Set Up an IP ACL with Two Rules | NETGEAR M7100, M4100 specs

ProSafe M4100 and M7100 Managed Switches

4.Apply the ACL to one or more interfaces.

Set Up an IP ACL with Two Rules

This section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will be accepted by the M4100 and M7100 Managed Switch only if the source and destination stations have IP addresses within the defined sets.

Layer 3 switch

TCP packet to 192.178.88.3 rejected. Dest. IP not in range.

TCP packet to 192.178.77.3 accepted. Dest. IP in range.

Port 1/0/2

ACL 1

Layer 2 switch

192.168.77.1 192.168.77.4 192.168.77.9 192.168.77.2

Figure 16. IP ACL with rules for TCP rraffic and UDP rraffic

CLI: Set Up an IP ACL with Two Rules

The following is an example of configuring ACL support on a 7000 Series Managed Switch.

Create ACL 101. Define the first rule: The ACL will permit packets that match the specified source IP address (after the mask has been applied), that are carrying TCP traffic, and that are sent to the specified destination IP address.

1.Enter these commands:

(Netgear Switch) #config

(Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255

138 Chapter 10. ACLs

Image 138

NETGEAR M7100, M4100 manual CLI Set Up an IP ACL with Two Rules, Apply the ACL to one or more interfaces

