NETGEAR M4100, M7100 IP Source Guard

312 | Chapter 15. Security Management

ProSafe M4100 and M7100 Managed Switches

IP Source Guard

IP Source Guard uses the DHCP snooping bindings database. When IP Source Guard is

enabled, the switch drops incoming packets that do not match a binding in the bindings

database. IP Source Guard can be configured to enforce just the source IP address or both

the source IP address and source MAC address.

Static client

IP address: 192.168.10.1

HW address: 00:11:85:EE:54:E9

Interface

GSM73xxS

Interface

1/0/1 Interface

DHCP Server

IP address: 192.168.10.1

DHCP Client

IP address: 192.168.10.86 (obtained)

HW address: 00:16:76:A7:88:CC

1/0/3

1/0/2

Figure 34. IP Source Guard

The example is shown as CLI commands and as a Web interface procedure.

CLI: Configure Dynamic ARP Inspection

1. Enable DHCP snooping globally.

(Netgear Switch) (Config)# ip dhcp snooping

Contents

Main 2 | ProSafe M4100 and M7100 Managed Switches Support Trademarks Revision History Table of Contents Chapter 1 Documentation Resources Chapter 2 VLANs Chapter 3 LAGs Chapter 4 Port Routing Chapter 5 VLAN Routing Chapter 6 RIP Chapter 7 OSPF Chapter 8 ARP Chapter 9 VRRP Chapter 10 ACLs Chapter 11 CoS Queuing Chapter 12 DiffServ Chapter 13 IGMP Snooping and Querier Chapter 14 MVR (Multicast VLAN Registration) Chapter 15 Security Management Chapter 16 SNTP Chapter 17 Tools Chapter 18 Syslog Chapter 19 Switch Stacks Chapter 20 SNMP Chapter 21 DNS Chapter 22 DHCP Server Chapter 23 DHCPv6 Server Chapter 24 Double VLANs and Private VLAN Groups Chapter 25 Spanning Tree Protocol Chapter 26 Tunnel Chapter 27 IPv6 Interface Configuration Chapter 28 PIM Chapter 29 DHCP L2 Relay and L3 Relay Chapter 30 MLD Chapter 31 DVMRP Chapter 32 Captive Portal Chapter 33 iSCSI Page Page Virtual LANs Create Two VLANs CLI: Create Two VLANS Web Interface: Create Two VLANS Assign Ports to VLAN2 CLI: Assign Ports to VLAN2 Web Interface: Assign Ports to VLAN2 Create Three VLANs CLI: Create Three VLANS Web Interface: Create Three VLANS Page Assign Ports to VLAN3 CLI: Assign Ports to VLAN3 Web Interface: Assign Ports to VLAN3 Assign VLAN3 as the Default VLAN for Port 1/0/2 Create a MAC-Based VLAN CLI: Create a MAC-Based VLAN Web Interface: Assign a MAC-Based VLAN Page Create a Protocol-Based VLAN CLI: Create a Protocol-Based VLAN Web Interface: Create a Protocol-Based VLAN Page Virtual VLANs: Create an IP SubnetBased VLAN CLI: Create an IP SubnetBased VLAN Web Interface: Create an IP SubnetBased VLAN Voice VLANs CLI: Configure Voice VLAN and Prioritize Voice Traffic Page Page Page Page Page Page Page Page Page Private VLANs Page Assign Private-VLAN Types (Primary, Isolated, Community) CLI: Assign Private-VLAN Type (Primary, Isolated, Community) Web Interface: Assign Private-VLAN Type (Primary, Isolated, Community) Page Configure Private-VLAN Association CLI: Configure Private-VLAN Association Web Interface: Configure Private-VLAN Association Configure Private-VLAN Port Mode (Promiscuous, Host) CLI: Configure Private-VLAN Port Mode (Promiscuous, Host) Web Interface: Configure Private-VLAN Port Mode (Promiscuous, Host) Configure Private-VLAN Host Ports CLI: Configure Private-VLAN Host Ports Web Interface: Assign Private-VLAN Port Host Ports Map Private-VLAN Promiscuous Port CLI: Map Private-VLAN Promiscuous Port Web Interface: Map Private-VLAN Promiscuous Port Page Link Aggregation Groups Create Two LAGs CLI: Create Two LAGs Web Interface: