Netgear XCM8806 Chassis User Manual
Netgear XCM8806 Chassis Manual
 |
View all Netgear XCM8806 Chassis manuals
Add to My Manuals
Save this manual to your list of manuals |
Netgear XCM8806 Chassis manual content summary:
- Netgear XCM8806 Chassis | User Manual - Page 1
NETGEAR 8800 User Manual Software Version 12.4 350 East Plumeria Drive San Jose, CA 95134 USA March 2011 202-10804-01 v1.0 - Netgear XCM8806 Chassis | User Manual - Page 2
8800 User Manual © 2011 NETGEAR, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NETGEAR, Inc. Technical Support Thank you - Netgear XCM8806 Chassis | User Manual - Page 3
Contents Chapter 1 Overview Introduction 22 Terminology 23 Conventions 23 Platform-Naming Conventions 23 Text Conventions 23 Related Publications 24 Part 1: Using the NETGEAR 8800 Chapter 2 Getting Started Overview 27 Software Required 28 Logging in to the Switch 28 Understanding the - Netgear XCM8806 Chassis | User Manual - Page 4
NETGEAR 8800 User Manual Domain Name Service Client Services 47 Checking Basic Connectivity 48 Ping 48 Traceroute 50 76 Enabling and Disabling SNMPv1/v2c and SNMPv3 77 Accessing Switch Agents 78 Supported MIBs 78 Configuring SNMPv1/v2c Settings 79 Displaying SNMP Settings 80 SNMPv3 81 - Netgear XCM8806 Chassis | User Manual - Page 5
NETGEAR 8800 User Manual Using the Simple Network Time Protocol 89 Configuring and Using SNTP 90 SNTP Example 94 Chapter 4 Managing the XCM8800 Software Overview 95 Using the XCM8800 - Netgear XCM8806 Chassis | User Manual - Page 6
NETGEAR 8800 User Manual Displaying Switch Load Sharing 137 Mirroring 138 Guidelines for Mirroring LLDP Packets 152 Transmitting LLDP Messages 153 Receiving LLDP Messages 154 Managing LLDP 155 Supported TLVs 156 Mandatory TLVs 158 Optional TLVs 159 Configuring LLDP 164 Enabling and - Netgear XCM8806 Chassis | User Manual - Page 7
NETGEAR 8800 User Manual Port Power Reset 177 PoE Usage Threshold 177 Legacy Devices 178 PoE Operator Limits 178 Configuring PoE 179 Enabling Inline Power 179 Reserving Power 180 - Netgear XCM8806 Chassis | User Manual - Page 8
NETGEAR 8800 User Manual Displaying Real-Time Log Messages 225 Displaying Event Logs 226 Uploading sFlow Configuration Example 232 Displaying sFlow Information 233 Using RMON 233 About RMON 233 Supported RMON Groups of the Switch 234 Configuring RMON 236 Event Actions 237 Displaying RMON - Netgear XCM8806 Chassis | User Manual - Page 9
NETGEAR 8800 User Manual Chapter 10 FDB Overview 271 FDB Contents 272 How FDB Entries Get from IP ARP Packets 275 Clearing FDB Entries 275 Managing Multiple Port FDB Entries 276 Supporting Remote Mirroring 276 Managing FDB MAC Address Tracking 277 Displaying FDB Entries and Statistics 278 - Netgear XCM8806 Chassis | User Manual - Page 10
NETGEAR 8800 User Manual Chapter 13 ACLs Overview 299 ACL Rule Syntax 300 Matching All Based Redirect 338 Layer 2 Policy-Based Redirect 339 Policy-Based Redirection Redundancy 341 ACL Troubleshooting 344 Chapter 14 Routing Policies Overview 346 Routing Policy File Syntax 346 Policy Match Type - Netgear XCM8806 Chassis | User Manual - Page 11
NETGEAR 8800 User Manual Multicast Traffic Queues 371 Egress Port Rate Limiting and Rate Shaping Login Overview 389 Web-Based, MAC-Based, and 802.1x Authentication 390 Multiple Supplicant Support 392 Campus and ISP Modes 392 Network Login and Hitless Failover 393 Configuring Network Login - Netgear XCM8806 Chassis | User Manual - Page 12
NETGEAR 8800 User Manual Customizable Graphical Image in Logout Popup Window 417 Web-Based VLANs for Network Login 428 Configuring Network Login Port Restart 431 Authentication Failure and Services Unavailable Handling 432 Chapter 17 Security Overview 434 Safe Defaults Mode 436 MAC Security - Netgear XCM8806 Chassis | User Manual - Page 13
NETGEAR 8800 User Manual How Network Login Authentication Differs from Management Session Authentication 474 Configuration Overview for Authenticating Network Login Users . . . . . 475 Configuring the RADIUS Client 475 Configuring the - Netgear XCM8806 Chassis | User Manual - Page 14
NETGEAR 8800 User Manual EMISTP Deployment Constraints 542 Per VLAN Spanning Tree 544 STPD VLAN Mapping 545 Native VLAN 545 Rapid Spanning Tree Protocol 545 RSTP Concepts 545 RSTP - Netgear XCM8806 Chassis | User Manual - Page 15
NETGEAR 8800 User Manual Configuring the Relative Route Priority 613 Configuring Hardware Routing Table Usage Server 632 IP Broadcast Handling 632 IP Broadcast Handling Details 632 Command-line Support for IP Broadcast Handling 633 VLAN Aggregation 634 VLAN Aggregation Properties 635 VLAN - Netgear XCM8806 Chassis | User Manual - Page 16
8800 User Manual Managing Router Discovery 649 Managing Tunnels 650 Verifying the IP Unicast Routing Configuration 651 Configuring Route Sharing 651 Configuring Route Compression 652 Hardware Forwarding Behavior 652 Hardware Forwarding Limitations 653 Hardware Tunnel Support 653 Routing - Netgear XCM8806 Chassis | User Manual - Page 17
NETGEAR 8800 User Manual Graceful OSPF Restart 676 Areas 677 Point-to-Point Support 680 Route Redistribution 681 Configuring Route Edge Mode 689 Link State Database 689 Areas 690 Link-Type Support 692 Route Redistribution 693 Configuring Route Redistribution 693 OSPFv3 Timers 694 - Netgear XCM8806 Chassis | User Manual - Page 18
NETGEAR 8800 User Manual Route Redistribution 717 BGP ECMP 717 BGP Static Network 718 Graceful BGP Looking Up the RPF for a Multicast Source 756 Displaying the PIM Snooping Configuration 757 Troubleshooting PIM 757 Multicast Trace Tool 757 Multicast Router Information Tool 758 18 | Contents - Netgear XCM8806 Chassis | User Manual - Page 19
User Manual Chapter 28 IPv6 Multicast Overview 759 Managing MLD 760 Enabling and Disabling MLD on a VLAN 760 Configuring MLD 760 Clearing MLD Group Registration 760 Configuring Static MLD Groups and Routers 760 Displaying MLD Information 761 Chapter 29 MSDP Overview 762 Supported Platforms - Netgear XCM8806 Chassis | User Manual - Page 20
NETGEAR 8800 User Manual Part 3: Appendixes Appendix A XCM8800 Software Licenses Overview 793 Switch 826 Upgrading the Firmware 827 Displaying the BootROM and Firmware Versions 828 Appendix C Troubleshooting Troubleshooting Checklists 830 Layer 1 830 Layer 2 830 Layer 3 831 LEDs 833 Using - Netgear XCM8806 Chassis | User Manual - Page 21
NETGEAR 8800 User Manual General Tips and Recommendations 835 MSM Prompt 837 Command Prompt Viewing the Hash Algorithm Setting 855 Contacting NETGEAR Technical Support 855 Appendix D Supported Protocols, MIBs, and Standards MIB Support Details 861 Standard MIBs 862 NETGEAR Proprietary MIBs - Netgear XCM8806 Chassis | User Manual - Page 22
Conventions on page 23 • Related Publications on page 24 Introduction This guide provides the required information to configure the NETGEAR 8800 software in the currently supported versions running on NETGEAR switches. This guide is intended for use by network administrators who are responsible for - Netgear XCM8806 Chassis | User Manual - Page 23
NETGEAR 8800 User Manual Terminology When features, functionality, or operation is specific to a you see the word "enter" in this guide, you must type something, and then press the Return or Enter key. Do not press the Return or Enter key when an instruction simply says "type." Key names are written - Netgear XCM8806 Chassis | User Manual - Page 24
Related Publications The publications related to this one are: • NETGEAR 8800 Chassis Switch CLI Manual • NETGEAR 8800 Release Notes • NETGEAR 8800 Series Switches Hardware Installation Guide Documentation for NETGEAR products is available on the World Wide Web at the following location: http://www - Netgear XCM8806 Chassis | User Manual - Page 25
NETGEAR 8800 User Manual Chapter 1. Overview | 25 - Netgear XCM8806 Chassis | User Manual - Page 26
Part 1: Using the NETGEAR 8800 - Netgear XCM8806 Chassis | User Manual - Page 27
Configuring Management Access on page 39 • Managing Passwords on page 45 • Access to Both MSM/MM Console Ports on page 47 • Domain Name Service Client Services on page 47 • Checking Basic Connectivity on page 48 • Displaying Switch Information on page 50 Overview Table 3 lists the products that run - Netgear XCM8806 Chassis | User Manual - Page 28
User Manual Software series modules and the XCM8800 software version required to support each module. Table 4. NETGEAR 8000 Series Switch Modules Accounts on page 44.) Wait for the following message to appear: Authentication Service (AAA) on the master node is now available for login. At this - Netgear XCM8806 Chassis | User Manual - Page 29
are also described in this guide in order to describe how to use the features of the XCM8800 software. However, only a subset of commands are described here, and in some cases only a subset of the options that a command supports. The NETGEAR 8800 Chassis Switch CLI Manual should be considered the - Netgear XCM8806 Chassis | User Manual - Page 30
NETGEAR 8800 User Manual Syntax Helper The CLI has a built-in syntax helper. If you are unsure of the complete syntax for a particular command, enter as much of the - Netgear XCM8806 Chassis | User Manual - Page 31
NETGEAR 8800 User Manual Object Names All named components within a category of the switch configuration, such as VLAN, must be given a unique object name. Object names must begin with - Netgear XCM8806 Chassis | User Manual - Page 32
NETGEAR 8800 User Manual Table 5. Reserved Keywords Reserved Keywords aaa access-list account accounts show slot slot-poll- interval smartredundancy snmp snmpv3 sntp-client source ssl stacking stacking- support stack-topology start-size stp stpd subvlan-proxy- arp svlan switch switch-mode sys - Netgear XCM8806 Chassis | User Manual - Page 33
NETGEAR 8800 User Manual Note: XCM8800 software does not support the ampersand (&), left angle bracket (), because they are reserved characters with special meaning in XML. Table 6. Command Syntax Symbols Symbol angle - Netgear XCM8806 Chassis | User Manual - Page 34
NETGEAR 8800 User Manual Port Numbering The XCM8800 software runs on both stand-alone and :port For example, if an I/O module that has a total of four ports is installed in slot 2 of the chassis, the following ports are valid: • 2:1 • 2:2 • 2:3 • 2:4 You can also use wildcard combinations (*) to - Netgear XCM8806 Chassis | User Manual - Page 35
to a particular feature may also be described in other chapters of this guide. For a detailed description of the commands and their options, see the NETGEAR 8800 Chassis Switch CLI Manual. Table 8. Common Commands Command Description clear session [history | | all] Terminates a Telnet - Netgear XCM8806 Chassis | User Manual - Page 36
Daylight Saving Time change based on the North American standard. Additional options are described in the NETGEAR 8800 Chassis Switch CLI Manual. configure {vlan} ipaddress [ {} | ipv6-link-local | {eui64} ] Configures an IP address and subnet - Netgear XCM8806 Chassis | User Manual - Page 37
NETGEAR 8800 User Manual Table 8. Common Commands (Continued) Command Description delete account Deletes a user account. delete vlan Deletes a VLAN. disable bootp vlan [ | all] Disables BOOTP for - Netgear XCM8806 Chassis | User Manual - Page 38
NETGEAR 8800 User Manual Table 8. Common Commands (Continued) Command show banner unconfigure switch {all} Description Displays the user-configured banner. Resets all switch parameters (with the exception of defined - Netgear XCM8806 Chassis | User Manual - Page 39
NETGEAR 8800 User Manual configured to eliminate this problem. Would you like to disable SNMP? [y/N]: All ports are enabled by default. In some secure applications, it maybe more desirable for the ports to be - Netgear XCM8806 Chassis | User Manual - Page 40
Manual • Default Accounts on page 43 • Creating a Management Account on page 43 • Failsafe Accounts on page 44 Account Access Levels XCM8800 software supports , the command line prompt ends with a (#) sign. For example: XCM8806-1.18 # Configuring the Banner You can configure a banner that displays as - Netgear XCM8806 Chassis | User Manual - Page 41
NETGEAR 8800 User Manual Using the acknowledge parameter prompts the user with the logged on with user capabilities, the command line prompt ends with a (>) sign. For example: XCM8806-1.2 > Using the system recovery commands (see Chapter 8, Status Monitoring and Statistics for information on - Netgear XCM8806 Chassis | User Manual - Page 42
NETGEAR 8800 User Manual message on the startup screen. The message is slightly different, slots are shut down: 1,3 Use the "clear sys-recovery-level" command to restore I/O modules ! XCM8806-8810.1 # When an exclamation point (!) appears in front of the command line prompt, it indicates that - Netgear XCM8806 Chassis | User Manual - Page 43
NETGEAR 8800 User Manual Default Accounts By default, the switch is configured with two accounts, as shown in Table 9. Table 9. Default Accounts Account Name admin user Access Level This - Netgear XCM8806 Chassis | User Manual - Page 44
8800 User Manual Failsafe altered as specified. For example: XCM8806-8810.1 # configure failsafe-account deny all XCM8806-8810.2 # configure failsafe-account permit the failsafe account cannot be recovered by NETGEAR. Technical support cannot retrieve passwords or account names for this account. - Netgear XCM8806 Chassis | User Manual - Page 45
NETGEAR 8800 User Manual Managing Passwords When you first access the switch, you have a default account. You configure a password for your default account. As you create other accounts (see - Netgear XCM8806 Chassis | User Manual - Page 46
NETGEAR 8800 User Manual Note: If you forget your password while logged out of the CLI, you can use the bootloader to reinstall a default switch configuration, which allows access - Netgear XCM8806 Chassis | User Manual - Page 47
NETGEAR 8800 User Manual Note: If you are not working on SSH, you can configure the you are connected to. Use the following command: telnet msm [a | b] Domain Name Service Client Services The Domain Name Service (DNS) client in XCM8800 software augments the following commands to allow them to accept - Netgear XCM8806 Chassis | User Manual - Page 48
NETGEAR 8800 User Manual • ping • traceroute • configure radius server client-ip • configure tacacs server client-ip The DNS client can resolve host names to both IPv4 and IPv6 addresses. - Netgear XCM8806 Chassis | User Manual - Page 49
NETGEAR 8800 User Manual Table 10. Ping Command Parameters Parameter Description count start-size the echo message. If not specified, VR-Default is used. Note: User-created VRs are supported only on the platforms listed for this feature in Appendix A, XCM8800 Software Licenses. ipv4 Specifies - Netgear XCM8806 Chassis | User Manual - Page 50
NETGEAR 8800 User Manual Traceroute The traceroute command enables you to trace the routed path between the switch and a destination endstation. The traceroute command syntax is: traceroute {vr } { - Netgear XCM8806 Chassis | User Manual - Page 51
Shell 2 on page 62 • Using the Trivial File Transfer Protocol on page 62 • Understanding System Redundancy on page 64 • Understanding Hitless Failover Support on page 69 • Understanding Power Supply Management on page 72 • Using the Simple Network Management Protocol on page 76 • Using the Simple - Netgear XCM8806 Chassis | User Manual - Page 52
NETGEAR 8800 User Manual The switch supports up to the following number of concurrent user sessions: • combination of eight Telnet and SSH connections can access the switch even though Telnet and SSH each support eight connections. For example, if you have six Telnet sessions and two SSH sessions, no - Netgear XCM8806 Chassis | User Manual - Page 53
NETGEAR 8800 User Manual Note: For more information on the console port pinouts, see the hardware installation guide included with your switch. port provides dedicated remote access to the switch using TCP/IP. It supports the following management methods: • Telnet/SSH2 using the CLI interface • SNMP - Netgear XCM8806 Chassis | User Manual - Page 54
Manual • TACACS+ • Local database of accounts and passwords Note: You cannot configure RADIUS and TACACS+ at the same time. RADIUS Client Remote Authentication Dial In User Service , see Chapter 2, Getting Started. Using Telnet XCM8800 supports the Telnet Protocol based on RFC 854. Telnet allows - Netgear XCM8806 Chassis | User Manual - Page 55
NETGEAR 8800 User Manual • About the Telnet Client on page 55 • About the Telnet Server on specify the IP address or host name of the device that you want to connect to. Check the user manual supplied with the Telnet facility if you are unsure of how to do this. After the connection is established - Netgear XCM8806 Chassis | User Manual - Page 56
NETGEAR 8800 User Manual Connecting to Another Host Using Telnet You can Telnet from the current CLI session to another host using the following command: telnet {vr } [ | ] {} Note: User-created VRs are supported only on the platforms listed for this feature in - Netgear XCM8806 Chassis | User Manual - Page 57
IP address, so you cannot configure the BOOTP or DHCP server to assign multiple specific IP addresses to a switch depending solely on the MAC address. Manually Configuring the IP Settings If you are using IP without a BOOTP server, you must enter the IP parameters for the switch in order for the - Netgear XCM8806 Chassis | User Manual - Page 58
NETGEAR 8800 User Manual 5. Assign an IP address and subnetwork mask for the default VLAN by using the switch by typing: logout or quit Configuring Telnet Access to the Switch By default, Telnet services are enabled on the switch and all virtual routers listen for incoming Telnet requests. The switch - Netgear XCM8806 Chassis | User Manual - Page 59
NETGEAR 8800 User Manual The safe defaults mode runs an interactive script that allows reserved port, the switch displays an error message. Using ACLs to Control Telnet Access By default, Telnet services are enabled on the switch. You can restrict Telnet access by using an access control list (ACL) - Netgear XCM8806 Chassis | User Manual - Page 60
NETGEAR 8800 User Manual MyAccessProfile.pol entry AllowTheseSubnets { if { source-address 10.203.133.0 /24; } then { permit; } } In the following example named MyAccessProfile.pol, the switch permits connections from - Netgear XCM8806 Chassis | User Manual - Page 61
NETGEAR 8800 User Manual source-address 10.203.133.0 /24; source-address 10.203.135.0 /24; } then { deny; configured ACL. In the ACL policy file for Telnet, the source-address field is the only supported match condition. Any other match conditions are ignored. Note: Do not also apply the policy to - Netgear XCM8806 Chassis | User Manual - Page 62
NETGEAR 8800 User Manual enable telnet You must be logged in as an administrator to configure For detailed information about SSH2, see Chapter 17, Security. Using the Trivial File Transfer Protocol XCM8800 supports the Trivial File Transfer Protocol (TFTP) based on RFC 1350. TFTP is a method used to - Netgear XCM8806 Chassis | User Manual - Page 63
8800 User Manual is a the switch concurrently. NETGEAR recommends using a TFTP server that supports blocksize negotiation (as described in RFC 2348, TFTP Blocksize the core dump files stored on your switch, see Appendix C, Troubleshooting. If configured, you can transfer core dump (debug) files - Netgear XCM8806 Chassis | User Manual - Page 64
memcard> | ]}] {force-overwrite} Note: User-created VRs are supported only on the platforms listed for this feature in Appendix A, XCM8800 Software For more information, see the tftp get command in the NETGEAR 8800 Chassis Switch CLI Manual. • tftp put [ | ] {-vr < - Netgear XCM8806 Chassis | User Manual - Page 65
NETGEAR 8800 User Manual Node Election Node election is based on leader election between the MSMs/MMs installed in the chassis. By default, the MSM/MM installed in slot A has or master-capable nodes are running software that supports the synchronize command. Chapter 3. Managing the Switch | 65 - Netgear XCM8806 Chassis | User Manual - Page 66
NETGEAR 8800 User Manual You can cause the primary to failover to the backup, thereby relinquishing down. • If the nodes are not synchronized and both nodes are running a version of XCM8800 that supports synchronization, proceed to step 2. • If the nodes are synchronized, proceed to step 3. 2. If the - Netgear XCM8806 Chassis | User Manual - Page 67
NETGEAR 8800 User Manual Relaying Configuration Information To facilitate a failover from the primary node to the backup node, the primary transfers its active configuration to the backup. Relaying configuration - Netgear XCM8806 Chassis | User Manual - Page 68
NETGEAR 8800 User Manual Dynamic Checkpointing After an application transfers its saved state following command: show checkpoint-data {} This command is also helpful in debugging synchronization problems that occur at run time. This command displays, in percentages, the amount of copying - Netgear XCM8806 Chassis | User Manual - Page 69
NETGEAR 8800 User Manual Table 11. Node States (Continued) Node State MASTER STANDBY Description in the standby state. Understanding Hitless Failover Support The term hitless failover has slightly different meanings on a modular chassis. On a modular chassis, MSMs/MMs do not directly control - Netgear XCM8806 Chassis | User Manual - Page 70
NETGEAR 8800 User Manual Table 12. Protocol Support for Hitless Failover Protocol Behavior Hitless Border LLDP) Since LLDP is more of a tool than a protocol, there is no hitless failover No support. LLDP is also a MIB interface to query the information learned. After a failover, it takes - Netgear XCM8806 Chassis | User Manual - Page 71
NETGEAR 8800 User Manual Table 12. Protocol Support for Hitless Failover (Continued) Protocol Behavior at any time with no impact on the network. Virtual Router Redundancy Protocol (VRRP) VRRP supports hitless failover. The primary node replicates VRRP PDUs to Yes the backup, which allows the - Netgear XCM8806 Chassis | User Manual - Page 72
NETGEAR 8800 User Manual Table 12. Protocol Support for Hitless Failover (Continued) Protocol Behavior Hitless Dynamic Host Configuration Protocol client The IP addresses learned on all DHCP enabled VLANs are retained on the - Netgear XCM8806 Chassis | User Manual - Page 73
NETGEAR 8800 User Manual • Logs power resource changes, including power budget, total available power, Power supply in slot 6 is not supported and is being disabled. When a combination of 700/1200 W AC PSUs and 600/900 W AC PSUs are powered on in the same NETGEAR 8806 chassis, all 700/1200 W AC PSUs - Netgear XCM8806 Chassis | User Manual - Page 74
NETGEAR 8800 User Manual • Calculates the number of I/O modules to power up based on if only one MSM/MM is installed. • Reserves the amount of power required to power all fans and chassis components. • Calculates the current power surplus or shortfall. • Logs and sends SNMP traps for transitions in - Netgear XCM8806 Chassis | User Manual - Page 75
NETGEAR 8800 User Manual • If a switch has PSUs with a mix of both 220V AC and 110V AC a combination of 700/1200 W AC PSUs and 600/900 W AC PSUs are powered on in the same BlackDiamond 8806 chassis, all 700/1200 W AC PSUs are budgeted "down" to match the lower powered 600/900 W AC output values to - Netgear XCM8806 Chassis | User Manual - Page 76
NETGEAR 8800 User Manual Note: If you override automatic power supply management, you may reduce the management facilities. Note: When using a network manager program to create a VLAN, NETGEAR does not support the SNMP create and wait operation. To create a VLAN with SNMP, use the create and go - Netgear XCM8806 Chassis | User Manual - Page 77
NETGEAR 8800 User Manual The Simple Book by Marshall T. Rose ISBN 0-13-8121611-9 Published by Prentice Hall. This section describes the following SNMP topics: • Enabling and Disabling SNMPv1/v2c and SNMPv3 on page 77 • Accessing Switch Agents on page 78 • Supported MIBs on page 78 • Configuring - Netgear XCM8806 Chassis | User Manual - Page 78
NETGEAR 8800 User Manual If you choose to keep the default setting for SNMP-the access the SNMP agent residing in the switch, at least one VLAN must have an assigned IP address. XCM8800 supports either IPv4 or IPv6 addresses to manage the switch. By default, SNMP access and SNMPv1/v2c traps are - Netgear XCM8806 Chassis | User Manual - Page 79
NETGEAR 8800 User Manual Configuring SNMPv1/v2c Settings The following SNMPv1/v2c parameters can snmp access-profile readonly • To configure SNMP to use an ACL policy and support the read/write option explicitly, use the following command: configure snmp access-profile - Netgear XCM8806 Chassis | User Manual - Page 80
NETGEAR 8800 User Manual • Read community strings provide read-only access to the switch. have assigned to this switch. The default name is the model name of the switch (for example, XCM8806-1.2). • System location (optional)-Using the system location field, you can enter the location of the switch. - Netgear XCM8806 Chassis | User Manual - Page 81
NETGEAR 8800 User Manual SNMPv3 SNMPv3 is an enhanced standard for SNMP that improves the security and privacy of SNMP access to managed devices and provides sophisticated control of - Netgear XCM8806 Chassis | User Manual - Page 82
NETGEAR 8800 User Manual • Disclosure, where packet exchanges are sniffed (examined) and information is learned about the contents The access control subsystem provides the ability to configure whether access - Netgear XCM8806 Chassis | User Manual - Page 83
Manual latestReceivedEngineTime for every authoritative engine it wants to communicate with. Comparing these objects with the values received in messages and then applying certain rules to decide upon the message validity accomplish protection against message delay or message replay. In a chassis - Netgear XCM8806 Chassis | User Manual - Page 84
>]] Note: The SNMPv3 specifications describe the concept of a security name. In the XCM8800 implementation, the user name and security name are identical. In this manual, both terms are used to refer to the same thing. Groups Groups are used to manage access for the MIB. You use groups to define - Netgear XCM8806 Chassis | User Manual - Page 85
NETGEAR 8800 User Manual disable snmpv3 default-group Users are associated with groups using the following command: the security model based on the network manager in your network. The three security levels supported by USM are: • noAuthnoPriv-No authentication, no privacy. This is the case with - Netgear XCM8806 Chassis | User Manual - Page 86
NETGEAR 8800 User Manual For privacy, the user can select any one of the following supported privacy protocols: DES, 3DES, AES 128/192/256. In the case of DES, a 16-octet key is provided as input to DES-CBS encryption protocol - Netgear XCM8806 Chassis | User Manual - Page 87
NETGEAR 8800 User Manual To delete a MIB view, use the following command: configure snmpv3 delete mib-view [all-non-defaults | {[[hex ] | ] {subtree }}] MIB views that are - Netgear XCM8806 Chassis | User Manual - Page 88
NETGEAR 8800 User Manual Target Parameters Target parameters specify the MP model, security model, security level, and user name (security name) used for messages sent to the target address. - Netgear XCM8806 Chassis | User Manual - Page 89
NETGEAR 8800 User Manual show snmpv3 filter-profile {[[hex ] | ]} {param [[hex < filters, and any necessary notification tags. Using the Simple Network Time Protocol The XCM8800 supports the client portion of the Simple Network Time Protocol (SNTP) Version 3 based on - Netgear XCM8806 Chassis | User Manual - Page 90
NETGEAR 8800 User Manual broadcast NTP updates. In addition, the switch supports the configured setting for Greenwich Mean time (GMT) offset and the use of Daylight Saving Time. Configuring and Using SNTP To use SNTP: 1. Identify the - Netgear XCM8806 Chassis | User Manual - Page 91
NETGEAR 8800 User Manual Table 14. Time Zone Configuration Command Options (Continued) dst_timezone_ID Specifies an optional name for this Daylight Saving Time specification. May be up to six characters - Netgear XCM8806 Chassis | User Manual - Page 92
NETGEAR 8800 User Manual configure sntp-client primary fd98:d3e2:f0fe:0:54ae:34ff:fecc:892 configure sntp-client primary ntpserver.mydomain.com NTP queries are first sent to the - Netgear XCM8806 Chassis | User Manual - Page 93
NETGEAR 8800 User Manual Table 15. Greenwich Mean Time Offsets (Continued) GMT Offset in Hours -8:00 GMT Offset Common Time Zone References in Minutes -480 PST - Pacific Standard -9:00 - - Netgear XCM8806 Chassis | User Manual - Page 94
NETGEAR 8800 User Manual SNTP Example In this example, the switch queries a specific NTP server and a backup NTP server. The switch is located in Cupertino, California, and an update - Netgear XCM8806 Chassis | User Manual - Page 95
allocation, and error events handling. Redundancy and data replication is a built-in mechanism of XCM8800. The system infrastructure provides basic redundancy support and libraries for all of the XCM8800 applications. Note: For information about downloading and upgrading a new software image, saving - Netgear XCM8806 Chassis | User Manual - Page 96
restrictions, see the specific command in the NETGEAR 8800 Chassis Switch CLI Manual. You can also download configuration and policy files from the Support personnel, you can configure the switch to capture core dump files, which contain debugging information that is useful in troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 97
NETGEAR 8800 User Manual situations. For more information about configuring core dump files and managing the core dump files stored on your switch, see Appendix C, Troubleshooting. This section describes the following file management topics: • Moving or Renaming Files on the Switch on page 97 • - Netgear XCM8806 Chassis | User Manual - Page 98
NETGEAR 8800 User Manual For example, if you have an existing configuration file named test.cfg core dump files and managing the core dump files stored on your switch, see Appendix C, Troubleshooting. This command also replicates the action from the primary node to the backup node. For example - Netgear XCM8806 Chassis | User Manual - Page 99
NETGEAR 8800 User Manual • old-name-internal-Specifies the name of the core dump about configuring core dump files and managing the core dump files stored on your switch, see Appendix C, Troubleshooting. This command also replicates the action from the primary node to the backup node. For example, - Netgear XCM8806 Chassis | User Manual - Page 100
NETGEAR 8800 User Manual cp test.cfg test_rev2.cfg On a modular switch, the following command dump files and managing the core dump files stored on your switch, see Appendix C, Troubleshooting. Example The following command displays all of the configuration and policy files stored on your switch - Netgear XCM8806 Chassis | User Manual - Page 101
NETGEAR 8800 User Manual ls memorycard The following is sample output from this command: -rwxr-xr-x 1 root 0 -rwxr- • vr_name-Specifies the name of the virtual router. Note: User-created VRs are supported only on the platforms listed for this feature in Appendix A, XCM8800 Software Licenses. • - Netgear XCM8806 Chassis | User Manual - Page 102
more information, see the tftp get command in the NETGEAR 8800 Chassis Switch CLI Manual. To transfer a configuration or policy file from the switch to the name of the virtual router. Note: User-created VRs are supported only on the platforms listed for this feature in Appendix A, XCM8800 Software - Netgear XCM8806 Chassis | User Manual - Page 103
NETGEAR 8800 User Manual • memorycard-Specifies the removable external compact flash memory card. (This dump files and managing the core dump files stored on your switch, see Appendix C, Troubleshooting. For the memorycard option, this command transfers an existing file to or from the external - Netgear XCM8806 Chassis | User Manual - Page 104
NETGEAR 8800 User Manual When you delete a configuration or policy file from the system, make core dump files and managing the core dump files stored on your switch, see Appendix C, Troubleshooting. This command also replicates the action from the primary node to the backup node. For example - Netgear XCM8806 Chassis | User Manual - Page 105
NETGEAR 8800 User Manual Table 16. Configuration File Management Task Behavior Configuration file database XCM8800 supports saving a configuration file into any named file and supports more than two saved configurations. For example, you can download a configuration file from a network TFTP - Netgear XCM8806 Chassis | User Manual - Page 106
User Manual Managing or the specified process running on the switch. • slotid-On a modular chassis, specifies the slot number of the MSM/MM. A specifies the MSM/ ensure that you have version-compatible processes and if you experience a problem. • Not Started-The process has not been started. This can - Netgear XCM8806 Chassis | User Manual - Page 107
NETGEAR 8800 User Manual • Ready-The process usage Stopping a Process If recommended by NETGEAR Technical Support personnel, you can stop a running process. To network, and other types of process cleanup. • slot-For a modular chassis, specifies the slot number of the MSM/MM. A specifies the MSM/MM - Netgear XCM8806 Chassis | User Manual - Page 108
NETGEAR 8800 User Manual process. Do not save the configuration or change the } Where the following is true: • name-Specifies the name of the process. • slot-For a modular chassis, specifies the slot number of the MSM/MM. A specifies the MSM/MM installed in slot A. B specifies the - Netgear XCM8806 Chassis | User Manual - Page 109
, see the previous section or the NETGEAR 8800 Chassis Switch CLI Manual.omm Understanding Memory Protection The XCM8800 provides memory management these commands may be useful for your technical support representative if you experience a problem. Chapter 4. Managing the XCM8800 Software | 109 - Netgear XCM8806 Chassis | User Manual - Page 110
NETGEAR 8800 User Manual Monitoring CPU Utilization You can monitor the CPU utilization and peak utilization. Monitoring the workload of the CPU allows you to troubleshoot and identify suspect processes before they become a problem. By default, the switch monitors CPU utilization every 5 seconds - Netgear XCM8806 Chassis | User Manual - Page 111
NETGEAR 8800 User Manual • slot-For a modular chassis, specifies the slot number of the MSM/MM. A specifies the MSM installed in slot A. B specifies the MSM installed in slot B. The number is a value from 1 - Netgear XCM8806 Chassis | User Manual - Page 112
NETGEAR 8800 User Manual MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A ... cli devmgr dirser dosprotect ems epm etmon 0.0 0.0 0.0 48.3 9.6 2.5 2.1 48.3 0.51 0.0 0.0 0.0 0.9 0.3 0.2 0.2 17.1 2.22 0.0 0.0 0.0 0.0 0.0 0.0 0.0 9.5 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 3.8 0.20 0.0 0.0 0.0 0.0 0.0 0.0 0.0 12.2 - Netgear XCM8806 Chassis | User Manual - Page 113
5 5. Configuring Slots and Ports on a Switch This chapter describes the following sections: • Overview on page 113 • Configuring Slots on NETGEAR 8800 Switches on page 114 • Configuring Ports on a Switch on page 116 • Jumbo Frames on page 122 • Link Aggregation on the Switch on page 124 • Mirroring - Netgear XCM8806 Chassis | User Manual - Page 114
NETGEAR 8800 User Manual Configuring Slots on NETGEAR 8800 Switches This section describes how to the module. This allows you to begin configuring the module and ports before installing the module in the chassis. If a slot is configured for one type of module, and a different type of module is - Netgear XCM8806 Chassis | User Manual - Page 115
NETGEAR 8800 User Manual To re-enable slot, use the following CLI command: enable slot You can configure the number of times that a slot can be restarted on a failure - Netgear XCM8806 Chassis | User Manual - Page 116
NETGEAR 8800 User Manual On the NETGEAR 8806 switch, the XCM88S1 with XCM888F installed has eight port For example, if an I/O module that has a total of four ports is installed in slot 2 of the chassis, the following ports are valid: • 2:1 • 2:2 • 2:3 • 2:4 You can also use wildcard combinations (*) - Netgear XCM8806 Chassis | User Manual - Page 117