Contents

ProSafe M4100 and M7100 Managed Switches Support TrademarksRevision History Table of Contents LAGs Ospf ACLs DiffServ Security Management Sntp Switch Stacks Snmp Spanning Tree Protocol Dvmrp Index Documentation Resources VLANs Virtual LANsThis chapter provides the following examples Create Two VLANs CLI Create Two Vlans Web Interface Create Two Vlans CLI Assign Ports to VLAN2 Select Switching Vlan Advanced Port Pvid ConfigurationAssign Ports to VLAN2 Web Interface Assign Ports to VLAN2 CLI Create Three Vlans Select Switching Vlan Basic Vlan ConfigurationCreate Three VLANs Web Interface Create Three Vlans ProSafe M4100 and M7100 Managed Switches Assign Ports to VLAN3 CLI Assign Ports to VLAN3 Web Interface Assign Ports to VLAN3 Acceptable Frame Types list, select Admit All Assign VLAN3 as the Default Vlan for Port 1/0/2 CLI Assign VLAN3 as the Default Vlan for Port 1/0/2 Create a MAC-Based Vlan CLI Create a MAC-Based VlanAdd port 1/0/23 to VLAN3 Map MAC 00000A000002 to VLAN3 Select Switching Vlan Advanced Vlan MembershipWeb Interface Assign a MAC-Based Vlan Add all the ports to VLAN3 ProSafe M4100 and M7100 Managed Switches Create a Protocol-Based Vlan CLI Create a Protocol-Based VlanMAC Address field, enter 00000A000002 Create the protocol-based Vlan group vlanipx Enable protocol Vlan group 1 and 2 on the interfaceWeb Interface Create a Protocol-Based Vlan Screen similar to the following displays ProSafe M4100 and M7100 Managed Switches Virtual VLANs Create an IP Subnet-Based Vlan CLI Create an IP Subnet-Based VlanCreate an IP subnet-based Vlan Web Interface Create an IP Subnet-Based Vlan Assign all the ports to Vlan Voice VLANs Subnet Mask field, enterVlan 1 to 4093 field, enter Click Add CLI Configure Voice Vlan and Prioritize Voice Traffic Create Vlan Configure Vlan 10 as the matching criteria for the class Configure Voice Vlan globallyConfigure Voice Vlan mode in the interface 1/0/2 Include the ports 1/0/1 and 1/0/2 in Vlan ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Select QoS Advanced DiffServ Class Configuration Select Switching Vlan Advanced Voice Vlan ConfigurationInterface Mode list, select Vlan ID Select the 1/0/2 check box Class Name field, enter ClassVoiceVLAN Select QoS DiffServ Advanced Policy Configuration Policy Name field, enter PolicyVoiceVLAN Click the Policy PolicyVoiceVLAN Set the Policy Name field as PolicyVoiceVLAN Screen similar to the following displays Click Apply Private VLANs Private VLANs Packet flow within a Private Vlan domain VLANs Assign Private-VLAN Types Primary, Isolated, Community CLI Assign Private-VLAN Type Primary, Isolated, Community Assign Vlan 101 as an isolated Vlan Configure Private-VLAN Association CLI Configure Private-VLAN AssociationWeb Interface Configure Private-VLAN Association Configure Private-VLAN Port Mode Promiscuous, Host CLI Configure Private-VLAN Port Mode Promiscuous, HostConfigure port 1/0/1 to promiscuous port mode Configure Private-VLAN Host Ports CLI Configure Private-VLAN Host Ports Web Interface Assign Private-VLAN Port Host Ports Map Private-VLAN Promiscuous Port CLI Map Private-VLAN Promiscuous PortWeb Interface Map Private-VLAN Promiscuous Port Promiscuous Primary Vlan field, enter LAGs Link Aggregation Groups CLI Create Two LAGs Select Switching LAG LAG ConfigurationCreate Two LAGs Web Interface Create Two LAGs Add Ports to LAGs CLI Add Ports to the LAGs Web Interface Add Ports to LAGs Web Interface Enable Both LAGs Enable Both LAGsCLI Enable Both LAGs By default, the system enables link trap notification Port Routing This chapter provides the following sections Port Routing Configuration Layer 3 switch configured for port routing Port Routing CLI Enable Routing for the Switch Enable Routing for the SwitchEnable Routing for Ports on the Switch Web Interface Enable Routing for the Switch Routing Mode field, select Enable CLI Enable Routing for Ports on the SwitchWeb Interface Enable Routing for Ports on the Switch IP Address field, enter Subnet Mask field, enter IP Address field, enter Subnet Mask field, enter Web Interface Add a Default Route Add a Default RouteCLI Add a Default Route Select Routing Routing Table Basic Route Configuration Add a Static Route Route Configuration screen displaysRoute Type list, select DefaultRoute CLI Add a Static Route Web Interface Add a Static Route Vlan Routing Layer 3 switch configured for port routing Web Interface Create Two VLANs Select Switching Vlan Advanced Port Pvid Configuraton Scroll down and select 1/0/1 and 1/0/2 check boxes Set Up Vlan Routing for the VLANs and the Switch CLI Set Up Vlan Routing for the VLANs and the SwitchSelect Routing Vlan Vlan Routing Click Add to save the settings Routing Information Protocol Routing for the Switch Network with RIP on ports 1/0/2 and 1/0/3 Web Interface Enable Routing for the Ports Routing for Ports RIP for the Switch CLI Enable RIP on the Switch Web Interface Enable RIP on the SwitchRIP for Ports 1/0/2 and 1/0/3 CLI Enable RIP for Ports 1/0/2 and 1/0/3 Web Interface Enable RIP for Ports 1/0/2 and 1/0/3 