Home » Netgear Manuals » Hubs & Switches » Netgear GSM7328Sv1 » Manual Viewer

Netgear GSM7328Sv1 7000 Series Managed Switch Administration Guide for Softwar - Page 171

Con Isolated VLANs on a Layer 3 Switch by Using ACLs

Add to My Manuals
Save this manual to your list of manuals

Page 171 highlights

NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3 b. Under Configure Routes, make the following selection and enter the following information: • Select Static from the Route Type pull-down menu. • In the Network Address field, enter 192.168.30.0. • In the Subnet Mask field, enter 255.255.255.0. • In the Next Hop IP Address field, enter 192.168.200.1. c. Click Add. Configure Isolated VLANs on a Layer 3 Switch by Using ACLs Server Port 11/0/38 10.100.5.34 10.100.5.252 Layer 3 Switch Port 1/0/24 192.148.24.1 Port 1/0/48 192.148.48.1 PC1 PC2 192.148.24.2 Figure 12-27 192.148.48.2 This example shows how to isolate VLANs on a Layer 3 switch by using ACLs. In this example, PC1 is in VLAN 24, PC2 is in VLAN 48, and server is in VLAN 38. PC1 and PC2 are isolated by an ACL but can both access the server. The example is shown as CLI commands and as a Web interface procedure. Access Control Lists (ACLs) v1.0, November 2008 12-25

Section	Page
NETGEAR 7000 Series Managed Switch Administration Guide Version 7.3	1
Contents	5
Conventions, Formats, Scope, and Audience	17
Additional Documentation	18
How to Use This Manual	19
How to Print This Manual	19
Revision History	20
Chapter 1 Getting Started	21
In-band and Out-of-band Connectivity	21
Configuring for In-band Connectivity	21
Using BootP or DHCP	21
Using the EIA-232 Port	22
Configuring for Out-Of-Band Connectivity	23
Starting the Switch	24
Initial Configuration	24
Initial Configuration Procedure	25
Software Installation	25
Quick Starting the Networking Device	25
System Information and System Setup	26
Chapter 2 Using Ezconfig for Switch Setup	31
Changing the Password	31
Setting Up the Switch IP Address	32
Assigning Switch Name and Location Information	33
Saving the Configuration	33
Chapter 3 Using the Web Interface	35
Configuring for Web Access	35
Starting the Web Interface	36
Web Interface Layout	36
Configuring an SNMP V3 User Profile	38
Chapter 4 Virtual LANs	41
Create Two VLANs	42
CLI: Creating Two VLANS	42
Web Interface: Creating Two VLANS	42
Assign Ports to VLAN2	44
CLI: Assigning Ports to VLAN2	44
Web Interface: Assigning Ports to VLAN2	44
Assign Ports to VLAN3	45
CLI: Assigning Ports to VLAN3	46
Web Interface: Assigning Ports to VLAN3	46
Assign VLAN3 as the Default VLAN for Port 1/0/2	47
CLI: Assigning VLAN3 as the Default VLAN for Port 1/0/2	47
Web Interface: Assigning VLAN3 as the Default VLAN for Port 1/0/2	47
Creating a MAC-based VLAN	49
CLI: Creating a MAC-Based VLAN	50
Web Interface Procedure: Assigning a MAC-Based VLAN	51
Create a Protocol-based VLAN	53
CLI: Creating a Protocol-based VLAN	53
Web Interface: Creating a Protocol-based VLAN	54
Chapter 5 Link Aggregation	57
Create Two LAGs	58
CLI: Creating Two LAGs	58
Web Interface: Creating Two LAGs	59
Add the Ports to the LAGs	59
CLI: Adding the Ports to the LAGs	60
Web Interface: Adding the Ports to the LAGs	60
Enable Both LAGs	61
CLI: Enabling Both LAGs	61
Web Interface: Enabling Both LAGs	62
Chapter 6 Port Routing	63
Port Routing Configuration	63
Enable Routing for the Switch	64
CLI: Enabling Routing for the Switch	65
Web Interface: Enabling Routing for the Switch	65
Enable Routing for Ports on the Switch	65
CLI: Enabling Routing for Ports on the Switch	66
Web Interface: Enabling Routing for Ports on the Switch	66
Adding a Default Route	68
CLI: Add a Default Route	69
Web Interface: Add a Default Route	69
Adding a Static Route	70