and flow control settings, see Displaying Port Information on page 148. XCM8800 supports the following port types: • 10 Gbps ports • 10/100/1000 Mbps speed and duplex setting for each port (except 10 Gbps ports). You can manually configure the duplex setting and the speed of 10/100/1000 Mbps ports. - Netgear XCM8806 Chassis | User Manual - Page 118
NETGEAR 8800 User Manual Note: With autonegotiation turned off, you cannot set the speed to combination ports, the command is rejected. XCM8800 does not support turning off autonegotiation on the management port. Table 17 lists the support for autonegotiation, speed, and duplex setting for the - Netgear XCM8806 Chassis | User Manual - Page 119
NETGEAR 8800 User Manual • Advertise support for pause frames • Respond to pause frames • Do not transmit pause frames • Autonegotiation disabled • Do not advertise support for pause frames • Do not respond to pause frames • Do not transmit pause frames • 10 Gbps ports for the NETGEAR 8800 series - Netgear XCM8806 Chassis | User Manual - Page 120
NETGEAR 8800 User Manual Note: To enable TX flow-control, RX flow-control must autonegotiate; they always run at full duplex and 10 Gbps speed. Running Link Fault Signal The 10 Gbps ports support the Link Fault Signal (LFS) function. This function, which is always enabled, monitors the 10 Gbps ports - Netgear XCM8806 Chassis | User Manual - Page 121
NETGEAR 8800 User Manual fault. The system then stops transmitting or receiving traffic from that link. After the fault has been alleviated, the system puts the link back up - Netgear XCM8806 Chassis | User Manual - Page 122
Manual Under certain conditions, you might opt to turn autopolarity off on one or more ports. The following example turns autopolarity off for ports 5 to 7 on an XCM8806 bytes used for the cyclic redundancy check (CRC). NETGEAR products support switching and routing of jumbo frames at wire-speed on - Netgear XCM8806 Chassis | User Manual - Page 123
NETGEAR 8800 User Manual To enable jumbo frame support, enable jumbo frames on the desired ports. To following command: enable jumbo-frame ports [all | ] Path MTU Discovery NETGEAR 8800 switches support path MTU discovery. Using path MTU discovery, a source host assumes that the path MTU - Netgear XCM8806 Chassis | User Manual - Page 124
NETGEAR 8800 User Manual Note: Only jumbo frame-to-normal frame fragmentation is supported. Jumbo frame-to-jumbo frame fragmentation is not supported. To configure VLANs for IP fragmentation: 1. Enable jumbo frames on the incoming port. 2. Add the port to a VLAN. 3. Assign an IP address to the VLAN. - Netgear XCM8806 Chassis | User Manual - Page 125
NETGEAR 8800 User Manual to be aggregated into one logical port, or link aggregation group (LAG). See IEEE 802.3ad for more information on this feature. The advantages to - Netgear XCM8806 Chassis | User Manual - Page 126
NETGEAR 8800 User Manual In modular switches, XCM8800 supports LAGs across multiple modules, so resiliency is also provided against individual module failures. The software supports control protocols across the LAGs, both static and dynamic. If you add protocols to the port and then create a LAG on - Netgear XCM8806 Chassis | User Manual - Page 127
User Manual Note: Always reference the master logical port of the load-sharing group when configuring or viewing VLANs. VLANs configured to use other ports in the LAG will have those ports deleted from the VLAN when link aggregation is enabled. Link Aggregation Algorithms The NETGEAR 8800 supports - Netgear XCM8806 Chassis | User Manual - Page 128
NETGEAR 8800 User Manual After you enable load-sharing, the LACP protocol is enabled by lowest port number. (See Configuring LACP on page 133 for the number of active and standby LACP links supported per platform.) All ports configured in a LAG begin in an unselected state. Based on the LACPDUs - Netgear XCM8806 Chassis | User Manual - Page 129
NETGEAR 8800 User Manual The protocol then enables the aggregated link for traffic and monitors the status of the links for changes that may require reconfiguration. For example, if - Netgear XCM8806 Chassis | User Manual - Page 130
NETGEAR 8800 User Manual A LAG port moves into a defaulted state after the timeout value expires with no LACPDUs received for the other side of the link. You can configure - Netgear XCM8806 Chassis | User Manual - Page 131
NETGEAR 8800 User Manual aggregator and traffic through that particular link is redistributed to the other LAG member links. Figure 1 displays an example of a Health Check LAG: HEALTH CHECK - Netgear XCM8806 Chassis | User Manual - Page 132
NETGEAR 8800 User Manual Note: See Configuring LACP on page 133 for the maximum number of links, selected and standby, per LACP. Load Sharing Rules and Restrictions for All - Netgear XCM8806 Chassis | User Manual - Page 133
NETGEAR 8800 User Manual enable sharing grouping {algorithm [port-based | address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check} disable sharing Note: All ports that are - Netgear XCM8806 Chassis | User Manual - Page 134
NETGEAR 8800 User Manual configure sharing lacp system-priority This step is optional; LACP handles prioritization using system MAC addresses. 3. Add or delete ports to the LAG - Netgear XCM8806 Chassis | User Manual - Page 135
frequency misses } If the TCP-port, frequency, or misses are not specified, the defaults described in the NETGEAR 8800 Chassis Switch CLI Manual are used. 3. Add the LAG to a VLAN whose subnet is the same as the configured tracking IP addresses. configure vlan add port - Netgear XCM8806 Chassis | User Manual - Page 136
NETGEAR 8800 User Manual logical port serves as the LAG Group ID. VLANs configured to use other ports in the load-sharing group will have those ports deleted from - Netgear XCM8806 Chassis | User Manual - Page 137
NETGEAR 8800 User Manual enable loopback-mode v1 configure v1 add port 5 configure sharing health-check member-port 5 add track-tcp 192.168.1.101 tcp-port 8080 configure sharing - Netgear XCM8806 Chassis | User Manual - Page 138
NETGEAR 8800 User Manual Mirroring Note: You can accomplish port mirroring using ACLs. See Chapter 13, ACLs for more information. Mirroring configures the switch to copy all traffic associated - Netgear XCM8806 Chassis | User Manual - Page 139
NETGEAR 8800 User Manual • Physical port-All data that traverses the port, regardless of VLAN configuration, where each filter can be a port, a VLAN, or a port + VLAN. • The NETGEAR 8800 supports up to 16 monitor ports for one-to-many mirroring. • Only traffic ingressing a VLAN can be monitored; - Netgear XCM8806 Chassis | User Manual - Page 140
NETGEAR 8800 User Manual other source switches in the network. Make sure that VLANs meant port at all in mirroring configurations. • With one-to-many mirroring, you need to enable jumbo frame support in the mirror-to port and loopback port, if you need to mirror tagged packets of length 1519 to - Netgear XCM8806 Chassis | User Manual - Page 141
NETGEAR 8800 User Manual To enable mirroring on multiple ports, use the following command: enable mirroring to port-list loopback-port The port-list is a list - Netgear XCM8806 Chassis | User Manual - Page 142
NETGEAR 8800 User Manual switches to a port at a centralized location. Remote mirroring is accomplished by reserving a dedicated VLAN throughout the network for carrying the mirrored traffic. Figure 2 shows a typical - Netgear XCM8806 Chassis | User Manual - Page 143
NETGEAR 8800 User Manual The show mirroring output displays the remote tag when remote mirroring is configured. In NETGEAR 8800 series switches, remote mirroring can also be enabled to a - Netgear XCM8806 Chassis | User Manual - Page 144
NETGEAR 8800 User Manual Guidelines The following are guidelines for remote mirroring: • Configurations of remote mirroring, which might cause protocol packets to be remotely mirrored, are not recommended. Since - Netgear XCM8806 Chassis | User Manual - Page 145
NETGEAR 8800 User Manual configure stp1 mode dot1w configure stp1 add v1 ports all configure stp1 tag 1001 configure stp1 add vlan internalMirrorLoopback ports 8:2,1:48 enable stp1 enable stpd - Netgear XCM8806 Chassis | User Manual - Page 146
NETGEAR 8800 User Manual Software-Controlled Redundant Port and Smart Redundancy Using the software-controlled redundant port feature you can back up a specified Ethernet port (primary) with a redundant, dedicated - Netgear XCM8806 Chassis | User Manual - Page 147
NETGEAR 8800 User Manual You configure the software-controlled redundant port feature either to have the redundant link always physically up but logically blocked or to have the link - Netgear XCM8806 Chassis | User Manual - Page 148
NETGEAR 8800 User Manual To configure the switch for the Smart Redundancy feature, use the Digital Diagnostic Monitoring Interface (DDMI) provides critical information about the installed optic module and is supported on all NETGEAR 8800 blades that use 10G XFP optic modules. To display basic or - Netgear XCM8806 Chassis | User Manual - Page 149
NETGEAR 8800 User Manual show port transceiver information or show port transceiver information detail Chapter 5. Configuring Slots and Ports on a Switch | 149 - Netgear XCM8806 Chassis | User Manual - Page 150
1ab) that is used to determine the capabilities of devices such as repeaters, bridges, access points, routers, and wireless stations. LLDP support enables devices to advertise their capabilities and media-specific configuration information and to learn the same information from the devices connected - Netgear XCM8806 Chassis | User Manual - Page 151
NETGEAR 8800 User Manual The information distributed using LLDP is stored by its recipients in a • Avaya-NETGEAR Networks proprietary TLVs • LLDP media endpoint discovery (MED) TLVs The software supports several TLVs that are proprietary to Avaya and NETGEAR (avaya-NETGEAR TLVs). These TLVs primarily - Netgear XCM8806 Chassis | User Manual - Page 152
NETGEAR 8800 User Manual MED TLVs. Likewise, when disabling the LLDP MED TLVs, you must disable the LLDP-MED capabilities TLVs only after you have disabled all other LLDP - Netgear XCM8806 Chassis | User Manual - Page 153
NETGEAR 8800 User Manual • The frames are sent as untagged frames. • The frames are sent with a link- after you enable LLDP. The following information, when configured, can be sent at regular intervals: • Chassis ID (mandatory) • Port ID (mandatory) • Time-to-live (mandatory) • Port description • - Netgear XCM8806 Chassis | User Manual - Page 154
NETGEAR 8800 User Manual • Power via MDI • Link aggregation • Maximum frame size • Avaya-NETGEAR Networks not transmit, as follows: • Avaya-NETGEAR proprietary information • PD conservation level support (includes the PD's current conservation level, typical power value, and maximum power - Netgear XCM8806 Chassis | User Manual - Page 155
receive LLDP messages can store information for up to four neighbors. You manage LLDP using the CLI and SNMP. (See NETGEAR 8800 Chassis Switch CLI Manual for complete information on configuring, managing, and displaying LLDP.) The LLDP MED TLVs begin transmission only after detecting LLDP MED TLVs - Netgear XCM8806 Chassis | User Manual - Page 156
User Manual You address. LLDP does not send out IPv6 addresses in this field. Supported TLVs The TLVs are contained in the LLDPDU portion of the LLDP TLVs are enabled by default when LLDP transmit is enabled on a port: • Chassis ID • Port ID • Time to live • System description • End-of-LLDP - Netgear XCM8806 Chassis | User Manual - Page 157
Manual Note: See NETGEAR 8800 Chassis Switch CLI Manual for complete information on configuring LLDP using the CLI. Table 18. Available TLVs for Transmission Name Chassis TLV Mandatory TLV Mandatory TLV XCM8800 sends only 1 TLV Not supported Must be enabled before any other MED TLV, and must be - Netgear XCM8806 Chassis | User Manual - Page 158
only on a PoE-capable port MED TLVs transmit only after detecting a neighbor transmitting MED TLVs Mandatory TLV Note: See the NETGEAR 8800 Chassis Switch CLI Manual for complete information on configuring LLDP using the CLI. Table 19 lists the TLVs that the switch can receive, but not transmit - Netgear XCM8806 Chassis | User Manual - Page 159
NETGEAR 8800 User Manual • TTL TLV on page 159 • End-of-LLDPDU TLV on page 159 Chassis ID TLV This mandatory TLV is sent by default after you enable LLDP on the port. It is not configurable. XCM8800 software uses the system's - Netgear XCM8806 Chassis | User Manual - Page 160
NETGEAR 8800 User Manual Standards-based TLVs Note: The system description TLV is automatically enabled after you enable LLDP and is always sent as part of the LLDPDU. Although - Netgear XCM8806 Chassis | User Manual - Page 161
NETGEAR 8800 User Manual When enabled, the system sends the image information (from the show version command) in the system description TLV: XCM8800 version 11.2.0.12 v1120b12 by release- - Netgear XCM8806 Chassis | User Manual - Page 162
NETGEAR 8800 User Manual Port and protocol VLAN ID TLV You configure this TLV to be advertised or not advertised. This TLV can be repeated several times within one LLDPDU. When configured, this TLV allows the port to advertise VLANs and whether the port supports protocol-based VLANs or not. If no - Netgear XCM8806 Chassis | User Manual - Page 163
NETGEAR 8800 User Manual Maximum frame size TLV You configure this TLV to be advertised or not advertised. This TLV allows the port to advertise its maximum supported frame size to its neighbors. When jumbo frames are not enabled on the specified port, the TLV reports a value of 1518 after you - Netgear XCM8806 Chassis | User Manual - Page 164
NETGEAR 8800 User Manual Network policy TLV You configure this MED TLV to allow both network connectivity devices and endpoint devices to advertise VLAN configuration and associated Layer 2 and - Netgear XCM8806 Chassis | User Manual - Page 165
configure LLDP using the CLI. See the NETGEAR 8800 Chassis Switch CLI Manual for complete information on configuring LLDP. You can -only} After you enable LLDP, the following TLVs are automatically added to the LLDPDU: • Chassis ID • Port ID • TTL • System description • End of LLDPDU All of these, - Netgear XCM8806 Chassis | User Manual - Page 166
NETGEAR 8800 User Manual Note: The LLDP timers apply to the entire device and are configure lldp transmit-hold Configuring SNMP for LLDP You can send SNMP traps regarding LLDP; the software supports the LLDP MIB. By default, SNMP LLDP traps are disabled on all ports; to enable LLDP SNMP traps - Netgear XCM8806 Chassis | User Manual - Page 167
NETGEAR 8800 User Manual Note: If you want to send traps for LLDP MED, you must configure it separately. Use the enable snmp traps lldp-med {ports [all | ]} - Netgear XCM8806 Chassis | User Manual - Page 168
NETGEAR 8800 User Manual To advertise the system name, use the following command: configure lldp ports any TLVs after that limit are dropped. You can advertise the speed capabilities, autonegotiation support and status and physical interface of the LLDP-enabled port using the MAC/PHY configuration/ - Netgear XCM8806 Chassis | User Manual - Page 169
NETGEAR 8800 User Manual Configure the power via MDI TLV to advertise the PoE capabilities of the LLDP-enabled port. To advertise the PoE capabilities and status, use the - Netgear XCM8806 Chassis | User Manual - Page 170
display information on the LLDP port configuration and on the LLDP neighbors detected on the port. Note: See NETGEAR 8800 Chassis Switch CLI Manual for complete information on displaying LLDP settings. Displaying LLDP Port Configuration Information and Statistics To display LLDP port configuration - Netgear XCM8806 Chassis | User Manual - Page 171
NETGEAR 8800 User Manual To display the statistical counters related to the LLDP port, use the show lldp statistics command. Displaying LLDP Information Detected from Neighboring Ports To display - Netgear XCM8806 Chassis | User Manual - Page 172
With PoE, a single Ethernet cable supplies power and the data connection, reducing costs associated with separate power cabling and supply. The system supports hitless failover for PoE in a system with two Management Switch Fabric Modules (MSMs). Hitless failover means that if the primary MSM fails - Netgear XCM8806 Chassis | User Manual - Page 173
Port LED control for indicating the link state • Support for hitless failover in a chassis with two MSMs For detailed information on using the PoE NETGEAR 8800 Chassis Switch CLI Manual. Power Checking for PoE Module PoE modules require more power than other I/O modules. When a chassis containing a - Netgear XCM8806 Chassis | User Manual - Page 174
NETGEAR 8800 User Manual paragraph. If there is now enough power, I/O modules that were not powered to the entire switch, or per slot or per port. If you are working on a NETGEAR 8800 switch chassis, you must reserve power for each PoE slot. By default, 50 watts of inline power is provided to each - Netgear XCM8806 Chassis | User Manual - Page 175
NETGEAR 8800 User Manual Note: NETGEAR recommends that, when using a modular switch, you fully populate a single PoE module with PDs until the power usage is just below the usage - Netgear XCM8806 Chassis | User Manual - Page 176
NETGEAR 8800 User Manual The default value is deny-port. So, if you do not change the default value and the switch's or slot's power is exceeded, the next - Netgear XCM8806 Chassis | User Manual - Page 177
NETGEAR 8800 User Manual stays in the fault state until you disable that port, or disconnect the attached PD, or reconfigure the operator limit to be high enough to - Netgear XCM8806 Chassis | User Manual - Page 178
NETGEAR 8800 User Manual Legacy Devices XCM8800 software allows the use of non-standard PDs with the switch. These are PDs that do not comply with the IEEE 802. - Netgear XCM8806 Chassis | User Manual - Page 179
NETGEAR 8800 User Manual Configuring PoE PoE supports a full set of configuration and monitoring commands that allow you to configure, manage, and display PoE settings at the system, slot, and port level. See the NETGEAR 8800 Chassis Switch CLI Manual for complete information on using the CLI - Netgear XCM8806 Chassis | User Manual - Page 180
NETGEAR 8800 User Manual disable inline-power slot disable inline-power ports [all | ] Disabling the inline power to a PD immediately removes power from the PD. To display - Netgear XCM8806 Chassis | User Manual - Page 181
NETGEAR 8800 User Manual the switch. This is called the disconnect precedence method, and you configure one method for the entire switch. The available disconnect precedence methods are: • Deny - Netgear XCM8806 Chassis | User Manual - Page 182
NETGEAR 8800 User Manual configure inline-power priority [critical | high | low] ports To reset the port priority to the default value of low, use the following command: unconfigure - Netgear XCM8806 Chassis | User Manual - Page 183
NETGEAR 8800 User Manual To reset the switch to the default value, which does not detect legacy PDs, use the following command: disable inline-power legacy slot To - Netgear XCM8806 Chassis | User Manual - Page 184
NETGEAR 8800 User Manual Adding an XCM88P Daughter Card to an Existing Configuration XCM8848T output displays the results of the show slot command with slot 4 configured: * XCM8806.2 # * XCM8806.2 # show slot Slots Type Configured State Ports Flags Slot-1 XCM8824F XCM8824F Operational - Netgear XCM8806 Chassis | User Manual - Page 185
NETGEAR 8800 User Manual Slot-6 XCM8848T(P) XCM8848T Operational MSM-A XCM88S1 Operational MSM-B XCM88S1 Operational Flags : results of the show slot command after this command has been executed: XCM8806.2 # show slot Slots Type Configured State Ports Flags Slot-1 XCM8824F XCM8824F - Netgear XCM8806 Chassis | User Manual - Page 186
NETGEAR 8800 User Manual Displaying PoE Settings and Statistics You can display the PoE status, configuration, and statistics for the system, slot, and port levels. Clearing Statistics You can - Netgear XCM8806 Chassis | User Manual - Page 187
NETGEAR 8800 User Manual • Not operational • Disabled • Subsystem failure • Card not present • Slot disabled • Budgeted power-The amount of inline power, in watts, that is reserved and available to - Netgear XCM8806 Chassis | User Manual - Page 188
NETGEAR 8800 User Manual show inline-power stats slot The command provides the following information: • Firmware status-Displays the firmware state: • Operational • Not operational • Disabled • Subsystem failure • Card - Netgear XCM8806 Chassis | User Manual - Page 189
NETGEAR 8800 User Manual • Delivering • Faulted • Disconnected • Other • Denied • PD's power class-Displays the class type of the connected PD disabled or searching • "class0": class 0 device • "class1": class 1 device • " - Netgear XCM8806 Chassis | User Manual - Page 190
NETGEAR 8800 User Manual • MIB Detect Status • Label • Operator Limit • PD Class • Max Allowed Power • Measured Power • Line Voltage • Current • Fault Status • Detailed Status • Priority Displaying Port PoE Statistics - Netgear XCM8806 Chassis | User Manual - Page 191
NETGEAR 8800 User Manual Chapter 7. PoE | 191 - Netgear XCM8806 Chassis | User Manual - Page 192
The status monitoring facility provides information about the switch. This information may be useful for your technical support representative if you have a problem. XCM8800 software includes many command line interface (CLI) show commands that display information about different switch functions - Netgear XCM8806 Chassis | User Manual - Page 193
NETGEAR 8800 User Manual Viewing Port Statistics XCM8800 software provides a facility for viewing port statistical information. The summary information lists values for the current counter for each port on - Netgear XCM8806 Chassis | User Manual - Page 194
NETGEAR 8800 User Manual You can also display a snapshot of the port errors at the time (TX Lost)-The total number of transmit frames that do not get completely transmitted because of buffer problems (FIFO underflow). • Transmit Parity Frames (TX Parity)-The bit summation has a parity mismatch. To - Netgear XCM8806 Chassis | User Manual - Page 195
8800 User Manual • Receive Bad CRC Frames (RX CRC)-The total number of frames received by the port that were of the correct length but contained a bad FCS value. • Receive Oversize Frames (RX Over)-The total number of good frames received by the port greater than the supported maximum length - Netgear XCM8806 Chassis | User Manual - Page 196
NETGEAR 8800 User Manual Table 22. Port Monitoring Display Keys with Auto-Refresh Disabled Key Q [Space] Description Exits from the screen. Displays the next page of ports. Viewing VLAN - Netgear XCM8806 Chassis | User Manual - Page 197
8800 User Manual Performing Switch and viewing the results from diagnostic tests, you can troubleshoot and resolve network issues. On NETGEAR 8800 series switches, , you must have at least one MSM/MM installed in the chassis. The remainder of this section describes the following topics: • Running - Netgear XCM8806 Chassis | User Manual - Page 198
NETGEAR 8800 User Manual If you run diagnostics on an MSM/MM, that module is taken offline while the diagnostics test is performed. When the diagnostic test is complete, - Netgear XCM8806 Chassis | User Manual - Page 199
NETGEAR 8800 User Manual the switch fabric and ports offline when you use the run diagnostics [extended | normal | stack-port] {slot [ | A | B]} command. After the diagnostic routine has finished, - Netgear XCM8806 Chassis | User Manual - Page 200
NETGEAR 8800 User Manual Table 24. NETGEAR 8800 Series Switch MSM-48 LED Behavior During Diagnostic Test on Primary MSM MSM Primary Backup LED ERR ENV Mstr/Diag Sys/ - Netgear XCM8806 Chassis | User Manual - Page 201
NETGEAR 8800 User Manual LED behavior during a diagnostict test on the backup MSM Table 25 describes the NETGEAR 8800 series switch XCM88S1 LED behavior during a diagnostic test on the - Netgear XCM8806 Chassis | User Manual - Page 202
NETGEAR 8800 User Manual Using the System Health Checker The system health checker is a useful tool to monitor the overall health of your system. Depending on your platform, the software performs a proactive, preventive search for problems by polling and reporting the health of system components, - Netgear XCM8806 Chassis | User Manual - Page 203
NETGEAR 8800 User Manual System health check errors are reported to the syslog. If you see an error, contact NETGEAR Technical Support. Enabling Diagnostic Packets on NETGEAR 8800 Switches To enable diagnostic packets, use the following command: enable sys-health-check slot By default, the - Netgear XCM8806 Chassis | User Manual - Page 204
): SysName: SysName: SysLocation: SysContact: System MAC: TechPubs Lab XCM8810 [email protected] 00:04:96:1F:A2:60 SysHealth check: Enabled commands for status monitoring and statistics in the NETGEAR 8800 Chassis Switch CLI Manual. Example on the NETGEAR 8800 Series Switch This section - Netgear XCM8806 Chassis | User Manual - Page 205
NETGEAR 8800 User Manual Note: NETGEAR does not recommend configuring an interval of less than 5 seconds. Doing this can cause excessive CPU utilization. Disabling Backplane Diagnostics Building upon the - Netgear XCM8806 Chassis | User Manual - Page 206
NETGEAR 8800 User Manual Note: Use this parameter only with guidance by NETGEAR's Technical Support personnel. The default setting and behavior SysName: SysLocation: SysContact: System MAC: System Type: XCM8806 00:04:96:3F:0C:40 XCM8806 SysHealth check: Enabled (Normal) Recovery Mode: All System - Netgear XCM8806 Chassis | User Manual - Page 207
use the configure sys-health-check all level [normal | strict] command. For detailed information about this command, see the NETGEAR 8800 Chassis Switch CLI Manual. To view the system health check settings on the switch, use the show switch command as described in Displaying the System Health Check - Netgear XCM8806 Chassis | User Manual - Page 208
NETGEAR 8800 User Manual Initialized; however, the ports are shut down and taken offline. For more information about clearing the shutdown state, see Clearing the Shutdown State on page - Netgear XCM8806 Chassis | User Manual - Page 209
NETGEAR 8800 User Manual Table 26. Module Recovery Actions for the NETGEAR 8800 Series Switches (Continued) Module Recovery Setting Hardware reset Single MSM Dual MSM I/O Module shutdown Single MSM - Netgear XCM8806 Chassis | User Manual - Page 210
NETGEAR 8800 User Manual Note: If you configure one or more slots for shut down and the switch detects a hardware fault on one of those slots, all of the - Netgear XCM8806 Chassis | User Manual - Page 211
NETGEAR 8800 User Manual Download %: Flags: Restart count: Serial number: Hw Module Type: SW Version: SW Build: Configured Type: Ports available: Recovery Mode: 100 M E 0 (limit 5) 800424-00-02 1104G- - Netgear XCM8806 Chassis | User Manual - Page 212
, use the following troubleshooting methods when you can bring the switch offline to solve or learn more about the problem: • Restarting the , or you continue to experience I/O module failure, contact NETGEAR Technical Support. • Running diagnostics-Use the run diagnostics normal command to - Netgear XCM8806 Chassis | User Manual - Page 213
NETGEAR 8800 User Manual • Revision-The revision number of the fan. • Odometer-Specifies the power-on date and how long the fan tray has been operating since it was - Netgear XCM8806 Chassis | User Manual - Page 214
NETGEAR 8800 User Manual PSUCTRL-2 : 30.50 Normal -10 0-50 60 The switch monitors the temperature of each component and generates a warning if the temperature exceeds the normal operating - Netgear XCM8806 Chassis | User Manual - Page 215
NETGEAR 8800 User Manual • Upload event logs stored in memory buffer or NVRAM to a TFTP server • Display counts of event occurrences, even those not included in filter • Display debug information using a consistent configuration method EMS supports IPv6 as a parameter for filtering events. Sending - Netgear XCM8806 Chassis | User Manual - Page 216
NETGEAR 8800 User Manual not synchronized. The reason for this design decision is to make sure that the control channel is not overloaded when a high number of log messages - Netgear XCM8806 Chassis | User Manual - Page 217
NETGEAR 8800 User Manual configure log target syslog [all | | ] {vr } {local0 ... as expected unless the situation is remedied. The switch may need to be reset. Error A problem has been detected that is interfering with the normal operation of the system; the system is - Netgear XCM8806 Chassis | User Manual - Page 218
NETGEAR 8800 User Manual When you specify a severity level, messages of that severity level and greater are sent to the target. If you want only those messages of the - Netgear XCM8806 Chassis | User Manual - Page 219
NETGEAR 8800 User Manual condition names. For example, you can refer to the InBPDU subcomponent of the STP component as STP.InBPDU. On the CLI, you can abbreviate or - Netgear XCM8806 Chassis | User Manual - Page 220
NETGEAR 8800 User Manual Filtering By Components and Conditions You may want to send the messages that come from a specific component that makes up XCM8800 or to send the - Netgear XCM8806 Chassis | User Manual - Page 221
NETGEAR 8800 User Manual To view the configuration of a filter, use the following command: show log configuration filter {} The following is sample output from this command (for - Netgear XCM8806 Chassis | User Manual - Page 222
NETGEAR 8800 User Manual Matching Expressions You can configure the switch so messages the currency character ($) that matches at the end of a message. Bracket expressions are not supported. There are a number of sources available on the Internet and in various language references describing - Netgear XCM8806 Chassis | User Manual - Page 223
NETGEAR 8800 User Manual Matching Parameters Rather than using a text match, EMS allows you to filter more efficiently based on the parameter values of the message. In addition to - Netgear XCM8806 Chassis | User Manual - Page 224
NETGEAR 8800 User Manual configure log filter myFilter add events all match ipaddress 3ffe::1 To user name. The exact string is matched with the given parameter and no regular expression is supported. Match Versus Strict-Match The match and strict-match keywords control the filter behavior for those - Netgear XCM8806 Chassis | User Manual - Page 225
NETGEAR 8800 User Manual MAC address. If you configure a filter to match a source MAC 2004 22:49:10 PowerSupply:4 Powered On To provide some detailed information to technical support, set the current session format using the following command: configure log target session format timestamp - Netgear XCM8806 Chassis | User Manual - Page 226
NETGEAR 8800 User Manual This setting may be saved to the FLASH configuration and is restored on boot-up (to the console display session). To turn on log display - Netgear XCM8806 Chassis | User Manual - Page 227
NETGEAR 8800 User Manual The uploaded messages can be formatted differently from the format configured for the targets, and you can choose to upload the messages in order of - Netgear XCM8806 Chassis | User Manual - Page 228
NETGEAR 8800 User Manual Occurred : # of times this event has occurred since last clear or reboot Flags : (*) Not all applications responded in time with there count values In(cluded): - Netgear XCM8806 Chassis | User Manual - Page 229
NETGEAR 8800 User Manual one global value for the entire switch. The switch software also . You can enable sFlow and mirroring at the same time on the NETGEAR 8800. There is no MIB support. This section describes the following topics: • Sampling Mechanisms on page 229 • Configuring sFlow on page 229 - Netgear XCM8806 Chassis | User Manual - Page 230
NETGEAR 8800 User Manual • How often the statistics are collected • How frequently a sample is taken, globally or per port • How many samples per second can be sent to the - Netgear XCM8806 Chassis | User Manual - Page 231
NETGEAR 8800 User Manual enable sflow ports You may enable and disable sFlow on ports irrespective of the global state of sFlow, but samples are not taken until - Netgear XCM8806 Chassis | User Manual - Page 232
NETGEAR 8800 User Manual configure sflow ports sample-rate All ports on the can capture Web traffic, FTP traffic, mail traffic, and all bits of data that travel across service providers' edge routers to their customers' (end users') servers. The example in this section assumes - Netgear XCM8806 Chassis | User Manual - Page 233
NETGEAR 8800 User Manual • Configures the sampling rate on an edge port. • Enables sFlow on the edge the load on the network. This section describes the following topics: • About RMON on page 233 • Supported RMON Groups of the Switch on page 234 • Configuring RMON on page 236 • Event Actions on page - Netgear XCM8806 Chassis | User Manual - Page 234
NETGEAR 8800 User Manual • Management workstation RMON Agent An RMON agent is an intelligent software as defined in RFC 1757: • Statistics • History • Alarms • Events The switch also supports the following parameters for configuring the RMON agent and the trap destination table, as defined in RFC - Netgear XCM8806 Chassis | User Manual - Page 235
User Manual Statistics The on any RMON variable. Both rising and falling thresholds are supported, and thresholds can be on the absolute value of a badValue error message. Alarms inform you of a network performance problem and can trigger automated action responses through the Events group. Events - Netgear XCM8806 Chassis | User Manual - Page 236
NETGEAR 8800 User Manual • probeSoftwareRev-If you configure the probeSoftwareRev object, you can view the current software version of the monitored device. • probeHardwareRev-If you configure the probeHardwareRev object, - Netgear XCM8806 Chassis | User Manual - Page 237
NETGEAR 8800 User Manual Event Actions The actions that you can define for each alarm in greater detail. The supported MIB tables are described in Appendix D, Supported Protocols, MIBs, and Standards; smonPrioStatsControlTable and smonPrioStatsTable cannot be supported due to hardware limitations. - Netgear XCM8806 Chassis | User Manual - Page 238
Networks (VLANs) on the switch eases many time-consuming tasks of network administration while increasing efficiency in network operations. Note: The software supports using IPv6 addresses, in addition to IPv4 addresses. You can configure the VLAN with an IPv4 address, IPv6 address, or both. See - Netgear XCM8806 Chassis | User Manual - Page 239
users move to a different subnetwork, the addresses of each endstation must be updated manually. Virtual Routers and VLANs Note: You can create virtual routers on NETGEAR 8800 switches. The XCM8800 software supports virtual routers. Each port can belong to multiple virtual routers. Ports can belong - Netgear XCM8806 Chassis | User Manual - Page 240
NETGEAR 8800 User Manual • Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol type • A combination of these criteria Port-Based VLANs In a port-based VLAN, a VLAN name is given to a - Netgear XCM8806 Chassis | User Manual - Page 241
NETGEAR 8800 User Manual System 1 Sales System 2 EX_061 Figure 7. Single Port-based VLAN Spanning Two Switches To create multiple VLANs that span two switches in a port-based VLAN, a port - Netgear XCM8806 Chassis | User Manual - Page 242
8800 User Manual Tagged VLANs error counters in other devices and may also lead to connectivity problems if non-802.1Q bridges or routers are placed in the multiple VLANs. The device must have a Network Interface Card (NIC) that supports IEEE 802.1Q tagging. A single port can be a member of only - Netgear XCM8806 Chassis | User Manual - Page 243
NETGEAR 8800 User Manual System 1 M S S 802.1Q Tagged server M M = Marketing M M S = Sales S = Tagged port S on each switch is tagged. • The server connected to port 25 on system 1 has a NIC that supports 802.1Q tagging. • The server connected to port 25 on system 1 is a member of both - Netgear XCM8806 Chassis | User Manual - Page 244