ProSafe M4100 and M7100 Managed Switches CLI Configure Vlan Routing with RIP Support Vlan Routing with RIP Enable RIP for the switch Route preference defaults to Netgear Switch Config#ip routing Web Interface Configure Vlan Routing with RIP Support IP Address field, enter Network Mask field, enter Network Mask field, enter Ospf Open Shortest Path First CLI Configure an Inter-area Router Inter-area Router Assign IP addresses to ports Web Interface Configure an Inter-area Router Select Routing IP Advanced IP Interface Configuration ProSafe M4100 and M7100 Managed Switches RFC 1583 Compatibility field, select Disable CLI Configure Ospf on a Border Router Ospf on a Border Router Enable IP routing on the switch Web Interface Configure Ospf on a Border RouterSet disable 1583compatibility to prevent a routing loop Select Routing IP Basic IP Configuration IP Address field, enter Network Mask field, enter Admin Mode field, select Enable ProSafe M4100 and M7100 Managed Switches Select Routing Ospf Advanced Interface Configuration Router Priority 0 to 255 field, enter CLI Configure Area 1 as a Stub Area on A1 Enable routing on the switchStub Areas Enable Ospf area 0 on ports 2/0/11 Configure area 0.0.0.1 as a stub areaSwitch a injects a default route only to area Enable Ospf area 0.0.0.1 on 2/0/19 Web Interface Configure Area 1 as a Stub Area on A1 IP Address field, enter Network Mask field, enter Select Routing Ospf Advanced Interface Configuration CLI Configure Area 1 as a Stub Area on A2 Import Summary LSAs field, select Disable Web Interface Configure Area 1 as a Stub Area on A2 Enable Ospf area 0.0.0.1 on the 1/0/15Set the router ID to IP Address field, enter Network Mask field, enter ProSafe M4100 and M7100 Managed Switches Nssa Areas CLI Configure Area 1 as an nssa AreaConfigure area 0.0.0.1 as an nssa area Stop importing summary LSAs to area Web Interface Configure Area 1 as an nssa Area on A1 Enable area 0.0.0.1 on port 2/0/19 IP Address field, enter Network Mask field, enter Subnet Mask field, enter CLI Configure Area 1 as an nssa Area on A2 Import Summary LSA’s field, select Disable Configure the area 0.0.0.1 as an nssa area Enable Ospf area 0.0.0.1 on port 1/0/15Redistribute the RIP routes into the Ospf Web Interface Configure Area 1 as an nssa Area on A2 Select Routing RIP Advanced Interface Configuration Select Routing Ospf Advanced Nssa Area Configuration Vlan Routing Ospf ProSafe M4100 and M7100 Managed Switches CLI Configure Vlan Routing Ospf Specify the router ID and enable Ospf for the switch Web Interface Configure Vlan Routing Ospf Enable Ospf for the Vlan and physical router ports IP Address field, enter Network Mask field, enter ProSafe M4100 and M7100 Managed Switches CLI Configure OSPFv3 On A1, enable IPv6 unitcast routing on the switchOSPFv3 Enable OSPFv3, and assign 1.1.1.1 to router ID On A2, enable IPv6 unitcast routing on the switchEnable OSPFv3, and assign 2.2.2.2 as the router ID Web Interface Configure OSPFv3 Enable IPv6 unicast routing on the switchSelect Routing IPv6 Basic IPv6 Global Configuration Autonomous Flag field, select Disable Click Add to save the settings Enable OSPFv3 on port 1/0/1 ProSafe M4100 and M7100 Managed Switches Proxy Address Resolution Protocol Proxy ARP ExamplesCLI show ip interface Web Interface Configure Proxy ARP on a Port CLI ip proxy-arp Vrrp Virtual Router Redundancy Protocol Enable Vrrp on the port CLI Configure Vrrp on a Master RouterEnable Vrrp for the switch Vrrp on a Master Router Web Interface Configure Vrrp on a Master Router Select Routing Vrrp Advanced Vrrp Configuration Mode field, select Active Click Apply to save the settings Vrrp on a Backup RouterCLI Configure Vrrp on a Backup Router Primary IP Address field, enter Web Interface Configure Vrrp on a Backup Router Set the priority for the port. The default priority is Priority 1 to 255, enter Primary IP Address field, enter Status list, select Active Click Add to save the settings Access Control Lists ACL Configuration MAC ACLsIP ACLs Set Up an IP ACL with Two Rules CLI Set Up an IP ACL with Two RulesApply the ACL to one or more interfaces Web Interface Set Up an IP ACL with Two Rules Select Security ACL IP ACL IP Extended Rules ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Configure the Switch One-Way Access Using a TCP Flag in an ACLCLIConfigure One-Way Access Using a TCP Flag in an ACL This is a two-step process ProSafe M4100 and M7100 Managed Switches Configure the GSM7352S Enter the following commandsCreate an ACL that permits all the IP packets ProSafe M4100 and M7100 Managed Switches Create Vlan 30 with IP address 192.168.30.1/24 Configuring the SwitchThis is a two-part process Select Routing Vlan Vlan Routing Wizard IP Address field, enter Network Mask field, enter Select Routing IP Basic IP Configuration Select Routing Routing Table Basic Route Configuration Select Security ACL Advanced IP ACL ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Configuring the GSM7342S Switch Create Vlan 40 with IP address 192.168.40.1/24 IP Address field, enter Network