CLI Command Procedure:	70
Web Interface Procedure	70
Chapter 7 VLAN Routing	73
Create Two VLANs	73
CLI: Creating Two VLANs	74
Web Interface: Creating Two VLANs	75
Set Up VLAN Routing for the VLANs and the Switch	78
CLI: Setting Up VLAN Routing for the VLANs and the Switch	78
Web Interface: Setting Up VLAN Routing for the VLANs and the Switch	79
Chapter 8 Routing Information Protocol	81
Enable Routing for the Switch	82
CLI: Enabling Routing for the Switch	82
Web Configuration: Enabling Routing for the Switch	82
Enable Routing for Ports	83
CLI: Enabling Routing for Ports	83
Web Interface: Enabling Routing for the Ports	83
Enable RIP for the Switch	85
CLI: Enabling RIP for the Switch	86
Web Interface: Enabling RIP on the Switch	86
Enable RIP for Ports 1/0/2 and 1/0/3	86
CLI: Enabling RIP for Ports 1/0/2 and 1/0/3	86
Web Interface: Enabling RIP for Ports 1/0/2 and 1/0/3	87
VLAN Routing RIP Configuration	88
CLI: VLAN Routing RIP Configuration	90
Web Interface: VLAN Routing RIP Configuration	91
Chapter 9 OSPF	95
Configure an Inter-Area Router	95
CLI: Configuring an Inter-Area Router	96
Web Interface: Configuring an Inter-Area Router	97
Configure OSPF on a Border Router	102
CLI: Configuring OSPF on a Border Router	102
Web Interface: Configuring OSPF on a Border Router	104
Configure Area 1 as a Stub Area	110
CLI: Configuring Area 1 as a Stub Area on A1	111
Web Interface: Configuring Area 1 as a Stub Area on A1	112
CLI: Configuring Area 1 as a Stub Area on A2	116
Web Interface: Configuring Area 1 as a Stub Area on A2	117
Configure Area 1 as a nssa Area	120
CLI: Configuring Area 1 as a nssa Area	120
Web Interface: Configuring Area 1 as a nssa Area on A1	121
CLI: Configuring Area 1 as a nssa Area on A2	125
Web Interface: Configuring Area 1 as a nssa Area on A2	126
VLAN Routing OSPF Configuration	131
CLI: VLAN Routing OSPF Configuration	132
Web Interface: VLAN Routing OSPF Configuration	133
Chapter 10 Proxy Address Resolution Protocol (ARP)	137
Proxy ARP Examples	137
CLI: show ip interface	137
CLI: ip proxy-arp	138
Web Interface: Configuring Proxy ARP on a Port	138
Chapter 11 Virtual Router Redundancy Protocol	139
Configure VRRP on a Master Router	140
CLI: Configuring VRRP on a Master Router	140
Web Interface: Configuring VRRP on a Master Router	141
Configure VRRP on a Backup Router	142
CLI: Configuring VRRP on a Backup Router	143
Web Interface: Configuring VRRP on a Backup Router	144
Chapter 12 Access Control Lists (ACLs)	147
MAC ACLs	147
Configuring IP ACLs	148
Process	148
Set up an IP ACL with Two Rules	149
CLI: Setting up an IP ACL with Two Rules	149
CLI Commands	149
Web Interface: Setting up an IP ACL with Two Rules	150
Configure a One-Way Access Using a TCP Flag in an ACL	154
CLI: Configuring a One-Way Access Using a TCP Flag in an ACL	154
Step 1: Configure the GSM7248R (see Figure 12-7)	154
Step 2: Configure the GSM7352S (see Figure 12-7)	156
Web Interface: Configuring a One-Way Access Using a TCP Flag in an ACL	157
Configure Isolated VLANs on a Layer 3 Switch by Using ACLs	171
CLI: Configuring a One-Way Access Using a TCP Flag in an ACL Commands	172
Web Interface: Configuring a One-Way Access Using a TCP Flag in an ACL	174
Set up a MAC ACL with Two Rules	184
CLI: Setting up a MAC ACL with Two Rules	185
Web Interface: Setting up a MAC ACL with Two Rules	185
Chapter 13 Class of Service (CoS) Queuing	189
CoS Queue Mapping	189
Trusted Ports	189
Untrusted Ports	190
CoS Queue Configuration	190
Show classofservice Trust	191
CLI: Showing classofservice trust	191
Web Interface: Showing classofservice Trust	191
Set classofservice trust Mode	191
CLI: Setting classofservice Trust Mode	192
Web Interface: Setting classofservice Trust Mode	192
Show classofservice ip-precedence Mapping	193