NETGEAR 8800 User Manual untagged traffic. In other words, a port can simultaneously be a member of one port-based VLAN and multiple tag-based VLANs. Note: For the purposes of - Netgear XCM8806 Chassis | User Manual - Page 245
NETGEAR 8800 User Manual Predefined Protocol Filters The snap] {[etype | llc | snap] } Supported protocol types include: • etype-EtherType The values for etype are standards.ieee.org/regauth/ethertype/index.html • llc-LLC Service Advertising Protocol (SAP) The values for llc are four- - Netgear XCM8806 Chassis | User Manual - Page 246
NETGEAR 8800 User Manual A maximum of 15 protocol filters, each containing a maximum of 6 protocols, can be defined. No more than 7 protocols can be active and configured for use. Note: - Netgear XCM8806 Chassis | User Manual - Page 247
NETGEAR 8800 User Manual Note: NETGEAR recommends that you use VLAN names consistently across your entire network. You must use mutually exclusive names for the following: • VLANs • vMANs • IPv6 - Netgear XCM8806 Chassis | User Manual - Page 248
NETGEAR 8800 User Manual Note: Each IP address and mask assigned to a VLAN must ipaddress [ {} | ipv6-link-local | {eui64} ] Note: The software supports using IPv6 addresses, in addition to IPv4 addresses. You can configure the VLAN with an IPv4 address - Netgear XCM8806 Chassis | User Manual - Page 249
NETGEAR 8800 User Manual • You can disable the default VLAN; ensure that this is necessary before disabling the default VLAN. • You cannot disable the management VLAN. • Although you can - Netgear XCM8806 Chassis | User Manual - Page 250
NETGEAR 8800 User Manual create vlan development configure development ipaddress 2001:0DB8::8:800:200C:417A/64 configure default delete port 1-3 configure development add port 1-3 The following modular switch example - Netgear XCM8806 Chassis | User Manual - Page 251
NETGEAR 8800 User Manual • Protocol information • QoS profile information • Rate shaping information • NetLogin information • Ports assigned • Tagged/untagged status for each port • How the ports were added to the - Netgear XCM8806 Chassis | User Manual - Page 252
NETGEAR 8800 User Manual • PVLAN Configuration Example 2 on page 267 PVLAN Overview PVLANs offer the following features: • VLAN isolation Note: PVLAN features are supported only on the platforms listed for this feature in the license tables in Appendix A, XCM8800 Software Licenses. The following - Netgear XCM8806 Chassis | User Manual - Page 253
have access to services on the network VLAN, but Guest VLAN ports cannot access other Guest VLAN ports over Layer 2 (or the Marketing or Engineering VLANs). This provides port-to-port security at Layer 2. PVLAN Components Figure 13 shows the logical components that support PVLAN configuration in - Netgear XCM8806 Chassis | User Manual - Page 254
NETGEAR 8800 User Manual Private VLAN Tag 10 To main core rotuer Network LVAN VLAN1 Non-Isolated subscriber AVNL Marketnig Non-Isolated subscriber AVNL Engineering Isolated subscrbierVLAN Guests Tag - Netgear XCM8806 Chassis | User Manual - Page 255
NETGEAR 8800 User Manual VLAN isolation within the PVLAN is established by configuring a Subscriber Isolated VLAN Tagged 103 12 34 56 7 8 30 31 32 33 Figure 14. Private VLAN Support on Multiple Switches EX_vlan_0030 A PVLAN can span many switches. For simplicity, Figure 14 shows only two - Netgear XCM8806 Chassis | User Manual - Page 256
NETGEAR 8800 User Manual VLAN that are located on a different physical switch. An isolated page 256). The advantage to extending the PVLAN is that tag translation and VLAN isolation is supported on the additional switch or switches. Extending Network and Subscriber VLANs to Other Switches A network - Netgear XCM8806 Chassis | User Manual - Page 257
NETGEAR 8800 User Manual the Network VLAN extension on Switch 3. Switch 3, Port 24 as servers or an internet gateway. Switch 2, Port 22 supports the Network, NonIsolated, and Isolated VLANs, but no PVLAN is configured. Because Port 22 supports multiple VLANs that are part of the PVLAN, and because - Netgear XCM8806 Chassis | User Manual - Page 258
NETGEAR 8800 User Manual The network VLAN entry is used when traffic comes in from the network ports destined for an non-isolated port. Isolated Subscriber VLAN When a new - Netgear XCM8806 Chassis | User Manual - Page 259
NETGEAR 8800 User Manual Note: The formula above estimates the worst-case scenario for the maximum number of FDB entries for a single PVLAN. If the switch supports additional PVLANs, apply the formula to each PVLAN and add the totals for all PVLANs. If the switch also support standard VLANs, there - Netgear XCM8806 Chassis | User Manual - Page 260
NETGEAR 8800 User Manual state it another way, one of the VLAN members with overlapping advised not to exceed the value shown in the item "FDB (maximum L2 entries)" in the Supported Limits table of the NETGEAR 8800 Installation and Release Notes. Configuring PVLANs The following sections describe - Netgear XCM8806 Chassis | User Manual - Page 261
NETGEAR 8800 User Manual configure private-vlan add subscriber {non-isolated} {loopback-port } By default, this command adds an isolated subscriber VLAN. To create a non-isolated - Netgear XCM8806 Chassis | User Manual - Page 262
NETGEAR 8800 User Manual To add ports to a non-isolated VLAN (before or after it is added to the PVLAN), use the following command: configure {vlan} add ports [< - Netgear XCM8806 Chassis | User Manual - Page 263
NETGEAR 8800 User Manual Configuring a Network or Subscriber VLAN Extension to Another Switch You can extend a network or subscriber VLAN to another switch without configuring a PVLAN on that switch. - Netgear XCM8806 Chassis | User Manual - Page 264
NETGEAR 8800 User Manual • Displaying Information for all PVLANs on page 264 • Displaying Information for a Specific PVLAN on page 264 • Displaying Information for a Network or Subscriber VLAN on page - Netgear XCM8806 Chassis | User Manual - Page 265
NETGEAR 8800 User Manual Web Proxy Server MainVLAN (solt 1t,ag100) Fiel Server Fiel Server MainVLAN (solt 1t,ag100) CleintConnectison VLAN (slot, 2tag 02)0 Research VLAN (slo3t,tag 030) - Netgear XCM8806 Chassis | User Manual - Page 266
NETGEAR 8800 User Manual configure vlan ClientConnections add port 2:* configure vlan ClientConnections tag 200 create vlan Research configure vlan Research add port 3:* configure vlan Research tag 300 The remote - Netgear XCM8806 Chassis | User Manual - Page 267
NETGEAR 8800 User Manual PVLAN Configuration Example 2 Figure 17 shows a PVLAN configuration example for a motel web proxy server on the first floor, and guest rooms on the second floor. The motel has three XCM8806 switches. There is one on the first floor in a closet, one on the first floor in the - Netgear XCM8806 Chassis | User Manual - Page 268
NETGEAR 8800 User Manual • A VLAN called ClientConnections that contains client PC connections for through a tagged connection to the XCM8806 in the first floor closet. • Because the XCM8806 in the first floor closet is a PVLAN member and uses the same port to support two subscriber VLANs, a loopback - Netgear XCM8806 Chassis | User Manual - Page 269
NETGEAR 8800 User Manual create vlan ConfRoom configure vlan ConfRoom tag 300 configure vlan ConfRoom add port 1:21-1:30 configure vlan ConfRoom add port 1:20 tagged # Create and configure - Netgear XCM8806 Chassis | User Manual - Page 270
NETGEAR 8800 User Manual # Note that the loopback port is flagged with an "L" and listed as a tagged port, and the network VLAN ports are flagged with an "s" and listed as tagged ports. The following commands configure the XCM8806 on the second floor: # create and configure the VLANs create vlan - Netgear XCM8806 Chassis | User Manual - Page 271
on page 278 • MAC-Based Security on page 279 • Multicast FDB with Multiport Entry on page 283 Overview Note: See the NETGEAR 8800 Chassis Switch CLI Manual for details of the commands related to the FDB. The switch maintains a forwarding database (FDB) of all MAC addresses received on all of - Netgear XCM8806 Chassis | User Manual - Page 272
NETGEAR 8800 User Manual FDB Contents Each Forwarding Database (FDB) entry consists of: • you can lock down the current entries and prevent additional MAC address learning. NETGEAR 8000 series modules support different FDB table sizes. On a NETGEAR 8800 switch with a variety of modules, the FDB - Netgear XCM8806 Chassis | User Manual - Page 273
NETGEAR 8800 User Manual • Private VLAN Entries on page 274 Dynamic Entries A dynamic is deleted from the database. The aging time is configurable, and the aging process operates on the supported platforms as follows: • You can configure the aging time to 0, which prevents the automatic removal of - Netgear XCM8806 Chassis | User Manual - Page 274
NETGEAR 8800 User Manual power off/on cycle occurs. A static entry is maintained page 275 • Clearing FDB Entries on page 275 • Managing Multiple Port FDB Entries on page 276 • Supporting Remote Mirroring on page 276 • Managing FDB MAC Address Tracking on page 277 Adding a Permanent Static Entry - Netgear XCM8806 Chassis | User Manual - Page 275
NETGEAR 8800 User Manual create fdbentry 00:E0:2B:12:34:56 vlan marketing port 3:4 The permanent entry has the following characteristics: • MAC address is 00:E0:2B:12: - Netgear XCM8806 Chassis | User Manual - Page 276
NETGEAR 8800 User Manual You clear dynamic FDB entries by targeting: • Specified MAC addresses • Specified is generated: XCM8806 # create fdbentry 00:00:00:00:00:01 "Default" port 3,4 Error: Slot 3 does not support multiple port FDB entries for uni-cast MAC address Supporting Remote Mirroring The - Netgear XCM8806 Chassis | User Manual - Page 277
NETGEAR 8800 User Manual transit switch can learn the MAC addresses and make incorrect forwarding decisions. To prevent learning on a remote mirroring VLAN, use the following command: disable learning { - Netgear XCM8806 Chassis | User Manual - Page 278
NETGEAR 8800 User Manual Enabling and Disabling SNMP Traps for MAC Address Changes The default switch configuration disables SNMP traps for MAC address changes. Use the following commands to - Netgear XCM8806 Chassis | User Manual - Page 279
NETGEAR 8800 User Manual Note: The MAC-based VLAN netlogin parameter applies only for the can block and control packet flows on a per-address basis. Note: MAC-based security is not supported on BlackDiamond 20800 series switches in this software release. MAC-based security allows you to limit the - Netgear XCM8806 Chassis | User Manual - Page 280
8800 User Manual • configuration. When MAC address learning is disabled, the two supported behaviors are labeled as follows in the software: • forward } ports [all | ] MAC address learning is disabled on a service VLAN (SVLAN) or backbone VLAN (BVLAN) to create a Provider Backbone Bridge - Netgear XCM8806 Chassis | User Manual - Page 281
NETGEAR 8800 User Manual disable learning vlan Managing Egress Flooding Egress flooding takes action on a packet based on the packet destination MAC address. By default, egress flooding - Netgear XCM8806 Chassis | User Manual - Page 282
NETGEAR 8800 User Manual In this way, the communication between client 1 and client 2 is controlled. If client 1 needs to communicate with client 2 and has that IP address, client 1 sends - Netgear XCM8806 Chassis | User Manual - Page 283
NETGEAR 8800 User Manual Creating Blackhole FDB Entries A blackhole FDB entry discards all packets when packets are discarded because they match blackhole entries. The blackhole option is also supported through access lists. For example, the following ACL policy would also blackhole traffic - Netgear XCM8806 Chassis | User Manual - Page 284
NETGEAR 8800 User Manual You can use the create fdbentry vlan ports command to list is assigned to a unicast MAC address, load sharing is not supported on the ports in the multiport list. However, NETGEAR 8800 modules do not support this feature natively using the FDB table. Instead, for each FDB - Netgear XCM8806 Chassis | User Manual - Page 285
: • Overview on page 285 • Managing Virtual Routers on page 288 • Virtual Router Configuration Example on page 292 Overview The XCM8800 software supports virtual routers (VRs). This capability allows a single physical switch to be split into multiple VRs. This feature separates the traffic forwarded - Netgear XCM8806 Chassis | User Manual - Page 286
NETGEAR 8800 User Manual NETGEAR 8800 Chassis Switch CLI Manual for information on the defaults for individual commands. Note: The term VR is also used with the Virtual Router Redundancy Protocol (VRRP). VRRP uses the - Netgear XCM8806 Chassis | User Manual - Page 287
NETGEAR 8800 User Manual One instance of each routing protocol is spawned for VR-Default during the XCM8800 system boot-up, and these routing instances cannot be deleted. User Virtual Routers Note: User VRs are supported only on the platforms listed for this feature in Table 75 on page 798. When a - Netgear XCM8806 Chassis | User Manual - Page 288
NETGEAR 8800 User Manual Table 30. Virtual Router Commands (Continued) [enable | disable] igmp snoopinga the Routing Protocols and VLANs on page 292 Creating and Deleting User Virtual Routers The NETGEAR 8800 supports up to 64 user VRs. To create a user VR, use the following command: create virtual-router - Netgear XCM8806 Chassis | User Manual - Page 289
NETGEAR 8800 User Manual because these three names are the names for the system VRs in XCM8800 releases before 11.0. If you exceed the maximum number of VRs supported on your platform, a message similar to the following appears: Error: Maximum number of User VRs supported by the system is 64 To - Netgear XCM8806 Chassis | User Manual - Page 290
NETGEAR 8800 User Manual When you add a protocol to a user VR, the software starts a process to support the protocol, but it connections between ports assigned to different VRs in the same switch. Because each switch supports just one MAC address, every VR in the switch uses the same MAC address - Netgear XCM8806 Chassis | User Manual - Page 291
NETGEAR 8800 User Manual Adding Ports to a Single Virtual Router When you add a port to a on a user VR before you add a VLAN to the user VR. When IP multicast forwarding will be supported on a user VR, add the PIM protocol before you enable IP multicast forwarding. The following example demonstrates - Netgear XCM8806 Chassis | User Manual - Page 292
NETGEAR 8800 User Manual Configuring the Routing Protocols and VLANs After a user VR is created, the ports are added, and support for any required routing protocols is added, you can configure the VR. To create a VLAN in a VR, use the following command: create vlan {vr < - Netgear XCM8806 Chassis | User Manual - Page 293
NETGEAR 8800 User Manual * XCM8810.3 # configure vr vr-default delete ports 3:* * XCM8810.4 # configure vr helix add ports 3:* * XCM8810.5 # configure vr helix add protocol ospf * XCM8810.6 # virtual-router helix * (vr - Netgear XCM8806 Chassis | User Manual - Page 294
12. Policy Manager 12 This chapter includes the following sections: • Overview on page 294 • Creating and Editing Policies on page 294 • Applying Policies on page 297 Overview One of the processes that make up the XCM8800 system is the policy manager. The policy manager is responsible for - Netgear XCM8806 Chassis | User Manual - Page 295
NETGEAR 8800 User Manual Note: Although the XCM8800 does not prohibit mixing ACL and routing type entries in a policy file, it is strongly recommended that you do not mix - Netgear XCM8806 Chassis | User Manual - Page 296
NETGEAR 8800 User Manual tftp [ | ] {-v } [-g | -p] [{-l [internal-memory | memorycard | } {-r } | {-r } {-l [internal-memory - Netgear XCM8806 Chassis | User Manual - Page 297
NETGEAR 8800 User Manual Would you like to perform a full refresh? If blackhole is Policies To apply a routing policy, use the command appropriate to the client. Different protocols support different ways to apply policies, but there are some generalities. Commands that use the keyword import - Netgear XCM8806 Chassis | User Manual - Page 298
NETGEAR 8800 User Manual Commands that use the keyword route-policy control the routes advertised or received by the protocol. Following are examples for BGP and RIP: configure bgp - Netgear XCM8806 Chassis | User Manual - Page 299
Precedence on page 319 • Applying ACL Policy Files on page 321 • ACL Mechanisms on page 325 • Policy-Based Routing on page 337 • ACL Troubleshooting on page 344 Overview Access Control Lists (ACLs) are used to perform packet filtering and forwarding decisions on traffic traversing the switch. Each - Netgear XCM8806 Chassis | User Manual - Page 300
NETGEAR 8800 User Manual ACLs are created in two different ways. One method is to create an ACL policy file and apply that ACL policy file to a list of - Netgear XCM8806 Chassis | User Manual - Page 301
NETGEAR 8800 User Manual entry { if { ; } then { ; ; } } The following is an example of a rule entry: entry udpacl { if { source-address 10.203.134.0/ - Netgear XCM8806 Chassis | User Manual - Page 302
NETGEAR 8800 User Manual Matching All Egress Packets Unlike ingress ACLs, for egress ACLs you must specify either a source or destination address, instead of writing a rule with no match - Netgear XCM8806 Chassis | User Manual - Page 303
NETGEAR 8800 User Manual Note that the description begins with the tag @description and is a text string enclosed in quotes. You can apply the policy to port 1, using the - Netgear XCM8806 Chassis | User Manual - Page 304
NETGEAR 8800 User Manual • source-address -IP source address and mask • destination-address -IP destination address and mask • source-port [ | - Netgear XCM8806 Chassis | User Manual - Page 305
NETGEAR 8800 User Manual Counting Packets and Bytes When the ACL entry match rule. (debug) BD-8806.8 # conf access-list add "aaa" last ports 1:1 Error: Slot 1 does not support ACL byte counters Note: On NETGEAR 8800 switches, the maximum number of packets that can be counted with token packet- - Netgear XCM8806 Chassis | User Manual - Page 306
NETGEAR 8800 User Manual IP ARP cache, otherwise the packet is forwarded normally. Only fast path traffic can be redirected. This capability can be used to implement Policy-Based - Netgear XCM8806 Chassis | User Manual - Page 307
NETGEAR 8800 User Manual Table 31. ACL Match Conditions (Continued) Match Conditions Description Ethernet/Ingress only source-address IP source address and mask. Egress ACLs do not support All IP/Ingress and IPv6 addresses, only IPv4 addresses. Use either all IPv4 or all Egress - Netgear XCM8806 Chassis | User Manual - Page 308
NETGEAR 8800 User Manual Table 31. ACL Match Conditions (Continued) Match Conditions Destination-port { | } TCP-flags IGMP-msg-type Description Applicable IP Protocols/ Direction TCP - Netgear XCM8806 Chassis | User Manual - Page 309
NETGEAR 8800 User Manual Table 31. ACL Match Conditions (Continued) Match Conditions ICMP-code < ); the keywords are grouped by the ICMP type with which they are associated: Parameter-problem: ip-header-bad(0), required-option-missing(1) Redirect: redirect-for-host (1), redirect-for - Netgear XCM8806 Chassis | User Manual - Page 310
NETGEAR 8800 User Manual Table 31. ACL Match Conditions (Continued) Match Conditions Description also listed): minimize-delay 16 (0x10), maximize-reliability 4(0x04), minimize-cost2 (0x02), and normal-service 0(0x00). All IP/Ingress and Egress fragments IP fragmented packet. FO > 0 (FO = - Netgear XCM8806 Chassis | User Manual - Page 311
NETGEAR 8800 User Manual Table 32. ACL Match Condition Data Types Condition Data Type Description range A range of -port 120 - 150; } then { permit; count destIp; } } Fragmented packet handling One keyword is used to support fragmentation in ACLs: first-fragments-FO == 0. Chapter 13. ACLs | 311 - Netgear XCM8806 Chassis | User Manual - Page 312
User Manual Policy file (SNAP) and LLC formatted packets can be matched: • Destination service access point (SAP) • Source SAP The following field can be MAC address of any matching Layer-2 forwarded packets on the supported platforms. This action can be used to effectively tunnel protocol packets - Netgear XCM8806 Chassis | User Manual - Page 313
NETGEAR 8800 User Manual Dynamic ACLs Dynamic ACLs are created using the CLI. They use a similar syntax and can accomplish the same actions as single rule entries used in - Netgear XCM8806 Chassis | User Manual - Page 314
NETGEAR 8800 User Manual Notice that the conditions parameter is a quoted string that corresponds to the match conditions in the if { ... } portion of the ACL policy file entry. The - Netgear XCM8806 Chassis | User Manual - Page 315
Manual conf access-list add "bpdu2" first ports 6 ingress To unconfigure the STP ACL, use the following: conf access-list del "bpdu1" ports 6 del access-list "bpdu1" Configuring ACLs on a Management Port Hardware ACL support : DOS-This is the denial of service zone. SYSTEM-This is the zone for - Netgear XCM8806 Chassis | User Manual - Page 316
NETGEAR 8800 User Manual To view both System Space and User Space zones, use the show access-list zone command. Table 33 shows the priority of System Space zones - Netgear XCM8806 Chassis | User Manual - Page 317
NETGEAR 8800 User Manual and above the System zone. You can add applications to that zone and assign their priority. The example below shows the ACL zone priority that - Netgear XCM8806 Chassis | User Manual - Page 318
NETGEAR 8800 User Manual If an application assigns the same priority number to two ACLs, the ACL added most recently has the higher priority. It is inserted in the - Netgear XCM8806 Chassis | User Manual - Page 319
NETGEAR 8800 User Manual To delete a zone use the following command: delete access-list zone You must remove all applications from a zone before you can delete the zone. - Netgear XCM8806 Chassis | User Manual - Page 320
NETGEAR 8800 User Manual counter, could count the packet more than once. Do not use precedence to control counter usage; define different counters for different cases. For details of - Netgear XCM8806 Chassis | User Manual - Page 321
NETGEAR 8800 User Manual entry DenyNIC { if { protocol 17; destination-port 161; } then { deny; count denyNIC; } } Applying ACL Policy Files A policy file intended to be used as an ACL - Netgear XCM8806 Chassis | User Manual - Page 322
NETGEAR 8800 User Manual clear access-list {dynamic} counter {} {any | ports | vlan } {ingress | egress} Example ACL Rule Entries The following entry accepts all the UDP packets - Netgear XCM8806 Chassis | User Manual - Page 323
NETGEAR 8800 User Manual } then { deny; count icmpcnt; } } The following example prevents TCP connections from being established from the 10.10.20.0/24 subnet, but allows established connections to - Netgear XCM8806 Chassis | User Manual - Page 324
NETGEAR 8800 User Manual source-address 2001:DB8:C0A8:: / 48; destination-address 2001:DB8:C0A0:1234:: / 64; } then { deny; } } Access lists have entries to match an Ethernet type. So - Netgear XCM8806 Chassis | User Manual - Page 325
NETGEAR 8800 User Manual entry voiceService { if { vlan-id 100; } then { meter voiceServiceMeter; } } entry videoService uses slices that can apply to any of the supported ports. An ACL applied to a port may be supported by any of the slices. The slice support for the cards is as follows: • XCM888F- - Netgear XCM8806 Chassis | User Manual - Page 326
NETGEAR 8800 User Manual • Each group of 2 ports has 16 slices with each slice having enough memory for 256 ingress rules. • XCM8848T/XCM8824F- • Each group of 24 ports has 4 - Netgear XCM8806 Chassis | User Manual - Page 327
NETGEAR 8800 User Manual } Both of these ACLs could be supported on the same slice, since the match conditions are taken from the example list discussed earlier. This example is shown in Figure 19. In the - Netgear XCM8806 Chassis | User Manual - Page 328
NETGEAR 8800 User Manual source-address 10.5.2.246/32 ; destination-address 10.0.1.16/32 ; protocol upd ; source-port 100 ; destination-port 200 ; } then { deny The 125 intervening entries are - Netgear XCM8806 Chassis | User Manual - Page 329
NETGEAR 8800 User Manual Slice A Rules (128) Slice B Rules (128) Figure 20. ACL slice is available, each entry is added to that slice. Compatible and Conflicting Rules The slices can support a variety of different ACL match conditions, but there are some limitations on how you combine the match - Netgear XCM8806 Chassis | User Manual - Page 330
NETGEAR 8800 User Manual Table 34. Abbreviations Used in Field Selector Tables (Continued) Abbreviation L4DP L4SP DSCP TCP-Flag First Fragment L4-Range DIPv6/128 SIPv6/128 DIPv6/64 - Netgear XCM8806 Chassis | User Manual - Page 331
NETGEAR 8800 User Manual Table 34. Abbreviations Used in Field Selector Tables (Continued) ranges. TcpFlags tcp-flags TrafficClass protocol Ipv6NextHeader protocol The following ingress conditions are not supported on egress: Fragments, first-fragments, IGMP-msg-type, ICMP-type, ICMP-code, - Netgear XCM8806 Chassis | User Manual - Page 332
NETGEAR 8800 User Manual Table 35. Field Selectors, NETGEAR 8800 Series (Continued) Field 1 TOS, VRF, IP-Proto Field 2 MACDA, DIP, Etype, VID MACSA, SIP, Etype, VID "User Defined Field" 1 " - Netgear XCM8806 Chassis | User Manual - Page 333
NETGEAR 8800 User Manual if { destination-address 192.168.0.0/16 ; source-port 1000 ; } then { deny ; } } Entry ex_A consists of the following conditions (using the abbreviations from Table 34), SIP, - Netgear XCM8806 Chassis | User Manual - Page 334
NETGEAR 8800 User Manual } Entry one is SIP, L4DP, and IP-Proto; entry two is DIP, and L4SP; entry three is SIP, DIP, IP-Proto, L4SP, and L4DP. All - Netgear XCM8806 Chassis | User Manual - Page 335
NETGEAR 8800 User Manual • Slice D (F1=anything, F2=anything, F3=anything) • VRRP - 2 slices, 2 rules • Slice A subscriber VLAN To display the number of slices used by the ACLs on the slices that support a particular port, use the following command: show access-list usage acl-slice port - Netgear XCM8806 Chassis | User Manual - Page 336
NETGEAR 8800 User Manual • Add an IP interface to the configuration: • 2 slices, 13 rules • Add port-based QoS to the configuration: • 2 slices, 14 rules • Add VLAN-based QoS to - Netgear XCM8806 Chassis | User Manual - Page 337
NETGEAR 8800 User Manual Error: ACL install operation failed - conditions specified in rule "r1" are exceeded on a given chip. UDF fields are used to qualify conditions which are not natively supported by the hardware. Currently, these include: ICMP Type and ICMP Code. Error: ACL install operation - Netgear XCM8806 Chassis | User Manual - Page 338
NETGEAR 8800 User Manual Note: See Load Sharing Rules and Restrictions for All Switches on page 132 for information on applying ACLs to LAG ports. Layer 3 Policy-Based Redirect - Netgear XCM8806 Chassis | User Manual - Page 339
NETGEAR 8800 User Manual To configure Policy-Based Routing, you configure an ACL on your switch. You can apply an ACL policy file, or use a dynamic ACL. The following - Netgear XCM8806 Chassis | User Manual - Page 340
NETGEAR 8800 User Manual source-port 81; destination-port 200 ; } then { count num_pkts_redirected; redirect-port 3:2; } } The policy shown below redirects any in-profile traffic as defined by the meter - Netgear XCM8806 Chassis | User Manual - Page 341
8800 User Manual Policy-Based Redirection Redundancy This section consists of the following topics: • Multiple Nexthop Support on page 341 • Health Checking for ARP and Ping on page 342 • Packet Forward/Drop on page 342 • Example-Network Diagram on page 343 Multiple Nexthop Support As discussed - Netgear XCM8806 Chassis | User Manual - Page 342
NETGEAR 8800 User Manual source-address 1.1.1.100/24 ; } then { permit ; redirect-name } } Health Checking for ARP and Ping Policy-based redirection redundancy requires the determination of the reachability - Netgear XCM8806 Chassis | User Manual - Page 343
NETGEAR 8800 User Manual Example-Network Diagram Low Speed Backbone Low Speed 192.168.1.9 Backbone Router 192.168.1.8/30 192.168.1.10 High Speed Backbone High Speed Backbone Router - Netgear XCM8806 Chassis | User Manual - Page 344
NETGEAR 8800 User Manual } entry premium_16 { if match { source-address 211.10.16.0/24; } then { HC premium_subscriber 2 192.168.2.3 VR-Default F PING ACL Troubleshooting The following commands are designed to help troubleshoot and resolve ACL configuration issues. *switch # show access- - Netgear XCM8806 Chassis | User Manual - Page 345
NETGEAR 8800 User Manual acl-rule acl-slice ACL Rule table resource summary ACL slice resource summary The "acl-mask" keyword is not relevant for XCM8800 models. If you - Netgear XCM8806 Chassis | User Manual - Page 346
14. Routing Policies 14 This chapter includes the following sections: • Overview on page 346 • Routing Policy File Syntax on page 346 • Applying Routing Policies on page 352 • Policy Examples on page 353 Overview Routing policies are used to control the advertisement or recognition of routes - Netgear XCM8806 Chassis | User Manual - Page 347
NETGEAR 8800 User Manual • A policy entry rule name, unique within the same policy. • Zero or one match type. If no type is specified, the match type is all, so - Netgear XCM8806 Chassis | User Manual - Page 348
NETGEAR 8800 User Manual Policy Match Type The two possible choices for the match type are: • match all-All the match conditions must be true for a match to occur. - Netgear XCM8806 Chassis | User Manual - Page 349
NETGEAR 8800 User Manual Table 37. Policy Match Conditions (Continued) Match Condition Description tag ; 2-byte or 4-byte AS number. The transition AS number, AS 23456, is not supported in policy files. Autonomous system expressions The AS-path keyword uses a regular expression string - Netgear XCM8806 Chassis | User Manual - Page 350
NETGEAR 8800 User Manual Table 38. AS Regular Expression Notation (Continued) Character { } ( ) Definition Start of AS SET segment in the AS path End of AS SET segment in the - Netgear XCM8806 Chassis | User Manual - Page 351
NETGEAR 8800 User Manual The following AS-Path statement matches AS paths beginning with AS number 111 and ending with any additional AS number, or beginning and ending with - Netgear XCM8806 Chassis | User Manual - Page 352
NETGEAR 8800 User Manual Table 40. Policy Actions (Continued) Action med set ; next-hop ; To apply a routing policy, use the command appropriate to the client. Different protocols support different ways to apply policies, but there are some generalities. Commands that use the - Netgear XCM8806 Chassis | User Manual - Page 353
NETGEAR 8800 User Manual Policy Examples The following sections contain examples of policies. The examples are: • Translating an access profile to a policy on page 353 • Translating a Route Map to a - Netgear XCM8806 Chassis | User Manual - Page 354
NETGEAR 8800 User Manual nlri } then { permit; } } 10.10.0.0/18; entry entry-25 { if { nlri 22.44.66.0/23 } then { deny; } } exact; The policy above can be optimized by - Netgear XCM8806 Chassis | User Manual - Page 355
NETGEAR 8800 User Manual set next-hop 10.201.23.10 set as-path 20 set as-path 30 set as-path 40 set as-path 40 Entry : 40 - Netgear XCM8806 Chassis | User Manual - Page 356
NETGEAR 8800 User Manual then { local-preference 120; weight 2; permit; } } entry entry-50 match any { if { origin incomplete; community 19661200; } then { dampening half-life 20 reuse-limit 1000 suppress- - Netgear XCM8806 Chassis | User Manual - Page 357
access to network resources • Reserve bandwidth for special traffic groups • Restrict some traffic groups to bandwidth or data rates defined in a Service Level Agreement (SLA) • Count frames and packets that exceed specified limits and optionally discard them (rate limiting) • Queue or buffer frames - Netgear XCM8806 Chassis | User Manual - Page 358
NETGEAR 8800 User Manual Figure 21. QoS on NETGEAR Switches In Figure 21, data enters • Specify egress QoS profiles for rate limiting and rate shaping • Change the dot1p or Differential Services (DiffServ) values in egress frames or packets NonACL-based traffic groups specify an ingress or egress - Netgear XCM8806 Chassis | User Manual - Page 359
NETGEAR 8800 User Manual queues and QoS profiles is forwarded to the egress port rate-shaping feature, which applies QoS to the entire port. When multiple QoS profiles are contending for egress bandwidth, the scheduler determines which queues are serviced. The following sections provide more - Netgear XCM8806 Chassis | User Manual - Page 360
NETGEAR 8800 User Manual • Voice Applications on page 360 • Video Applications on page 360 • the end stations will buffer significant amounts of video-stream data. This can present a problem to the network infrastructure, because the network must be capable of buffering the transmitted spikes - Netgear XCM8806 Chassis | User Manual - Page 361
8800 User Manual File or packet header information such as IP address or MAC address • Class of Service (CoS) 802.1p bits in the frame header • DiffServ information in a performance penalty. The CoS and DiffServ capabilities (on supported platforms) are not impacted by the switching or routing - Netgear XCM8806 Chassis | User Manual - Page 362
NETGEAR 8800 User Manual ACL-Based Traffic Groups An ACL-based traffic group allows you to use ACL rules in an ACL policy 10808, 12800 series, and 20800 series switches only: If a port is in more than one virtual router, that port does not support 802.1p-based traffic groups. 362 | Chapter 15. QoS - Netgear XCM8806 Chassis | User Manual - Page 363
NETGEAR 8800 User Manual 802.1Q type 8100 802.1p priority 802.1Q VLAN ID traffic groups forward traffic to egress QoS profiles based on the Type-of-Service (TOS) information in an IP packet. In many systems, this type-of-service information is replaced with a DiffServ field that uses 6 of the 8 - Netgear XCM8806 Chassis | User Manual - Page 364
NETGEAR 8800 User Manual 01234567 DiffServ code point 0 bits 31 Version IHL Type-of-service Total length Identification Flags Fragment offset Time-to-live Protocol Header checksum Source address Destination address Options (+ padding) Data (variable) EW_023 Figure 23. DiffServe - Netgear XCM8806 Chassis | User Manual - Page 365
NETGEAR 8800 User Manual Warning: Port belongs to more than one VR. Port properties related to diff serv and code replacement will not take effect. You do not need - Netgear XCM8806 Chassis | User Manual - Page 366
NETGEAR 8800 User Manual one traffic group based on the precedence defined for the switch platform. In general, the more specific traffic group definition takes precedence. Table 43 shows the traffic group precedence for the supported switch platforms (number 1 is the highest precedence). Table 43. - Netgear XCM8806 Chassis | User Manual - Page 367
NETGEAR 8800 User Manual Single-rate rate-limiters pass traffic that is in-profile or marked green. Out-of-profile traffic (marked red) is subject to whatever action is - Netgear XCM8806 Chassis | User Manual - Page 368
NETGEAR 8800 User Manual • Ingress QoS profiles (hardware queues) • Ingress traffic queues (software queues) • Egress egress bandwidth. The XCM8800 software supports the following scheduling methods: • Strict priority queuing: All higher priority queues are serviced before lower priority queues. This - Netgear XCM8806 Chassis | User Manual - Page 369
NETGEAR 8800 User Manual Scheduling takes place on the egress interface and includes The following section provides more information on QoS profiles. Egress Qos Profiles Egress QoS profiles are supported on all XCM8800 switches and allow you to provide dual-rate egress rate-shaping for all - Netgear XCM8806 Chassis | User Manual - Page 370
NETGEAR 8800 User Manual Table 44. Default QoS Profile Parameters on the NETGEAR 8800 Series Switches Ingress 802.1p Priority Value 0-6 Egress QoS Queue Service Profile Priority Valueb Namea Buffer QP1 1 (Low) 100% QP2 2 (LowHi) 100% QP3 3 (Normal) 100% QP4 4 (NormalHi) 100% QP5 - Netgear XCM8806 Chassis | User Manual - Page 371