Create Two LAGs Add Ports to LAGs Chapter 3. LAG s | 57 ProSafe M4100 and M7100 Managed Switches CLI: Add Ports to the LAGs Web Interface: Add Ports to LAGs Enable Both LAGs CLI: Enable Both LAGs Web Interface: Enable Both LAGs Page Port Routing Configuration Enable Routing for the Switch CLI: Enable Routing for the Switch Web Interface: Enable Routing for the Switch Enable Routing for Ports on the Switch CLI: Enable Routing for Ports on the Switch Web Interface: Enable Routing for Ports on the Switch Page Add a Default Route CLI: Add a Default Route Web Interface: Add a Default Route Add a Static Route CLI: Add a Static Route Web Interface: Add a Static Route Create Two VLANs Chapter 5. VLAN Routing | 69 ProSafe M4100 and M7100 Managed Switches Figure 8. Layer 3 switch configured for port routing CLI: Create Two VLANs Web Interface: Create Two VLANs Page Page Set Up VLAN Routing for the VLANs and the Switch CLI: Set Up VLAN Routing for the VLANs and the Switch Web Interface: Set Up VLAN Routing for the VLANs and the Switch Page Routing Information Protocol Routing for the Switch CLI: Enable Routing for the Switch Web Interface: Enable Routing for the Switch Routing for Ports CLI: Enable Routing and Assigning IP Addresses for Ports 1/0/2 and 1/0/3 Web Interface: Enable Routing for the Ports RIP for the Switch CLI: Enable RIP on the Switch Web Interface: Enable RIP on the Switch RIP for Ports 1/0/2 and 1/0/3 CLI: Enable RIP for Ports 1/0/2 and 1/0/3 Web Interface: Enable RIP for Ports 1/0/2 and 1/0/3 Page VLAN Routing with RIP CLI: Configure VLAN Routing with RIP Support Chapter 6. RIP | 83 ProSafe M4100 and M7100 Managed Switches 2. Enable RIP for the switch. The route preference defaults to 15. 3. Configure the IP address and subnet mask for a nonvirtual router port. Web Interface: Configure VLAN Routing with RIP Support Page Open Shortest Path First Inter-area Router CLI: Configure an Inter-area Router 2. Assign IP addresses to ports. 4. Enable OSPF, and set the OSPF priority and cost for the ports. Web Interface: Configure an Inter-area Router Page Page OSPF on a Border Router CLI: Configure OSPF on a Border Router Chapter 7. OSPF | 93 ProSafe M4100 and M7100 Managed Switches Set disable 1583compatibility to prevent a routing loop. Web Interface: Configure OSPF on a Border Router Page Page Page Page Stub Areas CLI: Configure Area 1 as a Stub Area on A1 . Web Interface: Configure Area 1 as a Stub Area on A1 Page Page CLI: Configure Area 1 as a Stub Area on A2 Web Interface: Configure Area 1 as a Stub Area on A2 Page Page nssa Areas CLI: Configure Area 1 as an nssa Area 4. Enable area 0.0.0.1 on port 2/0/19. Web Interface: Configure Area 1 as an nssa Area on A1 b. For Routing Mode, select the Enable radio button. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. Page Page CLI: Configure Area 1 as an nssa Area on A2 2. Set the router ID to 2.2.2.2. 3. Configure the area 0.0.0.1 as an nssa area. 4. Redistribute the RIP routes into the OSPF. 5. Enable OSPF area 0.0.0.1 on port 1/0/15. Web Interface: Configure Area 1 as an nssa Area on A2 Page Page VLAN Routing OSPF Page CLI: Configure VLAN Routing OSPF 2. Specify the router ID and enable OSPF for the switch. Web Interface: Configure VLAN Routing OSPF Page Page OSPFv3 CLI: Configure OSPFv3 Page Web Interface: Configure OSPFv3 Page Page Proxy Address Resolution Protocol Proxy ARP Examples CLI: show ip interface Page Virtual Router Redundancy Protocol VRRP on a Master