Mask field, enter Select Routing Routing Table Basic Route Configuration ProSafe M4100 and M7100 Managed Switches Use ACLs to Configure Isolated VLANs on a Layer 3 Switch Using ACLs to isolate VLANs on a Layer 3 switch Enter the following CLI commands Create ACL 103 to permit all other traffic IP Address field, enter Network Mask field, enter IP Address field, enter Select Security ACL Advanced IP ACL Select Security ACL Advanced IP Extended Rules Select Security ACL Advanced IP Extended Rules Select Security ACL Advanced IP Extended Rules Select Security ACL Advanced IP Binding Configuration ProSafe M4100 and M7100 Managed Switches Set up a MAC ACL with Two Rules Select Security ACL MAC ACL CLI Set up a MAC ACL with Two RulesWeb Interface Set up a MAC ACL with Two Rules Select Security ACL MAC ACL MAC Rules Select Security ACL MAC ACL MAC Binding Configuration ACL Mirroring CLI Configure ACL Mirroring ACL mirroring Web Interface Configure ACL Mirroring View the configurationBind the ACL with interface 1/0/1 ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches ACL Redirect CLI Redirect a Traffic Stream Create an IP access control list with the name redirectHTTP Web Interface Redirect a Traffic Stream ProSafe M4100 and M7100 Managed Switches Redirect Interface list, select 1/0/19 ProSafe M4100 and M7100 Managed Switches Configure IPv6 ACLs CLI Configure an IPv6 ACL Create the access control list with the name ipv6-acl Netgear Switch #show ipv6 access-lists Web Interface Configure an IPv6 ACL Select Security ACL Advanced IPv6 ACL ProSafe M4100 and M7100 Managed Switches Select Security ACL Advanced IP Binding Configuration ProSafe M4100 and M7100 Managed Switches Class of Service Queuing CoS Queuing Untrusted Ports CoS Queue MappingTrusted Ports CoS queue mapping uses trusted and untrusted ports CLI Show classofservice Trust CoS Queue ConfigurationShow classofservice Trust To use the CLI to show CoS trust mode, use these commands CLI Set classofservice Trust Mode Set classofservice Trust ModeWeb Interface Show classofservice Trust Web Interface Set classofservice Trust Mode Web Interface Show classofservice ip-precedence Mapping Show classofservice IP-Precedence MappingCLI Show classofservice IP-Precedence Mapping Global Trust Mode list, select trust dot1p IP precedence to queue mapping of the interface is displayed Set CoS Trust Mode for an Interface Scheduler Type list, select Weighted Web Interface Set CoS Trust Mode for an Interface Configure Traffic ShapingCLI Set CoS Trust Mode for an Interface Interface Trust Mode list, select trust dot1p CLI Configure traffic-shape Web Interface Configure Traffic ShapingInterface Shaping Rate 0 to 100 field, enter Click Apply to save the settings This chapter provides the following examples DiffServ on Differentiated ServicesDiffServ Auto VoIP on Class B subnet with differentiated services DiffServ CLI Configure DiffServ Ensure that the DiffServ operation is enabled for the switch Netgear Switch Config policy-map#exit Web Interface Configure DiffServ Class Name field, enter financedept Source IP Address field, enter Source Mask field, enter Class Name field, enter marketingdept Source IP Address field, enter Source Mask field, enter Class Name field, enter developmentdept Policy Selector field, enter internetaccess Member Class list, select marketingdept Member Class list, select testdept Member Class list, select developmentdept ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Policy In list, select internetaccess Select QoS CoS Advanced Interface Queue Configuration ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches CLI Configure DiffServ for VoIP DiffServ for VoIP Attach the defined policy to an inbound service interface Select QoS DiffServ Advanced DiffServ Configuration Web Interface Diffserv for VoIP Click classvoip Click classef Screen similar to the following displays Select QoS DiffServ Advanced Service Configuration Auto VoIP CLI Configure Auto VoIP Auto VoIP View the auto VoIP information Web Interface Configure Auto-VoIP DiffServ for IPv6 DiffServ for IPv6 Create the policy policyicmpv6 CLI Configure DiffServ for IPv6Define matching criteria as protocol ICMPv6 Associate the previously created class classicmpv6 Web Interface Configure DiffServ for IPv6 Select QoS DiffServ Advanced IPv6 Class ConfigurationClass Name field, enter classicmpv6 ProSafe M4100 and M7100 Managed Switches Policy Name field, enter policyicmpv6 ProSafe M4100 and M7100 Managed Switches Policy Name list, select policyicmpv6 Select the Interface 1/0/1, 1/0/2, and 1/0/3 check boxes Screen similar to the following displays Click Apply CLI Configure a Color Conform Policy Color Conform PolicyCreate classes classvlan and classcolor Web Interface Configure a Color Conform Policy Apply this policy to port 1/0/13 ProSafe M4100 and M7100 Managed Switches Select QoS DiffServ Advanced Class Configuration Class Name field, enter classcolor Policy Name field, enter policyvlan Committed Burst Size field, enter Member Class field, enter classvlanCommitted Rates