NETGEAR 8800 User Manual When multiple QoS profiles are contending for port bandwidth and the egress traffic in each profile is within profile, the scheduler determines how the QoS profiles are serviced as described in Scheduling on page 368. In strict-priority mode, the queues are serviced based on - Netgear XCM8806 Chassis | User Manual - Page 372
NETGEAR 8800 User Manual • Controlling Flooding, Multicast, and Broadcast Traffic on Ingress Ports on page 385 Platform Configuration Procedures The following sections provide summary configuration procedures for the NETGEAR - Netgear XCM8806 Chassis | User Manual - Page 373
Manual • These switches allow dynamic creation and deletion of QoS queues, with QP1 and QP8 always available. • ACL egress rate-limit meters are supported determines the order of QoS profile service and varies between platforms. The NETGEAR 8800 switches support two QoS scheduling methods: strict- - Netgear XCM8806 Chassis | User Manual - Page 374
NETGEAR 8800 User Manual To select the QoS scheduling method for a switch, use the following command: configure qosscheduler [strict-priority | weighted-round-robin] To override the weighted-round-robin - Netgear XCM8806 Chassis | User Manual - Page 375
NETGEAR 8800 User Manual Table 45. Default Queue-to-802.1p Priority Replacement Value Egress QoS 802.1p Priority Profile Replacement Value Q1 0 Q2 1 Q3 2 Q4 3 Q5 4 Q6 5 Q7 6 - Netgear XCM8806 Chassis | User Manual - Page 376
NETGEAR 8800 User Manual • Replacement in ACL-Based Traffic Groups on page 374 • Replacement use ACL-based traffic groups when configuring DSCP replacement. BlackDiamond 20800 series switches do not support the replace-dscp action modifier. Replacement in Non-ACL-Based Traffic Groups For non-ACL- - Netgear XCM8806 Chassis | User Manual - Page 377
NETGEAR 8800 User Manual Note: The port in this command is the ingress port. To disable this diffserv replacement DiffServ Example In this example, we use DiffServ to signal a class of service throughput and assign any traffic coming from network 10.1.2.x with a specific DSCP. This allows - Netgear XCM8806 Chassis | User Manual - Page 378
NETGEAR 8800 User Manual Note: The switch only observes the DSCPs if the traffic does not match the configured access list. Otherwise, the ACL QoS setting overrides the QoS - Netgear XCM8806 Chassis | User Manual - Page 379
NETGEAR 8800 User Manual Note: You cannot configure the priority for the QoS profile on NETGEAR 8800 switches. To remove the limit on egress bandwidth per QoS profile per - Netgear XCM8806 Chassis | User Manual - Page 380
NETGEAR 8800 User Manual Configuring Traffic Groups The following sections describe how to configure evaluated by other traffic groups. Enabling and Disabling 802.1p Examination CoS 802.1p examination is supported on all platforms and enabled by default. However, you can only disable and enable this - Netgear XCM8806 Chassis | User Manual - Page 381
NETGEAR 8800 User Manual resources, disable this feature whenever another QoS traffic grouping is configured. (See Chapter 13, ACLs for information on available ACL resources.) Note: If you disable - Netgear XCM8806 Chassis | User Manual - Page 382
NETGEAR 8800 User Manual Enabling and Disabling Diffserv Examination When a packet arrives at the switch on an ingress port and Diffserv examination is enabled, the switch uses the DSCP - Netgear XCM8806 Chassis | User Manual - Page 383
NETGEAR 8800 User Manual Configuring a Port-Based Traffic Group A port-based traffic group links a , VLAN-based traffic groups apply to all packets. VLAN-based traffic groups are not supported on BlackDiamond 20800 series switches. Creating and Managing Meters You can configure meters to define - Netgear XCM8806 Chassis | User Manual - Page 384
NETGEAR 8800 User Manual • Applying a Meter to Ingress or Egress Traffic on page 384 • Deleting a Meter on page 384 Creating Meters To create a meter, use the following command: create - Netgear XCM8806 Chassis | User Manual - Page 385
NETGEAR 8800 User Manual want subtracted from each packet ingressing the specified ports or the number of bytes you want added to the packet ingressing the specified ports. You - Netgear XCM8806 Chassis | User Manual - Page 386
NETGEAR 8800 User Manual • Displaying 802.1p Priority to QoS Profile Mappings on page 386 • Displaying DiffServe DSCP to QoS Profile Mappings on page 386 • Displaying Port and VLAN - Netgear XCM8806 Chassis | User Manual - Page 387
NETGEAR 8800 User Manual Displaying Meters To display the meters that you create, you can use either the show-access list or the show meter command. Displaying the Traffic - Netgear XCM8806 Chassis | User Manual - Page 388
NETGEAR 8800 User Manual Note: On NETGEAR 8800 modules, only one port per slot or module can be monitored at any one time. 388 | Chapter 15. QoS - Netgear XCM8806 Chassis | User Manual - Page 389
16. Network Login 16 This chapter includes the following sections: • Overview on page 389 • Configuring Network Login on page 394 • Authenticating Users on page 397 • Local Database Authentication on page 397 • 802.1x Authentication on page 402 • Web-Based Authentication on page 412 • MAC-Based - Netgear XCM8806 Chassis | User Manual - Page 390
situation, such as a cyber-café or coffee shop. A workstation running Windows 2000 Service Pack 4 or Windows XP supports 802.1x natively and does not require additional authentication software. NETGEAR supports a smooth transition from web-based to 802.1x authentication. MAC-based authentication is - Netgear XCM8806 Chassis | User Manual - Page 391
NETGEAR 8800 User Manual The DHCP allocation for network login has a short time duration of attacks. Advantages of 802.1x Authentication: • In cases where the 802.1x is natively supported, login and authentication happens transparently. • Authentication happens at Layer 2. It does not involve - Netgear XCM8806 Chassis | User Manual - Page 392
NETGEAR 8800 User Manual Disadvantages of 802.1x Authentication: • 802.1x native support is available only on newer operating systems, such as Windows XP. • 802.1x requires an EAP-capable RADIUS Server. Most current RADIUS servers support EAP, so this is not a major disadvantage. • Transport Layer - Netgear XCM8806 Chassis | User Manual - Page 393
mode: 1) If any of the authenticated VLANs are deleted manually from a port or globally, the client is unauthenticated from and ISP mode operation on ports that support network login and STP, see Exclusions two management modules (nodes) in a NETGEAR chassis, one node assumes the role of primary and - Netgear XCM8806 Chassis | User Manual - Page 394
NETGEAR 8800 User Manual Note: If you use 802.1x network login, authenticated clients remain authenticated 825 to confirm that your switch and both (or all) nodes are running software that supports the synchronize command. To initiate hitless failover on a network that uses network login: 1. Confirm - Netgear XCM8806 Chassis | User Manual - Page 395
NETGEAR 8800 User Manual For more detailed information about a specific mode of network login, including configuration examples, see the following sections: • 802.1x Authentication on page 402 • Web-Based - Netgear XCM8806 Chassis | User Manual - Page 396
NETGEAR 8800 User Manual • authenticate-Network login authenticates the first client that requests A network login VLAN port should not be a part of Link Aggregation. • Network login and ELRP are not supported on the same port. • Network login and STP operate on the same port as follows: • At least - Netgear XCM8806 Chassis | User Manual - Page 397
netlogin authentication database-order in the NETGEAR 8800 Chassis Switch CLI Manual. The network login authenticated entry is cleared when network login authentication. 802.1x network login does not support local database authentication. Local authentication essentially mimics the functionality - Netgear XCM8806 Chassis | User Manual - Page 398
NETGEAR 8800 User Manual You can also use local database authentication in conjunction with network login MAC-based VLANs. For more detailed information about network login MAC-based VLANs, - Netgear XCM8806 Chassis | User Manual - Page 399
NETGEAR 8800 User Manual password: Reenter password: For - Netgear XCM8806 Chassis | User Manual - Page 400
NETGEAR 8800 User Manual configure netlogin local-user {vlan-vsa [[{tagged | untagged} [ | ]] | none]} Where the following is true: • tagged-Specifies that the client be added - Netgear XCM8806 Chassis | User Manual - Page 401
NETGEAR 8800 User Manual Passwords are case-sensitive. Passwords must have a minimum of 0 characters and a maximum of 32 characters. If you attempt to create a password with more than 32 - Netgear XCM8806 Chassis | User Manual - Page 402
NETGEAR 8800 User Manual 802.1x Authentication 802.1x authentication methods govern interactions User authentication is performed at link-up when the user is logged in. Windows XP also supports guest authentication, but this is disabled by default. See the relevant Microsoft documentation for further - Netgear XCM8806 Chassis | User Manual - Page 403
NETGEAR 8800 User Manual Authentication Server Side The RADIUS server used for authentication must be EAP-capable. Consider the following when choosing a RADIUS server: • Types of authentication methods supported on RADIUS, as mentioned previously. • Need to support VSAs. Parameters such as Netgear- - Netgear XCM8806 Chassis | User Manual - Page 404
NETGEAR 8800 User Manual 802.1x Network Login Configuration Example The following configuration example shows the NETGEAR switch configuration needed to support the 802.1x network login example. Note: In the following sample configuration, any lines marked (Default) represent default settings and do - Netgear XCM8806 Chassis | User Manual - Page 405
NETGEAR 8800 User Manual Note: For information about how to use and configure your does not respond to 802.1x authentication remains disabled and cannot access the network. 802.1x authentication supports the concept of "guest VLANs" that allow such a supplicant (client) limited or restricted network - Netgear XCM8806 Chassis | User Manual - Page 406
NETGEAR 8800 User Manual • Guidelines for Configuring Guest VLANs on page 406 • Creating Guest VLANs on page 407 • Enabling Guest VLANs on page 407 • Modifying the Supplicant Response Timer - Netgear XCM8806 Chassis | User Manual - Page 407
NETGEAR 8800 User Manual • You must create a VLAN and configure it as a guest VLAN before enabling the guest VLAN feature. • Configure guest VLANs only on network login ports with 802.1x enabled. • Movement to guest VLANs is not supported on network login ports with MAC-based or web-based - Netgear XCM8806 Chassis | User Manual - Page 408
NETGEAR 8800 User Manual unconfigure netlogin dot1x guest-vlan {ports | } Displaying . If this occurs, the supplicant is authenticated but has limited network access until the problem is resolved. After you update the supplicant's anti-virus software, or install the software - Netgear XCM8806 Chassis | User Manual - Page 409
NETGEAR 8800 User Manual • RADIUS server that supports NAP (Microsoft Windows Vista operating system refers to this as a network policy server (NPS), formerly known as the internet authentication server (IAS)). • Remediation servers that - Netgear XCM8806 Chassis | User Manual - Page 410
NETGEAR 8800 User Manual • The RADIUS server has been configured using the NAP-specific VSAs for authenticating supplicants. • The remediation servers have been configured with the appropriate software updates, - Netgear XCM8806 Chassis | User Manual - Page 411
NETGEAR 8800 User Manual 4. If the SoH indicates that the supplicant is unhealthy, the RADIUS login in conjunction with devices and servers that support NAP. The Microsoft Vendor ID is 311. Note: For more information about NAP and the VSAs supported by NAP, see the documentation that came with - Netgear XCM8806 Chassis | User Manual - Page 412
NETGEAR 8800 User Manual ACLS for Remediation Servers The NAP VSA, MS-IPv4-Remediation-Servers, contains a list of IP addresses that an unhealthy and therefore quarantined supplicant should be - Netgear XCM8806 Chassis | User Manual - Page 413
NETGEAR 8800 User Manual • Configuring the Login Page on page 415 • Customizable Authentication Failure Response on page 417 • Web-Based Network Login Configuration Example on page 418 • Web-Based - Netgear XCM8806 Chassis | User Manual - Page 414
NETGEAR 8800 User Manual This redirection information is used only in case the redirection info is missing the port is to be used for HTTP or HTTPS traffic. No more that five hijack or proxy ports are supported for HTTP in addition to port 80 (for HTTP) and port 443 (for HTTPS), both of which cannot - Netgear XCM8806 Chassis | User Manual - Page 415
NETGEAR 8800 User Manual Configuring Logout Privilege To enable or disable network login logout privilege they can be served up as the initial login page at the base URL. Both HTTP and HTTPS are supported as a means of authenticating the user via the custom page. In general, the steps for setting up - Netgear XCM8806 Chassis | User Manual - Page 416
NETGEAR 8800 User Manual where is user-configurable. The following is a sample information prepended. • Both uppercase and lowercase names (or a mixture) for the graphical image filenames are supported, but the user and password tag names should be either all uppercase or all lowercase, not a - Netgear XCM8806 Chassis | User Manual - Page 417
NETGEAR 8800 User Manual Limitations The following limitations apply to the login page: • When the client is in the unauthenticated state, any embedded URLs in the custom page are inaccessible to it. • Only JPEG and GIF graphical images are supported. • It is the web page writer's responsibility to - Netgear XCM8806 Chassis | User Manual - Page 418
NETGEAR 8800 User Manual Web-Based Network Login Configuration Example The following configuration example shows both the NETGEAR switch configuration and the RADIUS server entries needed to support the example. VLAN corp is assumed to be a corporate subnet which has connections to DNS, WINS servers - Netgear XCM8806 Chassis | User Manual - Page 419
NETGEAR 8800 User Manual configure vlan "corp" add port 1:11 untagged configure vlan "corp" add port 1:12 untagged configure vlan "corp" add port 1:13 untagged configure vlan "corp" add - Netgear XCM8806 Chassis | User Manual - Page 420
NETGEAR 8800 User Manual 1. Set up the Windows IP configuration for DHCP. 2. Plug into the port that has web-based network login enabled. 3. Log in to Windows. 4. Release any - Netgear XCM8806 Chassis | User Manual - Page 421
NETGEAR 8800 User Manual • The permanent VLAN • The URL to be redirected to (optional) • a permanent address. MAC-Based Authentication MAC-based authentication is used for supplicants that do not support a network login mode, or supplicants that are not aware of the existence of such security - Netgear XCM8806 Chassis | User Manual - Page 422
NETGEAR 8800 User Manual will be used to authenticate the client. All entries in the list are automatically sorted in longest prefix order. All passwords are stored and showed - Netgear XCM8806 Chassis | User Manual - Page 423
NETGEAR 8800 User Manual To associate a MAC address with one or more ports, specify the ports option when using the following command: configure netlogin add mac-list [ {} | - Netgear XCM8806 Chassis | User Manual - Page 424
NETGEAR 8800 User Manual Configuring Reauthentication Period To configure the reauthentication period the case where the client is authenticated in authentication failure vlan or authentication service unavailable vlan and the RADIUS server provides no session-timeout attribute during authentication - Netgear XCM8806 Chassis | User Manual - Page 425
NETGEAR 8800 User Manual MAC-Based Network Login Configuration Example The following configuration example shows the NETGEAR switch configuration needed to support the MAC-based network login example. create vlan "temp" create vlan "corp" configure vlan "default" delete ports 4:1-4:4 # Configuration - Netgear XCM8806 Chassis | User Manual - Page 426
Manual This section describes the following topics: • Configuring Network Login MAC-Based VLANs on page 426 • Configuring Dynamic VLANs for Network Login on page 428 • Configuring Network Login Port Restart on page 431 • Authentication Failure and Services Port Mode To support network login MAC- - Netgear XCM8806 Chassis | User Manual - Page 427
original state. In addition, by selecting mac-based-vlans, you are unable to manually add or delete untagged VLANs from this port. Network login now controls these VLANs. With network login MAC-based operation, every authenticated client has an - Netgear XCM8806 Chassis | User Manual - Page 428
NETGEAR 8800 User Manual Note: If network login is enabled together with STP, the 'a' and the dynamically created VLAN, the switch deletes that VLAN. Note: Dynamically created VLANs do not support the session refresh feature of web-based network login because dynamically created VLANs do not have an - Netgear XCM8806 Chassis | User Manual - Page 429
NETGEAR 8800 User Manual By dynamically creating and deleting VLANs, you minimize the The forwarded information can include only a VLAN ID (no VLAN name). The following list specifies the supported VSAs for configuring dynamic VLANs: • Netgear: Netlogin-VLAN-ID (VSA 209) • Netgear: Netlogin-Extended - Netgear XCM8806 Chassis | User Manual - Page 430
NETGEAR 8800 User Manual Note: If the ASCII string contains only numbers, it is interpreted as the VLAN ID. Dynamic VLANS support only numerical VLAN IDs; VLAN names are not supported. For more information on NETGEAR VSAs, see NETGEAR VSAs on page 483. The switch automatically generates the VLAN - Netgear XCM8806 Chassis | User Manual - Page 431
that supplicant. DHCP cannot renegotiate their leases, which is why you must manually release the IP address. For example, if the idle timer expires may be unclear why you are unable to access the network. After you manually renew the IP address, you are redirected to the network login login page - Netgear XCM8806 Chassis | User Manual - Page 432
NETGEAR 8800 User Manual Displaying the Port Restart Configuration To display the network login to set and control the response to network login authentication failure and instances of services unavailable. Configuring Authentication Failure VLAN When a network login client fails authentication, it - Netgear XCM8806 Chassis | User Manual - Page 433
NETGEAR 8800 User Manual Dependency on authentication database order There are four different authentication be authenticated due to problems with the RADIUS configuration, the RADIUS server not running, or some other problem then it is considered as an authentication service unavailable. If the - Netgear XCM8806 Chassis | User Manual - Page 434
switch itself. Security measures in this category include routing policies that can limit the visibility of parts of the network or denial of service protection that prevents the CPU from being overloaded. Finally, management functions for the switch can be protected from unauthorized use. This type - Netgear XCM8806 Chassis | User Manual - Page 435
8800 User Manual XCM8800 has access, see Chapter 13, ACLs. • Denial of Service Protection-Denial of Service (DoS) protection is a dynamic response mechanism used and memory from attacks and attempts to characterize the attack (or problem) and filter out the offending traffic so that other functions - Netgear XCM8806 Chassis | User Manual - Page 436
NETGEAR 8800 User Manual analysis, common response mechanisms include applying an ACL, changing Quality of Service (QoS) parameters, or FDB, see Chapter 10, FDB. Note: MAC security is not supported on BlackDiamond 20800 series switches. MAC security includes several types of control. You - Netgear XCM8806 Chassis | User Manual - Page 437
NETGEAR 8800 User Manual • Limit the number of dynamically-learned MAC addresses allowed per virtual port. For more information, see Limiting Dynamic MAC Addresses on page 437. • "Lock" the - Netgear XCM8806 Chassis | User Manual - Page 438
NETGEAR 8800 User Manual When the learned limit is reached, all new source MAC addresses are blackholed at the ingress and egress points. This prevents these MAC addresses from - Netgear XCM8806 Chassis | User Manual - Page 439
NETGEAR 8800 User Manual Device A Hub Device B Device C EX_175 Figure 27. Switch Configured for Limit Learning MAC Address Lockdown In contrast to limiting learning on virtual ports, you can - Netgear XCM8806 Chassis | User Manual - Page 440
NETGEAR 8800 User Manual configure ports vlan [limit-learning {action [blackhole | stop-learning]} | lock-learning | unlimited-learning | unlock-learning] When you remove the lockdown using the - Netgear XCM8806 Chassis | User Manual - Page 441
NETGEAR 8800 User Manual new device cannot replace it until the lockdown timer for the first device has expired. This condition is true if the limit on the port - Netgear XCM8806 Chassis | User Manual - Page 442
NETGEAR 8800 User Manual Device A Hub Device B Device C EX_175 Figure 28. Devices Using MAC Address Lockdown Device Inactivity for Less than the MAC Lockdown Timer As long as a device - Netgear XCM8806 Chassis | User Manual - Page 443
NETGEAR 8800 User Manual Device A EX_176 Figure 29. Single Device with MAC Lockdown Timeout Disconnecting a Device In this example, Device A is disconnected from the port, triggering a port-down action. - Netgear XCM8806 Chassis | User Manual - Page 444
NETGEAR 8800 User Manual Example of Port Movement Figure 30 shows Device A connected to port X. Port X has a MAC lockdown timer setting of 100 seconds, and port Y has a MAC lockdown - Netgear XCM8806 Chassis | User Manual - Page 445
Manual Output from this command also lists the aging time of the port. DHCP Server XCM8800 has Dynamic Host Configuration Protocol (DHCP) support gateway, Domain Name Servers (DNS) addresses, or Windows Internet Naming Service (WINS) server, use the following command: configure {vlan} - Netgear XCM8806 Chassis | User Manual - Page 446
NETGEAR 8800 User Manual To remove entries, or all entries. You would use this command to troubleshoot IP address allocation on the VLAN. To clear entries, use network. Note: Currently, BlackDiamond 20800 series switches do not support "IP Security." The IP security features described in this section - Netgear XCM8806 Chassis | User Manual - Page 447
NETGEAR 8800 User Manual • Gratuitous ARP Protection on page 458 • ARP Validation on page inspection- protect only switch EX_178 Figure 31. IP Security Dependencies Note: IP security features are supported on link aggregation ports with the exception of DHCP snooping with the block-mac option and - Netgear XCM8806 Chassis | User Manual - Page 448
NETGEAR 8800 User Manual When configured to do so, the switch drops packets duration_in_seconds> | permanently] | none]}] {snmp-trap} Note: Snooping IP fragmented DHCP packets is not supported. The violation action setting determines what action(s) the switch takes when a rogue DHCP server packet - Netgear XCM8806 Chassis | User Manual - Page 449
NETGEAR 8800 User Manual Configuring Trusted DHCP Server To configure a trusted DHCP server on the switch, use the following command: configure trusted-servers {vlan} add server trust- - Netgear XCM8806 Chassis | User Manual - Page 450
NETGEAR 8800 User Manual 1:3 drop-packet 1:4 drop-packet, block-mac permanently 1:7 none 1:9 drop-packet, snmp-trap To display the DHCP bindings database, use the following command: show ip-security - Netgear XCM8806 Chassis | User Manual - Page 451
NETGEAR 8800 User Manual configure ip-security dhcp-snooping information option Note: When DHCP relay is configured in a DHCP snooping environment, the relay agent IP address should be configured - Netgear XCM8806 Chassis | User Manual - Page 452
NETGEAR 8800 User Manual If the configuration of either VLAN Info or Port Info causes the total string length of - to exceed 32 bytes, then - Netgear XCM8806 Chassis | User Manual - Page 453
NETGEAR 8800 User Manual Example of Option 82 Configuration The following example describes ip-security dhcp-snooping information circuit-id port-information cutomer-2 port 2 CLI display output * XCM8806.48 # sh ip-security dhcp-snooping v1 DHCP Snooping enabled on ports: 21 Trusted Ports - Netgear XCM8806 Chassis | User Manual - Page 454
NETGEAR 8800 User Manual Port ---1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 1024 1025 1026 Note: The full Circuit ID string has the form '-' * XCM8806.53 # Source IP Lockdown Another type of IP security prevents IP address spoofing by automatically placing source IP - Netgear XCM8806 Chassis | User Manual - Page 455
NETGEAR 8800 User Manual source IP lockdown is enabled on another port, the switch creates ACLs to allow DHCP packets and to deny all IP traffic for that particular - Netgear XCM8806 Chassis | User Manual - Page 456
NETGEAR 8800 User Manual For more information about DHCP snooping see, Configuring DHCP Snooping on ARP learning. You can disable ARP learning so that the only entries in the ARP table are either manually added or those created by DHCP secured ARP; the switch does not add entries by tracking ARP - Netgear XCM8806 Chassis | User Manual - Page 457
add a permanent entry to the ARP table or configure DHCP secured ARP to populate the ARP table. To manually add a permanent entry to the ARP table, use the following command: configure iparp add {vr } For more detailed information about this command - Netgear XCM8806 Chassis | User Manual - Page 458
NETGEAR 8800 User Manual By default, DHCP secured ARP learning is disabled. To enable DHCP secured ARP, use the following command: enable ip-security arp learning learn-from-dhcp { - Netgear XCM8806 Chassis | User Manual - Page 459
NETGEAR 8800 User Manual • Destination MAC address-FF:FF:FF:FF:FF:FF (broadcast) • Source MAC address-Host's MAC address • Source IP address = Destination IP address-IP address to - Netgear XCM8806 Chassis | User Manual - Page 460
NETGEAR 8800 User Manual In addition, to protect the IP addresses of the hosts that appear as secure entries in the ARP table, use the following commands to enable - Netgear XCM8806 Chassis | User Manual - Page 461
NETGEAR 8800 User Manual Depending on the options specified when enabling ARP validation, the trap 23 DHCP drop-packet, block-port for 120 seconds, snmp-trap Denial of Service Protection A Denial-of-Service (DoS) attack occurs when a critical network or computing resource is overwhelmed and - Netgear XCM8806 Chassis | User Manual - Page 462
NETGEAR 8800 User Manual others, and although normal traffic is not a problem, exception traffic must be handled by the If any one of these functions is overwhelmed, the CPU may be too busy to service other functions and switch performance will suffer. Even with very fast CPUs, there will always - Netgear XCM8806 Chassis | User Manual - Page 463
NETGEAR 8800 User Manual The remainder of this section describes how to configure DoS protection, including alert thresholds, notify thresholds, ACL expiration time, and so on. Configuring Denial of Service Protection To enable or disable DoS protection, use the following commands: enable dos- - Netgear XCM8806 Chassis | User Manual - Page 464
protocol anomaly detection security functionality is supported by a set of anomaly-protection enable, disable, configure, clear, and show CLI commands. For further details, see the chapter on security commands in the NETGEAR 8800 Chassis Switch CLI Manual. Flood Rate Limitation Flood rate limitation - Netgear XCM8806 Chassis | User Manual - Page 465
NETGEAR 8800 User Manual To display rate limiting statistics, use the following command: show ports {< a local database on each switch as a backup authentication service if the TACACS+ service is unavailable. When the TACACS+ service is operating, privileges defined on the TACACS+ server take - Netgear XCM8806 Chassis | User Manual - Page 466
NETGEAR 8800 User Manual To use TACACS+ server features, you need the following components: • TACACS+ client is a communications protocol that is used between client and server to implement the TACACS+ service. The TACACS+ client component of the XCM8800 software should be compatible with any TACACS+ - Netgear XCM8806 Chassis | User Manual - Page 467
NETGEAR 8800 User Manual Configuring the TACACS+ Client Timeout Value To configure the timeout if a Enabling and Disabling the TACACS+ Client Service The TACACS+ client service can be enabled or disabled without affecting the client configuration. When the client service is disabled, the client does - Netgear XCM8806 Chassis | User Manual - Page 468
on the switch All other client configuration parameters use the default settings as described earlier in this section or in the NETGEAR 8800 Chassis Switch CLI Manual. configure tacacs primary server 10.201.31.238 client-ip 10.201.31.85 vr "VR-Default" configure tacacs primary shared-secret purple - Netgear XCM8806 Chassis | User Manual - Page 469
NETGEAR 8800 User Manual • Enabling and Disabling TACACS+ Accounting on page 470 • TACACS+ Accounting Configuration Example on page 470 Specifying the Accounting Server Addresses Before the TACACS+ client software - Netgear XCM8806 Chassis | User Manual - Page 470
on the switch All other client configuration features use the default settings as described earlier in this section or in the NETGEAR 8800 Chassis Switch CLI Manual. configure tacacs-accounting primary server 10.201.31.238 client-ip 10.201.31.85 vr "VR-Default" configure tacacs-accounting primary - Netgear XCM8806 Chassis | User Manual - Page 471
NETGEAR 8800 User Manual Server name : IP address : 10.201.31.235 Server IP Port: 49 Client use a local database on each switch as a backup authentication service if the RADIUS service is unavailable. When the RADIUS service is operating, privileges defined on the RADIUS server take precedence - Netgear XCM8806 Chassis | User Manual - Page 472
NETGEAR 8800 User Manual Note: RADIUS provides many of the same features provided by TACACS+. You cannot use RADIUS and TACACS+ at the same time. RADIUS is a communications protocol (RFC 2138) that is used between client and server to implement the RADIUS service. The RADIUS client component of the - Netgear XCM8806 Chassis | User Manual - Page 473
User Manual authentication user managed by command authorization. The XCM8800 software supports backup authentication and authorization by a secondary RADIUS server RADIUS servers can be optionally configured to work with directory services such as LDAP or Microsoft Active Directory. Because XCM8800 - Netgear XCM8806 Chassis | User Manual - Page 474
NETGEAR 8800 User Manual Authenticating Network Login Users Through a RADIUS Server You can to maintain a separate local database on each switch. RADIUS servers provide the following services for network login sessions: • Username and password authentication • Standard RADIUS attributes and NETGEAR - Netgear XCM8806 Chassis | User Manual - Page 475
NETGEAR 8800 User Manual • Command authorization is not applicable because network login controls network access, not management session access. the Shared Secret Password for RADIUS Communications on page 476 • Enabling and Disabling the RADIUS Client Service on page 477 Chapter 17. Security | 475 - Netgear XCM8806 Chassis | User Manual - Page 476
NETGEAR 8800 User Manual Specifying RADIUS Server Addresses Before the RADIUS client software can communicate with a RADIUS server, you must specify the server address in the client software. You - Netgear XCM8806 Chassis | User Manual - Page 477
NETGEAR 8800 User Manual Enabling and Disabling the RADIUS Client Service The RADIUS client service can be enabled or disabled without affecting the client configuration. When the client service is disabled, the client does not communicate with the RADIUS server, so authentication must take place - Netgear XCM8806 Chassis | User Manual - Page 478
NETGEAR 8800 User Manual management and another pair for network login, use the mgmt-access and netlogin keywords. Configuring the RADIUS Client Accounting Timeout Value To configure the timeout - Netgear XCM8806 Chassis | User Manual - Page 479
NETGEAR 8800 User Manual RADIUS Server Configuration Guidelines The RADIUS server is introduced in Configuring the RADIUS Client on page 475. This section describes the following: • Configuring User Authentication ( - Netgear XCM8806 Chassis | User Manual - Page 480
NETGEAR 8800 User Manual eric Password = "", Service-Type = Administrative, Profile-Name = "" Filter-Id = "unlim" Netgear:Netgear-CLI-Authorization = Enabled The key components of the example above are the user name, password, profile - Netgear XCM8806 Chassis | User Manual - Page 481
NETGEAR 8800 User Manual The key components of the example above are the MAC address, password (which is set to the MAC address), attributes, and NETGEAR VSAs. For simple - Netgear XCM8806 Chassis | User Manual - Page 482
NETGEAR 8800 User Manual Table 50. Standard RADIUS Attributes Used by Network Login (Continued) Attribute Service-Type RFC RFC 2138 Access-Request Access-Accept Specifies how the switch should respond to service termination. Access-Accept Specifies the transport medium used when creating - Netgear XCM8806 Chassis | User Manual - Page 483
NETGEAR 8800 User Manual read-only access to the user. Different implementations of RADIUS handle attribute transmission differently. You should consult the documentation for your specific implementation of RADIUS - Netgear XCM8806 Chassis | User Manual - Page 484
NETGEAR 8800 User Manual The following sections provide additional information on using the NETGEAR VSAs listed in Table 51: • VSA 201: NETGEAR-CLI-Authorization on page 484 • VSA 203: - Netgear XCM8806 Chassis | User Manual - Page 485
NETGEAR 8800 User Manual The following describes the guidelines for VSA 203: • For untagged VLAN movement with 802.1x netlogin, you can use all current NETGEAR VLAN VSAs: VSA - Netgear XCM8806 Chassis | User Manual - Page 486
NETGEAR 8800 User Manual redirect message while the web client is redirected to the web page the authentication is valid. If the configured value is disabled, all normal authentication processes are supported (Telnet and SSH, for example), so the switch accepts the authentication. If the configured - Netgear XCM8806 Chassis | User Manual - Page 487
NETGEAR 8800 User Manual • To specify the VLAN ID, use an ASCII string. • When using this VSA, do not specify whether the VLAN is tagged or untagged. Because the - Netgear XCM8806 Chassis | User Manual - Page 488
NETGEAR 8800 User Manual • For tagged VLAN movement with 802.1x netlogin, you must use VSA 211. • To specify the VLAN name or the VLAN ID, use an ASCII - Netgear XCM8806 Chassis | User Manual - Page 489
NETGEAR 8800 User Manual Configuring the Dictionary File Before you can use NETGEAR VSAs on a RADIUS server, you must define the VSAs. On the FreeRADIUS server, you define the - Netgear XCM8806 Chassis | User Manual - Page 490
User Manual unlim" admin Password = "", Service-Type = Administrative Filter-Id = "unlim" eric Password = "", Service-Type = Administrative, Profile-Name unable to execute any commands. Configuring the Dictionary File To support the NETGEAR-CLI-Authorization VSA in the users file, you - Netgear XCM8806 Chassis | User Manual - Page 491
NETGEAR 8800 User Manual Configuring the Profiles File The following example RADIUS profiles file entries show an example configuration for three profiles: PROFILE1 on all switches greatly reduces the chance of a user gaining elevated access due to RADIUS server problems. Chapter 17. Security | 491 - Netgear XCM8806 Chassis | User Manual - Page 492
NETGEAR 8800 User Manual Based on the profiles listed in the example above and the users listed in the example in Configuring the Users File on page 490, command - Netgear XCM8806 Chassis | User Manual - Page 493