CLI: Showing classofservice ip-precedence Mapping	193
Web Interface: Showing classofservice ip-precedence Mapping	193
Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode	194
CLI: Configuring Cos-queue Min-bandwidth and Strict Priority Scheduler Mode	194
Web Interface: Configuring CoS-queue Min-bandwidth and Strict Priority Scheduler Mode	194
Set CoS Trust Mode of an Interface	197
CLI: Setting CoS Trust Mode of an Interface	197
Web Interface: Setting CoS Trust Mode of an Interface	197
Configure Traffic Shaping	198
CLI: Configuring traffic-shape	198
Web Interface: Configuring Traffic-shape	198
Chapter 14 Differentiated Services	201
Differentiated Services	202
CLI: DiffServ	202
Web Interface: DiffServ	204
DiffServ for VoIP Configuration	220
CLI: DiffServ for VoIP	221
Web Interface: Diffserv for VoIP	222
Chapter 15 IGMP Snooping and Querier	229
Enable IGMP Snooping	229
CLI: Enabling IGMP Snooping	229
Web Interface: Enabling IGMP Snooping	229
Show igmpsnooping	230
CLI: Showing igmpsnooping	231
Web Interface: Showing igmpsnooping	231
Show mac-address-table igmpsnooping	232
CLI: Showing mac-address-table igmpsnooping	232
Web Interface: Showing mac-address-table igmpsnooping	232
Configure the Switch with an External Multicast Router	233
CLI: Configuring the Switch with an External Multicast Router	233
Web Interface: Configuring the Switch with an External Multicast Router	233
Configure the Switch with a Multicast Router Using VLAN	234
CLI: Configure the Switch with a Multicast Router Using VLAN	234
Web Interface: Configuring the Switch with a Multicast Router Using VLAN	234
IGMP Querier	235
Enable IGMP Querier	236
CLI: Enabling IGMP Querier	236
Web Interface: Enabling IGMP Querier	237
Show IGMP Querier Status	238
CLI: Showing IGMP Querier Status	238
Web Interface: Showing IGMP Querier Status	238
Chapter 16 Security Management	239
Port Security	239
Set the Dynamic and Static Limit on the Port 1/0/1	240
CLI: Setting the Dynamic and Static Limit on the Port 1/0/1	240
Web Interface: Setting the Dynamic and Static Limit on the Port 1/0/1	240
Convert the Dynamic Address Learned from 1/0/1 to the Static Address	242
CLI: Converting the Dynamic Address Learned from 1/0/1 to the Static Address	242
Web Interface: Converting the Dynamic Address Learned from 1/0/1 to the Static Address	242
Create a Static Address	243
CLI: Creating a Static Address	243
Web Interface: Creating a Static Address	243
Protected Ports	244
CLI: Configuring a Protected Port to Isolate Ports on the Switch	244
Web Interface: Configuring a Protected Port to Isolate Ports on the Switch	246
802.1x Port Security	251
CLI: Authenticating dot1x Users by a RADIUS Server	253
Web Interface: Authenticating dot1x Users by a RADIUS Server	254
Chapter 17 Simple Network Time Protocol (SNTP)	259
Show SNTP (CLI Only)	259
show sntp	259
show sntp client	260
show sntp server	260
Configure SNTP	260
CLI: Configuring SNTP	260
Web Interface: Configuring SNTP	262
Set the Time Zone (CLI Only)	263
Set Named SNTP Server	263
CLI: Setting Named SNTP Server	263
Web Interface: Setting Named SNTP Server	264
Chapter 18 Tools	267
Traceroute	267
CLI:Traceroute	267
Web Interface: Traceroute	268
Configuration Scripting	269
script	270
script list and script delete	270
script apply running-config.scr	270
Create a Configuration Script	271
Upload a Configuration Script	271
Pre-Login Banner	271
Creating a Pre-Login Banner (CLI Only)	271
Port Mirroring	272
CLI: Specifying the Source (Mirrored) Ports and Destination (Probe)	273
Web Interface: Specifying the Source (Mirrored) Ports and Destination (Probe)	273
Outbound Telnet	274
CLI: show network	274
CLI: show telnet	275
CLI: transport output telnet	275