Router CLI: Configure VRRP on a Master Router Web Interface: Configure VRRP on a Master Router VRRP on a Backup Router CLI: Configure VRRP on a Backup Router Web Interface: Configure VRRP on a Backup Router Page Page Access Control Lists MAC ACLs IP ACLs ACL Configuration Set Up an IP ACL with Two Rules CLI: Set Up an IP ACL with Two Rules Web Interface: Set Up an IP ACL with Two Rules Page Page One-Way Access Using a TCP Flag in an ACL CLI:Configure One-Way Access Using a TCP Flag in an ACL Step 1: Configure the Switch 1. Create VLAN 30 with port 0/35 and assign IP address 192.168.30.1/24. 2. Create VLAN 100 with port 0/13 and assign IP address 192.168.100.1/24. Step 2: Configure the GSM7352S 2. Create VLAN 40 with port 1/0/24 and assign IP address 192.168.40.1/24. 3. Create VLAN 50 with port 1/0/25 and assign IP address 192.168.50.1/24. Web Interface: Configure One-Way Access Using a TCP Flag in an ACL Configuring the Switch Page Page Page Page Page Page Page Configuring the GSM7342S Switch Page Page Page Use ACLs to Configure Isolated VLANs on a Layer 3 Switch CLI: Configure One-Way Access Using a TCP Flag in ACL Commands 1. Enter the following CLI commands. 2. Create VLAN 48, add port 1/0/48 to it, and assign IP address 192.168.48.1 to it. Page Web Interface: Configure One-Way Access Using a TCP Flag in an ACL Page Page Page Page Page Page Page Set up a MAC ACL with Two Rules CLI: Set up a MAC ACL with Two Rules Web Interface: Set up a MAC ACL with Two Rules Page ACL Mirroring CLI: Configure ACL Mirroring Web Interface: Configure ACL Mirroring Page Page Page ACL Redirect CLI: Redirect a Traffic Stream Web Interface: Redirect a Traffic Stream Page Page Page Configure IPv6 ACLs CLI: Configure an IPv6 ACL Page Web Interface: Configure an IPv6 ACL Page Page Page Class of Service Queuing CoS Queue Mapping Trusted Ports Untrusted Ports CoS Queue Configuration Show classofservice Trust CLI: Show classofservice Trust Web Interface: Show classofservice Trust Set classofservice Trust Mode CLI: Set classofservice Trust Mode Web Interface: Set classofservice Trust Mode Show classofservice IP-Precedence Mapping CLI: Show classofservice IP-Precedence Mapping Web Interface: Show classofservice ip-precedence Mapping Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode CLI: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode Web Interface: Configure CoS-queue Min-bandwidth and Strict Priority Scheduler Mode Set CoS Trust Mode for an Interface CLI: Set CoS Trust Mode for an Interface Web Interface: Set CoS Trust Mode for an Interface Configure Traffic Shaping CLI: Configure traffic-shape Web Interface: Configure Traffic Shaping Page Differentiated Services DiffServ CLI: Configure DiffServ Page Web Interface: Configure DiffServ Page Page Page Page Page Page Page Page Page Page Page Page Page DiffServ for VoIP CLI: Configure DiffServ for VoIP Page Web Interface: Diffserv for VoIP Page Page Page Page Auto VoIP CLI: Configure Auto VoIP Chapter 12. DiffServ | 227 ProSafe M4100 and M7100 Managed Switches 2. View the auto VoIP information: Web Interface: Configure Auto-VoIP DiffServ for IPv6 CLI: Configure DiffServ for IPv6 Web Interface: Configure DiffServ for IPv6 Page Page Page Page Page Color Conform Policy CLI: Configure a Color Conform Policy Web Interface: Configure a Color Conform Policy Page Page Page Page Page Page Page IGMP Snooping CLI: Enable IGMP Snooping Web Interface: Enable IGMP Snooping Show igmpsnooping Show