#assign-queue 3 (Netgear Switch) (Config-policy-classmap)#exit
9. Assign it to interfaces 1/0/1 and 1/0/2.
(Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)# service-policy in PolicyVoiceVLAN
26 | Chapter 2. VLANs
ProSafe Managed Switch

Web Interface: Configure Voice VLAN and Prioritize Voice Traffic

1. Create VLAN 10.
a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the
following displays.
b. In the VLAN ID field, enter 10. c. In the VLAN Name field, enter Voice VLAN. d. Click Add. A screen similar to the following displays.
2. Include ports 1/0/1 and 1/0/2 in VLAN 10.
a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to
the following displays.
b. In the VLAN Membership table, in the VLAN ID list, select 10.
Chapter 2. VLANs | 27
ProSafe Managed Switch
c. Select Port 1 and Port 2 as tagged. A screen similar to the following displays.
d. Click Apply.
3. Configure V
oice VLAN globally.
a. Select Switching > VLAN > Advanced > Voice VLAN Configuration. A screen
similar to the following displays.
b. For Admin Mode, select the Enable radio button.
28 | Chapter 2. VLANs
ProSafe Managed Switch
c. Click Apply. A screen similar to the following displays.
4. Configure Voice VLAN mode in interface 1/0/2.
a. Select Switching > VLAN > Advanced > Voice VLAN Configuration. b. Select the 1/0/2 check box. c. In the Interface Mode list, select VLAN ID. d. In the Value field, enter 10. A screen similar to the following displays.
e. Click Apply.
5. Create the DiffServ class ClassVoiceVLAN.
a. Select QoS > Advanced > DiffServ > Class Configuration. A screen similar to the
following displays.
b. In the Class Name field, enter ClassVoiceVLAN.
Chapter 2. VLANs | 29
ProSafe Managed Switch
c. In the Class Type list, select All. A screen similar to the following displays.
d. Click Add. The Class Name screen displays, as shown in the next step in this
procedure.
6. Configure matching criteria for the class as VLAN 10.
a. Select QoS > DiffServ > Advanced > Class Configuration. A screen similar to the
following displays.
b. Click the class ClassVoiceVLAN. A screen similar to the following displays.
c. In the DiffServ Class Configuration table, select VLAN. d. In the VLAN ID field, enter 10. A screen similar to the following displays.
30 | Chapter 2. VLANs
Loading...
+ 468 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use