field, enter For Conform Action, select the Send radio button Policy Name list, select policyvlan Igmp Snooping and Querier Igmp Following example shows how to enable Igmp snooping CLI Enable Igmp SnoopingWeb Interface Enable Igmp Snooping Igmp Snooping Show mac-address-table igmpsnooping CLI Show igmpsnoopingWeb Interface Show igmpsnooping CLI Show mac-address-table igmpsnooping CLI Configure the Switch with an External Multicast RouterExternal Multicast Router Web Interface Show mac-address-table igmpsnooping Multicast Router Using Vlan CLI Configure the Switch with a Multicast Router Using Vlan Multicast Router field, select Enable Igmp Querier Enable Igmp Querier CLI Enable Igmp Querier Web Interface Enable Igmp Querier Querier IP Address field, enter CLI Show Igmp Querier Status To see the Igmp querier status, use the following commandShow Igmp Querier Status Web Interface Show Igmp Querier Status MVR Multicast Vlan Registration Configure MVR in Compatible Mode MVR switch GSM7212P in this case Configure the receive ports CLI Configure MVR in Compatible ModeConfigure multicast Vlan on the source port Create MVlan, VLAN1, VLAN2, and VLAN3 ProSafe M4100 and M7100 Managed Switches Web Interface Configure MVR in Compatible Mode Show mvr status ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Configure MVR in Dynamic Mode CLI Configure MVR in Dynamic ModeConfigure MVR in dynamic mode Configure the receive ports Web Interface Configure MVR in Dynamic Mode Show the MVR status ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Security Management Port Security Set the Dynamic and Static Limit on Port 1/0/1 CLI Set the Dynamic and Static Limit on Port 1/0/1 Click Apply to save the settings Create a Static Address Select the Convert Dynamic Address to Static check box Web Interface Create a Static Address Protected PortsCLI Create a Static Address Static MAC Address field, enter Create one Vlan 192 including PC 1 and PC Protected ports Create one Vlan 202 connected to the Internet Enable IP routing and configure a default routeEnable a protected port on 1/0/23 and 1/0/24 Create a Dhcp pool to allocated IP addresses to PCs ProSafe M4100 and M7100 Managed Switches IP Address field, enter Network Mask field, enter IP Address field, enter Network Mask field, enter Next Hop IP Address field, enter CLI Authenticating dot1x Users by a Radius Server 802.1x Port Security Web Interface Authenticating dot1x Users by a Radius Server Select Routing Basic IP Configuration Select Routing Advanced IP Interface Configuration IP Address field, enter Subnet Mask field, enter Control Mode list, select Force Authorized Server Address field, enter Message Authenticator field, select EnableAccounting Mode field, select Enable Click Apply Accounting Server Address field, enter Create a Guest Vlan Guest Vlan Enable dot1x and Radius on the switch CLI Create a Guest Vlan Enable the guest Vlan on ports 1/0/1 and 1/0/24 Web Interface Create a Guest Vlan Click Apply to save settings Enable dot1x on the switch ProSafe M4100 and M7100 Managed Switches Assign VLANs Using Radius Radius Server IP Address field, enter CLI Assign Vlans Using Radius Netgear Switch #network protocol none Set the Radius server IP address Enable dot1x authentication on the switchUse the Radius as the authenticator Set the NAS-IP address for the Radius server Web Interface Assign Vlans Using Radius Show the dot1x detail for 1/0/5Assign the IP address for the Web Management Interface IP Address field, enter Subnet Mask field, enter Control Mode list, select Force Authorized Dynamic ARP Inspection CLI Configure Dynamic ARP Inspection Enable Dhcp snooping globallyEnable Dhcp snooping in a Vlan Select Security Control Dhcp Snooping Global Configuration Web Interface Configure Dynamic ARP InspectionEnable ARP inspection in Vlan View the Dhcp Snooping Binding table ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Static Mapping CLI Configure Static MappingConfigure the rule to allow the static client Create an ARP ACL Web Interface Configure Static Mapping Configure ARP ACL used for VlanACL Name list, select ArpFilter Dhcp Snooping Click Apply Screen similar to the following displays CLI Configure Dhcp Snooping Dhcp Snooping Web Interface Configure Dhcp Snooping ProSafe M4100 and M7100 Managed Switches Enter Static Binding into the Binding Database CLI Enter Static Binding into the Binding DatabaseEnter the Dhcp snooping static binding Select Security Control Dhcp Snooping Binding Configuration Maximum Rate of Dhcp Messages View the rate configured CLI Configure the Maximum Rate of Dhcp MessagesWeb Interface Configure the Maximum Rate of Dhcp Messages Control the maximum rate of Dhcp messages IP Source Guard IP Source Guard Enable IP Source Guard in interface 1/0/2 ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Select the Interface 1/0/2 check box MAC Address field, enter Show Sntp CLI Only Simple Network Time ProtocolShow sntp Show sntp client Show sntp server Configure Sntp CLI Configure Sntp Web Interface Configure Sntp Set the