NETGEAR 8800 User Manual Note: RADIUS server software can be obtained from several folder. The following example demonstrates how to configure the FreeRADIUS server for authentication and LDAP support: 1. Modify the radiusd.conf file global settings: log_auth = yes (log authentication requests - Netgear XCM8806 Chassis | User Manual - Page 494
NETGEAR 8800 User Manual Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix ldap eap A NETGEAR edge switch serves as a network access server (NAS) - Netgear XCM8806 Chassis | User Manual - Page 495
NETGEAR 8800 User Manual attributetype ( 1.3.6.1.4.1.3317.4.3.1.61 NAME 'radiusNetgearSecurityProfile' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.62 NAME 'radiusNetgearNetloginVlanTag' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX - Netgear XCM8806 Chassis | User Manual - Page 496
NETGEAR 8800 User Manual Implementation Notes for Specific RADIUS Servers The following sections character. The following is a user file example for read-write access: adminuser Auth-Type = System Service-Type = Administrative-User, Filter-Id = "unlim" RSA Ace For users of their RSA SecureID® - Netgear XCM8806 Chassis | User Manual - Page 497
NETGEAR 8800 User Manual To configure the SBR server, the file vendor.ini must be in the desired number of maximum sessions. Microsoft IAS To use NETGEAR VSAs with the Internet Authentication Service (IAS) in Microsoft® Windows Server™ 2003, you must first create a Remote Access Policy and - Netgear XCM8806 Chassis | User Manual - Page 498
IAS service, new authentications should correctly return the NETGEAR VSA after successful authentication. Users who were previously authenticated have to re-authenticate to before the new VSAs apply to them. If you experience problems with the newly configured VSAs, use the following troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 499
NETGEAR 8800 User Manual 4. Configure the edge switches as described in this guide. 5. Configure each supplicant as described in Configuring a Windows XP Supplicant for 802.1x Authentication on page 503. For complete instructions on setting up an LDAP server, see the product documentation for the - Netgear XCM8806 Chassis | User Manual - Page 500
NETGEAR 8800 User Manual Configuring OpenLDAP Once the build is complete, the slapd and slurpd daemons are located in /usr/local/libexec. The config files are in /etc/openldap - Netgear XCM8806 Chassis | User Manual - Page 501
NETGEAR 8800 User Manual objectClass: sambaSamAccount sn: ldaptestdemo uid: newperson3 - Netgear XCM8806 Chassis | User Manual - Page 502
NETGEAR 8800 User Manual Create vlan nvlan En netlogin dot1x En netlogin port 13-24 dot1x configure radius netlogin primary server 192.168.1.2 1812 client-ip 192.168.1.1 vr - Netgear XCM8806 Chassis | User Manual - Page 503
NETGEAR 8800 User Manual configure lldp port $EVENT.USER_PORT advertise vendor-specific dot1 vlan-name for the phones. Configuring a Windows XP Supplicant for 802.1x Authentication For complete instructions on setting up a Windows XP supplicant, see the product documentation for Microsoft Windows - Netgear XCM8806 Chassis | User Manual - Page 504
NETGEAR 8800 User Manual 2. Click the Authentication tab, and the Authentication dialog appears. 3. Enable 802.1x and disable authenticate as computer. Choose EAP type of Protected EAP, then click - Netgear XCM8806 Chassis | User Manual - Page 505
NETGEAR 8800 User Manual • Viewing SSH2 Information on page 507 • Using ACLs to Control Client on page 512 Enabling SSH2 for Inbound Switch Access To install the software module, see the instructions in Appendix B, Software Upgrade and Boot Options. Note: Do not terminate the SSH process (exsshd) - Netgear XCM8806 Chassis | User Manual - Page 506
NETGEAR 8800 User Manual Note: The pregenerated key must be one that was generated by the switch acting as the server • By configuring the key using the CLI RSA and DSA encryption keys are both supported. The public key can be loaded onto the switch using SCP or SFTP, where the switch is the server - Netgear XCM8806 Chassis | User Manual - Page 507
NETGEAR 8800 User Manual the switch but is not associated with any user. The key any carriage returns or new lines in the key. See the appropriate reference page in the NETGEAR 8800 Chassis Switch CLI Manual for additional details. The host and user public keys can be written to a file in the config - Netgear XCM8806 Chassis | User Manual - Page 508
NETGEAR 8800 User Manual Using ACLs to Control SSH2 Access You can restrict SSH2 access by creating and implementing an ACL policy. You configure an ACL policy to permit - Netgear XCM8806 Chassis | User Manual - Page 509
NETGEAR 8800 User Manual MyAccessProfile_2.pol Entry dontAllowTheseSubnets { if { source-address 10.203.133.0 /24; } then { deny; } } Entry AllowTheRest { If { ; #none specified } then { permit; } } In the following example named - Netgear XCM8806 Chassis | User Manual - Page 510
NETGEAR 8800 User Manual enable ssh2 {access-profile [ | none]} {port } {vr [ | all | default]} Use the none option to remove a previously configured ACL. In the ACL policy file for SSH2, the source-address field is the only supported match condition. Any - Netgear XCM8806 Chassis | User Manual - Page 511
NETGEAR 8800 User Manual [user@linux-server]# scp2 id_rsa.pub [email protected] authentication key to use the SSH2 and SCP2 commands from the XCM8800 CLI. Note: User-created VRs are supported only on the platforms listed for this feature in Appendix A, XCM8800 Software Licenses. To send commands to - Netgear XCM8806 Chassis | User Manual - Page 512
NETGEAR 8800 User Manual scp2 engineering.cfg admin@system1:engineering.cfg Using SFTP from an External SSH2 Client The SFTP protocol is supported for transferring configuration, and policy files to the switch from the SFTP client. You must have administrator-level access to the switch. The switch - Netgear XCM8806 Chassis | User Manual - Page 513
NETGEAR 8800 User Manual [user@linux-server]# sftp [email protected] password: sftp> put id_rsa.pub id_rsa.ssh For image file transfers, only one image file - Netgear XCM8806 Chassis | User Manual - Page 514
NETGEAR 8800 User Manual http://kbserver.netgear.com/products/8810.asp. To install the module, see the instructions in Appendix B, Software Upgrade and Boot Options. You must upload or generate a certificate for SSL server use. Before you can upload a certificate, you must purchase - Netgear XCM8806 Chassis | User Manual - Page 515
NETGEAR 8800 User Manual Creating Certificates and Private Keys When you generate a certificate, the certificate is stored in the configuration file, and the private key is stored in the - Netgear XCM8806 Chassis | User Manual - Page 516
NETGEAR 8800 User Manual • HTTPS port configured. This is the port on which the clients will connect. • Length of the RSA key (the number of bits used to generate - Netgear XCM8806 Chassis | User Manual - Page 517
NETGEAR 8800 User Manual Displaying SSL Information To display whether the switch has a valid private and public key pair and the state of HTTPS access, use the following command: show ssl Chapter 17. Security | 517 - Netgear XCM8806 Chassis | User Manual - Page 518
Part 2: Using Switching and Routing Protocols - Netgear XCM8806 Chassis | User Manual - Page 519
fault tolerant. The following sections explain more about STP and the STP features supported by XCM8800. Note: STP is a part of the 802.1D bridge IEEE 802.1D specification, the switch will be referred to as a bridge. XCM8800 supports the new edition of the IEEE 802.1D standard (known as IEEE 802.1D - Netgear XCM8806 Chassis | User Manual - Page 520
NETGEAR 8800 User Manual Overview STP is a bridge-based mechanism for providing fault tolerance on networks. STP allows you to implement parallel paths for network traffic and to ensure - Netgear XCM8806 Chassis | User Manual - Page 521
NETGEAR 8800 User Manual Switch A Switch B Root bridge Switch E Switch F Switch C Switch D Blocked IEEE 802.1D-1998 IEEE 802.1D-2004 EX_179 Figure 32. 802.1D-1998 and 802. - Netgear XCM8806 Chassis | User Manual - Page 522
NETGEAR 8800 User Manual 65,535 and was not subject to the multiple of 4,096 restriction (except for MSTP configurations). The default bridge priority remains the same at 32, - Netgear XCM8806 Chassis | User Manual - Page 523
NETGEAR 8800 User Manual • The port sends BPDUs • When configured for MSTP, the port runs a partial state machine • If BPDUs are received, the port enters the blocking state • If - Netgear XCM8806 Chassis | User Manual - Page 524
NETGEAR 8800 User Manual • port_list-Specifies one or more ports or slots and ports. • Restricted role is disabled by default. If set, it can cause a lack of spanning tree - Netgear XCM8806 Chassis | User Manual - Page 525
NETGEAR 8800 User Manual When an STPD is disabled for a BPDU restrict configured port, an timeout 400. Following is sample output from the show s1 ports command resulting from the configuration: XCM8806.35 # show s1 ports Port Mode State Cost Flags Priority Port ID Designated Bridge 9 EMISTP - Netgear XCM8806 Chassis | User Manual - Page 526
NETGEAR 8800 User Manual XCM8806.5 # show configuration stp # # Module stp configuration. # configure is sample output for STP operation mode dot1d from the show configuration "stp" command: XCM8806.22 # show configuration stp # # Module stp configuration. # configure mstp region region2 configure - Netgear XCM8806 Chassis | User Manual - Page 527
NETGEAR 8800 User Manual Domain (STPD). Each STPD has its own root bridge and active path. After an STPD is created, one or more VLANs can be assigned to - Netgear XCM8806 Chassis | User Manual - Page 528
NETGEAR 8800 User Manual If you configure EMISTP or PVST+, the STPD ID must be identical to the VLAN ID of the carrier VLAN in that STPD. See Specifying - Netgear XCM8806 Chassis | User Manual - Page 529
NETGEAR 8800 User Manual STPD Modes An STPD has three modes of operation: • 802.1D mode Use this mode for backward compatibility with previous STP versions and for compatibility - Netgear XCM8806 Chassis | User Manual - Page 530
NETGEAR 8800 User Manual configure stpd mode [dot1d | dot1w | mstp [cist | msti < 802.1Q tag having an STPD instance Identifier (STPD ID) in the VLAN ID field. This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w. • Per VLAN Spanning Tree (PVST+) - Netgear XCM8806 Chassis | User Manual - Page 531
NETGEAR 8800 User Manual To configure the default BPDU encapsulation mode on a per STPD basis, use the following command: configure stpd default-encapsulation [dot1d | emistp | pvst-plus] Instead - Netgear XCM8806 Chassis | User Manual - Page 532
added to an STPD. Note: The default VLAN and STPD S0 are already on the switch. Manually Binding Ports To manually bind ports, use one of the following commands: • configure stpd add vlan ports [all | ] {[dot1d | emistp | pvst-plus]} • configure vlan - Netgear XCM8806 Chassis | User Manual - Page 533
, see Member VLANs on page 527. For more detailed information about these command line interface (CLI) commands, see the NETGEAR 8800 Chassis Switch CLI Manual. Automatically Binding Ports To automatically bind ports to an STPD when the ports are added to a VLAN, use the following command: enable - Netgear XCM8806 Chassis | User Manual - Page 534
NETGEAR 8800 Chassis Switch CLI Manual. Automatically Inheriting Ports-MSTP Only In an MSTP environment, whether you manually or automatically see Multiple Spanning Tree Protocol on page 557. Rapid Root Failover XCM8800 supports rapid root failover for faster STP failover recovery times in STP 802. - Netgear XCM8806 Chassis | User Manual - Page 535
NETGEAR 8800 User Manual show stpd { | detail} STPD BPDU Tunneling You can 1 VLAN 1 1:1 1:2 1:3 1:1 1:2 1:1 1:3 Switch A 2:1 Switch B 2:1 2:1 Switch C Service provider L2 EX_180 Figure 34. Sample Network Using STPD BPDU Tunneling The examples described below assume you have - Netgear XCM8806 Chassis | User Manual - Page 536
NETGEAR 8800 User Manual • Configured the mode of operation for the STPD • Configured the STP ports • Enabled STPD The following example shows how to configure STPD BPDU tunneling on - Netgear XCM8806 Chassis | User Manual - Page 537
8800 User Manual configure stpd you install two management modules (MSM/MM) in a NETGEAR 8800 chassis, one node assumes the role of primary and the other node assumes that both primary and backup nodes are running software that supports the synchronize command. To initiate hitless failover on a - Netgear XCM8806 Chassis | User Manual - Page 538
8800 User Manual • If the primary and backup nodes are not synchronized and both nodes are running a version of XCM8800 that supports synchronization, proceed For more information about hitless failover, see Understanding Hitless Failover Support on page 69. STP Configurations When you assign VLANs - Netgear XCM8806 Chassis | User Manual - Page 539
NETGEAR 8800 User Manual • Engineering is the carrier VLAN on STPD2. • Marketing is a member of both STPD1 and STPD2 and is a protected VLAN. Sales, Personnel, Marketing Switch A Manufacturing, Engineering, - Netgear XCM8806 Chassis | User Manual - Page 540
Marketing & Sales Switch 1 NETGEAR 8800 User Manual Marketing, Sales & Engineering Switch 3 Switch 2 Sales & Engineering EX_049 Figure 36. Incorrect Tag-Based STPD Configuration The tag-based network in Figure 36 has the following - Netgear XCM8806 Chassis | User Manual - Page 541
NETGEAR 8800 User Manual A B A B S1 S2 S1 S2 A B A B EX_050 Figure 37. Limitations of Traditional STPD The two switches are connected by a pair of parallel links. Both switches run two - Netgear XCM8806 Chassis | User Manual - Page 542
NETGEAR 8800 User Manual desirable to have multiple STP domains operating in a single VLAN, one for each looped area. The justifications include the following: • The complexity of the STP - Netgear XCM8806 Chassis | User Manual - Page 543
NETGEAR 8800 User Manual • Although a physical port can belong to multiple STPDs, any VLAN on that port can be in only one domain. Put another way, a VLAN cannot belong - Netgear XCM8806 Chassis | User Manual - Page 544
Domain 1 NETGEAR 8800 User Manual Domain 2 Domain 3 EX_053 Figure 40. Looped VLAN Topology • A necessary (but Spanning Tree (PVST) have been in existence for many years and are widely deployed. To support STP configurations that use PVST, XCM8800 has an operational mode called PVST+. Note: In this - Netgear XCM8806 Chassis | User Manual - Page 545
NETGEAR 8800 User Manual STPD VLAN Mapping Each VLAN participating in PVST+ must be in a on the physical port. Third-party PVST+ devices send VLAN 1 packets in a special manner. XCM8800 does not support PVST+ for VLAN 1. Therefore, when the switch receives a packet for VLAN 1, the packet is dropped. - Netgear XCM8806 Chassis | User Manual - Page 546
NETGEAR 8800 User Manual Port Roles RSTP uses information from BPDUs to assign the designated port. Alternate Provides an alternate path to the root bridge and the root port. Backup Supports the designated port on the same attached LAN segment. Backup ports exist only when the bridge is connected - Netgear XCM8806 Chassis | User Manual - Page 547
NETGEAR 8800 User Manual Table 53. RSTP Link Types Port Link Type Description Auto Specifies the switch to automatically determine the port link type. An auto link behaves like a - Netgear XCM8806 Chassis | User Manual - Page 548
NETGEAR 8800 User Manual Configuring Edge Safeguard Loop prevention and detection on an edge remains in the blocking state until it stops receiving BPDUs and the message age timer expires. XCM8800 supports an enhanced bridge detection method, which is part of the 802.1D-2004 standard. Ports that - Netgear XCM8806 Chassis | User Manual - Page 549
NETGEAR 8800 User Manual In XCM8800, STP edge safeguard disables a port when a remote loop is detected. A remote loop causes BPDUs to be exponentially duplicated which caused high CPU utilization - Netgear XCM8806 Chassis | User Manual - Page 550
NETGEAR 8800 User Manual Table 55. Derived Timers (Continued) Timer Description • Has been in either a root or designated port role long enough that the spanning tree information supporting this role assignment has reached all of the bridges in the network. Note: RSTP is backward compatible - Netgear XCM8806 Chassis | User Manual - Page 551
NETGEAR 8800 User Manual • Is now a root port and no other ports have a recent role assignment that contradicts with its root port role. • Is a designated port and attaches to - Netgear XCM8806 Chassis | User Manual - Page 552
NETGEAR 8800 User Manual Another situation may arise if you have more than one bridge and you lower the port cost for the alternate port, which makes it the - Netgear XCM8806 Chassis | User Manual - Page 553
NETGEAR 8800 User Manual change, that bridge starts the topology change timer, sets the topology change flag on its BPDUs, floods all of the forwarding ports in the network ( - Netgear XCM8806 Chassis | User Manual - Page 554
NETGEAR 8800 User Manual A B C A , 0 A , 1 A , 2 Down link BPDU F E D F , 0 A , 2 A , 3 Designated Root port port EX_055b Figure 43. Down Link Detected 2. Bridge E believes that bridge A is the root bridge. When bridge E receives the - Netgear XCM8806 Chassis | User Manual - Page 555
NETGEAR 8800 User Manual A B C A , 0 A , 1 A , 2 Designated port Root F E D port E , 1 E , 0 A , 3 EX_055d Figure 45. Communicating New Root Bridge Status to Neighbors 4. Bridge D believes that bridge A is the root bridge. When bridge D receives - Netgear XCM8806 Chassis | User Manual - Page 556
NETGEAR 8800 User Manual A B C A , 0 A , 1 A , 2 Designated port Root port F E D E , 1 A , 4 A , 3 Agree BPDU EX_055f Figure 47. Communicating Port Status to Neighbors 6. To complete the topology change (as shown in Figure 48): • Bridge D - Netgear XCM8806 Chassis | User Manual - Page 557
NETGEAR 8800 User Manual within each bridge configured to run in 802.1w mode. For example, a compatibility issue occurs if you configure 802.1w mode and the bridge receives - Netgear XCM8806 Chassis | User Manual - Page 558
NETGEAR 8800 User Manual • MSTP Port Roles on page 565 • MSTP Port States on page 565 • MSTP Link Types on page 565 • MSTP Edge Safeguard on page 565 • MSTP - Netgear XCM8806 Chassis | User Manual - Page 559
NETGEAR 8800 User Manual = boundary port = master port = MSTI root port (10) CIST root bridge A C B (20) CIST regional root D MSTP Region 1 E I F (50) MSTI regional root (60) G (80) H (40) CIST - Netgear XCM8806 Chassis | User Manual - Page 560
NETGEAR 8800 User Manual If you have an active MSTP region, NETGEAR recommends that you disable all active STPDs in the region before renaming the region on all of - Netgear XCM8806 Chassis | User Manual - Page 561
bridges, regardless of its location. For more information about configuring the bridge ID, see the configure stpd priority command in the NETGEAR 8800 Chassis Switch CLI Manual. CIST Regional Root Bridge Within an MSTP region, the bridge with the lowest path cost to the CIST root bridge is the CIST - Netgear XCM8806 Chassis | User Manual - Page 562
NETGEAR 8800 User Manual (10) CIST root bridge A (20) CIST regional root D MSTP E Region 1 = boundary port = master port = MSTI root port F G (50) MSTI (60) regional root Figure 51. Close- - Netgear XCM8806 Chassis | User Manual - Page 563
NETGEAR 8800 User Manual Configuring the MSTI and the MSTI ID MSTP uses the MSTI ID more information about configuring the bridge ID, see the configure stpd priority command in the NETGEAR 8800 Chassis Switch CLI Manual. MSTI Root Port The port on the bridge that has the lowest path cost to the MSTI - Netgear XCM8806 Chassis | User Manual - Page 564
NETGEAR 8800 User Manual Note: If two switches are configured for the same CIST and MSTI region, in order for them to understand that they are in the same - Netgear XCM8806 Chassis | User Manual - Page 565
NETGEAR 8800 User Manual MSTP Region 1 and MSTP Region 2 are connected to the CIST root through directly connected ports, identified as master ports. The bridge with ID 100 connects - Netgear XCM8806 Chassis | User Manual - Page 566
NETGEAR 8800 User Manual MSTP Timers MSTP uses the same timers as STP and RSTP, mode mstp msti 5. Add VLANs to the MSTIs using one of the following commands: • Manually binding ports configure stpd add vlan ports [all | ] {[dot1d | emistp | - Netgear XCM8806 Chassis | User Manual - Page 567
NETGEAR 8800 User Manual configure vlan add ports [all | ] {tagged | untagged} stpd {[dot1d | emistp | pvst-plus]} • Automatically binding ports to an STPD when ports are added - Netgear XCM8806 Chassis | User Manual - Page 568
NETGEAR 8800 User Manual • Switch A as the CIST root bridge (this is the CIST root bridge for all regions) • Switch A as the CIST regional root bridge • Switch A as the - Netgear XCM8806 Chassis | User Manual - Page 569
NETGEAR 8800 User Manual For region 2, Switch E is the CIST regional root bridge and so a port on that bridge becomes the CIST root port. 3. Identifying MSTI regional roots. Each - Netgear XCM8806 Chassis | User Manual - Page 570
NETGEAR 8800 User Manual Switch 2 2 3 Switch 4 Summit X450-1 Switch 1 Root Bridge 1 2 Indicates only spanning tree. Indicates both spanning tree and network login. Switch 3 32 Switch 5 Summit X450-2 Client PC - Netgear XCM8806 Chassis | User Manual - Page 571
NETGEAR 8800 User Manual STP Rules and Restrictions This section summarizes the rules and restrictions on the same port as follows: • STP (802.1D), RSTP (802.1W), and MSTP (802.1S) support both network login and STP on the same port. • At least one VLAN on the intended port should be configured - Netgear XCM8806 Chassis | User Manual - Page 572
NETGEAR 8800 User Manual Configuring STP on the Switch To configure basic STP: 1. Create one or more STPDs using the following command: create stpd 2. Add one or more - Netgear XCM8806 Chassis | User Manual - Page 573
NETGEAR 8800 User Manual Note: The device supports the RFC 1493 Bridge MIB, RSTP-03, and NETGEAR STP MIB. Parameters of the s0 default STPD support RFC 1493 and RSTP-03. Parameters of any other STPD support the NETGEAR STP MIB. Note: If an STPD contains at least one port not in 802.1D (dot1D - Netgear XCM8806 Chassis | User Manual - Page 574
NETGEAR 8800 User Manual To display the state of a port that participates in STP, use the following command: show {stpd} ports {[detail | {detail}]} To display more detailed - Netgear XCM8806 Chassis | User Manual - Page 575
NETGEAR 8800 User Manual STP Configuration Examples This section provides four configuration examples: • Basic 802.1D Configuration Example on page 575 • EMISTP Configuration Example on page 576 • RSTP 802. - Netgear XCM8806 Chassis | User Manual - Page 576
NETGEAR 8800 User Manual By default, the port encapsulation mode for user-defined STPDs is emistp. In this example, you set it to dot1d. EMISTP Configuration Example Figure 56 - Netgear XCM8806 Chassis | User Manual - Page 577
NETGEAR 8800 User Manual create stpd s2 configure stpd s2 add yellow ports all configure stpd s2 tag 300 configure stpd s2 add red ports 1:3-1:4 emistp enable stpd s2 - Netgear XCM8806 Chassis | User Manual - Page 578
NETGEAR 8800 User Manual create stpd stpd1 configure stpd stpd1 mode dot1w create vlan sales create vlan personnel create vlan marketing configure vlan sales tag 100 configure vlan personnel - Netgear XCM8806 Chassis | User Manual - Page 579
NETGEAR 8800 User Manual = boundary port = master port = MSTI root port CIST root 1 Switch D 2 MSTP Region 1 MSTP Region 2 3 Switch A CIST regional root MSTI regional root 4 5 8 9 Switch E CIST regional root - Netgear XCM8806 Chassis | User Manual - Page 580
NETGEAR 8800 User Manual • Configure the port link type. • Enable the MSTI. On the external switch (the switch that is not in a region): • Create an STPD that has the - Netgear XCM8806 Chassis | User Manual - Page 581
NETGEAR 8800 User Manual configure stpd s0 mode mstp cist configure stpd s0 priority 32768 (Default) enable stpd s0 auto-bind vlan Default enable stpd s0 create stpd s1 - Netgear XCM8806 Chassis | User Manual - Page 582
provide redundant routing services to users. VRRP is used to eliminate the single point of failure associated with manually configuring a default Management Switch Fabric Module (MSM) or Management Modules (MMs) in a BlackDiamond chassis, one MSM/MM (node) assumes the role of primary and the other - Netgear XCM8806 Chassis | User Manual - Page 583
8800 User Manual management functions, and the backup acts in a standby role. Hitless failover transfers switch management control from the primary to the backup and maintains the state of VRRP. VRRP supports hitless failover. You do not explicitly configure hitless failover support; rather, if - Netgear XCM8806 Chassis | User Manual - Page 584
NETGEAR 8800 User Manual Note: For complete information about software licensing, including how to obtain and upgrade your license and what licenses are appropriate for these features, see Appendix A, - Netgear XCM8806 Chassis | User Manual - Page 585
NETGEAR 8800 User Manual VRRP Master Preemption VRRP master preemption is a feature that allows allowed on the router but not on the same IP interface or VLAN. • The maximum number of supported VRIDs per interface is seven. • An interconnect link between VRRP routers should not be used, except when - Netgear XCM8806 Chassis | User Manual - Page 586
NETGEAR 8800 User Manual • A maximum of 128 VRID instances are supported on the router. • Up to seven unique VRIDs can be configured on the router. VRIDs can be re-used, but not on the same interface. • - Netgear XCM8806 Chassis | User Manual - Page 587
NETGEAR 8800 User Manual Table 56. VRRP Configuration Parameters (Continued) Parameter ip_address advertisement_interval skew_time master_down_interval preempt_mode preempt_timer track mode Description This is the IP address associated with this virtual - Netgear XCM8806 Chassis | User Manual - Page 588
NETGEAR 8800 User Manual • Displaying VRRP Tracking Information on page 589 VRRP Tracking Mode When a VRRP tracked entity fails, the VRRP router behavior is controlled by the tracking mode. - Netgear XCM8806 Chassis | User Manual - Page 589
NETGEAR 8800 User Manual configure vrrp vlan vrid delete track-iproute / VRRP Ping Tracking You can configure VRRP to track connectivity using a simple ping to - Netgear XCM8806 Chassis | User Manual - Page 590
A Switch A = Master VRID = 1 Virtual router IP address = 192.168.1.3 MAC address = 00-00-5E-00-01-01 Priority = 255 192.168.1.3 NETGEAR 8800 User Manual Switch B Switch B = Backup VRID = 1 Virtual router IP address = 192.168.1.3 MAC address = 00-00-5E-00-01-01 Priority = 100 192.168.1.5 Default - Netgear XCM8806 Chassis | User Manual - Page 591
NETGEAR 8800 User Manual The configuration commands for switch B are as follows: configure vlan vlan1 ipaddress 192.168.1.5/24 create vrrp vlan vlan1 vrid 1 configure vrrp vlan vlan1 vrid 1 - Netgear XCM8806 Chassis | User Manual - Page 592
NETGEAR 8800 User Manual gateway. In the event that either switch fails, the backup router configured is standing by to resume normal operation. The following command lists assume that - Netgear XCM8806 Chassis | User Manual - Page 593
NETGEAR 8800 User Manual Host 2: 200.1.1.14/24 Gateway: 200.1.1.1 VRRP master 200.1.1.1/24 L2 switch or hub (track-vlan) vlan vlan1 Router 10.10.10.121 Host 1: 200.1.1. - Netgear XCM8806 Chassis | User Manual - Page 594
gateway protocols, see Chapter 22, RIP and Chapter 24, OSPF. For information on exterior gateway protocols, see Chapter 26, BGP. For more information on switch support for IPv6, see Chapter 21, IPv6 Unicast Routing. Chapter 20. IPv4 Unicast Routing | 594 - Netgear XCM8806 Chassis | User Manual - Page 595
NETGEAR 8800 User Manual Overview The switch provides full Layer 3, IPv4 unicast routing to all switches that run the Advanced and Core licenses (see Appendix A, XCM8800 Software Licenses). It - Netgear XCM8806 Chassis | User Manual - Page 596
IP routing tables for both network routes and host routes. Some routes are determined dynamically from routing protocols, and some routes are manually entered. When multiple routes are available to a destination, configurable options such as route priorities, route sharing, and compressed routes are - Netgear XCM8806 Chassis | User Manual - Page 597
is configured, dynamic routes require no configuration and are automatically updated as the network changes. Static Routes Static routes are routes that are manually entered into the routing tables and are not advertised through the routing protocols. Static routes can be used to reach networks that - Netgear XCM8806 Chassis | User Manual - Page 598
NETGEAR 8800 User Manual Note: Although these priorities can be changed, do not attempt any manipulation unless you are expertly familiar with the possible consequences. Table 57. Relative Route - Netgear XCM8806 Chassis | User Manual - Page 599
NETGEAR 8800 User Manual Note: Using route sharing makes router troubleshooting more difficult because of the complexity in predicting the path over which the traffic travels. Compressed Routes Compressed routes allow you to reduce the number - Netgear XCM8806 Chassis | User Manual - Page 600
NETGEAR 8800 User Manual Table 58. Route Manager's Table When There Is No Best Route for a Node Prefix Gateway Number of best paths Compressed? 192.0.0.0/8 10.203.174.68 1 - Netgear XCM8806 Chassis | User Manual - Page 601
NETGEAR 8800 User Manual Table 60. Route Manager's Table When IP Route Sharing Is Enabled Prefix Gateways Compressed? Reason 20.0.0.0/8 Gw1: 30.1.10.1, Gw2: NO 50.1.10.1 This is - Netgear XCM8806 Chassis | User Manual - Page 602
NETGEAR 8800 User Manual #s 33.33.33.0/24 #s 55.0.0.0/8 #s 55.0.0.0/8 #s 55.2.1.1/32 #s 55.5.5.1/32 #s 66.0.0.0/8 #s 66.0.0.0/16 #d 70.1.10.0/24 #s 78.0.0.0/8 #s 79.0.0.0/8 #s 79.0.0.0/8 #s 80.0.0.0/8 #d 80.1.10.0/24 #s 81.0.0.0/8 #s 81.0.0.0/8 #s - Netgear XCM8806 Chassis | User Manual - Page 603
NETGEAR 8800 User Manual ECMP cases. As shown in the Route Manager Table in Table 62, when IP route sharing is disabled, all routes are compressed, except the first - Netgear XCM8806 Chassis | User Manual - Page 604
NETGEAR 8800 User Manual #s 81.0.0.0/8 #s 82.0.0.0/8 #s 83.0.0.0/8 #d 91.1.10.0/24 #d 92.1.10.0/24 #d 93.1.10.0/24 12.1.10.13 12.1.10.10 12.1.10.10 91.1.10.62 92.1. - Netgear XCM8806 Chassis | User Manual - Page 605
Manual • Extended IPv4 Host Cache on page 605 • ECMP Hardware Table on page 609 Extended IPv4 Host Cache The extended IPv4 host cache feature provides additional, configurable storage space on select switches to store additional IPv4 hosts in the hardware routing tables. This feature is supported - Netgear XCM8806 Chassis | User Manual - Page 606
NETGEAR 8800 User Manual Internal LPM Table Reserved space Unreserved space L3 Hash Table Next Hop Table External LPM Tables Reserved Space Unreserved space Figure 63. Hardware Forwarding Tables - Netgear XCM8806 Chassis | User Manual - Page 607
NETGEAR 8800 User Manual Table 64. Hardware Routing Table Configuration Capacities Table Internal LPM tables. a. IPv6 routes consume two entries. Note: On the NETGEAR 8800 switches that do not support the extended IPv4 host cache feature, the LPM table does not store IPv4 hosts. Extended IPv4 - Netgear XCM8806 Chassis | User Manual - Page 608
NETGEAR 8800 User Manual Note: If no IPv4 route is found in the LPM table and IPv4 unicast packets are slow-path forwarded for a given remote host, an IPv4 - Netgear XCM8806 Chassis | User Manual - Page 609
are provided in the NETGEAR 8800 Chassis Switch CLI Manual description for the following command: supports the coexistence of higher- and lower-capacity hardware in the same NETGEAR 8800 chassis Table Configuration Guidelines on page 609 • Troubleshooting: ECMP Table-Full Messages on page 611 - Netgear XCM8806 Chassis | User Manual - Page 610
NETGEAR 8800 User Manual ECMP table entry, so duplicate gateway sets require additional ECMP table entries, which reduces the total number of gateway sets the ECMP table can support. This approach also limits the total number of LPM table entries that can use IP route sharing to the total number of - Netgear XCM8806 Chassis | User Manual - Page 611
NETGEAR 8800 User Manual Troubleshooting: ECMP Table-Full Messages If the ECMP table is full, no new gateway sets can be added, and IP forwarding is still done in hardware through one of the following: • For platforms that allow a gateway set entry to support multiple subnets, forwarding can be done - Netgear XCM8806 Chassis | User Manual - Page 612
route and subsequently delete the VLAN on the subnet associated with the default route, the invalid default route entry remains. You must manually delete the configured default route. Configuring Static Routes To configure a static route, use the command: 612 | Chapter 20. IPv4 Unicast Routing - Netgear XCM8806 Chassis | User Manual - Page 613
deleted, the static route entries using that subnet must be deleted manually. Configuring the Relative Route Priority To change the relative route Configuration on page 614 Note: Using IP route sharing makes router troubleshooting more difficult because of the complexity in predicting the path over - Netgear XCM8806 Chassis | User Manual - Page 614
NETGEAR 8800 User Manual Managing IP Route Sharing on NETGEAR 8800 Switches The XCM8800 software supports route sharing across up to 2, 4, or 8 next-hop gateways. To configure the maximum number of ECMP gateways, use the following command: configure iproute sharing max- - Netgear XCM8806 Chassis | User Manual - Page 615
NETGEAR 8800 User Manual • enable ospf export [bgp | direct | e-bgp | i-bgp | rip | static | isis | isis-level-1 | isis-level-1-external | isis-level-2 | isis-level-2-external] [cost type [ase-type-1 | - Netgear XCM8806 Chassis | User Manual - Page 616
NETGEAR 8800 User Manual show iproute Sample output: Ori Destination #be 3.0.0.0/8 #be 4.0.0.0/8 #be 4.0.0.0/9 #be 4.23.84.0/22 #be 4.23.112.0/22 Gateway 111.222.0.5 111.222.0.5 111.222.0.5 111. - Netgear XCM8806 Chassis | User Manual - Page 617
NETGEAR 8800 User Manual Sample output: # # Module rtmgr configuration. # disable iproute sharing ......... disable icmp timestamp vlan "to62" enable ip-option loose-source-route enable iproute compression ipv4 vr "VR- - Netgear XCM8806 Chassis | User Manual - Page 618
NETGEAR 8800 User Manual 1 2 3 4 A B 5 6 7 8 192.207.35.1 192.207.36.1 192.207.35.0 Finance MyCompany 192.207.36.0 Personnel 1 2 3 4 IP NetBIOS IP NetBIOS IP NetBIOS IP NetBIOS Figure 64. - Netgear XCM8806 Chassis | User Manual - Page 619
NETGEAR 8800 User Manual configure Personnel ipaddress 192.207.36.1 configure rip add ARP can also be used to achieve router redundancy and to simplify IP client configuration. The switch supports proxy ARP for this type of network configuration. The section describes some examples of using proxy - Netgear XCM8806 Chassis | User Manual - Page 620
NETGEAR 8800 User Manual Proxy ARP Between Subnets In some networks, it is desirable to to coexist with newly configured hosts. However, because of the additional constraints introduced in troubleshooting and bandwidth, NETGEAR recommends that you use multinetting as a transitional tactic only, and - Netgear XCM8806 Chassis | User Manual - Page 621
NETGEAR 8800 User Manual for the interface. The remaining multinetted subnets, called the loops. In Figure 65 the subnets are on separate physical segments, however, multinetting can also support hosts from different IP subnets on the same physical segment. When multinetting is configured on a - Netgear XCM8806 Chassis | User Manual - Page 622
NETGEAR 8800 User Manual ARP ARP operates on the interface and responds to every request coming from redistribution. IRDP Some functional changes are required in Internet Router Discovery Protocol (IRDP) to support IP multinetting. When IRDP is enabled on a Layer 3 VLAN, XCM8800 periodically sends - Netgear XCM8806 Chassis | User Manual - Page 623