mac-address-table igmpsnooping CLI: Show mac-address-table igmpsnooping Web Interface: Show mac-address-table igmpsnooping External Multicast Router CLI: Configure the Switch with an External Multicast Router Multicast Router Using VLAN IGMP Querier Enable IGMP Querier CLI: Enable IGMP Querier Web Interface: Enable IGMP Querier Page Show IGMP Querier Status CLI: Show IGMP Querier Status Web Interface: Show IGMP Querier Status Page Configure MVR in Compatible Mode CLI: Configure MVR in Compatible Mode 258 | Chapter 14. MVR (Multicast VLAN Registration) ProSafe M4100 and M7100 Managed Switches Note: The receive port can participate in only one VLAN. Web Interface: Configure MVR in Compatible Mode Page Page Page Configure MVR in Dynamic Mode CLI: Configure MVR in Dynamic Mode 264 | Chapter 14. MVR (Multicast VLAN Registration) ProSafe M4100 and M7100 Managed Switches 5. Configure the receive ports. Note: A receive port can participate in only one VLAN. Web Interface: Configure MVR in Dynamic Mode Page Page Page Port Security Set the Dynamic and Static Limit on Port 1/0/1 CLI: Set the Dynamic and Static Limit on Port 1/0/1 Web Interface: Set the Dynamic and Static Limit on Port 1/0/1 Convert the Dynamic Address Learned from 1/0/1 to a Static Address Create a Static Address CLI: Create a Static Address Web Interface: Create a Static Address Protected Ports Figure 28. Protected ports CLI: Configure a Protected Port to Isolate Ports on the Switch 1. Create one VLAN 192 including PC 1 and PC 2. Chapter 15. Security Management | 275 ProSafe M4100 and M7100 Managed Switches 2. Create one VLAN 202 connected to the Internet. 3. Create a DHCP pool to allocated IP addresses to PCs. 4. Enable IP routing and configure a default route. 5. Enable a protected port on 1/0/23 and 1/0/24. Page Page Page Page 802.1x Port Security CLI: Authenticating dot1x Users by a RADIUS Server Web Interface: Authenticating dot1x Users by a RADIUS Server Page Page Page Page Create a Guest VLAN Chapter 15. Security Management | 287 ProSafe M4100 and M7100 Managed Switches CLI: Create a Guest VLAN 1. Enter the following commands: 2. Create VLAN 2000, and have 1/0/1 and 1/0/24 as members of VLAN 2000. 3. Enable dot1x and RADIUS on the switch. 4. Enable the guest VLAN on ports 1/0/1 and 1/0/24. Web Interface: Create a Guest VLAN b. In the VLAN ID field, enter 2000. Page Page Assign VLANs Using RADIUS CLI: Assign VLANS Using RADIUS Page 8. Show the dot1x detail for 1/0/5. Web Interface: Assign VLANS Using RADIUS Page Page Dynamic ARP Inspection CLI: Configure Dynamic ARP Inspection Web Interface: Configure Dynamic ARP Inspection Page Page Page Static Mapping CLI: Configure Static Mapping Web Interface: Configure Static Mapping DHCP Snooping CLI: Configure DHCP Snooping Web Interface: Configure DHCP Snooping Page Enter Static Binding into the Binding Database CLI: Enter Static Binding into the Binding Database Web Interface: Enter Static Binding into the Binding Database Maximum Rate of DHCP Messages Page IP Source Guard CLI: Configure Dynamic ARP Inspection Web Interface: Configure Dynamic ARP Inspection Page Page Page Simple Network Time Protocol Show SNTP (CLI Only) show sntp 318 | Chapter 16. SNTP ProSafe M4100 and M7100 Managed Switches show sntp client show sntp server Configure SNTP CLI: Configure SNTP Web Interface: Configure SNTP Set the Time Zone (CLI Only) Set the Named SNTP Server CLI: Set the Named SNTP Server Web Interface: Set the Named SNTP Server