Time Zone CLI Only Set the Named Sntp Server CLI Set the Named Sntp Server Web Interface Set the Named Sntp ServerAddress field, enter time-f.netgear.com DNS Server field, enter Tools Traceroute Select Maintenance Troubleshooting Traceroute CLI TracerouteWeb Interface Traceroute Configuration Scripting This section provides the following examples Script on Script Script list and script delete Script apply running-config.scr Create a Configuration ScriptUpload a Configuration Script Pre-Login Banner Create a Pre-Login Banner CLI OnlyTransfer the file from the PC to the switch using Tftp Port Mirroring CLI Specify the Source Mirrored Ports and Destination ProbeSelect Monitoring Mirroring Port Mirroring Session Mode field, select Enable Click Apply Dual ImageDestination Port field, enter 1/0/3 CLI Download a Backup Image and Make It Active Server Address Type list, select IPv4 Web Interface Download a Backup Image and Make It ActiveSelect Maintenance File Management Dual Image Configuration Remote File Name, enter gsm73xxse-r8v0m0b3.stk Outbound Telnet This section, the following examples are provided CLI show network CLI show telnet Web Interface Configure Telnet Select Security Access TelnetCLI transport output telnet CLI Configure the session-limit and session-timeout Web Interface Configure the Session Timeout Maximum number of sessions field, enter Syslog Log Files Syslog CLI Show Logging Configure the syslogShow Logging Web Interface Show Logging Select Monitoring Logs Command Log Select Monitoring Logs Console LogSelect Monitoring Logs Buffer Logs Show Logging Buffered CLI Show Logging Buffered CLI Show Logging Traplogs Show Logging TraplogsWeb Interface Show Logging Buffered Web Interface Show Logging Trap Logs Show Logging Hosts CLI Show Logging Hosts Configure Logging for a Port CLI Configure Logging for the PortWeb Interface Show Logging Hosts Web Interface Configure Logging for the Port Severity Filter list, select Alert Email Alerting For Position Only FPO Netgear Switch Config#logging traps Switch Stacks Switch Stack Management and Connectivity Stack Master and Stack Members Stack Master Stack Members Stack Member Numbers Install and Power-up a Stack Compatible Switch ModelsStack Member Priority Values Switch Firmware Install a Switch Stack Upgrade the Firmware Migrate Configuration with a Firmware UpgradeCode Mismatch Copy Master Firmware to a Stack Member Web Interface Configure a Stacking Port as an Ethernet PortContinue with the boot of operational code Copy Master Firmware to Unit list, select CLI Configure a Stacking Port as an Ethernet Port On Switch A, Configure the Stack Port and RebootAfter Switch a reboots After Switch B reboots Web Interface Configure a Stacking Port as an Ethernet PortOn Switch B, Configure the stack port and reboot Configured Stack Mode list, select Ethernet ProSafe M4100 and M7100 Managed Switches Stack Switches Using 10G Fiber CLI Stack Switches Using 10G FiberOn Switch A, show the port information On Switch A, you see the following Web Interface Stack Switches Using 10G FiberReboot Switch B Select System Stacking Advanced Stack Port Configuration Reboot Unit No. list, select Click Apply Add Switches to an Operating StackConfigured Stack Mode list, select Stack Add, Remove, or Replace a Stack Member Remove a Switch from the Stack Switch Stack Configuration Files Replace a Stack Member Preconfigure a Switch Switch Stack Master Scenarios Preconfigured Switches Compared to Stack Configuration Renumber Stack Members CLI Renumber Stack Members Web Interface Renumber Stack Members Now the unit ID of the stacking member is Move the Stack Master to a Different Unit CLI Move the Stack Master to a Different UnitWeb Interface Move the Stack Master to a Different Unit Add a New Community CLI Add a New CommunitySnmp V3 on SFlow on This example shows how to send Snmp trap to the Snmp server Enable Snmp TrapCLI Enable Snmp Trap Web Interface Add a New Community Web Interface Enable Snmp Trap Snmp Confirm Password field, enter CLI Configure SnmpWeb Interface Configure Snmp Click Apply to save the settings Configure the Snmp V3 user SFlow Encryption Key field, enter SFlow View the sampling port configurations Configure the sFlow receiver IP addressSelect the 1 check box ProSafe M4100 and M7100 Managed Switches CLI Configure Time-Based Sampling of Counters with sFlow View the polling port configurationsTime-Based Sampling of Counters with sFlow Domain Name System Select System Management DNS DNS ConfigurationSpecify Two DNS Servers CLI Specify Two DNS Servers CLI Manually Add a Host Name and an IP Address Select System Management DNS Host ConfigurationManually Add a Host Name and an IP Address Web Interface Manually Add a Host Name and an IP Address IP Address field, enter Configure a Dhcp Server in Dynamic Mode CLI Configure a Dhcp Server in Dynamic ModeDhcp Server Web Interface Configure a Dhcp Server in Dynamic Mode Select System Services Dhcp Server Dhcp Pool Configuration Configure a Dhcp Reservation CLI Configure a Dhcp Reservation Web Interface Configure