NETGEAR 8800 User Manual OSPF This section describes the behavior of OSPF in an IPv4 multinetting environment: • Each network is treated as an interface, and hello messages are not - Netgear XCM8806 Chassis | User Manual - Page 624
The Dynamic Host Configuration Protocol (DHCP) server implementation in XCM8800 only supports address allocation on the primary IP interface of the configured VLAN. a host on secondary subnet, you must manually configure the IP address information on that host. 624 | Chapter 20. IPv4 Unicast Routing - Netgear XCM8806 Chassis | User Manual - Page 625
NETGEAR 8800 User Manual DHCP Relay When the switch is configured as a DHCP relay agent, it forwards the DHCP request received from a client to the DHCP server. When doing - Netgear XCM8806 Chassis | User Manual - Page 626
NETGEAR 8800 User Manual • VRRP VR on v1 with VRID of 99 with virtual IP addresses of 1.1.1.1 and 1.1.1.99 (one virtual IP address is owned by the switch and - Netgear XCM8806 Chassis | User Manual - Page 627
NETGEAR 8800 User Manual enable ipforwarding DHCP/BOOTP Relay After IP unicast routing has been configured, you can configure the switch to forward Dynamic Host Configuration Protocol (DHCP) or BOOTP requests coming from clients on subnets being serviced by the switch and going to hosts on different - Netgear XCM8806 Chassis | User Manual - Page 628
NETGEAR 8800 User Manual taken depends on the configured policy (drop packet, keep existing option 82 value, or replace the existing option). If the incoming DHCP request is tagged, - Netgear XCM8806 Chassis | User Manual - Page 629
NETGEAR 8800 User Manual To disable checking of DHCP replies, use this command: unconfigure particular destination IP address or VLAN. UDP Forwarding allows applications, such as multiple DHCP relay services from differing sets of VLANs, to be directed to different DHCP servers. The following rules - Netgear XCM8806 Chassis | User Manual - Page 630
NETGEAR 8800 User Manual • If the UDP profile includes other types of traffic, these packets have the IP destination address modified as configured, and changes are made to the - Netgear XCM8806 Chassis | User Manual - Page 631
entries could cause the system to freeze or become locked. Note: If you rename a VLAN referred to in your UDP Forwarding profile, you must manually edit the policy to reflect the new name, and refresh the policy. You can also validate whether the UDP profile has been successfully associated with - Netgear XCM8806 Chassis | User Manual - Page 632
XCM8800 supports IP subnet directed broadcast forwarding. In XCM8800, IP subnet directed broadcast forwarding is done in the software by default; if you want to perform forwarding in the hardware, see the command reference pages on IP forwarding in the NETGEAR 8800 Chassis Switch CLI Manual. IP - Netgear XCM8806 Chassis | User Manual - Page 633
-line Support for IP Broadcast Handling The enable ipforwarding and disable ipforwarding commands are enhanced to support the details, see the appropriate command reference pages in the NETGEAR 8800 Chassis Switch CLI Manual. Note: These two keywords are available on BlackDiamond 10808 and 20800 - Netgear XCM8806 Chassis | User Manual - Page 634
NETGEAR 8800 User Manual VLAN Aggregation Note: This feature is supported only on the platforms listed for this feature in the license tables in Appendix A, XCM8800 Software Licenses. VLAN aggregation is a feature aimed primarily at service providers. The purpose of VLAN aggregation is to increase - Netgear XCM8806 Chassis | User Manual - Page 635
NETGEAR 8800 User Manual In Figure 66, all stations are configured to use the address 10.3.2.1 for the default router. VLAN Aggregation Properties VLAN aggregation is a very specific application, - Netgear XCM8806 Chassis | User Manual - Page 636
NETGEAR 8800 User Manual To view the subVLAN address range, use the following command: show vlan {detail {ipv4 | ipv6} | {ipv4 | ipv6} | virtual-router | stpd | security} - Netgear XCM8806 Chassis | User Manual - Page 637
NETGEAR 8800 User Manual Note: This command has no impact on Layer 3 traffic. Verifying the VLAN Aggregation Configuration The following commands can be used to verify proper VLAN aggregation - Netgear XCM8806 Chassis | User Manual - Page 638
21. IPv6 Unicast Routing 21 This chapter includes the following sections: • Overview on page 639 • Configuring IP Unicast Routing on page 646 • Configuring Route Sharing on page 651 • Configuring Route Compression on page 652 • Hardware Forwarding Behavior on page 652 • Routing Configuration - Netgear XCM8806 Chassis | User Manual - Page 639
NETGEAR 8800 User Manual Overview The switch provides full Layer 3, IPv6 unicast routing. It exchanges release will still correctly configure an IPv4 network. ACLs and routing policies also support IPv6. Use of an IPv6 address in a rule entry will automatically use IPv6. Note: IPv6 functionality - Netgear XCM8806 Chassis | User Manual - Page 640
NETGEAR 8800 User Manual An interface can have up to 255 IPv6 addresses, with at least over from IPv4 to IPv6. The software supports these tunnels on Default-VR. Note: IPv6 tunnels are supported only on Default-VR and not on user VRs. The XCM8800 software supports the use of IPv6-in-IPv4 tunnels ( - Netgear XCM8806 Chassis | User Manual - Page 641
NETGEAR 8800 User Manual Leading zeros in a four-digit group can be omitted. There is a special use of a double colon (::) in an address. The double colon stands for one - Netgear XCM8806 Chassis | User Manual - Page 642
NETGEAR 8800 User Manual duplicate, it will also be labeled as such, and must be reconfigured. On an active interface, the DAD process should occur so quickly that you - Netgear XCM8806 Chassis | User Manual - Page 643
NETGEAR 8800 User Manual In IPv4, MAC address resolution is done by ARP. For IPv6, this to requests from other nodes for the MAC address of the IPv6 addresses configured on the interfaces. Also supported is router discovery-the ability to send out router advertisements that can be used by a host to - Netgear XCM8806 Chassis | User Manual - Page 644
For details on the configuration and behavior of IPv6 dynamic routes, see Chapter 23, RIPng and Chapter 25, OSPFv3. Static Routes Static routes are manually entered into the routing table. Static routes are used to reach networks not advertised by routers. Static IPv6 routes can be created using the - Netgear XCM8806 Chassis | User Manual - Page 645
VLAN by its IP address and subnet mask. If the VLAN is subsequently deleted, the static route entries using that subnet must be deleted manually. The IPv6 routes can be viewed using the following command: show iproute ipv6 {priority | vlan | tunnel | | summary - Netgear XCM8806 Chassis | User Manual - Page 646
NETGEAR 8800 User Manual Relative Route Priorities Table 66 lists the relative priorities assigned to routes depending on the learned source of the route. Note: Although these priorities can - Netgear XCM8806 Chassis | User Manual - Page 647
NETGEAR 8800 User Manual Configuring Basic IP Unicast Routing To configure basic IP unicast routing, do the following: 1. Create and configure two or more VLANs. 2. Assign each VLAN that - Netgear XCM8806 Chassis | User Manual - Page 648
NETGEAR 8800 User Manual Creating and Deleting Static Entries You can statically configure the MAC address of IPv6 destinations on the attached links using the following commands: configure neighbor- - Netgear XCM8806 Chassis | User Manual - Page 649
NETGEAR 8800 User Manual Displaying Neighbor-Discovery Cache Entries Both statically configured and dynamic neighbor-discovery entries can be viewed using the following command: show neighbor-discovery {cache {ipv6}} {[< - Netgear XCM8806 Chassis | User Manual - Page 650
NETGEAR 8800 User Manual configure vlan router-discovery {ipv6} set prefix [autonomous-flag | onlink-flag | preferred-lifetime |valid-lifetime ] To reset all router - Netgear XCM8806 Chassis | User Manual - Page 651
NETGEAR 8800 User Manual Creating an IPv6-to-IPv4 Tunnel A 6to4 tunnel connects one IPv6 region with multiple IPv6 regions. Only one 6to4 tunnel can be configured on a single - Netgear XCM8806 Chassis | User Manual - Page 652
ECMP. As a result this feature is supported only in hardware (fast path) and not supported in slow path. Due to the kernel limitations, it is preferred that the neighbor cache is added as a static entry. Using route sharing makes router troubleshooting more difficult because of the complexity in - Netgear XCM8806 Chassis | User Manual - Page 653
NETGEAR 8800 User Manual Hardware Forwarding Limitations NETGEAR 8800 switches support hardware forwarding for up to 256 routes with masks greater than 64 bits. This support was added in XCM8800 using a hardware table designed for this purpose. When IPv6 forwarding is enabled, the switch behavior is - Netgear XCM8806 Chassis | User Manual - Page 654
NETGEAR 8800 User Manual 1 2 3 4 A B 5 6 7 8 2001:db8:35::1/48 2001:db8:36::1/48 2001:db8:35::/48 Finance MyCompany 2001:db8:36::/48 Personnel 1 2 3 4 IPv6 NetBIOS IPv6 NetBIOS IPv6 NetBIOS - Netgear XCM8806 Chassis | User Manual - Page 655
NETGEAR 8800 User Manual configure ripng add vlan Finance configure ripng add vlan Personnel enable ipforwarding ipv6 enable ripng Tunnel Configuration Examples This section provides the following examples: • 6in4 - Netgear XCM8806 Chassis | User Manual - Page 656
NETGEAR 8800 User Manual In Figure 68, Router A has an interface to an IPv4 region protocol is running on the public-ipv4 interfaces). For platforms on which hardware based tunneling is supported, IPv4 forwarding needs to be enabled on the tunnel source VLAN. However, in platforms on which IPv6- - Netgear XCM8806 Chassis | User Manual - Page 657
NETGEAR 8800 User Manual enable ipforwarding ipv6 private-ipv6 configure iproute add 2001:db8:2::/64 2001:db8:a::2 enable ipforwarding public-ipv4 Router B configure vlan default delete port all create - Netgear XCM8806 Chassis | User Manual - Page 658
NETGEAR 8800 User Manual Host 1 2002:c0a8:101::204:96ff:fe1f:a52a/48 IPv6 IPv4 2002:c0a8:101::2/48 2 Router 1 1 2002:c0a8:101::1/16 192.168.1.1/24 Router 2 2002: - Netgear XCM8806 Chassis | User Manual - Page 659
NETGEAR 8800 User Manual In this example, we assume that the IPv4 network can route from Router 1 to Router 2 (in other words, some IPv4 routing protocol is running on - Netgear XCM8806 Chassis | User Manual - Page 660
NETGEAR 8800 User Manual • IP address-2002:0a00:0001:0001:0204:96ff:fe1f:a432/64 • Static route-destination 2002::/16, gateway 2002:0a00:0001:0001::1 Host 3: • MAC address-00: - Netgear XCM8806 Chassis | User Manual - Page 661
an Aggregation or Advanced Core license. See Appendix A, XCM8800 Software Licenses for specific information regarding RIP licensing Overview The switch supports the use of the following interior gateway protocols (IGPs): • Routing Information Protocol (RIP) • Open Shortest Path First (OSPF) RIP is - Netgear XCM8806 Chassis | User Manual - Page 662
User Manual OSPF is a link-state protocol based on the Dijkstra link-state algorithm. OSPF is a newer IGP and solves a number of problems associated with Faster convergence • Support for load balancing to multiple routers based on the actual cost of the link • Support for hierarchical topologies - Netgear XCM8806 Chassis | User Manual - Page 663
NETGEAR 8800 User Manual Overview of RIP RIP is an IGP first used in computer routing in it and its neighbor is no longer available. Split Horizon Split horizon is a scheme for avoiding problems caused by including routes in updates sent to the router from which the route was learned. Split horizon - Netgear XCM8806 Chassis | User Manual - Page 664
NETGEAR 8800 User Manual Route Advertisement of VLANs Virtual LANs (VLANs) that are configured packets can be multicast instead of being broadcast, reducing the load on hosts that do not support routing protocols. Note: If you are using RIP with supernetting/Classless Inter-Domain Routing (CIDR), - Netgear XCM8806 Chassis | User Manual - Page 665
NETGEAR 8800 User Manual OSPF AS Backbone Area 0.0.0.0 ABR Area 121.2.3.4 ASBR ASBR RIP AS EX_046 Figure 70. Route Redistribution Configuring Route Redistribution Exporting routes from one protocol to - Netgear XCM8806 Chassis | User Manual - Page 666
NETGEAR 8800 User Manual RIP Configuration Example Figure 71 illustrates a NETGEAR 8800 switch that has three VLANs defined as follows: • Finance • Protocol-sensitive VLAN using the IP protocol. • All - Netgear XCM8806 Chassis | User Manual - Page 667
NETGEAR 8800 User Manual The stations connected to the system generate a combination of IP traffic and NetBIOS traffic. The IP traffic is filtered by the protocol-sensitive VLANs. All - Netgear XCM8806 Chassis | User Manual - Page 668
23. RIPng 23 This chapter includes the following sections: • Overview on page 668 • Overview of RIPng on page 669 • Route Redistribution on page 671 • RIPng Configuration Example on page 671 This chapter assumes you are already familiar with IP unicast routing. If not, see the publication RFC 2080 - Netgear XCM8806 Chassis | User Manual - Page 669
User Manual RIPng for many years. RIPng has a number of limitations that can cause problems in large networks, including the following: • A limit of 15 hops Faster convergence • Support for load balancing to multiple routers based on the actual cost of the link • Support for hierarchical topologies - Netgear XCM8806 Chassis | User Manual - Page 670
NETGEAR 8800 User Manual Routing Table The routing table in a router using RIPng contains an entry it and its neighbor is no longer available. Split Horizon Split horizon is a scheme for avoiding problems caused by including routes in updates sent to the router from which the route was learned. Split - Netgear XCM8806 Chassis | User Manual - Page 671
NETGEAR 8800 User Manual Route Redistribution More than one routing protocol can be enabled simultaneously on the switch. Route redistribution allows the switch to exchange routes, including static routes, - Netgear XCM8806 Chassis | User Manual - Page 672
NETGEAR 8800 User Manual • All ports on slots 1 through 4 have been assigned. The stations connected to the system generate a combination of IPv6 traffic and NetBIOS traffic. In this configuration, - Netgear XCM8806 Chassis | User Manual - Page 673
24. OSPF 24 This chapter includes the following sections: • Overview on page 674 • Route Redistribution on page 681 • Configuring OSPF on page 682 • OSPF Configuration Example on page 684 • Displaying OSPF Settings on page 686 This chapter assumes that you are already familiar with IP unicast - Netgear XCM8806 Chassis | User Manual - Page 674
NETGEAR 8800 User Manual Overview Open Shortest Path First (OSPF) is a link state protocol that distributes routing information between routers belonging to a single IP domain; the IP domain is - Netgear XCM8806 Chassis | User Manual - Page 675
NETGEAR 8800 User Manual Table 67. LSA Type Numbers Type Number 1 2 3 4 5 7 9 10 11 number> {timeout } Where: • -Specifies the number of external LSAs that the system supports before it goes into overflow state. A limit value of 0 disables the functionality. When the LSDB - Netgear XCM8806 Chassis | User Manual - Page 676
NETGEAR 8800 User Manual Normally, support for opaque LSAs is autonegotiated between OSPF neighbors. In the event that you experience interoperability problems, you can disable opaque LSAs across the entire system using the following command: disable ospf capability opaque-lsa To re-enable opaque - Netgear XCM8806 Chassis | User Manual - Page 677
NETGEAR 8800 User Manual able to inform its neighbors in advance that OSPF is restarting. An unplanned restart would occur if there was some kind of system failure that - Netgear XCM8806 Chassis | User Manual - Page 678
NETGEAR 8800 User Manual Backbone Area (Area 0.0.0.0) Any OSPF network that contains more than one area is required to have an area configured as area 0.0.0.0, also called the backbone. - Netgear XCM8806 Chassis | User Manual - Page 679
NETGEAR 8800 User Manual The translate option determines whether type 7 LSAs are translated into type 5 LSAs. When configuring an OSPF area as an NSSA, translate should only be used - Netgear XCM8806 Chassis | User Manual - Page 680
using the virtual link. Virtual link Area 2 ABR 1 ABR 2 Area 1 Area 0 Figure 73. Virtual Link Providing Redundancy Area 3 EX_045 Point-to-Point Support You can manually configure the OSPF link type for a VLAN. Table 68 describes the link types. Table 68. OSPF Link Types Link Type Auto - Netgear XCM8806 Chassis | User Manual - Page 681
NETGEAR 8800 User Manual Note: All routers in the VLAN must have the same OSPF link type. If there is a mismatch, OSPF attempts to operate, but it may not - Netgear XCM8806 Chassis | User Manual - Page 682
{} Configuring OSPF Each switch that is configured to run OSPF must have a unique router ID. NETGEAR recommends that you manually set the router ID of the switches participating in OSPF, instead of having the switch automatically choose its router ID based on the - Netgear XCM8806 Chassis | User Manual - Page 683
NETGEAR 8800 User Manual Configuring OSPF Wait Interval XCM8800 allows you to configure the OSPF wait interval, rather than using the router dead interval. CAUTION: Do not configure OSPF - Netgear XCM8806 Chassis | User Manual - Page 684
NETGEAR 8800 User Manual Note: The OSPF standard specifies that wait times are equal to the dead router wait interval. OSPF Configuration Example Figure 75 is an example of - Netgear XCM8806 Chassis | User Manual - Page 685
NETGEAR 8800 User Manual • Network number 10.0.x.x • Two identified VLANs (HQ_10_0_2 and HQ_10_0_3) Area 5 is connected to the backbone area by way of ABR1 and ABR2. It is located - Netgear XCM8806 Chassis | User Manual - Page 686
NETGEAR 8800 User Manual configure ospf vlan Chi_160_26_26 priority 10 configure ospf vlan HQ_10_0_2 priority 5 configure ospf vlan HQ_10_0_3 priority 5 enable ospf Configuration for IR1 The router labeled IR1 - Netgear XCM8806 Chassis | User Manual - Page 687
NETGEAR 8800 User Manual show ospf lsdb {detail | stats} {area [ | all]} {{lstype} [ | all]} {lsid {}} {routerid {}} {interface[[{< - Netgear XCM8806 Chassis | User Manual - Page 688
destination exist, traffic can be distributed among them. The cost of a route is described by a single metric. OSPFv3 supports IPv6, and uses commands only slightly modified from that used to support IPv4. OSPFv3 has retained the use of the 4-byte, dotted decimal numbers for router IDs, LSA IDs, and - Netgear XCM8806 Chassis | User Manual - Page 689
NETGEAR 8800 User Manual Note: Two types of OSPFv3 functionality are available and each has a different licensing requirement. One is the complete OSPFv3 functionality and the other is OSPFv3 - Netgear XCM8806 Chassis | User Manual - Page 690
NETGEAR 8800 User Manual Areas OSPFv3 allows parts of a network to be grouped together into areas. The topology within an area is hidden from the rest of the AS. - Netgear XCM8806 Chassis | User Manual - Page 691
NETGEAR 8800 User Manual configure ospfv3 {domain } area stub [summary | nosummary] stub-default-cost Not-So-Stubby-Areas Not-so-stubby-areas (NSSAs) are not supported currently in the XCM8800 implementation of OSPFv3. Normal Area A normal area is an area that is - Netgear XCM8806 Chassis | User Manual - Page 692
using the virtual link. Virtual link Area 2 ABR 1 ABR 2 Area 1 Area 0 Figure 77. Virtual Link Providing Redundancy Area 3 EX_045 Link-Type Support You can manually configure the OSPFv3 link type for a VLAN. Table 70 describes the link types. Table 70. OSPFv3 Link Types Link Type Auto - Netgear XCM8806 Chassis | User Manual - Page 693
NETGEAR 8800 User Manual Route Redistribution More than one routing protocol can be enabled simultaneously on the switch. Route redistribution allows the switch to exchange routes, including static routes, - Netgear XCM8806 Chassis | User Manual - Page 694
NETGEAR 8800 User Manual These commands enable or disable the exporting of RIPng, static, and direct routes by way of LSA to other OSPFv3 routers as AS-external type 1 - Netgear XCM8806 Chassis | User Manual - Page 695
NETGEAR 8800 User Manual Area 0.0.0.0 2001:db8:4444:6666::2/64 Router 2 to-r2 Router 79. OSPFv3 Configuration Example In Figure 79 there are three NETGEAR switches running XCM8800 images that have support for OSPFv3. Router 1 is an area border router and is connected to two other switches Router - Netgear XCM8806 Chassis | User Manual - Page 696
NETGEAR 8800 User Manual create ospfv3 area 0.0.0.1 configure ospfv3 add vlan to-r3 area 0.0.0.1 enable ospfv3 Configuration for Router 2 The router labeled Router 2 has the following configuration: create vlan - Netgear XCM8806 Chassis | User Manual - Page 697
within an AS as an interior border gateway protocol (referred to as IBGP). The following sections provide information on how the XCM8800 software supports BGP: • BGP Four-Byte AS Numbers on page 698 • BGP Attributes on page 698 • BGP Community Attributes on page 699 • Extended Community Attributes - Netgear XCM8806 Chassis | User Manual - Page 698
NETGEAR 8800 User Manual • RFC 2439-BGP Route Flap Damping • RFC 2796-BGP Route Reflection - An these features, see Appendix A, XCM8800 Software Licenses. BGP Four-Byte AS Numbers The XCM8800 software supports 4-byte AS numbers, which can be entered and displayed in the ASPLAIN and ASDOT formats, - Netgear XCM8806 Chassis | User Manual - Page 699
NETGEAR 8800 User Manual • Next_hop-The IP address of the next hop BGP router to reach to withdraw multiple unfeasible routes from service BGP Community Attributes A BGP community is a group of BGP destinations that require common handling. XCM8800 supports the following well-known BGP community - Netgear XCM8806 Chassis | User Manual - Page 700
NETGEAR 8800 User Manual The following two types of extended communities are available: • Route Target (RT) • Site Of Origin (SOO) Although these two community types are generally used in - Netgear XCM8806 Chassis | User Manual - Page 701
NETGEAR 8800 User Manual • : This is the number represented by the first two bytes of a four-byte AS number. The use of a private - Netgear XCM8806 Chassis | User Manual - Page 702
NETGEAR 8800 User Manual • rt:100.200.300.400:200: Invalid because the IP address is the extended community is rejected. Extended Community Match Rule in Policy Regular expressions are not supported for extended communities. In addition, an extended community match statement matches with a route's - Netgear XCM8806 Chassis | User Manual - Page 703
NETGEAR 8800 User Manual entry two { if { nlri 192.168.34.0/24; } then { extended- PIM) to build data distribution trees. BGP Features This section describes the following configurable BGP features supported by XCM8800: • Route Reflectors on page 704 • Route Confederations on page 706 • Route - Netgear XCM8806 Chassis | User Manual - Page 704
NETGEAR 8800 User Manual • Inactive Route Advertisement on page 710 • Default Route Origination and Advertisement on page 711 • Using the Loopback Interface on page 712 • Looped AS_Path Attribute on - Netgear XCM8806 Chassis | User Manual - Page 705
NETGEAR 8800 User Manual The topology shown in Figure 80 minimizes the number of BGP peering sessions required in an AS by using route reflectors. In this example, although - Netgear XCM8806 Chassis | User Manual - Page 706
NETGEAR 8800 User Manual configure bgp router 3.3.3.3 configure bgp as-number 100 create bgp neighbor 20.0.0.2 remote-as 100 enable bgp neighbor all enable bgp To configure router 4.4.4.4, use - Netgear XCM8806 Chassis | User Manual - Page 707
NETGEAR 8800 User Manual AS 200 A EBGP 192.1.1.17/30 SubAS 65001 192.1.1.6/30 IBGP B 192.1.1.5/30 192.1.1.9/30 192.1.1.22/30 192.1.1.18/30 192.1.1.21/30 C EBGP - Netgear XCM8806 Chassis | User Manual - Page 708
NETGEAR 8800 User Manual create bgp neighbor 192.1.1.5 remote-AS-number 65001 create bgp neighbor 192.1.1.18 remote-AS-number 65001 enable bgp neighbor all To configure router B, use - Netgear XCM8806 Chassis | User Manual - Page 709
NETGEAR 8800 User Manual configure vlan cb add port 2 configure vlan cb ipaddress 192.1.1.21/30 enable ipforwarding vlan cb configure ospf add vlan cb area 0.0.0.0 enable ospf configure - Netgear XCM8806 Chassis | User Manual - Page 710
NETGEAR 8800 User Manual enable ipforwarding vlan ed configure ospf add vlan ed area 0.0.0.0 enable ospf configure bgp as-number 65002 configure bgp routerid 192.1.1.13 configure bgp confederation- - Netgear XCM8806 Chassis | User Manual - Page 711
NETGEAR 8800 User Manual When BGP inactive route advertising is enabled, inactive BGP routes are considered for BGP route aggregation. When this feature is disabled, inactive BGP routes are - Netgear XCM8806 Chassis | User Manual - Page 712
NETGEAR 8800 User Manual Enabling and Disabling Route Origination To enable or disable BGP default route origination and advertisement for BGP neighbors, use the following commands: enable bgp [{neighbor} < - Netgear XCM8806 Chassis | User Manual - Page 713
NETGEAR 8800 User Manual for EBGP multihop. Using the loopback interface eliminates multiple, unnecessary route changes. Looped AS_Path Attribute When a BGP speaker receives a route from its neighbor, it must - Netgear XCM8806 Chassis | User Manual - Page 714
NETGEAR 8800 User Manual • password Adding Neighbors to a BGP Peer Group To create a new neighbor usually involves many routes. Minimizing the Route Flap The route flap dampening feature minimizes the flapping problem as follows. Suppose that the route to network 172.25.0.0 flaps. The router (in - Netgear XCM8806 Chassis | User Manual - Page 715
NETGEAR 8800 User Manual The penalty placed on network 172.25.0.0 is decayed until the reuse limit is reached, when the route is again advertised. At half of the - Netgear XCM8806 Chassis | User Manual - Page 716
NETGEAR 8800 User Manual show bgp peer-group {detail | {detail}} To display the dampened routes, use the following command: show bgp neighbor {address-family [ipv4- - Netgear XCM8806 Chassis | User Manual - Page 717
NETGEAR 8800 User Manual Route Redistribution BGP, OSPF, and RIP can be enabled simultaneously redistributed using the export command. BGP ECMP The BGP Equal Cost Multi-path (ECMP) feature supports load sharing by creating a multipath to a destination. This multipath contains multiple routes that - Netgear XCM8806 Chassis | User Manual - Page 718
NETGEAR 8800 User Manual • Origin code • Multi Exit Discriminator (MED) • IGP distance to the The lower BGP identifier values have priority over the higher values. For example, if the configuration supports 4 paths in a multipath, only the four paths with the lowest BGP identifier values become part - Netgear XCM8806 Chassis | User Manual - Page 719
NETGEAR 8800 User Manual Note: When entering an AS number in a policy file, you must enter a unique 2-byte or 4-byte AS number. The transition AS number, AS 23456, is not supported in policy files. To delete a static BGP network, use the following command: configure bgp delete network {address- - Netgear XCM8806 Chassis | User Manual - Page 720
NETGEAR 8800 User Manual restarts, for only unplanned restarts, or for both. Also, you can decide to configure a router to be a receiver only, and not to do graceful restarts - Netgear XCM8806 Chassis | User Manual - Page 721
NETGEAR 8800 User Manual create bgp neighbor 20.0.0.1 remote-as 100 enable bgp neighbor all Resolution Yes 8 Out of Resources No The following sections provide detailed descriptions of each supported cease subcode. Maximum Number of Prefixes Reached This cease subcode is sent when the number - Netgear XCM8806 Chassis | User Manual - Page 722
NETGEAR 8800 User Manual Other Configuration Change This cease notification subcode is broken (BGP detects this while sending or receiving data from TCP socket). Capability Negotiation BGP supports the following capabilities by default: • IPv4 Unicast address family • IPv4 Multicast address family - Netgear XCM8806 Chassis | User Manual - Page 723
NETGEAR 8800 User Manual By default, BGP sends those capabilities in its OPEN message. In addition, BGP supports graceful restart. All these in response to an OPEN, it assumes that the peer does not support capability negotiation and MBGP and sends an OPEN message without any capability. BGP - Netgear XCM8806 Chassis | User Manual - Page 724
on page 733 • Configuring IP Multicast Routing on page 738 • Multicast VLAN Registration on page 748 • Displaying Multicast Information on page 756 • Troubleshooting PIM on page 757 For more information on IP multicasting, see the following publications: • RFC 1112-Host Extension for IP Multicasting - Netgear XCM8806 Chassis | User Manual - Page 725
the software multicast route table. Routes are added to the multicast route table from the following sources: • Multicast static routes (configured manually by the network administrator) • Multicast dynamic routes (learned through protocols such as MBGP and MISIS) The multicast route table is used - Netgear XCM8806 Chassis | User Manual - Page 726
NETGEAR 8800 User Manual PIM Overview The switch supports both dense mode and sparse mode operation. You can configure dense mode or sparse mode on a per-interface basis. After they are enabled, some interfaces can run dense mode, while others run sparse mode. The switch also supports PIM snooping. - Netgear XCM8806 Chassis | User Manual - Page 727
NETGEAR 8800 User Manual Note: For additional information on PIM-DM, see RFC 3973, Protocol Independent Multicast - Dense Mode (PIM-DM): Protocol Specification. PIM-DM Without State Refresh PIM- - Netgear XCM8806 Chassis | User Manual - Page 728
NETGEAR 8800 User Manual Note: This feature is supported at and above the license level listed immediately because S5 does not have any S, G information. State refresh control messages solve this problem by indicating S, G state information periodically to all downstream routers. When S5 receives a - Netgear XCM8806 Chassis | User Manual - Page 729
NETGEAR 8800 User Manual Note: This feature is supported at and above the license level listed for this feature in the license tables in Appendix A, XCM8800 Software Licenses. Using PIM-SM, the router sends a - Netgear XCM8806 Chassis | User Manual - Page 730
NETGEAR 8800 User Manual Note: This feature is supported at and above the license level listed for the following requirements: • Any host that participates directly in PIM-SSM must use IGMPv3. • To support IGMPv1 and IGMPv2 hosts, IGMP-SSM mapping must be enabled and configured. PIM-SSM is designed - Netgear XCM8806 Chassis | User Manual - Page 731
NETGEAR 8800 User Manual when specifying the PIM-SSM range, you configure the range 232.0.0.0/8. You can also choose to specify a different range for PIM-SSM by using a policy - Netgear XCM8806 Chassis | User Manual - Page 732
Router 1 NETGEAR 8800 User Manual Router 2 RP (Sender) trafMficulticast trafMficulticast (*.G) join (*.G) join traMffiuclticast (*.G) join Router 4 traMffiuclticast PIM (*.G) join Router 3 with Receiver Figure 84. Multicast With PIM - Netgear XCM8806 Chassis | User Manual - Page 733
NETGEAR 8800 User Manual IGMP Overview IGMP is a protocol used by an IP host to and group registration is maintained. IGMPv2 is enabled by default on the switch, and the XCM8800 software supports IGMPv3. However, the switch can be configured to disable the generation of periodic IGMP query packets. - Netgear XCM8806 Chassis | User Manual - Page 734
NETGEAR 8800 User Manual enable igmp snooping {forward-mcrouter-only | {vlan} | with-proxy vr } disable igmp snooping {forward-mcrouter-only | with-proxy | vlan } When a port sends - Netgear XCM8806 Chassis | User Manual - Page 735
NETGEAR 8800 User Manual multicast group to a port; and you may emulate a router to forward details on creating policy files, see Policy Manager on page 294.) The IGMP snooping filter feature is supported by IGMPv2 and IGMPv3. For the policies used as IGMP snooping filters, all the entries should be - Netgear XCM8806 Chassis | User Manual - Page 736
NETGEAR 8800 User Manual } then { permit; } } After you create a policy file, use the following command to associate the policy file and filter to a set of ports: configure igmp snooping - Netgear XCM8806 Chassis | User Manual - Page 737
NETGEAR 8800 User Manual When the router receives an IGMP Group leave message from a host, it sends out a group specific query (unless IGMP fast leave is configured) and continues to support joins for the corresponding (S1, G) to (Sn, G) channels. When the router does not get a response to the group - Netgear XCM8806 Chassis | User Manual - Page 738
NETGEAR 8800 User Manual configure igmp ssm-map add [/ | ] {vr } To remove a single IGMP-SSM mapping, use the following command: configure igmp ssm- - Netgear XCM8806 Chassis | User Manual - Page 739
: enable pim Configuring Multicast Static Routes Note: Multicast static routes are supported in the IPv4 address family, but not the IPv6 address family. routes are used to reach networks not advertised by routers, and are manually entered into the routing table. You can use either of two commands - Netgear XCM8806 Chassis | User Manual - Page 740
NETGEAR 8800 User Manual multicast static route 58.1.10.0/24 is shown as UP only when the OSPF route is available to reach the network 58.1.10.0/24. Static - Netgear XCM8806 Chassis | User Manual - Page 741
NETGEAR 8800 User Manual Area 0 Headquarters IR 2 10.0.3.2 10.0.1.1 10.0.1.2 IR 1 10.0.2.2 HQ_10_0_2 HQ_10_0_3 ABR 2 10.0.3.1 ABR 1 10.0.2.1 160.26.26.1 160.26.25.1 Virtual link 160.26.26.2 - Netgear XCM8806 Chassis | User Manual - Page 742
NETGEAR 8800 User Manual configure pim add vlan all dense enable pim configure pim state-refresh vlan all on PIM-SM Configuration Example In Figure 86, the system labeled - Netgear XCM8806 Chassis | User Manual - Page 743
NETGEAR 8800 User Manual configure vlan HQ_10_0_2 ipaddress 10.0.2.1 255.255.255.0 configure vlan pim cbsr HQ_10_0_3 30 The policy file, rp_list.pol, contains the list of multicast group addresses serviced by this RP. This set of group addresses are advertised as candidate RPs. Each router then - Netgear XCM8806 Chassis | User Manual - Page 744
NETGEAR 8800 User Manual enable pim PIM Snooping Configuration Example Figure 87 shows a network configuration that supports PIM snooping. S3 ( is flooded to all the switches, including switch S2, which does not support multicast traffic. IGMP snooping does not reduce flooding because it floods the - Netgear XCM8806 Chassis | User Manual - Page 745
NETGEAR 8800 User Manual Switch S1 (PIM Snooping Switch) Configuration Commands The following is an example configuration for the PIM snooping switch S1: create vlan comm_vlan configure vlan comm_vlan - Netgear XCM8806 Chassis | User Manual - Page 746
NETGEAR 8800 User Manual enable ipforwarding comm_vlan enable ipmcforwarding comm._vlan configure pim add vlan comm_vlan sparse configure ospf add vlan comm._vlan area 0.0.0.0 create vlan receiver_vlan configure vlan - Netgear XCM8806 Chassis | User Manual - Page 747
NETGEAR 8800 User Manual enable ipmcforwarding comm._vlan configure ospf add vlan comm._vlan area 0.0.0.0 enable ospf PIM Snooping Example Configuration Displays After the example configuration is complete, multicast - Netgear XCM8806 Chassis | User Manual - Page 748
NETGEAR 8800 User Manual Multicast VLAN Registration Multicast VLAN Registration (MVR) is designed to support distributing multicast streams for IPTV to multicast stream distribution and is a better solution for IPTV-like services. With MVR, a multicast stream is forwarded to all VLANs containing - Netgear XCM8806 Chassis | User Manual - Page 749
NETGEAR 8800 User Manual Basic MVR Deployment Since MVR is primarily targeted for IPTV and . • Configure all VLANS with an IP address and run PIM or DVMRP on each switch. There are problems with both of these approaches. In the first approach, multiple copies of the same stream (IPTV channel) - Netgear XCM8806 Chassis | User Manual - Page 750