Page Traceroute Chapter 17. Tools | 325 ProSafe M4100 and M7100 Managed Switches CLI: Traceroute Web Interface: Traceroute 1. Select Maintenance > Troubleshooting > Traceroute. Configuration Scripting script script list and script delete script apply running-config.scr Create a Configuration Script Upload a Configuration Script Pre-Login Banner Create a Pre-Login Banner (CLI Only) Port Mirroring CLI: Specify the Source (Mirrored) Ports and Destination (Probe) Web Interface: Specify the Source (Mirrored) Ports and Destination (Probe) Dual Image CLI: Download a Backup Image and Make It Active Web Interface: Download a Backup Image and Make It Active Outbound Telnet Chapter 17. Tools | 335 ProSafe M4100 and M7100 Managed Switches CLI: show network CLI: show telnet CLI: transport output telnet Web Interface: Configure Telnet 1. Select Security > Access > Telnet. Page Page Page Show Logging CLI: Show Logging Web Interface: Show Logging Page Show Logging Buffered CLI: Show Logging Buffered Chapter 18. Syslog | 343 ProSafe M4100 and M7100 Managed Switches Web Interface: Show Logging Buffered Show Logging Traplogs The example is shown as CLI commands and as a Web interface procedure. CLI: Show Logging Traplogs Show Logging Hosts CLI: Show Logging Hosts Chapter 18. Syslog | 345 ProSafe M4100 and M7100 Managed Switches Web Interface: Show Logging Hosts Configure Logging for a Port The example is shown as CLI commands and as a Web interface procedure. CLI: Configure Logging for the Port Web Interface: Configure Logging for the Port Email Alerting CLI: Send Log Messages to admin@switch.com Using Account aaaa@netgear.com Switch Stack Management and Connectivity The Stack Master and Stack Members Stack Master Stack Members Stack Member Numbers Stack Member Priority Values Install and Power-up a Stack Compatible Switch Models Install a Switch Stack Switch Firmware Code Mismatch Upgrade the Firmware Migrate Configuration with a Firmware Upgrade Copy Master Firmware to a Stack Member (Web Interface) Configure a Stacking Port as an Ethernet Port 356 | Chapter 19. Switch Stacks ProSafe M4100 and M7100 Managed Switches CLI: Configure a Stacking Port as an Ethernet Port 1. On Switch A, Configure the Stack Port and Reboot After Switch A reboots: Web Interface: Configure a Stacking Port as an Ethernet Port Page Stack Switches Using 10G Fiber CLI: Stack Switches Using 10G Fiber Web Interface: Stack Switches Using 10G Fiber Add, Remove, or Replace a Stack Member Add Switches to an Operating Stack Remove a Switch from the Stack Replace a Stack Member Switch Stack Configuration Files 364 | Chapter 19. Switch Stacks ProSafe M4100 and M7100 Managed Switches Table 1. Switch Stack Master Scenarios Preconfigure a Switch Renumber Stack Members CLI: Renumber Stack Members Web Interface: Renumber Stack Members Page Move the Stack Master to a Different Unit CLI: Move the Stack Master to a Different Unit Web Interface: Move the Stack Master to a Different Unit Add a New Community CLI: Add a New Community Web Interface: Add a New Community Enable SNMP Trap CLI: Enable SNMP Trap Web Interface: Enable SNMP Trap SNMP V3 CLI: Configure SNMP V3 Web Interface: Configure SNMP V3 sFlow CLI: Configure Statistical Packet-Based Sampling of Packet Flows with sFlow Web Interface: Configure Statistical Packet-based Sampling with sFlow Page Time-Based Sampling of Counters with sFlow CLI: Configure Time-Based Sampling of Counters with sFlow Web Interface: Configure Time-Based