a Dhcp Reservation ProSafe M4100 and M7100 Managed Switches DHCPv6 Server DHCPv6 stateful IPv6 address assignment DHCPv6 Server Create a DHCPv6 pool and enable Dhcp service CLI Configure DHCPv6Enable IPv6 routing Enable DHCPv6 service on port 1/0/9 Web Interface Configure an Inter-area Router Select Routing IPv6 Advanced Interface Configuration ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Prefix field, enter 000100011540144f0000004daad0 Configure Stateless DHCPv6 Server CLI Configure Stateless DNS ServerEnable IPv6 Dhcp server on interface 2/0/21 Web Interface Configure Stateless DHCPv6 Server Select System Services Dhcp Server DHCPv6 Pool Configuration ProSafe M4100 and M7100 Managed Switches Double VLANs and Private Vlan Groups Double VLANsThis chapter includes the following examples CLI Enable a Double Vlan Web Interface Enable a Double VlanCreate static Vlan ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Private Vlan Groups Create a private group in community mode Create a private group in isolated modeCLI Create a Private Vlan Group Web Interface Create a Private Vlan Group Add 1/0/16 and 1/0/7 to the private group Acceptable Frame Type list, select Admit All ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Configure Classic STP 802.1d CLI Configure Classic STP 802.1dSpanning Tree Protocol Web Interface Configure Classic STP 802.1d Web Interface Configure Rapid STP 802.1w Configure Rapid STP 802.1wCLI Configure Rapid STP 802.1w Select Switching STP CST Port Configuration Configure Multiple STP 802.1s CLI Configure Multiple STP 802.1s Web Interface Configure Multiple STP 802.1s ProSafe M4100 and M7100 Managed Switches In4 tuennel between two switches Tunnel Tunnel Configure Switch GSM7328S1 CLI Create a Tunnel Configure Switch GSM7328S2 Web Interface Create a Tunnel Source Address field, enter Destination Address field, enter Click Apply Assign an IPv6 address to the tunnel Configure Switch GSM7328S2 IP Address field, enter Subnet Mask field, enter ProSafe M4100 and M7100 Managed Switches IPv6 Interface Configuration Create an IPv6 Routing InterfaceCLI Create an IPv6 Routing Interface Assign an IPv6 address to interface 1/0/1 Select Routing IPv6 Advanced Prefix Configuration Web Interface Create an IPv6 Routing Interface Create an IPv6 Network Interface IPv6 Prefix/Prefix Length field, enter 200111/64 CLI Configure the IPv6 Network InterfaceWeb Interface Configure the IPv6 Network Interface EUI64 field, select False Click Add Create an IPv6 Routing Vlan CLI Create an IPv6 Routing VlanIPv6 Gateway field, enter Netgear Switch Config#ipv6 forwarding Web Interface Create an IPv6 Vlan Routing Interface Select Routing IPv6 Advanced Interface Configuration ProSafe M4100 and M7100 Managed Switches Configure DHCPv6 Mode on the Routing Interface CLI Configure DHCPv6 mode on routing interfaceEnable DHCPv6 on the interface 1/0/23 Web Interface Configure DHCPv6 mode on routing interface Show the ipv6 address assigned from 1/0/23 ProSafe M4100 and M7100 Managed Switches PIM-Dense Mode PIM-DM PIM-Sparse Mode PIM-SM Protocol-Independent-MulticastPIM-SMon Configuring and Using PIM-DM Enable pimdm on the switch CLI Configure PIM-DMPIM-DM on Switch a Enable IP multicast forwarding on the switch PIM-DM on Switch B Enable PIM-DM on the interface PIM-DM on Switch C PIM-DM on Switch DEnable Igmp on the switch Enable Igmp on 1/0/24 PIM-DM builds the multicast routes table on each switch Web Interface Configure PIM-DM IP Address field, enter Subnet Mask field, enter Select Routing RIP Advanced Interface Configuration ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches PIM-DM on Switch B Select Routing RIP Advanced Interface Configuration Select Routing Multicast PIM Global Configuration PIM-DM on Switch C IP Address field, enter Subnet Mask field, enter Select Routing RIP Advanced Interface Configuration Select Routing Multicast PIM Global Configuration PIM-DM on Switch D IP Address field, enter Subnet Mask field, enter IP Address field, enter Subnet Mask field, enter ProSafe M4100 and M7100 Managed Switches Select Routing Multicast PIM Interface Configuration Select Routing Multicast Igmp Interface Configuration ProSafe M4100 and M7100 Managed Switches PIM-SM Enable PIM-SM on the switch CLI Configure PIM-SMPIM-SM on Switch a Enable RIP to build a unicast IP routing table PIM-SM on Switch B Netgear Switch#configure PIM-SM on Switch C PIM-SM on Switch D Web Interface Configure PIM-SM Pimsm IP Address field, enter Subnet Mask field, enter IP Address field, enter Subnet Mask field, enter Select Routing RIP Advanced Interface Configuration ProSafe M4100 and M7100 Managed Switches PIM-SM on Switch B IP Address field, enter Subnet Mask field, enter Select Routing Multicast Global Configuration Select Routing Multicast PIM Interface Configuration Click Add Set up the BSR candidate configuration Group Mask field, enter PIM-SM on Switch C IP address, enter Subnet Mask field, enter Select Routing Multicast Global Configuration Select Routing Multicast PIM Interface Configuration Click