NETGEAR 8800 User Manual 1. Configure MVR on McastVlan. 2. Configure an IP address and enable IGMP and IGMP snooping on the subscriber VLANs (by default IGMP and IGMP snooping are - Netgear XCM8806 Chassis | User Manual - Page 751
NETGEAR 8800 User Manual If a multicast packet for a group in the static MVR range is the messages on McastVlan and streams corresponding channels onto the core network. This provides on-demand service, and an administrator doesn't need to configure static IGMP on the router for each of these - Netgear XCM8806 Chassis | User Manual - Page 752
Manual McastVlan, vc1, vc2 PC1 Vlan2 p1 McastVlan, vc1, vc2 PC2 Switch1 p2 vc2 H2 H3 H4 EX_144 Figure 90. Multiple VLANs in the Core Network In Figure 90, the core network has 2 more VLANs, vc1 and vc2, to provide other services network, thus reintroducing the problem that MVR was intended to - Netgear XCM8806 Chassis | User Manual - Page 753
dynamically per the port state. For most situations, you do not need to manually configure ports to receive the MVR multicast streams. But if one of the VLAN, as shown in Figure 91. In this figure, a Multicast Service Provider (MSP) multicast VLAN is attached to ports 1:1-2 on both switches - Netgear XCM8806 Chassis | User Manual - Page 754
NETGEAR 8800 User Manual In the topology above, the MSP multicast VLAN is carried on two meant to present some ideas on how to deploy MVR over existing networks, as well as to design new networks that support MVR. MVR with STP In a Layer 2 ring topology, MVR works with STP. However, in other Layer 2 - Netgear XCM8806 Chassis | User Manual - Page 755
NETGEAR 8800 User Manual Switch4 MSP ring MVlan, vc1 MVlan, vc1 1:3 V1 Switch1 1:4 V1 Switch2 Vlan V1 cloud Figure 92. MVR with STP EX_148 In this topology, subscribers are - Netgear XCM8806 Chassis | User Manual - Page 756
NETGEAR 8800 User Manual configure mvr add vlan mvlan create stpd stp1 configure stp1 add vlan v1 port all enable stpd stp1 port all configure mvr vlan v1 add - Netgear XCM8806 Chassis | User Manual - Page 757
NETGEAR 8800 User Manual rtlookup [ | ] { unicast | multicast | rpf } { vr } Displaying the PIM Snooping Configuration To display the PIM snooping configuration for a VLAN, use the following command: show pim snooping {vlan} Troubleshooting PIM The following - Netgear XCM8806 Chassis | User Manual - Page 758
NETGEAR 8800 User Manual The last hop router converts the multicast trace query into a unicast traceroute request by appending response data (for the last hop router) into the received - Netgear XCM8806 Chassis | User Manual - Page 759
switch is connected to an IPv6 multicast router, it can register for IPv6 multicast groups and forward IPv6 multicast traffic. Note: This release does not support MLD snooping. If any IPv6 host on a VLAN registers for an IPv6 multicast group, traffic for the IPv6 multicast group is flooded to all - Netgear XCM8806 Chassis | User Manual - Page 760
NETGEAR 8800 User Manual Managing MLD The following sections describe how to manage MLD on the switch: • Enabling and Disabling MLD on a VLAN on page 760 • Configuring MLD on - Netgear XCM8806 Chassis | User Manual - Page 761
NETGEAR 8800 User Manual configure mld snooping {vlan} ports add static group To emulate a multicast router on a port, use the following command: configure mld snooping {vlan} < - Netgear XCM8806 Chassis | User Manual - Page 762
29. MSDP 29 This chapter includes the following sections: • Overview on page 762 • PIM Border Configuration on page 763 • MSDP Peers on page 764 • MSDP Mesh-Groups on page 766 • Anycast RP on page 767 • SA Cache on page 768 • Redundancy on page 770 • Scaling Limits on page 770 • SNMP MIBs on page - Netgear XCM8806 Chassis | User Manual - Page 763
NETGEAR 8800 User Manual For example, as businesses expand and networks grow in size, it for peer-RPF checking as per rule (iii) in section 10.1.3. • Read-write/read-create access is not supported on MSDP MIB objects. PIM Border Configuration To create a PIM-SM domain for MSDP, you must restrict the - Netgear XCM8806 Chassis | User Manual - Page 764
NETGEAR 8800 User Manual MSDP Peers MSDP peers exchange messages to advertise active multicast sources. The peer with the higher IP address passively listens to a well-known port number - Netgear XCM8806 Chassis | User Manual - Page 765
NETGEAR 8800 User Manual Peer Authentication MSDP supports TCP MD5 authentication (RFC 2385) to secure from an MSDP peer. For example, policy filters can help mitigate state explosion during denial of service (DoS) or other attacks by limiting what is propagated to other domains using MSDP. To - Netgear XCM8806 Chassis | User Manual - Page 766
NETGEAR 8800 User Manual To configure the router to reject SA request messages from a specified MSDP peer or all peers, use the following command: disable msdp [{peer} | peer - Netgear XCM8806 Chassis | User Manual - Page 767
NETGEAR 8800 User Manual Anycast RP Anycast RP is an application of MSDP that allows multiple RPs to operate simultaneously in a PIM-SM domain. Without anycast RP, multiple routers - Netgear XCM8806 Chassis | User Manual - Page 768
NETGEAR 8800 User Manual enable loopback-mode vlan 2. Assign the anycast RP address to the loopback VLAN with a 32 bit subnet mask using the following command: configure {vlan} < - Netgear XCM8806 Chassis | User Manual - Page 769
NETGEAR 8800 User Manual no longer available it informs MSDP, which in turn cache is heavy both in CPU processing and memory requirements. Note: Our implementation of MSDP does not support operating with local cache disabled. To remove an SA cache server, use the following command: unconfigure - Netgear XCM8806 Chassis | User Manual - Page 770
8800 User Manual To Scaling Limits Table 72. MSDP Scaling Limits Platform Type Chassis Stackable PC MSDP Peering Entries in SA Cache Connections ( 8,000 12 8,000 SNMP MIBs SNMP MIB access is not supported for MSDP. Configuration Examples This section provides the following configuration - Netgear XCM8806 Chassis | User Manual - Page 771
NETGEAR 8800 User Manual • Configuring an MSDP Mesh-Group on page 772 • Configuring Anycast RP on page 775 Configuring MSDP Figure 93 shows two MSDP-speaking routers, MSDP-1 and - Netgear XCM8806 Chassis | User Manual - Page 772
NETGEAR 8800 User Manual # MSDP configuration config msdp originator-id 10.172.168.61 create msdp peer 10.172.168.32 enable msdp peer 10.172.168.32 enable - Netgear XCM8806 Chassis | User Manual - Page 773
NETGEAR 8800 User Manual In the topology, loopback VLANs are configured on each of the switches and MSDP3 Configuration Commands on page 774 Note: For an example of the VLAN and PIM configuration that supports MSDP in this example, see the next example, Configuring Anycast RP on page 775, which is - Netgear XCM8806 Chassis | User Manual - Page 774
NETGEAR 8800 User Manual enable msdp peer all enable msdp Switch MSDP2 Configuration Commands The following is an example MSDP configuration for switch MSDP2: create msdp peer 10.0.1.1 configure - Netgear XCM8806 Chassis | User Manual - Page 775
NETGEAR 8800 User Manual Configuring Anycast RP Figure 95 shows the mesh-group M1, which is comprised of three MSDP peers: MSDP 1, MSDP 2, and MSDP 3. MSDP 5 is connected to - Netgear XCM8806 Chassis | User Manual - Page 776
NETGEAR 8800 User Manual MSDP 1 Configuration # VLAN configuration create vlan v_anycast configure vlan "v_anycast" ipaddress 1.1.1.1/32 enable loopback-mode vlan "v_anycast" enable ipforwarding vlan "v_anycast" enable ipmcforwarding vlan "v_anycast" # - Netgear XCM8806 Chassis | User Manual - Page 777
NETGEAR 8800 User Manual configure pim add vlan "v_anycast" sparse configure pim crp static 1.1.1.1 rp_policy # MSDP configuration configure msdp originiator id 10.1.1.2 create msdp peer 10.1.1.1 create msdp peer - Netgear XCM8806 Chassis | User Manual - Page 778
NETGEAR 8800 User Manual enable msdp peer all enable msdp MSDP 4 Configuration # VLAN configuration create vlan v_anycast configure vlan "v_anycast" ipaddress 1.1.1.1/32 enable loopback-mode vlan "v_anycast" enable ipforwarding - Netgear XCM8806 Chassis | User Manual - Page 779
NETGEAR 8800 User Manual # MSDP configuration configure msdp originiator id 10.1.1.5 create msdp peer 10.1.1.1 configure msdp peer all source-interface 10.1.1.5 enable msdp peer all enable msdp Chapter 29. MSDP | 779 - Netgear XCM8806 Chassis | User Manual - Page 780
to the IEEE 802.1Q VLAN standard. Metropolitan area network (MAN) service providers can use a vMAN to carry VLAN traffic from multiple customers across uses Provider Bridges (PBs) to create a Layer 2 network that supports vMAN traffic. The vMAN technology is sometimes referred to as VLAN stacking - Netgear XCM8806 Chassis | User Manual - Page 781
Chapter 30. vMAN (PBN) 8800 Chassis Switch VLAN 1 vMAN VLAN 1 Figure 96. supported by a VLAN Ethernet frame. The inner tag is referred to as the customer tag (C-tag), and this optional tag is based on the VLAN tag if the source VLAN is a tagged VLAN. The outer tag is referred to as the service - Netgear XCM8806 Chassis | User Manual - Page 782
Chapter 30. vMAN (PBN) 8800 Chassis Switch In Figure 97, the switch accepts all tagged represents the customer VLAN tag for tagged VLAN traffic. The service provider configures the vMAN to support the customer traffic. The vMAN service provider does not need to know anything about the VLAN traffic - Netgear XCM8806 Chassis | User Manual - Page 783
30. vMAN (PBN) 8800 Chassis Switch • ACL Support on page 783 • Secondary Ethertype Support on page 783 • QoS Support on page 784 • Egress Queue Selection on page 784 ACL Support The NETGEAR 8800 software includes vMAN (PBN) Access Control List (ACL) support for controlling vMAN frames. vMAN - Netgear XCM8806 Chassis | User Manual - Page 784
) 8800 Chassis Switch ports two values are different. QoS Support The vMAN (PBN) feature interoperates with many of the QoS features supported in the NETGEAR 8800 software the values in the C-tag or the S-tag. For instructions on configuring this feature, see Selecting the Tag Used for Egress - Netgear XCM8806 Chassis | User Manual - Page 785
Chapter 30. vMAN (PBN) 8800 Chassis Switch • Each vMAN access port (ingress or egress) can belong to only one vMAN. vMAN network ports (switch to switch) can support multiple vMANs. • Duplicate customer MAC addresses that ingress from multiple vMAN access ports on the same vMAN can disrupt the - Netgear XCM8806 Chassis | User Manual - Page 786
Chapter 30. vMAN (PBN) 8800 Chassis Switch 1. If you are configuring a NETGEAR 8800, enable jumbo frames 787 Note: You can use ACLs to configure some vMAN options. For more information, see ACL Support on page 783. Configuring the Ethertype for vMAN Ports The ethertype is a component of VLAN and - Netgear XCM8806 Chassis | User Manual - Page 787
Chapter 30. vMAN (PBN) 8800 Chassis Switch configure vman ethertype [primary | secondary] By default, and use IGMP snooping. Selecting the Tag Used for Egress Queue Selection By default, switches that support the enabling and disabling of this feature use the 802.1p value in the S-tag to - Netgear XCM8806 Chassis | User Manual - Page 788
Chapter 30. vMAN (PBN) 8800 Chassis Switch disable dot1p examination ports [all | ] Note: See Chapter 15, QoS for information on configuring and displaying the current 802.1p and DiffServ configuration - Netgear XCM8806 Chassis | User Manual - Page 789
Chapter 30. vMAN (PBN) 8800 Chassis Switch Engineering & BlNacEkTDGiEaAmRon8d8180810 BlNaEcTkGDiEaAmRon88d066808 Science can use a common uplink to carry both VLAN and vMAN traffic and to provide multicast services from a vMAN through a separate VLAN (notice that port 1:1 is in both a VLAN - Netgear XCM8806 Chassis | User Manual - Page 790
Chapter 30. vMAN (PBN) 8800 Chassis Switch Note: IGMP reports can be received untagged on ports 2:1, from port 1:1. Multiple vMAN Ethertype Example Figure 100 shows a switch that is configured to support the primary ethertype on three ports and the secondary ethertype on a fourth port. The - Netgear XCM8806 Chassis | User Manual - Page 791
Chapter 30. vMAN (PBN) # configure vman vman300 tag 300 # # configure vman vman300 add port 1:1, 2:1, 2:2 tagged # configure vman vman300 add port 1:2 untagged 8800 Chassis Switch 791 - Netgear XCM8806 Chassis | User Manual - Page 792
Part 3: Appendixes - Netgear XCM8806 Chassis | User Manual - Page 793
• Obtaining Feature Packs on page 799 Overview The XCM8800 software supports the following license options: • NETGEAR Aggregation Code • NETGEAR Advanced NETGEAR 8800. Software keys are stored in the EEPROM of the chassis and, once enabled, persist through reboots, software upgrades, power outages - Netgear XCM8806 Chassis | User Manual - Page 794
NETGEAR 8800 User Manual Switch License Features The following sections list the features for the switch license levels and feature packs: • STP 802.1D STP EMISTP + PVST+ Compatibility mode (1 domain per port) STP EMISTP, PVST+ Full (multi-domain support) 794 | Appendix A. XCM8800 Software Licenses - Netgear XCM8806 Chassis | User Manual - Page 795
NETGEAR 8800 User Manual Table 74. XCM8800 Aggregation License Features (Continued) XCM8800 Software Feature STP 802.1s STP 802.1w Link Fault Signaling (LFS) ACLs • IPv4 • Static ACLs • IPv6 • - Netgear XCM8806 Chassis | User Manual - Page 796
NETGEAR 8800 User Manual Table 74. XCM8800 Aggregation License Features (Continued) XCM8800 Software MVR) sFlow accounting CLI scripting Web-based device management Web based management-HTTPS/SSL support XML APIs (for partner integration) MIBs - Entity, for inventory Connectivity Fault Management - Netgear XCM8806 Chassis | User Manual - Page 797
NETGEAR 8800 User Manual Table 74. XCM8800 Aggregation License Features (Continued) XCM8800 Software Feature System virtual routers User-created virtual routers VLAN aggregation Multinetting for forwarding UDP Forwarding UDP - Netgear XCM8806 Chassis | User Manual - Page 798
NETGEAR 8800 User Manual Table 74. XCM8800 Aggregation License Features (Continued) XCM8800 Software Feature Universal Port-Dynamic user-based command. Note: For default settings of individual XCM8800 features, see the individual chapters in this guide. 798 | Appendix A. XCM8800 Software Licenses - Netgear XCM8806 Chassis | User Manual - Page 799
NETGEAR 8800 User Manual Obtaining a License Voucher You can order the desired functionality voucher contains information and instructions on obtaining a license key for the switch using the NETGEAR Support website at: http://support.netgear.com or by phoning NETGEAR Technical Support at: • 1-888- - Netgear XCM8806 Chassis | User Manual - Page 800
NETGEAR 8800 User Manual http://support.netgear.com or by phoning NETGEAR Technical Support at: • 1-888-NETGEAR (US and Canada only) • For other countries, see the support information card 800 | Appendix A. XCM8800 Software Licenses - Netgear XCM8806 Chassis | User Manual - Page 801
at the factory. On NETGEAR 8800 series switches with two MSMs installed, you can upgrade the images without taking the switch out of service. Known as a hitless upgrade, this method of downloading and installing a new image minimizes network interruption, reduces the amount of traffic lost, and - Netgear XCM8806 Chassis | User Manual - Page 802
NETGEAR 8800 User Manual Note: An XCM8800 core image (.xos file) must be downloaded and installed on the alternate (non-active) partition. If a user tries to download to an - Netgear XCM8806 Chassis | User Manual - Page 803
NETGEAR 8800 User Manual Understanding the Image Version String The image version string contains build information for each version of XCM8800. You can use either the show version or - Netgear XCM8806 Chassis | User Manual - Page 804
User Manual To shows only two nodes (both MSMs/MMs in a modular chassis). Use the command show slot detail to see the active partition most recent version of the XCM8800 Installation and Release Notes for the most current instructions. To download a new image: 1. Load the new image onto a TFTP - Netgear XCM8806 Chassis | User Manual - Page 805
User Manual 2. Load the new image onto an external compact flash memory card (if you are using the external compact flash slot). This method is available only on modular switches. Use a PC with appropriate hardware such as a compact flash reader/writer and follow the manufacturer's instructions to - Netgear XCM8806 Chassis | User Manual - Page 806
NETGEAR 8800 User Manual Note: The download image command in the XCM8800 causes the switch to use the newly downloaded software image during the next switch reboot. To modify - Netgear XCM8806 Chassis | User Manual - Page 807
NETGEAR 8800 User Manual To install the package, you use the same process that you use to install a new core image. Follow the process described in the earlier section - Netgear XCM8806 Chassis | User Manual - Page 808
NETGEAR 8800 User Manual Upgrading a Modular Software Package When NETGEAR introduces a new core software image, a new modular software package is also available. If you have a software module installed and - Netgear XCM8806 Chassis | User Manual - Page 809
NETGEAR 8800 User Manual • Upgraded the switch to a new core image (see Installing a Core Image on page 804 for more information) • Downloaded the corresponding modular software package to your - Netgear XCM8806 Chassis | User Manual - Page 810
the reboot command, see the NETGEAR 8800 Chassis Switch CLI Manual. Understanding Hitless Upgrade Hitless upgrade is a mechanism that allows you to upgrade the XCM8800 software running on the MSMs without taking the switch out of service - Netgear XCM8806 Chassis | User Manual - Page 811
User Manual version number. For example, if NETGEAR delivers a patch or service release that modifies the I/O module image, the I/O version number upgrade the software using hitless upgrade. • If the new XCM8800 image supports hitless upgrade but is not compatible with the current running I/O module - Netgear XCM8806 Chassis | User Manual - Page 812
8800 User Manual The following is page 801. • You are running a version of XCM8800 that supports hitless upgrade. Hitless Upgrade Caveats The following is a summary of incompatible and cannot exist on MSMs installed in the same chassis even during the hitless upgrade process. If attempted, the - Netgear XCM8806 Chassis | User Manual - Page 813
NETGEAR 8800 User Manual Hitless upgrade is not supported between major releases, for instance XCM8800 11.x and 12.x. Do not attempt to perform a hitless upgrade. For information about installing an image without using hitless - Netgear XCM8806 Chassis | User Manual - Page 814
• When you have a current service contract, before the download begins the switch asks if you want to install the image immediately after the download is finished. • After you download and install the software image on the alternate partition, you must reboot the MSM manually before you proceed. To - Netgear XCM8806 Chassis | User Manual - Page 815
have a NETGEAR 8800 series switch and the new XCM8800 image supports hitless upgrade but is not compatible with the current running I/O the software image on the alternate partition, you need to reboot the MSM manually before you proceed. To reboot the switch, use the following command: reboot - Netgear XCM8806 Chassis | User Manual - Page 816
NETGEAR 8800 User Manual • If you install the image at a later time, use the following command to series switches. Note: Before you begin, make sure you are running a version of XCM8800 that supports hitless upgrade. For more information, see the list in the section Performing a Hitless Upgrade on - Netgear XCM8806 Chassis | User Manual - Page 817
NETGEAR 8800 User Manual • You have received the new software image from NETGEAR named NG8800-11.4.0.12.xos. • You do not know your selected or booted partitions. • You are - Netgear XCM8806 Chassis | User Manual - Page 818
long. Filenames are also case sensitive. For information on filename restrictions, see the specific command in the NETGEAR 8800 Chassis Switch CLI Manual. To save the configuration, use the following command: save configuration {primary | secondary | | } Where the - Netgear XCM8806 Chassis | User Manual - Page 819
NETGEAR 8800 User Manual • Viewing a Configuration on page 819 • Returning to Factory or more different switches. • Send a copy of the configuration file to NETGEAR Technical Support for problem-solving purposes. Summary of Tasks The following summary describes only the CLI involved to transfer the - Netgear XCM8806 Chassis | User Manual - Page 820
NETGEAR 8800 User Manual editor. As previously described, to use these commands, use the .xsf file extension. These steps are not applicable to configurations that use the .cfg file - Netgear XCM8806 Chassis | User Manual - Page 821
NETGEAR 8800 User Manual Downloading the ASCII Configuration File to the Switch To download the configuration from the TFTP server to the switch, use the tftp or tftp get - Netgear XCM8806 Chassis | User Manual - Page 822
NETGEAR 8800 User Manual Saving the Configuration After you load the configuration, save it to the configuration database for use by the switch. This allows the switch to reapply - Netgear XCM8806 Chassis | User Manual - Page 823
NETGEAR 8800 User Manual the configuration file to the NETGEAR Technical Support department for problem-solving purposes. To view your current switch configuration, use the show configuration {} {detail} command available on your switch. Do not use a text editor - Netgear XCM8806 Chassis | User Manual - Page 824
, the switch prompts you to overwrite the existing file. For more information, see the tftp get command in the NETGEAR 8800 Chassis Switch CLI Manual. If you download a configuration file and see the following message: Error: Transfer timed out 824 | Appendix B. Software Upgrade and Boot Options - Netgear XCM8806 Chassis | User Manual - Page 825
NETGEAR 8800 User Manual Make sure that you entered the filename correctly, come back up. Automatic Synchronization of Configuration Files On a dual MSM/MM (node) modular chassis where redundancy is in use, XCM8800 automatically synchronizes all of the configuration files from the primary node - Netgear XCM8806 Chassis | User Manual - Page 826
NETGEAR 8800 User Manual The switch deletes the old configuration files on the backup node under the direction of NETGEAR Customer Support. The necessity of using these functions implies a nonstandard problem which requires the assistance of NETGEAR Customer Support. To access the Bootloader menu: - Netgear XCM8806 Chassis | User Manual - Page 827
NETGEAR 8800 User Manual • alt-Specifies the alternate configuration file • default-Specifies the default a new version of XCM8800 to the active partition. • Install a new module into an active chassis. After a firmware image upgrade, messages are sent to the log. You can configure the switch - Netgear XCM8806 Chassis | User Manual - Page 828
NETGEAR 8800 User Manual During the firmware upgrade, the switch also prompts you to save modular switch, use the show version command. The following is sample output from a NETGEAR 8800 series switch: Chassis : 800129-00-02 04344-00039 Rev 2.0 Slot-1 : 800114-00-04 04364-00021 Rev 4.0 BootROM: - Netgear XCM8806 Chassis | User Manual - Page 829
Table Hash Algorithm on page 854 • Contacting NETGEAR Technical Support on page 855 If you encounter problems when using the switch, this appendix may be helpful. If you have a problem not listed here or in the release notes, contact NETGEAR Technical Support. Appendix C. Troubleshooting | 829 - Netgear XCM8806 Chassis | User Manual - Page 830
NETGEAR 8800 User Manual Troubleshooting Checklists This section provides simple troubleshooting checklists for Layer 1, Layer 2, and Layer you are referred to the applicable section in this appendix. Layer 1 When troubleshooting Layer 1 issues, verify: • The installation of cables and connectors. • - Netgear XCM8806 Chassis | User Manual - Page 831
NETGEAR 8800 User Manual To display detailed information for each VLAN configured on the switch, use the show vlan detail command. For additional VLAN troubleshooting tips, see VLANs on page 839. • Your Spanning Tree Protocol (STP) configuration, including the STP domain (STPD) number, VLAN - Netgear XCM8806 Chassis | User Manual - Page 832
NETGEAR 8800 User Manual • That the Neighbor Discovery (ND) cache has the correct entries. Note: The ND cache is applicable only in IPv6 environments. . • RIP activity and statistics for all VLANs on the switch. Note: RIP is applicable only in IPv4 environments. 832 | Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 833
NETGEAR 8800 User Manual To display RIP-specific statistics for all VLANs, use the show rip interface detail command. • Your RIP next configuration for a Gigabit port is autonegotiation enabled. Verify by entering the following command: show ports configuration Appendix C. Troubleshooting | 833 - Netgear XCM8806 Chassis | User Manual - Page 834
NETGEAR 8800 User Manual On power-on, some I/O still amber after issuing the clear log static command and a switch reboot, contact NETGEAR Technical support for further assistance. Status LED on the I/O module turns amber: Check the syslog message following topics: 834 | Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 835
NETGEAR 8800 User Manual • General Tips and Recommendations on page 835 • MSM Prompt on page 837 • Command Prompt on page 837 • Port Configuration on the device has been reset. • You entered the IP address of the switch correctly when invoking the Telnet facility. Appendix C. Troubleshooting | 835 - Netgear XCM8806 Chassis | User Manual - Page 836
the device, a problem with the original port is indicated. Re-examine the connections and cabling. A network problem may be preventing you harm the system, if you want to removed the entry, you must manually delete it from the FDB. Default and static routes: If you have Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 837
NETGEAR 8800 User Manual MSM Prompt You do not on the backup MSM, the switch displays a message stating that the command is only supported on the primary MSM. Command Prompt You do not know if the switch configuration has on the other end. Excessive RX CRC errors: Appendix C. Troubleshooting | 837 - Netgear XCM8806 Chassis | User Manual - Page 838
Manual of a duplex mismatch between devices. This is NOT a problem with the switch. Always verify that the switch and the network | full]) if you are connecting the switch to devices that do not support autonegotiation. By default, the XCM8800 has autonegotiation set to On for Gigabit Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 839
NETGEAR 8800 User Manual Error: This command cannot be executed at the current license level. You have reached the limits defined by the current configure multiple default routes for the system. The system first tries the default route with the lowest cost metric. Appendix C. Troubleshooting | 839 - Netgear XCM8806 Chassis | User Manual - Page 840
NETGEAR 8800 User Manual STP You have connected an endstation directly to the switch and the endstation fails to boot correctly: The switch has . • Specify that the endstation entries are static or permanent. VRRP You cannot define VRRP virtual router parameters: 840 | Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 841
NETGEAR 8800 User Manual Before configuring any virtual router both primary and secondary images of the compact flash. NETGEAR 8800 series switches support loading the rescue image to the external compact flash memory card installed in page 801 for more information. Appendix C. Troubleshooting | 841 - Netgear XCM8806 Chassis | User Manual - Page 842
NETGEAR 8800 User Manual Obtaining the Rescue Image from a TFTP Server To recover the switch, you must enter the Bootloader and issue a series of commands. a non-rescue image, the switch displays an error message and returns you to the BootRom -> command prompt. 842 | Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 843
Manual internal compact flash and the management port, there is also support for loading the rescue image to the external compact flash such as a compact flash reader/writer and follow the manufacturer's instructions to access the compact flash card and place the image onto C. Troubleshooting | 843 - Netgear XCM8806 Chassis | User Manual - Page 844
NETGEAR 8800 User Manual Note: You must press the the switch with the rescue image, or the switch does not reboot, contact NETGEAR Technical Support. Debug Mode The Event Management System (EMS) provides a standard way to filter and store disable log debug-mode 844 | Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 845
NETGEAR 8800 User Manual After debug mode has been enabled, you can configure EMS Note: Use the commands described in this section only under the guidance of NETGEAR Technical Support personnel to troubleshoot the switch. This section describes the following topics: • Enabling the Switch to Send - Netgear XCM8806 Chassis | User Manual - Page 846
Manual • internal-memory-Specifies that saving debug information to the internal memory card is enabled. This is the default behavior. Use this parameter only under the guidance of NETGEAR Technical Support writer and follow the manufacturer's instructions to access the compact flash Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 847
have configured the switch to send core dump information under the guidance of NETGEAR Technical Support. Managing the debug files might include any of the following tasks: renaming or copying , see the specific command in the NETGEAR 8800 Chassis Switch CLI Manual. Appendix C. Troubleshooting | 847 - Netgear XCM8806 Chassis | User Manual - Page 848
NETGEAR 8800 User Manual Displaying Files To display a list of the files stored on your card, including core dump files, use the following command: managing the configuration or policy files stored on your system, see Chapter 4, Managing the XCM8800 Software. 848 | Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 849
NETGEAR 8800 User Manual Copying Files The copy function allows you to make a copy of an existing file before you | } {-r } | {-r } {-l [internal-memory | memorycard | ]}] Appendix C. Troubleshooting | 849 - Netgear XCM8806 Chassis | User Manual - Page 850
TFTP server. • vr_name-Specifies the name of the virtual router. Note: User-created VRs are supported only on the platforms listed for this feature in Appendix A, XCM8800 Software Licenses. • -g-Gets tftp get command in the NETGEAR 8800 Chassis Switch CLI Manual. 850 | Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 851
NETGEAR 8800 User Manual If you configure the switch to send core dump information to the internal memory card, specify the internal-memory address deny ACLs • Source IP lockdown source IP permit ACLs • Source IP lockdown deny all ACLs • ARP validation CPU ACLs Appendix C. Troubleshooting | 851 - Netgear XCM8806 Chassis | User Manual - Page 852
Manual a TFTP server that supports blocksize negotiation (as Chassis • MSMs • I/O modules • Power controllers Recorded Statistics The following odometer statistics are collected by the switch: • Service Days-The amount of days that the component has been running 852 | Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 853
Manual switch: XCM8810.5 # show odometers Service First Recorded Field Replaceable Units Days Start Date Chassis : XCM8810 48 Dec-14-2010 indicative of a problem. If you experience this behavior more than once, contact NETGEAR Technical Support. Corrupted BootROM on Troubleshooting | 853 - Netgear XCM8806 Chassis | User Manual - Page 854
NETGEAR 8800 User Manual For more information, see the hardware documentation listed in Related Publications on page 24. Inserting Powered Devices in table. Note: Modify the hardware table hash algorithm only with the guidance of NETGEAR technical personnel. 854 | Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 855
NETGEAR 8800 User Manual To modify the hardware table utilization, use the support. NETGEAR maintains several Technical Assistance Centers (TACs) around the world to answer networking questions and resolve network problems. You can contact technical support by phone at: Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 856
countries, see the support information card You can also visit the support website at: http://support.netgear.com From the support website, you can download software updates (requires a service contract) and documentation (including a PDF version of this manual). 856 | Appendix C. Troubleshooting - Netgear XCM8806 Chassis | User Manual - Page 857
D. Supported Protocols, MIBs, and Standards D This appendix includes the following sections: • General Routing and Switching on page 857 • Virtual LANS (VLANs), Virtual MANs (vMANs) and MAC in MAC on page 858 • Routing Information Protocol (RIP) on page 858 • Quality of Service (QoS) and Policies - Netgear XCM8806 Chassis | User Manual - Page 858
NETGEAR 8800 User Manual Virtual LANS (VLANs 2598 DiffServ Expedited Forwarding RFC 2597 Assured Forwarding RFC 2475 An Architecture for Differentiated Service (Core and Edge Router Functions) Open Shortest Path First (OSPF) RFC 2328 858 | Appendix D. Supported Protocols, MIBs, and Standards - Netgear XCM8806 Chassis | User Manual - Page 859
NETGEAR 8800 User Manual IP Multicast RFC 1112 Host extensions for IP multicasting (Internet MSDP a. SET operations are not supported on the IGMP Cache Table; however, SET and GET operations are supported on all other tables. b. SET operations are not supported on the PIM Candidate RP Table; - Netgear XCM8806 Chassis | User Manual - Page 860
NETGEAR 8800 User Manual Management - SNMP & MIBs RFC 1155 Structure and identification of management information for TCP/IP-based Version of the Border Gateway Protocol (BGP-4) using SMIv2 Simple Network Management Protocol (SNMP). 860 | Appendix D. Supported Protocols, MIBs, and Standards - Netgear XCM8806 Chassis | User Manual - Page 861
NETGEAR 8800 User Manual Management - Other Network Access Control RFC 2138 Remote Authentication Dial In User Service (RADIUS) RFC 2139 RADIUS Accounting Access Control Lists (ACLs over IPv6 transport MIB Support Details The following sections describes the MIB support provided by the XCM8800 - Netgear XCM8806 Chassis | User Manual - Page 862
NETGEAR 8800 User Manual Note: Only entries for the default VR are supported. Standard MIBs RFC 1213 (MIB-II) The following tables, groups, and variables are supported in this MIB. Table/Group System group scalars Interfaces group IP Group scalars ipAddrTable ipRouteTable Supported Variables All - Netgear XCM8806 Chassis | User Manual - Page 863
8800 User Manual Table/Group ifXTable ifStackTable Supported Variables Comments ifDescr ifType Only the following values are supported: {other, ethernetCsmacd, softwareLoopback, propVirtual} ifMtu ifSpeed ifPhysAddress ifAdminStatus The testing state is not supported. ifOperStatus - Netgear XCM8806 Chassis | User Manual - Page 864
NETGEAR 8800 User Manual Table/Group Supported Variables IfTestTable Not supported ifRcvAddressTable All objects snmpTraps linkDown linkUp Comments The 'ifRcvAddressTable' is supported read-only. Also, only entries for physical ports will appear in it. RFC 1215 This MIB defines an SMI for - Netgear XCM8806 Chassis | User Manual - Page 865
8800 User Manual Table/Group dot1dStp group scalars dot1dStpExtPortTable dot1dStpPortTable Supported Variables Comments 'draft-ietf-bridge-rstp-mib-03.txt'. For this object only 8021d1998(1) is supported at this time, not stp802112001(2). Attempting to set (2) yields an error. All objects - Netgear XCM8806 Chassis | User Manual - Page 866
Manual Table/Group STP Traps dot1dTpFdbTable dot1dTpPortTable dot1dStatic group Supported Variables newRoot topologyChange Supported Supported Supported total of 128 ports on each of the slots on a Chassis system). Not supported RFC 1724 (RIPv2-MIB) The following tables, groups, and variables are - Netgear XCM8806 Chassis | User Manual - Page 867