Sampling of Counters with sFlow Domain Name System Specify Two DNS Servers CLI: Specify Two DNS Servers Web Interface: Specify Two DNS Servers Manually Add a Host Name and an IP Address CLI: Manually Add a Host Name and an IP Address Web Interface: Manually Add a Host Name and an IP Address Page Configure a DHCP Server in Dynamic Mode CLI: Configure a DHCP Server in Dynamic Mode Web Interface: Configure a DHCP Server in Dynamic Mode Page Configure a DHCP Reservation CLI: Configure a DHCP Reservation Web Interface: Configure a DHCP Reservation Page Page Page Chapter 23. DHCPv6 Server | 389 ProSafe M4100 and M7100 Managed Switches CLI: Configure DHCPv6 1. Enable IPv6 routing. 2. Create a DHCPv6 pool and enable DHCP service. 3. Enable DHCPv6 service on port 1/0/9. 4. Show DHCPv6 binding. Web Interface: Configure an Inter-area Router Page Page Page Configure Stateless DHCPv6 Server CLI: Configure Stateless DNS Server Web Interface: Configure Stateless DHCPv6 Server Page Page Groups Double VLANs CLI: Enable a Double VLAN Web Interface: Enable a Double VLAN Page Page Private VLAN Groups Chapter 24. Double VLANs and Private VLAN Groups | 403 ProSafe M4100 and M7100 Managed Switches CLI: Create a Private VLAN Group 1. Enter the following commands. 2. Create a VLAN 200 and include 1/0/6,1/0/7, 1/0/16, and 1/0/17. 3. Create a private group in community mode. 4. Create a private group in isolated mode. Web Interface: Create a Private VLAN Group Page Page Page Configure Classic STP (802.1d) CLI: Configure Classic STP (802.1d) Web Interface: Configure Classic STP (802.1d) Configure Rapid STP (802.1w) CLI: Configure Rapid STP (802.1w) Web Interface: Configure Rapid STP (802.1w) Configure Multiple STP (802.1s) CLI: Configure Multiple STP (802.1s) Web Interface: Configure Multiple STP (802.1s) Page Page Chapter 26. Tunnel | 415 ProSafe M4100 and M7100 Managed Switches CLI: Create a Tunnel Configure Switch GSM7328S_1 416 | Chapter 26. Tunnel ProSafe M4100 and M7100 Managed Switches Configure Switch GSM7328S_2 Web Interface: Create a Tunnel Configure Switch GSM7328S_1 Page Configure Switch GSM7328S_2 Page Page Create an IPv6 Routing Interface CLI: Create an IPv6 Routing Interface Chapter 27. IPv6 Interface Configuration | 423 ProSafe M4100 and M7100 Managed Switches 2. Assign an IPv6 address to interface 1/0/1. Web Interface: Create an IPv6 Routing Interface Create an IPv6 Network Interface CLI: Configure the IPv6 Network Interface Web Interface: Configure the IPv6 Network Interface Create an IPv6 Routing VLAN CLI: Create an IPv6 Routing VLAN 428 | Chapter 27. IPv6 Interface Configuration ProSafe M4100 and M7100 Managed Switches 3. Assign IPv6 address 2000::1/64 to VLAN 500 and enable IPv6 routing. 4. Enable IPV6 forwarding and unicast routing on the switch. Web Interface: Create an IPv6 VLAN Routing Interface Page Page Configure DHCPv6 Mode on the Routing Interface CLI: Configure DHCPv6 mode on routing interface Web Interface: Configure DHCPv6 mode on routing interface Page Protocol-Independent-Multicast PIM-DM Page CLI: Configure PIM-DM PIM-DM on Switch A 5. Enable PIM-DM on the interface. PIM-DM on Switch B PIM-DM on Switch C PIM-DM on Switch D 1. Enable IGMP on the switch. 2. Enable IGMP on 1/0/24. 