Add BSR Candidate Configuration Select Routing Multicast PIM BSR Candidate Configuration PIM-SM on Switch D IP Address field, enter Subnet Mask field, enter Select Routing RIP Advanced Interface Configuration Select Routing Multicast Global Configuration Select Routing Multicast PIM Interface Configuration Click Add Set up BSR Candidate configuration Select Routing Multicast Igmp Interface Configuration ProSafe M4100 and M7100 Managed Switches Dhcp L2 Relay and L3 Relay Dhcp L2 RelayThis chapter includes the following sections Enable the Option 82 Circuit ID field CLI Enable Dhcp L2 RelayEnable the Dhcp L2 relay on the switch Enable the Option 82 Remote ID field Enable Dhcp L2 relay on port 1/0/6 Web Interface Enable Dhcp L2 RelayEnable Dhcp L2 relay on port 1/0/5 Trust packets with option 82 received on port 1/0/6 ProSafe M4100 and M7100 Managed Switches Remote ID String field, enter rmtid 82 Option Trust Mode field, select Enable Configure the Dhcp Server Switch CLI Configure a Dhcp ServerDhcp L3 Relay Web Interface Configure a Dhcp Server Create a Dhcp pool Select System Services Dhcp Server Dhcp Server Configuration IP Range From field, enter IP Range To field, enter Select System Services Dhcp Server Dhcp Pool Configuration Configure a Dhcp L3 Switch CLI Configure a Dhcp L3 RelayCreate a routing interface and enable RIP on it Web Interface Configure a Dhcp L3 Relay Create a routing interface connecting to the client Subnet Mask field, enter IP Address Configuration Method field, enter Manual Select Routing RIP Advanced Route Redistribution Redistribute Mode field, select Enable UDP Port field, enter dhcp Click Add to save the settings Configure MLD on MLD Snooping on Multicast Listener Discovery Configure MLD CLI Configure MLDMLD on Switch a Enable IPV6 MLD on the switch MLD on Switch BEnable OSPFv3 to build a unicast route table Enable IPV6 PIM-DM on the switch Web Interface Configure MLD Enable MLD on interface 1/0/24 Select Routing IPv6 Advanced Interface Configuration ProSafe M4100 and M7100 Managed Switches Select Routing OSPFv3 Advanced Interface Configuration Select Routing IPv6 Multicast IPv6 PIM Global Configuration MLD on Switch B Select Routing IPv6 Advanced Interface Configuration ProSafe M4100 and M7100 Managed Switches Select Routing OSPFv3 Advanced Interface Configuration Select Routing IPv6 Multicast IPv6PIM Global Configuration Select Routing IPv6 Multicast MLD Global Configuration MLD Snooping CLI Configure MLD Snooping Enable MLD snooping on Vlan Web Interface Configure MLD Snooping ProSafe M4100 and M7100 Managed Switches ProSafe M4100 and M7100 Managed Switches Dvmrp Distance Vector Multicast Routing Protocol CLI Configure Dvmrp Dvrmp on Switch aCreate routing interfaces 1/0/1, 1/0/13, and 1/0/21 Enable Dvmrp protocol on the switch 255 Dvrmp on Switch B Enable Dvmrp mode on interfaceS 1/0/13 and 1/0/20Create routing ports 1/0/13 and 1/0/20 192.168.2.1 Enable Dvmrp mode on interfaces 1/0/3, 1/0/11, and 1/0/24 Dvrmp on Switch CEnable IP Dvmrp protocol on the switch Enable Igmp protocol on the switch Enable Igmp mode on the interface 1/0/24 Web Interface Configure Dvmrp Dvmrp on Switch a Routing Mode field, select Enable Select Routing Multicast Dvmrp Interface Configuration Dvmrp on Switch B IP Address field, enter Subnet Mask field, enter Select Routing Multicast Dvmrp Interface Configuration Dvmrp on Switch C IP Address field, enter Subnet Mask field, enter Select Routing Multicast Dvmrp Global Configuration Select Enable in the Interface Mode field Click Apply to save the settings Enable Igmp on the switchSelect Routing Multicast Igmp Global Configuration ProSafe M4100 and M7100 Managed Switches Captive Portal CLI Enable Captive Portal Captive Portal ConfigurationEnable Captive Portal Enable captive portal on the switch Enable captive portal instance 1 on port 1/0/1 Web Interface Enable Captive PortalEnable captive portal instance Select Security Control Captive Portal CP Configuration Client Access, Authentication, and Control CLI Block a Captive Portal Instance Local Authorization, Create Users and GroupsBlock a Captive Portal Instance Web Interface Block a Captive Portal Instance CLI Create Users and Groups Web Interface Create Users and Groups Remote Authorization Radius User Configuration Group field, select Click Add CLI Configure Radius as the Verification Mode Web Interface Configure Radius as the Verification Mode Default-RADIUS-Server SSL Certificates ISCSI Shows an example of iSCSI implementation Enable iSCSI Awareness with Vlan Priority Tag CLI Enable iSCSI Awareness with Vlan Priority TagWeb Interface Enable iSCSI Awareness with Vlan Priority Tag Web Interface Enable iSCSI Awareness with Dscp Enable iSCSI Awareness with DscpCLI Enable iSCSI Awareness with Dscp Select Switching iSCSI Basic Web Interface Set iSCSI Target Port Set the iSCSI Target PortCLI Set iSCSI Target Port IP Address, enter Show iSCSI Sessions CLI Show iSCSI SessionsWeb Interface Show iSCSI Sessions ProSafe M4100 and M7100 Managed Switches Index Numerics Index SFlow 373, 374