NETGEAR 8800 User Manual Table/Group Supported Variables ospfGeneralGroup All objects ospfAreaTable All objects ospfStubAreaTable All objects ospfLsdbTable All objects ospfAreaRangeTable All objects ospfHostTable All objects ospfIfTable All objects ospfIfMetricTable All objects - Netgear XCM8806 Chassis | User Manual - Page 868
NETGEAR 8800 User Manual ::= { netgearMauType 10 } "Gigabit LX70, full duplex" netgearMauType1000BaseZXHD OBJECT IDENTIFIER ::= { netgearMauType 11 } "Gigabit ZX, "R fiber over 1310 nm optics (per 802.3 section 52)" ::= { dot3MauType 35 } 868 | Appendix D. Supported Protocols, MIBs, and Standards - Netgear XCM8806 Chassis | User Manual - Page 869
NETGEAR 8800 User Manual dot3MauType10GigBaseSR OBJECT-IDENTITY STATUS current DESCRIPTION supported in this MIB. Table/Group vrrpOperations vrrpStatistics Supported Variables vrrpNodeVersion vrrpNotificationCntl vrrpRouterChecksumErrors vrrpRouterVersionErrors Comments Appendix D. Supported - Netgear XCM8806 Chassis | User Manual - Page 870
NETGEAR 8800 User Manual Table/Group vrrpOperTable Supported Variables vrrpRouterVrIdErrors All objects vrrpAssoIpAddrTable vrrpRouterStatsTable vrrpNotifications All objects All objects vrrpTrapNewMaster vrrpTrapAuthFailure PIM-MIB (draft-ietf-pim-mib-v2-01.txt) This MIB is - Netgear XCM8806 Chassis | User Manual - Page 871
NETGEAR 8800 User Manual Table/Group pimNeighborTable pimIpMRouteTable Supported Variables pimInterfaceHelloHoldtime pimInterfaceLanPruneDelay pimInterfacePropagationDelay pimInterfaceOverrideInterval pimInterfaceGenerationID pimInterfaceJoinPruneHoldtime pimInterfaceGraftRetryInterval - Netgear XCM8806 Chassis | User Manual - Page 872
NETGEAR 8800 User Manual Table/Group Supported Variables Comments pimIpMRouteRPFNeighbor pimIpMRouteSourceTimer pimIpMRouteOriginatorSRTTL Feature unsupported pimComponentBSRExpiryTime pimComponentCRPHoldTime This object is supported as read only. pimComponentStatus Scalars - Netgear XCM8806 Chassis | User Manual - Page 873
NETGEAR 8800 User Manual Table/Group PIM Traps Supported Variables pimSourceLifetime pimStateRefreshInterval pimStateRefreshLimitInterval pimStateRefreshTimeToLive pimNeighborLoss Comments State Refresh feature is not supported, so these variables are set to defaults. Not supported. SNMPv3 MIBs - Netgear XCM8806 Chassis | User Manual - Page 874
NETGEAR 8800 User Manual Table/Group Supported Variables entPhysicalParentRelPos entPhysicalName entPhysicalHardwareRev entPhysicalFirmwareRev entPhysicalSoftwareRev entPhysicalSerialNum entPhysicalMfgName entPhysicalModelName entPhysicalAlias entPhysicalAssetID entPhysicalIsFRU Comments RFC - Netgear XCM8806 Chassis | User Manual - Page 875
NETGEAR 8800 User Manual Table/Group Supported Variables Comments dot1xAuthDiagTable Not supported This table has been deprecated in the drafts subsequent to the 2001 version of the 802.1X standard. dot1xAuthSessionStatsTable Not supported dot1xSuppConfigTable dot1xSuppStatsTable None None - Netgear XCM8806 Chassis | User Manual - Page 876
NETGEAR 8800 User Manual Table/Group trapDestTable Supported Variables probeCapabilities probeSoftwareRev probeHardwareRev probeDateTime probeResetControl All objects Comments RFC 2613 (SMON) The following tables, groups, and variables are supported in this MIB. Table/Group Supported Variables - Netgear XCM8806 Chassis | User Manual - Page 877
NETGEAR 8800 User Manual Table/Group smonVlanIdStatsTable Supported Variables Comments smonVlanIdStatsId The unique identifier of the VLAN monitored for this a management station to detect deletion and recreation cycles between polls. Appendix D. Supported Protocols, MIBs, and Standards | 877 - Netgear XCM8806 Chassis | User Manual - Page 878
Table/Group dataSourceDapsTable Supported Variables dataSourceCapsObject dataSourceRmonCaps dataSourceCopyCaps dataSourceCapsIfIndex portCopyConfigTable portCopySource portCopyDest portCopyDestDropEvents NETGEAR 8800 User Manual Comments Defines an object that can be a SMON data source or a - Netgear XCM8806 Chassis | User Manual - Page 879
NETGEAR 8800 User Manual Table/Group Supported Variables portCopyDirection portCopyStatus smonPrioStatsControlTable smonPrioStatsTable in order to allow for a portCopyEntry to be created. Not supported due to hardware limitations. RFC 2465 (IPV6 MIB) The following tables, groups, - Netgear XCM8806 Chassis | User Manual - Page 880
NETGEAR 8800 User Manual Table/Group ipv6Forwarding ipv6DefaultHopLimit ipv6Interfaces ipv6IfTableLastChange ipv6IfTable ipv6IfStatsTable ipv6AddrPrefixTable ipv6AddrTable ipv6RouteNumber ipv6DiscardedRoutes ipv6RouteTable ipv6NetToMediaTable Supported Variables All objects All objects All objects - Netgear XCM8806 Chassis | User Manual - Page 881
User Manual RFC 5601 (PW-STD-MIB) The following tables, groups, and variables are supported in this MIB. All tables and variables of this MIB are supported as read only. The comments here are abbreviated versions of the description in the RFC documentation. Table/Group pwTable Supported Variables - Netgear XCM8806 Chassis | User Manual - Page 882
for PWs created manually or by using the generalized FEC. RFC 5603 (PW-ENET-STD-MIB) The following tables, groups, and variables are supported in this MIB used to uniquely identify the individual row. This object defines the (service-delimiting) VLAN field value on the PW. This object indicates the - Netgear XCM8806 Chassis | User Manual - Page 883
Manual VPLS-MIB (draft-ietf-l2vpn-vpls-mib-02.txt) The following tables, groups, and variables are supported in this MIB. All tables and variables of this MIB are supported length octet string. The desired administrative state of the VPLS service. For creating, modifying, and deleting this row. The - Netgear XCM8806 Chassis | User Manual - Page 884
dot1agCfmMdTableNextIndex dot1agCfmMaNetTable dot1agCfmMdIndex dot1agCfmMaIndex dot1agCfmMaNetFormat dot1agCfmMaNetName NETGEAR 8800 User Manual Comments Supported as read only. The Maintenance Domain name. Supported as read only. The Maintenance Domain Level. Enumerated value - Netgear XCM8806 Chassis | User Manual - Page 885
NETGEAR 8800 User Manual Table/Group Supported Variables dot1agCfmMaNetCcmInterval dot1agCfmMaNetRowStatus dot1agCfmMepTable dot1agCfmMdIndex dot1agCfmMaIndex dot1agCfmMepIdentifier dot1agCfmMepIfIndex dot1agCfmMepDirection dot1agCfmMepPrimaryVid dot1agCfmMepActive dot1agCfmMepFngState - Netgear XCM8806 Chassis | User Manual - Page 886
Table/Group NETGEAR 8800 User Manual Supported Variables dot1agCfmMepCcmLtmPriority dot1agCfmMepMacAddress dot1agCfmMepLowPrDef dot1agCfmMepFngAlarmTime dot1agCfmMepFngResetTime dot1agCfmMepHighestPrDefect Comments Supported as read only. The priority value for CCMs and LTMs transmitted by the - Netgear XCM8806 Chassis | User Manual - Page 887
NETGEAR 8800 User Manual Table/Group Supported Variables dot1agCfmMepDefects dot1agCfmMepErrorCcmLastFailure dot1agCfmMepXconCcmLastFailure dot1agCfmMepCcmSequenceErrors dot1agCfmMepCciSentCcms dot1agCfmMepNextLbmTransId dot1agCfmMepLbrIn dot1agCfmMepLbrInOutOfOrder dot1agCfmMepLbrBadMsdu - Netgear XCM8806 Chassis | User Manual - Page 888
Table/Group NETGEAR 8800 User Manual Supported Variables Comments dot1agCfmMepTransmitLbmStatus Supported as read only. A Boolean flag set to true by the bridge port to indicate that another LBM may be transmitted. dot1agCfmMepTransmitLbmDestMacAddress Supported as read only. The Target MAC - Netgear XCM8806 Chassis | User Manual - Page 889
NETGEAR 8800 User Manual Table/Group dot1agCfmMepDbTable Supported Variables Comments dot1agCfmMepTransmitLtmFlags Supported as read only. The flags field for LTMs transmitted by the MEP. Currently useFDBonly(0) is supported. dot1agCfmMepTransmitLtmTargetMacAddress Supported as read only. The - Netgear XCM8806 Chassis | User Manual - Page 890
Table/Group NETGEAR 8800 User Manual Supported Variables dot1agCfmMepDbRMepState dot1agCfmMepDbRMepFailedOkTime dot1agCfmMepDbMacAddress dot1agCfmMepDbRdi dot1agCfmMepDbPortStatusTlv dot1agCfmMepDbInterfaceStatusTlv dot1agCfmMepDbChassisIdSubtype Comments The operational state of the remote MEP - Netgear XCM8806 Chassis | User Manual - Page 891
NETGEAR 8800 User Manual Table/Group dot1agCfmLtrTable Supported Variables dot1agCfmMepDbChassisId dot1agCfmMepDbManAddressDomain dot1agCfmMepDbManAddress dot1agCfmMdIndex dot1agCfmMaIndex dot1agCfmMepIdentifier dot1agCfmLtrSeqNumber dot1agCfmLtrReceiveOrder dot1agCfmLtrTtl dot1agCfmLtrForwarded - Netgear XCM8806 Chassis | User Manual - Page 892
NETGEAR 8800 User Manual Table/Group Supported Variables dot1agCfmLtrChassisIdSubtype dot1agCfmLtrChassisId dot1agCfmLtrManAddressDomain dot1agCfmLtrManAddress dot1agCfmLtrIngress dot1agCfmLtrIngressMac dot1agCfmLtrIngressPortIdSubtype dot1agCfmLtrIngressPortId dot1agCfmLtrEgress - Netgear XCM8806 Chassis | User Manual - Page 893
NETGEAR 8800 User Manual Table/Group dot1agCfmStackTable Supported Variables dot1agCfmLtrOrganizationSpecificTlv dot1agCfmStackifIndex dot1agCfmStackVlanIdOrNone dot1agCfmStackMdLevel dot1agCfmStackDirection dot1agCfmStackMdIndex dot1agCfmStackMaIndex dot1agCfmStackMepId - Netgear XCM8806 Chassis | User Manual - Page 894
NETGEAR 8800 User Manual Table/Group dot1agCfmFaultAlarm (NOTIFICATION) Supported Variables dot1agCfmMepHighestPrDefect dot1agCfmMaCompTable dot1agCfmConfigErrorList Table dot1agCfmVlanTable dot1agCfmDefaultMdTable Comments A MEP has a persistent defect condition. A notification (fault alarm) - Netgear XCM8806 Chassis | User Manual - Page 895
NETGEAR 8800 User Manual Table/Group Dot3StatsTable dot3CollTable dot3ControlTable dot3PauseTable Supported Variables dot3StatsIndex dot3StatsAlignmentErrors dot3StatsFCSErrors dot3StatsSingleCollisionFrames dot3StatsMultipleCollisionFrames dot3StatsSQETestErrors dot3StatsDeferredTransmissions - Netgear XCM8806 Chassis | User Manual - Page 896
NETGEAR 8800 User Manual NETGEAR Proprietary MIBs NETGEAR-SYSTEM-MIB The following tables, groups, and variables are supported in this MIB. Table/Group Supported Variables netgearSaveConfiguration netgearSaveStatus netgearCurrentConfigInUse netgearConfigToUseOnReboot Comments When this object is - Netgear XCM8806 Chassis | User Manual - Page 897
NETGEAR 8800 User Manual Table/Group Supported Variables netgearOverTemperatureAlarm netgearPrimaryPowerOperational netgearPowerStatus netgearPowerAlarm netgearRedundantPowerStatus netgearRedundantPowerAlarm netgearInputPowerVoltage netgearPrimarySoftwareRev netgearSecondarySoftwareRev - Netgear XCM8806 Chassis | User Manual - Page 898
Group NETGEAR 8800 User Manual Supported Variables netgearDot1dTpFdbTableEnable netgearHealthCheckErrorType netgearAuthFailSrcAddr netgearCpuTransmitPriority netgearImageBooted netgearMasterMSMSlot netgearChassisPortsPerSlot Comments Not supported. This will return the internal slot - Netgear XCM8806 Chassis | User Manual - Page 899
8800 User Manual Table/Group netgearFanStatusTable netgearCpuTaskTable Supported Variables netgearMsmFailoverCause software exception condition; removal(4) means the master MSM was physically removed from the chassis; hwFailure(5) means a diagnostic failure was detected in the master MSM; watchdog - Netgear XCM8806 Chassis | User Manual - Page 900
NETGEAR 8800 User Manual Table/Group netgearCpuTask2Table netgearSlotTable netgearPowerSupplyTable netgearImageTable Supported Variables All objects All objects netgearPowerSupplyStatus netgearPowerSupplyInputVoltage netgearPowerSupplyFan1Speed netgearPowerSupplyFan2Speed netgearImageNumber - Netgear XCM8806 Chassis | User Manual - Page 901
NETGEAR 8800 User Manual Table/Group Supported Variables netgearSustainingReleaseNumber netgearBranchRevisionNumber netgearImageType netgearImageDescription netgearCpuMonitorInterval netgearPatchVersion netgearCpuMonitorTotalUtilization netgearCpuMonitorTable netgearCpuMonitorSlotId - Netgear XCM8806 Chassis | User Manual - Page 902
NETGEAR 8800 User Manual Table/Group netgearCpuMonitorSystemTable Supported Variables netgearCpuMonitorUtilization10secs netgearCpuMonitorUtilization30secs netgearCpuMonitorUtilization1min netgearCpuMonitorUtilization5mins netgearCpuMonitorUtilization30mins netgearCpuMonitorUtilization1hour - Netgear XCM8806 Chassis | User Manual - Page 903
NETGEAR 8800 User Manual Table/Group Supported Variables netgearCpuMonitorSystemUtilization5mins netgearCpuMonitorSystemUtilization30mins netgearCpuMonitorSystemUtilization1hour netgearCpuMonitorSystemMaxUtilization netgearMemoryMonitorSystemTable netgearMemoryMonitorSystemSlotId - Netgear XCM8806 Chassis | User Manual - Page 904
NETGEAR 8800 User Manual Table/Group Supported Variables Comments netgearMemoryMonitorProcessName This value indicated the tables in this MIB that contain objects with RowStatus semantics, the only values supported are: {active, createAndGo, destroy}. This is a description of the VLAN interface. - Netgear XCM8806 Chassis | User Manual - Page 905
NETGEAR 8800 User Manual Table/Group Supported Variables Comments netgearVlanIfStatus The status column for this VLAN interface The VLAN ID of this VLAN." netgearGlobalMappingTable Not supported netgearVlanEncapsTable Not supported netgearVlanIpTable All objects For all tables in this MIB - Netgear XCM8806 Chassis | User Manual - Page 906
NETGEAR 8800 User Manual Table/Group Supported Variables netgearVlanOpaqueControlTable All objects netgearVlanStackTable netgearVlanL2StatsTable All objects All objects Comments For all tables in this MIB that contain objects with RowStatus semantics, the only values supported are: {active, - Netgear XCM8806 Chassis | User Manual - Page 907
NETGEAR 8800 User Manual Table/Group netgearPortRateShapeTable netgearPortUtilizationTable netgearPortInfoTable Supported Variables netgearPortLoadshare2SlaveIfIndex netgearPortLoadshare2Algorithm netgearPortLoadshare2Status All objects netgearPortUtilizationEntry netgearPortUtilizationAvgTxBw - Netgear XCM8806 Chassis | User Manual - Page 908
NETGEAR 8800 User Manual Table/Group netgearPortXenpakVendorTable netgearPortIngressStatsPortTable netgearPortIngressStatsQueueTable netgearPortEgressRateLimitTable netgearWiredClientTable netgearPortUtilizationExtnTable netgearPortQosStatsTable Supported Variables All objects All objects All - Netgear XCM8806 Chassis | User Manual - Page 909
NETGEAR 8800 User Manual Table/Group Supported Variables netgearPortQP0TxBytes netgearPortQP0TxPkts netgearPortQP1TxBytes netgearPortQP1TxPkts netgearPortQP2TxBytes netgearPortQP2TxPkts netgearPortQP3TxBytes netgearPortQP3TxPkts netgearPortQP4TxBytes netgearPortQP4TxPkts netgearPortQP5TxBytes - Netgear XCM8806 Chassis | User Manual - Page 910
NETGEAR 8800 User Manual Table/Group netgearPortMauTable netgearPortCongestionStatsTable netgearPortQosCongestionStatsTable Supported Variables Comments netgearPortQP7TxBytes The number of QOS 7 bytes that gets transmitted from this port. netgearPortQP7TxPkts The number of QOS 7 packets that - Netgear XCM8806 Chassis | User Manual - Page 911
NETGEAR 8800 User Manual Table/Group Supported Variables netgearPortQP5CongPkts netgearPortQP6CongPkts netgearPortQP7CongPkts Comments The number of QOS 5 packets that gets dropped due to congestion on this port. The number of QOS 6 packets that - Netgear XCM8806 Chassis | User Manual - Page 912
NETGEAR 8800 User Manual Table/Group Supported Variables Comments netgearSmartTrapFlushInstanceTableIndex This object acts as a flush control for the generate netgear smart traps. The object netgearSmartTrapRulesDesired OID supports OID values whose prefix is among the following: ipAddrTable - Netgear XCM8806 Chassis | User Manual - Page 913
NETGEAR 8800 User Manual . Table/Group netgearTargetAddrExtTable Supported Variables Comments netgearTargetAddrExtIgnoreMP Model When this object is set to TRUE, the version of the trap/notification sent to the corresponding management target (trap receiver) - Netgear XCM8806 Chassis | User Manual - Page 914
NETGEAR 8800 User Manual Table/Group Supported Variables netgearTargetAddrExtUseEvent Comm netgearTargetAddrExtTrapSrcIp netgearUsm3DESPrivProtocol netgearUsmAesCfb192Protocol netgearUsmAesCfb256Protocol Comments This object is used only when sending RMON alarms as SNMPv3 traps. When it is set - Netgear XCM8806 Chassis | User Manual - Page 915
NETGEAR 8800 User Manual Table/Group netgearFdbMacFdbTable netgearFdbIpFdbTable netgearFdbPermFdbTable netgearFdbMacExosFdbTable Supported Variables All objects All objects All objects netgearFdbMacExosFdbEntry netgearFdbMacFdbCounterTable All objects Comments Not supported Support SNMP get and - Netgear XCM8806 Chassis | User Manual - Page 916
NETGEAR 8800 User Manual Trap netgearPowerSupplyFail netgearModuleStateChanged Comments One or more sources of power to , groups, and variables are supported in this MIB. Table/Group netgearStpDomainTable netgearStpPortTable netgearStpVlanPortTable Supported Variables All objects All objects All - Netgear XCM8806 Chassis | User Manual - Page 917
netgearEntityFRUTable Supported Variables Comments entPhysicalIndex A table containing information about each FRU in the chassis based on Entity MIB. netgearEntityFRUStartTime First Recorded Start Time. netgearEntityFRUOdometer Number of time units in service. netgearEntityFRUOdometerUnit - Netgear XCM8806 Chassis | User Manual - Page 918
NETGEAR 8800 User Manual . Table/Group netgearRtStatsTable Supported Variables netgearRtStatsIndex percentage of bandwidth that this queue is permitted to use. The level of priority at which this queue will be serviced by the Switch. 918 | Appendix D. Supported Protocols, MIBs, and Standards - Netgear XCM8806 Chassis | User Manual - Page 919
NETGEAR 8800 User Manual Table/Group Supported Variables netgearQosProfileRowStatus netgearIQosProfileTable netgearIQosProfileIndex netgearIQosProfileName netgearIQosProfileMinBwType netgearIQosProfileMinBw netgearIQosProfileMaxBwType Comments The status of the netgearQosProfile entry. This - Netgear XCM8806 Chassis | User Manual - Page 920
Manual Table/Group Supported Variables netgearIQosProfileMaxBw netgearIQosProfileRED netgearIQosProfileMaxBuf netgearPerPortQosTable netgearPerPortQosIndex netgearPerPortQosMinBw netgearPerPortQosMaxBw netgearPerPortQosPriority 920 | Appendix D. Supported queue will be serviced by the switch. - Netgear XCM8806 Chassis | User Manual - Page 921
NETGEAR 8800 User Manual Table/Group Supported Variables netgearPerPortQosRowStatus netgearQosByVlanMappingTable netgearVlanIfIndex netgearQosByVlanMappingQosProfileIndex Comments The status of the netgearPerPortQos entry. This object can be set to active(1) and createAndGo(4). The following - Netgear XCM8806 Chassis | User Manual - Page 922
E. Glossary E A AAA ABR ACL alternate port AP area ARP Authentication, authorization, and accounting. A system to control which computer resources specific users can access and to keep track of the activity of specific users over the network. Area border router. In OSPF, an ABR has interfaces in - Netgear XCM8806 Chassis | User Manual - Page 923
NETGEAR 8800 User Manual A (Continued) AS ASBR autobind autonegotation B backbone area backup 0.0.0.0. All areas in an AS must connect to the backbone area. In RSTP, the backup port supports the designated port on the same attached LAN segment. Backup ports exist only when the bridge is connected - Netgear XCM8806 Chassis | User Manual - Page 924
NETGEAR 8800 User Manual B (Continued) BGP Border Gateway Protocol. BGP is a router protocol in the IP suite designed to exchange network reachability information with BGP systems in other ASs. - Netgear XCM8806 Chassis | User Manual - Page 925
8800 User Manual C carrier faults in the network for each customer service instance individually and separately. CFM comprises capabilities advertise a single route representing all destinations. RIP does not support CIDR; BGP and OSPF support CIDR. CIST Common and Internal Spanning Tree. In an - Netgear XCM8806 Chassis | User Manual - Page 926
Manual C (Continued) cluster combo port CoS CRC CRC error CSPF In BGP, a cluster is formed within an AS by a route reflector and its client routers. Combination port. On some NETGEAR devices, certain ports can be used as either copper or fiber ports. Class of Service indicate problems anywhere in - Netgear XCM8806 Chassis | User Manual - Page 927
NETGEAR 8800 User Manual D (Continued) is plugged into a different place in the network. The protocol supports static or dynamic IP addresses and can dynamically reconfigure networks in which DiffServ (DS) field, formerly known as the Type of Service (TOS) field. The value in this field defines the - Netgear XCM8806 Chassis | User Manual - Page 928
Manual E (Continued) ECMP edge ports EEPROM EGP ELRP EMISTP EMS encapsulation mode EPICenter Ethernet Equal Cost Multi Paths. This routing algorithm distributes network traffic across multiple high-bandwidth OSPF, BGP, and static routes to increase performance. The NETGEAR implementation supports - Netgear XCM8806 Chassis | User Manual - Page 929
NETGEAR 8800 User Manual F fast path FDB FIB frame full-duplex G GBIC Gigabit Ethernet H half-duplex header hitless failover This term refers to the data path for a packet that - Netgear XCM8806 Chassis | User Manual - Page 930
IETF IGMP IGMP snooping IGP inline power IP NETGEAR 8800 User Manual Interior Border Gateway Protocol. IBGP is the BGP version used within allows packets to be routed. IP is the most widely used networking protocol; it supports the idea of unique addresses for each computer on the network. IP is a - Netgear XCM8806 Chassis | User Manual - Page 931
NETGEAR 8800 User Manual I (Continued) IPv6 IP address IPTV IR IRDP ISO ISP ITU-T static IP address, many IP addresses are assigned dynamically from a pool. Many corporate networks and online services economize on the number of IP addresses they use by sharing a pool of IP addresses among a large - Netgear XCM8806 Chassis | User Manual - Page 932
NETGEAR 8800 User Manual J jumbo frames L LACP LAG Layer 2 Layer 3 LED license link neighbor discovery protocol. Each LLDP-enabled device transmits information to its neighbors, including chassis and port identification, system name and description, VLAN names, and other selected networking - Netgear XCM8806 Chassis | User Manual - Page 933
NETGEAR 8800 User Manual L (Continued) LFS loop detection LSA LSDB M MAC address MAN master router MED MEP metering Link Fault Signal. LFS, which conforms to IEEE standard 802.3ae- - Netgear XCM8806 Chassis | User Manual - Page 934
NETGEAR 8800 User Manual M (Continued) MIB Management Information Base. MIBs make up a database of information (for example, traffic statistics and port settings) that the switch makes available to network - Netgear XCM8806 Chassis | User Manual - Page 935
NETGEAR 8800 User Manual M (Continued) MSTP MSTP region MTU multicast multinetting MVR N NAT Multiple Spanning Tree Protocol. MSTP, based on IEEE 802.1Q-2003 (formerly known as IEEE 892. - Netgear XCM8806 Chassis | User Manual - Page 936
Manager NSSA O odometer option 82 OSI NETGEAR 8800 User Manual Network login provides extra security to the network by assigning individual component has been in service: • chassis • MSMs • I/O modules • power controllers On stand-alone switches, you display the days of service for the switch. This - Netgear XCM8806 Chassis | User Manual - Page 937
NETGEAR 8800 User Manual O (Continued) OSI reference model OSPF OSPFv3 OUI P packet PD PDU PIM-DM PIM-SM The 7-layer standard model for network architecture is the basis for - Netgear XCM8806 Chassis | User Manual - Page 938
P (Continued) ping PMBR PoE policy files port mirroring POST protected VLAN proxy ARP PVST+ NETGEAR 8800 User Manual Packet Internet Groper. Ping is the ICMP echo message and its reply that tests network reachability of a device. Ping sends an echo packet to the - Netgear XCM8806 Chassis | User Manual - Page 939
Manual Q QoS R RADIUS RARP RFC RIP RIPng RMON root bridge Quality of Service. Policy-enabled QoS is a network service use RMON to monitor, analyze, and troubleshoot the network. A software agent can also set alarms to be informed of potential network problems. In STP, the root bridge is the bridge - Netgear XCM8806 Chassis | User Manual - Page 940
NETGEAR 8800 User Manual R (Continued) root port route aggregation route flapping route reflector routing confederation RSTP S SA SCP sFlow SFP 6in4 tunnels In STP, the root port provides the - Netgear XCM8806 Chassis | User Manual - Page 941
NETGEAR 8800 User Manual S (Continued) 6to4 tunnels slow path SMF SMON SNMP SNTP SSH SSL The 6to4 tunnels are one way to send IPv6 packets over IPv4 networks. This - Netgear XCM8806 Chassis | User Manual - Page 942
NETGEAR 8800 User Manual S (Continued) STP STPD STPD mode stub areas system health check T TACACS+ tagged or more centralized servers. TACACS+ provides separate authentication, authorization, and accounting services. User passwords are administered in a central database rather than in individual - Netgear XCM8806 Chassis | User Manual - Page 943
8800 User Manual T SNMP concept of user names to associate with security levels to support secure network management. V virtual link virtual router In OSPF, one physical router, which allows multiple routers to provide redundant services to users. virtual router MAC address In VRRP, RFC 2338 - Netgear XCM8806 Chassis | User Manual - Page 944
V (Continued) VLAN VLSM VPN VoIP VR-Control VR-Default VRID VR-Mgmt NETGEAR 8800 User Manual Virtual LAN. The term VLAN is used to refer to a collection of devices that communicate as if they are on the same physical LAN. Any - Netgear XCM8806 Chassis | User Manual - Page 945
NETGEAR 8800 User Manual V (Continued) VRRP VRRP router X XENPAK Virtual Router Redundancy Protocol. VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the - Netgear XCM8806 Chassis | User Manual - Page 946
306 metering 369 priority 315 refreshing 296 rule entry 300 rule syntax 300 slices 325 smart refresh 296 transferring to the switch 295 troubleshooting 294, 369, 851 action modifiers ACL 304 action statements, policy 351 actions ACL 304 active interfaces 726 Address Resolution Protocol. See ARP - Netgear XCM8806 Chassis | User Manual - Page 947
NETGEAR 8800 User Manual Alarms, RMON 235 area 0 OSPF 678 OSPFv3 690 areas OSPF 674 OSPFv3 688 expressions 349 ASCII-formatted configuration file downloading 821 loading 821 support 105 troubleshooting 820 uploading 820 verifying 821 authentication local database 397 authentication methods 802.1x - Netgear XCM8806 Chassis | User Manual - Page 948
configuration access 40 history 35 limits 33 line-editing keys 34 named components 31 prompt line 41 starting up 45 948 | Index NETGEAR 8800 User Manual symbols 32 syntax 29 syntax helper 30 syntax symbols (table) 33 users adding 43 deleting 43 viewing 43 using 29 cluster 704 collector, remote 230 - Netgear XCM8806 Chassis | User Manual - Page 949
Manual console connection 52 maximum sessions 52 controlling Telnet access 58 conventions, guide 110 disabling 110 enabling 110 overview 96 troubleshooting 110 CPU utilization, history 110 CPU utilization 819 routes 597 users 43 denial of service protection configuring 463 description 461 disabling - Netgear XCM8806 Chassis | User Manual - Page 950
218 debug mode 228 description 214 displaying messages console 225 session 226 event message formats 225 950 | Index NETGEAR 8800 User Manual expressions matching 222 regular 222 filtering event messages 216 filters configuring 220 creating 220 viewing 221 log target default 215 disabling 215 - Netgear XCM8806 Chassis | User Manual - Page 951
NETGEAR 8800 User Manual contents 272 dynamic 273 limiting 279 multicast with multiport troubleshooting 854 viewing settings 855 Health Chidk Link Aggregation 130 helper-mode 676 History, RMON 235 hitless failover description 69 I/O version number 811 network login 393 PoE 172 protocol support - Netgear XCM8806 Chassis | User Manual - Page 952
NETGEAR 8800 User Manual IEEE 802.3af 173 IGMP and IP multinetting 624 description 733 snooping 733 snooping filters 735 static 734 image .xos file 806 definition 801 downloading - Netgear XCM8806 Chassis | User Manual - Page 953
NETGEAR 8800 User Manual multiple routes 645 populating 643 verifying the configuration 651 IPX 132 master port 132 verifying configuration 134 maximum ports and groups 131 restrictions 132 static 126 troubleshooting 125, 126, 133 Link Fault Signal. See LFS Link Layer Discovery Protocol. See LLDP - Netgear XCM8806 Chassis | User Manual - Page 954
statistics 171 system description TLV 160 timers 155 transmitted TLVs 156 troubleshooting 153, 163 unconfiguring 164, 170 load sharing 131 See also interface 712 LSA type numbers (table) 954 | Index NETGEAR 8800 User Manual OSPF 675 OSPFv3 689 LSA, description 674, 689 LSDB, description 674, 689 - Netgear XCM8806 Chassis | User Manual - Page 955
765 peers 764 PIM border configuration 763 platforms supported 763 policy filter 765 redundancy 770 SA cache 768 SA cache entry limit 769 SA request processing 765 scaling limits 770 MSM console sessions 52 reboot 810 MSM module 115 MSM prompt, troubleshooting 837 MSM slots 115 MSTI See also MSTP - Netgear XCM8806 Chassis | User Manual - Page 956
NETGEAR 8800 User Manual Multiple Instance Spanning Tree Protocol. See EMISTP multiple nexthop support 341 multiple routes IPv4 597 IPv6 645 Multiple Spanning Tree Instances. See MSTI Multiple Spanning Tree Protocol. See MSTP multiple supplicants, network login support 392 MVR and STP 754 dynamic - Netgear XCM8806 Chassis | User Manual - Page 957
NETGEAR 8800 User Manual opaque LSAs, OSPF 675 Open LDAP 498 Open Shortest Path First 44 forgetting 46 local database authentication 397 security 45 shared secret, TACACS+ 467, 469, 476, 478 troubleshooting 45 path MTU discovery 123 PBS 367 peak burst size 367 peak rate 367 peer groups 713 Per VLAN - Netgear XCM8806 Chassis | User Manual - Page 958
and disabling power 179 features 173 hitless failover support 172 legacy powered devices 182 operator limit 183 ports 183 SNMP events 182 statistics 186 troubleshooting 174, 181 upper port power limit 183 disabling 117 958 | Index NETGEAR 8800 User Manual flow control 118, 119 health check link - Netgear XCM8806 Chassis | User Manual - Page 959
NETGEAR 8800 User Manual Power over Ethernet. See PoE power supply controller 73 powered devices. See PoE primary image 803 prioritizing entries, FDB 279 private AS numbers 716 private - Netgear XCM8806 Chassis | User Manual - Page 960
troubleshooting 369, 378, 379 two-color 366 use with full-duplex links 359 video applications 360 viewing port settings 148 VLANs flood control 385 voice applications 360 web browsing applications 360 weighted fair queuing 368 Quality of Service NETGEAR 8800 User Manual description 146 refresh, - Netgear XCM8806 Chassis | User Manual - Page 961
NETGEAR 8800 User Manual RFC 2933 859 RFC 2934 859 RFC 3046 628 RFC 3376 733, 859 RFC 3392 alarm actions 237 Alarms group 235 configuring 236 description 233 Events group 235 features supported 234 History group 235 management workstation 234 output 237 probe 234 probeCapabilities 235 probeDateTime - Netgear XCM8806 Chassis | User Manual - Page 962
642 SCP2 511, 806 962 | Index NETGEAR 8800 User Manual secondary image 803 secure MAC configuration, example 424 description 422 Secure defaults mode 436 egress flooding 281 security name, SNMPv3 84 service contract displaying 798 service tag 781 session refresh, network login 414 sessions console - Netgear XCM8806 Chassis | User Manual - Page 963
and disabling 114 manual configuration 114 mismatch mode 78 community strings 79 configuring 79 settings, displaying 80 supported MIBs 78 system contact 80 system location 80 system name 80 146 displaying 148 displaying configuration 148 troubleshooting 146 typical configurations 146 source - Netgear XCM8806 Chassis | User Manual - Page 964
forward delay 572 guidelines 571 hello time 572 hitless failover support 537 inheriting ports 534 manually bind ports 532 max age 572 max hop count 572 MSTI root failover 534 rules and restrictions 571 StpdID 531, 572 troubleshooting 571, 840 StpdID 531 strict priority queuing 368 strings, community - Netgear XCM8806 Chassis | User Manual - Page 965
Manual system target parameters, SNMPv3 88 TCP MD5 authentication 765 technical support 2 technical support, contacting 855 Telnet ACL policy 59 and safe defaults 804 server requirements 63, 852 using 62, 822 TFTP server, troubleshooting 63 three-color Qos 367 timeout, MAC lockdown 440 TOP command - Netgear XCM8806 Chassis | User Manual - Page 966
Trivial File Transfer Protocol. See TFTP troubleshooting ACLs 294 ASCII-formatted configuration file limits 839 SSL 43 966 | Index NETGEAR 8800 User Manual STP 571, 840 system LEDs 833 TFTP server 63, , 655 vMANs 788 two-color Qos 366 Type-of-Service 363 U UDP echo server 632 Universal Port use with - Netgear XCM8806 Chassis | User Manual - Page 967
8800 User Manual OSPFv3 691 245 protocol-based 244 QoS profile 251 renaming 247 tagged 242 troubleshooting 246, 249, 839 trunks 242 types 239 untagged packets description 582 electing the master 584 examples 589-592 hitless failover support 583 IP address 587 master down interval 584, 587 master - Netgear XCM8806 Chassis | User Manual - Page 968
skew time 584, 587 tracking description 587 example 592 troubleshooting 840 virtual IP addresses 586 virtual router MAC address 585 485 205 example 486 206 examples 486 definitions Extreme 483 NAP 411 NETGEAR 8800 User Manual definitions (table) 411, 483 order of use 485 W warranty 798 web browsing
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
-
565
-
566
-
567
-
568
-
569
-
570
-
571
-
572
-
573
-
574
-
575
-
576
-
577
-
578
-
579
-
580
-
581
-
582
-
583
-
584
-
585
-
586
-
587
-
588
-
589
-
590
-
591
-
592
-
593
-
594
-
595
-
596
-
597
-
598
-
599
-
600
-
601
-
602
-
603
-
604
-
605
-
606
-
607
-
608
-
609
-
610
-
611
-
612
-
613
-
614
-
615
-
616
-
617
-
618
-
619
-
620
-
621
-
622
-
623
-
624
-
625
-
626
-
627
-
628
-
629
-
630
-
631
-
632
-
633
-
634
-
635
-
636
-
637
-
638
-
639
-
640
-
641
-
642
-
643
-
644
-
645
-
646
-
647
-
648
-
649
-
650
-
651
-
652
-
653
-
654
-
655
-
656
-
657
-
658
-
659
-
660
-
661
-
662
-
663
-
664
-
665
-
666
-
667
-
668
-
669
-
670
-
671
-
672
-
673
-
674
-
675
-
676
-
677
-
678
-
679
-
680
-
681
-
682
-
683
-
684
-
685
-
686
-
687
-
688
-
689
-
690
-
691
-
692
-
693
-
694
-
695
-
696
-
697
-
698
-
699
-
700
-
701
-
702
-
703
-
704
-
705
-
706
-
707
-
708
-
709
-
710
-
711
-
712
-
713
-
714
-
715
-
716
-
717
-
718
-
719
-
720
-
721
-
722
-
723
-
724
-
725
-
726
-
727
-
728
-
729
-
730
-
731
-
732
-
733
-
734
-
735
-
736
-
737
-
738
-
739
-
740
-
741
-
742
-
743
-
744
-
745
-
746
-
747
-
748
-
749
-
750
-
751
-
752
-
753
-
754
-
755
-
756
-
757
-
758
-
759
-
760
-
761
-
762
-
763
-
764
-
765
-
766
-
767
-
768
-
769
-
770
-
771
-
772
-
773
-
774
-
775
-
776
-
777
-
778
-
779
-
780
-
781
-
782
-
783
-
784
-
785
-
786
-
787
-
788
-
789
-
790
-
791
-
792
-
793
-
794
-
795
-
796
-
797
-
798
-
799
-
800
-
801
-
802
-
803
-
804
-
805
-
806
-
807
-
808
-
809
-
810
-
811
-
812
-
813
-
814
-
815
-
816
-
817
-
818
-
819
-
820
-
821
-
822
-
823
-
824
-
825
-
826
-
827
-
828
-
829
-
830
-
831
-
832
-
833
-
834
-
835
-
836
-
837
-
838
-
839
-
840
-
841
-
842
-
843
-
844
-
845
-
846
-
847
-
848
-
849
-
850
-
851
-
852
-
853
-
854
-
855
-
856
-
857
-
858
-
859
-
860
-
861
-
862
-
863
-
864
-
865
-
866
-
867
-
868
-
869
-
870
-
871
-
872
-
873
-
874
-
875
-
876
-
877
-
878
-
879
-
880
-
881
-
882
-
883
-
884
-
885
-
886
-
887
-
888
-
889
-
890
-
891
-
892
-
893
-
894
-
895
-
896
-
897
-
898
-
899
-
900
-
901
-
902
-
903
-
904
-
905
-
906
-
907
-
908
-
909
-
910
-
911
-
912
-
913
-
914
-
915
-
916
-
917
-
918
-
919
-
920
-
921
-
922
-
923
-
924
-
925
-
926
-
927
-
928
-
929
-
930
-
931
-
932
-
933
-
934
-
935
-
936
-
937
-
938
-
939
-
940
-
941
-
942
-
943
-
944
-
945
-
946
-
947
-
948
-
949
-
950
-
951
-
952
-
953
-
954
-
955
-
956
-
957
-
958
-
959
-
960
-
961
-
962
-
963
-
964
-
965
-
966
-
967
-
968
 |
 |
350 East Plumeria Drive
San Jose, CA 95134
USA
March 2011
202-10804-01
v1.0
NETGEAR 8800 User
Manual
Software Version 12.4