3. PIM-DM builds the multicast routes table on each switch. Web Interface: Configure PIM-DM PIM-DM on Switch A Page Page Page Page PIM-DM on Switch B: Page Page PIM-DM on Switch C Page Page Page PIM-DM on Switch D: Page Page Page Page Page Page PIM-SM CLI: Configure PIM-SM PIM-SM on Switch A PIM-SM on Switch B 2. Enable the switch to announce its candidacy as a bootstrap router (BSR). PIM-SM on Switch C PIM-SM on Switch D Web Interface: Configure PIM-SM a. Select Routing > IP > Basic > IP Configuration. PIM-SM on Switch A Page Page Page Page PIM-SM on Switch B: Page Page Page Page PIM-SM on Switch C: Page Page Page Page PIM-SM on Switch D Page Page Page Page Page Page Page DHCP L2 Relay CLI: Enable DHCP L2 Relay Web Interface: Enable DHCP L2 Relay Page Page Page DHCP L3 Relay Configure the DHCP Server Switch CLI: Configure a DHCP Server Web Interface: Configure a DHCP Server Page Page Page Configure a DHCP L3 Switch CLI: Configure a DHCP L3 Relay Web Interface: Configure a DHCP L3 Relay Page Page Page Page Multicast Listener Discovery 506 | Chapter 30. MLD ProSafe M4100 and M7100 Managed Switches Configure MLD Figure 49. Configure MLD CLI: Configure MLD MLD on Switch A Chapter 30. MLD | 507 MLD on Switch B 1. Enable OSPFv3 to build a unicast route table. 2. Enable IPV6 unicast routing on the switch. 3. Enable IPV6 MLD on the switch. 4. Enable IPV6 PIM-DM on the switch. Web Interface: Configure MLD MLD on Switch A Page Page Page Page MLD on Switch B Page Page Page Page Page MLD Snooping CLI: Configure MLD Snooping Web Interface: Configure MLD Snooping Page Page Distance Vector Multicast Routing Protocol multicast streams are sent from the multicast resource to the host along the path built by DVMRP. Figure 50. DVMRP CLI: Configure DVMRP DVRMP on Switch A 1. Create routing interfaces 1/0/1, 1/0/13, and 1/0/21. 3. Enable DVMRP protocol on the switch. 4. Enable DVMRP mode on the interfaces 1/0/1, 1/0/13, and 1/0/21. DVRMP on Switch B 1. Create routing ports 1/0/13 and 1/0/20. 3. Enable DVMRP protocol on the switch. 4. Enable DVMRP mode on interfaceS 1/0/13 and 1/0/20. Page DVRMP on Switch C: 1. Create routing interfaceS 1/0/11, 1/0/3, and 1/0/24. 3. Enable IP DVMRP protocol on the switch. 4. Enable DVMRP mode on interfaces 1/0/3, 1/0/11, and 1/0/24. 6. Enable IGMP mode on the interface 1/0/24. Web Interface: Configure DVMRP DVMRP on Switch A Page Page DVMRP on Switch B Page Page DVMRP on Switch C Page Page Page Page Page Captive Portal Configuration Enable Captive Portal CLI: Enable Captive Portal Web Interface: Enable Captive Portal Client Access, Authentication, and Control Block a Captive Portal Instance CLI: Block a Captive Portal Instance Web Interface: Block a Captive Portal Instance Local Authorization, Create Users and Groups CLI: Create Users and Groups Web Interface: Create Users and Groups Remote Authorization (RADIUS) User Configuration Chapter 32. Captive Portal | 549 ProSafe M4100 and M7100 Managed Switches Table 3. RADIUS Attributes for Configuring Captive Portal Users 1. Select Security > Control > Captive Portal > CP Configuration. CLI: Configure RADIUS as the Verification Mode Web Interface: Configure RADIUS as the Verification Mode SSL Certificates Page Enable iSCSI Awareness with VLAN Priority Tag CLI: Enable iSCSI Awareness with VLAN Priority Tag Web Interface: Enable iSCSI Awareness with VLAN Priority Tag Enable iSCSI Awareness with DSCP CLI: Enable iSCSI Awareness with DSCP Web Interface: Enable iSCSI Awareness with DSCP Set the iSCSI Target Port CLI: Set iSCSI Target Port Web Interface: Set iSCSI Target Port Show iSCSI Sessions CLI: Show iSCSI Sessions Web Interface: Show iSCSI Sessions Page Index Numerics I A B L M N O P T V W