Web Interface: Configuring Telnet	275
CLI: session-limit and session-timeout	276
Web Interface: Configuring the Session Timeout	276
Chapter 19 Syslog	279
Show Logging	280
CLI: Show Logging	280
Web Interface: Show Logging	280
Show Logging Buffered	283
CLI: Showing Logging Buffered	284
Web Interface: Showing Logging Buffered	284
Show Logging Traplogs	285
CLI: Showing Logging Traplogs	285
Web Interface: Showing Logging Trap Logs	285
Show Logging Hosts	286
CLI: Showing Logging Hosts	286
Web Interface: Showing Logging Hosts	286
Log Port Configuration	287
CLI: Logging Port Configuration	287
Web Interface: Logging Port Configuration	287
Chapter 20 Managing Switch Stacks	289
Understanding Switch Stacks	290
Switch Stack Membership	290
Switch Stack Cabling (FSM73xxS)	291
Stack Master Election and Re-Election	292
Stack Member Numbers	293
Stack Member Priority Values	293
Switch Stack Offline Configuration	294
Effects of Adding a Preconfigured Switch to a Switched Stack	294
Effects of Replacing a Preconfigured Switch in a Switch Stack	294
Effects of Removing a Preconfigured Switch from a Switch Stack	295
Switch Stack Software Compatibility Recommendations	295
Incompatible Software and Stack Member Image Upgrades	295
Switch Stack Configuration Files	295
Switch Stack Management Connectivity	295
Switch Stack Configuration Scenarios	296
Stacking Recommendations	297
General Practices	297
Initial installation and Power-up of a Stack	297
Removing a Unit from the Stack	298
Adding a Unit to an Operating Stack	298
Replacing a Stack Member with a New Unit	299
Renumber Stack Members	299
CLI: Renumbering Stack Members	299
Web Interface: Renumbering Stack Members	300
Moving a Master to a Different Unit in the Stack	301
CLI: Moving a Master to a Different Unit in the Stack	301
Web Interface: Moving a Master to a Different Unit in the Stack	301
Removing a Master Unit from an Operating Stack	302
Merging Two Operational Stacks	302
Preconfiguration	302
Upgrading Firmware	303
Migration of Configuration With a Firmware Upgrade	303
Code Mismatch	303
Web Interface: Upgrading Firmware	304
Chapter 21 SNMP	305
Add a New Community	305
CLI: Adding a New Community	305
Web Interface: Adding a New Community	305
Enable SNMP Trap	306
CLI: Enabling SNMP Trap	306
Web Interface: Enabling SNMP Trap	306
Configure SNMP V3	307
CLI: Configuring SNMP V3	307
Web Interface: Configuring SNMP V3	308
Chapter 22 DNS	311
Specify Two DNS Servers	311
CLI: Specifying Two DNS Servers	311
Web Interface: Specifying Two DNS Servers	311
Manually Add a Host Name and an IP Address	312
CLI Example: Manually Adding a Host Name and an IP Address	312
Web Interface: Manually Adding a Host Name and an IP Address	313
Chapter 23 DHCP Server	315
Configure a DHCP Server in Dynamic Mode	315
CLI: Configuring a DHCP Server in Dynamic Mode	315
Web Interface: Configuring a DHCP Server in Dynamic Mode	315
Configure a DHCP Reservation	317
CLI: Configuring a DHCP Reservation	318
Web Interface: Configuring a DHCP Reservation	318
Chapter 24 Double VLANs	321
Enable a Double VLAN	322
CLI: Enabling a Double VLAN on a VLAN	322
Web Interface: Enabling a Double VLAN on a VLAN	322
Chapter 25 Private VLAN Groups	327
Create a Private VLAN Group	327
CLI: Creating a Private VLAN Group	328
Web Interface: Creating a Private VLAN Group	329
Chapter 26 Spanning Tree Protocol	333
Configure Classic STP (802.1d)	333
CLI: Configuring Classic STP (802.1d)	333
Web Interface:Configuring Classic STP (802.1d)	333
Configure Rapid STP (802.1w)	335
CLI: Configuring Rapid STP (802.1w)	335
Web Interface: Configuring Rapid STP (802.1w)	335
Configure Multiple STP (802.1s)	336
CLI: Configuring Multiple STP (802.1s)	337
Web Interface: Configuring Multiple STP (802.1s)	337